Data flow transmission security control method and device

A technology for data stream transmission and security control, applied in the field of communication

Inactive Publication Date: 2019-03-01
ZTE CORP
View PDF4 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] The embodiment of the present invention provides a data flow transmission security control method and device, to at least solve the problem of how to perform user service data flow between CP / UP in the scenario of physical separation between CP / UP network element entities on the network side in the related art Transmission security management and control issues

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data flow transmission security control method and device
  • Data flow transmission security control method and device
  • Data flow transmission security control method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0053] In this embodiment, a data stream transmission security control method is provided, image 3 is a flowchart of a data stream transmission security control method according to an embodiment of the present invention, such as image 3 As shown, the process includes the following steps:

[0054] Step S302, the user plane UP entity independently configures security control information for each data radio bearer DRB according to a predetermined method, wherein the predetermined method includes: the UP entity independently configures the security control information, and the UP entity combines the control plane CP entity to send parameters, configure the security control information; the security control information includes at least one of the following: security algorithm, security configuration parameters;

[0055] It should be noted that the above security algorithm includes at least one of the following: encryption algorithm, integrity protection algorithm; the security ...

Embodiment 2

[0088] At a certain moment, UE2 is configured with two DRBs: DRB3 and DRB4, which are respectively used to bear and transmit file and video data services. The CP entity and UP entity on the network side have four integrity protection algorithms to choose from: {EIA1, EIA2, EIA3, EIA4}, the encryption protection of DRB is not considered for the time being. In this embodiment, the UP entity does not have complete autonomous security management rights and cannot configure all security parameters of the present invention, and the CP entity needs to assist in configuring KgNB and NH security parameters. like Figure 5 shown, including the following steps:

[0089] Step S501: The UP entity at the network side still preferentially selects and configures the integrity protection algorithm EIA2 and the respective related DSKF parameters for DRB3 / 4, but cannot generate KgNB and NH parameters. The CP entity generates the public root key KgNB and NH parameters according to the configura...

Embodiment 3

[0096] At a certain moment, UE3 is configured with two DRBs: DRB5 and DRB6, which are respectively used to carry the services of web browsing and audio data transmission. The CP entity and UP entity on the network side have three encryption algorithms to choose from: {AES, SNOW3G, ZUC} , the integrity protection of the DRB is not considered for the time being. In this embodiment, the UP entity does not have complete autonomous security management rights and cannot configure all security parameters of the present invention, and the CP entity needs to assist in configuring KgNB and NH security parameters. like Image 6 shown, including the following steps:

[0097] Step S601: The UP entity at the network side still preferentially selects and configures the encryption algorithm AES and the relevant DSKF parameters for DRB5 / 6, but cannot generate KgNB and NH parameters. The CP entity generates the public root key KgNB and NH parameters according to the configuration of the core ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a data flow transmission security control method and device. The method comprises the steps that: a UP (User Plane) entity independently configures security control informationto each DRB (Data Radio Bearer in a preset mode, wherein the preset mode comprises that: the UP entity independently configures the security control information, and the UP entity combines parameterssent by a CP (Control Plane) entity to configure the security control information, and the security control information comprises at least one of the follows: a security algorithm and a security configuration parameter; and the UP entity sends the security control information to UE (User Equipment) by the CP entity, so that the UE carries out a data uplink and downlink transmission security control operation. By the data flow transmission security control method and device provided by the invention, a problem how to carry out security management control processing of user service data flow transmission between a CP and a UP in a scene in which network-side CP and UP network element entities are physically separated in the related art is solved, and the technical effect of effectively carrying out security management control of user service data flow transmission is achieved.

Description

technical field [0001] The present invention relates to the field of communications, in particular to a data stream transmission security control method and device. Background technique [0002] With entering the fifth generation (5G for short) mobile communication era, massive connections and higher data transmission rate requirements for users, the baseband processing unit (Baseband Unit) in the Long Term Evolution (LTE for short) system , referred to as BBU for short) and (Remote Radio Unit, referred to as RRU for short) transmission capacity of the fronthaul interface Common Public Radio Interface (Common Public Radio Interface, referred to as CPRI) poses a great challenge. Since the CPRI interface transmits IQ signals processed by physical layer coding and modulation, and the corresponding digital bit string rate is huge, the CPRI interface has relatively large requirements for transmission delay and working bandwidth, otherwise the BBU and RRU cannot communicate with e...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04W12/02H04W12/10H04W12/106
CPCH04L63/0428H04W12/02H04W12/10H04L9/40
Inventor 杨立
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap