WO2026036326A1 - Procédé de traitement d'informations, dispositif de communication et support d'enregistrement - Google Patents

Procédé de traitement d'informations, dispositif de communication et support d'enregistrement

Info

Publication number
WO2026036326A1
WO2026036326A1 PCT/CN2024/112407 CN2024112407W WO2026036326A1 WO 2026036326 A1 WO2026036326 A1 WO 2026036326A1 CN 2024112407 W CN2024112407 W CN 2024112407W WO 2026036326 A1 WO2026036326 A1 WO 2026036326A1
Authority
WO
WIPO (PCT)
Prior art keywords
node
key
message
sent
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/CN2024/112407
Other languages
English (en)
Chinese (zh)
Inventor
陆伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xiaomi Mobile Software Co Ltd
Original Assignee
Beijing Xiaomi Mobile Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xiaomi Mobile Software Co Ltd filed Critical Beijing Xiaomi Mobile Software Co Ltd
Priority to CN202480042173.1A priority Critical patent/CN121890126A/zh
Priority to PCT/CN2024/112407 priority patent/WO2026036326A1/fr
Publication of WO2026036326A1 publication Critical patent/WO2026036326A1/fr
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation

Definitions

  • This disclosure relates to the field of communication technology, and in particular to an information processing method, communication device and storage medium.
  • NFs Network Functions
  • This disclosure provides an information processing method, a communication device, and a storage medium.
  • an information processing method executed by a user equipment (UE), the method comprising: generating a second key based on a first key of a first node; generating a third key based on the second key; the third key being used to protect the communication security between the UE and a second node.
  • UE user equipment
  • an information processing method is provided, wherein the method is executed by a third node, the method comprising:
  • the system receives a first message sent by a user equipment (UE), the first message being protected by a third key; the third key is generated by the UE based on a second key, the second key being generated based on a first key of a first node; the receiving node of the first message is the second node.
  • UE user equipment
  • an information processing method executed by a first node, the method comprising: generating a fifth key based on a first key of the first node; sending the fifth key to a second node, wherein the fifth key is used by the second node to generate a fourth key, and the fourth key is used to protect the communication security between the second node and a user equipment (UE).
  • UE user equipment
  • an information processing method comprising: receiving a fifth key sent by a first node; the fifth key being generated based on a first key of the first node; generating a fourth key based on the fifth key; the fourth key being used to protect the communication security between the second node and a user equipment (UE).
  • UE user equipment
  • a user equipment configured to generate a second key based on a first key of a first node; and to generate a third key based on the second key; the third key being used to protect the communication security between the UE and a second node.
  • a third node is provided according to a sixth aspect of the present disclosure, wherein the third node includes: a receiving module configured to receive a first message sent by a user equipment (UE), the first message being protected by a third key; the third key being generated by the UE based on a second key, the second key being generated based on a first key of a first node; and the receiving node of the first message being a second node.
  • UE user equipment
  • a first node is provided according to a seventh aspect of the present disclosure, wherein the first node includes: a processing module configured to generate a fifth key based on a first key of the first node; and a sending module configured to send the fifth key to a second node, wherein the fifth key is used by the second node to generate a fourth key, and the fourth key is used to protect the communication security between the second node and a user equipment (UE).
  • UE user equipment
  • a second node includes: a receiving module configured to receive a fifth key sent by a first node; the fifth key being generated based on a first key of the first node; and a processing module configured to generate a fourth key based on the fifth key; the fourth key being used to protect the communication security between the second node and a user equipment (UE).
  • UE user equipment
  • a communication system is provided according to a ninth aspect of the present disclosure, wherein the communication system includes a user equipment (UE), a first node, a second node, and a third node; the UE is configured to execute the information processing method provided by any technical solution of the first aspect; the third node is configured to execute the information processing method provided by any technical solution of the second aspect; the first node is configured to execute the information processing method provided by any technical solution of the third aspect; and the second node is configured to execute the information processing method provided by any technical solution of the fourth aspect.
  • UE user equipment
  • a communication device is provided according to a tenth aspect of the present disclosure, wherein the communication device includes: one or more processors; wherein the processors are configured to invoke instructions to cause the communication device to perform the information processing method described in any of the technical solutions of any of the first to fourth aspects.
  • a storage medium stores instructions that, when executed on a communication device, cause the communication device to perform an information processing method provided by any one of the first to fourth aspects.
  • a program product includes a computer program, which, when executed by a communication device, enables the communication device to implement the information processing method provided by any of the technical means of the first to fourth aspects.
  • the technical approach provided in this disclosure allows the UE to communicate directly with a second node, in addition to communicating directly with the first node. Furthermore, a second key is generated based on the first key of the first node, thus enabling the second key to protect the UE. Security of communication with the second node.
  • Figure 1A is a schematic diagram of the architecture of a communication system according to an exemplary embodiment
  • Figure 1B is a schematic diagram of the architecture of a communication system according to an exemplary embodiment
  • Figure 1C is a schematic diagram illustrating the connection between a user equipment (UE), a radio access network (RAN), and a core network according to an exemplary embodiment.
  • UE user equipment
  • RAN radio access network
  • Figure 1D is a schematic diagram illustrating another connection between the UE and RAN and the core network according to an exemplary embodiment
  • Figure 1E is a schematic diagram of a security architecture according to an exemplary embodiment
  • Figure 1F is a schematic diagram of a security architecture according to an exemplary embodiment
  • Figure 1G is a schematic diagram of a security architecture according to an exemplary embodiment
  • Figure 2A is a flowchart illustrating an information processing method according to an exemplary embodiment
  • Figure 2B is a flowchart illustrating an information processing method according to an exemplary embodiment
  • Figure 2C is a flowchart illustrating an information processing method according to an exemplary embodiment
  • Figure 2D is a flowchart illustrating an information processing method according to an exemplary embodiment
  • Figure 3 is a flowchart illustrating an information processing method according to an exemplary embodiment
  • Figure 4A is a flowchart illustrating an information processing method according to an exemplary embodiment
  • Figure 4B is a flowchart illustrating an information processing method according to an exemplary embodiment
  • Figure 5A is a flowchart illustrating an information processing method according to an exemplary embodiment
  • Figure 5B is a flowchart illustrating an information processing method according to an exemplary embodiment
  • Figure 5C is a flowchart illustrating an information processing method according to an exemplary embodiment
  • Figure 6A is a flowchart illustrating an information processing method according to an exemplary embodiment
  • Figure 6B is a flowchart illustrating an information processing method according to an exemplary embodiment
  • Figure 7A is a flowchart illustrating an information processing method according to an exemplary embodiment
  • Figure 7B is a flowchart illustrating an information processing method according to an exemplary embodiment
  • Figure 7C is a flowchart illustrating an information processing method according to an exemplary embodiment
  • Figure 8A is a schematic diagram of the structure of a UE according to an exemplary embodiment
  • Figure 8B is a schematic diagram of the structure of a third node according to an exemplary embodiment
  • Figure 8C is a schematic diagram of the structure of a first node according to an exemplary embodiment
  • Figure 8D is a schematic diagram of the structure of a first node according to an exemplary embodiment
  • Figure 9A is a schematic diagram of the structure of a communication device according to an exemplary embodiment
  • Figure 9B is a schematic diagram of the structure of a chip according to an exemplary embodiment.
  • This disclosure provides an information processing method, a communication device, a communication system, and a storage medium.
  • a first aspect provides an information processing method, wherein the method is executed by a user equipment, the method comprising: generating a second key based on a first key of a first node; generating a third key based on the second key; the third key being used to protect the communication security between the UE and the second node.
  • the UE in addition to being able to communicate directly with the first node, the UE is also allowed to communicate directly with the second node.
  • a second key is generated based on the first key of the first node, and a third key is generated based on the second key. In this way, the third key can be used to protect the communication security between the UE and the second node.
  • generating a second key based on a first key of a first node includes at least one of the following: generating a second key based on the type of the first key and the second node; generating a second key based on the instance identifier ID of the first key and the second node.
  • the second key can be generated according to the first key and the type of the second node. This allows the UE to generate the second key even if it does not know which specific second node it is, simplifying the generation of the second key.
  • the UE can pre-generate the second key according to the type of node that may need to communicate after obtaining the first key, and can directly use the generated second key when communication is needed later.
  • generating a second key based on the types of the first key and the second node includes at least the following: One step: Generate a second key based on the first key, the type of the second node, and the first count value; the first count value is the count of uplink messages sent by the UE to the second node; generate the second key based on the first key, the type of the second node, and the first time information; the first time information indicates the generation period of the second key.
  • generating a second key based on a first key and an instance identifier ID of a second node includes: the UE is pre-configured with an instance ID of a second node, and the second key is generated based on the first key and the instance ID of the second node.
  • the UE is pre-configured with the instance ID of the second node.
  • a second key can be generated based on the first key and the instance ID of the second node, so that the third key for different second nodes is different, thereby further improving the security of communication between the UE and the second node.
  • generating a second key based on a first key and an instance identifier ID of a second node includes at least one of the following: generating a second key based on a first key, an instance ID of a second node, and a first count value; the first count value being an uplink message count sent by the UE to the second node; generating a second key based on a first key, an instance ID of a second node, and first time information; the first time information indicating the generation period of the second key.
  • a specific method is given for generating a second key based on the first key and the instance ID of the second node.
  • the second key generated by the UE is different when communicating with the second node at different times, so that the third key is also different, thereby improving the communication security between the UE and the second node.
  • the method further includes: sending a first Radio Resource Control (RRC) message to a third node, the first RRC message being a first message; the first message being protected by a third key; and the second node being the receiving node of the first message.
  • RRC Radio Resource Control
  • the first message is encapsulated in the first RRC message.
  • the first message can be easily sent to the third node using the RRC connection between the UE and the third node, and on the other hand, the third node can transmit or forward the first message to subsequent nodes.
  • the first message includes at least one of the following: Non-Access Stratum (NAS) signaling; UE ID; and a first algorithm identifier, which identifies a security algorithm protecting the first message.
  • NAS Non-Access Stratum
  • carrying at least one of the aforementioned information contents in the first message can enable the second node to know the UE's communication needs and/or obtain the input parameters for generating the fourth key.
  • the first RRC message is protected by the UE's access layer AS security context.
  • the first RRC message is protected by the AS security context to ensure the security of the first message over the air interface.
  • the method further includes: receiving a second RRC message sent by a third node, the second RRC message including a second message; the second message originating from a second node; the second message being protected by a fourth key; the fourth key being generated based on a fifth key, the fifth key being generated based on a first key.
  • the UE receives a second RRC message from the second node, which includes a second message returned by the second node based on the first message. In this way, the UE completes one communication with the second node within a time period.
  • the second RRC message is protected by the UE's access stratum AS security context.
  • using AS security context protection for the second RRC message can provide double-layer security protection for the second message, further enhancing its security.
  • the second RRC message may not be protected by the AS security context, reducing the UE's message parsing latency.
  • the first RRC message may not be protected by the AS security context to facilitate the message parsing rate of the first node and/or the second node.
  • the first RRC message further includes at least one of the following: type information of the second node; instance ID of the second node; address information of the second node.
  • the type information, instance ID, or address information of the second node are carried in the first RRC message instead of the first message, so that the third node and/or the first node can identify the second node, thus enabling the transparent transmission of the first message.
  • the second aspect provides an information processing method, wherein the method is executed by a third node, the method comprising: receiving a first message sent by a user equipment (UE), the first message being protected by a third key; the third key being generated by the UE based on a second key, the second key being generated based on a first key of a first node; and the receiving node of the first message being the second node.
  • UE user equipment
  • receiving a first message sent by a user equipment includes: receiving a first radio resource control (RRC) message sent by the UE, wherein the first RRC message includes the first message.
  • RRC radio resource control
  • the first RRC message is protected by the access layer AS security context.
  • the first RRC message further includes at least one of the following: type information of the second node; second The instance ID of the node; the address information of the second node.
  • the method further includes: sending a first message to a first node or a second node, wherein a third node is a forwarding node for the first message.
  • sending a first message to a first node or a second node includes at least one of the following: sending a first message to a first node or a second node based on whether the first message is the first message sent by the UE to the second node; sending a first message to a first node or a second node based on whether a third node has obtained first information of the second node; the first information includes at least one of the instance ID of the second node and the address information of the second node; and sending a first message to a first node or a second node based on whether the third node can determine the second node.
  • the third node will determine whether to send the first message directly to the second node or the first node depending on the situation, thereby realizing targeted transmission of the first message under different circumstances and facilitating flexible selection as needed during actual transmission.
  • sending a first message to either the first node or the second node based on whether the first message is the first message sent by the UE to the second node includes at least one of the following: if the first message is the first message sent by the UE to the second node, the first message is sent to the first node; if the first message is not the first message sent by the UE to the second node, the first message is sent to the second node.
  • sending a first message to the first node or the second node based on whether the third node has obtained the first information of the second node includes at least one of the following: the first RRC message includes the first information of the second node, and the first message is sent to the second node; the third node has stored the first information of the second node, and the first message is sent to the second node; the first RRC message does not contain the first information of the second node, and the first message is sent to the first node; the first node has not stored the first information of the second node, and the first message is sent to the first node.
  • sending a first message to a first node or a second node based on whether a third node can determine a second node includes at least one of the following: if the second node can be determined based on the type information of the second node and the configuration information of the third node in the first RRC message, a first message is sent to the second node; if the second node cannot be determined based on the type information of the second node and the configuration information of the third node in the first RRC message, a first message is sent to the first node.
  • sending a first message to a first node or a second node includes at least one of the following: determining the type of the second node; sending a first message to a second node of a type connected to a third node.
  • determining the type of the second node includes at least one of the following: determining the type of the second node based on the type information of the second node included in the first RRC message; or determining the type of the second node based on the message type of the first message.
  • the third node sends a first message to the first node; the method further includes sending at least one of the type information of the second node and the instance ID of the second node to the first node.
  • the method further includes: receiving a second message sent by a first node or a second node, the second message being protected by a third key; the third key being generated by the second node based on the first key; and sending a second RRC message to the UE based on the second message, the second RRC message including the second message.
  • the method further includes: receiving second information of the second node sent by the first node or the second node, the second information including at least one of the instance ID of the second node and the address information of the second node.
  • the method further includes: interpreting the second message to obtain second information of the second node, the second information including at least one of the instance ID of the second node and the address information of the second node.
  • the second RRC message is protected by the UE's access layer AS layer context.
  • the method before sending the first message to the second node, the method further includes: sending a third message to the first node, the third message being used to request the first node to generate a fifth key for the second node; the fifth key being used to generate a fourth key; and the fourth key being used to protect the communication security between the second node and the UE.
  • the method further includes: receiving a fourth message sent by the first node;
  • Send a first message to the second node including: a fourth message indicating that the fifth key has been generated, and then send the first message to the second node.
  • an information processing method executed by a first node, includes:
  • the fifth key is sent to the second node.
  • the fifth key is used by the second node to generate the fourth key.
  • the fourth key is used to protect the communication security between the second node and the user equipment (UE).
  • generating a fifth key based on a first key from a first node includes:
  • the method further includes: receiving a third message sent by a third node, and generating a fifth key based on a first key of a first node; the third message is used to request the first node to generate a fifth key for the second node.
  • the method further includes: sending a fourth message to a third node; the fourth message is used by the third node. Determine whether the fifth key has been generated.
  • generating a fifth key based on a first key of a first node includes: receiving a fifth message sent by a second node, and generating a fifth key based on the first key of the first node; the fifth message is used by the second node to request the fifth key from the first node.
  • the method further includes determining a second node before generating a fifth key based on the first key of the first node.
  • determining the second node includes at least one of the following: determining the second node based on the type information of the second node sent by the third node; determining the second node based on the instance identifier of the second node sent by the third node; determining the second node based on the message type of the first message forwarded by the third node; or determining the second node based on the information content of the first message forwarded by the third node.
  • the method further includes sending a first message to a second node.
  • generating a fifth key based on a first key includes at least one of the following: generating a fifth key based on the type of the first key and the second node; generating a fifth key based on the instance identifier ID of the first key and the second node.
  • a fifth key is generated based on the type of the first key and the second node, including at least one of the following: generating the fifth key based on the first key, the type of the second node, and a first count value; the first count value being the count of uplink messages sent by the UE to the second node; generating the fifth key based on the first key, the type of the second node, and second time information; the second time information indicating the period in which the fifth key was generated.
  • generating a fifth key based on a first key and an instance identifier ID of a second node includes at least one of the following: generating a fifth key based on a first key, an instance ID of a second node, and a first count value; the first count value being a count of uplink messages sent by the UE to the second node; generating a fifth key based on a first key, an instance ID of a second node, and second time information; the second time information indicating the generation period of the fifth key.
  • the method further includes: sending a second algorithm identifier to the second node when sending a first message to the second node, the second algorithm identifier being an input parameter for generating a fourth key.
  • the method further includes: receiving a second message sent by a second node, the second message being protected by a fourth key; the fourth key being generated by the second node based on a fifth key.
  • the method further includes sending a second message to a third node.
  • the method further includes: sending second information to the third node, the second information including at least one of the instance ID of the second node and the address information of the second node.
  • the fourth aspect provides an information processing method, which is executed by a second node, the method comprising: receiving a fifth key sent by a first node; the fifth key being generated based on a first key of the first node; generating a fourth key based on the fifth key; the fourth key being used to protect the communication security between the second node and the user equipment (UE).
  • UE user equipment
  • the method further includes: receiving a first message sent by a first node or a third node; the first message being protected by a third key; the third key being generated based on a second key; the second key being generated based on the first key; and verifying the security of the first message using a fourth key.
  • the method further includes: receiving a second algorithm identifier sent by a first node, the second algorithm identifier being used as an input parameter for generating a fourth key; or, receiving a first algorithm identifier in a first message forwarded by a third node, the first algorithm identifier being used as an input parameter for generating a fourth key.
  • the method further includes sending a second message to a first node or a third node, the second message being protected by a fourth key.
  • the method further includes: receiving a first message forwarded by a third node and sending a fifth message to the first node; the fifth message is used by the second node to request a fifth key from the first node.
  • the fifth aspect provides a user equipment (UE), wherein the UE includes:
  • the processing module is configured to generate a second key based on the first key of the first node; and to generate a third key based on the second key; the third key is used to protect the communication security between the UE and the second node.
  • the sixth aspect provides a third node, wherein the third node includes:
  • the receiving module is configured to receive a first message sent by a user equipment (UE).
  • the first message is protected by a third key.
  • the third key is generated by the UE based on a second key, which is generated based on the first key of a first node.
  • the receiving node for the first message is the second node.
  • the seventh aspect provides a first node, wherein the first node includes:
  • the processing module is configured to generate a fifth key based on the first key of the first node
  • the sending module is configured to send the fifth key to the second node, which is used by the second node to generate the fourth key.
  • the key is used to protect the security of communication between the second node and the user equipment (UE).
  • the eighth aspect provides a second node, wherein the second node includes:
  • the receiving module is configured to receive the fifth key sent by the first node; the fifth key is generated based on the first key of the first node.
  • the processing module is configured to generate a fourth key based on the fifth key; the fourth key is used to protect the communication security between the second node and the user equipment (UE).
  • UE user equipment
  • a ninth aspect provides a communication system, wherein the communication system includes a user equipment (UE), a first node, a second node, and a third node; the UE is used to execute a method of any technical solution of the first aspect; the third node is used to execute a method of any technical solution of the second aspect; the first node is used to execute a method of any technical solution of the third aspect; and the second node is used to execute a method of any technical solution of the fourth aspect.
  • UE user equipment
  • a tenth aspect provides a communication device, wherein the communication device includes: one or more processors; wherein the processors are configured to invoke instructions to cause the communication device to execute any of the information processing methods of the first to fourth aspects.
  • embodiments of this disclosure provide a program product, wherein the program product includes a computer program, which, when executed by a communication device, enables the communication device to perform any of the information processing methods of the first to fourth aspects.
  • embodiments of this disclosure provide a computer program that, when run on a computer, causes the computer to execute any of the information processing methods of the first to fourth aspects.
  • This disclosure provides an information processing method, a communication device, a communication system, and a storage medium.
  • the embodiments of this disclosure are not exhaustive, but merely illustrative of some embodiments, and are not intended to limit the specific scope of protection of this disclosure.
  • each step in a particular embodiment can be implemented as an independent embodiment, and the steps can be arbitrarily combined. For example, removing some steps in a particular embodiment can also be implemented as an independent embodiment, and the order of the steps in a particular embodiment can be arbitrarily interchanged.
  • the optional implementations in a particular embodiment can be arbitrarily combined; moreover, the embodiments can be arbitrarily combined, for example, some or all steps of different embodiments can be arbitrarily combined, and a particular embodiment can be arbitrarily combined with optional implementations of other embodiments.
  • multiple refers to two or more.
  • the terms “at least one of”, “one or more”, “a plurality of”, “multiple”, etc., may be used interchangeably.
  • the notation "at least one of A and B", “A and/or B", “A in one case, B in another”, “A in one case, B in another”, etc. may include the following technical methods depending on the situation: in some embodiments, A (A is executed regardless of B); in some embodiments, B (B is executed regardless of A); in some embodiments, execution is selected from A and B (A and B are selectively executed); in some embodiments, A and B (both A and B are executed). The same applies when there are more branches such as A, B, C, etc.
  • the notation "A or B” may include the following technical approaches, depending on the circumstances: in some embodiments, A (execution of A regardless of B); in some embodiments, B (execution of B regardless of A); in some embodiments, selective execution from A and B (A and B are selectively executed). The same applies when there are more branches such as A, B, C, etc.
  • the descriptive object is a "field,” then the ordinal numbers before “field” in “first field” and “second field” do not restrict the position or order of the "fields,” nor do “first” and “second” restrict whether the "fields” they modify are in the same message, nor do they restrict the order of "first field” and “second field.”
  • the descriptive object is a "level,” then the ordinal numbers before “level” in “first level” and “second level” do not restrict the priority between “levels.”
  • the number of descriptive objects is not limited by ordinal numbers and can be one or more. Taking “first device” as an example, the number of "devices" can be one or more.
  • the objects modified by different prefixes can be the same or different.
  • the descriptive object is a "device,” then the number of “devices” can be one or more.
  • a device and “a second device” can be the same device or different devices, and their types can be the same or different; for example, if the object being described is "information”, then “first type of information” and “second type of information” can be the same information or different information, and their content can be the same or different.
  • “including A,” “containing A,” “for indicating A,” and “carrying A” can be interpreted as directly carrying A or indirectly indicating A.
  • the terms “greater than,” “greater than or equal to,” “not less than,” “more than,” “more than or equal to,” “not less than,” “higher than,” “higher than or equal to,” “not lower than,” and “above” can be used interchangeably, as can the terms “less than,” “less than or equal to,” “not greater than,” “less than,” “less than or equal to,” “not more than,” “lower than,” “lower than or equal to,” “not higher than,” and “below”.
  • devices, etc. can be interpreted as physical or virtual, and their names are not limited to the names recorded in the embodiments.
  • Terms such as “device”, “equipment”, “circuit”, “network element”, “node”, “function”, “unit”, “section”, “system”, “network”, “chip”, “chip system”, “entity”, and “subject” can be used interchangeably.
  • network can be interpreted as network-side devices or network functions such as access network devices and core network devices included in the network.
  • the terms “access network device (AN device),” “radio access network device (RAN device),” “base station (BS),” “radio base station,” “fixed station,” “node,” “access point,” “transmission point (TP),” “reception point (RP),” “transmission/reception point (TRP),” “panel,” “antenna panel,” “antenna array,” “cell,” “macro cell,” “small cell,” “femto cell,” “pico cell,” “sector,” “cell group,” “serving node,” “carrier,” “component carrier,” and “bandwidth part (BWP)” can be used interchangeably.
  • the terms “UE (terminal),” “UE device,” “user equipment (UE),” “user UE (user terminal),” “mobile station (MS),” “mobile UE (MT),” “subscriber station,” “mobile unit,” “subscriber unit,” “wireless unit,” “remote unit,” “mobile device,” “wireless device,” “wireless communication device,” “remote device,” “mobile subscriber station,” “access UE,” “mobile terminal,” “wireless UE,” “remote terminal,” “handset,” “user agent,” “mobile client,” and “client” can be used interchangeably.
  • the access network device, core network device, or network device can be replaced by a UE.
  • embodiments of this disclosure can also be applied to structures where communication between the access network device, core network device, or network device and the UE is replaced by communication between multiple UEs (e.g., device-to-device (D2D), vehicle-to-everything (V2X), etc.).
  • the UE can also be configured to have all or some of the functions of the access network device.
  • terms such as "uplink” and "downlink” can be replaced with terms corresponding to communication between UEs (e.g., "sidelink”).
  • uplink channel, downlink channel, etc. can be replaced with sidelink channel
  • uplink link, downlink, etc. can be replaced with sidelink link.
  • the UE can be replaced by an access network device, a core network device, or a network device. In this case, it can also be configured such that the access network device, core network device, or network device has all or some of the functions of the UE.
  • the acquisition of data, information, etc. may comply with the laws and regulations of the country where the location is situated.
  • data, information, etc. may be obtained with the user's consent.
  • each element, each row, or each column in the table of this disclosure can be implemented as an independent embodiment, and any combination of any element, any row, or any column can also be implemented as an independent embodiment.
  • Figure 1A is a schematic diagram of the architecture of a communication system according to an embodiment of the present disclosure.
  • the communication system 100 includes a terminal 101 and a network device 102.
  • the network device 102 may include access network equipment and/or core network equipment.
  • the terminal may also be referred to as a UE.
  • terminal 101 includes, for example, a mobile phone, a wearable device, an Internet of Things device, a car with communication capabilities, a smart car, a tablet computer, a computer with wireless transceiver capabilities, a virtual reality (VR) UE device, an augmented reality (AR) UE device, a wireless UE device in industrial control, a wireless UE device in self-driving, or a wireless UE device in remote medical surgery.
  • the device is at least one of, but not limited to, wireless UE devices in smart grids, wireless UE devices in transportation safety, wireless UE devices in smart cities, and wireless UE devices in smart homes.
  • the UE is also referred to as User Equipment (UE).
  • UE User Equipment
  • the access network device may be a node or device that connects the UE to the wireless network.
  • the access network device may include, but is not limited to, at least one of the following in a 5G communication system: evolved Node B (eNB), next-generation evolved Node B (ng-eNB), next-generation Node B (gNB), node B (NB), home node B (HNB), home evolved node B (HeNB), radio backhaul device, radio network controller (RNC), base station controller (BSC), base transceiver station (BTS), base band unit (BBU), mobile switching center, base station in a 6G communication system, open RAN, cloud RAN, base station in other communication systems, and access node in a Wi-Fi system.
  • eNB evolved Node B
  • ng-eNB next-generation evolved Node B
  • gNB next-generation Node B
  • gNB next-generation Node B
  • NB node B
  • HNB home node B
  • HeNB home evolved node B
  • the technical methods of this disclosure can be applied to the Open RAN architecture.
  • the interfaces between or within access network devices involved in the embodiments of this disclosure can be transformed into internal interfaces of Open RAN.
  • the processes and information interactions between these internal interfaces can be implemented by software or programs.
  • the access network device may be composed of a central unit (CU) and a distributed unit (DU).
  • the CU may also be called a control unit.
  • the CU-DU structure can separate the protocol layer of the access network device. Some protocol layer functions are centrally controlled by the CU, while the remaining part or all of the protocol layer functions are distributed in the DU and centrally controlled by the CU. However, this is not the only possibility.
  • the core network equipment can be a single device, including a first network element, or it can be multiple devices or a group of devices, each including a first network element.
  • the network element can be virtual or physical.
  • the core network includes, for example, at least one of an Evolved Packet Core (EPC), a 5G Core Network (5GCN), and a Next Generation Core (NGC).
  • EPC Evolved Packet Core
  • 5GCN 5G Core Network
  • NGC Next Generation Core
  • the following embodiments of this disclosure can be applied to the communication system 100 shown in FIG1A, or to some of the main bodies, but are not limited thereto.
  • the main bodies shown in FIG1A are illustrative.
  • the communication system may include all or some of the main bodies in FIG1A, or it may include other main bodies outside of FIG1A.
  • the number and form of each main body are arbitrary.
  • the connection relationship between the main bodies is illustrative.
  • the main bodies may not be connected or may be connected.
  • the connection can be in any way, it can be a direct connection or an indirect connection, it can be a wired connection or a wireless connection.
  • LTE Long Term Evolution
  • LTE-A LTE-Advanced
  • LTE-B LTE-Beyond
  • SUPER 3G IMT-Advanced
  • 4G 4th generation mobile communication system
  • 5G 5th generation mobile communication system
  • 5G 5G New Radio
  • FAA New Radio Access Technology
  • RAT New Radio
  • NX New Radio Access
  • FX Future Generation Radio Access
  • GSM Global System for Mobile Communications
  • UMB Ultra Mobile Broadband
  • IEEE 802.11 Wi-Fi
  • IEEE 802.16 WiMAX
  • IEEE 802.20 Ultra-Wideband
  • PLMN Public Land Mobile Network
  • D2D Device-to-Device
  • M2M Machine-to-Machine
  • IoT Internet of Things
  • V2X Vehicle-to-Everything
  • systems utilizing configuration methods of other resources and next-generation systems extended from them.
  • multiple systems can be combined (e.g., LTE and NR can be combined).
  • NFs Network Functions
  • 5GC 5th Generation Core
  • NAS Non-Access Stratum
  • K AMF root key
  • SEAF Security Anchor Function
  • K AMF is used by the UE and AMF to derive the NAS integrity key K NASint and/or the NAS confidentiality protection key K NASenc , and no other core NF can derive the NAS security key. Since the current key hierarchy design of other core NFs does not support NAS security, it is impossible to protect NAS signaling between the UE and other core NFs.
  • FIG. 1D is a schematic diagram of a 5G security key hierarchy architecture.
  • this embodiment of the present disclosure provides an information processing method, executed by a communication system.
  • the method may include:
  • S2101 The UE generates a second key based on the first key of the first node.
  • the communication system can be as shown in Figure 1A.
  • the UE is terminal 101 shown in Figure 1A.
  • the first node can be one of the network devices 102 shown in Figure 1A.
  • the first node can be a core network node.
  • the first node may include, but is not limited to, access management functions (AMF).
  • the second node may also include other network functions (NF).
  • the second key is an intermediate key used to generate the third key.
  • both the first node and the second node may be core network nodes.
  • a second key is generated based on the type of the first key and the second node.
  • the UE can determine the type of the second node based on the requested network service or function. For instance, if the UE requests a user plane session, the type of the second node is a Session Management Function (SMF). If the UE requests location, the type of the second node can be a Location Management Function (LMF).
  • the second node can be any node in the UE's serving network other than the first node.
  • the second node can be any core network node in the UE's serving network other than the first node.
  • the second node is not necessarily a core network node.
  • the UE uses a Key Derivation Function (KDF) to derive a second key, taking the first key as input and the type of the second node as the derivation parameter.
  • KDF Key Derivation Function
  • a second key is generated based on a first key, the type of the second node, and a first count value; the first count value is the count of uplink messages sent by the UE to the second node.
  • the first count value can be the number of uplink NAS messages that the UE has sent to the second node. If the current UE has not yet sent any uplink NAS messages to the second node, the first count value can be 0.
  • a second key is generated based on a first key, the type of the second node, and first time information; the first time information indicates the time period during which the second key was generated.
  • the unit of the generation period may be milliseconds or seconds, so that the time difference between the UE generating the second key and the first node generating the fifth key can be ignored.
  • the generation period may be longer than the time required for information to be transmitted from the UE to the first node.
  • a second key is generated based on the first key and the instance identifier ID of the second node.
  • the UE may be pre-configured with an instance identifier (ID) corresponding to the second node.
  • ID instance identifier
  • the UE may also generate a second key based on the instance ID of the second node and the first key.
  • the UE after the UE selects a second node for service by the first node through information interaction with the first node, the UE returns the instance ID of the second node to the UE. At this time, the UE will also know the instance ID of the second node.
  • the second key can be generated based on the instance ID of the second node.
  • the UE is pre-configured with the instance ID of the second node, and the second key is generated based on the first key and the instance ID of the second node.
  • the UE ID can also be used as a parameter for generating the second key.
  • the second key is generated based on the first key and one or more of the following: the type of the second node, the instance ID of the second node, the first count value, the first time information, and the UE ID. If the second key is generated based on the UE ID and the first key, different UEs will have different second keys, thereby achieving isolation of communication security between different UEs and the second node.
  • the UE ID can be any information that can identify the UE.
  • the UE's International Mobile Subscriber Identification Number (IMSI), International Mobile Equipment Identification (IMEI), 5G Globally Unique Temporary Identifier (GUTI), Network Access Identifier (NAI), etc. can be information that uniquely identifies the UE.
  • S2102 The UE generates a third key based on the second key.
  • a third key is used to protect the security of communication between the UE and the second node.
  • the third key is used to protect the security of NAS communication between the UE and the second node.
  • This NAS communication security may include the security of NAS messages.
  • the third key may include at least one of the following: an integrity key; a confidentiality key; and a scrambling key.
  • the integrity key can be used for integrity protection (or integrity verification).
  • the confidentiality key can be used for confidentiality protection, such as encryption or decryption.
  • the scrambling key can be used for scrambling or descrambling information.
  • different terminal devices or core network devices may support different security algorithms.
  • the algorithm identifier needs to be used as a parameter for generating the third key.
  • a second key is used as input to the KDF, and a third key is generated by combining one or more of the following parameters:
  • P0 algorithm type distinguisher, for example, the type of security algorithm here includes, but is not limited to, integrity algorithms and/or confidentiality algorithms;
  • L0 the length of P0
  • P1 Security Algorithm ID; for example, the ID for Advanced Encryption Standard (AES), the ID for Zu Chongzhi Algorithm (ZUC), etc.
  • AES Advanced Encryption Standard
  • ZUC Zu Chongzhi Algorithm
  • the third key can be used to protect NAS messages sent by the UE to the second node.
  • S2103 The UE sends the first message to the third node.
  • the third node may be an access network node, specifically a base station of various types.
  • the first message is carried in the first RRC message using a message container.
  • the first RRC message is protected using an AS security context.
  • this AS context may include the key used for communication between the UE and the access network node.
  • the first RRC message may be encrypted and/or protected for integrity.
  • the first message includes at least one of the following:
  • Non-access stratum (NAS) signaling
  • the first algorithm identifier is used to identify the security algorithm protecting the first message.
  • NAS signaling may be a NAS message that the UE needs to send to the second node. This NAS signaling may be carried in a first RRC message via a container.
  • the encapsulation protocol of the NAS signaling may differ for different types of second nodes.
  • the signaling content of the NAS signaling may differ for different types of second nodes.
  • the NAS signaling may be NAS signaling encapsulated with the Long Term Evolution (LTE) Positioning Protocol (LPP) protocol, and/or, the NAS message may be related to the absolute and/or relative positioning of the UE.
  • LTE Long Term Evolution
  • LPP Positioning Protocol
  • the NAS message may be related to the absolute and/or relative positioning of the UE.
  • the signaling content of the NAS signaling may be related to the establishment, connection, or release of a Protocol Data Unit (PDU).
  • PDU Protocol Data Unit
  • the UE's ID may include, but is not limited to, various types of UE IDs, such as IMEI, IMSI, or NAI.
  • the first algorithm identifier can be used to identify a specific algorithm, such as an integrity algorithm or a confidentiality algorithm.
  • the first algorithm identifier may be an input parameter for the UE to generate a third key.
  • the security algorithm indicated by the first algorithm identifier can be the same as the NAS security algorithm negotiated between the UE and the first node. This means that the UE and the second node do not need to negotiate the security algorithm again.
  • the first node is AMF or SAEF
  • KAMF or KSEAF serves as the first key of the first node.
  • the first key as an intermediate security key for non-access stratum communication between the UE and the first node, is used to generate the NAS security key to protect the security of non-access stratum communication between the UE and the first node.
  • the NAS security key between the UE and the first node also requires the algorithm identifier as an input parameter for key generation.
  • the UE needs to generate the third key based on the second key.
  • the security algorithm identifier to be used can be the default algorithm identifier used in non-access stratum communication between the UE and the first node.
  • the UE does not need to negotiate an algorithm with the second node, nor does it need to send the UE's supported algorithm capabilities to the network, simplifying the process and reducing signaling overhead.
  • the first message may or may not carry the first algorithm identifier.
  • the first message is sent to the first node via the third node, and the first node already knows the security algorithm identifier (i.e., the second algorithm identifier) negotiated with the UE.
  • This algorithm identifier can be provided to the second node by the first node.
  • the first message carries the first algorithm identifier, the first node does not need to provide the algorithm identifier to the second node separately.
  • the first algorithm identifier is an optional part of the first message.
  • the first RRC message also includes at least one of the following:
  • the type information of the second node is the type information of the second node
  • the type information of the second node is carried in the first RRC message, which can enable the third node or the first node to know the type of the second node and select the second node for the UE based on the UE's location information and/or the second node that the third node can reach.
  • the instance ID of the second node may be an identifier of the second node pre-configured on the UE. In some embodiments, the instance ID of the second node is obtained by the UE based on historical communications.
  • the address information of the second node may include, but is not limited to, a network protocol (IP) address.
  • IP network protocol
  • the first RRC message is also protected using an AS security context.
  • the AS security context may include: a confidentiality key and/or an integrity key for communication between the UE and the third node.
  • S2104 The third node sends the first message.
  • the third node sends a first message to the first node or the second node.
  • the first node may be a core network function such as an access mobility management function (AMF) or a mobile management entity (MME).
  • AMF access mobility management function
  • MME mobile management entity
  • the first node may select a second node for the UE.
  • the second node is the target node for the UE to receive the first message in this NAS communication.
  • the third node may act as a forwarding node for the first message. For example, the third node receives the first RRC message, extracts the first message from the first RRC message, and sends the first message to the first node.
  • a first message is sent to either the first node or the second node depending on whether the first message is the first message sent by the UE to the second node.
  • the third node acting as a service node for the UE, can determine whether the first message received is the first message within a certain period or after accessing the third node. If the first message is the first message sent by the UE to the second node, then the first message is sent to either the first node or the second node. If the first message is not the first message sent by the UE to the second node, then the first message is sent to the second node.
  • sending the first message to either the first node or the second node based on whether the first message is the first message sent by the UE to the second node includes at least one of the following: if the first message is the first message sent by the UE to the second node, then the first message is sent to the first node; if the first message is not the first message sent by the UE to the second node, then the first message is sent to the second node.
  • a first message is sent to either the first node or the second node depending on whether the third node has obtained the first information of the second node; the first information includes at least one of the instance ID of the second node and the address information of the second node. For example, if the third node obtains the first information of the second node, it sends the first message to the second node. If the third node does not obtain the first information of the second node, it sends the first message to the first node.
  • sending a first message to either the first node or the second node depending on whether the third node has obtained the first information of the second node includes at least one of the following: the first RRC message includes the first information of the second node, and the first message is sent to the second node; the third node has stored the first information of the second node, and the first message is sent to the second node; the first RRC message does not contain the first information of the second node, and the first message is sent to the first node; the first node has not stored the first information of the second node, and the first message is sent to the first node.
  • the third node can obtain the first information from the first message; the third node can also obtain the first information based on records of communication between one or more UEs and nodes of the same type as the second node. Alternatively, the third node can also obtain the first information based on its local configuration. If the third node successfully obtains the first information, it indicates that the UE may not be communicating with the second node for the first time, or that the third node and the second node can communicate directly. In this case, the first message can be sent directly to the second node instead of needing to be forwarded by the first node.
  • a first message is sent to either the first or second node depending on whether the third node can determine the second node.
  • the third node can determine the second node and sends the first message to the second node. In other embodiments, the third node cannot determine the second node and sends the first message to the first node.
  • sending a first message to either the first or second node based on whether the third node can determine the second node includes at least one of the following: if the second node can be determined based on the type information of the second node included in the first RRC message and the configuration information of the third node, the first message is sent to the second node; if the second node cannot be determined based on the type information of the second node included in the first RRC message and the configuration information of the third node, the first message is sent to the first node.
  • the third node can determine the second node based on the message content and/or message type carried in the first message. Also exemplaryly, the third node can determine the second node based on its local configuration.
  • the third node supports a Service Based Interface (SBI).
  • SBI Service Based Interface
  • the third node itself is connected to one or more nodes of the same type as the second node.
  • the third node can then determine the second node if it is connected to a node of the same type as the second node.
  • the third node can select the second node for the UE according to a selection strategy.
  • the third node can select the second node for the UE based on the current load rate or reachability of multiple nodes or randomly.
  • the third node can determine the second node, and these are not limited to the examples above.
  • the third node sends a first message to the first node; the method further includes sending at least one of the type information of the second node and the instance ID of the second node to the first node.
  • S2105 The first node determines the second node for the UE.
  • the first node determines the second node for the UE, including but not limited to at least one of the following:
  • the second node is determined based on the type information of the second node sent by the third node;
  • the second node is determined based on the instance identifier of the second node sent by the third node;
  • the second node is determined based on the message type of the first message forwarded by the third node;
  • the second node is determined based on the information content of the first message forwarded by the third node;
  • the first node receives the type information of the second node and selects the second node for the UE based on the UE's location information and/or the load rate of the second node.
  • the first node receives the first message forwarded by the third node and selects a second node for the UE.
  • the first node generates the fifth key based on the first key of the first node.
  • the first node may be an AMF
  • the first key of the first node may be a K AMF
  • generating a fifth key based on the first key includes at least one of the following:
  • a fifth key is generated based on the instance identifier ID of the first key and the second node.
  • a fifth key is generated based on the types of the first key and the second node, including at least one of the following:
  • a fifth key is generated based on the first key, the type of the second node, and the first count value; the first count value is the count of uplink messages sent by the UE to the second node.
  • a fifth key is generated based on the first key, the type of the second node, and the second time information; the second time information indicates the time period during which the fifth key was generated.
  • the second key is generated using NAS message counting or second time information
  • the second key and fifth key will be different when the same UE communicates with the same second node at different time periods, thereby further improving the security of direct NAS communication between the UE and the second node.
  • a fifth key is generated based on the instance identifier ID of the first key and the second node, including at least one of the following:
  • a fifth key is generated based on the first key, the instance ID of the second node, and the first count value; the first count value is the count of uplink messages sent by the UE to the second node.
  • a fifth key is generated based on the first key, the instance ID of the second node, and the second time information; the second time information indicates the time period in which the fifth key was generated.
  • a fifth key is generated based on the instance identifier ID of the first key and the second node, including at least one of the following:
  • a fifth key is generated based on the first key, the instance ID of the second node, and the first count value; the first count value is the count of uplink messages sent by the UE to the second node.
  • a fifth key is generated based on the first key, the instance ID of the second node, and the second time information; the second time information indicates the time period in which the fifth key was generated.
  • generating a fifth key based on a first key may use at least one of the following parameters:
  • L0 the length of P0
  • P1 NF type or NF instance ID; for example, the type of the NF is LMF, SMF, etc.
  • L1 the length of P1
  • P2 UTC value or the number of uplink NAS messages
  • L2 the length of P2.
  • S2107 The first node sends the fifth key and the first message to the second node.
  • the first node when sending a first message to a second node, the first node sends a second algorithm identifier to the second node.
  • the second algorithm identifier is used to identify a security algorithm protecting the second message.
  • the second algorithm identifier is an input parameter for generating the fourth key.
  • the second algorithm identifier may be sent to the second node simultaneously with the first message and/or the fifth key. Also exemplaryly, the second algorithm identifier may be sent to the second node separately.
  • the first node identifies whether the first message contains a first algorithm identifier, and determines whether to send a second algorithm identifier to the second node based on whether the first message contains the first algorithm identifier. For example, if the first node identifies that the first message contains the first algorithm identifier, then the first node does not need to send the second algorithm identifier to the second node. Also for example, if the first node identifies that the first algorithm does not contain the first algorithm identifier, then the first node sends the second algorithm identifier to the second node.
  • the second algorithm identifier may be an algorithm identifier negotiated between the first node and the UE for NAS communication.
  • the first node does not identify whether the first message contains the first algorithm identifier.
  • it sends the second algorithm identifier to the second node, thereby simplifying the information processing of the first node.
  • the first algorithm identifier and the second algorithm identifier should be the same.
  • S2108 The second node generates the fourth key based on the fifth key.
  • the fifth key is used as input to the KDF and combined with one or more of the following parameters to generate the fourth key:
  • P0 is called the algorithm type distinguisher.
  • the types of security algorithms here include, but are not limited to, integrity algorithms and/or confidentiality algorithms.
  • L0 the length of P0
  • P1 Security Algorithm ID; for example, the ID for Advanced Encryption Standard (AES), the ID for Zu Chongzhi Algorithm (ZUC), etc.
  • AES Advanced Encryption Standard
  • ZUC Zu Chongzhi Algorithm
  • S2109 The second node sends a second message to the first or third node.
  • the second message is protected using a fourth key.
  • the second message may be protected for integrity using the fourth key, or it may be protected for confidentiality using the fourth key.
  • the second node if the second node successfully verifies the first message using a fourth key, the second node sends a second message to the first or third node. In some embodiments, if the second node fails to verify the first message using the fourth key, the second node sends a rejection message to the first or third node. This rejection message can be used to indicate that UE access is denied. For example, the rejection message sent by the second node to the first or third node may also include a reason for failure. This reason for failure can indicate why UE access to the second node is denied.
  • the second node allows the UE to access the second node and send a second message.
  • This second message may be a response message to the first message.
  • S2110 The first node sends the second message to the third node.
  • the first node transmits or forwards the second message to the third node.
  • the first node sends second information to the third node.
  • the second information includes at least one of the instance ID of the second node and the address information of the second node.
  • the second information can be used for direct communication between the third node and the second node. It is worth noting that sending the second information from the first node to the third node is an optional step.
  • the third node can obtain the second information of the second node by interpreting the second message. For example, if the second message carries a five-tuple of the sender, the third node can obtain the second information through this five-tuple. Exemplarily, this five-tuple may include: source IP address, source port, destination IP address, destination port, and transport layer protocol.
  • sending the second information to the third node by the second node can improve message transmission efficiency.
  • the second information can be sent from the first node to the third node along with the second message, or the second information can be sent to the third node separately.
  • the first node can also return the second information of the second node to the third node after determining the second node.
  • S2111 The third node sends a second message to the UE.
  • the third node sends a second RRC message to the UE, the second RRC message including a second message.
  • the second RRC message is protected using an AS security context.
  • the UE may receive a second message from a third node. For example, after the UE receives the second message, it can be considered that a message exchange between the UE and the second node has been completed.
  • the UE may send subsequent NAS messages to the second node if necessary.
  • the third node will directly pass it through or forward it to the second node.
  • the third node will also directly receive the NAS messages sent to the UE from the second node and forward or pass them through to the UE.
  • this embodiment of the present disclosure provides an information processing method, executed by a communication system.
  • the method may include:
  • S2201 The UE generates a second key based on the first key of the first node.
  • first node, second node, third node, first key and/or second key can be found in the relevant descriptions in the embodiment corresponding to Figure 2A.
  • the optional implementation of the UE generating the second key based on the first key of the first node can be found in the relevant description in the embodiment S2101 corresponding to FIG2A.
  • S2202 The UE generates a third key based on the second key.
  • the optional implementation of the UE generating a third key based on the second key of the first node can be found in the relevant description in the corresponding embodiment S2102 of FIG2A.
  • S2203 The UE sends the first message to the third node.
  • the optional implementations of the UE sending the first message to the third node can all be found in the relevant description in the embodiment S2103 corresponding to FIG2A.
  • S2204 The third node sends the first message.
  • the third node sends a first message to the first node or the second node.
  • the optional implementation of the third node sending the first message to the first node or the second node can be found in the relevant description in the embodiment S2104 corresponding to FIG2A.
  • the first node determines the second node for the UE.
  • the first node is an optional implementation for the UE to determine the second node, and all can be referred to the relevant description in the embodiment S2105 corresponding to FIG2A.
  • S2206 The first node generates the fifth key based on the first key of the first node.
  • the optional implementation of the first node generating the fifth key based on the first node's first key can be found in the relevant description in the embodiment S2106 corresponding to FIG2A.
  • the first node sends both the fifth key and the first message to the second node.
  • the first node sends both the fifth key and the first message to the second node.
  • the first node also sends a second algorithm identifier to the second node.
  • a description or function of this second algorithm identifier can be found in the embodiment corresponding to Figure 2A.
  • the first node also sends node information of the third node to the second node.
  • This node information may include, but is not limited to, at least one of the following: the node identifier of the third node; and the address information of the third node.
  • the node information of the third node may be optional. For example, if the second node and the UE communicate based on information such as the UE's IP address, the second message sent by the second node will be automatically routed to the third node. If the second node receives the information from the third node, it can communicate with the third node more conveniently. For example, the second node can communicate directly with the third node using the corresponding SBI interface or tunnel based on the node information of the third node.
  • the first node may send the node information of the third node together with the first message to the second node, or the first node may send the node information of the third node to the second node separately.
  • S2208 The second node generates the fourth key based on the fifth key.
  • the optional implementation of the second node generating the fourth key based on the fifth key can be found in the relevant description in the embodiment S2108 corresponding to FIG2A.
  • the second node uses an algorithm identifier as an input parameter when generating the fourth key.
  • This algorithm identifier can be either a first algorithm identifier or a second algorithm identifier.
  • the first algorithm identifier is provided by the UE, and the second algorithm identifier is provided by the first node.
  • the first algorithm identifier may be included in the first message, and the second algorithm identifier may be actively sent by the first node to the second node or requested by the second node from the first node.
  • the relevant descriptions of the first and second algorithm identifiers can be found in the embodiment corresponding to Figure 2A.
  • the alternative implementations of the second node sending the second message to the third node can be found in the relevant description in the embodiment S2109 corresponding to FIG2A.
  • S2210 The third node sends a second message to the UE.
  • the alternative implementations of the second node sending the second message to the third node can be found in the relevant description in the embodiment S2110 corresponding to FIG2A.
  • this embodiment of the present disclosure provides an information processing method, executed by a communication system.
  • the method may include:
  • S2301 The UE generates a second key based on the first key of the first node.
  • the relevant descriptions of the first node, second node, third node, first key, and/or second key are shown in the figure.
  • the relevant description in the corresponding embodiment is shown in 2A.
  • the optional implementation of the UE generating the second key based on the first key of the first node can be found in the relevant description in the embodiment S2101 corresponding to FIG2A.
  • S2302 The UE generates a third key based on the second key.
  • the optional implementation of the UE generating a third key based on the second key of the first node can be found in the relevant description in the corresponding embodiment S2102 of FIG2A.
  • S2303 The UE sends the first message to the third node.
  • the optional implementations of the UE sending the first message to the third node can all be found in the relevant description in the embodiment S2103 corresponding to FIG2A.
  • S2304 The third node sends a third message to the first node.
  • a third message is sent to the first node before the first message is sent to the second node.
  • the third node determines that the first message is the first message sent by the UE to the second node, it sends the third message to the first node before sending the first message to the second node. In some embodiments, if the third node determines that the first message is not the first message sent by the UE to the second node, it skips the step of sending the third message to the first node and directly proceeds to the step of the third node sending the third message to the first node.
  • the third node if it does not obtain the historical communication records between the UE and the second node, it sends a third message to the first node before sending the first message to the second node.
  • the third message is used to request the first node to generate a fifth key for the second node.
  • the fifth key is used to generate the fourth key.
  • the fourth key may include, but is not limited to, an integrity key and/or a confidentiality key.
  • the fourth key is used to protect the security of communication between the second node and the UE.
  • the third message includes at least one of the following: the UE's ID; the type of the second node; the instance ID of the second node; and a first count value.
  • the first count value may be the uplink NAS message count value sent by the UE to the second node.
  • S2305 The first node sends the fourth message to the third node.
  • the fourth message is used by the third node to determine whether the fifth key has been generated; or, the fourth message is used to indicate that the first node has sent the fifth key to the second node.
  • the fourth message can be used by the third node to determine whether the first message can be sent to the second node.
  • the first node may also send second information to the third node.
  • the first node if the first node does not need to select a second node for the UE, then the first node does not need to send the second information to the third node.
  • the third node carries the instance ID or address information of the second node, it means that the first node does not need to select a second node for the UE; otherwise, it does need to select a second node for the UE.
  • the first node can also update the third node to the second node determined by the UE or the second node selected by the UE itself, based on the load rate and/or abnormal conditions of different second nodes, even if it does not need to select a second node for the UE. In this case, if the first node reselects a second node for the UE, it needs to send the second information of the second node to the third node.
  • the second information includes at least one of the instance ID of the second node and the address information of the second node.
  • the second information may be included in the fourth message or may not be included in the fourth message.
  • the second information may be sent to the third node together with the fourth message, or it may be sent to the third node separately.
  • the optional method for the first node to select or reselect the second node for the UE can be found in S2105 of the embodiment corresponding to FIG2A, and will not be repeated here.
  • S2306 The third node sends the first message to the second node.
  • the third node receives a fourth message indicating that the fifth key has been generated or sent to the second node, and then sends a first message to the second node.
  • the third node may send the first message to the second node at the same time as sending the third message to the first node.
  • the third node may send the first message to the second node before sending the third message to the first node.
  • the third node first sends the first message to the first node, and after receiving the second message from the first node, it then sends the first message to the second node based on the second message.
  • the first node is an optional implementation for the UE to determine the second node, and all can be referred to the relevant description in the embodiment S2105 corresponding to FIG2A.
  • the first node generates the fifth key based on the first key of the first node.
  • the optional implementation of the first node generating the fifth key based on the first node's first key can be found in the relevant description in the embodiment S2106 corresponding to FIG2A.
  • S2308 The first node sends the fifth key to the second node.
  • the first node may send the fifth key to the second node based on the interface between nodes or by calling the corresponding service.
  • the first node also sends a second algorithm identifier to the second node.
  • a description or function of this second algorithm identifier can be found in the embodiment corresponding to Figure 2A.
  • the first node also sends node information of the third node to the second node.
  • This node information may include, but is not limited to, at least one of the following: the node identifier of the third node; and the address information of the third node.
  • the node information of the third node may be optional. For example, if the second node and the UE communicate based on information such as the UE's IP address, the second message sent by the second node will be automatically routed to the third node. If the second node receives the information from the third node, it can communicate with the third node more conveniently. For example, the second node can communicate directly with the third node using the corresponding SBI interface or tunnel based on the node information of the third node.
  • the first node may send the node information of the third node together with the first message to the third node, or the first node may send the node information of the third node to the third node separately.
  • the optional implementation of the second node generating the fourth key based on the fifth key can be found in the relevant description in the embodiment S2108 corresponding to FIG2A.
  • the algorithm identifier can be either the first algorithm identifier or the second algorithm identifier mentioned in any of the foregoing embodiments.
  • the alternative implementations of the second node sending the second message to the third node can be found in the relevant description in the embodiment S2109 corresponding to FIG2A.
  • S2311 The third node sends a second message to the UE.
  • the alternative implementations of the second node sending the second message to the third node can be found in the relevant description in the embodiment S2110 corresponding to FIG2A.
  • this embodiment of the present disclosure provides an information processing method, executed by a communication system.
  • the method may include:
  • S2401 The UE generates a second key based on the first key of the first node.
  • first node, second node, third node, first key and/or second key can be found in the relevant descriptions in the embodiment corresponding to Figure 2A.
  • the optional implementation of the UE generating the second key based on the first key of the first node can be found in the relevant description in the embodiment S2101 corresponding to FIG2A.
  • S2402 The UE generates a third key based on the second key.
  • the optional implementation of the UE generating a third key based on the second key of the first node can be found in the relevant description in the corresponding embodiment S2102 of FIG2A.
  • S2403 The UE sends the first message to the third node.
  • the optional implementation of the UE sending the first message to the third node can be found in the relevant description in the corresponding embodiment S2103 of FIG2A.
  • S2404 The third node sends the first message to the second node.
  • the third node receives a fourth message indicating that the fifth key has been generated or sent to the second node, and then sends a first message to the second node.
  • the third node may send the first message to the second node at the same time as sending the third message to the first node.
  • the third node may send the first message to the second node before sending the third message to the first node.
  • the first node is an optional implementation for the UE to determine the second node, and all can be referred to the relevant description in the embodiment S2105 corresponding to FIG2A.
  • S2405 The second node sends the fifth message to the first node.
  • the fifth message is used by the second node to request the fifth key from the first node.
  • the fifth message includes, but is not limited to, at least one of the following:
  • the fifth message may carry input parameters for the first node to generate the fifth key.
  • the UE identifier is used to indicate the UE, and the UE identifier can be used by the first node to determine the second algorithm identifier.
  • the fifth message is also used to request a second algorithm identifier.
  • the fifth message includes an indicator requesting an algorithm identifier, so that when the first node receives the fifth message containing the indicator, it will send the second algorithm identifier and the fifth key to the second node.
  • the indicator requesting the algorithm identifier is optional content of the fifth message. For example, if the first node sends the second algorithm identifier to the second node by default, then the fifth message does not need to include this indicator. Also, if the first message includes the first algorithm identifier, the second node does not need to obtain the second algorithm identifier from the first node. Furthermore, if the generation of the third and fourth keys does not use the algorithm identifier, it is obviously unnecessary to perform the transmission of the first and second algorithm identifiers between the UE and the network, and between different nodes.
  • S2406 The first node sends the fifth key to the second node.
  • the first node needs to generate the fifth key before sending it to the second node.
  • the optional implementations of the first node generating the fifth key based on the first node's first key can be found in the relevant description in embodiment S2106 corresponding to Figure 2A.
  • the optional implementation of the first node sending the fifth key to the second node can be found in S2308 of the embodiment corresponding to FIG2C.
  • the optional implementation of the second node generating the fourth key based on the fifth key can be found in the relevant description in the embodiment S2108 corresponding to FIG2A.
  • the algorithm identifier can be either the first algorithm identifier or the second algorithm identifier mentioned in any of the foregoing embodiments.
  • S2408 The second node sends a second message to the third node.
  • the alternative implementations of the second node sending the second message to the third node can be found in the relevant description in the embodiment S2109 corresponding to FIG2A.
  • S2409 The third node sends a second message to the UE.
  • the alternative implementations of the second node sending the second message to the third node can be found in the relevant description in the embodiment S2110 corresponding to FIG2A.
  • this embodiment of the present disclosure provides an information processing method, executed by a UE.
  • the method may include:
  • a second key is generated based on the first key of the first node.
  • first node, second node, third node, first key and/or second key can be found in the relevant descriptions in the embodiment corresponding to Figure 2A.
  • the optional implementation of the UE generating a second key based on the first key of the first node can be found in the relevant descriptions in embodiments S2101, S2201, S2301 or S2401 corresponding to Figures 2A, 2B, 2C or 2D.
  • S3102 Generate a third key.
  • a third key is generated based on the second key.
  • the optional implementation of the UE generating a third key based on the second key of the first node can be found in the relevant descriptions in the corresponding embodiments S2102, S2202, S2302 or S2402 of Figures 2A, 2B, 2C or 2D.
  • S3103 Send the first message.
  • the UE sends a first message to the third node.
  • the optional implementations of the UE sending the first message to the third node can be found in the relevant descriptions in the corresponding embodiment S2103 of Figures 2A, 2B, 2C or 2D.
  • S3104 Receive the second message.
  • the UE receives a second message from the second node that is forwarded or transparently transmitted by the third node.
  • the optional implementations of the second node sending a second message to the third node can all be found in the relevant description in embodiment S2110 corresponding to FIG. 2A. In some embodiments, the optional implementations of the second node sending a second message to the third node can all be found in the relevant description in embodiment S2210 corresponding to FIG. 2B. In some embodiments, the second node sends a second message to the third node... For the optional implementations of the message, please refer to the relevant description in embodiment S2311 corresponding to FIG2C. In some embodiments, for the optional implementations of the second node sending the second message to the third node, please refer to the relevant description in embodiment S2409 corresponding to FIG2D.
  • steps S3102 to S3104 can be optional.
  • steps S3102 to S3104 can be optional.
  • steps S3102 to S3104 do not need to be executed.
  • steps S3102 to S3104 do not need to be executed.
  • steps S3102 to S3104 do not need to be executed.
  • steps S3102 to S3104 do not need to be executed.
  • steps S3102 to S3104 do not need to be executed.
  • the UE generates the third key there is no need to communicate with the second node, so the third message will not be sent.
  • step S3104 is also an optional step.
  • this embodiment of the disclosure provides an information processing method, executed by a third node.
  • the method may include:
  • the third node receives the first message sent by the UE.
  • the first message is protected using a third key.
  • the third key is generated by the UE based on the second key.
  • the second key is generated based on the first key of the first node.
  • the receiving node of the first message is the second node.
  • the relevant descriptions of the first node, second node, third node, first key, second key, and first message can be found in the relevant descriptions in embodiments S2101, S2201, S2301, or S2401 corresponding to Figures 2A, 2B, 2C, or 2D.
  • S4102 Send the first message.
  • the third node sends a first message to the first node or the second node.
  • the optional method by which the third node sends the first message to the first node or the second node can be found in S2104 of the embodiment corresponding to FIG2A.
  • a second message forwarded by a first node is received.
  • a second message sent by a second node is received.
  • the relevant description of the second message can be found in the relevant description of the embodiments corresponding to FIG2A, FIG2B, FIG2C or FIG2D.
  • S4104 Send the second message.
  • the third node sends a second message to the UE.
  • an optional implementation of the third node sending a second message to the UE can be found in S2111 of the example corresponding to FIG2A.
  • steps S4102 to S4104 are all optional. If the third node determines the second node for the UE, and if the third node fails to select the second node for the UE, or if the security verification of the first RRC message fails through the AS security context verification, then the first node does not need to send the first message and will not receive the second message returned based on the first message.
  • steps S4103 and S4104 are optional.
  • this embodiment of the present disclosure provides an information processing method, executed by a third node.
  • the method may include:
  • the first node receives a first message sent by the UE.
  • the first message is protected using a third key.
  • the third key is generated by the UE based on the second key.
  • the second key is generated based on the first key of the first node.
  • the receiving node of the first message is the second node.
  • the third node sends a first message to the first node or the second node.
  • the optional method by which the third node sends the first message to the first node or the second node can be found in S2104 of the embodiment corresponding to FIG2A.
  • the third node sends a third message to the first node.
  • the relevant description of the third message can be found in the relevant description of the embodiment corresponding to FIG2C above.
  • the third node receives a fourth message sent by the first node.
  • the relevant description of the fourth message can be found in the relevant description of the embodiment corresponding to FIG2C above.
  • a second message forwarded by a first node is received.
  • a second message sent by a second node is received.
  • the relevant description of the second message can be found in the relevant description of the embodiments corresponding to FIG2A, FIG2B, FIG2C or FIG2D.
  • S4206 Send a second message.
  • an optional implementation of the third node sending a second message to the UE can be found in S2111 of the example corresponding to FIG2A.
  • this embodiment of the present disclosure provides an information processing method, executed by a first node.
  • the method may include:
  • the first node receives a first message sent by the third node.
  • the first message is protected using a third key.
  • the third key is generated by the UE based on the second key.
  • the second key is generated based on the first key of the first node.
  • the receiving node of the first message is the second node.
  • a fifth key is generated based on the first key of the first node.
  • a fifth key is generated upon receiving the first message.
  • the optional implementation of the first node generating the fifth key can be found in any optional implementation of embodiment S2106 corresponding to FIG2A.
  • the method further includes: the first node sending a second algorithm identifier and/or node information of the third node.
  • the relevant description of the second algorithm identifier can be found in any optional implementation of embodiment S2106 corresponding to FIG. 2A.
  • the node information of the third node can also be found in the relevant descriptions in the embodiments corresponding to FIG. 2B and/or FIG. 2C.
  • S5103 Send the first message and the fifth key.
  • the first node sends a fifth key and a first message to the second node.
  • the optional implementation of sending the first message and the fifth key can be found in any optional implementation of embodiment S2107 corresponding to FIG2A.
  • the first node receives a second message sent by the second node.
  • the relevant description of the second message can be found in the relevant descriptions of the embodiments corresponding to FIG2A, FIG2B, FIG2C and/or FIG2D.
  • S5105 Send the second message.
  • the first node sends a second message to the third node.
  • the second message is eventually passed through or forwarded to the UE by the third node.
  • S5104 and S5105 can be optional steps.
  • the second node can directly send the second message to the third node.
  • the first node will not receive the second message sent by the second node, nor does it need to forward the second message to the third node.
  • this embodiment of the present disclosure provides an information processing method, executed by a first node.
  • the method may include:
  • the first node receives a third message sent by the third node.
  • the third message is used to request the first node to generate a fifth key for the second node.
  • the fifth key is used to generate a fourth key.
  • the fourth key may include, but is not limited to, an integrity key and/or a confidentiality key.
  • the fourth key is used to protect the security of communication between the second node and the UE.
  • the fourth key is used by the second node to protect the security of communication with the UE.
  • a fifth key is generated based on the first key of the first node.
  • a fifth key is generated upon receiving a third message.
  • the optional implementation of the first node generating the fifth key can be found in any optional implementation of the fifth key generation in the corresponding embodiments of Figures 2A to 2C.
  • the method further includes: the first node sending a second algorithm identifier and/or node information of the third node.
  • the relevant description of the second algorithm identifier can be found in any optional implementation of embodiment S2106 corresponding to FIG. 2A.
  • the node information of the third node can also be found in the relevant descriptions in the embodiments corresponding to FIG. 2B and/or FIG. 2C.
  • the first node sends a fifth key to the second node.
  • the optional implementation of sending the first message can be found in any optional implementation of embodiment S2107 corresponding to FIG2A.
  • the first node may also send a second algorithm identifier to the second node.
  • the second algorithm identifier may be used to identify the security algorithm of the fourth key.
  • the second algorithm identifier may also be used as an input parameter for generating the fourth key.
  • the relevant description of the fourth message can be found in the relevant description of the embodiment corresponding to FIG2C above.
  • sending a fourth message may be an optional step.
  • the third node and the first node are defaulted to each other, and the first node automatically generates a fifth key after receiving the third message without confirmation.
  • this embodiment of the present disclosure provides an information processing method, executed by a first node.
  • the method may include:
  • the first node receives a fifth message sent by the second node.
  • the fifth message may be sent by the second node after receiving the first message forwarded by the third node.
  • the first node receives a fifth message sent by the second node.
  • the fifth message is used by the second node to request a fifth key from the first node.
  • the relevant descriptions of the first node, second node, third node, first key, second key, and fifth message can be found in the relevant descriptions in the embodiments corresponding to Figures 2A, 2B, 2C, or 2D.
  • a fifth key is generated based on the first key of the first node.
  • a fifth key is generated upon receiving a third message.
  • the optional implementation of the first node generating the fifth key can be found in any optional implementation of the fifth key generation in the corresponding embodiments of Figures 2A to 2C.
  • the method further includes: the first node sending a second algorithm identifier and/or node information of the third node.
  • the relevant description of the second algorithm identifier can be found in any optional implementation of embodiment S2106 corresponding to FIG. 2A.
  • the node information of the third node can also be found in the relevant descriptions in the embodiments corresponding to FIG. 2B and/or FIG. 2C.
  • the first node sends a fifth key to the second node.
  • the optional implementation of sending the first message can be found in any optional implementation of embodiment S2107 corresponding to FIG2A.
  • this embodiment of the present disclosure provides an information processing method, executed by a second node, which may include:
  • the second node receives a fifth key sent by the first node.
  • the fifth key is generated by the first node based on the first key.
  • the fifth key is generated by the first node after receiving the first message or the third message sent by the third node.
  • the second node generates the fourth key based on the fifth key.
  • an optional implementation of the second node generating the fourth key can be found in S2108 of the embodiment corresponding to FIG2A.
  • the second node receives the first message from the first node. In other embodiments, the second node receives the first message from a third node. Exemplarily, the second node receives both the first message and a fifth key from the first node.
  • S6104 Send the second message.
  • the second node uses a fourth key to verify the first message. If the first message passes verification, it sends a second message. If the first message fails verification, it does not send a second message, but instead sends a rejection message.
  • the second node uses a fourth key to verify the first message, including but not limited to at least one of the following:
  • the first message is confidentiality verified using the fourth key
  • the first message is scrambled and descrambled using the fourth key.
  • a first message is received from a first node, and a second node sends a second message to the first node.
  • the first message is received from the first node, and the second node sends the second message to the third node.
  • the first message is received from the third node, and the second node sends the second message to the third node.
  • the relevant description of the second message can be found in the relevant descriptions in the embodiments corresponding to Figures 2A, 2B, 2C, or 2D.
  • this embodiment of the present disclosure provides an information processing method, executed by a second node, which may include:
  • the second node receives the first message sent by the first node.
  • the message content of the first message can be found in the relevant descriptions of the embodiments corresponding to Figures 2A to 2D.
  • the description of the fifth message can be found in the description of the embodiment corresponding to Figure 2D.
  • the optional implementations of the second node sending the fifth message can all refer to the optional implementations of S2405 of the embodiment corresponding to FIG2D.
  • a fifth key sent by the first node is received.
  • a fifth key is received from the first node based on a fifth message.
  • the second node generates the fourth key based on the fifth key.
  • an optional implementation of the second node generating the fourth key can be found in S2108 of the embodiment corresponding to FIG2A.
  • S6205 Send the second message.
  • the second node uses a fourth key to verify the first message. If the first message passes verification, it sends a second message. If the first message fails verification, it does not send a second message, but instead sends a rejection message.
  • the second node uses a fourth key to verify the first message, including but not limited to at least one of the following:
  • the first message is confidentiality verified using the fourth key
  • the first message is encrypted and descrambled using the fourth key.
  • the first message is received from the third node, and the second node sends the second message to the third node.
  • the relevant description of the second message can be found in the relevant descriptions in the embodiments corresponding to Figures 2A, 2B, 2C, or 2D.
  • This disclosure provides an information processing method or key generation method, which on the one hand enhances the existing 5G security key hierarchy to support 6G multi-NAS architecture protection between the UE and the core NF (non-AMF); on the other hand, completes NAS security establishment without algorithm negotiation to support 6G multi-NAS architecture protection between the UE and the core NF.
  • FIGS 1E and 1F show the key hierarchy architecture of a 5G system.
  • the NAS signaling key is derived by the UE and AMF according to the key hierarchy structure, as follows:
  • K AMF is a key derived from K SEAF by the UE and SEAF. During horizontal key derivation, K AMF is further derived from the UE and the source AMF.
  • K NASINT is a key obtained by the UE and AMF from K AMF , and can only be used to protect NAS signaling with a specific integrity algorithm.
  • K NASENC is a key derived from K AMF by the UE and AMF, and can only be used to protect NAS signaling through specific encryption algorithms.
  • this disclosure proposes deriving a K NF as the security root of NAS signaling between the UE and the NF.
  • the K NF is then proposed to be derived from the K AMF by both the UE and the AMF.
  • the UE and the target NF further derive NAS security keys.
  • K NFint is used to protect the integrity of NAS signaling between the UE and the NF.
  • K NFenc is used to protect the confidentiality of NAS signaling between the UE and the NF. Therefore, the new key hierarchy is shown in Figure 1G, where, exemplarily, the K NF is derived from the K AMF .
  • the NF may include, but is not limited to, LMF and/or SMF.
  • the AMF and UE derive the KNF from the K AMF , the following parameters are used to form the input of the KDF.
  • p0 UE ID
  • the UE can be IMSI, NAI, or GUTI;
  • NF type can be LMF, SMF, or NF instance ID.
  • p2 UTC-based counter or uplink NAS/NF counter
  • P0 can be any type of UE ID shared between the UE and the target NF.
  • P1 can be an NF type or an NF instance ID.
  • the NF instance ID may be available on the UE or RAN node.
  • P2 can be a UTC-based K NF derived time point or an uplink NAS/NF count in the UE. For example, assume that the UE maintains a separate NAS counter for each NF, such as an uplink NAS/LMF count or an uplink NAS/AMF count.
  • the input key is a 256-bit K AMF .
  • p0 Algorithm type distinguisher.
  • the value of the algorithm type distinguisher is different for integrity algorithms and encryption algorithms.
  • p1 Algorithm identity. Typical identity algorithms may include, but are not limited to, AES ID, ZUC ID, etc.
  • the input key is a 256-bit KNF .
  • the RAN node cannot determine or select NFs that can communicate directly with the UE. All NFs capable of direct communication with both the UE and the RAN node are selected by the AMF during the initial NAS process. For example, when the UE sends an initial NAS/LPP message to the LMF, the RAN node first forwards the NAS/LPP message to the AMF, which then selects the LMF for the UE. This ensures that any initial NAS/NF message sent to the target NF instead of the AMF is sent after the UE and AMF have established NAS security. For simplicity, it can be assumed that all NFs in the same serving network support the same set of algorithms and the same algorithm priorities as the AMF. Therefore, the NAS security algorithm negotiated between the UE and the AMF can be applied to NAS/NF security between the UE and NFs other than the AMF, without requiring separate security mode negotiation between the UE and other NFs.
  • this embodiment of the present disclosure provides an information processing method, which may include:
  • the UE Before the UE initiates a NAS/LMF message (such as a NAS/LPP message) to the LMF through the RAN node, the UE derives a K NF from the K AMF , for example, the K LMF when the NF is an LMF, and includes its own ID, the type or instance ID of the target NF, and the uplink NAS/LMF COUNT. Note: The K AMF was previously derived by the UE and used for the initial NAS message with the AMF.
  • the UE further derives the NAS/LMF key from the K LMF .
  • K LMFint which protects the integrity of NAS/ LMF messages
  • K LMFenc which is used for NAS/LMF message encryption, based on the K LMF.
  • the security algorithm identifiers derived for K LMFint and K LMFenc are the same as the NAS signaling security algorithm identifiers negotiated between the UE and the AMF through the NAS SMC procedure.
  • the UE protects the NAS/LPP messages using the exported NAS/LMF key and encapsulates the NAS/LPP messages within RRC messages.
  • the UE may also include the type or instance ID of the target NF in the RRC message.
  • the RRC message is protected using existing AS security.
  • the RAN node decides to forward the protected NAS/LPP message to the AMF.
  • the RAN node may also include the type of the target NF (i.e., LMF) in the message sent to the AMF.
  • the AMF When the AMF receives a protected NAS/LPP message, it selects a target NF based on the type of the received NAS/LPP message or the target NF type specified by the RAN node. After selecting the LMF, the AMF derives a K LMF from the K AMF .
  • the input parameters for deriving the K LMF include the UE ID, the type or instance ID of the target NF (LMF), and the NAS/LMF count of the received NAS/LPP messages.
  • the AMF sends a message to the selected LMF, which includes a protected NAS/LPP message, a derived K LMF , and the negotiated NAS security algorithm retrieved from the UE context.
  • the LMF derives the NAS/LMF key from the K LMF based on the received NAS algorithm. Specifically, K LMFint is used to protect the integrity of the NAS/LMF message, and K LMFenc is used for NAS/LMF message encryption. The LMF then uses the derived NAS/LMF security context to verify the received NAS/LPP message. At this point, the NAS/LMF security context shared between the UE and the LMF has been established.
  • the LMF uses the NAS/LMF security context shared with the UE to protect the NAS/LPP response message and returns the response to the AMF.
  • the AMF forwards the protected NAS/LPP response message to the RAN node, and at the same time sends the selected LMF information to the RAN node.
  • the RAN node encapsulates the protected NAS/LPP response message in an RRC message and sends it to the UE. At the same time, the RAN node stores the information of the selected LMF in the UE context.
  • the UE sends subsequent NAS/LPP messages to the LMF through the RAN node.
  • the NAS/LPP messages are protected by the NAS/LMF security context shared by the UE and the LMF.
  • the RAN node Since the RAN node has already stored the LMF information in the UE context, the RAN node will directly forward the protected NAS/LPP message to the LMF.
  • the LMF uses the existing NAS/LMF security context derived in step 7 to verify the received NAS/LPP message. Then the RAN node directly receives the response from the LMF.
  • the RAN node encapsulates the protected NAS/LPP message response in an RRC message and sends it to the UE.
  • the target NF (LMF) returns a response
  • the AMF indicates the RAN node information to the LMF after selecting the target NF
  • the response can be sent directly to the RAN node without going through the AMF.
  • an embodiment of this disclosure provides an information processing method, which may include:
  • Steps 1 to 5 are the same as those in the embodiment corresponding to Figure 7A, and will not be repeated here.
  • the AMF sends a message to the selected LMF, which includes the protected NAS/LPP message, the derived K LMF , the negotiated NAS algorithm retrieved from the UE context, and information about the RAN node (such as the RAN node identity or address).
  • Step 7 is the same as step 7 in the embodiment shown in FIG7A.
  • the LMF uses the NAS/LMF security context shared with the UE to protect the NAS/LPP response message, and returns the response to the RAN node based on the RAN node information received in step 6.
  • the RAN node encapsulates the protected NAS/LPP message response in an RRC message and sends it to the UE. Simultaneously, the RAN node stores the LMF information in the UE context.
  • Steps 10 to 12 are the same as steps 11 to 13 in the embodiment shown in FIG7A.
  • an embodiment of this disclosure provides an information processing method, which may include:
  • Steps 1 to 3 are the same as those in the embodiment corresponding to Figure 7A, and will not be repeated here.
  • the RAN sends messages directly to the NF, for example, sending an LPP message protected with a NAS key and the type of the LMF to the LMF.
  • the LPP message includes an algorithm identifier.
  • the NF requests the AMF to generate a key.
  • the specific key generation request may include the UE ID and the uplink NAS message count; for example, the NAS message count may be one of the aforementioned first count values.
  • AMF generates keys, for example, deriving KNF from K AMF .
  • AMF returns the derived key and the algorithm identifier of the derived key to NF.
  • the 8NF derivation key can be derived through the relevant steps in the corresponding embodiments of Figure 7A and/or Figure 7B.
  • Steps 8 to 10 can be the same as steps 7 to 10 in the embodiment shown in Figure 7B.
  • the operations that the UE can perform include, but are not limited to, at least one of the following:
  • the UE should be able to derive the K NF from the K AMF as the root key to protect the NAS signaling between the UE and the NF.
  • the UE should be able to include the type of the target NF in the RRC message containing NAS/NF messages sent to the RAN node.
  • the operations that a RAN node can perform include, but are not limited to, at least one of the following:
  • the RAN node does not store information about the target NF, it should be able to forward protected NAS/NF messages received from the UE to the AMF.
  • the target NF is one of the aforementioned second nodes
  • the RAN node is one of the aforementioned third nodes.
  • the NAS/NF message is one of the aforementioned first messages.
  • the information of the target NF may include the aforementioned first information.
  • the information of the NF may be included in the UE context. For instance, if the UE has already communicated with the NF via NAS messages, the RAN will include the first information of the NF, etc., in the UE context.
  • the RAN node If the RAN node stores the target NF information in the UE context, the RAN node should be able to send the protected NAS/NF messages received from the UE directly to the target NF without going through the AMF.
  • the RAN node should be able to receive NAS/NF response messages from the target NF via AMF.
  • the RAN node should be able to receive information about the target NF from the AMF.
  • the RAN node should be able to directly receive the NAS/NF response message from the target NF.
  • the operations that the AMF can perform include, but are not limited to, at least one of the following:
  • AMF should be able to receive protected NAS/NF messages from another NF from the RAN node.
  • AMF should be able to select the target NF based on the type of the NAS/NF message or the type of the target NF received from the RAN node.
  • the AMF After selecting the target NF, the AMF should be able to derive the K NF from the K AMF .
  • AMF should be able to send the derived K NF to the target NF.
  • the AMF should be able to send the identifier of the NAS security algorithm negotiated with the UE to the target NF.
  • the identifier of the NAS security algorithm may be one of the aforementioned second algorithm identifiers.
  • AMF should be able to send information from RAN nodes to the target NF.
  • AMF should be able to receive NAS/NF message responses from the target NF.
  • AMF should be able to forward NAS/NF message responses received from the target NF to the RAN node.
  • AMF should be able to display information about the target NF to the RAN node.
  • the AMF should be able to receive the NF's key request and, based on the NF's key request, send the identifier for generating the K NF and/or NAS security algorithm to the NF.
  • the operations that other NFs can perform may include, but are not limited to, at least one of the following:
  • NF must be able to receive derived K NF from AMF.
  • the NF should be able to receive the identifier of the application's NAS security algorithm from the AMF.
  • the NF should be able to receive information from the RAN node from the AMF.
  • the NF can send a NAS/NF message response to the AMF.
  • the RAN node information may include the RAN node's address information, identification information, interface information, or tunnel information, facilitating direct communication between the NF and the RAN.
  • the NF can send a NAS/NF message response to the RAN node.
  • the NF receives a message from the RAN node, it should be able to request the identifier of the K NF and/or NAS security algorithm from the AMF to generate a message to verify the UE forwarded by the RAN node.
  • This disclosure also provides apparatus for implementing any of the above methods.
  • an apparatus is provided that includes units or modules for implementing the steps performed by the UE in any of the above methods.
  • another apparatus is provided that includes units or modules for implementing the steps performed by a network device (e.g., an access network device, or a core network device) in any of the above methods.
  • a network device e.g., an access network device, or a core network device
  • the division of units or modules in the above device is only a logical functional division. In actual implementation, they can be fully or partially integrated into a single physical entity, or they can be physically separated.
  • the units or modules in the device can be implemented by a processor calling software: for example, the device includes a processor connected to a memory containing instructions. The processor calls the instructions stored in the memory to implement any of the above methods or to implement the functions of the units or modules in the above device.
  • the processor can be, for example, a general-purpose processor, such as a Central Processing Unit (CPU) or a microprocessor, and the memory can be internal or external to the device.
  • the units or modules in the device can be implemented in the form of hardware circuits.
  • the functionality of some or all of the units or modules can be achieved through the design of these hardware circuits, which can be understood as one or more processors.
  • the hardware circuit is an application-specific integrated circuit (ASIC).
  • ASIC application-specific integrated circuit
  • the functionality of some or all of the units or modules is achieved through the design of the logical relationships between the components within the circuit.
  • the hardware circuit can be implemented using a programmable logic device (PLD). Taking a field-programmable gate array (FPGA) as an example, it can include a large number of logic gates. The connection relationships between the logic gates are configured through configuration files, thereby achieving the functionality of some or all of the units or modules. All units or modules of the above device can be implemented entirely through processor-called software, entirely through hardware circuits, or partially through processor-called software with the remaining parts implemented through hardware circuits.
  • PLD programmable logic device
  • the processor is a circuit with signal processing capabilities.
  • the processor can be a circuit with instruction read and execute capabilities, such as a Central Processing Unit (CPU), a microprocessor, a graphics processing unit (GPU) (which can be understood as a type of microprocessor), or a digital signal processor (DSP).
  • the processor can implement certain functions through the logical relationships of hardware circuits. The logical relationships of the aforementioned hardware circuits are fixed or reconfigurable.
  • the processor is an application-specific integrated circuit (ASIC). Hardware circuits implemented using ASICs (Integrated Circuits, ASICs) or programmable logic devices (PLDs), such as FPGAs.
  • ASIC application-specific integrated circuit
  • the process of a processor loading a configuration document to configure the hardware circuit can be understood as the processor loading instructions to implement the functions of some or all of the above units or modules.
  • it can also be a hardware circuit designed for artificial intelligence, which can be understood as a type of ASIC, such as a Neural Network Processing Unit (NPU), a Tensor Processing Unit (TPU), or a Deep Learning Processing Unit (DPU).
  • NPU Neural Network Processing Unit
  • TPU Tensor Processing Unit
  • DPU Deep Learning Processing Unit
  • this disclosure provides a UE, including:
  • the processing module 7101 is configured to generate a second key based on the first key of the first node; and generate a third key based on the second key; the third key is used to protect the communication security between the UE and the second node.
  • the UE may further include a transmitting module and/or a receiving module.
  • the transmitting module and/or receiving module may correspond to the network interface and/or transceiver antenna of the first node.
  • the processing module can be used by the UE to execute information processing-related steps in any information processing method.
  • the sending module can be used by the UE to perform information sending-related steps in any information processing method.
  • the receiving module can be used by the UE to perform information transmission-related steps in any information processing method.
  • the processing module is configured to generate a second key based on the type of the first key and the second node; or, to generate a second key based on the instance identifier ID of the first key and the second node.
  • the processing module is configured to perform at least one of the following: generating a second key based on a first key, the type of a second node, and a first count value; the first count value being the count of uplink messages sent by the UE to the second node; generating the second key based on the first key, the type of the second node, and first time information; the first time information indicating the generation period of the second key.
  • the processing module is configured such that the UE is pre-configured with the instance ID of the second node, and generates a second key based on the first key and the instance ID of the second node.
  • the processing module is configured to perform at least one of the following: generating a second key based on a first key, an instance ID of a second node, and a first count value; the first count value being the count of uplink messages sent by the UE to the second node; generating the second key based on the first key, an instance ID of the second node, and first time information; the first time information indicating the generation period of the second key.
  • the sending module is configured to send a first Radio Resource Control (RRC) message to a third node, the first RRC message being a first message; the first message is protected by a third key; and the second node is the receiving node of the first message.
  • RRC Radio Resource Control
  • the first message includes at least one of the following: Non-Access Stratum (NAS) signaling; UE ID; and a first algorithm identifier, wherein the first algorithm identifier is used to identify a security algorithm protecting the first message.
  • NAS Non-Access Stratum
  • the first RRC message is protected by the UE's access stratum AS security context.
  • the receiving module is configured to receive a second RRC message sent by a third node, the second RRC message including a second message; the second message originates from a second node; the second message is protected by a fourth key; the fourth key is generated based on a fifth key, and the fifth key is generated based on a first key.
  • the second RRC message is protected by the UE's access stratum AS security context.
  • the first RRC message may further include at least one of the following: type information of the second node; instance ID of the second node; address information of the second node.
  • this embodiment of the disclosure provides a third node, the source node including:
  • the receiving module 7201 is configured to receive a first message sent by a user equipment (UE).
  • the first message is protected by a third key.
  • the third key is generated by the UE based on a second key, which is generated based on the first key of a first node.
  • the receiving node of the first message is the second node.
  • the third node may further include a processing module and/or a sending module.
  • the transmitting module and/or receiving module may correspond to the network interface and/or transceiver antenna of the source node.
  • the processing module can be used by a third node to execute information processing-related steps in any information processing method.
  • the sending module can be used by a third node to perform information sending-related steps in any information processing method.
  • the receiving module can be used by a third node to perform information sending-related steps in any information processing method.
  • the receiving module is configured to receive a first Radio Resource Control (RRC) message sent by the UE, the first RRC message including a first message.
  • RRC Radio Resource Control
  • the first RRC message is protected by the access layer AS security context.
  • the first RRC message may further include at least one of the following: type information of the second node; instance ID of the second node; address information of the second node.
  • the sending module is configured to send a first message to a first node or a second node, and the third node is a forwarding node for the first message.
  • the sending module is configured to perform at least one of the following: sending a first message to a first node or a second node based on whether the first message is the first message sent by the UE to the second node; sending a first message to a first node or a second node based on whether the third node has obtained first information of the second node; the first information includes at least one of the instance ID of the second node and the address information of the second node; and sending a first message to a first node or a second node based on whether the third node can determine the second node.
  • the sending module is configured to perform at least one of the following: if the first message is the first message sent by the UE to the second node, send the first message to the first node; if the first message is not the first message sent by the UE to the second node, send the first message to the second node.
  • the sending module is configured to perform at least one of the following: a first RRC message includes first information of the second node, and a first message is sent to the second node; a third node has stored the first information of the second node, and a first message is sent to the second node; a first RRC message does not contain the first information of the second node, and a first message is sent to the first node; a first node does not store the first information of the second node, and a first message is sent to the first node.
  • sending a first message to a first node or a second node based on whether a third node can determine a second node includes at least one of the following: if the second node can be determined based on the type information of the second node and the configuration information of the third node in the first RRC message, a first message is sent to the second node; if the second node cannot be determined based on the type information of the second node and the configuration information of the third node in the first RRC message, a first message is sent to the first node.
  • the sending module is configured to perform at least one of the following: determine the type of the second node; send a first message to the second node of the type connected to the third node.
  • the processing module is configured to perform at least one of the following: determining the type of the second node based on the type information of the second node included in the first RRC message; and determining the type of the second node based on the message type of the first message.
  • the third node sends a first message to the first node; the sending module is configured to send at least one of the type information of the second node and the instance ID of the second node to the first node.
  • the receiving module is configured to receive a second message sent by a first node or a second node, the second message being protected by a third key; the third key being generated by the second node based on the first key; and to send a second RRC message to the UE based on the second message, the second RRC message including the second message.
  • the receiving module is configured to receive second information of the second node sent by the first node or the second node, the second information including at least one of the instance ID of the second node and the address information of the second node.
  • the processing module is configured to interpret the second message to obtain second information of the second node, the second information including at least one of the instance ID of the second node and the address information of the second node.
  • the second RRC message is protected by the UE's access stratum AS layer context.
  • the sending module before sending the first message to the second node, is configured to send a third message to the first node.
  • the third message is used to request the first node to generate a fifth key for the second node.
  • the fifth key is used to generate a fourth key.
  • the fourth key is used to protect the communication security between the second node and the UE.
  • the receiving module is configured to receive a fourth message sent by the first node; the sending module is configured to send a first message to the second node after the fourth message indicates that a fifth key has been generated.
  • this embodiment of the present disclosure provides a second node, wherein the second node includes: a processing module 7301 configured to generate a fifth key based on a first key of a first node; and a sending module 7302 configured to send the fifth key to the second node, wherein the fifth key is used by the second node to generate a fourth key, and the fourth key is used to protect the communication security between the second node and the user equipment UE.
  • the second node may further include a sending module.
  • the transmitting module and/or receiving module may correspond to the network interface and/or transceiver antenna of the network node.
  • the processing module can be used by the second node to execute information processing-related steps in any information processing method.
  • the sending module can be used by the second node to perform information sending-related steps in any information processing method.
  • the receiving module can be used by the second node to perform information sending-related steps in any information processing method.
  • the receiving module is configured to receive a first message sent by a third node, generate a fifth key based on a first key of the first node; the first message is protected by a third key; the third key is generated based on a second key; the second key is generated based on the first key of the first node.
  • the receiving module is configured to receive a third message sent by a third node and generate a fifth key based on a first key of the first node; the third message is used to request the first node to generate a fifth key for the second node.
  • the sending module is configured to send a fourth message to a third node; the fourth message is used by the third node to determine whether a fifth key has been generated.
  • the processing module is configured to receive a fifth message sent by the second node and generate a fifth key based on the first key of the first node; the fifth message is used by the second node to request the fifth key from the first node.
  • the processing module is configured to determine the second node before generating the fifth key based on the first key of the first node.
  • the processing module is configured to perform at least one of the following:
  • the second node is determined based on the type information of the second node sent by the third node;
  • the second node is determined based on the instance identifier of the second node sent by the third node;
  • the second node is determined based on the message type of the first message forwarded by the third node;
  • the second node is determined based on the information content of the first message forwarded by the third node.
  • the sending module is configured to send a first message to a second node.
  • the processing module is configured to perform at least one of the following: generating a fifth key based on the type of the first key and the second node; generating a fifth key based on the instance identifier ID of the first key and the second node.
  • the processing module is configured to perform at least one of the following: generating a fifth key based on a first key, the type of a second node, and a first count value; the first count value being the count of uplink messages sent by the UE to the second node; generating the fifth key based on the first key, the type of the second node, and second time information; the second time information indicating the generation period of the fifth key.
  • the processing module is configured to perform at least one of the following: generating a fifth key based on a first key, an instance ID of a second node, and a first count value; the first count value being the count of uplink messages sent by the UE to the second node; generating the fifth key based on the first key, an instance ID of the second node, and second time information; the second time information indicating the generation period of the fifth key.
  • the sending module is configured to send a second algorithm identifier to the second node when sending a first message to the second node.
  • the second algorithm identifier is an input parameter for generating a fourth key.
  • the receiving module is configured to receive a second message sent by the second node, the second message being protected by a fourth key; the fourth key is generated by the second node based on a fifth key.
  • the sending module is configured to send a second message to a third node.
  • the sending module is configured to send second information to a third node, the second information including at least one of the instance ID of the second node and the address information of the second node.
  • this embodiment of the present disclosure provides a second node, which includes:
  • the receiving module 7401 is configured to receive the fifth key sent by the first node; the fifth key is generated based on the first key of the first node.
  • Processing module 7402 is configured to generate a fourth key based on the fifth key; the fourth key is used to protect the communication security between the second node and the user equipment UE.
  • the second node may further include a sending module.
  • the transmitting module and/or receiving module may correspond to the network interface and/or transceiver antenna of the second node.
  • the processing module can be used by the second node to execute information processing-related steps in any information processing method.
  • the sending module can be used by the second node to perform information sending-related steps in any information processing method.
  • the receiving module can be used by the second node to perform information sending-related steps in any information processing method.
  • the receiving module is further configured to receive a first message sent by a first node or a third node; the first message is protected by a third key; the third key is generated based on a second key; the second key is generated based on the first key; and the processing module is configured to verify the security of the first message using a fourth key.
  • the receiving module is configured to receive a second algorithm identifier sent by a first node, the second algorithm identifier being used as an input parameter for generating a fourth key; or, to receive a first algorithm identifier in a first message forwarded by a third node, the first algorithm identifier being used to indicate the security algorithm of the fourth key.
  • the sending module is configured to send a second message to a first node or a third node, the second message being protected by a fourth key.
  • the receiving module is configured to receive a first message forwarded by a third node and send a fifth message to the first node; the fifth message is used by the second node to request a fifth key from the first node.
  • This disclosure also provides a communication device, which may include one or more processors; wherein the processors are configured to invoke instructions to cause the communication device to execute the information processing method that can be implemented in any of the foregoing embodiments.
  • the communication device 8100 further includes one or more memories 8102 for storing instructions.
  • the memories 8102 may also be located outside the communication device 8100.
  • the communication device may be the aforementioned UE or network device.
  • the network device may be a primary node and/or a secondary node.
  • the communication device 8100 further includes one or more transceivers 8103.
  • the communication steps such as sending and receiving in the above method are performed by the transceivers 8103, and other steps are performed by the processor 8101.
  • a transceiver may include a receiver and a transmitter, which may be separate or integrated.
  • transceiver, transceiver unit, transceiver, and transceiver circuit can be used interchangeably; the terms transmitter, transmitting unit, transmitter, and transmitting circuit can be used interchangeably; and the terms receiver, receiving unit, receiver, and receiving circuit can be used interchangeably. Interchange.
  • the communication device 8100 further includes one or more interface circuits 8104, which are connected to the memory 8102.
  • the interface circuits 8104 can be used to receive signals from the memory 8102 or other devices, and can be used to send signals to the memory 8102 or other devices.
  • the interface circuits 8104 can read instructions stored in the memory 8102 and send the instructions to the processor 8101.
  • the communication device 8100 described in the above embodiments may be a network device or a UE, but the scope of the communication device 8100 described in this disclosure is not limited thereto, and the structure of the communication device 8100 may not be limited by FIG. 9A.
  • the communication device may be a standalone device or may be part of a larger device.
  • the communication device may be: (1) a standalone integrated circuit IC, or chip, or chip system or subsystem; (2) a collection of one or more ICs, optionally, the IC collection may also include storage components for storing data and programs; (3) an ASIC, such as a modem; (4) a module that can be embedded in other devices; (5) a receiver, UE device, smart UE device, cellular phone, wireless device, handheld device, mobile unit, vehicle device, network device, cloud device, artificial intelligence device, etc.; (6) others, etc.
  • Figure 9B is a schematic diagram of the structure of chip 8200 provided in an embodiment of this disclosure.
  • the communication device 8100 can be a chip or a chip system, please refer to the schematic diagram of chip 8200 shown in Figure 9B, but it is not limited thereto.
  • Chip 8200 includes one or more processors 8201, which are used to invoke instructions to cause chip 8200 to execute any of the above information processing methods.
  • chip 8200 further includes one or more interface circuits 8202 connected to memory 8203.
  • Interface circuits 8202 can be used to receive signals from memory 8203 or other devices, and can also be used to send signals to memory 8203 or other devices.
  • interface circuit 8202 can read instructions stored in memory 8203 and send those instructions to processor 8201.
  • terms such as interface circuit, interface, transceiver pin, and transceiver can be used interchangeably.
  • chip 8200 further includes one or more memories 8203 for storing instructions.
  • all or part of the memories 8203 may be located outside of chip 8200.
  • This disclosure also provides a storage medium storing instructions that, when executed on a communication device 8100, cause the communication device 8100 to perform any of the methods described above.
  • the storage medium is an electronic storage medium.
  • the storage medium is a computer-readable storage medium, but it can also be a storage medium readable by other devices.
  • the storage medium can be a non-transitory storage medium, but it can also be a temporary storage medium.
  • This disclosure also provides a program product, which, when executed by a communication device 8100, causes the communication device 8100 to perform any of the above information processing methods.
  • the program product is a computer program product.
  • This disclosure also provides a computer program that, when run on a computer, causes the computer to perform any of the above information processing methods.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Les modes de réalisation de la présente invention comprennent un procédé de traitement d'informations, un dispositif de communication et un support de stockage. Le procédé de traitement d'informations, qui est exécuté par un UE, peut comprendre : la génération d'une deuxième clé sur la base d'une première clé d'un premier nœud ; et la génération d'une troisième clé sur la base de la deuxième clé, la troisième clé étant utilisée pour protéger la sécurité de la communication entre l'UE et un deuxième nœud.
PCT/CN2024/112407 2024-08-15 2024-08-15 Procédé de traitement d'informations, dispositif de communication et support d'enregistrement Pending WO2026036326A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202480042173.1A CN121890126A (zh) 2024-08-15 2024-08-15 信息处理方法、通信设备及存储介质
PCT/CN2024/112407 WO2026036326A1 (fr) 2024-08-15 2024-08-15 Procédé de traitement d'informations, dispositif de communication et support d'enregistrement

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2024/112407 WO2026036326A1 (fr) 2024-08-15 2024-08-15 Procédé de traitement d'informations, dispositif de communication et support d'enregistrement

Publications (1)

Publication Number Publication Date
WO2026036326A1 true WO2026036326A1 (fr) 2026-02-19

Family

ID=98780391

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2024/112407 Pending WO2026036326A1 (fr) 2024-08-15 2024-08-15 Procédé de traitement d'informations, dispositif de communication et support d'enregistrement

Country Status (2)

Country Link
CN (1) CN121890126A (fr)
WO (1) WO2026036326A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111726800A (zh) * 2019-03-04 2020-09-29 华为技术有限公司 用于保护辅助信息的方法和装置
CN117223313A (zh) * 2023-07-17 2023-12-12 北京小米移动软件有限公司 信息处理方法、终端、通信系统及存储介质
WO2024062582A1 (fr) * 2022-09-21 2024-03-28 株式会社Nttドコモ Nœud de réseau, système de communication, et procédé de communication
CN117812574A (zh) * 2022-09-30 2024-04-02 华为技术有限公司 通信方法和通信装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111726800A (zh) * 2019-03-04 2020-09-29 华为技术有限公司 用于保护辅助信息的方法和装置
WO2024062582A1 (fr) * 2022-09-21 2024-03-28 株式会社Nttドコモ Nœud de réseau, système de communication, et procédé de communication
CN117812574A (zh) * 2022-09-30 2024-04-02 华为技术有限公司 通信方法和通信装置
CN117223313A (zh) * 2023-07-17 2023-12-12 北京小米移动软件有限公司 信息处理方法、终端、通信系统及存储介质

Also Published As

Publication number Publication date
CN121890126A (zh) 2026-04-17

Similar Documents

Publication Publication Date Title
WO2025000401A1 (fr) Procédé et appareil de communication à relais, et dispositif de communication, système de communication et support de stockage
WO2025010741A1 (fr) Procédé de traitement d'informations, dispositif, système de communication et support de stockage
WO2025039144A1 (fr) Procédé et appareil d'établissement de trajet, dispositif et système de communication et support de stockage
WO2024234313A1 (fr) Procédé et appareil de traitement d'informations, dispositif de communication, système de communication et support de stockage
WO2025123299A1 (fr) Procédé de traitement de l'information, terminal, premier élément de réseau, système de communication et support de stockage
WO2026036326A1 (fr) Procédé de traitement d'informations, dispositif de communication et support d'enregistrement
WO2025118251A1 (fr) Procédé de libération de connexion, dispositif, ainsi que support de stockage
WO2025015513A1 (fr) Procédé de traitement d'informations, terminal, système de communication et support de stockage
WO2026036328A1 (fr) Procédé de traitement d'informations, dispositif de communication et support de stockage
WO2026036338A1 (fr) Procédé de traitement de sécurité de données, dispositif de communication, système de communication et support de stockage
WO2026055945A1 (fr) Procédé de traitement de sécurité de données, dispositif de communication, système de communication, support de stockage et produit-programme
WO2026055947A1 (fr) Procédé de traitement de sécurité de données, dispositif de communication, système de communication, support de stockage et produit-programme
WO2026060719A1 (fr) Procédé de traitement de clé, dispositif de communication et support de stockage
WO2026065134A1 (fr) Procédés de communication, élément de réseau, terminal, dispositif et support de stockage
WO2025241154A1 (fr) Procédé de communication, premier dispositif de réseau, second dispositif de réseau, terminal, système de communication et support de stockage
WO2025054998A1 (fr) Procédé de traitement d'informations, terminal, système de communication et support de stockage
WO2026090950A1 (fr) Procédé et appareil d'établissement de support , et dispositif, système, support de stockage et produit-programme
WO2025217856A1 (fr) Procédé d'établissement de canal de transmission de données, dispositif de réseau, terminal, système de communication et support
WO2025000394A9 (fr) Procédé et appareil pour établir une connexion de plan utilisateur, et support de stockage
WO2026007146A1 (fr) Procédé de traitement d'informations, système de communication et support de stockage
WO2025152183A1 (fr) Procédé de traitement de la sécurité de données, dispositif de communication, système de communication et support de stockage
WO2025217858A1 (fr) Procédé de transmission de données, dispositif de réseau, terminal, système de communication, support de stockage et produit programme d'ordinateur
WO2025010609A1 (fr) Procédé de traitement de communication et équipement utilisateur
WO2026065155A1 (fr) Procédés de communication, terminaux, éléments de réseau, système et support
WO2025065292A1 (fr) Procédé d'établissement de connexion, premier dispositif, première entité et seconde entité

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24951010

Country of ref document: EP

Kind code of ref document: A1