[go: up one dir, main page]

WO2019213856A1 - Method and apparatus for configuring drb integrity protection, and computer storage medium - Google Patents

Method and apparatus for configuring drb integrity protection, and computer storage medium Download PDF

Info

Publication number
WO2019213856A1
WO2019213856A1 PCT/CN2018/086107 CN2018086107W WO2019213856A1 WO 2019213856 A1 WO2019213856 A1 WO 2019213856A1 CN 2018086107 W CN2018086107 W CN 2018086107W WO 2019213856 A1 WO2019213856 A1 WO 2019213856A1
Authority
WO
WIPO (PCT)
Prior art keywords
drb
pdu session
function
information
parameter
Prior art date
Application number
PCT/CN2018/086107
Other languages
French (fr)
Chinese (zh)
Inventor
杨宁
Original Assignee
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oppo广东移动通信有限公司 filed Critical Oppo广东移动通信有限公司
Priority to PCT/CN2018/086107 priority Critical patent/WO2019213856A1/en
Priority to CN201880082325.5A priority patent/CN111512659B/en
Publication of WO2019213856A1 publication Critical patent/WO2019213856A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management

Definitions

  • the present invention relates to the field of wireless communication technologies, and in particular, to a data bearer (DRB) integrity protection configuration method and apparatus, and a computer storage medium.
  • DRB data bearer
  • enhanced mobile broadband eMBB
  • URLLC Ultra Reliable Low Latency Communication
  • mMTC massive machine type communication
  • 5G mobile communication technology is also called Next Generation Wireless Communication Technology (NR, New Radio).
  • NR Next Generation Wireless Communication Technology
  • LTE Long Term Evolution
  • NR cells can also be deployed independently.
  • the session management function configures the security policy information of the PDU session when the protocol data unit (PDU) session is established.
  • PDU protocol data unit
  • DRB IP DRB Integrity Protection
  • DRB Integrity Protection DRB Integrity Protection
  • the SMF determines the security policy when the final PDU session is established based on subscription data from Unified Data Management (UDM) or a locally configured security policy.
  • UDM Unified Data Management
  • the next generation base station gNB, next generation NodeB determines whether to configure each DRB to use the DRB IP function according to security policy information from the Core Access and Mobility Management Function (AMF).
  • the security policy indication of the PDU session means that the gNB must configure the DRB IP function.
  • a UE capability is defined, which specifies an aggregation rate threshold of the DRB that allows all DRB IP functions that are configured to be configured to the UE (ie, cannot exceed this threshold). Therefore, the gNB needs to decide how to select the DRB to configure the DRB IP function.
  • an embodiment of the present invention provides a configuration method and device for DRB integrity protection, and a computer storage medium.
  • the base station acquires the security policy information and the priority information of the PDU session configured by the first core network element, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session, and the priority information is used to indicate the PDU.
  • the base station acquires first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
  • the base station determines whether to configure the DRB IP function according to the first UE capability information, the security policy information and the priority information of each PDU session corresponding to the terminal.
  • the determining, by the base station, whether the DRB IP function is configured, according to the first UE capability information, and the security policy information and the priority information of each PDU session corresponding to the terminal includes:
  • the first parameter is used to indicate that the DRB IP function needs to be configured.
  • the base station determines whether to configure the DRB IP function for each PDU session according to the priority information of each PDU session corresponding to the terminal.
  • the method further includes:
  • the base station For determining the first PDU session in which the DRB IP function cannot be configured, the base station sends first feedback information to the first core network network element, where the first feedback information is used to notify the first core network element The first PDU session cannot configure the DRB IP function.
  • the method further includes:
  • the base station For determining a first PDU session in which the DRB IP function cannot be configured, the base station does not configure a DRB IP function for the first PDU session;
  • the base station For determining a second PDU session capable of configuring a DRB IP function, the base station configures a DRB IP function for the second PDU session.
  • the determining, by the base station, whether the DRB IP function is configured, according to the first UE capability information, and the security policy information and the priority information of each PDU session corresponding to the terminal includes:
  • the base station Determining, by the base station, the first aggregation data rate of the QOS flow corresponding to the PDU session of the first parameter according to the security policy information of each PDU session corresponding to the terminal, where the first parameter is used to indicate the need Configure the DRB IP function.
  • the base station If the first aggregated data rate is less than or equal to the aggregated data rate capability threshold, the base station indicates that the DRB IP indication parameter is a DRB IP function for all PDU sessions of the first parameter.
  • the determining, by the base station, whether the DRB IP function is configured, according to the first UE capability information, and the security policy information and the priority information of each PDU session corresponding to the terminal includes:
  • the base station Determining, by the base station, the third PDU session in which the indication parameter of the DRB IP is the second parameter according to the security policy information of the PDU session corresponding to the terminal, where the second parameter is used to indicate that the DRB IP function is recommended to be configured;
  • the base station determines, according to the priority information of the respective third PDU session, the first UE capability information, and the local policy, Whether the DRB IP function is configured for the three PDU sessions.
  • the configuring the DRB IP function means: enabling the DRB IP function for the DRB corresponding to the PDU session.
  • the base station acquires the security policy information of the PDU session configured by the first core network element and the priority information of each QOS flow in the PDU session, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session.
  • the priority information is used to indicate the priority of the DRB IP corresponding to the QOS flow;
  • the base station acquires first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
  • the base station determines whether to configure according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session.
  • DRB IP features including:
  • the base station Determining, by the base station, the first aggregation data rate of the QOS flow corresponding to the PDU session of the first parameter according to the security policy information of each PDU session corresponding to the terminal, where the first parameter is used to indicate the need Configure the DRB IP function.
  • the base station determines, according to the priority information of each QOS flow in each PDU session corresponding to the terminal, the session of each PDU. Whether to configure the DRB IP function and/or whether to configure the DRB IP function for each of the QOS flows in the respective PDU sessions.
  • the method further includes:
  • the base station For determining a first PDU session and/or a first QOS flow in which the DRB IP function cannot be configured, the base station sends first feedback information to the first core network network element, where the first feedback information is used to A core network element notifies the first PDU session and/or the first QOS flow that the DRB IP function cannot be configured.
  • the method further includes:
  • the base station For determining a first PDU session and/or a first QOS flow in which the DRB IP function cannot be configured, the base station does not configure a DRB IP function for the first PDU session and/or the first QOS flow;
  • the base station For determining a second PDU session and/or a second QOS flow capable of configuring a DRB IP function, the base station configures a DRB IP function for the second PDU session and/or the second QOS flow.
  • the base station determines whether to configure according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session.
  • DRB IP features including:
  • the base station Determining, by the base station, the first aggregation data rate of the QOS flow corresponding to the PDU session of the first parameter according to the security policy information of each PDU session corresponding to the terminal, where the first parameter is used to indicate the need Configure the DRB IP function.
  • the base station If the first aggregated data rate is less than or equal to the aggregated data rate capability threshold, the base station indicates that the DRB IP indication parameter is a DRB IP function for all PDU sessions of the first parameter.
  • the determining, by the base station, whether the DRB IP function is configured, according to the first UE capability information, and the security policy information and the priority information of each PDU session corresponding to the terminal includes:
  • the base station Determining, by the base station, the third PDU session in which the indication parameter of the DRB IP is the second parameter according to the security policy information of the PDU session corresponding to the terminal, where the second parameter is used to indicate that the DRB IP function is recommended to be configured;
  • the base station determines, according to the priority information of each QOS flow in the respective third PDU session, the first UE capability information, and the local policy. Whether to configure a DRB IP function for each of the respective third PDU sessions and/or each of the respective third PDU sessions.
  • the configuring the DRB IP function refers to: enabling the DRB IP function for the DRB corresponding to the PDU session and/or the QOS flow.
  • the PDU session also has priority information. For two PDU sessions with different priorities, all QOS flows of the PDU session with higher priority have higher priority than the lower priority. The priority of all QOS flows for a PDU session.
  • a first acquiring unit configured to obtain security policy information and priority information of a PDU session configured by the first core network element, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session, and the priority information is a priority for indicating a DRB IP corresponding to the PDU session;
  • a second acquiring unit configured to acquire first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
  • a configuration unit configured to determine whether to configure the DRB IP function according to the first UE capability information, the security policy information and the priority information of each PDU session corresponding to the terminal.
  • the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregate data rate of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter.
  • the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is greater than the aggregate data rate capability threshold, the base station according to the priority of each PDU session corresponding to the terminal Information, determining whether a DRB IP function is configured for the respective PDU session.
  • the device further includes:
  • a feedback unit configured to send first feedback information to the first core network element for determining a first PDU session in which the DRB IP function cannot be configured, where the first feedback information is used to send to the first core network element Notifying the first PDU session that the DRB IP function cannot be configured.
  • the configuration unit is configured to: configure a DRB IP function for the first PDU session for determining a first PDU session in which the DRB IP function cannot be configured; and determine a second PDU that can configure the DRB IP function. A session, configuring a DRB IP function for the second PDU session.
  • the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregate data rate of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter.
  • the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is less than or equal to the aggregate data rate capability threshold, the indication parameter of the DRB IP is the first parameter.
  • the DRB IP function is configured for all PDU sessions.
  • the configuration unit is configured to determine, according to security policy information of each PDU session corresponding to the terminal, a third PDU session in which the indication parameter of the DRB IP is the second parameter, where the second parameter is used. Instructing to configure the DRB IP function; for the third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station according to the priority information of the respective third PDU session, the first UE capability information, and the local policy Determining whether a DRB IP function is configured for each of the third PDU sessions.
  • the configuring the DRB IP function means: enabling the DRB IP function for the DRB corresponding to the PDU session.
  • a first acquiring unit configured to acquire security policy information of a PDU session configured by the first core network element and priority information of each QOS flow in the PDU session, where the security policy information includes a DRB corresponding to the PDU session An indication parameter of the IP, where the priority information is used to indicate a priority of a DRB IP corresponding to the QOS flow;
  • a second acquiring unit configured to acquire first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
  • a configuration unit configured to determine whether to configure the DRB IP function according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session.
  • the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregate data rate of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter.
  • the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is greater than the aggregate data rate capability threshold, each QOS flow in each PDU session corresponding to the terminal is used.
  • the priority information determines whether the DRB IP function is configured for the respective PDU session and/or whether the DRB IP function is configured for each QOS flow in the respective PDU session.
  • the device further includes:
  • a feedback unit configured to send first feedback information to the first core network element for determining a first PDU session and/or a first QOS flow that cannot configure the DRB IP function, where the first feedback information is used by the The first core network element notifies the first PDU session and/or the first QOS flow cannot configure the DRB IP function.
  • the configuration unit is configured to not configure the DRB for the first PDU session and/or the first QOS flow for determining a first PDU session and/or a first QOS flow that cannot configure the DRB IP function.
  • IP function for determining a second PDU session and/or a second QOS flow capable of configuring a DRB IP function, configuring a DRB IP function for the second PDU session and/or the second QOS flow.
  • the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregate data rate of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter.
  • the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is less than or equal to the aggregate data rate capability threshold, the indication parameter of the DRB IP is the first parameter.
  • the DRB IP function is configured for all PDU sessions.
  • the configuration unit is configured to determine, according to security policy information of each PDU session corresponding to the terminal, a third PDU session in which the indication parameter of the DRB IP is the second parameter, where the second parameter is used. Instructing to configure the DRB IP function; for the third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station according to the priority information of each QOS flow in the respective third PDU session, the first UE The capability information and the local policy determine whether a DRB IP function is configured for each of the respective third PDU sessions and/or each of the respective third PDU sessions.
  • the configuring the DRB IP function refers to: enabling the DRB IP function for the DRB corresponding to the PDU session and/or the QOS flow.
  • the PDU session also has priority information. For two PDU sessions with different priorities, all QOS flows of the PDU session with higher priority have higher priority than the lower priority. The priority of all QOS flows of the PDU session.
  • the computer storage medium provided by the embodiment of the present invention has stored thereon computer executable instructions, and the computer executable instructions are implemented by the processor to implement the DRB integrity protection configuration method.
  • the base station acquires the security policy information and the priority information of the PDU session configured by the network element of the first core network, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session.
  • the priority information is used to indicate the priority of the DRB IP corresponding to the PDU session;
  • the base station acquires the first UE capability information of the terminal, and the first UE capability information includes an aggregation of the DRB IP required by the terminal.
  • the data rate capability threshold is determined by the base station according to the first UE capability information, the security policy information and the priority information of each PDU session corresponding to the terminal, and whether the DRB IP function is configured.
  • the base station acquires the security policy information of the PDU session configured by the first core network element and the priority information of each QOS flow in the PDU session, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session.
  • the priority information is used to indicate the priority of the DRB IP corresponding to the QOS flow;
  • the base station acquires the first UE capability information of the terminal, where the first UE capability information includes the aggregated data about the DRB IP required by the terminal. a rate capability threshold; the base station determines whether to configure according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session.
  • DRB IP function is used to indicate the priority of the DRB IP corresponding to the QOS flow.
  • the first core network element (such as SMF) configures the DRB IP priority of the PDU session granularity or the DRB IP priority of the QOS flow granularity, so that the base station (such as gNB) can be based on the first core network.
  • These configuration decisions of the network element determine how to configure the DRB IP function for the PDU session and/or the QOS flow (corresponding DRB), so that the base station can more rationally decide and select the DRB to configure the DRB IP function.
  • Figure 1 is a flow chart of the existing DRB integrity protection
  • FIG. 2 is a schematic flowchart 1 of a method for configuring DRB integrity protection according to an embodiment of the present invention
  • FIG. 5 is a second schematic flowchart of a method for configuring DRB integrity protection according to an embodiment of the present invention.
  • FIG. 8 is a schematic diagram showing the result composition of a DRB integrity protection configuration apparatus according to an embodiment of the present invention.
  • FIG. 9 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
  • the technical solution of the embodiment of the present invention is mainly applied to a 5G mobile communication system.
  • the technical solution of the embodiment of the present invention is not limited to the 5G mobile communication system, and can also be applied to other types of mobile communication systems.
  • eMBB aims at users to obtain multimedia content, services and data, and its business needs are growing rapidly. Because eMBB may be deployed in different scenarios, such as indoors, urban areas, and rural areas, the difference in service capabilities and requirements is relatively large. Therefore, services must be analyzed in combination with specific deployment scenarios.
  • URLLC scenario Typical applications for URLLC include: industrial automation, power automation, telemedicine operations, traffic security, and more.
  • Typical characteristics of URLLC include: high connection density, small data volume, delay-insensitive service, low cost and long service life of the module.
  • the network side and the terminal side are required to negotiate the size of the MAC-I.
  • FIG. 2 is a schematic flowchart 1 of a method for configuring DRB integrity protection according to an embodiment of the present invention. As shown in FIG. 2, the method for configuring DRB integrity protection includes the following steps:
  • Step 201 The base station acquires the security policy information and the priority information of the PDU session configured by the network element of the first core network, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session, where the priority information is used to indicate The priority of the DRB IP corresponding to the PDU session.
  • the technical solution of the embodiment of the present invention may be applied to, but not limited to, a 5G system.
  • the technical solution of the embodiment of the present invention is applied to a 5G system, where the base station refers to a gNB, and the first core network element refers to an SMF.
  • the second core network element referred to below refers to the AMF.
  • the first core network element when the PDU session is established, the first core network element (such as the SMF) configures the security policy information and the priority information corresponding to the PDU session, where the security policy information includes the PDU session.
  • the indication parameters of the DRB IP corresponding to the PDU session are classified into the following three types:
  • the first parameter (required): the first parameter is used to indicate that the DRB IP function needs to be configured.
  • the second parameter (preferred): the second parameter is used to indicate a recommended configuration of the DRB IP function.
  • the third parameter is used to indicate that the DRB IP function does not need to be configured.
  • the indication parameter of the DRB IP in the security policy information is for the PDU session, for example, the PDU session 1 corresponds to the first parameter, the PDU session 2 corresponds to the second parameter, the PDU session 3 corresponds to the first parameter, and the like.
  • the priority of the DRB IP in the priority information is for the session, for example, the PDU session 1 corresponds to the first priority, the PDU session 2 corresponds to the second priority, the PDU session 3 corresponds to the third priority, and so on.
  • Step 202 The base station acquires first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal.
  • the aggregated data rate of the DRBs that are allowed to be configured to all the DRB IP functions of the terminal needs to be less than or equal to the aggregated data rate capability threshold in the first UE capability information.
  • Step 203 The base station determines whether to configure the DRB IP function according to the first UE capability information, the security policy information and the priority information of each PDU session corresponding to the terminal.
  • determining whether to configure the DRB IP function needs to be combined with the security policy information of each PDU session, and is roughly classified into the following scenarios:
  • Scenario 1 The base station determines, according to the security policy information of each PDU session corresponding to the terminal, the first aggregate data rate of the QOS flow corresponding to the PDU session of the first parameter, where the indication parameter of the DRB IP is the first parameter. Indicates that the DRB IP function needs to be configured. 1) If the first aggregated data rate is greater than the aggregated data rate capability threshold, the base station determines whether to configure the DRB IP for each PDU session according to the priority information of each PDU session corresponding to the terminal. Features. 2) If the first aggregated data rate is less than or equal to the aggregated data rate capability threshold, the base station configures a DRB IP function for all PDU sessions of the first parameter for the indication parameter of the DRB IP.
  • the base station for determining a first PDU session in which the DRB IP function cannot be configured, the base station does not configure a DRB IP function for the first PDU session; and for determining a second PDU session capable of configuring a DRB IP function, the base station The DRB IP function is configured for the second PDU session. Further, for determining a first PDU session in which the DRB IP function cannot be configured, the base station sends first feedback information to the first core network network element, where the first feedback information is used to the first core network element Notifying the first PDU session that the DRB IP function cannot be configured.
  • Scenario 2 The base station determines, according to the security policy information of each PDU session corresponding to the terminal, that the indication parameter of the DRB IP is the third PDU session of the second parameter, and the second parameter is used to indicate that the DRB IP function is recommended to be configured. For each third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station determines, according to the priority information of the respective third PDU session, the first UE capability information, and the local policy, Whether the DRB IP function is configured for the three PDU sessions.
  • Scenario 3 The base station determines, according to the security policy information of each PDU session corresponding to the terminal, that the indication parameter of the DRB IP is the third parameter PDU session, and the third parameter is used to indicate that the DRB IP function is not required to be configured;
  • the indication parameter of the DRB IP is a fourth PDU session of the third parameter, and the base station does not configure the DRB IP function for the fourth PDU session.
  • the configuration of the DRB IP function involved in the foregoing embodiment of the present invention means that the DRB is enabled for the DRB corresponding to the PDU session.
  • the foregoing needs to be combined with the priority of the PDU session to determine whether to configure the DRB IP function, if the aggregated data rate capability threshold value defined by the first UE capability information is met, the priority is higher.
  • the PDU session is configured with the DRB IP function.
  • FIG. 3 is a flowchart of DRB integrity protection according to application example 1 of the embodiment of the present invention
  • FIG. 4 is a schematic diagram of each protocol stack of application example 1, as shown in FIG. 3 and FIG.
  • the priority information of the PDU session is also configured, and the priority information indicates that the PDU session is configured with the priority of the DRB IP.
  • the gNB obtains the aggregated data rate capability threshold of the UE about the DRB IP, and the information may be reported from the UE or from the AMF.
  • the gNB decides whether to configure the DRB IP function according to the limitation of the aggregated data rate capability threshold of the DRB IP and the priority information of the PDU session of each DRB IP. specifically,
  • the gNB determines whether to configure the DRB IP according to the DRB IP priority of the PDU session.
  • the gNB can directly reject the SMF or the gNB to determine the corresponding DRB without the DRB IP function.
  • the gNB configures all the security policy indication parameters as “required”.
  • the DRB corresponding to the PDU session enables the DRB IP function.
  • the gNB determines whether to configure the DRB corresponding to the PDU session according to the aggregated data rate capability threshold, the DRB IP priority of the PDU session, and the local policy.
  • the DRB IP function is preferentially configured for the PDU session with higher priority.
  • FIG. 5 is a schematic flowchart 2 of a method for configuring DRB integrity protection according to an embodiment of the present invention. As shown in FIG. 5, the DRB integrity protection configuration method includes the following steps:
  • Step 501 The base station acquires the security policy information of the PDU session configured by the first core network element and the priority information of each QOS flow in the PDU session, where the security policy information includes an indication of the DRB IP corresponding to the PDU session. And the priority information is used to indicate a priority of the DRB IP corresponding to the QOS flow.
  • the technical solution of the embodiment of the present invention may be applied to, but not limited to, a 5G system.
  • the technical solution of the embodiment of the present invention is applied to a 5G system, where the base station refers to a gNB, and the first core network element refers to an SMF.
  • the second core network element referred to below refers to the AMF.
  • the first core network element configures the security policy information corresponding to the PDU session and the priority information of each QOS flow in the PDU session, where the The security policy information includes an indication parameter of the DRB IP corresponding to the PDU session, and the priority information is used to indicate a priority of the DRB IP corresponding to the QOS flow.
  • the indication parameters of the DRB IP corresponding to the PDU session are classified into the following three types:
  • the first parameter (required): the first parameter is used to indicate that the DRB IP function needs to be configured.
  • the second parameter (preferred): the second parameter is used to indicate a recommended configuration of the DRB IP function.
  • the third parameter is used to indicate that the DRB IP function does not need to be configured.
  • the indication parameter of the DRB IP in the security policy information is for the PDU session, for example, the PDU session 1 corresponds to the first parameter, the PDU session 2 corresponds to the second parameter, the PDU session 3 corresponds to the first parameter, and the like.
  • the priority of the DRB IP in the priority information is for the QOS flow, for example, the QOS flow 1 corresponds to the first priority, the QOS flow 2 corresponds to the second priority, the QOS flow 3 corresponds to the third priority, etc. .
  • the PDU session also has priority information. For two PDU sessions with different priorities, all QOS flows of the PDU session with higher priority have higher priority than all PDU sessions with lower priority. The priority of the QOS stream.
  • Step 502 The base station acquires the first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal.
  • the aggregated data rate of the DRBs that are allowed to be configured to all the DRB IP functions of the terminal needs to be less than or equal to the aggregated data rate capability threshold in the first UE capability information.
  • Step 503 The base station determines whether to configure the DRB IP function according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session. .
  • determining whether to configure the DRB IP function needs to be combined with the security policy information of each PDU session, and is roughly classified into the following scenarios:
  • Scenario 1 The base station determines, according to the security policy information of each PDU session corresponding to the terminal, the first aggregate data rate of the QOS flow corresponding to the PDU session of the first parameter, where the indication parameter of the DRB IP is the first parameter. Indicates that the DRB IP function needs to be configured. 1) If the first aggregated data rate is greater than the aggregated data rate capability threshold, the base station determines, according to the priority information of each QOS flow in each PDU session corresponding to the terminal, Whether the PDU session configures the DRB IP function and/or whether the DRB IP function is configured for each of the QOS flows in the respective PDU session. 2) If the first aggregated data rate is less than or equal to the aggregated data rate capability threshold, the base station configures a DRB IP function for all PDU sessions of the first parameter for the indication parameter of the DRB IP.
  • the base station for determining a first PDU session and/or a first QOS flow in which the DRB IP function cannot be configured, the base station does not configure the DRB IP function for the first PDU session and/or the first QOS flow; A second PDU session and/or a second QOS flow of the DRB IP function can be configured, the base station configuring a DRB IP function for the second PDU session and/or the second QOS flow. Further, for determining the first PDU session and/or the first QOS flow that cannot configure the DRB IP function, the base station sends first feedback information to the first core network element, where the first feedback information is used for The first core network element notifies the first PDU session and/or the first QOS flow cannot configure the DRB IP function.
  • Scenario 2 The base station determines, according to the security policy information of each PDU session corresponding to the terminal, that the indication parameter of the DRB IP is the third PDU session of the second parameter, and the second parameter is used to indicate that the DRB IP function is recommended to be configured. For each third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station determines, according to the priority information of each QOS flow in the respective third PDU session, the first UE capability information, and the local policy. Whether to configure a DRB IP function for each of the respective third PDU sessions and/or each of the respective third PDU sessions.
  • Scenario 3 The base station determines, according to the security policy information of each PDU session corresponding to the terminal, that the indication parameter of the DRB IP is the third parameter PDU session, and the third parameter is used to indicate that the DRB IP function is not required to be configured;
  • the indication parameter of the DRB IP is a fourth PDU session of the third parameter, and the base station does not configure the DRB IP function for the fourth PDU session.
  • the configuration of the DRB IP function involved in the foregoing embodiment of the present invention means that the DRB-enabled DRB IP function corresponding to the PDU session and/or the QOS flow is enabled.
  • the priority is higher under the condition that the aggregated data rate capability threshold value defined by the first UE capability information is met.
  • the QOS stream is configured with the DRB IP function.
  • FIG. 6 is a flowchart of DRB integrity protection according to application example 2 of the embodiment of the present invention
  • FIG. 7 is a schematic diagram of each protocol stack of application example 2, as shown in FIG. 6 and FIG.
  • the SMF configures the PDU session information to the gNB
  • the priority information of each QoS flow in the PDU session is also configured, and the priority information indicates that the QoS flow is configured with the priority of the DRB IP.
  • the gNB obtains the aggregated data rate capability threshold of the UE about the DRB IP, and the information may be reported from the UE or from the AMF.
  • the gNB determines whether to configure the DRB IP function according to the limitation of the aggregated data rate capability threshold of the DRB IP and the priority information of each QoS flow of each PDU session. specifically,
  • the gNB decides according to the DRB IP priority of each QOS flow of the PDU session. Whether to configure the DRB IP function. For a PDU session and/or Qos flow that cannot be configured with the DRB IP function, the gNB can directly reject the SMF or the gNB to determine the corresponding DRB without the DRB IP function.
  • the gNB configures all the security policy indication parameters as “required”.
  • the DRB corresponding to the PDU session enables the DRB IP function.
  • the gNB determines whether the DRB corresponding to the QoS session of the PDU session is configured to enable the DRB IP according to the DRB IP precedence and the local policy of each QOS flow in the PDU session.
  • FIG. 8 is a schematic diagram showing the result composition of a DRB integrity protection configuration apparatus according to an embodiment of the present invention.
  • the apparatus comprises:
  • the first obtaining unit 801 is configured to obtain the security policy information and the priority information of the PDU session configured by the first core network element, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session, where the priority is The information is used to indicate a priority of the DRB IP corresponding to the PDU session;
  • a second acquiring unit 802 configured to acquire first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
  • the configuration unit 803 is configured to determine whether to configure the DRB IP function according to the first UE capability information, the security policy information and the priority information of each PDU session corresponding to the terminal.
  • the configuration unit 803 is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, the first aggregate data of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter. Rate, the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is greater than the aggregate data rate capability threshold, the base station according to the priority of each PDU session corresponding to the terminal Level information, determining whether a DRB IP function is configured for the respective PDU session.
  • the device further includes:
  • the feedback unit 804 is configured to send first feedback information to the first core network element for determining a first PDU session in which the DRB IP function cannot be configured, where the first feedback information is used to the first core network The element notifies that the first PDU session cannot configure the DRB IP function.
  • the configuration unit 803 is configured to: not configure a DRB IP function for the first PDU session for determining a first PDU session in which the DRB IP function cannot be configured; and determine a second function capable of configuring the DRB IP function. A PDU session, configuring a DRB IP function for the second PDU session.
  • the configuration unit 803 is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, the first aggregate data of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter. Rate, the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is less than or equal to the aggregate data rate capability threshold, the indication parameter for the DRB IP is the first parameter All PDU sessions are configured with the DRB IP feature.
  • the configuration unit 803 is configured to determine, according to security policy information of each PDU session corresponding to the terminal, a third PDU session in which the indication parameter of the DRB IP is the second parameter, where the second parameter is used. Demonstrating the recommendation to configure the DRB IP function; for the third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station according to the priority information of the respective third PDU session, the first UE capability information, and the local A policy determines whether a DRB IP function is configured for each of the third PDU sessions.
  • the configuring the DRB IP function means: enabling the DRB IP function for the DRB corresponding to the PDU session.
  • the apparatus includes:
  • the first obtaining unit 801 is configured to obtain security policy information of a PDU session configured by the first core network element and priority information of each QOS flow in the PDU session, where the security policy information includes a corresponding PDU session.
  • a second acquiring unit 802 configured to acquire first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
  • the configuration unit 803 is configured to determine whether to configure the DRB IP function according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session. .
  • the configuration unit 803 is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, the first aggregate data of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter.
  • the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is greater than the aggregate data rate capability threshold, each QOS in each PDU session corresponding to the terminal is used.
  • the priority information of the flow determines whether the DRB IP function is configured for the respective PDU session and/or whether the DRB IP function is configured for each QOS flow in the respective PDU session.
  • the device further includes:
  • the feedback unit 804 is configured to send first feedback information to the first core network element for determining a first PDU session and/or a first QOS flow that cannot configure the DRB IP function, where the first feedback information is used to The first core network element notifies the first PDU session and/or the first QOS flow cannot configure the DRB IP function.
  • the configuration unit 803 is configured to: configure, for the first PDU session and/or the first QOS flow, that the DRB IP function cannot be configured, and configure the first PDU session and/or the first QOS flow.
  • the DRB IP function for determining a second PDU session and/or a second QOS flow capable of configuring a DRB IP function, configuring a DRB IP function for the second PDU session and/or the second QOS flow.
  • the configuration unit 803 is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, the first aggregate data of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter. Rate, the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is less than or equal to the aggregate data rate capability threshold, the indication parameter for the DRB IP is the first parameter All PDU sessions are configured with the DRB IP feature.
  • the configuration unit 803 is configured to determine, according to security policy information of each PDU session corresponding to the terminal, a third PDU session in which the indication parameter of the DRB IP is the second parameter, where the second parameter is used. Demonstrating the recommendation to configure the DRB IP function; for the third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station according to the priority information of each QOS flow in the respective third PDU session, the first The UE capability information and the local policy determine whether a DRB IP function is configured for each of the respective third PDU sessions and/or each of the respective third PDU sessions.
  • the configuring the DRB IP function refers to: enabling the DRB IP function for the DRB corresponding to the PDU session and/or the QOS flow.
  • the PDU session also has priority information. For two PDU sessions with different priorities, all QOS flows of the PDU session with higher priority have higher priority than the lower priority. The priority of all QOS flows of the PDU session.
  • the implementation functions of the units in the DRB integrity protection configuration apparatus shown in FIG. 8 can be understood by referring to the related description of the foregoing DRB integrity protection configuration method.
  • the functions of the units in the DRB integrity protection configuration apparatus shown in FIG. 8 can be implemented by a program running on the processor, or can be realized by a specific logic circuit.
  • the DRB integrity protection configuration device may be stored in a computer readable storage medium if it is implemented in the form of a software function module and sold or used as a standalone product. Based on such understanding, the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium, including a plurality of instructions.
  • a computer device (which may be a personal computer, server, or network device, etc.) is caused to perform all or part of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes various media that can store program codes, such as a USB flash drive, a mobile hard disk, a read only memory (ROM), a magnetic disk, or an optical disk.
  • program codes such as a USB flash drive, a mobile hard disk, a read only memory (ROM), a magnetic disk, or an optical disk.
  • the embodiment of the present invention further provides a computer storage medium, wherein the computer executable instructions are stored, and the computer executable instructions are executed by the processor to implement the DRB integrity protection configuration method of the embodiment of the present invention.
  • FIG. 9 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
  • the computer device may be a terminal or a network device.
  • computer device 100 may include one or more (only one shown) processor 1002 (processor 1002 may include, but is not limited to, a Micro Controller Unit (MCU) or a programmable logic device.
  • a processing device such as an FPGA (Field Programmable Gate Array), a memory 1004 for storing data, and a transmission device 1006 for a communication function.
  • FPGA Field Programmable Gate Array
  • FIG. 9 is merely illustrative and does not limit the structure of the above electronic device.
  • computer device 100 may also include more or fewer components than shown in FIG. 9, or have a different configuration than that shown in FIG.
  • the memory 1004 can be used to store software programs and modules of application software, such as program instructions/modules corresponding to the method in the embodiment of the present invention, and the processor 1002 executes various functional applications by running software programs and modules stored in the memory 1004. And data processing, that is, to achieve the above method.
  • Memory 1004 can include high speed random access memory, and can also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory.
  • memory 1004 can further include memory remotely located relative to processor 1002, which can be connected to computer device 100 over a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.
  • Transmission device 1006 is for receiving or transmitting data via a network.
  • the network specific examples described above may include a wireless network provided by a communication provider of computer device 100.
  • the transmission device 1006 includes a Network Interface Controller (NIC) that can be connected to other network devices through a base station to communicate with the Internet.
  • the transmission device 1006 can be a radio frequency (RF) module for communicating with the Internet wirelessly.
  • NIC Network Interface Controller
  • RF radio frequency
  • the disclosed method and smart device may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner such as: multiple units or components may be combined, or Can be integrated into another system, or some features can be ignored or not executed.
  • the coupling, or direct coupling, or communication connection of the components shown or discussed may be indirect coupling or communication connection through some interfaces, devices or units, and may be electrical, mechanical or other forms. of.
  • the units described above as separate components may or may not be physically separated, and the components displayed as the unit may or may not be physical units, that is, may be located in one place or distributed to multiple network units; Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one second processing unit, or each unit may be separately used as one unit, or two or more units may be integrated into one unit;
  • the above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed is a method and an apparatus for configuring DRB integrity protection, and a computer storage medium. The method comprises: a base station acquiring security policy information and priority information of a PDU session configured by a network element of a first core network, the security policy information comprising an indication parameter of a DRB IP corresponding to the PDU session, the priority information being used to indicate a priority of the DRB IP corresponding to the PDU session; the base station acquiring first UE capability information of a terminal, the first UE capability information comprising an aggregated data rate capability threshold value regarding the DRB IP requested by the terminal; and the base station determining, according to the first UE capability information, the security policy information and priority information of each PDU session corresponding to the terminal, whether to configure a DRB IP function.

Description

DRB完整性保护的配置方法及装置、计算机存储介质DRB integrity protection configuration method and device, computer storage medium 技术领域Technical field
本发明涉及无线通信技术领域,尤其涉及一种数据承载(DRB,Data Resource Bearer)完整性保护的配置方法及装置、计算机存储介质。The present invention relates to the field of wireless communication technologies, and in particular, to a data bearer (DRB) integrity protection configuration method and apparatus, and a computer storage medium.
背景技术Background technique
为了满足人们对业务的速率、延迟、高速移动性、能效的追求,以及未来生活中业务的多样性、复杂性,第三代合作伙伴计划(3GPP,3rd Generation Partnership Project)国际标准组织开始研发第五代(5G,5 th Generation)移动通信技术。 In order to meet people's pursuit of business speed, delay, high-speed mobility, energy efficiency, and the diversity and complexity of business in the future, the 3rd Generation Partnership Project (3GPP) International Standards Organization began to develop Five (5G, 5 th Generation) mobile communication technology.
5G移动通信技术的主要应用场景为:增强型移动宽带(eMBB,Enhance Mobile Broadband)、低时延高可靠通信(URLLC,Ultra Reliable Low Latency Communication)、大规模机器类通信(mMTC,massive Machine Type Communication)。The main application scenarios of 5G mobile communication technologies are: enhanced mobile broadband (eMBB), low latency and high reliability communication (URLLC, Ultra Reliable Low Latency Communication), and large-scale machine type communication (mMTC, massive machine type communication). ).
5G移动通信技术也称为新一代无线通信技术(NR,New Radio),在NR早期部署时,完整的NR覆盖很难达到,所以典型的网络覆盖是长期演进(LTE,Long Term Evolution)覆盖和NR覆盖的结合。此外,为了保护移动运营商前期在LTE上的投资,提出了LTE和NR之间的紧耦合(tight interworking)工作模式。此外,NR小区也可以独立部署。5G mobile communication technology is also called Next Generation Wireless Communication Technology (NR, New Radio). When NR was deployed early, complete NR coverage is difficult to achieve, so the typical network coverage is Long Term Evolution (LTE) coverage and Combination of NR coverage. In addition, in order to protect the mobile operator's previous investment in LTE, a tight interworking mode between LTE and NR is proposed. In addition, NR cells can also be deployed independently.
在LTE中,对于DRB没有完整性保护的需求,但是,在NR中增加了对于DRB进行完整性保护的需求,为此每个分组数据汇聚协议(PDCP,Packet Data Convergence Protocol)服务数据单元(SDU,Service Data Unit)都要额外携带一个用于完整性保护校验的完整性保护校验码(MAC-I)。In LTE, there is no need for integrity protection for the DRB, but the need for integrity protection for the DRB is added to the NR, for which each Packet Data Convergence Protocol (PDCP) service data unit (SDU) , Service Data Unit) must carry an integrity protection check code (MAC-I) for integrity protection check.
如图1所示,会话管理功能(SMF,Session Management Function)会在协议数据单元(PDU,Protocol Data Unit)会话(session)建立时配置该PDU session的安全策略信息,该信息指示了当前PDU session的DRB完整性保护(DRB IP,DRB Integrity Protection)需求是{required,preferred,not needed}。SMF基于来自统一数据管理(UDM,Unified Data Management)的签约数据或者本地配置的安全策略来决定最终PDU session建立时的安全策略。下一代基站(gNB,next generation NodeB)根据来自核心接入和移动性管(AMF,Core Access and Mobility Management Function)的安全策略信息,决定配置每个DRB是否使用DRB IP功能。这里,PDU session的安全策略指示为需要(required)则意味着gNB必须配置DRB IP功能,建议(preferred)意味着SMF倾向配置DRB IP功能但是取决于gNB,不需要(not needed)意味着不需要配置DRB IP功能。同时为了保证UE的性能,定义了一个UE能力,该UE能力规定了允许配置给UE的所有DRB IP功能的DRB的聚合速率门限值(即不能超过这个门限)。所以gNB需要判决如何选择DRB来进行DRB IP功能的配置。As shown in Figure 1, the session management function (SMF) configures the security policy information of the PDU session when the protocol data unit (PDU) session is established. This information indicates the current PDU session. The requirements for DRB Integrity Protection (DRB IP, DRB Integrity Protection) are {required, preferred, not needed}. The SMF determines the security policy when the final PDU session is established based on subscription data from Unified Data Management (UDM) or a locally configured security policy. The next generation base station (gNB, next generation NodeB) determines whether to configure each DRB to use the DRB IP function according to security policy information from the Core Access and Mobility Management Function (AMF). Here, the security policy indication of the PDU session means that the gNB must configure the DRB IP function. The preferred means that the SMF tends to configure the DRB IP function but depends on the gNB. Not needed means no need Configure the DRB IP function. At the same time, in order to ensure the performance of the UE, a UE capability is defined, which specifies an aggregation rate threshold of the DRB that allows all DRB IP functions that are configured to be configured to the UE (ie, cannot exceed this threshold). Therefore, the gNB needs to decide how to select the DRB to configure the DRB IP function.
发明内容Summary of the invention
为解决上述技术问题,本发明实施例提供了一种DRB完整性保护的配置方法及装置、计算机存储介质。To solve the above technical problem, an embodiment of the present invention provides a configuration method and device for DRB integrity protection, and a computer storage medium.
本发明实施例提供的DRB完整性保护的配置方法,包括:The configuration method of the DRB integrity protection provided by the embodiment of the present invention includes:
基站获取第一核心网网元配置的PDU会话的安全策略信息和优先级信息,所述安全策略信息包括所述PDU会话对应的DRB IP的指示参数,所述优先级信息用于指示所述PDU会话对应的DRB IP的优先级;The base station acquires the security policy information and the priority information of the PDU session configured by the first core network element, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session, and the priority information is used to indicate the PDU. The priority of the DRB IP corresponding to the session;
所述基站获取终端的第一UE能力信息,所述第一UE能力信息包括所述终端要求的关于DRB IP的聚合数据速率能力门限值;The base station acquires first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
所述基站根据所述第一UE能力信息、所述终端对应的各个PDU会话的安全策略信息和优先级信息,确定是否配置DRB IP功能。The base station determines whether to configure the DRB IP function according to the first UE capability information, the security policy information and the priority information of each PDU session corresponding to the terminal.
在一实施方式中,所述基站根据所述第一UE能力信息、以及所述终端对应的各个PDU会话的安全策略信息和优先级信息,确定是否配置DRB IP功能,包括:In an embodiment, the determining, by the base station, whether the DRB IP function is configured, according to the first UE capability information, and the security policy information and the priority information of each PDU session corresponding to the terminal, includes:
所述基站根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的服务质量(QOS Quality Of Service)流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能;Determining, by the base station, the first aggregated data rate of the quality of service (QOS Quality Of Service) flow corresponding to the PDU session of the first parameter, according to the security policy information of each PDU session corresponding to the terminal, The first parameter is used to indicate that the DRB IP function needs to be configured.
如果所述第一聚合数据速率大于所述聚合数据速率能力门限值,则所述基站根据所述终端对应的各个PDU会话的优先级信息,确定对所述各个PDU会话是否配置DRB IP功能。If the first aggregated data rate is greater than the aggregated data rate capability threshold, the base station determines whether to configure the DRB IP function for each PDU session according to the priority information of each PDU session corresponding to the terminal.
在一实施方式中,所述方法还包括:In an embodiment, the method further includes:
对于确定不能配置DRB IP功能的第一PDU会话,所述基站向所述第一核心网网元发送第一反馈信息,所述第一反馈信息用于向所述第一核心网网元通知所述第一PDU会话不能配置DRB IP功能。For determining the first PDU session in which the DRB IP function cannot be configured, the base station sends first feedback information to the first core network network element, where the first feedback information is used to notify the first core network element The first PDU session cannot configure the DRB IP function.
在一实施方式中,所述方法还包括:In an embodiment, the method further includes:
对于确定不能配置DRB IP功能的第一PDU会话,所述基站对所述第一PDU会话不配置DRB IP功能;For determining a first PDU session in which the DRB IP function cannot be configured, the base station does not configure a DRB IP function for the first PDU session;
对于确定能够配置DRB IP功能的第二PDU会话,所述基站对所述第二PDU会话配置DRB IP功能。For determining a second PDU session capable of configuring a DRB IP function, the base station configures a DRB IP function for the second PDU session.
在一实施方式中,所述基站根据所述第一UE能力信息、以及所述终端对应的各个PDU会话的安全策略信息和优先级信息,确定是否配置DRB IP功能,包括:In an embodiment, the determining, by the base station, whether the DRB IP function is configured, according to the first UE capability information, and the security policy information and the priority information of each PDU session corresponding to the terminal, includes:
所述基站根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能;Determining, by the base station, the first aggregation data rate of the QOS flow corresponding to the PDU session of the first parameter according to the security policy information of each PDU session corresponding to the terminal, where the first parameter is used to indicate the need Configure the DRB IP function.
如果所述第一聚合数据速率小于或等于所述聚合数据速率能力门限值,则所述基站对DRB IP的指示参数为所述第一参数的全部PDU会话配置DRB IP功能。If the first aggregated data rate is less than or equal to the aggregated data rate capability threshold, the base station indicates that the DRB IP indication parameter is a DRB IP function for all PDU sessions of the first parameter.
在一实施方式中,所述基站根据所述第一UE能力信息、以及所述终端对应的各个PDU会话的安全策略信息和优先级信息,确定是否配置DRB IP功能,包括:In an embodiment, the determining, by the base station, whether the DRB IP function is configured, according to the first UE capability information, and the security policy information and the priority information of each PDU session corresponding to the terminal, includes:
所述基站根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第二参数的第三PDU会话,所述第二参数用于指示建议配置DRB IP功能;Determining, by the base station, the third PDU session in which the indication parameter of the DRB IP is the second parameter according to the security policy information of the PDU session corresponding to the terminal, where the second parameter is used to indicate that the DRB IP function is recommended to be configured;
对于DRB IP的指示参数为第二参数的各个第三PDU会话,所述基站根据所述各个第三PDU会话的优先级信息、所述第一UE能力信息以及本地策略,确定对所述各个第三PDU会话是否配置DRB IP功能。For each third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station determines, according to the priority information of the respective third PDU session, the first UE capability information, and the local policy, Whether the DRB IP function is configured for the three PDU sessions.
在一实施方式中,所述配置DRB IP功能是指:对PDU会话对应的DRB使能DRB IP功能。In an embodiment, the configuring the DRB IP function means: enabling the DRB IP function for the DRB corresponding to the PDU session.
本发明实施例提供的DRB完整性保护的配置方法,包括:The configuration method of the DRB integrity protection provided by the embodiment of the present invention includes:
基站获取第一核心网网元配置的PDU会话的安全策略信息和所述PDU会话中每个QOS流的优先级信息,所述安全策略信息包括所述PDU会话对应的DRB IP的指示参 数,所述优先级信息用于指示QOS流对应的DRB IP的优先级;The base station acquires the security policy information of the PDU session configured by the first core network element and the priority information of each QOS flow in the PDU session, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session. The priority information is used to indicate the priority of the DRB IP corresponding to the QOS flow;
所述基站获取终端的第一UE能力信息,所述第一UE能力信息包括所述终端要求的关于DRB IP的聚合数据速率能力门限值;The base station acquires first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
所述基站根据所述第一UE能力信息、所述终端对应的各个PDU会话的安全策略信息和所述各个PDU会话中的每个QOS流的优先级信息,确定是否配置DRB IP功能。The determining, by the base station, whether to configure the DRB IP function according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session.
在一实施方式中,所述基站根据所述第一UE能力信息、所述终端对应的各个PDU会话的安全策略信息和所述各个PDU会话中的每个QOS流的优先级信息,确定是否配置DRB IP功能,包括:In an embodiment, the base station determines whether to configure according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session. DRB IP features, including:
所述基站根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能;Determining, by the base station, the first aggregation data rate of the QOS flow corresponding to the PDU session of the first parameter according to the security policy information of each PDU session corresponding to the terminal, where the first parameter is used to indicate the need Configure the DRB IP function.
如果所述第一聚合数据速率大于所述聚合数据速率能力门限值,则所述基站根据所述终端对应的各个PDU会话中的每个QOS流的优先级信息,确定对所述各个PDU会话是否配置DRB IP功能和/或对所述各个PDU会话中的每个QOS流是否配置DRB IP功能。If the first aggregated data rate is greater than the aggregated data rate capability threshold, the base station determines, according to the priority information of each QOS flow in each PDU session corresponding to the terminal, the session of each PDU. Whether to configure the DRB IP function and/or whether to configure the DRB IP function for each of the QOS flows in the respective PDU sessions.
在一实施方式中,所述方法还包括:In an embodiment, the method further includes:
对于确定不能配置DRB IP功能的第一PDU会话和/或第一QOS流,所述基站向所述第一核心网网元发送第一反馈信息,所述第一反馈信息用于向所述第一核心网网元通知所述第一PDU会话和/或所述第一QOS流不能配置DRB IP功能。For determining a first PDU session and/or a first QOS flow in which the DRB IP function cannot be configured, the base station sends first feedback information to the first core network network element, where the first feedback information is used to A core network element notifies the first PDU session and/or the first QOS flow that the DRB IP function cannot be configured.
在一实施方式中,所述方法还包括:In an embodiment, the method further includes:
对于确定不能配置DRB IP功能的第一PDU会话和/或第一QOS流,所述基站对所述第一PDU会话和/或第一QOS流不配置DRB IP功能;For determining a first PDU session and/or a first QOS flow in which the DRB IP function cannot be configured, the base station does not configure a DRB IP function for the first PDU session and/or the first QOS flow;
对于确定能够配置DRB IP功能的第二PDU会话和/或第二QOS流,所述基站对所述第二PDU会话和/或第二QOS流配置DRB IP功能。For determining a second PDU session and/or a second QOS flow capable of configuring a DRB IP function, the base station configures a DRB IP function for the second PDU session and/or the second QOS flow.
在一实施方式中,所述基站根据所述第一UE能力信息、所述终端对应的各个PDU会话的安全策略信息和所述各个PDU会话中的每个QOS流的优先级信息,确定是否配置DRB IP功能,包括:In an embodiment, the base station determines whether to configure according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session. DRB IP features, including:
所述基站根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能;Determining, by the base station, the first aggregation data rate of the QOS flow corresponding to the PDU session of the first parameter according to the security policy information of each PDU session corresponding to the terminal, where the first parameter is used to indicate the need Configure the DRB IP function.
如果所述第一聚合数据速率小于或等于所述聚合数据速率能力门限值,则所述基站对DRB IP的指示参数为所述第一参数的全部PDU会话配置DRB IP功能。If the first aggregated data rate is less than or equal to the aggregated data rate capability threshold, the base station indicates that the DRB IP indication parameter is a DRB IP function for all PDU sessions of the first parameter.
在一实施方式中,所述基站根据所述第一UE能力信息、以及所述终端对应的各个PDU会话的安全策略信息和优先级信息,确定是否配置DRB IP功能,包括:In an embodiment, the determining, by the base station, whether the DRB IP function is configured, according to the first UE capability information, and the security policy information and the priority information of each PDU session corresponding to the terminal, includes:
所述基站根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第二参数的第三PDU会话,所述第二参数用于指示建议配置DRB IP功能;Determining, by the base station, the third PDU session in which the indication parameter of the DRB IP is the second parameter according to the security policy information of the PDU session corresponding to the terminal, where the second parameter is used to indicate that the DRB IP function is recommended to be configured;
对于DRB IP的指示参数为第二参数的各个第三PDU会话,所述基站根据所述各个第三PDU会话中每个QOS流的优先级信息、所述第一UE能力信息以及本地策略,确定对所述各个第三PDU会话和/或所述各个第三PDU会话中的每个QOS流是否配置DRB IP功能。For each third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station determines, according to the priority information of each QOS flow in the respective third PDU session, the first UE capability information, and the local policy. Whether to configure a DRB IP function for each of the respective third PDU sessions and/or each of the respective third PDU sessions.
在一实施方式中,所述配置DRB IP功能是指:对PDU会话和/或QOS流对应的DRB使能DRB IP功能。In an embodiment, the configuring the DRB IP function refers to: enabling the DRB IP function for the DRB corresponding to the PDU session and/or the QOS flow.
在一实施方式中,所述PDU会话也对应有优先级信息,对于优先级不同的两个PDU会话,具有较高优先级的PDU会话的全部QOS流的优先级高于具有较低优先级的PDU 会话的全部QOS流的优先级。In an embodiment, the PDU session also has priority information. For two PDU sessions with different priorities, all QOS flows of the PDU session with higher priority have higher priority than the lower priority. The priority of all QOS flows for a PDU session.
本发明实施例提供的DRB完整性保护的配置装置,包括:The apparatus for configuring DRB integrity protection provided by the embodiment of the present invention includes:
第一获取单元,用于获取第一核心网网元配置的PDU会话的安全策略信息和优先级信息,所述安全策略信息包括所述PDU会话对应的DRB IP的指示参数,所述优先级信息用于指示所述PDU会话对应的DRB IP的优先级;a first acquiring unit, configured to obtain security policy information and priority information of a PDU session configured by the first core network element, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session, and the priority information is a priority for indicating a DRB IP corresponding to the PDU session;
第二获取单元,用于获取终端的第一UE能力信息,所述第一UE能力信息包括所述终端要求的关于DRB IP的聚合数据速率能力门限值;a second acquiring unit, configured to acquire first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
配置单元,用于根据所述第一UE能力信息、所述终端对应的各个PDU会话的安全策略信息和优先级信息,确定是否配置DRB IP功能。And a configuration unit, configured to determine whether to configure the DRB IP function according to the first UE capability information, the security policy information and the priority information of each PDU session corresponding to the terminal.
在一实施方式中,所述配置单元,用于根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能;如果所述第一聚合数据速率大于所述聚合数据速率能力门限值,则所述基站根据所述终端对应的各个PDU会话的优先级信息,确定对所述各个PDU会话是否配置DRB IP功能。In an embodiment, the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregate data rate of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter. The first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is greater than the aggregate data rate capability threshold, the base station according to the priority of each PDU session corresponding to the terminal Information, determining whether a DRB IP function is configured for the respective PDU session.
在一实施方式中,所述装置还包括:In an embodiment, the device further includes:
反馈单元,用于对于确定不能配置DRB IP功能的第一PDU会话,向所述第一核心网网元发送第一反馈信息,所述第一反馈信息用于向所述第一核心网网元通知所述第一PDU会话不能配置DRB IP功能。a feedback unit, configured to send first feedback information to the first core network element for determining a first PDU session in which the DRB IP function cannot be configured, where the first feedback information is used to send to the first core network element Notifying the first PDU session that the DRB IP function cannot be configured.
在一实施方式中,所述配置单元,用于对于确定不能配置DRB IP功能的第一PDU会话,对所述第一PDU会话不配置DRB IP功能;对于确定能够配置DRB IP功能的第二PDU会话,对所述第二PDU会话配置DRB IP功能。In an embodiment, the configuration unit is configured to: configure a DRB IP function for the first PDU session for determining a first PDU session in which the DRB IP function cannot be configured; and determine a second PDU that can configure the DRB IP function. A session, configuring a DRB IP function for the second PDU session.
在一实施方式中,所述配置单元,用于根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能;如果所述第一聚合数据速率小于或等于所述聚合数据速率能力门限值,则对DRB IP的指示参数为所述第一参数的全部PDU会话配置DRB IP功能。In an embodiment, the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregate data rate of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter. The first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is less than or equal to the aggregate data rate capability threshold, the indication parameter of the DRB IP is the first parameter. The DRB IP function is configured for all PDU sessions.
在一实施方式中,所述配置单元,用于根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第二参数的第三PDU会话,所述第二参数用于指示建议配置DRB IP功能;对于DRB IP的指示参数为第二参数的各个第三PDU会话,所述基站根据所述各个第三PDU会话的优先级信息、所述第一UE能力信息以及本地策略,确定对所述各个第三PDU会话是否配置DRB IP功能。In an embodiment, the configuration unit is configured to determine, according to security policy information of each PDU session corresponding to the terminal, a third PDU session in which the indication parameter of the DRB IP is the second parameter, where the second parameter is used. Instructing to configure the DRB IP function; for the third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station according to the priority information of the respective third PDU session, the first UE capability information, and the local policy Determining whether a DRB IP function is configured for each of the third PDU sessions.
在一实施方式中,所述配置DRB IP功能是指:对PDU会话对应的DRB使能DRB IP功能。In an embodiment, the configuring the DRB IP function means: enabling the DRB IP function for the DRB corresponding to the PDU session.
本发明实施例提供的DRB完整性保护的配置装置,包括:The apparatus for configuring DRB integrity protection provided by the embodiment of the present invention includes:
第一获取单元,用于获取第一核心网网元配置的PDU会话的安全策略信息和所述PDU会话中每个QOS流的优先级信息,所述安全策略信息包括所述PDU会话对应的DRB IP的指示参数,所述优先级信息用于指示QOS流对应的DRB IP的优先级;a first acquiring unit, configured to acquire security policy information of a PDU session configured by the first core network element and priority information of each QOS flow in the PDU session, where the security policy information includes a DRB corresponding to the PDU session An indication parameter of the IP, where the priority information is used to indicate a priority of a DRB IP corresponding to the QOS flow;
第二获取单元,用于获取终端的第一UE能力信息,所述第一UE能力信息包括所述终端要求的关于DRB IP的聚合数据速率能力门限值;a second acquiring unit, configured to acquire first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
配置单元,用于根据所述第一UE能力信息、所述终端对应的各个PDU会话的安全策略信息和所述各个PDU会话中的每个QOS流的优先级信息,确定是否配置DRB IP功能。And a configuration unit, configured to determine whether to configure the DRB IP function according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session.
在一实施方式中,所述配置单元,用于根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合 数据速率,所述第一参数用于指示需要配置DRB IP功能;如果所述第一聚合数据速率大于所述聚合数据速率能力门限值,则根据所述终端对应的各个PDU会话中的每个QOS流的优先级信息,确定对所述各个PDU会话是否配置DRB IP功能和/或对所述各个PDU会话中的每个QOS流是否配置DRB IP功能。In an embodiment, the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregate data rate of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter. The first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is greater than the aggregate data rate capability threshold, each QOS flow in each PDU session corresponding to the terminal is used. The priority information determines whether the DRB IP function is configured for the respective PDU session and/or whether the DRB IP function is configured for each QOS flow in the respective PDU session.
在一实施方式中,所述装置还包括:In an embodiment, the device further includes:
反馈单元,用于对于确定不能配置DRB IP功能的第一PDU会话和/或第一QOS流,向所述第一核心网网元发送第一反馈信息,所述第一反馈信息用于向所述第一核心网网元通知所述第一PDU会话和/或所述第一QOS流不能配置DRB IP功能。a feedback unit, configured to send first feedback information to the first core network element for determining a first PDU session and/or a first QOS flow that cannot configure the DRB IP function, where the first feedback information is used by the The first core network element notifies the first PDU session and/or the first QOS flow cannot configure the DRB IP function.
在一实施方式中,所述配置单元,用于对于确定不能配置DRB IP功能的第一PDU会话和/或第一QOS流,对所述第一PDU会话和/或第一QOS流不配置DRB IP功能;对于确定能够配置DRB IP功能的第二PDU会话和/或第二QOS流,对所述第二PDU会话和/或第二QOS流配置DRB IP功能。In an embodiment, the configuration unit is configured to not configure the DRB for the first PDU session and/or the first QOS flow for determining a first PDU session and/or a first QOS flow that cannot configure the DRB IP function. IP function; for determining a second PDU session and/or a second QOS flow capable of configuring a DRB IP function, configuring a DRB IP function for the second PDU session and/or the second QOS flow.
在一实施方式中,所述配置单元,用于根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能;如果所述第一聚合数据速率小于或等于所述聚合数据速率能力门限值,则对DRB IP的指示参数为所述第一参数的全部PDU会话配置DRB IP功能。In an embodiment, the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregate data rate of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter. The first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is less than or equal to the aggregate data rate capability threshold, the indication parameter of the DRB IP is the first parameter. The DRB IP function is configured for all PDU sessions.
在一实施方式中,所述配置单元,用于根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第二参数的第三PDU会话,所述第二参数用于指示建议配置DRB IP功能;对于DRB IP的指示参数为第二参数的各个第三PDU会话,所述基站根据所述各个第三PDU会话中每个QOS流的优先级信息、所述第一UE能力信息以及本地策略,确定对所述各个第三PDU会话和/或所述各个第三PDU会话中的每个QOS流是否配置DRB IP功能。In an embodiment, the configuration unit is configured to determine, according to security policy information of each PDU session corresponding to the terminal, a third PDU session in which the indication parameter of the DRB IP is the second parameter, where the second parameter is used. Instructing to configure the DRB IP function; for the third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station according to the priority information of each QOS flow in the respective third PDU session, the first UE The capability information and the local policy determine whether a DRB IP function is configured for each of the respective third PDU sessions and/or each of the respective third PDU sessions.
在一实施方式中,所述配置DRB IP功能是指:对PDU会话和/或QOS流对应的DRB使能DRB IP功能。In an embodiment, the configuring the DRB IP function refers to: enabling the DRB IP function for the DRB corresponding to the PDU session and/or the QOS flow.
在一实施方式中,所述PDU会话也对应有优先级信息,对于优先级不同的两个PDU会话,具有较高优先级的PDU会话的全部QOS流的优先级高于具有较低优先级的PDU会话的全部QOS流的优先级。In an embodiment, the PDU session also has priority information. For two PDU sessions with different priorities, all QOS flows of the PDU session with higher priority have higher priority than the lower priority. The priority of all QOS flows of the PDU session.
本发明实施例提供的计算机存储介质,其上存储有计算机可执行指令,该计算机可执行指令被处理器执行时实现所述的DRB完整性保护的配置方法。The computer storage medium provided by the embodiment of the present invention has stored thereon computer executable instructions, and the computer executable instructions are implemented by the processor to implement the DRB integrity protection configuration method.
本发明实施例的技术方案中,1)基站获取第一核心网网元配置的PDU会话的安全策略信息和优先级信息,所述安全策略信息包括所述PDU会话对应的DRB IP的指示参数,所述优先级信息用于指示所述PDU会话对应的DRB IP的优先级;所述基站获取终端的第一UE能力信息,所述第一UE能力信息包括所述终端要求的关于DRB IP的聚合数据速率能力门限值;所述基站根据所述第一UE能力信息、所述终端对应的各个PDU会话的安全策略信息和优先级信息,确定是否配置DRB IP功能。2)基站获取第一核心网网元配置的PDU会话的安全策略信息和所述PDU会话中每个QOS流的优先级信息,所述安全策略信息包括所述PDU会话对应的DRB IP的指示参数,所述优先级信息用于指示QOS流对应的DRB IP的优先级;所述基站获取终端的第一UE能力信息,所述第一UE能力信息包括所述终端要求的关于DRB IP的聚合数据速率能力门限值;所述基站根据所述第一UE能力信息、所述终端对应的各个PDU会话的安全策略信息和所述各个PDU会话中的每个QOS流的优先级信息,确定是否配置DRB IP功能。采用本发明实施例的技术方案,第一核心网网元(如SMF)配置PDU session粒度的DRB IP优先级或者QOS流粒度的DRB IP优先级,从而基 站(如gNB)可以基于第一核心网网元的这些配置判决如何给PDU session和/或QOS流(对应的DRB)配置DRB IP功能,使得基站更合理的决定和选择DRB进行DRB IP功能的配置。In the technical solution of the embodiment of the present invention, 1) the base station acquires the security policy information and the priority information of the PDU session configured by the network element of the first core network, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session. The priority information is used to indicate the priority of the DRB IP corresponding to the PDU session; the base station acquires the first UE capability information of the terminal, and the first UE capability information includes an aggregation of the DRB IP required by the terminal. The data rate capability threshold is determined by the base station according to the first UE capability information, the security policy information and the priority information of each PDU session corresponding to the terminal, and whether the DRB IP function is configured. 2) The base station acquires the security policy information of the PDU session configured by the first core network element and the priority information of each QOS flow in the PDU session, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session. The priority information is used to indicate the priority of the DRB IP corresponding to the QOS flow; the base station acquires the first UE capability information of the terminal, where the first UE capability information includes the aggregated data about the DRB IP required by the terminal. a rate capability threshold; the base station determines whether to configure according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session. DRB IP function. With the technical solution of the embodiment of the present invention, the first core network element (such as SMF) configures the DRB IP priority of the PDU session granularity or the DRB IP priority of the QOS flow granularity, so that the base station (such as gNB) can be based on the first core network. These configuration decisions of the network element determine how to configure the DRB IP function for the PDU session and/or the QOS flow (corresponding DRB), so that the base station can more rationally decide and select the DRB to configure the DRB IP function.
附图说明DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the invention, and are intended to be a part of the invention. In the drawing:
图1为现有的DRB完整性保护的流程图;Figure 1 is a flow chart of the existing DRB integrity protection;
图2为本发明实施例的DRB完整性保护的配置方法的流程示意图一;2 is a schematic flowchart 1 of a method for configuring DRB integrity protection according to an embodiment of the present invention;
图3为本发明实施例的应用示例一的DRB完整性保护的流程图;3 is a flowchart of DRB integrity protection in Application Example 1 according to an embodiment of the present invention;
图4为应用示例一的各协议栈的示意图;4 is a schematic diagram of each protocol stack of Application Example 1;
图5为本发明实施例的DRB完整性保护的配置方法的流程示意图二;FIG. 5 is a second schematic flowchart of a method for configuring DRB integrity protection according to an embodiment of the present invention;
图6为本发明实施例的应用示例二的DRB完整性保护的流程图;6 is a flowchart of DRB integrity protection of application example 2 according to an embodiment of the present invention;
图7为应用示例二的各协议栈的示意图;7 is a schematic diagram of each protocol stack of application example 2;
图8为本发明实施例的DRB完整性保护的配置装置的结果组成示意图;FIG. 8 is a schematic diagram showing the result composition of a DRB integrity protection configuration apparatus according to an embodiment of the present invention; FIG.
图9为本发明实施例的计算机设备的结构组成示意图。FIG. 9 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
具体实施方式detailed description
为了能够更加详尽地了解本发明实施例的特点与技术内容,下面结合附图对本发明实施例的实现进行详细阐述,所附附图仅供参考说明之用,并非用来限定本发明实施例。The embodiments of the present invention are described in detail below with reference to the accompanying drawings.
本发明实施例的技术方案主要应用于5G移动通信系统,当然,本发明实施例的技术方案并不局限于5G移动通信系统,还可以应用于其他类型的移动通信系统。以下对5G移动通信系统中的主要应用场景进行说明:The technical solution of the embodiment of the present invention is mainly applied to a 5G mobile communication system. Of course, the technical solution of the embodiment of the present invention is not limited to the 5G mobile communication system, and can also be applied to other types of mobile communication systems. The following describes the main application scenarios in the 5G mobile communication system:
1)eMBB场景:eMBB以用户获得多媒体内容、服务和数据为目标,其业务需求增长十分迅速。由于eMBB可能部署在不同的场景中,例如室内、市区、农村等,其业务能力和需求的差别也比较大,所以必须结合具体的部署场景对业务进行分析。1) eMBB scenario: eMBB aims at users to obtain multimedia content, services and data, and its business needs are growing rapidly. Because eMBB may be deployed in different scenarios, such as indoors, urban areas, and rural areas, the difference in service capabilities and requirements is relatively large. Therefore, services must be analyzed in combination with specific deployment scenarios.
2)URLLC场景:URLLC的典型应用包括:工业自动化、电力自动化、远程医疗操作、交通安全保障等。2) URLLC scenario: Typical applications for URLLC include: industrial automation, power automation, telemedicine operations, traffic security, and more.
3)mMTC场景:URLLC的典型特点包括:高连接密度、小数据量、时延不敏感业务、模块的低成本和长使用寿命等。3) mMTC scenario: Typical characteristics of URLLC include: high connection density, small data volume, delay-insensitive service, low cost and long service life of the module.
在5G中,由于MAC-I的大小可以是32bit,也可以是64bit,因此需要网络侧和终端侧协商MAC-I的大小。In the 5G, since the size of the MAC-I may be 32 bits or 64 bits, the network side and the terminal side are required to negotiate the size of the MAC-I.
图2为本发明实施例的DRB完整性保护的配置方法的流程示意图一,如图2所示,所述DRB完整性保护的配置方法包括以下步骤:2 is a schematic flowchart 1 of a method for configuring DRB integrity protection according to an embodiment of the present invention. As shown in FIG. 2, the method for configuring DRB integrity protection includes the following steps:
步骤201:基站获取第一核心网网元配置的PDU会话的安全策略信息和优先级信息,所述安全策略信息包括所述PDU会话对应的DRB IP的指示参数,所述优先级信息用于指示所述PDU会话对应的DRB IP的优先级。Step 201: The base station acquires the security policy information and the priority information of the PDU session configured by the network element of the first core network, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session, where the priority information is used to indicate The priority of the DRB IP corresponding to the PDU session.
本发明实施例的技术方案可以应用但不局限于5G系统,以本发明实施例的技术方案应用于5G系统为例,所述基站是指gNB,所述第一核心网网元是指SMF,此外,以下涉及到的第二核心网网元是指AMF。The technical solution of the embodiment of the present invention may be applied to, but not limited to, a 5G system. The technical solution of the embodiment of the present invention is applied to a 5G system, where the base station refers to a gNB, and the first core network element refers to an SMF. In addition, the second core network element referred to below refers to the AMF.
本发明实施例中,在PDU会话建立时,第一核心网网元(如SMF)配置该PDU会话对应的安全策略信息和优先级信息,其中,所述安全策略信息包括所述PDU会话对应的DRB IP的指示参数,所述优先级信息用于指示所述PDU会话对应的DRB IP的优 先级。In the embodiment of the present invention, when the PDU session is established, the first core network element (such as the SMF) configures the security policy information and the priority information corresponding to the PDU session, where the security policy information includes the PDU session. An indication parameter of the DRB IP, where the priority information is used to indicate a priority of a DRB IP corresponding to the PDU session.
这里,所述PDU会话对应的DRB IP的指示参数分为以下三种:Here, the indication parameters of the DRB IP corresponding to the PDU session are classified into the following three types:
第一参数(required):所述第一参数用于指示需要配置DRB IP功能。The first parameter (required): the first parameter is used to indicate that the DRB IP function needs to be configured.
第二参数(preferred):所述第二参数用于指示建议配置DRB IP功能。The second parameter (preferred): the second parameter is used to indicate a recommended configuration of the DRB IP function.
第三参数(not needed):所述第三参数用于指示不需要配置DRB IP功能。Third parameter (not needed): The third parameter is used to indicate that the DRB IP function does not need to be configured.
应理解,安全策略信息中的DRB IP的指示参数是针对PDU会话而言的,例如PDU会话1对应第一参数,PDU会话2对应第二参数,PDU会话3对应第一参数,等等。此外,优先级信息中的DRB IP的优先级是针对会话而言的,例如PDU会话1对应第一优先级,PDU会话2对应第二优先级,PDU会话3对应第三优先级,等等。It should be understood that the indication parameter of the DRB IP in the security policy information is for the PDU session, for example, the PDU session 1 corresponds to the first parameter, the PDU session 2 corresponds to the second parameter, the PDU session 3 corresponds to the first parameter, and the like. In addition, the priority of the DRB IP in the priority information is for the session, for example, the PDU session 1 corresponds to the first priority, the PDU session 2 corresponds to the second priority, the PDU session 3 corresponds to the third priority, and so on.
步骤202:所述基站获取终端的第一UE能力信息,所述第一UE能力信息包括所述终端要求的关于DRB IP的聚合数据速率能力门限值。Step 202: The base station acquires first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal.
本发明实施例中,允许配置给终端的所有DRB IP功能的DRB的聚合数据速率需要小于或等于所述第一UE能力信息中的聚合数据速率能力门限值。In the embodiment of the present invention, the aggregated data rate of the DRBs that are allowed to be configured to all the DRB IP functions of the terminal needs to be less than or equal to the aggregated data rate capability threshold in the first UE capability information.
步骤203:所述基站根据所述第一UE能力信息、所述终端对应的各个PDU会话的安全策略信息和优先级信息,确定是否配置DRB IP功能。Step 203: The base station determines whether to configure the DRB IP function according to the first UE capability information, the security policy information and the priority information of each PDU session corresponding to the terminal.
本发明实施例中,确定是否配置DRB IP功能需要结合各个PDU会话的安全策略信息,大致分为以下场景:In the embodiment of the present invention, determining whether to configure the DRB IP function needs to be combined with the security policy information of each PDU session, and is roughly classified into the following scenarios:
场景一:所述基站根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能。1)如果所述第一聚合数据速率大于所述聚合数据速率能力门限值,则所述基站根据所述终端对应的各个PDU会话的优先级信息,确定对所述各个PDU会话是否配置DRB IP功能。2)如果所述第一聚合数据速率小于或等于所述聚合数据速率能力门限值,则所述基站对DRB IP的指示参数为所述第一参数的全部PDU会话配置DRB IP功能。Scenario 1: The base station determines, according to the security policy information of each PDU session corresponding to the terminal, the first aggregate data rate of the QOS flow corresponding to the PDU session of the first parameter, where the indication parameter of the DRB IP is the first parameter. Indicates that the DRB IP function needs to be configured. 1) If the first aggregated data rate is greater than the aggregated data rate capability threshold, the base station determines whether to configure the DRB IP for each PDU session according to the priority information of each PDU session corresponding to the terminal. Features. 2) If the first aggregated data rate is less than or equal to the aggregated data rate capability threshold, the base station configures a DRB IP function for all PDU sessions of the first parameter for the indication parameter of the DRB IP.
对于上述1),对于确定不能配置DRB IP功能的第一PDU会话,所述基站对所述第一PDU会话不配置DRB IP功能;对于确定能够配置DRB IP功能的第二PDU会话,所述基站对所述第二PDU会话配置DRB IP功能。进一步,对于确定不能配置DRB IP功能的第一PDU会话,所述基站向所述第一核心网网元发送第一反馈信息,所述第一反馈信息用于向所述第一核心网网元通知所述第一PDU会话不能配置DRB IP功能。For the above 1), for determining a first PDU session in which the DRB IP function cannot be configured, the base station does not configure a DRB IP function for the first PDU session; and for determining a second PDU session capable of configuring a DRB IP function, the base station The DRB IP function is configured for the second PDU session. Further, for determining a first PDU session in which the DRB IP function cannot be configured, the base station sends first feedback information to the first core network network element, where the first feedback information is used to the first core network element Notifying the first PDU session that the DRB IP function cannot be configured.
场景二:所述基站根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第二参数的第三PDU会话,所述第二参数用于指示建议配置DRB IP功能;对于DRB IP的指示参数为第二参数的各个第三PDU会话,所述基站根据所述各个第三PDU会话的优先级信息、所述第一UE能力信息以及本地策略,确定对所述各个第三PDU会话是否配置DRB IP功能。Scenario 2: The base station determines, according to the security policy information of each PDU session corresponding to the terminal, that the indication parameter of the DRB IP is the third PDU session of the second parameter, and the second parameter is used to indicate that the DRB IP function is recommended to be configured. For each third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station determines, according to the priority information of the respective third PDU session, the first UE capability information, and the local policy, Whether the DRB IP function is configured for the three PDU sessions.
场景三:所述基站根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第三参数的PDU会话,所述第三参数用于指示不需要配置DRB IP功能;对于DRB IP的指示参数为第三参数的第四PDU会话,所述基站对所述第四PDU会话不配置DRB IP功能。Scenario 3: The base station determines, according to the security policy information of each PDU session corresponding to the terminal, that the indication parameter of the DRB IP is the third parameter PDU session, and the third parameter is used to indicate that the DRB IP function is not required to be configured; The indication parameter of the DRB IP is a fourth PDU session of the third parameter, and the base station does not configure the DRB IP function for the fourth PDU session.
应理解,本发明以上实施例中涉及到的配置DRB IP功能是指:对PDU会话对应的DRB使能DRB IP功能。It should be understood that the configuration of the DRB IP function involved in the foregoing embodiment of the present invention means that the DRB is enabled for the DRB corresponding to the PDU session.
此外,对于上述需要结合PDU会话的优先级来确定是否配置DRB IP功能的情况,在满足所述第一UE能力信息所限定的聚合数据速率能力门限值的条件下,优先为优先级较高的PDU会话配置DRB IP功能。In addition, in the case that the foregoing needs to be combined with the priority of the PDU session to determine whether to configure the DRB IP function, if the aggregated data rate capability threshold value defined by the first UE capability information is met, the priority is higher. The PDU session is configured with the DRB IP function.
以下结合具体应用示例对本发明实施例的上述技术方案做详细描述。The foregoing technical solutions of the embodiments of the present invention are described in detail below with reference to specific application examples.
参照图3和图4,图3为本发明实施例的应用示例一的DRB完整性保护的流程图,图4为应用示例一的各协议栈的示意图,如图3和图4所示:3 and FIG. 4, FIG. 3 is a flowchart of DRB integrity protection according to application example 1 of the embodiment of the present invention, and FIG. 4 is a schematic diagram of each protocol stack of application example 1, as shown in FIG. 3 and FIG.
1)SMF配置PDU session信息给gNB时,同时配置该PDU session的优先级信息,该优先级信息指示该PDU session被配置DRB IP的优先级。1) When the SMF configures the PDU session information to the gNB, the priority information of the PDU session is also configured, and the priority information indicates that the PDU session is configured with the priority of the DRB IP.
2)gNB获取UE关于DRB IP的聚合数据速率能力门限值,该信息可以来自UE上报或者来自AMF。2) The gNB obtains the aggregated data rate capability threshold of the UE about the DRB IP, and the information may be reported from the UE or from the AMF.
3)gNB根据DRB IP的聚合数据速率能力门限值的限制以及每个DRB IP的PDU session的优先级信息判决是否配置DRB IP功能。具体地,3) The gNB decides whether to configure the DRB IP function according to the limitation of the aggregated data rate capability threshold of the DRB IP and the priority information of the PDU session of each DRB IP. specifically,
如果指示安全策略的指示参数为“required”的PDU session对应的QOS flow的聚合数据速率大于UE要求的聚合数据速率能力门限值,则gNB根据PDU session的DRB IP优先级来判决是否配置DRB IP功能。对于判决不能配置DRB IP功能的PDU session的PDU session,gNB可以直接拒绝SMF或gNB决定配置对应DRB不带DRB IP功能。If the aggregate data rate of the QOS flow corresponding to the PDU session indicating that the security policy is set to "required" is greater than the aggregate data rate capability threshold required by the UE, the gNB determines whether to configure the DRB IP according to the DRB IP priority of the PDU session. Features. For the PDU session of the PDU session in which the DRB IP function cannot be configured, the gNB can directly reject the SMF or the gNB to determine the corresponding DRB without the DRB IP function.
如果安全策略的指示参数为“required”的PDU session对应的QOS flow的聚合数据速率小于或等于UE要求的聚合数据速率能力门限值,则gNB配置所有的安全策略的指示参数为“required”的PDU session对应的DRB使能DRB IP功能。If the aggregate data rate of the QOS flow corresponding to the PDU session with the indicated parameter of the security policy is less than or equal to the aggregated data rate capability threshold required by the UE, the gNB configures all the security policy indication parameters as “required”. The DRB corresponding to the PDU session enables the DRB IP function.
对于安全策略的指示参数为“preferred”的PDU session,gNB根据聚合数据速率能力门限值、PDU session的DRB IP优先级和本地策略决定是否配置该PDU session对应的DRB为使能DRB IP。For the PDU session whose security parameter is "preferred", the gNB determines whether to configure the DRB corresponding to the PDU session according to the aggregated data rate capability threshold, the DRB IP priority of the PDU session, and the local policy.
这里,在满足所述第一UE能力信息所限定的聚合数据速率能力门限值的条件下,优先为优先级较高的PDU会话配置DRB IP功能。Here, under the condition that the aggregated data rate capability threshold value defined by the first UE capability information is met, the DRB IP function is preferentially configured for the PDU session with higher priority.
图5为本发明实施例的DRB完整性保护的配置方法的流程示意图二,如图5所示,所述DRB完整性保护的配置方法包括以下步骤:FIG. 5 is a schematic flowchart 2 of a method for configuring DRB integrity protection according to an embodiment of the present invention. As shown in FIG. 5, the DRB integrity protection configuration method includes the following steps:
步骤501:基站获取第一核心网网元配置的PDU会话的安全策略信息和所述PDU会话中每个QOS流的优先级信息,所述安全策略信息包括所述PDU会话对应的DRB IP的指示参数,所述优先级信息用于指示QOS流对应的DRB IP的优先级。Step 501: The base station acquires the security policy information of the PDU session configured by the first core network element and the priority information of each QOS flow in the PDU session, where the security policy information includes an indication of the DRB IP corresponding to the PDU session. And the priority information is used to indicate a priority of the DRB IP corresponding to the QOS flow.
本发明实施例的技术方案可以应用但不局限于5G系统,以本发明实施例的技术方案应用于5G系统为例,所述基站是指gNB,所述第一核心网网元是指SMF,此外,以下涉及到的第二核心网网元是指AMF。The technical solution of the embodiment of the present invention may be applied to, but not limited to, a 5G system. The technical solution of the embodiment of the present invention is applied to a 5G system, where the base station refers to a gNB, and the first core network element refers to an SMF. In addition, the second core network element referred to below refers to the AMF.
本发明实施例中,在PDU会话建立时,第一核心网网元(如SMF)配置该PDU会话对应的安全策略信息和所述PDU会话中每个QOS流的优先级信息,其中,所述安全策略信息包括所述PDU会话对应的DRB IP的指示参数,所述优先级信息用于指示QOS流对应的DRB IP的优先级。In the embodiment of the present invention, when the PDU session is established, the first core network element (such as the SMF) configures the security policy information corresponding to the PDU session and the priority information of each QOS flow in the PDU session, where the The security policy information includes an indication parameter of the DRB IP corresponding to the PDU session, and the priority information is used to indicate a priority of the DRB IP corresponding to the QOS flow.
这里,所述PDU会话对应的DRB IP的指示参数分为以下三种:Here, the indication parameters of the DRB IP corresponding to the PDU session are classified into the following three types:
第一参数(required):所述第一参数用于指示需要配置DRB IP功能。The first parameter (required): the first parameter is used to indicate that the DRB IP function needs to be configured.
第二参数(preferred):所述第二参数用于指示建议配置DRB IP功能。The second parameter (preferred): the second parameter is used to indicate a recommended configuration of the DRB IP function.
第三参数(not needed):所述第三参数用于指示不需要配置DRB IP功能。Third parameter (not needed): The third parameter is used to indicate that the DRB IP function does not need to be configured.
应理解,安全策略信息中的DRB IP的指示参数是针对PDU会话而言的,例如PDU会话1对应第一参数,PDU会话2对应第二参数,PDU会话3对应第一参数,等等。此外,优先级信息中的DRB IP的优先级是针对QOS流而言的,例如QOS流1对应第一优先级,QOS流2对应第二优先级,QOS流3对应第三优先级,等等。It should be understood that the indication parameter of the DRB IP in the security policy information is for the PDU session, for example, the PDU session 1 corresponds to the first parameter, the PDU session 2 corresponds to the second parameter, the PDU session 3 corresponds to the first parameter, and the like. In addition, the priority of the DRB IP in the priority information is for the QOS flow, for example, the QOS flow 1 corresponds to the first priority, the QOS flow 2 corresponds to the second priority, the QOS flow 3 corresponds to the third priority, etc. .
进一步,所述PDU会话也对应有优先级信息,对于优先级不同的两个PDU会话,具有较高优先级的PDU会话的全部QOS流的优先级高于具有较低优先级的PDU会话的全部QOS流的优先级。Further, the PDU session also has priority information. For two PDU sessions with different priorities, all QOS flows of the PDU session with higher priority have higher priority than all PDU sessions with lower priority. The priority of the QOS stream.
步骤502:所述基站获取终端的第一UE能力信息,所述第一UE能力信息包括所述终端要求的关于DRB IP的聚合数据速率能力门限值。Step 502: The base station acquires the first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal.
本发明实施例中,允许配置给终端的所有DRB IP功能的DRB的聚合数据速率需要小于或等于所述第一UE能力信息中的聚合数据速率能力门限值。In the embodiment of the present invention, the aggregated data rate of the DRBs that are allowed to be configured to all the DRB IP functions of the terminal needs to be less than or equal to the aggregated data rate capability threshold in the first UE capability information.
步骤503:所述基站根据所述第一UE能力信息、所述终端对应的各个PDU会话的安全策略信息和所述各个PDU会话中的每个QOS流的优先级信息,确定是否配置DRB IP功能。Step 503: The base station determines whether to configure the DRB IP function according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session. .
本发明实施例中,确定是否配置DRB IP功能需要结合各个PDU会话的安全策略信息,大致分为以下场景:In the embodiment of the present invention, determining whether to configure the DRB IP function needs to be combined with the security policy information of each PDU session, and is roughly classified into the following scenarios:
场景一:所述基站根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能。1)如果所述第一聚合数据速率大于所述聚合数据速率能力门限值,则所述基站根据所述终端对应的各个PDU会话中的每个QOS流的优先级信息,确定对所述各个PDU会话是否配置DRB IP功能和/或对所述各个PDU会话中的每个QOS流是否配置DRB IP功能。2)如果所述第一聚合数据速率小于或等于所述聚合数据速率能力门限值,则所述基站对DRB IP的指示参数为所述第一参数的全部PDU会话配置DRB IP功能。Scenario 1: The base station determines, according to the security policy information of each PDU session corresponding to the terminal, the first aggregate data rate of the QOS flow corresponding to the PDU session of the first parameter, where the indication parameter of the DRB IP is the first parameter. Indicates that the DRB IP function needs to be configured. 1) If the first aggregated data rate is greater than the aggregated data rate capability threshold, the base station determines, according to the priority information of each QOS flow in each PDU session corresponding to the terminal, Whether the PDU session configures the DRB IP function and/or whether the DRB IP function is configured for each of the QOS flows in the respective PDU session. 2) If the first aggregated data rate is less than or equal to the aggregated data rate capability threshold, the base station configures a DRB IP function for all PDU sessions of the first parameter for the indication parameter of the DRB IP.
对于上述1),对于确定不能配置DRB IP功能的第一PDU会话和/或第一QOS流,所述基站对所述第一PDU会话和/或第一QOS流不配置DRB IP功能;对于确定能够配置DRB IP功能的第二PDU会话和/或第二QOS流,所述基站对所述第二PDU会话和/或第二QOS流配置DRB IP功能。进一步,对于确定不能配置DRB IP功能的第一PDU会话和/或第一QOS流,所述基站向所述第一核心网网元发送第一反馈信息,所述第一反馈信息用于向所述第一核心网网元通知所述第一PDU会话和/或所述第一QOS流不能配置DRB IP功能。For the above 1), for determining a first PDU session and/or a first QOS flow in which the DRB IP function cannot be configured, the base station does not configure the DRB IP function for the first PDU session and/or the first QOS flow; A second PDU session and/or a second QOS flow of the DRB IP function can be configured, the base station configuring a DRB IP function for the second PDU session and/or the second QOS flow. Further, for determining the first PDU session and/or the first QOS flow that cannot configure the DRB IP function, the base station sends first feedback information to the first core network element, where the first feedback information is used for The first core network element notifies the first PDU session and/or the first QOS flow cannot configure the DRB IP function.
场景二:所述基站根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第二参数的第三PDU会话,所述第二参数用于指示建议配置DRB IP功能;对于DRB IP的指示参数为第二参数的各个第三PDU会话,所述基站根据所述各个第三PDU会话中每个QOS流的优先级信息、所述第一UE能力信息以及本地策略,确定对所述各个第三PDU会话和/或所述各个第三PDU会话中的每个QOS流是否配置DRB IP功能。Scenario 2: The base station determines, according to the security policy information of each PDU session corresponding to the terminal, that the indication parameter of the DRB IP is the third PDU session of the second parameter, and the second parameter is used to indicate that the DRB IP function is recommended to be configured. For each third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station determines, according to the priority information of each QOS flow in the respective third PDU session, the first UE capability information, and the local policy. Whether to configure a DRB IP function for each of the respective third PDU sessions and/or each of the respective third PDU sessions.
场景三:所述基站根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第三参数的PDU会话,所述第三参数用于指示不需要配置DRB IP功能;对于DRB IP的指示参数为第三参数的第四PDU会话,所述基站对所述第四PDU会话不配置DRB IP功能。Scenario 3: The base station determines, according to the security policy information of each PDU session corresponding to the terminal, that the indication parameter of the DRB IP is the third parameter PDU session, and the third parameter is used to indicate that the DRB IP function is not required to be configured; The indication parameter of the DRB IP is a fourth PDU session of the third parameter, and the base station does not configure the DRB IP function for the fourth PDU session.
应理解,本发明以上实施例中涉及到的配置DRB IP功能是指:对PDU会话和/或QOS流对应的DRB使能DRB IP功能。It should be understood that the configuration of the DRB IP function involved in the foregoing embodiment of the present invention means that the DRB-enabled DRB IP function corresponding to the PDU session and/or the QOS flow is enabled.
此外,对于上述需要结合QOS流的优先级来确定是否配置DRB IP功能的情况,在满足所述第一UE能力信息所限定的聚合数据速率能力门限值的条件下,优先为优先级较高的QOS流配置DRB IP功能。In addition, in the case that the foregoing needs to be combined with the priority of the QOS flow to determine whether to configure the DRB IP function, the priority is higher under the condition that the aggregated data rate capability threshold value defined by the first UE capability information is met. The QOS stream is configured with the DRB IP function.
以下结合具体应用示例对本发明实施例的上述技术方案做详细描述。The foregoing technical solutions of the embodiments of the present invention are described in detail below with reference to specific application examples.
参照图6和图7,图6为本发明实施例的应用示例二的DRB完整性保护的流程图,图7为应用示例二的各协议栈的示意图,如图6和图7所示:Referring to FIG. 6 and FIG. 7, FIG. 6 is a flowchart of DRB integrity protection according to application example 2 of the embodiment of the present invention, and FIG. 7 is a schematic diagram of each protocol stack of application example 2, as shown in FIG. 6 and FIG.
1)SMF配置PDU session信息给gNB时,同时配置该PDU session中每个Qos flow的优先级信息,该优先级信息指示该Qos flow被配置DRB IP的优先级。1) When the SMF configures the PDU session information to the gNB, the priority information of each QoS flow in the PDU session is also configured, and the priority information indicates that the QoS flow is configured with the priority of the DRB IP.
2)gNB获取UE关于DRB IP的聚合数据速率能力门限值,该信息可以来自UE上报或者来自AMF。2) The gNB obtains the aggregated data rate capability threshold of the UE about the DRB IP, and the information may be reported from the UE or from the AMF.
3)gNB根据DRB IP的聚合数据速率能力门限值的限制以及各个PDU session的每个Qos flow的优先级信息判决是否配置DRB IP功能。具体地,3) The gNB determines whether to configure the DRB IP function according to the limitation of the aggregated data rate capability threshold of the DRB IP and the priority information of each QoS flow of each PDU session. specifically,
如果安全策略的指示参数为“required”的PDU session对应的QOS flow的聚合数据速率大于UE要求的聚合数据速率能力门限值,则gNB根据PDU session的每个QOS flow的DRB IP优先级来判决是否配置DRB IP功能。对于判决不能配置DRB IP功能的PDU session和/或Qos flow,gNB可以直接拒绝SMF或gNB决定配置对应的DRB不带DRB IP功能。If the aggregate data rate of the QOS flow corresponding to the PDU session with the indicated parameter of the security policy is greater than the aggregate data rate capability threshold required by the UE, the gNB decides according to the DRB IP priority of each QOS flow of the PDU session. Whether to configure the DRB IP function. For a PDU session and/or Qos flow that cannot be configured with the DRB IP function, the gNB can directly reject the SMF or the gNB to determine the corresponding DRB without the DRB IP function.
如果安全策略的指示参数为“required”的PDU session对应的QOS flow的聚合数据速率小于或等于UE要求的聚合数据速率能力门限值,则gNB配置所有的安全策略的指示参数为“required”的PDU session对应的DRB使能DRB IP功能。If the aggregate data rate of the QOS flow corresponding to the PDU session with the indicated parameter of the security policy is less than or equal to the aggregated data rate capability threshold required by the UE, the gNB configures all the security policy indication parameters as “required”. The DRB corresponding to the PDU session enables the DRB IP function.
对于安全策略的指示参数为“preferred”的PDU session,gNB根据PDU session中每个QOS flow的DRB IP优先级和本地策略决定是否配置该PDU session的Qos flow对应的DRB为使能DRB IP。For the PDU session whose security parameter is "preferred", the gNB determines whether the DRB corresponding to the QoS session of the PDU session is configured to enable the DRB IP according to the DRB IP precedence and the local policy of each QOS flow in the PDU session.
图8为本发明实施例的DRB完整性保护的配置装置的结果组成示意图。FIG. 8 is a schematic diagram showing the result composition of a DRB integrity protection configuration apparatus according to an embodiment of the present invention.
在一示例中,所述装置包括:In an example, the apparatus comprises:
第一获取单元801,用于获取第一核心网网元配置的PDU会话的安全策略信息和优先级信息,所述安全策略信息包括所述PDU会话对应的DRB IP的指示参数,所述优先级信息用于指示所述PDU会话对应的DRB IP的优先级;The first obtaining unit 801 is configured to obtain the security policy information and the priority information of the PDU session configured by the first core network element, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session, where the priority is The information is used to indicate a priority of the DRB IP corresponding to the PDU session;
第二获取单元802,用于获取终端的第一UE能力信息,所述第一UE能力信息包括所述终端要求的关于DRB IP的聚合数据速率能力门限值;a second acquiring unit 802, configured to acquire first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
配置单元803,用于根据所述第一UE能力信息、所述终端对应的各个PDU会话的安全策略信息和优先级信息,确定是否配置DRB IP功能。The configuration unit 803 is configured to determine whether to configure the DRB IP function according to the first UE capability information, the security policy information and the priority information of each PDU session corresponding to the terminal.
在一实施方式中,所述配置单元803,用于根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能;如果所述第一聚合数据速率大于所述聚合数据速率能力门限值,则所述基站根据所述终端对应的各个PDU会话的优先级信息,确定对所述各个PDU会话是否配置DRB IP功能。In an embodiment, the configuration unit 803 is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, the first aggregate data of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter. Rate, the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is greater than the aggregate data rate capability threshold, the base station according to the priority of each PDU session corresponding to the terminal Level information, determining whether a DRB IP function is configured for the respective PDU session.
在一实施方式中,所述装置还包括:In an embodiment, the device further includes:
反馈单元804,用于对于确定不能配置DRB IP功能的第一PDU会话,向所述第一核心网网元发送第一反馈信息,所述第一反馈信息用于向所述第一核心网网元通知所述第一PDU会话不能配置DRB IP功能。The feedback unit 804 is configured to send first feedback information to the first core network element for determining a first PDU session in which the DRB IP function cannot be configured, where the first feedback information is used to the first core network The element notifies that the first PDU session cannot configure the DRB IP function.
在一实施方式中,所述配置单元803,用于对于确定不能配置DRB IP功能的第一PDU会话,对所述第一PDU会话不配置DRB IP功能;对于确定能够配置DRB IP功能的第二PDU会话,对所述第二PDU会话配置DRB IP功能。In an embodiment, the configuration unit 803 is configured to: not configure a DRB IP function for the first PDU session for determining a first PDU session in which the DRB IP function cannot be configured; and determine a second function capable of configuring the DRB IP function. A PDU session, configuring a DRB IP function for the second PDU session.
在一实施方式中,所述配置单元803,用于根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能;如果所述第一聚合数据速率小于或等于所述聚合数据速率能力门限值,则对DRB IP的指示参数为所述第一参数的全部PDU会话配置DRB IP功能。In an embodiment, the configuration unit 803 is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, the first aggregate data of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter. Rate, the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is less than or equal to the aggregate data rate capability threshold, the indication parameter for the DRB IP is the first parameter All PDU sessions are configured with the DRB IP feature.
在一实施方式中,所述配置单元803,用于根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第二参数的第三PDU会话,所述第二参数用于指示建议配置DRB IP功能;对于DRB IP的指示参数为第二参数的各个第三PDU会话, 所述基站根据所述各个第三PDU会话的优先级信息、所述第一UE能力信息以及本地策略,确定对所述各个第三PDU会话是否配置DRB IP功能。In an embodiment, the configuration unit 803 is configured to determine, according to security policy information of each PDU session corresponding to the terminal, a third PDU session in which the indication parameter of the DRB IP is the second parameter, where the second parameter is used. Demonstrating the recommendation to configure the DRB IP function; for the third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station according to the priority information of the respective third PDU session, the first UE capability information, and the local A policy determines whether a DRB IP function is configured for each of the third PDU sessions.
在一实施方式中,所述配置DRB IP功能是指:对PDU会话对应的DRB使能DRB IP功能。In an embodiment, the configuring the DRB IP function means: enabling the DRB IP function for the DRB corresponding to the PDU session.
在另一示例中,所述装置包括:In another example, the apparatus includes:
第一获取单元801,用于获取第一核心网网元配置的PDU会话的安全策略信息和所述PDU会话中每个QOS流的优先级信息,所述安全策略信息包括所述PDU会话对应的DRB IP的指示参数,所述优先级信息用于指示QOS流对应的DRB IP的优先级;The first obtaining unit 801 is configured to obtain security policy information of a PDU session configured by the first core network element and priority information of each QOS flow in the PDU session, where the security policy information includes a corresponding PDU session. An indication parameter of the DRB IP, where the priority information is used to indicate a priority of a DRB IP corresponding to the QOS flow;
第二获取单元802,用于获取终端的第一UE能力信息,所述第一UE能力信息包括所述终端要求的关于DRB IP的聚合数据速率能力门限值;a second acquiring unit 802, configured to acquire first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
配置单元803,用于根据所述第一UE能力信息、所述终端对应的各个PDU会话的安全策略信息和所述各个PDU会话中的每个QOS流的优先级信息,确定是否配置DRB IP功能。The configuration unit 803 is configured to determine whether to configure the DRB IP function according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session. .
在一实施方式中,所述配置单元803,用于根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能;如果所述第一聚合数据速率大于所述聚合数据速率能力门限值,则根据所述终端对应的各个PDU会话中的每个QOS流的优先级信息,确定对所述各个PDU会话是否配置DRB IP功能和/或对所述各个PDU会话中的每个QOS流是否配置DRB IP功能。In an embodiment, the configuration unit 803 is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, the first aggregate data of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter. The first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is greater than the aggregate data rate capability threshold, each QOS in each PDU session corresponding to the terminal is used. The priority information of the flow determines whether the DRB IP function is configured for the respective PDU session and/or whether the DRB IP function is configured for each QOS flow in the respective PDU session.
在一实施方式中,所述装置还包括:In an embodiment, the device further includes:
反馈单元804,用于对于确定不能配置DRB IP功能的第一PDU会话和/或第一QOS流,向所述第一核心网网元发送第一反馈信息,所述第一反馈信息用于向所述第一核心网网元通知所述第一PDU会话和/或所述第一QOS流不能配置DRB IP功能。The feedback unit 804 is configured to send first feedback information to the first core network element for determining a first PDU session and/or a first QOS flow that cannot configure the DRB IP function, where the first feedback information is used to The first core network element notifies the first PDU session and/or the first QOS flow cannot configure the DRB IP function.
在一实施方式中,所述配置单元803,用于对于确定不能配置DRB IP功能的第一PDU会话和/或第一QOS流,对所述第一PDU会话和/或第一QOS流不配置DRB IP功能;对于确定能够配置DRB IP功能的第二PDU会话和/或第二QOS流,对所述第二PDU会话和/或第二QOS流配置DRB IP功能。In an implementation, the configuration unit 803 is configured to: configure, for the first PDU session and/or the first QOS flow, that the DRB IP function cannot be configured, and configure the first PDU session and/or the first QOS flow. The DRB IP function; for determining a second PDU session and/or a second QOS flow capable of configuring a DRB IP function, configuring a DRB IP function for the second PDU session and/or the second QOS flow.
在一实施方式中,所述配置单元803,用于根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能;如果所述第一聚合数据速率小于或等于所述聚合数据速率能力门限值,则对DRB IP的指示参数为所述第一参数的全部PDU会话配置DRB IP功能。In an embodiment, the configuration unit 803 is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, the first aggregate data of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter. Rate, the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is less than or equal to the aggregate data rate capability threshold, the indication parameter for the DRB IP is the first parameter All PDU sessions are configured with the DRB IP feature.
在一实施方式中,所述配置单元803,用于根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第二参数的第三PDU会话,所述第二参数用于指示建议配置DRB IP功能;对于DRB IP的指示参数为第二参数的各个第三PDU会话,所述基站根据所述各个第三PDU会话中每个QOS流的优先级信息、所述第一UE能力信息以及本地策略,确定对所述各个第三PDU会话和/或所述各个第三PDU会话中的每个QOS流是否配置DRB IP功能。In an embodiment, the configuration unit 803 is configured to determine, according to security policy information of each PDU session corresponding to the terminal, a third PDU session in which the indication parameter of the DRB IP is the second parameter, where the second parameter is used. Demonstrating the recommendation to configure the DRB IP function; for the third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station according to the priority information of each QOS flow in the respective third PDU session, the first The UE capability information and the local policy determine whether a DRB IP function is configured for each of the respective third PDU sessions and/or each of the respective third PDU sessions.
在一实施方式中,所述配置DRB IP功能是指:对PDU会话和/或QOS流对应的DRB使能DRB IP功能。In an embodiment, the configuring the DRB IP function refers to: enabling the DRB IP function for the DRB corresponding to the PDU session and/or the QOS flow.
在一实施方式中,所述PDU会话也对应有优先级信息,对于优先级不同的两个PDU会话,具有较高优先级的PDU会话的全部QOS流的优先级高于具有较低优先级的PDU会话的全部QOS流的优先级。In an embodiment, the PDU session also has priority information. For two PDU sessions with different priorities, all QOS flows of the PDU session with higher priority have higher priority than the lower priority. The priority of all QOS flows of the PDU session.
本领域技术人员应当理解,图8所示的DRB完整性保护的配置装置中的各单元的 实现功能可参照前述DRB完整性保护的配置方法的相关描述而理解。图8所示的DRB完整性保护的配置装置中的各单元的功能可通过运行于处理器上的程序而实现,也可通过具体的逻辑电路而实现。It will be understood by those skilled in the art that the implementation functions of the units in the DRB integrity protection configuration apparatus shown in FIG. 8 can be understood by referring to the related description of the foregoing DRB integrity protection configuration method. The functions of the units in the DRB integrity protection configuration apparatus shown in FIG. 8 can be implemented by a program running on the processor, or can be realized by a specific logic circuit.
本发明实施例上述DRB完整性保护的配置装置如果以软件功能模块的形式实现并作为独立的产品销售或使用时,也可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明实施例的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机、服务器、或者网络设备等)执行本发明各个实施例所述方法的全部或部分。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read Only Memory)、磁碟或者光盘等各种可以存储程序代码的介质。这样,本发明实施例不限制于任何特定的硬件和软件结合。In the embodiment of the present invention, the DRB integrity protection configuration device may be stored in a computer readable storage medium if it is implemented in the form of a software function module and sold or used as a standalone product. Based on such understanding, the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium, including a plurality of instructions. A computer device (which may be a personal computer, server, or network device, etc.) is caused to perform all or part of the methods described in various embodiments of the present invention. The foregoing storage medium includes various media that can store program codes, such as a USB flash drive, a mobile hard disk, a read only memory (ROM), a magnetic disk, or an optical disk. Thus, embodiments of the invention are not limited to any specific combination of hardware and software.
相应地,本发明实施例还提供一种计算机存储介质,其中存储有计算机可执行指令,该计算机可执行指令被处理器执行时实现本发明实施例的上述DRB完整性保护的配置方法。Correspondingly, the embodiment of the present invention further provides a computer storage medium, wherein the computer executable instructions are stored, and the computer executable instructions are executed by the processor to implement the DRB integrity protection configuration method of the embodiment of the present invention.
图9为本发明实施例的计算机设备的结构组成示意图,该计算机设备可以是终端,也可以是网络设备。如图9所示,计算机设备100可以包括一个或多个(图中仅示出一个)处理器1002(处理器1002可以包括但不限于微处理器(MCU,Micro Controller Unit)或可编程逻辑器件(FPGA,Field Programmable Gate Array)等的处理装置)、用于存储数据的存储器1004、以及用于通信功能的传输装置1006。本领域普通技术人员可以理解,图9所示的结构仅为示意,其并不对上述电子装置的结构造成限定。例如,计算机设备100还可包括比图9中所示更多或者更少的组件,或者具有与图9所示不同的配置。FIG. 9 is a schematic structural diagram of a computer device according to an embodiment of the present invention. The computer device may be a terminal or a network device. As shown in FIG. 9, computer device 100 may include one or more (only one shown) processor 1002 (processor 1002 may include, but is not limited to, a Micro Controller Unit (MCU) or a programmable logic device. A processing device such as an FPGA (Field Programmable Gate Array), a memory 1004 for storing data, and a transmission device 1006 for a communication function. It will be understood by those skilled in the art that the structure shown in FIG. 9 is merely illustrative and does not limit the structure of the above electronic device. For example, computer device 100 may also include more or fewer components than shown in FIG. 9, or have a different configuration than that shown in FIG.
存储器1004可用于存储应用软件的软件程序以及模块,如本发明实施例中的方法对应的程序指令/模块,处理器1002通过运行存储在存储器1004内的软件程序以及模块,从而执行各种功能应用以及数据处理,即实现上述的方法。存储器1004可包括高速随机存储器,还可包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器1004可进一步包括相对于处理器1002远程设置的存储器,这些远程存储器可以通过网络连接至计算机设备100。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 1004 can be used to store software programs and modules of application software, such as program instructions/modules corresponding to the method in the embodiment of the present invention, and the processor 1002 executes various functional applications by running software programs and modules stored in the memory 1004. And data processing, that is, to achieve the above method. Memory 1004 can include high speed random access memory, and can also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory. In some examples, memory 1004 can further include memory remotely located relative to processor 1002, which can be connected to computer device 100 over a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.
传输装置1006用于经由一个网络接收或者发送数据。上述的网络具体实例可包括计算机设备100的通信供应商提供的无线网络。在一个实例中,传输装置1006包括一个网络适配器(NIC,Network Interface Controller),其可通过基站与其他网络设备相连从而可与互联网进行通讯。在一个实例中,传输装置1006可以为射频(RF,Radio Frequency)模块,其用于通过无线方式与互联网进行通讯。Transmission device 1006 is for receiving or transmitting data via a network. The network specific examples described above may include a wireless network provided by a communication provider of computer device 100. In one example, the transmission device 1006 includes a Network Interface Controller (NIC) that can be connected to other network devices through a base station to communicate with the Internet. In one example, the transmission device 1006 can be a radio frequency (RF) module for communicating with the Internet wirelessly.
本发明实施例所记载的技术方案之间,在不冲突的情况下,可以任意组合。The technical solutions described in the embodiments of the present invention can be arbitrarily combined without conflict.
在本发明所提供的几个实施例中,应该理解到,所揭露的方法和智能设备,可以通过其它的方式实现。以上所描述的设备实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,如:多个单元或组件可以结合,或可以集成到另一个系统,或一些特征可以忽略,或不执行。另外,所显示或讨论的各组成部分相互之间的耦合、或直接耦合、或通信连接可以是通过一些接口,设备或单元的间接耦合或通信连接,可以是电性的、机械的或其它形式的。In the several embodiments provided by the present invention, it should be understood that the disclosed method and smart device may be implemented in other manners. The device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, such as: multiple units or components may be combined, or Can be integrated into another system, or some features can be ignored or not executed. In addition, the coupling, or direct coupling, or communication connection of the components shown or discussed may be indirect coupling or communication connection through some interfaces, devices or units, and may be electrical, mechanical or other forms. of.
上述作为分离部件说明的单元可以是、或也可以不是物理上分开的,作为单元显示的部件可以是、或也可以不是物理单元,即可以位于一个地方,也可以分布到多个网络单元上;可以根据实际的需要选择其中的部分或全部单元来实现本实施例方案的目的。The units described above as separate components may or may not be physically separated, and the components displayed as the unit may or may not be physical units, that is, may be located in one place or distributed to multiple network units; Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
另外,在本发明各实施例中的各功能单元可以全部集成在一个第二处理单元中,也 可以是各单元分别单独作为一个单元,也可以两个或两个以上单元集成在一个单元中;上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one second processing unit, or each unit may be separately used as one unit, or two or more units may be integrated into one unit; The above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。The above is only a specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention.

Claims (31)

  1. 一种DRB完整性保护的配置方法,所述方法包括:A method for configuring DRB integrity protection, the method comprising:
    基站获取第一核心网网元配置的PDU会话的安全策略信息和优先级信息,所述安全策略信息包括所述PDU会话对应的DRB IP的指示参数,所述优先级信息用于指示所述PDU会话对应的DRB IP的优先级;The base station acquires the security policy information and the priority information of the PDU session configured by the first core network element, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session, and the priority information is used to indicate the PDU. The priority of the DRB IP corresponding to the session;
    所述基站获取终端的第一UE能力信息,所述第一UE能力信息包括所述终端要求的关于DRB IP的聚合数据速率能力门限值;The base station acquires first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
    所述基站根据所述第一UE能力信息、所述终端对应的各个PDU会话的安全策略信息和优先级信息,确定是否配置DRB IP功能。The base station determines whether to configure the DRB IP function according to the first UE capability information, the security policy information and the priority information of each PDU session corresponding to the terminal.
  2. 根据权利要求1所述的方法,其中,所述基站根据所述第一UE能力信息、以及所述终端对应的各个PDU会话的安全策略信息和优先级信息,确定是否配置DRB IP功能,包括:The method according to claim 1, wherein the base station determines whether to configure the DRB IP function according to the first UE capability information and the security policy information and the priority information of each PDU session corresponding to the terminal, including:
    所述基站根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能;Determining, by the base station, the first aggregation data rate of the QOS flow corresponding to the PDU session of the first parameter according to the security policy information of each PDU session corresponding to the terminal, where the first parameter is used to indicate the need Configure the DRB IP function.
    如果所述第一聚合数据速率大于所述聚合数据速率能力门限值,则所述基站根据所述终端对应的各个PDU会话的优先级信息,确定对所述各个PDU会话是否配置DRB IP功能。If the first aggregated data rate is greater than the aggregated data rate capability threshold, the base station determines whether to configure the DRB IP function for each PDU session according to the priority information of each PDU session corresponding to the terminal.
  3. 根据权利要求2所述的方法,其中,所述方法还包括:The method of claim 2, wherein the method further comprises:
    对于确定不能配置DRB IP功能的第一PDU会话,所述基站向所述第一核心网网元发送第一反馈信息,所述第一反馈信息用于向所述第一核心网网元通知所述第一PDU会话不能配置DRB IP功能。For determining the first PDU session in which the DRB IP function cannot be configured, the base station sends first feedback information to the first core network network element, where the first feedback information is used to notify the first core network element The first PDU session cannot configure the DRB IP function.
  4. 根据权利要求2或3所述的方法,其中,所述方法还包括:The method of claim 2 or 3, wherein the method further comprises:
    对于确定不能配置DRB IP功能的第一PDU会话,所述基站对所述第一PDU会话不配置DRB IP功能;For determining a first PDU session in which the DRB IP function cannot be configured, the base station does not configure a DRB IP function for the first PDU session;
    对于确定能够配置DRB IP功能的第二PDU会话,所述基站对所述第二PDU会话配置DRB IP功能。For determining a second PDU session capable of configuring a DRB IP function, the base station configures a DRB IP function for the second PDU session.
  5. 根据权利要求1至4任一项所述的方法,其中,所述基站根据所述第一UE能力信息、以及所述终端对应的各个PDU会话的安全策略信息和优先级信息,确定是否配置DRB IP功能,包括:The method according to any one of claims 1 to 4, wherein the base station determines whether to configure the DRB according to the first UE capability information and the security policy information and priority information of each PDU session corresponding to the terminal. IP features, including:
    所述基站根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能;Determining, by the base station, the first aggregation data rate of the QOS flow corresponding to the PDU session of the first parameter according to the security policy information of each PDU session corresponding to the terminal, where the first parameter is used to indicate the need Configure the DRB IP function.
    如果所述第一聚合数据速率小于或等于所述聚合数据速率能力门限值,则所述基站对DRB IP的指示参数为所述第一参数的全部PDU会话配置DRB IP功能。If the first aggregated data rate is less than or equal to the aggregated data rate capability threshold, the base station indicates that the DRB IP indication parameter is a DRB IP function for all PDU sessions of the first parameter.
  6. 根据权利要求1至5任一项所述的方法,其中,所述基站根据所述第一UE能力信息、以及所述终端对应的各个PDU会话的安全策略信息和优先级信息,确定是否配置DRB IP功能,包括:The method according to any one of claims 1 to 5, wherein the base station determines whether to configure the DRB according to the first UE capability information and the security policy information and priority information of each PDU session corresponding to the terminal. IP features, including:
    所述基站根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第二参数的第三PDU会话,所述第二参数用于指示建议配置DRB IP功能;Determining, by the base station, the third PDU session in which the indication parameter of the DRB IP is the second parameter according to the security policy information of the PDU session corresponding to the terminal, where the second parameter is used to indicate that the DRB IP function is recommended to be configured;
    对于DRB IP的指示参数为第二参数的各个第三PDU会话,所述基站根据所述各个第三PDU会话的优先级信息、所述第一UE能力信息以及本地策略,确定对所 述各个第三PDU会话是否配置DRB IP功能。For each third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station determines, according to the priority information of the respective third PDU session, the first UE capability information, and the local policy, Whether the DRB IP function is configured for the three PDU sessions.
  7. 根据权利要求1至6任一项所述的方法,其中,所述配置DRB IP功能是指:对PDU会话对应的DRB使能DRB IP功能。The method according to any one of claims 1 to 6, wherein the configuring the DRB IP function means: enabling the DRB IP function for the DRB corresponding to the PDU session.
  8. 一种DRB完整性保护的配置方法,所述方法包括:A method for configuring DRB integrity protection, the method comprising:
    基站获取第一核心网网元配置的PDU会话的安全策略信息和所述PDU会话中每个QOS流的优先级信息,所述安全策略信息包括所述PDU会话对应的DRB IP的指示参数,所述优先级信息用于指示QOS流对应的DRB IP的优先级;The base station acquires the security policy information of the PDU session configured by the first core network element and the priority information of each QOS flow in the PDU session, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session. The priority information is used to indicate the priority of the DRB IP corresponding to the QOS flow;
    所述基站获取终端的第一UE能力信息,所述第一UE能力信息包括所述终端要求的关于DRB IP的聚合数据速率能力门限值;The base station acquires first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
    所述基站根据所述第一UE能力信息、所述终端对应的各个PDU会话的安全策略信息和所述各个PDU会话中的每个QOS流的优先级信息,确定是否配置DRB IP功能。The determining, by the base station, whether to configure the DRB IP function according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session.
  9. 根据权利要求8所述的方法,其中,所述基站根据所述第一UE能力信息、所述终端对应的各个PDU会话的安全策略信息和所述各个PDU会话中的每个QOS流的优先级信息,确定是否配置DRB IP功能,包括:The method according to claim 8, wherein the base station according to the first UE capability information, security policy information of each PDU session corresponding to the terminal, and priority of each QOS flow in each PDU session Information to determine whether to configure DRB IP functions, including:
    所述基站根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能;Determining, by the base station, the first aggregation data rate of the QOS flow corresponding to the PDU session of the first parameter according to the security policy information of each PDU session corresponding to the terminal, where the first parameter is used to indicate the need Configure the DRB IP function.
    如果所述第一聚合数据速率大于所述聚合数据速率能力门限值,则所述基站根据所述终端对应的各个PDU会话中的每个QOS流的优先级信息,确定对所述各个PDU会话是否配置DRB IP功能和/或对所述各个PDU会话中的每个QOS流是否配置DRB IP功能。If the first aggregated data rate is greater than the aggregated data rate capability threshold, the base station determines, according to the priority information of each QOS flow in each PDU session corresponding to the terminal, the session of each PDU. Whether to configure the DRB IP function and/or whether to configure the DRB IP function for each of the QOS flows in the respective PDU sessions.
  10. 根据权利要求9所述的方法,其中,所述方法还包括:The method of claim 9 wherein the method further comprises:
    对于确定不能配置DRB IP功能的第一PDU会话和/或第一QOS流,所述基站向所述第一核心网网元发送第一反馈信息,所述第一反馈信息用于向所述第一核心网网元通知所述第一PDU会话和/或所述第一QOS流不能配置DRB IP功能。For determining a first PDU session and/or a first QOS flow in which the DRB IP function cannot be configured, the base station sends first feedback information to the first core network network element, where the first feedback information is used to A core network element notifies the first PDU session and/or the first QOS flow that the DRB IP function cannot be configured.
  11. 根据权利要求9或10所述的方法,其中,所述方法还包括:The method of claim 9 or 10, wherein the method further comprises:
    对于确定不能配置DRB IP功能的第一PDU会话和/或第一QOS流,所述基站对所述第一PDU会话和/或第一QOS流不配置DRB IP功能;For determining a first PDU session and/or a first QOS flow in which the DRB IP function cannot be configured, the base station does not configure a DRB IP function for the first PDU session and/or the first QOS flow;
    对于确定能够配置DRB IP功能的第二PDU会话和/或第二QOS流,所述基站对所述第二PDU会话和/或第二QOS流配置DRB IP功能。For determining a second PDU session and/or a second QOS flow capable of configuring a DRB IP function, the base station configures a DRB IP function for the second PDU session and/or the second QOS flow.
  12. 根据权利要求8至11任一项所述的方法,其中,所述基站根据所述第一UE能力信息、所述终端对应的各个PDU会话的安全策略信息和所述各个PDU会话中的每个QOS流的优先级信息,确定是否配置DRB IP功能,包括:The method according to any one of claims 8 to 11, wherein the base station according to the first UE capability information, security policy information of each PDU session corresponding to the terminal, and each of the respective PDU sessions The priority information of the QOS flow determines whether the DRB IP function is configured, including:
    所述基站根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能;Determining, by the base station, the first aggregation data rate of the QOS flow corresponding to the PDU session of the first parameter according to the security policy information of each PDU session corresponding to the terminal, where the first parameter is used to indicate the need Configure the DRB IP function.
    如果所述第一聚合数据速率小于或等于所述聚合数据速率能力门限值,则所述基站对DRB IP的指示参数为所述第一参数的全部PDU会话配置DRB IP功能。If the first aggregated data rate is less than or equal to the aggregated data rate capability threshold, the base station indicates that the DRB IP indication parameter is a DRB IP function for all PDU sessions of the first parameter.
  13. 根据权利要求8至12任一项所述的方法,其中,所述基站根据所述第一UE能力信息、以及所述终端对应的各个PDU会话的安全策略信息和优先级信息,确定是否配置DRB IP功能,包括:The method according to any one of claims 8 to 12, wherein the base station determines whether to configure DRB according to the first UE capability information and security policy information and priority information of each PDU session corresponding to the terminal. IP features, including:
    所述基站根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第二参数的第三PDU会话,所述第二参数用于指示建议配置DRB IP功 能;Determining, by the base station, the third PDU session in which the indication parameter of the DRB IP is the second parameter according to the security policy information of the PDU session corresponding to the terminal, where the second parameter is used to indicate that the recommended DRB IP function is configured;
    对于DRB IP的指示参数为第二参数的各个第三PDU会话,所述基站根据所述各个第三PDU会话中每个QOS流的优先级信息、所述第一UE能力信息以及本地策略,确定对所述各个第三PDU会话和/或所述各个第三PDU会话中的每个QOS流是否配置DRB IP功能。For each third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station determines, according to the priority information of each QOS flow in the respective third PDU session, the first UE capability information, and the local policy. Whether to configure a DRB IP function for each of the respective third PDU sessions and/or each of the respective third PDU sessions.
  14. 根据权利要求8至13任一项所述的方法,其中,所述配置DRB IP功能是指:对PDU会话和/或QOS流对应的DRB使能DRB IP功能。The method according to any one of claims 8 to 13, wherein the configuring the DRB IP function means: enabling the DRB IP function for the DRB corresponding to the PDU session and/or the QOS flow.
  15. 根据权利要求8至14任一项所述的方法,其中,所述PDU会话也对应有优先级信息,对于优先级不同的两个PDU会话,具有较高优先级的PDU会话的全部QOS流的优先级高于具有较低优先级的PDU会话的全部QOS流的优先级。The method according to any one of claims 8 to 14, wherein the PDU session also corresponds to priority information, and for all PDU sessions with different priorities, all QOS flows of a PDU session with a higher priority The priority is higher than the priority of all QOS flows of the PDU session with lower priority.
  16. 一种DRB完整性保护的配置装置,所述装置包括:A configuration device for DRB integrity protection, the device comprising:
    第一获取单元,用于获取第一核心网网元配置的PDU会话的安全策略信息和优先级信息,所述安全策略信息包括所述PDU会话对应的DRB IP的指示参数,所述优先级信息用于指示所述PDU会话对应的DRB IP的优先级;a first acquiring unit, configured to obtain security policy information and priority information of a PDU session configured by the first core network element, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session, and the priority information is a priority for indicating a DRB IP corresponding to the PDU session;
    第二获取单元,用于获取终端的第一UE能力信息,所述第一UE能力信息包括所述终端要求的关于DRB IP的聚合数据速率能力门限值;a second acquiring unit, configured to acquire first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
    配置单元,用于根据所述第一UE能力信息、所述终端对应的各个PDU会话的安全策略信息和优先级信息,确定是否配置DRB IP功能。And a configuration unit, configured to determine whether to configure the DRB IP function according to the first UE capability information, the security policy information and the priority information of each PDU session corresponding to the terminal.
  17. 根据权利要求16所述的装置,其中,所述配置单元,用于根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能;如果所述第一聚合数据速率大于所述聚合数据速率能力门限值,则所述基站根据所述终端对应的各个PDU会话的优先级信息,确定对所述各个PDU会话是否配置DRB IP功能。The device according to claim 16, wherein the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, that the indication parameter of the DRB IP is the QOS flow corresponding to the PDU session of the first parameter. The first aggregated data rate, the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregated data rate is greater than the aggregated data rate capability threshold, the base station is configured according to each of the terminals The priority information of the PDU session determines whether the DRB IP function is configured for the respective PDU session.
  18. 根据权利要求17所述的装置,其中,所述装置还包括:The apparatus of claim 17 wherein said apparatus further comprises:
    反馈单元,用于对于确定不能配置DRB IP功能的第一PDU会话,向所述第一核心网网元发送第一反馈信息,所述第一反馈信息用于向所述第一核心网网元通知所述第一PDU会话不能配置DRB IP功能。a feedback unit, configured to send first feedback information to the first core network element for determining a first PDU session in which the DRB IP function cannot be configured, where the first feedback information is used to send to the first core network element Notifying the first PDU session that the DRB IP function cannot be configured.
  19. 根据权利要求17或18所述的装置,其中,所述配置单元,用于对于确定不能配置DRB IP功能的第一PDU会话,对所述第一PDU会话不配置DRB IP功能;对于确定能够配置DRB IP功能的第二PDU会话,对所述第二PDU会话配置DRB IP功能。The apparatus according to claim 17 or 18, wherein the configuration unit is configured to not configure a DRB IP function for the first PDU session for determining a first PDU session in which the DRB IP function cannot be configured; A second PDU session of the DRB IP function, configuring a DRB IP function for the second PDU session.
  20. 根据权利要求16至19任一项所述的装置,其中,所述配置单元,用于根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能;如果所述第一聚合数据速率小于或等于所述聚合数据速率能力门限值,则对DRB IP的指示参数为所述第一参数的全部PDU会话配置DRB IP功能。The device according to any one of claims 16 to 19, wherein the configuration unit is configured to determine, according to security policy information of each PDU session corresponding to the terminal, a PDU session in which the indication parameter of the DRB IP is the first parameter. The first aggregated data rate of the corresponding QOS flow, the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregated data rate is less than or equal to the aggregated data rate capability threshold, the DRB IP is used. The indication parameter is to configure the DRB IP function for all PDU sessions of the first parameter.
  21. 根据权利要求16至20任一项所述的装置,其中,所述配置单元,用于根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第二参数的第三PDU会话,所述第二参数用于指示建议配置DRB IP功能;对于DRB IP的指示参数为第二参数的各个第三PDU会话,所述基站根据所述各个第三PDU会话的优先级信息、所述第一UE能力信息以及本地策略,确定对所述各个第三PDU会话是否配置DRB IP功能。The device according to any one of claims 16 to 20, wherein the configuration unit is configured to determine, according to security policy information of each PDU session corresponding to the terminal, that the indication parameter of the DRB IP is the third parameter of the second parameter. a PDU session, the second parameter is used to indicate a recommended configuration of the DRB IP function; for the third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station according to the priority information of the respective third PDU session, The first UE capability information and the local policy determine whether a DRB IP function is configured for the respective third PDU session.
  22. 根据权利要求16至21任一项所述的装置,其中,所述配置DRB IP功能是 指:对PDU会话对应的DRB使能DRB IP功能。The apparatus according to any one of claims 16 to 21, wherein the configuring the DRB IP function means: enabling the DRB IP function for the DRB corresponding to the PDU session.
  23. 一种DRB完整性保护的配置装置,所述装置包括:A configuration device for DRB integrity protection, the device comprising:
    第一获取单元,用于获取第一核心网网元配置的PDU会话的安全策略信息和所述PDU会话中每个QOS流的优先级信息,所述安全策略信息包括所述PDU会话对应的DRB IP的指示参数,所述优先级信息用于指示QOS流对应的DRB IP的优先级;a first acquiring unit, configured to acquire security policy information of a PDU session configured by the first core network element and priority information of each QOS flow in the PDU session, where the security policy information includes a DRB corresponding to the PDU session An indication parameter of the IP, where the priority information is used to indicate a priority of a DRB IP corresponding to the QOS flow;
    第二获取单元,用于获取终端的第一UE能力信息,所述第一UE能力信息包括所述终端要求的关于DRB IP的聚合数据速率能力门限值;a second acquiring unit, configured to acquire first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
    配置单元,用于根据所述第一UE能力信息、所述终端对应的各个PDU会话的安全策略信息和所述各个PDU会话中的每个QOS流的优先级信息,确定是否配置DRB IP功能。And a configuration unit, configured to determine whether to configure the DRB IP function according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session.
  24. 根据权利要求23所述的装置,其中,所述配置单元,用于根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能;如果所述第一聚合数据速率大于所述聚合数据速率能力门限值,则根据所述终端对应的各个PDU会话中的每个QOS流的优先级信息,确定对所述各个PDU会话是否配置DRB IP功能和/或对所述各个PDU会话中的每个QOS流是否配置DRB IP功能。The device according to claim 23, wherein the configuration unit is configured to determine, according to security policy information of each PDU session corresponding to the terminal, that the indication parameter of the DRB IP is the QOS flow corresponding to the PDU session of the first parameter. The first aggregated data rate, the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregated data rate is greater than the aggregated data rate capability threshold, according to each PDU session corresponding to the terminal The priority information of each QOS flow determines whether the DRB IP function is configured for the respective PDU session and/or whether the DRB IP function is configured for each QOS flow in the respective PDU session.
  25. 根据权利要求24所述的装置,其中,所述装置还包括:The device of claim 24, wherein the device further comprises:
    反馈单元,用于对于确定不能配置DRB IP功能的第一PDU会话和/或第一QOS流,向所述第一核心网网元发送第一反馈信息,所述第一反馈信息用于向所述第一核心网网元通知所述第一PDU会话和/或所述第一QOS流不能配置DRB IP功能。a feedback unit, configured to send first feedback information to the first core network element for determining a first PDU session and/or a first QOS flow that cannot configure the DRB IP function, where the first feedback information is used by the The first core network element notifies the first PDU session and/or the first QOS flow cannot configure the DRB IP function.
  26. 根据权利要求24或25所述的装置,其中,所述配置单元,用于对于确定不能配置DRB IP功能的第一PDU会话和/或第一QOS流,对所述第一PDU会话和/或第一QOS流不配置DRB IP功能;对于确定能够配置DRB IP功能的第二PDU会话和/或第二QOS流,对所述第二PDU会话和/或第二QOS流配置DRB IP功能。The apparatus according to claim 24 or 25, wherein the configuration unit is configured to determine the first PDU session and/or the first QOS flow for the first PDU session and/or for determining that the DRB IP function cannot be configured. The first QOS flow does not configure the DRB IP function; for determining the second PDU session and/or the second QOS flow capable of configuring the DRB IP function, the DRB IP function is configured for the second PDU session and/or the second QOS flow.
  27. 根据权利要求23至26任一项所述的装置,其中,所述配置单元,用于根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第一参数的PDU会话对应的QOS流的第一聚合数据速率,所述第一参数用于指示需要配置DRB IP功能;如果所述第一聚合数据速率小于或等于所述聚合数据速率能力门限值,则对DRB IP的指示参数为所述第一参数的全部PDU会话配置DRB IP功能。The device according to any one of claims 23 to 26, wherein the configuration unit is configured to determine, according to security policy information of each PDU session corresponding to the terminal, a PDU session in which the indication parameter of the DRB IP is the first parameter. The first aggregated data rate of the corresponding QOS flow, the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregated data rate is less than or equal to the aggregated data rate capability threshold, the DRB IP is used. The indication parameter is to configure the DRB IP function for all PDU sessions of the first parameter.
  28. 根据权利要求23至27任一项所述的装置,其中,所述配置单元,用于根据所述终端对应的各个PDU会话的安全策略信息,确定DRB IP的指示参数为第二参数的第三PDU会话,所述第二参数用于指示建议配置DRB IP功能;对于DRB IP的指示参数为第二参数的各个第三PDU会话,所述基站根据所述各个第三PDU会话中每个QOS流的优先级信息、所述第一UE能力信息以及本地策略,确定对所述各个第三PDU会话和/或所述各个第三PDU会话中的每个QOS流是否配置DRB IP功能。The device according to any one of claims 23 to 27, wherein the configuration unit is configured to determine, according to security policy information of each PDU session corresponding to the terminal, that the indication parameter of the DRB IP is the third parameter of the second parameter. a PDU session, the second parameter is used to indicate a recommended configuration of the DRB IP function; for the third PDU session where the indication parameter of the DRB IP is the second parameter, the base station is configured according to each QOS flow in each of the third PDU sessions The priority information, the first UE capability information, and the local policy determine whether a DRB IP function is configured for each of the respective third PDU sessions and/or each of the respective third PDU sessions.
  29. 根据权利要求23至28任一项所述的装置,其中,所述配置DRB IP功能是指:对PDU会话和/或QOS流对应的DRB使能DRB IP功能。The apparatus according to any one of claims 23 to 28, wherein the configuring the DRB IP function means: enabling a DRB IP function for a DRB corresponding to a PDU session and/or a QOS flow.
  30. 根据权利要求23至29任一项所述的装置,其中,所述PDU会话也对应有优先级信息,对于优先级不同的两个PDU会话,具有较高优先级的PDU会话的全部QOS流的优先级高于具有较低优先级的PDU会话的全部QOS流的优先级。The apparatus according to any one of claims 23 to 29, wherein the PDU session is also corresponding to priority information, and for all PDU sessions having different priorities, all QOS flows of a PDU session having a higher priority The priority is higher than the priority of all QOS flows of the PDU session with lower priority.
  31. 一种计算机存储介质,其上存储有计算机可执行指令,该计算机可执行指令被处理器执行时实现权利要求1至7任一项所述的方法步骤,或者权利要求8至15任一项所述的方法步骤。A computer storage medium having stored thereon computer executable instructions for performing the method steps of any one of claims 1 to 7 when executed by a processor, or by any of claims 8 to 15 Method steps described.
PCT/CN2018/086107 2018-05-09 2018-05-09 Method and apparatus for configuring drb integrity protection, and computer storage medium WO2019213856A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2018/086107 WO2019213856A1 (en) 2018-05-09 2018-05-09 Method and apparatus for configuring drb integrity protection, and computer storage medium
CN201880082325.5A CN111512659B (en) 2018-05-09 2018-05-09 DRB integrity protection configuration method and device and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/086107 WO2019213856A1 (en) 2018-05-09 2018-05-09 Method and apparatus for configuring drb integrity protection, and computer storage medium

Publications (1)

Publication Number Publication Date
WO2019213856A1 true WO2019213856A1 (en) 2019-11-14

Family

ID=68467242

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/086107 WO2019213856A1 (en) 2018-05-09 2018-05-09 Method and apparatus for configuring drb integrity protection, and computer storage medium

Country Status (2)

Country Link
CN (1) CN111512659B (en)
WO (1) WO2019213856A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113660665A (en) * 2020-04-30 2021-11-16 华为技术有限公司 Communication method and device
US20220264359A1 (en) * 2019-11-06 2022-08-18 Huawei Technologies Co., Ltd. Methods and Apparatus for Packet Flow to Data Radio Bearer Mapping
US20230053937A1 (en) * 2021-08-04 2023-02-23 Samsung Electronics Co., Ltd. Method and device for applying user plane security policy for pdu session in wireless communication system
GB2630989A (en) * 2023-06-16 2024-12-18 Nokia Technologies Oy Security algorithm selection in communication network environment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012055114A1 (en) * 2010-10-29 2012-05-03 Nokia Siemens Networks Oy Security of user plane traffic between relay node and radio access network
CN103069916A (en) * 2010-08-16 2013-04-24 株式会社Ntt都科摩 Mobile communication method, relay node and wireless base station
CN103314548A (en) * 2010-12-10 2013-09-18 瑞典爱立信有限公司 Enabling and disabling integrity protection for data radio bearers

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103069916A (en) * 2010-08-16 2013-04-24 株式会社Ntt都科摩 Mobile communication method, relay node and wireless base station
WO2012055114A1 (en) * 2010-10-29 2012-05-03 Nokia Siemens Networks Oy Security of user plane traffic between relay node and radio access network
CN103314548A (en) * 2010-12-10 2013-09-18 瑞典爱立信有限公司 Enabling and disabling integrity protection for data radio bearers

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ZTE CORPORATION ET AL.: "Framework for DRB Integrity Protection", R2-1802049, 3GPP TSG- RAN WG2 MEETING #101, 15 February 2018 (2018-02-15), XP051399817 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220264359A1 (en) * 2019-11-06 2022-08-18 Huawei Technologies Co., Ltd. Methods and Apparatus for Packet Flow to Data Radio Bearer Mapping
CN113660665A (en) * 2020-04-30 2021-11-16 华为技术有限公司 Communication method and device
US20230053937A1 (en) * 2021-08-04 2023-02-23 Samsung Electronics Co., Ltd. Method and device for applying user plane security policy for pdu session in wireless communication system
GB2630989A (en) * 2023-06-16 2024-12-18 Nokia Technologies Oy Security algorithm selection in communication network environment

Also Published As

Publication number Publication date
CN111512659A (en) 2020-08-07
CN111512659B (en) 2021-09-21

Similar Documents

Publication Publication Date Title
CN113556776B (en) Communication method and device for sending experience quality measurement results
CN110366271B (en) Communication method and communication device
CN110913508B (en) A data packet processing method for a 5G base station with UPF deployed
CN110461027B (en) Network slice selection method and device
CN118945216A (en) Dynamic network capability configuration
US11553546B2 (en) Methods and systems for radio access network aggregation and uniform control of multi-RAT networks
JP7513837B2 (en) Communication method and apparatus
EP4138443A1 (en) Communication method and apparatus
WO2019213856A1 (en) Method and apparatus for configuring drb integrity protection, and computer storage medium
CN114365527A (en) Apparatus and method for network automation in a wireless communication system
EP4401384A1 (en) Data transmission method and communication apparatus
CN119605315A (en) Method and apparatus for controlling user equipment
WO2019136622A1 (en) Data transmission method and device, and computer storage medium
WO2016055026A1 (en) Method and device for transmitting transmission control protocol acknowledgement packet segment
WO2024055871A1 (en) Data transmission method in communication system, and communication apparatus
US12047806B2 (en) Interface between a radio access network and an application
CN115913904A (en) Data communication method, device and equipment based on flow control transmission protocol
WO2019028922A1 (en) Method and device for transmitting cell configuration information
CN116017763A (en) Method, device and storage medium for transmitting endogenous service
US20220015182A1 (en) Terminal apparatus, base station apparatus, and method therefor
WO2019140650A1 (en) Method and device for terminal to report information, and computer storage medium
WO2019140648A1 (en) Method and device for reporting information by terminal, and a computer storage medium
US20240276307A1 (en) Apparatus, method, and computer program
WO2024140290A1 (en) Method for processing computing task, and related apparatus
WO2024169521A1 (en) Communication method and apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18917959

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18917959

Country of ref document: EP

Kind code of ref document: A1