CN121336430A

CN121336430A - Methods, apparatus and computer program products for wireless communication

Info

Publication number: CN121336430A
Application number: CN202380099448.0A
Authority: CN
Inventors: 刘宇泽; 游世林; 刘霈霖; 章乐怡; 马伟
Original assignee: ZTE Corp
Current assignee: ZTE Corp
Priority date: 2023-07-19
Filing date: 2023-07-19
Publication date: 2026-01-13
Also published as: WO2024156175A1

Abstract

A wireless communication method is disclosed. The method includes: a first wireless communication node sending security-related information to a wireless communication terminal to allow the wireless communication terminal to establish or update a user plane connection between the wireless communication terminal and a second wireless communication node, wherein the user plane connection is protected based on the security-related information.

Description

Methods, apparatus and computer program products for wireless communication

This document is directed generally to wireless communications, and specifically to fifth generation (5G) communications or sixth generation (6G) communications.

A user plane connection refers to a dedicated communication path established between a User Equipment (UE) and a network for transmission of user data. It acts as a conduit for the transfer of information such as voice, video and data packets between the UE and network components including access and mobility management functions (AMFs), session Management Functions (SMFs), user Plane Functions (UPFs) and the final destination. The user plane connection ensures efficient and reliable data transmission supporting high speed and low latency communication services in the network. However, a secure user plane connection for locating related services is still the subject matter to be discussed.

This document relates to methods, systems, and computer program products for wireless communications.

One aspect of the present disclosure relates to a wireless communication method. In an embodiment, the wireless communication method comprises transmitting, by a first wireless communication node, security-related information to a wireless communication terminal to allow the wireless communication terminal to establish or update a user plane connection between the wireless communication terminal and a second wireless communication node, wherein the user plane connection is protected based on the security-related information

Various embodiments may preferably implement the following features:

Preferably, the security-related information comprises at least one of:

a key for the user plane connection;

An identifier of a key for the user plane connection;

A key derivation indicator indicating that the wireless communication terminal derives a key for the user plane connection, or

An address of a management function that manages keys for the user plane connection.

Preferably, the method further comprises:

User plane information is received by the first wireless communication node from the second wireless communication node, the user plane information indicating that the wireless communication terminal establishes a user plane connection between the wireless communication terminal and the second wireless communication node based on an identifier of the wireless communication terminal.

Preferably, the user plane connection is used for a location related service and the location related service comprises locating a wireless communication terminal.

Preferably, the user plane information includes at least one of:

An identifier of the wireless communication terminal;

An identifier of the second wireless communication node;

An identifier of a key for the user plane connection;

A request for a key for the user plane connection;

Keys for the user plane connection, or

Preferably, the method further comprises at least one of the following operations:

Transmitting, by the first wireless communication node, a location management request to the second wireless communication node, the location management request including at least one of an identifier of the wireless communication terminal or an identifier of the first wireless communication node, or

A response to the location management request is received by the first wireless communication node from the second wireless communication node, the location management request including at least one of an identifier of the wireless communication terminal or an identifier of the first wireless communication node.

Preferably, the location management request allows the second wireless communication node to store mapping information between the wireless communication terminal and the first wireless communication node.

Preferably, the method further comprises:

receiving, by the first wireless communication node, an identifier of a key for the user plane connection from the second wireless communication node, and

An identifier of a key for the user plane connection is sent by the first wireless communication node to the wireless communication terminal to allow the wireless communication terminal to use a key shared between the second wireless communication node and the wireless communication terminal as a key for the user plane connection.

Preferably, the method further comprises:

generating a key for the user plane connection by the first wireless communication node, and

An identifier of a key for the user plane connection and a key derivation indicator indicating that the wireless communication terminal derives a key for the user plane connection are transmitted by the first wireless communication node to the wireless communication terminal.

receiving, by the first wireless communication node, a request from the second wireless communication node for a key for the user plane connection, or

The key for the user plane connection and the identifier of the key for the user plane connection are transmitted by the first wireless communication node to the second wireless communication node.

Preferably, the method further comprises:

A key for the user plane connection is generated by the first wireless communication node based on at least one of an uplink non-access stratum (NAS) count, a key for communication between the first wireless communication node and the wireless communication terminal, a subscription permanent identifier (SUPI), or an identifier of the second wireless communication node.

Preferably, the method further comprises:

Receiving, by the first wireless communication node, a key for the user plane connection and an identifier of the key for the user plane connection from the second wireless communication node, and

The key for the user plane connection and the identifier of the key for the user plane connection are transmitted by the first wireless communication node to the wireless communication terminal.

Preferably, the method further comprises:

Receiving, by the first wireless communication node, a key for the user plane connection and an identifier of the key for the user plane connection from the second wireless communication node, wherein the key for the user plane connection and the identifier of the key for the user plane connection are obtained from a management function, and

Preferably, the method further comprises:

Receiving, by the first wireless communication node, an identifier of a key for the user plane connection and an address of a management function managing the key for the user plane connection from the second wireless communication node, and

An identifier of a key for the user plane connection and an address of a management function managing the key for the user plane connection are transmitted by the first wireless communication node to the wireless communication terminal to allow the wireless communication terminal to acquire the key for the user plane connection from the management function.

Another aspect of the present disclosure relates to a wireless communication method. In an embodiment, the wireless communication method comprises receiving, by a wireless communication terminal, security-related information from a first wireless communication node, and establishing, by the wireless communication terminal, or updating, a user plane connection between the wireless communication terminal and a second wireless communication node, wherein the user plane connection is protected based on the security-related information.

Various embodiments may preferably implement the following features:

Preferably, the security-related information comprises at least one of:

a key for the user plane connection;

An identifier of a key for the user plane connection;

Preferably, the method further comprises:

user plane information is received by the wireless communication terminal from the second wireless communication node via the first wireless communication node, the user plane information indicating that the wireless communication terminal establishes a user plane connection between the wireless communication terminal and the second wireless communication node.

Preferably, the user plane information includes at least one of:

An identifier of the wireless communication terminal;

An identifier of the second wireless communication node;

An identifier of a key for the user plane connection;

A request for a key for the user plane connection;

Keys for the user plane connection, or

Preferably, the method further comprises:

receiving, by the wireless communication terminal, an identifier of a key for the user plane connection from the second wireless communication node via the first wireless communication node, and

The user plane connection is established or updated by the wireless communication terminal based on a key shared between the second wireless communication node and the wireless communication terminal identified by the identifier of the received key.

Preferably, the method further comprises:

an identifier of a key for the user plane connection and a key derivation indicator indicating that the wireless communication terminal derives a key for the user plane connection are received by the wireless communication terminal from the first wireless communication node.

Generating, by the first wireless communication node, a key for the user plane connection based on the key derivation indicator, and

The user plane connection is established or updated by the wireless communication terminal based on the generated key.

Preferably, the method further comprises:

a key for the user plane connection is generated by the wireless communication terminal based on at least one of an uplink non-access stratum (NAS) count, a key for communication between the first wireless communication node and the wireless communication terminal, a subscription permanent identifier (SUPI), or an identifier of the second wireless communication node.

Preferably, the method further comprises:

Receiving, by the wireless communication terminal, a key for the user plane connection and an identifier of the key for the user plane connection from the second wireless communication node via the first wireless communication node, and

The user plane connection is established or updated by the wireless communication terminal based on the received key and the identifier of the key.

Preferably, the method further comprises:

Receiving, by the wireless communication terminal, a key for the user plane connection and an identifier of the key for the user plane connection from a second wireless communication node via the first wireless communication node, wherein the key for the user plane connection and the identifier of the key for the user plane connection are obtained from a management function, and

Preferably, the method further comprises:

Receiving, by the wireless communication terminal, an identifier of a key for the user plane connection and an address of a management function managing the key for the user plane connection from the second wireless communication node via the first wireless communication node;

acquiring, by the wireless communication terminal, a key for the user plane connection from the management function based on the identifier of the key and the address of the management function, and

The user plane connection is established or updated by the wireless communication terminal based on the key and an identifier of the key.

Another aspect of the present disclosure relates to a wireless communication method. In an embodiment, the wireless communication method comprises sending, by a second wireless communication node, a request message to a first wireless communication node requesting the first wireless communication node to send security related information to a wireless communication terminal to allow the wireless communication terminal to establish or update a user plane connection between the wireless communication terminal and the second wireless communication node, wherein the user plane connection is protected based on the security related information.

Various embodiments may preferably implement the following features:

Preferably, the security-related information comprises at least one of:

a key for the user plane connection;

An identifier of a key for the user plane connection;

Preferably, the method further comprises:

user plane information is transmitted by the second wireless communication node to the first wireless communication node, the user plane information indicating that the wireless communication terminal establishes the user plane connection between the wireless communication terminal and the second wireless communication node based on an identifier of the wireless communication terminal.

Preferably, the user plane information includes at least one of:

An identifier of the wireless communication terminal;

An identifier of the second wireless communication node;

An identifier of a key for the user plane connection;

A request for a key for the user plane connection;

Keys for the user plane connection, or

Receiving, by the second wireless communication node, a location management request from the first wireless communication node, the location management request including at least one of an identifier of the wireless communication terminal or an identifier of the first wireless communication node, or

A response to the location management request is sent by the second wireless communication node to the first wireless communication node, the location management request including at least one of an identifier of the wireless communication terminal or an identifier of the first wireless communication node.

Preferably, the method further comprises:

An identifier of a key for the user plane connection is transmitted by the second wireless communication node to the wireless communication terminal via the first wireless communication node to allow the wireless communication terminal to establish or update the user plane connection based on a key shared between the second wireless communication node and the wireless communication terminal identified by the transmitted identifier of the key.

Preferably, the method further comprises:

transmitting, by the second wireless communication node, a request for a key for the user plane connection to the first wireless communication node to allow the first wireless communication node to generate the key for the user plane connection and transmitting an identifier of the key and a key derivation indicator indicating that the wireless communication terminal derives the key for the user plane connection to the wireless communication terminal, and

A key for the user plane connection and an identifier of the key for the user plane connection are received by the second wireless communication node from the first wireless communication node.

Preferably, the method further comprises:

the key and the identifier of the key for the user plane connection are transmitted by the second wireless communication node to the wireless communication terminal via the first wireless communication node to allow the wireless communication terminal to establish or update the user plane connection based on the key and the identifier of the key.

Preferably, the method further comprises:

Acquiring, by the second wireless communication node, a key for the user plane connection and an identifier of the key from the management function based on at least one of an identifier of the second wireless communication node or an identifier of the wireless communication terminal, and

The key for the user plane connection and the identifier of the key for the user plane connection are transmitted by the second wireless communication node to the wireless communication terminal via the first wireless communication node to allow the wireless communication terminal to establish or update the user plane connection based on the key and the identifier of the key.

Preferably, the method further comprises:

An identifier of a key for the user plane connection and an address of a management function managing the key for the user plane connection are transmitted by the second wireless communication node to the wireless communication terminal via the first wireless communication node to allow the wireless communication terminal to acquire the key for the user plane connection from the management function.

Another aspect of the disclosure relates to a first wireless communication node. In an embodiment, the first wireless communication node comprises a communication unit and a processor. The processor is configured to send security related information to the wireless communication terminal via the communication unit to allow the wireless communication terminal to establish or update a user plane connection between the wireless communication terminal and a second wireless communication node, wherein the user plane connection is protected based on the security related information.

Another aspect of the present disclosure relates to a wireless communication terminal. In an embodiment, the wireless communication terminal includes a communication unit and a processor. The processor is configured to receive security-related information from a first wireless communication node via a communication unit and to establish or update a user plane connection between the wireless communication terminal and a second wireless communication node, wherein the user plane connection is protected based on the security-related information.

Another aspect of the disclosure relates to a second wireless communication node. In an embodiment, the second wireless communication node comprises a communication unit and a processor. The processor is configured to send a request message to a first wireless communication node via a communication unit requesting the first wireless communication node to send security related information to a wireless communication terminal to allow the wireless communication terminal to establish or update a user plane connection between the wireless communication terminal and the second wireless communication node, wherein the user plane connection is protected based on the security related information.

The present disclosure relates to a computer program product comprising computer readable program medium code stored thereon, which when executed by a processor causes the processor to implement a wireless communication method as described in any of the preceding methods.

The exemplary embodiments disclosed herein are intended to provide features that will become apparent by reference to the following description when taken in conjunction with the accompanying drawings. According to various embodiments, exemplary systems, methods, devices, and computer program products are disclosed herein. It should be understood, however, that these embodiments are presented by way of example and not limitation, and that various modifications of the disclosed embodiments may be apparent to persons skilled in the art upon reading this disclosure while remaining within the scope of the disclosure.

Accordingly, the disclosure is not limited to the exemplary embodiments and applications described and illustrated herein. Moreover, the particular order and/or hierarchy of steps in the methods disclosed herein are merely exemplary approaches. Based on design preferences, the specific order or hierarchy of steps in the disclosed methods or processes may be rearranged while remaining within the scope of the present disclosure. Thus, it will be understood by those of ordinary skill in the art that the methods and techniques disclosed herein present various steps or acts in a sample order and that the present disclosure is not limited to the particular order or hierarchy presented unless specifically stated otherwise.

The above aspects and other aspects and embodiments thereof are described in more detail in the accompanying drawings, description and claims.

Fig. 1 shows a schematic diagram of a network according to an embodiment of the present disclosure.

Fig. 2 shows a schematic diagram of a process according to an embodiment of the present disclosure.

Fig. 3 shows a schematic diagram of a process according to an embodiment of the present disclosure.

Fig. 4 shows a schematic diagram of a process according to an embodiment of the present disclosure.

Fig. 5 shows a schematic diagram of a process according to an embodiment of the present disclosure.

Fig. 6 shows a schematic diagram of a process according to an embodiment of the present disclosure.

Fig. 7 shows a schematic diagram of a process according to an embodiment of the present disclosure.

Fig. 8 shows a schematic diagram of a process according to an embodiment of the present disclosure.

Fig. 9 shows an example of a schematic diagram of a wireless communication terminal according to an embodiment of the present disclosure.

Fig. 10 shows an example of a schematic diagram of a wireless communication node according to an embodiment of the disclosure.

Fig. 11-13 illustrate flowcharts of wireless communication methods according to some embodiments of the present disclosure.

Fig. 1 shows a schematic diagram of a network according to an embodiment of the present disclosure. In some embodiments, the Network Function (NF) in 5GC includes:

Access and mobility management functions (AMFs) that manage access and mobility related functions of User Equipment (UE) in the network, such as authentication, security, session management and mobility management.

Session Management Functions (SMFs) handle session related functions such as establishment, modification and termination of data sessions for UEs. It ensures efficient data routing and manages quality of service (QoS) policies.

A User Data Repository (UDR) stores and manages data related to users, including subscription and profile information, authentication credentials, and data related to services. It provides the necessary information for various network functions.

Policy Control Function (PCF) enforces policy rules and manages QoS for individual users or groups of users. It ensures that network resources are properly allocated and that service level agreements are satisfied.

Network open function (NEF) enables authorized third party applications and services to securely access network data and functions. It provides a standardized interface for external service providers to interact with 5 GC.

Network Repository Function (NRF) maintains a registry of network functions and their corresponding addresses in 5 GC. It facilitates discovery and selection of network functions during service set-up and operation.

A location acquisition function (LRF) acquires location information of the UE for a location-based service. It provides the necessary positioning data to support services requiring location awareness.

Gateway Mobile Location Center (GMLC) provides location-based services by retrieving location information from the LRF and passing it to authorized applications or services.

Location Management Functions (LMFs) manage location related functions including tracking the location of UEs, updating location information, and supporting mobility management in the network.

In some embodiments, the 5GC cooperates with the NG-RAN and the UE to enable seamless connectivity and advanced services. The NG-RAN provides the UE with a radio access network, while the 5GC manages the core network functions.

In some embodiments, the ranging-based service provides a distance between two or more UEs and/or a direction of one UE (i.e., target UE) from another UE (i.e., reference UE) via a PC5 interface (also referred to as PC 5).

In some embodiments, the side link positioning utilizes a PC5 interface to provide absolute, relative or ranging information for the UE. By using side link positioning, the location of the target UE may be determined based on information obtained from the positioned UE.

In some embodiments, the ranging/SL positioning service may be accessed by authorized SL positioning clients UE, 5GC NF or AF (application function) to obtain relative position or distance/direction results between UEs capable of ranging/SL positioning. Furthermore, if it is determined that ranging/SL positioning is applicable, an authorized 5GC NF, AF or LCS (location services) client may use the service to obtain the absolute position of the target UE.

In some embodiments, if the target UE (also referred to as UE in this disclosure) does not have a user plane connection (also referred to as user plane in this disclosure) with the LMF, the LMF may trigger a user plane connection establishment after receiving a location request from the AMF. In some embodiments, if the LMF determines to refresh the key for the user plane connection, the LMF may trigger the user plane connection update. Some embodiments of the present disclosure provide a method of establishing or updating a secure user plane connection for a UE and an LMF.

In some embodiments, if the target UE does not have a user plane connection with the LMF, the LMF may trigger establishment of the user plane connection after receiving a location request from the AMF. Furthermore, if the UE supports user plane positioning, the AMF subscribes from the LMF using Nlmf _location_ UPNotify subscription message to obtain the status of the LCS user plane connection of the target UE. Figure 2 illustrates a procedure initiated by the LMF to support positioning over a user plane connection between a UE and the LMF. The process includes at least one of the following operations, steps, and/or configurations.

1. Based on the UE's user plane positioning capability, control plane congestion status (e.g., AMF load status), and other implementation factors, the LMF determines whether to continue the positioning process via the user plane connection between the UE and the LMF. The LMF may invoke Nnrf _ NFDiscovery service operations to obtain the control plane congestion status.

If the user plane connection context of the target UE already exists in the LMF and the LMF determines to locate with the user plane connection, steps 2 to 7 are skipped.

The LMF may select a user plane location for a particular location method (e.g., a motion sensor based method) and it determines which location method requires a user plane connection based on implementation and local configuration.

2. Conditional if the LMF decides to locate with the user plane and there is no established secure user plane connection between the UE and the LMF, the LMF sends user plane information to the AMF to indicate that the UE should locate with the user plane through TLS. The user plane information includes a user plane location address of the LMF and security related information.

3. Conditional when the AMF receives the user plane information from the LMF in step 2, it forwards it to the UE via a DL NAS TRANSPORT message.

4. Conditional if no applicable PDU session has been established for the user plane location, the UE uses URSP (user plane radio separation protocol) defined in TS 23.503 to establish a PDU session for the user plane location, which session includes user plane location related parameters. The UE may send an acknowledgement to the LMF through the AMF to indicate whether the positioning service with the user plane connection was successful or failed.

5. The [ conditional ] AMF sends the acknowledgement received in step 4 to the LMF via Namf _n1messageNotify service.

6. Conditional if the LMF knows the IP address information of the UE, it can inform the UE to use the known UE IP address to establish a secure user plane connection.

7. Conditional UE establishes a secure user plane connection with the LMF. If the LMF sends its Fully Qualified Domain Name (FQDN) to the UE, a DNS server/resolver is used to resolve the IP address of the LMF (e.g., EASDF or a local DNS for local LMF address resolution).

8. The [ conditional ] LMF indicates to the AMF in Nlmf _location_ UPNotify message that a user plane connection between the UE and the LMF has been established.

9. The AMF stores the LCS-UP connection context as part of the UE context.

10. If the LMF or the UE determines to locate with a user plane connection and a secure user plane connection is established, LPP (LTE positioning protocol) messages are transmitted between the UE and the LMF for UE-based positioning, UE-assisted positioning, and assistance data transfer. Supplementary service event report messages from the UE may also be transmitted to the LMF via the established user plane connection.

In some embodiments, if the UE does not have a user plane connection with the LMF, the UE may trigger establishment of the user plane connection. Figure 3 illustrates a process initiated by a UE to support positioning over a user plane connection between the UE and the LMF.

In some embodiments, if the UE does not have a user plane connection with the LMF (also referred to as a user plane in this disclosure), the UE may trigger the user plane connection establishment. In some embodiments, the UE may trigger the user plane connection update if the UE determines to refresh the key for the user plane connection. Some embodiments of the present disclosure provide a method of establishing or updating a secure user plane connection for a UE and an LMF.

Fig. 3 shows a schematic diagram of a process according to an embodiment of the present disclosure. In fig. 3, a procedure triggered by the UE to support positioning over a user plane connection between the UE and the LMF is employed. In some embodiments, the process includes at least one of the following operations, steps, and/or configurations.

1. The UE may send a request (e.g., a user plane setup request) to the AMF (e.g., via a NAS message). In some embodiments, the request includes an UP (uplink) positioning initiation (e.g., for positioning related services). In some embodiments, if the UE decides to prepare a user plane connection for an upcoming positioning request, the UE may send a request to the AMF.

2. The [ conditional ] AMF may select one LMF. In some embodiments, the AMF may select the LMF based on the UE ID. In some embodiments, the AMF may select an LMF capable of establishing a user plane session for positioning with the UE. In some embodiments, the AMF may select the LMF if the UE is authorized to use user plane positioning based on the UE subscription.

3. The [ conditional ] AMF sends a request (e.g., nlmf _location_ UPConfig request) to the LMF. In some embodiments, the request for the LMF is a request to establish an LCS (location services) -UP connection.

4. The [ conditional ] LMF transmits response information (e.g., user plane information) to the AMF. In some embodiments, the response information (e.g., user plane information) is sent via a Namf _communication_n1n2MESSAGETRANSFER message. In some embodiments, if the LMF accepts positioning with the user plane and there is no established secure user plane connection between the UE and the LMF, response information (e.g., user plane information) may be sent. In some embodiments, the response information (e.g., user plane information) may be sent to the AMF to instruct the UE to accept and utilize the user plane connection for positioning. In some embodiments, the response information includes a user plane location address of the LMF and security related information.

5. The [ conditional ] AMF transmits response information (e.g., user plane information) to the UE. In some embodiments, the AMF sends response information (e.g., user plane information) to the UE via a DL NAS TRANSPORT message. In some embodiments, when the AMF receives response information (e.g., user plane information) from the LMF, the AMF sends the response information (e.g., user plane information) to the UE.

6. Conditional UE establishes a secure user plane connection with the LMF.

7. The [ conditional ] LMF responds to the AMF that the user plane connection between the UE and the LMF has been established (e.g., by sending a Nlmf _location_ UPConfig response to the AMF).

8. The AMF stores the LCS-UP connection context as part of the UE context.

9. After establishing the secure user plane connection, if the LMF determines to locate with the user plane connection upon receiving a location request from the AMF, or if the UE determines to locate with the user plane connection, LPP messages are transmitted between the UE and the LMF for UE-based location, UE-assisted location and assistance data transfer. Supplementary service event report messages from the UE may also be transmitted to the LMF via the established user plane connection.

In some embodiments of the present disclosure, the LMF transmits a key ID (identifier) for establishing or updating the user plane connection to the UE via the AMF. In some embodiments, the UE uses the key to establish or update the user plane connection.

In some embodiments of the present disclosure, the AMF generates a key for establishing or updating a user plane connection between the UE and the LMF. In some embodiments, the LMF obtains the key and key ID from the AMF.

In some embodiments, the AMF generates a key and a key ID. In some embodiments, the key may be derived based on a key used between the AMF and the UE (referred to as K _AMF in this disclosure).

In some embodiments, if the key is derived based on K _AMF, the AMF sends a key derivation indicator to the UE. Otherwise, the AMF sends the key and the key ID to the UE.

In some embodiments of the present disclosure, the LMF obtains a key and a key ID from another NF for establishing or updating a user plane connection between the UE and the LMF.

In some embodiments, the other NF sends the key and the key ID to the LMF.

In some embodiments, the LMF sends the key and the key ID to the UE via the AMF.

In some embodiments, the UE uses the key to establish or update the user plane connection.

In some embodiments, the other NF sends the key and the key ID to the LMF.

In some embodiments, the LMF sends the key ID and the address of the NF to the UE via the AMF.

In some embodiments, the UE obtains a key from the NF and the UE uses the key to establish or update a user plane connection with the LMF.

In some embodiments, the key used to establish the user plane connection may be indicative of a key used in the establishment of the user plane connection that may protect (e.g., encrypt) data transmitted over the established user plane connection. In some embodiments, the key used to update the user plane connection may indicate a security key used to update (e.g., refresh) the user plane connection and a key to protect (e.g., encrypt) data transmitted over the updated user plane connection with the updated security key.

In some embodiments, if the target UE does not have a user plane connection with the LMF, the LMF may trigger the establishment of a user plane connection after receiving a location information request (also referred to as a location management request in this disclosure) from the AMF.

Fig. 4 shows a schematic diagram of a process according to an embodiment of the present disclosure. In some embodiments, the process includes at least one of the following operations, steps, and/or configurations.

The AMF sends a message (e.g., a location information request) to the LMF. In some embodiments, the message includes at least one of a UE ID of the target UE and/or an AMF ID of the AMF.

LMF sends a response (e.g., location information response) to AMF.

LMF stores a mapping between AMF ID and UE ID.

In some embodiments, if the UE supports user plane positioning, the AMF may subscribe from the LMF to the status of the LCS user plane connection of the UE (e.g., by using Nlmf _location_ UPNotify subscription message).

In some embodiments, the LMF may obtain the AMF ID from UDM (unified data management) based on the UE ID.

In some embodiments, the LMF may select a user plane location for a particular location method (e.g., a motion sensor based method) and determine which location method requires the user plane connection based on implementation and local configuration.

2. The LMF sends a message (e.g., user plane information) to the AMF. In some embodiments, the message (e.g., user plane information) is sent via a Namf _communication_n1n MESSAGETRANSFER message. In some embodiments, the message (e.g., user plane information) may be sent if the LMF decides to utilize the user plane for positioning and there is no established secure user plane connection between the UE and the LMF. In some embodiments, the message (e.g., user plane information) may be sent if the LMF decides to update the key of the user plane for positioning. In some embodiments, the message (e.g., user plane information) is sent to the AMF to indicate that the UE can utilize the user plane for positioning through TLS (transport layer security). In some embodiments, the message (e.g., user plane information) includes a user plane location address of the LMF and security related information. In some embodiments, the security-related information includes an identifier (referred to as K _LMF ID in this disclosure) of a key (referred to as K _LMF in this disclosure) used to establish or update a secure user plane connection between the UE and the LMF. For example, if there is a shared key between the UE and the LMF, the security-related information includes an identifier of the shared key.

3. The AMF sends a message (e.g., user plane information) to the UE. In some embodiments, the AMF sends a message (e.g., user plane information) to the UE via a DL NAS TRANSPORT message. In some embodiments, when the AMF receives a message (e.g., user plane information) from the LMF, the AMF sends the message (e.g., user plane information) to the UE. In some embodiments, the AMF sends a message (e.g., user plane information) from the LMF to the UE in a transparent or non-transparent manner. In some embodiments, the message (e.g., user plane information) sent to the UE includes an identifier (K _LMF ID) of the key.

4. In response to a message (e.g., user plane information) from the AMF, the UE sends a message (e.g., via a UL NAS TRANSPORT message) to the AMF. If no applicable PDU session has been established for user plane location, then the UE uses URSP (user plane radio separation protocol) to establish a PDU session for user plane location that includes user plane location related parameters. The UE may send an acknowledgement to the LMF through the AMF to indicate whether the positioning service with the user plane connection was successful or failed.

5. The AMF sends the acknowledgement received in step 4 to the LMF via Namf _n1messageNotify service.

6. If the LMF knows the IP address information of the UE, it can inform the UE to use the known UE IP address to establish a secure user plane connection.

7. The UE establishes or updates a secure user plane connection with the LMF based on the key (K _LMF) identified by the key ID (K _LMF ID). If the LMF sends its Fully Qualified Domain Name (FQDN) to the UE, a DNS server/resolver is used to resolve the IP address of the LMF (e.g., EASDF or a local DNS for local LMF address resolution).

8. The LMF indicates to the AMF in the Nlmf _location_ UPNotify message that the user plane connection between the UE and the LMF is established or updated.

9. The AMF stores the LCS-UP connection context as part of the UE context.

10. If the LMF or UE determines to locate with a user plane connection and a secure user plane connection is established or updated, LPP (LTE positioning protocol) messages are transmitted between the UE and the LMF for UE-based location, UE-assisted location and assistance data transfer. Supplementary service event report messages from the UE may also be transmitted to the LMF via the established or updated user plane connection.

Fig. 5 shows a schematic diagram of a process according to an embodiment of the present disclosure. In some embodiments, the process includes at least one of the following operations, steps, and/or configurations.

LMF sends a response (e.g., location information response) to AMF.

LMF stores a mapping between AMF ID and UE ID.

In some embodiments, the LMF may select a user plane location for a particular location method (e.g., a motion sensor based method) and determine which location method requires a user plane connection based on implementation and local configuration.

2. The LMF sends a message (e.g., user plane information) to the AMF. In some embodiments, the message (e.g., user plane information) is sent via a Namf _communication_n1n MESSAGETRANSFER message. In some embodiments, a message (e.g., user plane information) may be sent if the LMF decides to utilize the user plane for positioning and there is no established secure user plane connection between the UE and the LMF. In some embodiments, a message (e.g., user plane information) may be sent if the LMF decides to update the key of the user plane for positioning. In some embodiments, the message (e.g., user plane information) is sent to the AMF to indicate that the UE can utilize the user plane for positioning through TLS (transport layer security). In some embodiments, the message (e.g., user plane information) includes a user plane location address of the LMF and security related information. In some embodiments, if the LMF does not have a key for establishing a user plane connection between the UE and the LMF (K _LMF), the LMF may send security-related information including a key request to the AMF to request the key (K _LMF). In some embodiments, the key request may be sent via Namf _communication_n1n2Transfer message. In some embodiments, the key request may be sent via another message other than the Namf _communication_n1n2Transfer message.

3. The AMF sends a message (e.g., user plane information) to the UE. In some embodiments, the AMF sends a message (e.g., user plane information) to the UE via a DL NAS TRANSPORT message. In some embodiments, when the AMF receives a message (e.g., user plane information) from the LMF, the AMF sends the message (e.g., user plane information) to the UE. In some embodiments, the AMF sends a message (e.g., user plane information) from the LMF to the UE in a transparent or non-transparent manner. In some embodiments, the message (e.g., user plane information) sent to the UE includes a key (K _LMF) and an identifier of the key (K _LMF ID).

In some embodiments, the AMF may generate a key (K _LMF). In some embodiments, the AMF may generate a key (K _LMF) based on K _AMF. In some embodiments, in response to the AMF generating the key (K _LMF) based on K _AMF, the message (e.g., user plane information) sent to the UE includes at least one of a key derivation indicator and/or an identifier of the key (K _LMF ID).

In some embodiments, the AMF may generate the key based on at least one of NAS (uplink non-access stratum) count, K _AMF, SUPI (subscription permanent identifier), and/or an identifier of the LMF.

In some embodiments, if the UE receives a key derivation indicator in a message (e.g., user plane information) sent to the UE, the UE may derive the key (K _LMF) in the same manner as the AMF generates the key (K _LMF). That is, the UE may generate a key based on at least one of the NAS count, K _AMF, SUPI, and/or an identifier of the LMF (K _LMF).

5. The AMF sends the acknowledgement received in step 4 to the LMF via Namf _n1messageNotify service. In some embodiments, the validation includes a key (K _LMF) and an identifier of the key (K _LMF ID). In some embodiments, the key (K _LMF) and the identifier of the key (K _LMF ID) may be sent to the LMF via different messages than the acknowledgements described above.

6. If the LMF knows the IP address information of the UE, it can inform the UE to establish a secure user plane connection using the known UE IP address.

7. The UE establishes or updates a secure user plane connection with the LMF based on the key (K _LMF) and the key ID (K _LMF ID). If the LMF sends its Fully Qualified Domain Name (FQDN) to the UE, a DNS server/resolver is used to resolve the IP address of the LMF (e.g., EASDF or a local DNS for local LMF address resolution).

9. The AMF stores the LCS-UP connection context as part of the UE context.

Fig. 6 shows a schematic diagram of a process according to an embodiment of the present disclosure. In some embodiments, the process includes at least one of the following operations, steps, and/or configurations.

LMF sends a response (e.g., location information response) to AMF.

LMF stores a mapping between AMF ID and UE ID.

2. The LMF sends a message (e.g., user plane information) to the AMF. In some embodiments, the message (e.g., user plane information) is sent via a Namf _communication_n1n MESSAGETRANSFER message. In some embodiments, a message (e.g., user plane information) may be sent if the LMF decides to utilize the user plane for positioning and there is no established secure user plane connection between the UE and the LMF. In some embodiments, a message (e.g., user plane information) may be sent if the LMF decides to update the key of the user plane for positioning. In some embodiments, the message (e.g., user plane information) is sent to the AMF to indicate that the UE can utilize the user plane for positioning through TLS (transport layer security). In some embodiments, the message (e.g., user plane information) includes a user plane location address of the LMF and security related information. In some embodiments, the message (e.g., user plane information) includes a user plane location address of the LMF and security related information. In some embodiments, if the LMF does not have a key for establishing a user plane connection between the UE and the LMF (K _LMF), the LMF may send security-related information including a key request to the AMF to request the key (K _LMF). In some embodiments, the key request may be sent via Namf _communication_n1n2Transfer message. In some embodiments, the key request may be sent via another message other than the Namf _communication_n1n2Transfer message.

8. The LMF indicates to the AMF in the Nlmf _location_ UPNotify message that the user plane connection between the UE and the LMF has been established or updated.

9. The AMF stores the LCS-UP connection context as part of the UE context.

10. If the LMF or UE determines to locate with a user plane connection and a secure user plane connection is established or updated, LPP (LTE positioning protocol) messages are transmitted between the UE and the LMF for UE-based location, UE-assisted location and assistance data transfer. Supplementary service event report messages from the UE may also be sent to the LMF via the established or updated user plane connection.

Fig. 7 shows a schematic diagram of a process according to an embodiment of the present disclosure. In some embodiments, the process includes at least one of the following operations, steps, and/or configurations.

LMF sends a response (e.g., location information response) to AMF.

LMF stores a mapping between AMF ID and UE ID.

Lmf sends a key request to another NF (e.g., KMF (key management function)). The LMF sends a key request to the KMF requesting a key (K _LMF) and an identifier of the key (K _LMF ID). In some embodiments, the key request may be sent if the LMF decides to locate with the user plane and there is no established secure user plane connection between the UE and the LMF. In some embodiments, a key request may be sent if the LMF decides to update the key for the user plane for positioning. In some embodiments, the key request message includes at least one of an LMF ID of the LMF and/or a UE ID of the UE.

KMF sends key (K _LMF) and identifier of key (K _LMF ID) to LMF. In some embodiments, the KMF generates a key (K _LMF) and an identifier of the key (K _LMF ID) based on at least one of the LMF ID and/or the UE ID.

2. The LMF sends a message (e.g., user plane information) to the AMF. In some embodiments, the message (e.g., user plane information) is sent via a Namf _communication_n1n MESSAGETRANSFER message. In some embodiments, the message (e.g., user plane information) is sent to the AMF to indicate that the UE can utilize the user plane for positioning through TLS (transport layer security). In some embodiments, the message (e.g., user plane information) includes a user plane location address of the LMF and security related information. In some embodiments, the security-related information includes an identifier (referred to as K _LMF ID in this disclosure) of a key (referred to as K _LMF in this disclosure) used to establish or update a secure user plane connection between the UE and the LMF. For example, if there is a shared key between the UE and the LMF, the security-related information includes an identifier of the shared key.

3. The AMF sends a message (e.g., user plane information) to the UE. In some embodiments, the AMF sends a message (e.g., user plane information) to the UE via a DL NAS TRANSPORT message. In some embodiments, when the AMF receives a message (e.g., user plane information) from the LMF, the AMF sends the message (e.g., user plane information) to the UE. In some embodiments, the AMF sends a message (e.g., user plane information) from the LMF to the UE in a transparent or non-transparent manner. In some embodiments, the message (e.g., user plane information) sent to the UE includes an identifier of the key (K _LMF ID) and the key (K _LMF).

9. The AMF stores the LCS-UP connection context as part of the UE context.

Fig. 8 shows a schematic diagram of a process according to an embodiment of the present disclosure. In some embodiments, the process includes at least one of the following operations, steps, and/or configurations.

LMF sends a response (e.g., location information response) to AMF.

LMF stores a mapping between AMF ID and UE ID.

2. The LMF sends a message (e.g., user plane information) to the AMF. In some embodiments, the message (e.g., user plane information) is sent via a Namf _communication_n1n MESSAGETRANSFER message. In some embodiments, the message (e.g., user plane information) is sent to the AMF to indicate that the UE can utilize the user plane for positioning through TLS (transport layer security). In some embodiments, the message (e.g., user plane information) includes a user plane location address of the LMF and security related information. In some embodiments, the LMF sends the key (K _LMF) and the identifier of the key (K _LMF ID) to the AMF (e.g., in security related information). In some embodiments, the message (e.g., user plane information) sent to the AMF may also include the address of the KMF.

3. The AMF sends a message (e.g., user plane information) to the UE. In some embodiments, the AMF sends a message (e.g., user plane information) to the UE via a DL NAS TRANSPORT message. In some embodiments, when the AMF receives a message (e.g., user plane information) from the LMF, the AMF sends the message (e.g., user plane information) to the UE. In some embodiments, the AMF sends a message (e.g., user plane information) from the LMF to the UE in a transparent or non-transparent manner. In some embodiments, the message (e.g., user plane information) sent to the UE includes at least one of a key (K _LMF), an identifier of the key (K _LMF ID), and or an address of the KMF.

And 7a, the UE sends a key request to the KMF. In one embodiment, the key request includes an identifier (K _LMF ID) of the key. In one embodiment, the key request is for requesting a key identified by a K _LMF ID (K _LMF).

KMF sends key response to UE. In one embodiment, the key response includes a key (K _LMF) identified by a K _LMF ID.

7C. The UE establishes or updates a secure user plane connection with the LMF based on the key (K _LMF) and the key ID (K _LMF ID). If the LMF sends its Fully Qualified Domain Name (FQDN) to the UE, a DNS server/resolver is used to resolve the IP address of the LMF (e.g., EASDF or a local DNS for local LMF address resolution).

9. The AMF stores the LCS-UP connection context as part of the UE context.

It should be appreciated that the process described above may be used to generate a key for establishing a secure user plane connection (e.g., the key is used to protect (e.g., encrypt) data transmitted over the secure user plane connection), or to generate a refreshed key to update the user plane connection with the refreshed key (e.g., the refreshed key is used to protect (e.g., encrypt) data transmitted over the updated user plane connection).

In the following paragraphs, details will be described in connection with some examples, but the disclosure is not limited to the examples below.

Fig. 9 relates to a schematic diagram of a wireless communication terminal 30 according to an embodiment of the present disclosure. The wireless communication terminal 30 may be a tag, a mobile phone, a notebook computer, a tablet computer, an electronic book, or a portable computer system, and is not limited thereto. The wireless communication terminal 30 may be used to implement the UE described in this disclosure. The wireless communication terminal 30 may include a processor 300, such as a microprocessor or an Application Specific Integrated Circuit (ASIC), a storage unit 310, and a communication unit 320. The memory unit 310 may be any data storage device that stores program code 312 that is accessed and executed by the processor 300. Examples of stored code 312 include, but are not limited to, a Subscriber Identity Module (SIM), read Only Memory (ROM), flash memory, random Access Memory (RAM), hard disk, and optical data storage devices. The communication unit 320 may be a transceiver and is used to transmit and receive signals (e.g., messages or packets) according to the processing result of the processor 300. In an embodiment, the communication unit 320 transmits and receives signals via at least one antenna 322 or via wiring.

In an embodiment, the storage unit 310 and the program code 312 may be omitted, and the processor 300 may include a storage unit having stored program code.

The processor 300 may implement any of the steps of the exemplary embodiments on the wireless communication terminal 30, for example, by executing the program code 312.

The communication unit 320 may be a transceiver. Alternatively or additionally, the communication unit 320 may combine a transmitting unit and a receiving unit configured to transmit and receive signals to and from the wireless communication node, respectively.

In some embodiments, the wireless communication terminal 30 may be used to perform the operations of the UE described in the present disclosure. In some embodiments, processor 300 and communication unit 320 cooperate to perform the operations described in this disclosure. For example, the processor 300 performs operations and transmits or receives signals, messages, and/or information through the communication unit 320.

Fig. 10 relates to a schematic diagram of a wireless communication node 40 according to an embodiment of the present disclosure. The wireless communication node 40 may be a satellite, a Base Station (BS), a gNB, a network entity, a Domain Name System (DNS) server, a Mobility Management Entity (MME), a serving gateway (S-GW), a Packet Data Network (PDN) gateway (P-GW), a Radio Access Network (RAN), a next generation RAN (NG-RAN), a data network, a core network, a communication node in a core network, or a Radio Network Controller (RNC), and is not limited thereto. Further, the wireless communication node 40 may include (perform) at least one network function such as an access and mobility management function (AMF), a Session Management Function (SMF), a user location function (UPF), a Policy Control Function (PCF), an Application Function (AF), and the like. The wireless communication node 40 may be used to implement the nodes, networks, network functions (e.g., AMF, LMF, etc.), or network nodes described in this disclosure. The wireless communication node 40 may comprise a processor 400, such as a microprocessor or ASIC, a storage unit 410 and a communication unit 420. The memory unit 410 may be any data storage device that stores program code 412 that is accessed and executed by the processor 400. Examples of storage units 412 include, but are not limited to, SIM, ROM, flash memory, RAM, hard disk, and optical data storage devices. The communication unit 420 may be a transceiver and is used to transmit and receive signals (e.g., messages or packets) according to the processing result of the processor 400. In an embodiment, the communication unit 420 transmits and receives signals via at least one antenna 422 or via wiring.

In an embodiment, the storage unit 410 and the program code 412 may be omitted. The processor 400 may include a memory unit with stored program code.

Processor 400 may implement any of the steps described in the exemplary embodiment on wireless communication node 40, for example, by executing program code 412.

The communication unit 420 may be a transceiver. Alternatively or additionally, the communication unit 420 may combine a transmitting unit and a receiving unit configured to transmit and receive signals, messages or information to and from the wireless communication node or wireless communication terminal, respectively.

In some embodiments, the wireless communication node 40 may be used to perform the operations of the AMF or LMF described in this disclosure. In some embodiments, processor 400 and communication unit 420 cooperate to perform the operations described in this disclosure. For example, the processor 400 performs operations and transmits or receives signals through the communication unit 420.

According to an embodiment of the present disclosure, there is also provided a wireless communication method. In an embodiment, the wireless communication method may be performed by using a wireless communication node (e.g., an AMF). In an embodiment, the wireless communication node 40 described in the present disclosure may be implemented by using the wireless communication node, but is not limited thereto.

Referring to fig. 11, in an embodiment, the wireless communication method includes transmitting, by a first wireless communication node, security-related information to a wireless communication terminal to allow the wireless communication terminal to establish or update a user plane connection between the wireless communication terminal and a second wireless communication node, wherein the user plane connection is protected based on the security-related information.

Details of this may be determined with reference to the paragraphs above and are not repeated here.

According to an embodiment of the present disclosure, another wireless communication method is also provided. In an embodiment, the wireless communication method may be performed by using a wireless communication terminal (e.g., UE). In the embodiment, the wireless communication terminal 30 described in the present disclosure may be implemented by using the wireless communication terminal, but is not limited thereto.

Referring to fig. 12, in an embodiment, the wireless communication method includes receiving, by a wireless communication terminal, security-related information from a first wireless communication node, and establishing, by the wireless communication terminal, or updating, a user plane connection between the wireless communication terminal and a second wireless communication node, wherein the user plane connection is protected based on the security-related information.

According to an embodiment of the present disclosure, another wireless communication method is also provided. In an embodiment, the wireless communication method may be performed by using a wireless communication node (e.g., LMF). In one embodiment, the wireless communication node 40 described in the present disclosure may be implemented by using the wireless communication node, but is not limited thereto.

Referring to fig. 13, in an embodiment, the wireless communication method includes transmitting, by a second wireless communication node, a request message to a first wireless communication node requesting the first wireless communication node to transmit security-related information to a wireless communication terminal to allow the wireless communication terminal to establish or update a user plane connection between the wireless communication terminal and the second wireless communication node, wherein the user plane connection is protected based on the security-related information.

In some embodiments, a wireless communication terminal used in the present disclosure may indicate the UE described above.

In some embodiments, a first wireless communication node used in the present disclosure may indicate the AMF described above.

In some embodiments, a second wireless communication node used in the present disclosure may indicate the LMF described above.

In some embodiments, the management function used in the present disclosure may be KMF described above.

While various embodiments of the present disclosure have been described above, it should be understood that they have been presented by way of example only, and not limitation. Likewise, the various figures may depict an example architecture or configuration provided to enable one of ordinary skill in the art to understand the example features and functionality of the disclosure. However, those skilled in the art will appreciate that the present disclosure is not limited to the example architectures or configurations shown, but may be implemented using a variety of alternative architectures and configurations. Furthermore, as will be appreciated by those of ordinary skill in the art, one or more features of one embodiment may be combined with one or more features of another embodiment described herein. Thus, the breadth and scope of the present disclosure should not be limited by any of the above-described exemplary embodiments.

It should be understood that in this disclosure, the term "and/or" or symbol "/" may include any and all combinations of one or more of the associated listed items. For example, a and/or B and/or C include all combinations of any one of A, B and C and one or more, including A, B, C, a and B, A and C, B and C, and combinations of a and B and C. Likewise, a/B/C includes all combinations of any one of A, B and C and one or more, including A, B, C, a and B, A and C, B and C, and combinations of a and B and C.

It should also be appreciated that any reference herein to an element using names such as "first," "second," etc. generally does not limit the number or order of such elements. Rather, these designations may be used herein as a convenient means of distinguishing between two or more elements or instances of an element. Thus, reference to first and second elements does not mean that only two elements can be used, or that the first element must somehow precede the second element.

Further, those of ordinary skill in the art would understand that information and signals may be represented using any of a variety of different technologies and techniques. For example, data, instructions, commands, information, signals, bits, and symbols that may be referenced throughout the above description may be represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof, for example.

Those of skill would further appreciate that any of the various illustrative logical blocks, units, processors, devices, circuits, methods, and functions described in connection with the aspects disclosed herein may be implemented with electronic hardware (e.g., digital implementations, analog implementations, or a combination of both), firmware, various forms of program or design code containing instructions (which may be referred to herein as "software" or "a software element" for convenience) or any combination of these techniques.

To clearly illustrate this interchangeability of hardware, firmware, and software, various illustrative components, blocks, units, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware, firmware, or software, or as a combination of these techniques, depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure. According to various embodiments, processors, devices, components, circuits, structures, machines, units, etc. may be configured to perform one or more of the functions described herein. The terms "configured to" or "configured for" as used herein with respect to a particular operation or function refers to a processor, device, component, circuit, structure, machine, unit, etc., that is physically constructed, programmed and/or arranged to perform the particular operation or function.

Moreover, those of skill will appreciate that the various illustrative logical blocks, units, devices, components, and circuits described herein may be implemented within or performed by an Integrated Circuit (IC) that may comprise a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), or other programmable logic device, or any combination thereof. Logic blocks, units, and circuits may also include antennas and/or transceivers to communicate with various components within the network or within the device. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other suitable configuration for performing the functions described herein. If implemented in software, these functions may be stored on a computer-readable medium as one or more instructions or code. Thus, the steps of a method or algorithm disclosed herein may be embodied as software stored on a computer readable medium.

Computer-readable media includes both computer storage media and communication media including any medium that can transfer a computer program or code from one location to another. A storage media may be any available media that can be accessed by a computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to store desired program code in the form of instructions or data structures and that can be accessed by a computer.

In this document, the term "unit" as used herein refers to software, firmware, hardware, and any combination of these elements for performing the relevant functions described herein. Furthermore, for purposes of discussion, the various units are described as discrete units, however, as will be apparent to one of ordinary skill in the art, two or more units may be combined to form a single unit that performs the associated functions in accordance with embodiments of the disclosure.

Further, in embodiments of the present disclosure, memory or other memory and communication components may be used. It should be appreciated that for clarity, the above description has described embodiments of the disclosure with reference to different functional units and processors. However, it will be apparent that any suitable distribution of functionality between different functional units, processing logic elements, or domains may be used without detracting from the disclosure. For example, functions illustrated as being performed by separate processing logic elements or controllers may be performed by the same processing logic element or controller. Thus, references to specific functional units are only to suitable means for providing the described functionality rather than indicative of a strict logical or physical structure or organization.

Various modifications to the embodiments described in the disclosure will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the scope of the claims. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the novel features and principles disclosed herein, as recited in the following claims.

Claims

1. A wireless communication method, comprising:

A first wireless communication node sends security-related information to a wireless communication terminal to allow the wireless communication terminal to establish or update a user plane connection between the wireless communication terminal and a second wireless communication node, wherein the user plane connection is protected based on the security-related information.

2. The wireless communication method according to claim 1, wherein the security-related information includes at least one of the following:

The key used for the user plane connection;

Identifier for the key used for the user plane connection;

A key derivation indicator that instructs the wireless communication terminal to derive a key for the user plane connection; or

Address of the management function for the keys used for the user plane connection.

3. The wireless communication method according to claim 1 or 2, further comprising:

The first wireless communication node receives user plane information from the second wireless communication node, and the user plane information instructs the wireless communication terminal to establish a user plane connection between the wireless communication terminal and the second wireless communication node based on the identifier of the wireless communication terminal.

4. The wireless communication method according to any one of claims 1 to 3, wherein the user plane connection is used for location-related services, and the location-related services include locating the wireless communication terminal.

5. The wireless communication method according to any one of claims 1 to 4, wherein the user plane information includes at least one of the following:

The identifier of the wireless communication terminal;

The identifier of the second wireless communication node;

Identifier for the key used for the user plane connection;

A request for a key used for the user plane connection;

The key used for the user plane connection; or

6. The wireless communication method according to any one of claims 1 to 5, further comprising at least one of the following operations:

The first wireless communication node sends a location management request to the second wireless communication node, the location management request including at least one of the identifiers of the wireless communication terminal or the first wireless communication node; or

The first wireless communication node receives a response to a location management request from the second wireless communication node, the location management request including at least one of the identifiers of the wireless communication terminal or the first wireless communication node.

7. The wireless communication method according to claim 6, wherein the location management request allows the second wireless communication node to store mapping information between the wireless communication terminal and the first wireless communication node.

8. The wireless communication method according to any one of claims 1 to 7, further comprising:

The identifier of the key for the user plane connection is received by the first wireless communication node from the second wireless communication node; and

The first wireless communication node sends an identifier for the key used for the user plane connection to the wireless communication terminal, allowing the wireless communication terminal to use a key shared between the second wireless communication node and the wireless communication terminal as the key used for the user plane connection.

9. The wireless communication method according to any one of claims 1 to 7, further comprising:

The first wireless communication node generates a key for the user plane connection; and

The first wireless communication node sends to the wireless communication terminal an identifier for the key used for the user plane connection and a key derivation indicator that instructs the wireless communication terminal to derive the key used for the user plane connection.

10. The wireless communication method according to claim 9, further comprising at least one of the following operations:

The first wireless communication node receives a request for a key for the user plane connection from the second wireless communication node; or

The first wireless communication node sends a key for the user plane connection and an identifier for the key for the user plane connection to the second wireless communication node.

11. The wireless communication method according to claim 9 or 10, further comprising:

The first wireless communication node generates a key for the user plane connection based on at least one of the following: an uplink non-access stratum (NAS) count, a key for communication between the first wireless communication node and the wireless communication terminal, a subscription permanent identifier (SUPI), or an identifier of the second wireless communication node.

12. The wireless communication method according to any one of claims 1 to 7, further comprising:

The first wireless communication node receives from the second wireless communication node a key for the user plane connection and an identifier for the key for the user plane connection; and

The first wireless communication node sends a key for the user plane connection and an identifier for the key for the user plane connection to the wireless communication terminal.

13. The wireless communication method according to any one of claims 1 to 7, further comprising:

The first wireless communication node receives from the second wireless communication node a key for the user plane connection and an identifier for the key for the user plane connection, wherein the key for the user plane connection and the identifier for the key for the user plane connection are obtained from a management function; and

14. The wireless communication method according to any one of claims 1 to 7, further comprising:

The first wireless communication node receives from the second wireless communication node an identifier for the key used for the user plane connection and an address for managing the key used for the user plane connection; and

The first wireless communication node sends an identifier for the key used for the user plane connection and an address for a management function that manages the key used for the user plane connection to the wireless communication terminal, so that the wireless communication terminal can obtain the key used for the user plane connection from the management function.

15. A wireless communication method, comprising:

The wireless communication terminal receives security-related information from the first wireless communication node; and

The user plane connection between the wireless communication terminal and the second wireless communication node is established or updated by the wireless communication terminal, wherein the user plane connection is protected based on the security-related information.

16. The wireless communication method according to claim 15, wherein the security-related information includes at least one of the following:

The key used for the user plane connection;

Identifier for the key used for the user plane connection;

17. The wireless communication method according to claim 15 or 16, further comprising:

The wireless communication terminal receives user plane information from the second wireless communication node via the first wireless communication node, and the user plane information instructs the wireless communication terminal to establish a user plane connection between the wireless communication terminal and the second wireless communication node.

18. The wireless communication method according to any one of claims 15 to 17, wherein the user plane connection is used for location-related services, and the location-related services include locating the wireless communication terminal.

19. The wireless communication method according to any one of claims 15 to 18, wherein the user plane information includes at least one of the following:

The identifier of the wireless communication terminal;

The identifier of the second wireless communication node;

Identifier for the key used for the user plane connection;

A request for a key used for the user plane connection;

The key used for the user plane connection; or

20. The wireless communication method according to any one of claims 15 to 19, further comprising:

The identifier of the key for the user plane connection is received by the wireless communication terminal from the second wireless communication node via the first wireless communication node; and

The user plane connection is established or updated by the wireless communication terminal based on a key shared between the second wireless communication node and the wireless communication terminal, identified by the identifier of the received key.

21. The wireless communication method according to any one of claims 15 to 19, further comprising:

The wireless communication terminal receives from the first wireless communication node an identifier for the key used for the user plane connection and a key derivation indicator that instructs the wireless communication terminal to derive the key used for the user plane connection.

The first wireless communication node generates a key for the user plane connection based on the key derivation indicator; and

The wireless communication terminal establishes or updates the user plane connection based on the generated key.

22. The wireless communication method according to claim 21, further comprising:

The wireless communication terminal generates a key for the user plane connection based on at least one of the following: an uplink non-access stratum (NAS) count, a key for communication between the first wireless communication node and the wireless communication terminal, a subscription permanent identifier (SUPI), or an identifier of the second wireless communication node.

23. The wireless communication method according to any one of claims 15 to 19, further comprising:

The wireless communication terminal receives, via the first wireless communication node, a key for the user plane connection and an identifier for the key for the user plane connection from the second wireless communication node; and

The wireless communication terminal establishes or updates the user plane connection based on the received key and the key identifier.

24. The wireless communication method according to any one of claims 15 to 19, further comprising:

The wireless communication terminal receives, via the first wireless communication node, a key for the user plane connection and an identifier for the key for the user plane connection from the second wireless communication node, wherein the key for the user plane connection and the identifier for the key for the user plane connection are obtained from a management function; and

The wireless communication terminal establishes or updates the user plane connection based on the received key and the identifier of the key.

25. The wireless communication method according to any one of claims 15 to 19, further comprising:

The wireless communication terminal receives, via the first wireless communication node, an identifier for the key used for the user plane connection and an address for managing the key used for the user plane connection from the second wireless communication node;

The wireless communication terminal obtains the key for the user plane connection from the management function based on the identifier of the key and the address of the management function; and

The wireless communication terminal establishes or updates the user plane connection based on the key and the identifier of the key.

26. A wireless communication method, comprising:

A second wireless communication node sends a request message to a first wireless communication node, requesting the first wireless communication node to send security-related information to the wireless communication terminal, so as to allow the wireless communication terminal to establish or update a user plane connection between the wireless communication terminal and the second wireless communication node, wherein the user plane connection is protected based on the security-related information.

27. The wireless communication method according to claim 26, wherein the security-related information includes at least one of the following:

The key used for the user plane connection;

Identifier for the key used for the user plane connection;

28. The wireless communication method according to claim 26 or 27, further comprising:

The second wireless communication node sends user plane information to the first wireless communication node, and the user plane information instructs the wireless communication terminal to establish a user plane connection between the wireless communication terminal and the second wireless communication node based on the identifier of the wireless communication terminal.

29. The wireless communication method according to any one of claims 26 to 28, wherein the user plane connection is used for location-related services, and the location-related services include locating the wireless communication terminal.

30. The wireless communication method according to any one of claims 26 to 29, wherein the user plane information includes at least one of the following:

The identifier of the wireless communication terminal;

The identifier of the second wireless communication node;

Identifier for the key used for the user plane connection;

A request for a key used for the user plane connection;

The key used for the user plane connection; or

31. The wireless communication method according to any one of claims 26 to 30, further comprising at least one of the following operations:

The second wireless communication node receives a location management request from the first wireless communication node, the location management request including at least one of the identifiers of the wireless communication terminal or the first wireless communication node; or

The second wireless communication node sends a response to the first wireless communication node in response to a location management request, the location management request including at least one of the identifiers of the wireless communication terminal or the first wireless communication node.

32. The wireless communication method according to claim 31, wherein the location management request allows the second wireless communication node to store mapping information between the wireless communication terminal and the first wireless communication node.

33. The wireless communication method according to any one of claims 26 to 32, further comprising:

The second wireless communication node sends an identifier of a key for the user plane connection to the wireless communication terminal via the first wireless communication node, allowing the wireless communication terminal to establish or update the user plane connection based on a key shared between the second wireless communication node and the wireless communication terminal, identified by the identifier of the sent key.

34. The wireless communication method according to any one of claims 26 to 32, further comprising:

The second wireless communication node sends a request to the first wireless communication node for a key used for the user plane connection, allowing the first wireless communication node to generate a key for the user plane connection, and sends an identifier of the key and a key derivation indicator instructing the wireless communication terminal to derive a key for the user plane connection to the wireless communication terminal; and

The second wireless communication node receives from the first wireless communication node a key for the user plane connection and an identifier for the key for the user plane connection.

35. The wireless communication method according to any one of claims 26 to 32, further comprising:

The second wireless communication node sends a key for the user plane connection and an identifier of the key to the wireless communication terminal via the first wireless communication node, so that the wireless communication terminal can establish or update the user plane connection based on the key and the identifier of the key.

36. The wireless communication method according to any one of claims 26 to 32, further comprising:

The second wireless communication node obtains a key for the user plane connection and an identifier of the key from the management function based on at least one of the identifiers of the second wireless communication node or the wireless communication terminal; and

The second wireless communication node sends a key for the user plane connection and an identifier of the key for the user plane connection to the wireless communication terminal via the first wireless communication node, so that the wireless communication terminal can establish or update the user plane connection based on the key and the identifier of the key.

37. The wireless communication method according to any one of claims 26 to 32, further comprising:

The second wireless communication node sends an identifier for the key used for the user plane connection and the address of the management function for managing the key used for the user plane connection to the wireless communication terminal via the first wireless communication node, so as to allow the wireless communication terminal to obtain the key used for the user plane connection from the management function.

38. A first wireless communication node, comprising:

Communication unit; and

A processor configured to send security-related information to a wireless communication terminal via the communication unit to allow the wireless communication terminal to establish or update a user plane connection between the wireless communication terminal and a second wireless communication node, wherein the user plane connection is protected based on the security-related information.

39. The first wireless communication node according to claim 38, wherein the processor is further configured to perform the wireless communication method according to any one of claims 2 to 14.

40. A wireless communication terminal, comprising:

Communication unit; and

A processor configured to: receive security-related information from a first wireless communication node via the communication unit; and establish or update a user plane connection between the wireless communication terminal and the second wireless communication node, wherein the user plane connection is protected based on the security-related information.

41. The wireless communication terminal according to claim 40, wherein the processor is further configured to perform the wireless communication method according to any one of claims 16 to 25.

42. A second wireless communication node, comprising:

Communication unit; and

A processor configured to: send a request message to a first wireless communication node via the communication unit to request the first wireless communication node to send security-related information to a wireless communication terminal to allow the wireless communication terminal to establish or update a user plane connection between the wireless communication terminal and the second wireless communication node, wherein the user plane connection is protected based on the security-related information.

43. The second wireless communication node according to claim 42, wherein the processor is further configured to perform the wireless communication method according to any one of claims 27 to 37.

44. A computer program product comprising computer-readable program medium code stored thereon, which, when executed by a processor, causes the processor to implement the wireless communication method according to any one of claims 1 to 37.