Apparatus and method for performing quantum security-based protocol in quantum communication system

Abstract

According to various embodiments of the present disclosure, a method performed by a first node is provided, the method comprising the steps of: transmitting, through a classic channel, non-secure information among original information related to JavaScript object notation (JSON) web encryption (WE) (JWE); receiving initial quantum information through a quantum channel; performing a quantum bit error rate (QBER) check on the basis of the initial quantum information; and transmitting, through the quantum channel, secure information among the original information on the basis of the QBER check.

Description

Device and method for executing a quantum security-based protocol in a quantum communication system

[0001] The present disclosure relates to an apparatus and method for a quantum communication system. Specifically, the present disclosure may provide an apparatus and method for performing a quantum security-based protocol in a quantum communication system.

[0002]

[0003] With the advancement of Quantum Computers and Quantum Algorithms, systems using the aforementioned Public Key Encryption may be threatened in terms of security. It is theoretically known that encryption methods based on RSA (RIVEST-SHAMIR-ADLEMAN) or ECC (Elliptic Curve Cryptography), which are generally used in asymmetric key-based security systems, can be deciphered within the validity period through the parallel operation of the Shor Algorithm. In the case of RSA 2048-bit, it has been reported that factoring is possible within 8 hours using 20 million noisy qubits [“How to factor 2048-bit RSA integers in 8 hours using 20 million noisy qubits” Quantum 5, 433 (2021)], and that factoring is possible within 177 days using only 13,436 qubits based on multi-parallel quantum memory [“Factoring 2048-bit RSA Integers in 177 Days with 13,436 Qubits and a Multimode Memory” PRL, (2021)]. The collapse of asymmetric key encryption systems by such Quantum Algorithms poses a serious threat to secure communication systems based on asymmetric key encryption.

[0004] To prevent such security threats, a method is required to address the threats posed by the Quantum Algorithm while maintaining an asymmetric key system. To this end, the problem of trapdoor leakage caused by the Quantum Algorithm can be adaptively prevented by periodically updating the Public Key. This ensures that real-time leakage does not occur even if a Plaintext Attack is launched by the Quantum Algorithm. However, even if real-time leakage does not occur, an attacker can still perform a Plaintext Attack later through a Harvest-Now-Decrypt-Later (HNDL) Attack. Consequently, limiting the validity period of the Public Key alone cannot achieve fundamental information security.

[0005] Furthermore, while Post-Quantum Cryptography (PQC) technology is emerging, all asymmetric key systems based on computational complexity inevitably face the risk of being threatened by the emergence of new Quantum Algorithms. Additionally, transitioning to a new security system can entail a significant technical burden to implement the new security technology across all devices. Similarly, as PQC is a security method based on computational complexity, it cannot achieve physical security. Therefore, even if real-time leakage does not occur, an attacker can subsequently perform a Plaintext Attack through a Harvest-Now-Decrypt-Later (HNDL) Attack.

[0006] Furthermore, even if there are no security issues with TLS connections, the symmetric key security system used for JWE transmission faces a security threat due to the Grover Algorithm, a quantum algorithm. When the complexity of the existing symmetric key cryptographic system is N, the Grover Algorithm is It is an algorithm capable of solving problems with a complexity corresponding to [value]. Therefore, it may lead to a weakening of security compared to existing methods. Furthermore, as quantum algorithms are developed in accordance with the advancement of quantum computers, they may lead to additional security threats. In this case, existing symmetric key security systems may be vulnerable to HNDL attacks.

[0007] The present disclosure proposes a Quantum Security-based PRINS procedure that achieves physical information security by configuring Quantum Secure Direct Communication (QSDC) in an N32-f procedure based on the No-cloning Theorem.

[0008]

[0009] To solve the aforementioned problems, the present disclosure provides an apparatus and method for performing a quantum security-based protocol in a quantum communication system.

[0010] The technical problems to be solved in this disclosure are not limited to those mentioned above, and other technical problems not mentioned will be clearly understood by those skilled in the art to which this disclosure belongs from the description below.

[0011]

[0012] According to various embodiments of the present disclosure, a method is provided comprising the steps of: transmitting non-secure information among original information related to JSON Web Encryption (JavaScript Object Notation Web Encryption, JSON WE, JWE) through a classic channel; receiving initial quantum information through a quantum channel; performing a quantum bit error rate check based on the initial quantum information; and transmitting secure information among the original information through the quantum channel based on the QBER check.

[0013] According to various embodiments of the present disclosure, a method is provided comprising the steps of: receiving non-secure information among original information related to JSON Web Encryption (JavaScript Object Notation Web Encryption, JSON WE, JWE) through a classic channel; transmitting initial quantum information through a quantum channel; and receiving secure information among the original information through the quantum channel based on a quantum bit error rate check (QBER) related to the initial quantum information.

[0014] According to various embodiments of the present disclosure, a first node is provided, comprising: a transceiver; at least one processor; and at least one memory operably connected to the at least one processor and storing instructions for performing operations when executed by the at least one processor, wherein the operations include all steps of a method of operating the first node according to various embodiments of the present disclosure.

[0015] According to various embodiments of the present disclosure, a second node is provided, comprising: a transceiver; at least one processor; and at least one memory operably connected to the at least one processor and storing instructions for performing operations when executed by the at least one processor, wherein the operations include all steps of a method of operating the second node according to various embodiments of the present disclosure.

[0016] According to various embodiments of the present disclosure, a control device for controlling a first node comprises: at least one processor; and at least one memory operably connected to the at least one processor, wherein the at least one memory stores instructions for performing operations based on execution by the at least one processor, and the operations include all steps of a method of operating the first node according to various embodiments of the present disclosure.

[0017] According to various embodiments of the present disclosure, a control device for controlling a second node comprises: at least one processor; and at least one memory operably connected to the at least one processor, wherein the at least one memory stores instructions for performing operations based on execution by the at least one processor, and the operations include all steps of a method of operating the second node according to various embodiments of the present disclosure.

[0018] According to various embodiments of the present disclosure, one or more non-transitory computer-readable media storing one or more instructions, wherein the one or more instructions perform operations based on execution by one or more processors, and said operations include all steps of a method of operation of a first node according to various embodiments of the present disclosure.

[0019] According to various embodiments of the present disclosure, one or more non-transitory computer-readable media storing one or more instructions, wherein the one or more instructions perform operations based on execution by one or more processors, and said operations include all steps of a method of operation of a second node according to various embodiments of the present disclosure.

[0020]

[0021] To solve the aforementioned problems, the present disclosure may provide an apparatus and method for performing a quantum security-based protocol in a quantum communication system.

[0022]

[0023] The drawings attached below are intended to aid in understanding the present disclosure and may provide embodiments of the present disclosure together with the detailed description. However, the technical features of the present disclosure are not limited to specific drawings, and the features disclosed in each drawing may be combined with one another to form new embodiments. Reference numerals in each drawing may denote structural elements.

[0024] Figure 1 is a diagram illustrating physical channels used in 3GPP systems and an example of typical signal transmission.

[0025] Figure 2 is a diagram illustrating the system structure of a New Generation Radio Access Network (NG-RAN).

[0026] Figure 3 is a diagram illustrating the functional division between NG-RAN and 5GC.

[0027] Figure 4 is a diagram illustrating an example of a 5G usage scenario.

[0028] Figure 5 is a diagram illustrating an example of a communication structure that can be provided in a 6G system.

[0029] Figure 6 is a schematic diagram illustrating an example of a perceptron structure.

[0030] Figure 7 is a schematic diagram illustrating an example of a multilayer perceptron structure.

[0031] Figure 8 is a schematic diagram illustrating an example of a deep neural network.

[0032] Figure 9 is a schematic diagram illustrating an example of a convolutional neural network.

[0033] Figure 10 is a schematic diagram illustrating an example of a filter operation in a convolutional neural network.

[0034] Figure 11 is a schematic diagram illustrating an example of a neural network structure in which a recurrent loop exists.

[0035] Figure 12 is a schematic diagram illustrating an example of the operational structure of a recurrent neural network.

[0036] Figure 13 is a diagram illustrating an example of an electromagnetic spectrum.

[0037] Figure 14 is a diagram illustrating an example of a THz communication application.

[0038] FIG. 15 is a diagram illustrating an example of an electronic device-based THz wireless communication transceiver.

[0039] FIG. 16 is a diagram illustrating an example of a method for generating a THz signal based on an optical element.

[0040] FIG. 17 is a diagram illustrating an example of a THz wireless communication transceiver based on an optical element.

[0041] Figure 18 is a diagram illustrating the structure of a photon source-based transmitter.

[0042] Figure 19 is a diagram illustrating the structure of an optical modulator.

[0043] Figure 20 is a diagram illustrating an example of a general scenario of quantum communication.

[0044] FIG. 21 is a diagram illustrating an example of quantum communication for classical bits and quantum communication for quantum bits in a system applicable to the present disclosure.

[0045] FIG. 22 is a diagram illustrating an example of three basic properties of quantum information that can be used for information communication in a system applicable to the present disclosure.

[0046] FIG. 23 is a diagram illustrating an example of the DL04 QSDC protocol in a system applicable to the present disclosure.

[0047] FIG. 24 is a diagram illustrating an example of a two-step QSDC protocol in a system applicable to the present disclosure.

[0048] FIG. 25 is a diagram illustrating an example of a Transport Layer Security (TLS) procedure in a system applicable to the present disclosure.

[0049] FIG. 26 is a diagram illustrating an example of an N32 protocol stack in a system applicable to the present disclosure.

[0050] FIG. 27 is a diagram illustrating an example of an overview of PRINS (Protocol for N32 Interconnect Security) in a system applicable to the present disclosure.

[0051] FIG. 28 is a drawing illustrating an example of an N32-f context overview in a system applicable to the present disclosure.

[0052] FIG. 29 is a drawing illustrating an example of a JSON (JavaScript Object Notation) representation of an IPX provider modification in a system applicable to the present disclosure.

[0053] FIG. 30 is a diagram illustrating an example of message flow between two SEPPs (Security Edge Protection Proxy) in a system applicable to the present disclosure.

[0054] FIG. 31 is a diagram illustrating an example of a signal flow of JSON Web Encryption (JavaScript Object Notation Web Encryption, JSON WE, JWE) that transmits N32-f during a PRINS procedure in a system applicable to the present disclosure.

[0055] FIG. 32 is a drawing illustrating an example of the configuration of a JWE in a system applicable to the present disclosure.

[0056] FIG. 33 is a diagram illustrating an example of a procedure for performing physical security based on quantum properties when transmitting an Encrypted Information Element in an N32-f procedure in a system applicable to the present disclosure.

[0057] FIG. 34 is a diagram illustrating an example of the structure of an Initial Quantum Packet in a system applicable to the present disclosure.

[0058] FIG. 35 is a diagram illustrating an example of a data integrity protection and packet encryption packet (dataToIntegrityProtectAndCipher Packet) in a system applicable to the present disclosure.

[0059] FIG. 36 is a diagram illustrating an example of the operation process of a first node in a system applicable to the present disclosure.

[0060] FIG. 37 is a diagram illustrating an example of the operation process of a second node in a system applicable to the present disclosure.

[0061] FIG. 38 illustrates a communication system (1) applicable to various embodiments of the present disclosure.

[0062] FIG. 39 illustrates a wireless device that can be applied to various embodiments of the present disclosure.

[0063] FIG. 40 illustrates another example of a wireless device that can be applied to various embodiments of the present disclosure.

[0064] FIG. 41 illustrates a signal processing circuit for a transmission signal.

[0065] FIG. 42 shows another example of a wireless device applicable to various embodiments of the present disclosure.

[0066] FIG. 43 illustrates a portable device applicable to various embodiments of the present disclosure.

[0067] FIG. 44 illustrates a vehicle or autonomous vehicle applicable to various embodiments of the present disclosure.

[0068] FIG. 45 illustrates a vehicle applicable to various embodiments of the present disclosure.

[0069] FIG. 46 illustrates an XR device applied to various embodiments of the present disclosure.

[0070] FIG. 47 illustrates a robot applicable to various embodiments of the present disclosure.

[0071] FIG. 48 illustrates an AI device applied to various embodiments of the present disclosure.

[0072]

[0073] In various embodiments of the present disclosure, "A or B" may mean "only A," "only B," or "both A and B." Alternatively, in various embodiments of the present disclosure, "A or B" may be interpreted as "A and / or B." For example, in various embodiments of the present disclosure, "A, B or C" may mean "only A," "only B," "only C," or "any combination of A, B and C."

[0074] In various embodiments of the present disclosure, a slash ( / ) or a comma used may mean "and / or." For example, "A / B" may mean "A and / or B." Accordingly, "A / B" may mean "only A," "only B," or "both A and B." For example, "A, B, C" may mean "A, B or C."

[0075] In various embodiments of the present disclosure, "at least one of A and B" may mean "only A," "only B," or "both A and B." Additionally, in various embodiments of the present disclosure, the expressions "at least one of A or B" or "at least one of A and / or B" may be interpreted as synonymous with "at least one of A and B."

[0076] Additionally, in various embodiments of the present disclosure, “at least one of A, B and C” may mean “only A,” “only B,” “only C,” or “any combination of A, B and C.” Also, “at least one of A, B or C” or “at least one of A, B and / or C” may mean “at least one of A, B and C.”

[0077] Additionally, parentheses used in various embodiments of the present disclosure may mean "for example." Specifically, when indicated as "control information (PDCCH)," "PDCCH" may be proposed as an example of "control information." In other words, the "control information" of various embodiments of the present disclosure is not limited to "PDCCH," and "PDDCH" may be proposed as an example of "control information." Furthermore, even when indicated as "control information (i.e., PDCCH)," "PDCCH" may be proposed as an example of "control information."

[0078] Technical features described individually within one drawing in various embodiments of the present disclosure may be implemented individually or simultaneously.

[0079]

[0080] The following technologies can be used in various wireless access systems such as CDMA, FDMA, TDMA, OFDMA, and SC-FDMA. CDMA can be implemented using wireless technologies such as UTRA (Universal Terrestrial Radio Access) or CDMA2000. TDMA can be implemented using wireless technologies such as GSM (Global System for Mobile Communications), GPRS (General Packet Radio Service), and EDGE (Enhanced Data Rates for GSM Evolution). OFDMA can be implemented using wireless technologies such as IEEE 802.11 (Wi-Fi), IEEE 802.16 (WiMAX), IEEE 802-20, and E-UTRA (Evolved UTRA). UTRA is part of the UMTS (Universal Mobile Telecommunications System). 3GPP (3rd Generation Partnership Project) LTE (Long Term Evolution) is part of E-UMTS (Evolved UMTS) using E-UTRA, and LTE-A (Advanced) / LTE-A pro is an evolved version of 3GPP LTE. 3GPP NR (New Radio or New Radio Access Technology) is an evolved version of 3GPP LTE / LTE-A / LTE-A pro. 3GPP 6G may be an evolved version of 3GPP NR.

[0081]

[0082] For clarity of explanation, the description is based on 3GPP communication systems (e.g., LTE, NR, etc.), but the technical scope of this disclosure is not limited thereto. LTE refers to technology from 3GPP TS 36.xxx Release 8 onwards. Specifically, LTE technology from 3GPP TS 36.xxx Release 10 onwards is referred to as LTE-A, and LTE technology from 3GPP TS 36.xxx Release 13 onwards is referred to as LTE-A pro. 3GPP NR refers to technology from TS 38.xxx Release 15 onwards. 3GPP 6G may refer to technology from TS Release 17 and / or Release 18 onwards. "xxx" indicates a specific standard document number. LTE / NR / 6G may be collectively referred to as 3GPP systems. Regarding background technology, terms, abbreviations, etc. used in the description of this disclosure, reference may be made to matters described in standard documents published prior to this disclosure. For example, the following documents may be referenced.

[0083]

[0084] 3GPP LTE

[0085] - 36.211: Physical channels and modulation

[0086] - 36.212: Multiplexing and channel coding

[0087] - 36.213: Physical layer procedures

[0088] - 36.300: Overall description

[0089] - 36.331: Radio Resource Control (RRC)

[0090] 3GPP NR

[0091] - 38.211: Physical channels and modulation

[0092] - 38.212: Multiplexing and channel coding

[0093] - 38.213: Physical layer procedures for control

[0094] - 38.214: Physical layer procedures for data

[0095] - 38.300: NR and NG-RAN Overall Description

[0096] - 38.331: Radio Resource Control (RRC) protocol specification

[0097]

[0098] Physical Channel and Frame Structure

[0099] Physical channels and general signal transmission

[0100] Figure 1 is a diagram illustrating physical channels used in 3GPP systems and an example of typical signal transmission.

[0101] In a wireless communication system, a terminal receives information from a base station via a downlink (DL) and transmits information to the base station via an uplink (UL). The information transmitted and received by the base station and the terminal includes data and various control information, and various physical channels exist depending on the type and purpose of the information they transmit and receive.

[0102]

[0103] When the terminal is powered on or enters a new cell, it performs an initial cell search operation, such as synchronizing with the base station (S11). To do this, the terminal receives a Primary Synchronization Signal (PSS) and a Secondary Synchronization Signal (SSS) from the base station to synchronize with the base station and obtain information such as a cell ID. After that, the terminal receives a Physical Broadcast Channel (PBCH) from the base station to obtain broadcast information within the cell. Meanwhile, during the initial cell search phase, the terminal receives a Downlink Reference Signal (DL RS) to check the downlink channel status.

[0104]

[0105] A terminal that has completed initial cell search can obtain more specific system information by receiving a Physical Downlink Control Channel (PDCCH) and a Physical Downlink Control Channel (PDSCH) according to the information carried on the PDCCH (S12).

[0106]

[0107] Meanwhile, when connecting to a base station for the first time or when there are no wireless resources available for signal transmission, the terminal may perform a Random Access Procedure (RACH) with respect to the base station (S13 to S16). To this end, the terminal transmits a specific sequence as a preamble through a Physical Random Access Channel (PRACH) (S13 and S15), and may receive a response message (RAR (Random Access Response) message) for the preamble through a PDCCH and a corresponding PDSCH. In the case of a contention-based RACH, a Contention Resolution Procedure may additionally be performed (S16).

[0108]

[0109] A terminal that has performed the procedure described above may subsequently perform PDCCH / PDSCH reception (S17) and Physical Uplink Shared Channel (PUSCH) / Physical Uplink Control Channel (PUCCH) transmission (S18) as a general uplink / downlink signal transmission procedure. In particular, the terminal may receive Downlink Control Information (DCI) through the PDCCH. Here, the DCI includes control information such as resource allocation information for the terminal, and the format may be applied differently depending on the purpose of use.

[0110]

[0111] Meanwhile, control information transmitted by the terminal to the base station via the uplink or received by the terminal from the base station may include downlink / uplink ACK / NACK signals, CQI (Channel Quality Indicator), PMI (Precoding Matrix Index), RI (Rank Indicator), etc. The terminal may transmit the control information such as the above-mentioned CQI / PMI / RI via PUSCH and / or PUCCH.

[0112]

[0113] Structure of uplink and downlink channels

[0114] Downlink Channel Structure

[0115] The base station transmits a relevant signal to the terminal through the downlink channel described below, and the terminal receives the relevant signal from the base station through the downlink channel described below.

[0116]

[0117] (1) Physical Downlink Sharing Channel (PDSCH)

[0118] PDSCH carries downlink data (e.g., DL-shared channel transport block, DL-SCH TB), and modulation methods such as QPSK (Quadrature Phase Shift Keying), 16 QAM (Quadrature Amplitude Modulation), 64 QAM, and 256 QAM are applied. Codewords are generated by encoding the TB. PDSCH can carry multiple codewords. Scrambling and modulation mapping are performed for each codeword, and the modulation symbols generated from each codeword are mapped to one or more layers (Layer mapping). Each layer is mapped to a resource along with the DMRS (Demodulation Reference Signal) to generate an OFDM symbol signal, which is then transmitted through the corresponding antenna port.

[0119]

[0120] (2) Physical Downlink Control Channel (PDCCH)

[0121] A PDCCH carries downlink control information (DCI) and applies methods such as QPSK modulation. A single PDCCH consists of 1, 2, 4, 8, or 16 Control Channel Elements (CCEs) depending on the Aggregation Level (AL). A single CCE consists of 6 Resource Element Groups (REGs). A single REG is defined by one OFDM symbol and one (P)RB.

[0122] The terminal obtains the DCI transmitted over the PDCCH by performing decoding (also known as blind decoding) on ​​a set of PDCCH candidates. The set of PDCCH candidates decoded by the terminal is defined as the PDCCH Search Space set. The Search Space set may be a common search space or a UE-specific search space. The terminal may obtain the DCI by monitoring PDCCH candidates within one or more Search Space sets configured by the MIB or upper-layer signaling.

[0123]

[0124] Uplink Channel Structure

[0125] The terminal transmits a relevant signal to the base station through the uplink channel described below, and the base station receives the relevant signal from the terminal through the uplink channel described below.

[0126] (1) Physical uplink shared channel (PUSCH)

[0127] PUSCH carries uplink data (e.g., UL-shared channel transport block, UL-SCH TB) and / or uplink control information (UCI) and is transmitted based on a CP-OFDM (Cyclic Prefix - Orthogonal Frequency Division Multiplexing) waveform, a DFT-s-OFDM (Discrete Fourier Transform - spread - Orthogonal Frequency Division Multiplexing) waveform, etc. When PUSCH is transmitted based on a DFT-s-OFDM waveform, the terminal applies transform precoding to transmit PUSCH. For example, if transform precoding is not possible (e.g., transform precoding is disabled), the terminal transmits PUSCH based on a CP-OFDM waveform, and if transform precoding is enabled (e.g., transform precoding is enabled), the terminal can transmit PUSCH based on a CP-OFDM waveform or a DFT-s-OFDM waveform. PUSCH transmissions can be dynamically scheduled by UL grants within DCI or semi-statically scheduled based on upper layer (e.g., RRC) signaling (and / or Layer 1 (L1) signaling (e.g., PDCCH)) configured grants. PUSCH transmissions can be performed in a codebook-based or non-codebook-based manner.

[0128] (2) Physical uplink control channel (PUCCH)

[0129] A PUCCH carries uplink control information, HARQ-ACK and / or scheduling request (SR), and can be divided into multiple PUCCHs depending on the PUCCH transmission length.

[0130]

[0131] The following describes new radio access technology (new RAT, NR).

[0132] As more communication devices require larger communication capacities, the need for enhanced mobile broadband communication compared to existing radio access technology (RAT) is emerging. Furthermore, Massive Machine Type Communications (MTC), which connects multiple devices and objects to provide various services anytime and anywhere, is also one of the major issues to be considered in next-generation communication. In addition, communication system designs that consider services / terminals sensitive to reliability and latency are being discussed. Thus, the introduction of next-generation radio access technology considering enhanced mobile broadband communication, massive MTC, and Ultra-Reliable and Low Latency Communication (URLLC) is being discussed, and for convenience in the various embodiments of this disclosure, such technology is referred to as new RAT or NR.

[0133]

[0134] Figure 2 is a diagram illustrating the system structure of a New Generation Radio Access Network (NG-RAN).

[0135] Referring to FIG. 2, the NG-RAN may include gNBs and / or eNBs that provide user plane and control plane protocol termination to terminals. FIG. 1 illustrates a case where only gNBs are included. The gNBs and eNBs are connected to each other via Xn interfaces. The gNBs and eNBs are connected to the 5G Core Network (5GC) via NG interfaces. More specifically, they are connected to the access and mobility management function (AMF) via NG-C interfaces and to the user plane function (UPF) via NG-U interfaces.

[0136]

[0137] Figure 3 is a diagram illustrating the functional division between NG-RAN and 5GC.

[0138] Referring to FIG. 3, the gNB can provide functions such as Inter Cell RRM, RB control, Connection Mobility Control, Radio Admission Control, Measurement Configuration & Provision, and Dynamic Resource Allocation. The AMF can provide functions such as NAS security and idle state mobility processing. The UPF can provide functions such as Mobility Anchoring and PDU processing. The SMF (Session Management Function) can provide functions such as terminal IP address allocation and PDU session control.

[0139]

[0140] Figure 4 is a diagram illustrating an example of a 5G usage scenario.

[0141] The 5G usage scenario illustrated in FIG. 4 is merely exemplary, and the technical features of various embodiments of the present disclosure may be applied to other 5G usage scenarios not illustrated in FIG. 4.

[0142] Referring to FIG. 4, the three major requirement areas of 5G include (1) enhanced mobile broadband (eMBB), (2) massive machine type communication (mMTC), and (3) ultra-reliable and low latency communications (URLLC). Some use cases may require multiple areas for optimization, while others may focus on only one key performance indicator (KPI). 5G supports these various use cases in a flexible and reliable manner.

[0143] eMBB focuses on overall improvements in data speed, latency, user density, and the capacity and coverage of mobile broadband access. eMBB aims for a throughput of approximately 10 Gbps. eMBB far surpasses basic mobile internet access and covers media and entertainment applications ranging from rich interactive tasks to cloud or augmented reality. Data is one of the core drivers of 5G, and dedicated voice services may not be seen for the first time in the 5G era. In 5G, voice is expected to be processed simply as an application using the data connection provided by the communication system. The main causes of the increased traffic volume are the growing size of content and the increase in the number of applications requiring high data transfer rates. Streaming services (audio and video), interactive video, and mobile internet connectivity will become more widely used as more devices connect to the internet. Many of these applications require always-on connectivity to push real-time information and notifications to users. Cloud storage and applications are growing rapidly on mobile communication platforms, applicable to both business and entertainment. Cloud storage is a specific use case driving the growth of uplink data transfer rates. 5G is also used for remote work in the cloud, requiring much lower end-to-end latency to maintain an excellent user experience when haptic interfaces are used. In entertainment, for example, cloud gaming and video streaming are another key factor increasing the demand for mobile broadband capabilities. Entertainment is essential on smartphones and tablets anywhere, including in highly mobile environments such as trains, cars, and airplanes. Other use cases include augmented reality for entertainment and information retrieval. Here, augmented reality requires very low latency and instantaneous data volumes.

[0144] mMTC is designed to enable communication between a large number of low-cost, battery-powered devices and is intended to support applications such as smart metering, logistics, field, and body sensors. mMTC aims for approximately 10 years of battery life and / or one million devices per square kilometer. mMTC enables seamless connectivity of embedded sensors across all sectors and is one of the most anticipated use cases for 5G. Potentially, the number of IoT devices is projected to reach 20.4 billion by 2020. Industrial IoT is one of the areas where 5G plays a key role in enabling smart cities, asset tracking, smart utilities, agriculture, and security infrastructure.

[0145] URLLC is ideal for automotive communications, industrial control, factory automation, remote operation, smart grids, and public safety applications by enabling devices and machines to communicate with high reliability, very low latency, and high availability. URLLC aims for a latency of approximately 1ms. URLLC encompasses new services that will transform industries through ultra-reliable / low-latency links, such as remote control of critical infrastructure and autonomous vehicles. Levels of reliability and latency are essential for smart grid control, industrial automation, robotics, and drone control and coordination.

[0146] Next, we will examine in more detail the multiple usage examples included within the triangle of Fig. 4.

[0147] 5G can complement Fiber-to-the-Home (FTTH) and cable-based broadband (or Docsis) as a means of providing streams rated at hundreds of megabits per second to gigabits per second. These high speeds may be required for virtual reality (VR) and augmented reality (AR), as well as for delivering TV at resolutions of 4K or higher (6K, 8K, and above). VR and AR applications include near-immersive sports matches. Certain applications may require special network configurations. For example, in the case of VR games, game companies may need to integrate core servers with the network operator's edge network servers to minimize latency.

[0148] The automotive sector is expected to become a significant new driving force for 5G, with numerous use cases for mobile communications within vehicles. For example, passenger entertainment requires both high capacity and high mobile broadband simultaneously. This is because future users will continue to expect high-quality connectivity regardless of their location or speed. Another use case in the automotive sector is the augmented reality dashboard. Through an augmented reality contrast board, drivers can identify objects in the dark overlaid on what they are seeing through the windshield. The augmented reality dashboard overlays information to inform the driver about the distance and movement of objects. In the future, wireless modules will enable communication between vehicles, information exchange between vehicles and supporting infrastructure, and information exchange between vehicles and other connected devices (e.g., devices accompanying pedestrians). Safety systems will allow drivers to drive more safely by guiding them to alternative courses of action, thereby reducing the risk of accidents. The next step will be remotely controlled vehicles or autonomous vehicles. This requires highly reliable and very fast communication between different autonomous vehicles and / or between vehicles and infrastructure. In the future, autonomous vehicles will perform all driving activities, allowing drivers to focus only on traffic anomalies that the vehicle itself cannot identify. The technical requirements for autonomous vehicles demand ultra-low latency and ultra-high reliability to increase traffic safety to a level that is unattainable by humans.

[0149] Smart cities and smart homes, referred to as a smart society, will be embedded with high-density wireless sensor networks. Distributed networks of intelligent sensors will identify conditions for maintaining the cost-effective and energy-efficient maintenance of the city or home. A similar setup can be implemented for each household. Temperature sensors, window and heating controllers, burglar alarms, and home appliances are all wirelessly connected. Many of these sensors typically require low data transmission rates, low power consumption, and low cost. However, for example, real-time HD video may be required by certain types of devices for surveillance.

[0150] The consumption and distribution of energy, including heat or gas, are becoming highly decentralized, requiring automated control of distributed sensor networks. Smart grids interconnect these sensors using digital information and communication technologies to collect information and act accordingly. Since this information may include the behavior of suppliers and consumers, smart grids can improve efficiency, reliability, economic viability, production sustainability, and the automated distribution of fuels such as electricity. Smart grids can also be viewed as other sensor networks with low latency.

[0151] The health sector possesses numerous applications that can benefit from mobile communications. Communication systems can support telemedicine, providing clinical care from remote locations. This helps reduce distance barriers and improves access to medical services that are not consistently available in remote rural areas. It is also used to save lives during critical medical care and emergencies. Mobile communication-based wireless sensor networks can provide remote monitoring and sensors for parameters such as heart rate and blood pressure.

[0152] Wireless and mobile communications are becoming increasingly important in industrial applications. Wiring involves high installation and maintenance costs. Therefore, the potential to replace cables with reconfigurable wireless links presents an attractive opportunity for many industries. However, achieving this requires wireless connections to operate with latency, reliability, and capacity comparable to cables, while also simplifying their management. Low latency and a very low probability of error are new requirements that 5G needs to meet.

[0153] Logistics and cargo tracking are important use cases for mobile communications that use location-based information systems to enable the tracking of inventory and packages anywhere. Use cases for logistics and cargo tracking typically require low data rates but may require wide coverage and reliable location information.

[0154] Hereinafter, examples of next-generation communication (e.g., 6G) that can be applied to the embodiments of various embodiments of the present disclosure will be described.

[0155]

[0156] 6G System General

[0157] The 6G (wireless communication) system aims for (i) very high data rates per device, (ii) a very large number of connected devices, (iii) global connectivity, (iv) very low latency, (v) reduced energy consumption of battery-free IoT devices, (vi) ultra-reliable connectivity, and (vii) connected intelligence with machine learning capabilities. The vision of the 6G system can be seen in four aspects: intelligent connectivity, deep connectivity, holographic connectivity, and ubiquitous connectivity, and the 6G system can satisfy the requirements shown in Table 1 below. In other words, Table 1 is a table representing an example of the requirements for a 6G system.

[0158]

[0159] Per device peak data rate1TbpsE2E latency1msMaximum spectral efficiency100bps / HzMobility supportUp to 1000km / hrSatellite integrationFullyAIFullyAutonomous vehicleFullyXRFullyHaptic CommunicationFully

[0160] 6G systems can have key factors such as enhanced mobile broadband (eMBB), ultra-reliable low latency communications (URLLC), massive machine-type communication (mMTC), AI integrated communication, tactile internet, high throughput, high network capacity, high energy efficiency, low backhaul and access network congestion, and enhanced data security.

[0161]

[0162] Figure 5 is a diagram illustrating an example of a communication structure that can be provided in a 6G system.

[0163] 6G systems are expected to have 50 times higher simultaneous wireless connectivity than 5G wireless communication systems. URLLC, a key feature of 5G, will become an even more dominant technology in 6G communication by providing end-to-end latency of less than 1ms. Unlike the frequently used area spectrum efficiency, 6G systems will exhibit significantly superior volume spectrum efficiency. 6G systems can provide very long battery life and advanced battery technologies for energy harvesting, meaning mobile devices in 6G systems will not require separate charging. New network characteristics in 6G may include the following.

[0164] - Satellite Integrated Network: 6G is expected to be integrated with satellites to provide a global mobile population. Integrating terrestrial, satellite, and airborne networks into a single wireless communication system is crucial for 6G.

[0165] - Connected Intelligence: Unlike previous generations of wireless communication systems, 6G is innovative and will update wireless evolution from "connected things" to "connected intelligence." AI can be applied at each stage of the communication process (or at each step of the signal processing described below).

[0166] - Seamless integration of wireless information and energy transfer: 6G wireless networks will transfer power to charge the batteries of devices such as smartphones and sensors. Therefore, wireless information and energy transfer (WIET) will be integrated.

[0167] - Ubiquitous Super 3D Connectivity: Connectivity to the network and core network functions of drones and very low Earth orbit satellites will create Super 3D connectivity in 6G ubiquitous.

[0168] Some general requirements regarding the new network characteristics of 6G mentioned above may be as follows.

[0169] - Small cell networks: The idea of ​​small cell networks was introduced to improve the quality of received signals in cellular systems as a result of increased throughput, energy efficiency, and spectrum efficiency. Consequently, small cell networks are an essential feature of communication systems for 5G and beyond 5G (5GB). Therefore, 6G communication systems also adopt the characteristics of small cell networks.

[0170] - Ultra-dense heterogeneous network: Ultra-dense heterogeneous networks will be another important characteristic of 6G communication systems. Multi-tier networks composed of heterogeneous networks improve overall QoS and reduce costs.

[0171] - High-capacity backhaul: Backhaul connections are characterized as high-capacity backhaul networks to support high-volume traffic. High-speed fiber optics and free-space optics (FSO) systems can be possible solutions to this problem.

[0172] - Radar technology integrated with mobile technology: High-precision localization (or location-based services) through communication is one of the functions of 6G wireless communication systems. Therefore, radar systems will be integrated with 6G networks.

[0173] - Softwarization and virtualization: Softwarization and virtualization are two important features that form the basis of the design process in 5GB networks to ensure flexibility, reconfigurability, and programmability. Additionally, billions of devices can be shared across a shared physical infrastructure.

[0174]

[0175] Core implementation technology of 6G systems

[0176]

[0177] Artificial Intelligence

[0178] The most critical and newly introduced technology for 6G systems is AI. AI was not involved in 4G systems. 5G systems will support AI partially or to a very limited extent. However, 6G systems will be supported by AI for complete automation. Advancements in machine learning will create more intelligent networks for real-time communication in 6G. Introducing AI into communications can streamline and enhance real-time data transmission. AI can determine how complex target tasks are performed using numerous analyses. In other words, AI can increase efficiency and reduce processing latency.

[0179] Time-consuming tasks such as handover, network selection, and resource scheduling can be performed instantly by using AI. AI can also play a significant role in M2M, machine-to-human, and human-to-machine communication. Furthermore, AI can enable rapid communication in Brain-Computer Interfaces (BCI). AI-based communication systems can be supported by metamaterials, intelligent structures, intelligent networks, intelligent devices, intelligent cognitive radios, self-sustaining wireless networks, and machine learning.

[0180] Recently, attempts to integrate AI with wireless communication systems have emerged, but these have primarily focused on the application layer and network layer, particularly deep learning in the field of wireless resource management and allocation. However, such research is increasingly advancing toward the MAC layer and physical layer, with attempts to combine deep learning with wireless transmission, particularly at the physical layer. AI-based physical layer transmission refers to the application of signal processing and communication mechanisms based on AI drivers rather than traditional communication frameworks in terms of fundamental signal processing and communication mechanisms. Examples include deep learning-based channel coding and decoding, deep learning-based signal estimation and detection, deep learning-based MIMO mechanisms, and AI-based resource scheduling and allocation.

[0181] Machine learning can be used for channel estimation and channel tracking, and for power allocation and interference cancellation in the physical layer of the downlink (DL). In addition, machine learning can be used for antenna selection, power control, and symbol detection in MIMO systems.

[0182] However, the application of DNNs for transmission at the physical layer may have the following problems.

[0183] Deep learning-based AI algorithms require a vast amount of training data to optimize training parameters. However, due to limitations in acquiring training data from specific channel environments, a large amount of offline training data is used. Consequently, static training on training data in specific channel environments can lead to contradictions between the dynamic characteristics and diversity of wireless channels.

[0184] Furthermore, current deep learning primarily targets real signals. However, signals at the physical layer of wireless communication are complex signals. Further research is needed on neural networks that detect complex domain signals to match the characteristics of wireless communication signals.

[0185] Below, we will take a closer look at machine learning.

[0186] Machine learning refers to a series of operations for training machines to create machines capable of performing tasks that humans can or find difficult to do. Machine learning requires data and learning models. Data learning methods in machine learning can be broadly classified into three types: supervised learning, unsupervised learning, and reinforcement learning.

[0187] The purpose of neural network training is to minimize output errors. It is a process that repeatedly inputs training data into a neural network, calculates the error between the network's output and the target for the training data, and updates the weights of each node by backpropagating the error from the output layer to the input layer in a direction that reduces the error.

[0188] Supervised learning uses training data with correct answers labeled, whereas unsupervised learning may not have correct answers labeled. That is, for example, in the case of supervised learning regarding data classification, the training data may consist of data where each training data point is labeled with a category. Labeled training data is input into a neural network, and an error can be calculated by comparing the network's output (category) with the labels of the training data. The calculated error is backpropagated within the neural network (i.e., from the output layer to the input layer), and the connection weights of each node in each layer of the neural network can be updated according to this backpropagation. The amount of change in the connection weights of each node being updated can be determined by the learning rate. The neural network's calculations on the input data and the backpropagation of the error can constitute a learning cycle (epoch). The learning rate can be applied differently depending on the number of iterations of the neural network's learning cycle. For example, efficiency can be increased by using a high learning rate in the early stages of neural network training to enable the network to quickly achieve a certain level of performance, and accuracy can be increased by using a low learning rate in the later stages of training.

[0189] The learning method may vary depending on the characteristics of the data. For example, if the goal is to accurately predict data transmitted from the transmitting end at the receiving end in a communication system, it is preferable to perform learning using supervised learning rather than unsupervised learning or reinforcement learning.

[0190] Learning models correspond to the human brain, and while the most basic linear model can be considered, a machine learning paradigm that uses highly complex neural network structures, such as artificial neural networks, as learning models is called deep learning.

[0191] The neural network cores used for learning methods are broadly classified into deep neural networks (DNN), convolutional deep neural networks (CNN), and recurrent Boltzmann machines (RNN).

[0192] An artificial neural network is an example of connecting multiple perceptrons.

[0193]

[0194] Figure 6 is a schematic diagram illustrating an example of a perceptron structure.

[0195] Referring to Fig. 6, the entire process of inputting an input vector x=(x1,x2,...,xd), multiplying each component by a weight (W1,W2,...,Wd), summing all the results, and then applying an activation function σ(·) is called a perceptron. A large artificial neural network structure can also apply input vectors to different multi-dimensional perceptrons by extending the simplified perceptron structure illustrated in Fig. 6. For convenience of explanation, input or output values ​​are referred to as nodes.

[0196] Meanwhile, the perceptron structure illustrated in Fig. 6 can be described as consisting of a total of three layers based on input and output values. An artificial neural network can be represented as shown in Fig. 7, in which there are H (d+1) dimensional perceptrons between the 1st layer and the 2nd layer, and K (H+1) dimensional perceptrons between the 2nd layer and the 3rd layer.

[0197]

[0198] Figure 7 is a schematic diagram illustrating an example of a multilayer perceptron structure.

[0199] The layer where the input vector is located is called the input layer, the layer where the final output value is located is called the output layer, and all layers located between the input and output layers are called hidden layers. Although the example in Fig. 7 shows three layers, the input layer is excluded when counting the actual number of layers in an artificial neural network, so it can be viewed as having a total of two layers. An artificial neural network is constructed by connecting perceptrons of basic blocks in a two-dimensional manner.

[0200] The aforementioned input layer, hidden layer, and output layer can be applied not only to multilayer perceptrons but also to various artificial neural network structures such as CNNs and RNNs, which will be described later. As the number of hidden layers increases, the artificial neural network becomes deeper, and the machine learning paradigm that uses a sufficiently deep artificial neural network as a learning model is called Deep Learning. In addition, the artificial neural network used for Deep Learning is called a Deep Neural Network (DNN).

[0201]

[0202] Figure 8 is a schematic diagram illustrating an example of a deep neural network.

[0203] The deep neural network illustrated in Fig. 8 is a multilayer perceptron composed of eight hidden layers plus eight output layers. The structure of the multilayer perceptron is referred to as a fully-connected neural network. In a fully-connected neural network, there are no connections between nodes located in the same layer, and connections exist only between nodes located in adjacent layers. A DNN has a fully-connected neural network structure and is composed of a combination of multiple hidden layers and activation functions, which can be usefully applied to identify correlation characteristics between inputs and outputs. Here, correlation characteristics may refer to the joint probability of the input and output.

[0204] Meanwhile, depending on how multiple perceptrons are connected to each other, various artificial neural network structures different from the aforementioned DNN can be formed.

[0205]

[0206] Figure 9 is a schematic diagram illustrating an example of a convolutional neural network.

[0207] In a DNN, nodes located within a single layer are arranged in a one-dimensional vertical direction. However, Figure 9 assumes a case where nodes are arranged two-dimensionally, with w nodes horizontally and h nodes vertically (the convolutional neural network structure of Figure 9). In this case, since a weight is applied for each connection during the connection process from a single input node to a hidden layer, a total of hYw weights must be considered. Since there are hYw nodes in the input layer, a total of h2w2 weights are required between two adjacent layers.

[0208] The convolutional neural network of Fig. 9 has a problem in which the number of weights increases exponentially with the number of connections. Therefore, instead of considering all mode connections between adjacent layers, it is assumed that there are small filters, and weighted sum and activation function operations are performed on the parts where filters overlap, as shown in Fig. 10.

[0209]

[0210] Figure 10 is a schematic diagram illustrating an example of a filter operation in a convolutional neural network.

[0211] A single filter has weights corresponding to its size, and the weights can be trained to extract and output specific features on an image as factors. In Fig. 10, a filter of size 3Y3 is applied to the top-left 3Y3 region of the input layer, and the output value resulting from the weighted sum and activation function operation for the corresponding node is stored in z22.

[0212] The above filter performs weighted sum and activation function operations while scanning the input layer and moving by a fixed interval horizontally and vertically, and places the output value at the current filter position. This method of operation is similar to the convolution operation on images in the field of computer vision, so a deep neural network with this structure is called a convolutional neural network (CNN), and the hidden layer generated as a result of the convolution operation is called a convolutional layer. In addition, a neural network having multiple convolutional layers is called a deep convolutional neural network (DCNN).

[0213] In the convolution layer, the number of weights can be reduced by calculating a weighted sum that includes only the nodes located within the area covered by the filter, starting from the node where the current filter is located. As a result, a single filter can be utilized to focus on features of a local area. Accordingly, CNNs can be effectively applied to image data processing where physical distance in a 2D area serves as an important judgment criterion. Meanwhile, multiple filters can be applied immediately before the convolution layer in a CNN, and multiple output results can be generated through the convolution operation of each filter.

[0214] Meanwhile, depending on the data attributes, there may be data where sequence characteristics are important. A structure that applies a method to an artificial neural network in which elements of the data sequence are input one by one at each timestep, taking into account the length variability and sequence relationships of such sequence data, and the output vector (hidden vector) of the hidden layer output at a specific timestep is input along with the next element in the sequence is called a recurrent neural network structure.

[0215]

[0216] Figure 11 is a schematic diagram illustrating an example of a neural network structure in which a recurrent loop exists.

[0217] Referring to Fig. 11, the recurrent neural network (RNN) is structured such that, in the process of inputting elements (x1(t), x2(t), ..., xd(t)) of a time point t in a data sequence into a fully connected neural network, the previous time point t-1 is input along with the hidden vector (z1(t-1), z2(t-1), ..., zH(t-1)), and a weighted sum and activation function are applied. The reason for passing the hidden vector to the next time point in this manner is that the information in the input vectors from previous time points is considered to be accumulated in the hidden vector of the current time point.

[0218]

[0219] Figure 12 is a schematic diagram illustrating an example of the operational structure of a recurrent neural network.

[0220] Referring to Fig. 12, the recurrent neural network operates on the input data sequence in a predetermined time sequence.

[0221] When the input vector (x1(t), x2(t), ..., xd(t)) at time point 1 is input into the recurrent neural network, the hidden vector (z1(1), z2(1), ..., zH(1)) is input together with the input vector (x1(2), x2(2), ..., xd(2)) at time point 2, and the vector (z1(2), z2(2), ..., zH(2)) of the hidden layer is determined through a weighted sum and activation function. This process is performed repeatedly up to time point 2, time point 3, ..., time point T.

[0222] Meanwhile, when multiple hidden layers are placed within a recurrent neural network, it is called a deep recurrent neural network (DRNN). Recurrent neural networks are designed to be usefully applied to sequence data (e.g., natural language processing).

[0223] In addition to DNN, CNN, and RNN, it includes various deep learning techniques such as Restricted Boltzmann Machine (RBM), Deep Belief Networks (DBN), and Deep Q-Network as neural network cores used for learning, and can be applied in fields such as computer vision, speech recognition, natural language processing, and speech / signal processing.

[0224] Recently, attempts to integrate AI with wireless communication systems have emerged, but these have primarily focused on the application layer and network layer, particularly deep learning in the field of wireless resource management and allocation. However, such research is increasingly advancing toward the MAC layer and physical layer, with attempts to combine deep learning with wireless transmission, particularly at the physical layer. AI-based physical layer transmission refers to the application of signal processing and communication mechanisms based on AI drivers rather than traditional communication frameworks in terms of fundamental signal processing and communication mechanisms. Examples include deep learning-based channel coding and decoding, deep learning-based signal estimation and detection, deep learning-based MIMO mechanisms, and AI-based resource scheduling and allocation.

[0225] THz (Terahertz) communication

[0226] Data transmission rates can be increased by expanding bandwidth. This can be achieved by using sub-THz communication with wide bandwidth and applying advanced large-scale MIMO technology. THz waves, also known as sub-millimeter radiation, generally refer to a frequency band between 0.1 THz and 10 THz with corresponding wavelengths ranging from 0.03 mm to 3 mm. The 100 GHz–300 GHz band range (Sub-THz band) is considered the primary portion of the THz band for cellular communication. Adding the Sub-THz band to the mmWave band increases 6G cellular communication capacity. Among the defined THz bands, the 300 GHz–3 THz band is located in the far-infrared (IR) frequency band. Although the 300 GHz–3 THz band is part of the broadband, it lies at the boundary of the broadband and immediately following the RF band. Therefore, this 300 GHz–3 THz band exhibits similarities to RF.

[0227]

[0228] Figure 13 is a diagram illustrating an example of an electromagnetic spectrum.

[0229] Key characteristics of THz communication include (i) widely available bandwidth to support very high data transmission rates, and (ii) high path loss occurring at high frequencies (highly directional antennas are indispensable). The narrow beam width generated by highly directional antennas reduces interference. The small wavelength of THz signals allows a much larger number of antenna elements to be integrated into devices and BSs operating in this band. This enables the use of advanced adaptive array technologies that can overcome range limitations.

[0230] Optical wireless technology

[0231] OWC technology has been planned for 6G communication in addition to RF-based communication for all possible device-to-access networks. These networks connect to network-to-backhaul / fronthaul network connections. Although OWC technology has already been in use since 4G communication systems, it will be used more widely to meet the demands of 6G communication systems. OWC technologies such as light fidelity, visible light communication, optical camera communication, and broadband-based FSO communication are already well-known technologies. Communication based on optical radio technology can provide very high data rates, low latency, and secure communication. LiDAR can also be utilized for ultra-high resolution 4D mapping in 6G communication based on broadband.

[0232] FSO Backhaul Network

[0233] The transmitter and receiver characteristics of an FSO system are similar to those of a fiber optic network. Therefore, data transmission in an FSO system is similar to that of a fiber optic system. Consequently, FSO can be a good technology for providing backhaul connectivity in 6G systems in conjunction with fiber optic networks. Using FSO enables very long-distance communication over distances of more than 10,000 km. FSO supports high-capacity backhaul connectivity for remote and non-remote areas such as the ocean, space, underwater, and isolated islands. FSO also supports cellular backhaul connectivity.

[0234] Massive MIMO technology

[0235] One of the key technologies for improving spectrum efficiency is the application of MIMO technology. As MIMO technology improves, spectrum efficiency also improves. Therefore, large-scale MIMO technology will be important in 6G systems. Since MIMO technology utilizes multiple paths, multiplexing technology and beam generation and operation technology suitable for the THz band must also be given important consideration to enable data signals to be transmitted through one or more paths.

[0236] blockchain

[0237] Blockchain will become a critical technology for managing massive amounts of data in future communication systems. As a form of distributed ledger technology, a distributed ledger is a database distributed across numerous nodes or computing devices. Each node replicates and stores an identical copy of the ledger. Blockchain is managed via a peer-to-peer (P2P) network and can exist without being managed by a centralized authority or server. Data in a blockchain is collected together and organized into blocks. These blocks are linked together and protected using encryption. Blockchain inherently complements large-scale IoT perfectly through enhanced interoperability, security, privacy, stability, and scalability. Therefore, blockchain technology provides various capabilities such as inter-device interoperability, large-scale data traceability, autonomous interaction with other IoT systems, and the large-scale connectivity stability of 6G communication systems.

[0238] 3D Networking

[0239] 6G systems integrate terrestrial and air networks to support vertically scalable user communications. 3D BS will be provided via low-orbit satellites and UAVs. By adding new dimensions in terms of altitude and associated degrees of freedom, 3D connectivity differs significantly from existing 2D networks.

[0240] Quantum communication

[0241] Unsupervised reinforcement learning of networks is promising in the context of 6G networks. Supervised learning methods cannot label the vast amount of data generated in 6G. Unsupervised learning does not require labeling. Therefore, this technology can be used to autonomously construct representations of complex networks. Combining reinforcement learning and unsupervised learning enables the operation of networks in a truly autonomous manner.

[0242] unmanned aerial vehicles

[0243] Unmanned Aerial Vehicles (UAVs) or drones will become a critical element in 6G wireless communication. In most cases, high-speed data wireless connectivity is provided using UAV technology. BS entities are installed on UAVs to provide cellular connectivity. UAVs possess specific capabilities not found in fixed BS infrastructure, such as easy deployment, robust line-of-sight links, and controlled degrees of freedom for mobility. During emergencies, such as natural disasters, the deployment of ground communication infrastructure is not economically feasible, and sometimes services cannot be provided in volatile environments. UAVs can easily handle these situations. UAVs will become a new paradigm in the field of wireless communication. This technology facilitates the three fundamental requirements of wireless networks: eMBB, URLLC, and mMTC. UAVs can also support various purposes, such as enhancing network connectivity, fire detection, disaster emergency services, security and surveillance, pollution monitoring, parking monitoring, and accident monitoring. Therefore, UAV technology is recognized as one of the most critical technologies for 6G communication.

[0244] Cell-free Communication

[0245] The tight integration of multiple frequencies and heterogeneous communication technologies is critical to 6G systems. Consequently, users can seamlessly move from one network to another without the need for any manual configuration on their devices. The best network among available communication technologies is automatically selected. This will break the limitations of the cellular concept in wireless communication. Currently, user movement from one cell to another in high-density networks causes excessive handovers, leading to handover failures, delays, data loss, and the "ping-pong" effect. 6G cell-free communication will overcome all of these issues and provide better QoS. Cell-free communication will be achieved through multi-connectivity and multi-tier hybrid technologies, as well as different heterogeneous radios on devices.

[0246] Wireless Information and Energy Transmission Integration

[0247] WIET uses the same fields and waves as wireless communication systems. In particular, sensors and smartphones will be charged using wireless power transmission during communication. WIET is a promising technology for extending the lifespan of wireless battery charging systems. Therefore, devices without batteries will be supported in 6G communication.

[0248] Integration of Sensing and Communication

[0249] Autonomous wireless networks are capable of continuously detecting dynamically changing environmental conditions and exchanging information between different nodes. In 6G, sensing will be tightly integrated with communication to support autonomous systems.

[0250] Integration of access backhaul networks

[0251] In 6G, the density of access networks will be enormous. Each access network will be connected via backhaul connections such as fiber optics and FSO networks. To cope with a very large number of access networks, there will be tight integration between access and backhaul networks.

[0252] Holographic beam forming

[0253] Beamforming is a signal processing procedure that adjusts an antenna array to transmit wireless signals in a specific direction. It is a subset of smart antennas or advanced antenna systems. Beamforming technology offers several advantages, such as a high call-to-noise ratio, interference prevention and rejection, and high network efficiency. Holographic Beamforming (HBF) is a new beamforming method that differs significantly from MIMO systems because it utilizes software-defined antennas. HBF will be a highly effective approach for the efficient and flexible transmission and reception of signals in multi-antenna communication devices in 6G.

[0254] Big data analysis

[0255] Big data analysis is a complex process for analyzing various large-scale data sets or big data. This process ensures perfect data management by uncovering information such as hidden data, unknown correlations, and customer preferences. Big data is collected from various sources, such as video, social networks, images, and sensors. This technology is widely used to process vast amounts of data in 6G systems.

[0256] Large Intelligent Surface (LIS)

[0257] THz band signals exhibit strong directivity, which can lead to numerous dead zones caused by obstacles. Consequently, LIS technology becomes important as it allows for the expansion of communication coverage, enhanced communication stability, and the provision of additional value-added services by installing LIS near these dead zones. An LIS is an artificial surface made of electromagnetic materials capable of altering the propagation of incoming and outgoing radio waves. While LIS can be viewed as an extension of massive MIMO, it differs from massive MIMO in its array structure and operational mechanism. Furthermore, LIS offers the advantage of low power consumption because it operates as a reconfigurable reflector with passive elements—that is, by passively reflecting signals without using an active RF chain. Additionally, since each passive reflector in an LIS must independently adjust the phase shift of the incident signal, this can be advantageous for wireless communication channels. By appropriately adjusting the phase shift through the LIS controller, the reflected signal can be collected at the target receiver to boost the received signal power.

[0258]

[0259] Terahertz (THz) wireless communication general

[0260]

[0261] THz wireless communication utilizes THz waves with a frequency of approximately 0.1 to 10 THz (1 THz = 10¹² Hz) for wireless communication, and can refer to terahertz (THz) band wireless communication using very high carrier frequencies of 100 GHz or higher. THz waves are located between the RF (Radio Frequency) / millimeter (mm) and infrared bands, and (i) they penetrate non-metallic / non-polar materials well compared to visible light / infrared light, and because their wavelengths are shorter than RF / millimeter waves, they have high directivity and can be beam focused. In addition, since the photon energy of THz waves is only a few meV, they have the characteristic of being harmless to the human body. The frequency bands expected to be used for THz wireless communication may be the D-band (110 GHz–170 GHz) or H-band (220 GHz–325 GHz) bands, which have low propagation loss due to molecular absorption in the air. Standardization discussions regarding THz wireless communication are being conducted primarily by the IEEE 802.15 THz working group in addition to 3GPP, and standard documents published by the IEEE 802.15 Task Group (TG3d, TG3e) may elaborate on or supplement the contents described in the various embodiments of this disclosure. THz wireless communication can be applied to wireless cognition, sensing, imaging, wireless communication, THz navigation, etc.

[0262]

[0263] Figure 14 is a diagram illustrating an example of a THz communication application.

[0264] As illustrated in FIG. 14, THz wireless communication scenarios can be classified into macro networks, micro networks, and nanoscale networks. In macro networks, THz wireless communication can be applied to vehicle-to-vehicle connections and backhaul / fronthaul connections. In micro networks, THz wireless communication can be applied to fixed point-to-point or multi-point connections, such as indoor small cells and wireless connections in data centers, and near-field communication, such as kiosk downloading.

[0265] Table 2 below shows an example of a technology that can be used in THz waves.

[0266] Transceivers DeviceAvailable immature: UTC-PD, RTD and SBDModulation and CodingLow order modulation techniques (OOK, QPSK), LDPC, Reed Soloman, Hamming, Polar, TurboAntennaOmni and Directional, phased array with low number of antenna elementsBandwidth69GHz (or 23 GHz) at 300GHzChannel modelsPartiallyData rate100GbpsOutdoor deploymentNoFree space lossHighCoverageLowRadio Measurements300GHz indoorDevice sizeFew micrometers

[0267]

[0268] THz wireless communication can be classified based on the methods for generating and receiving THz. THz generation methods can be classified into optical or electronic device-based technologies.

[0269]

[0270] FIG. 15 is a diagram illustrating an example of an electronic device-based THz wireless communication transceiver.

[0271] Methods for generating THz using electronic components include using semiconductor devices such as Resonant Tunneling Diodes (RTDs), using local oscillators and multipliers, using Monolithic Microwave Integrated Circuits (MMICs) based on compound semiconductor High Electron Mobility Transistors (HEMTs), and using Si-CMOS based integrated circuits. In the case of Fig. 15, a doubler, tripler, or multiplier is applied to increase the frequency, and the signal passes through a subharmonic mixer and is radiated by the antenna. Since the THz band forms high frequencies, a multiplier is essential. Here, the multiplier is a circuit that produces an output frequency N times that of the input, matches it to the desired harmonic frequency, and filters out all other frequencies. Additionally, beamforming may be implemented by applying an array antenna or similar device to the antenna in Fig. 15. In Fig. 15, IF represents the intermediate frequency, tripler and multipler represent multipliers, PA represents the power amplifier, LNA represents the low noise amplifier, and PLL represents the phase-locked loop.

[0272]

[0273] FIG. 16 is a diagram illustrating an example of a method for generating a THz signal based on an optical element.

[0274] FIG. 17 is a diagram illustrating an example of a THz wireless communication transceiver based on an optical element.

[0275] Optical device-based THz wireless communication technology refers to a method of generating and modulating THz signals using optical devices. Optical device-based THz signal generation technology is a technique that generates ultra-high-speed optical signals using lasers and optical modulators, and converts them into THz signals using ultra-high-speed photodetectors. Compared to technology that uses only electronic devices, this technology makes it easier to increase the frequency, enables the generation of high-power signals, and allows for flat response characteristics over a wide frequency band. To generate optical device-based THz signals, a laser diode, a broadband optical modulator, and an ultra-high-speed photodetector are required, as shown in Fig. 16. In the case of Fig. 16, light signals from two lasers with different wavelengths are combined to generate a THz signal corresponding to the wavelength difference between the lasers. In FIG. 16, an optical coupler refers to a semiconductor device that uses light waves to transmit electrical signals in order to provide coupling with electrical isolation between circuits or systems, and a Uni-Travelling Carrier Photo-Detector (UTC-PD) is a type of photodetector that uses electrons as active carriers and reduces the electron travel time through bandgap grading. The UTC-PD is capable of photodetect at 150 GHz or higher. In FIG. 17, an Erbium-Doped Fiber Amplifier (EDFA) represents an erbium-doped fiber amplifier, a Photo Detector (PD) represents a semiconductor device capable of converting optical signals into electrical signals, an Optical Sub Assembly (OSA) represents an optical module that modularizes various optical communication functions (photoelectric conversion, electro-optical conversion, etc.) into a single component, and a Digital Storage Oscilloscope (DSO) represents a digital storage oscilloscope.

[0276]

[0277] The structure of a photoelectric converter (or photoelectric converter) is described with reference to FIGS. 18 and 19.

[0278] FIG. 18 is a diagram illustrating the structure of a photonic source-based transmitter.

[0279] Figure 19 is a diagram illustrating the structure of an optical modulator.

[0280] Generally, the phase of a signal can be changed by passing an optical source of a laser through an optical wave guide. At this time, data is carried by changing electrical characteristics through a microwave contact, etc. Therefore, the optical modulator output is formed as a modulated waveform. An O / E converter can generate THz pulses based on optical rectification by a nonlinear crystal, O / E conversion by a photoconductive antenna, and emission from a bundle of relativistic electrons. Terahertz pulses generated in the above manner can have lengths ranging from femtoseconds to picoseconds. The photoelectric converter (O / E converter) performs down-conversion by utilizing the non-linearity of the device.

[0281] When considering the usage of the terahertz spectrum, it is highly likely that multiple contiguous GHz bands will be used for fixed or mobile service applications for terahertz systems. According to outdoor scenario criteria, available bandwidth can be classified based on an oxygen attenuation of 10^2 dB / km in the spectrum up to 1 THz. Accordingly, a framework in which the available bandwidth is composed of multiple band chunks can be considered. As an example of the above framework, if the length of a terahertz pulse (THz pulse) for a single carrier is set to 50 ps, ​​the bandwidth (BW) becomes approximately 20 GHz.

[0282] Effective down-conversion from the infrared (IR) band to the terahertz (THz) band depends on how the nonlinearity of the photoelectric converter (O / E converter) is utilized. In other words, to achieve down-conversion to the desired terahertz band, it is required to design an O / E converter with the most ideal nonlinearity for transferring to that specific band. If an O / E converter that does not match the target frequency band is used, there is a high probability of errors occurring regarding the amplitude and phase of the corresponding pulse.

[0283] In a single-carrier system, a terahertz transceiver system can be implemented using a single photoelectric converter. Depending on the channel environment, in a multi-carrier system, as many photoelectric converters as there are carriers may be required. This phenomenon will be particularly pronounced in multi-carrier systems utilizing multiple broadbands according to the plans related to the aforementioned spectrum applications. In this regard, a frame structure for the multi-carrier system may be considered. A signal down-frequency converted based on a photoelectric converter can be transmitted in a specific resource region (e.g., a specific frame). The frequency domain of the specific resource region may include multiple chunks. Each chunk may consist of at least one component carrier (CC).

[0284]

[0285] Detailed description of various embodiments of the present disclosure

[0286] Various embodiments of the present disclosure will be described in more detail below.

[0287] The present disclosure relates to an apparatus and method for performing a quantum security-based protocol in a quantum communication system.

[0288]

[0289] Background art for various embodiments of the present disclosure

[0290] Quantum Communication

[0291] Quantum communication is a next-generation communication technology that applies quantum mechanical properties to the field of information and communications to overcome the limitations of existing technologies, such as security and ultra-high-speed computing. Quantum communication provides a means to generate, transmit, process, and store information that cannot be represented in the form of 0 and 1 based on binary bits used in conventional communication technologies, or that is difficult to represent. While conventional communication technologies utilize wavelength or amplitude for information transmission between a transmitter and a receiver, quantum communication, in contrast, utilizes photons—the smallest unit of light—for this purpose. In particular, since quantum uncertainty and quantum irreversibility can be applied to the polarization or phase difference of photons (light), quantum communication possesses the characteristic of enabling communication with guaranteed perfect security. Furthermore, under specific conditions, quantum communication may enable ultra-high-speed communication by utilizing quantum entanglement.

[0292] Quantum Communication (QC) is defined as a communication system capable of exchanging information by utilizing the quantum properties of Quantum Physics. A QC system uses wired or wireless communication environments to transmit the intended quantum information to a receiver via a quantum channel. As a foundational technology constituting the Quantum Internet, QC is utilized to transmit quantum information between quantum nodes.

[0293] Figure 20 is a diagram illustrating an example of a general scenario of quantum communication.

[0294] In FIG. 20, the Quantum Channel can be configured via wired connections through fiber optics or wireless connections through free space, and transmits Qubit information through the direct transmission of Single / Multiple Photons formed at the transmitting end or through Quantum Teleportation between Nodes that share Entanglement Resources. The Quantum Channel serves as a medium for transmitting Qubit information in a Quantum Network composed of multiple Quantum Processors and can be configured as a single hop or multiple hop.

[0295] The technology group of Quantum Communication can be divided into Quantum Communication for Classical Bit (QC4Cbit) and Quantum Communication for Quantum Bit (QC4Qbit), which correspond to the information exchange technology group of Quantum Communication, and Quantum Network, which corresponds to the Infra Network support technology group for supporting Quantum Communication.

[0296] Information in QC includes both Bit information, the basic unit of Classical Information, and Qubit information (Quantum Bit), the basic unit of Quantum Information.

[0297]

[0298] FIG. 21 is a diagram illustrating an example of quantum communication for classical bits and quantum communication for quantum bits in a system applicable to the present disclosure.

[0299] QC can be classified into Quantum Communication for Classical Bit (QC4Cbit) and Quantum Communication for Quantum Bit (QC4Qbit) depending on the type of information to be transmitted. QC4Cbit converts the Classical Bit information to be transmitted (with or without applying reliability enhancement technologies such as Channel Encoder) into Qubit Basis (or Computation Basis) using a Quantum Encoder. In this process, the Classical Bit information 0 or 1 is Qubit Basis or It is converted into. The above Qubit Basis is logical information about the Quantum state and can be formed by a physical Quantum Basis. For example, at the transmitting and receiving ends, the Qubit Basis is formed from Horizontal Polarization and Vertical Polarization as the Quantum Basis. class It is possible to agree upon them in correspondence. The Qubit Basis generated at the transmitting end is transmitted to the receiving end via a Quantum Channel, and the Quantum Decoder at the receiving end decrypts the Qubit Basis by performing a measurement using the pre-agreed Quantum Basis. The measured Qubit Basis is then corresponded to Classical Bit information (with or without applying reliability enhancement techniques such as Channel Decoder), thereby obtaining the desired information. Assuming that the Qubit state is determined based on multiple Qubit Basis, the receiving end can obtain information deterministically or probabilistically depending on which Qubit Basis is used for the measurement. Based on these characteristics, technology groups such as Quantum Key Distribution in quantum cryptography and Quantum Secure Direct Communication in quantum direct communication can provide security between the transmitting and receiving ends.

[0300] QC4Qbit is a Qubit State generated by the transmitting end's Quantum Processor. It refers to a method in which it is transmitted to the receiver via a Quantum Channel, and the receiver uses the received Qubit State according to its purpose. In QC4Qbit, the Qubit State received by the receiver When using in a Quantum Processor, Qubit State without Measurement It can be used depending on the purpose. The Qubit State transmitted at this time It is a superposition state of Qubit Basis and generally It can be expressed as. In this case, the Qubit Basis is class and α and β are Probability Amplitudes, and It has a relationship. The method of transmitting Qubit State generated in a Quantum Processor can be by converting it into Photon and transmitting it directly, or by performing quantum teleportation based on an Entanglement Source shared between the transmitting and receiving ends in advance.

[0301] A Quantum Network is a medium that enables the exchange of quantum states between two physically separated quantum processors. The components constituting a Quantum Network include Quantum Channels, where quantum states are exchanged; Quantum Repeaters, which connect these channels; and Quantum Processors, which serve as the entities responsible for information exchange. Quantum Channels can be constructed through physical channels that transmit target Qubits based on Photons, and through Entanglements shared by two nodes. In this process, intermediate nodes, such as Quantum Repeaters or Trusted Nodes, may be introduced to transmit quantum information between nodes that do not directly share an Entanglement. The group of Quantum Network technologies, serving as infrastructure support technologies for Quantum Communication, includes Quantum Resource Allocation (QRA) technologies for forming Quantum Channels, as well as user authentication (e.g., Quantum Authentication) and data authentication (Quantum Signature) technologies that provide security between transmitting and receiving nodes.

[0302] Here, quantum cryptography refers to a communication method in which the exchange of secret cryptographic keys is securely performed between spatially separated senders and receivers, and encrypted communication is conducted between the senders and receivers using the exchanged secret keys. Additionally, direct quantum communication refers to a communication method in which classical message information to be transmitted is securely shared directly through a quantum channel. Furthermore, quantum teleportation refers to a communication method in which quantum information itself is shared through a quantum entanglement channel.

[0303] Below, we will explain the characteristics of quantum information that form the basis of quantum communication, quantum cryptography, direct quantum communication, quantum teleportation, and other technologies related to quantum communication.

[0304]

[0305] Characteristics of quantum information

[0306] Since quantum communication is a means of transmitting quantum information, this section examines the characteristics of quantum information. The quantum bit, or qubit, is used as the basic unit of information in quantum information systems. A quantum system is a linear system defined in Hilbert space, and a qubit can be represented using state vectors in Hilbert space.

[0307] (1) Superposition

[0308] A characteristic of quantum information compared to conventional digital information is that information can be superimposed. In conventional digital systems, the bit, the smallest unit for processing information, holds a value of one of two different states: '0' or '1'. On the other hand, a qubit can have multiple different states in Hilbert space and can exist in a superposition state where these different states overlap. A qubit is an orthogonally normalized basis state vector existing in Hilbert space. class It can be expressed as [Mathematical Formula 1] below using [...].

[0309]

[0310] Here, and In each case, when the qubits associated with a and b are measured, the qubit states after the measurement are respectively and It represents the probability of this occurring. As shown in the formula above, the state of information in a quantum system exists probabilistically, and even if two pieces of quantum information existing in two quantum systems of the same state are measured using the exact same method, the results may differ. In other words, since quantum information in a quantum system is composed of probabilities, the result of a measurement cannot be accurately predicted. The moment a qubit is measured, it collapses into one of its superposition states. That is, before a qubit is measured, it exists in a superposition of 0 and 1, but the moment it is measured, the qubit's state becomes fixed as either 0 or 1. Furthermore, once a qubit is measured, its state cannot return to the state prior to the measurement.

[0311] (2) Entanglement

[0312] Another characteristic of quantum information is entanglement, a property that plays a crucial role in differentiating quantum systems from classical information. Entanglement refers to a state where the results of different observations are closely related to one another. The entangled state in a quantum system acts more strongly than any correlation existing in classical mechanics. Two qubits can be represented in Hilbert space as a superposition of four fundamental quantum states. Here, the aforementioned four fundamental quantum states are It includes. The fundamental quantum states of two qubits can be represented through tensor operations on the fundamental states of individual qubits. When the states of two qubits cannot be represented by the tensor product of a single qubit, such qubit states are called entangled states. As representative examples of entangled qubits, there are four cases referred to as EPR (Einstein-Podolsky-Rosen) states, which are as shown in [Equation 2] below.

[0313]

[0314] The above EPR state is also called the Bell state, and in each qubit, the measurement result of the preceding qubit always affects the measurement of the following qubit. Furthermore, each Bell state is orthogonal to other Bell states.

[0315] (3) Non-cloning property

[0316] The non-copyable characteristic means that qubit information cannot be copied in a closed quantum information system. For example, assuming two memories capable of storing bit information in a conventional information system, the first memory stores arbitrary bit information 'a' having a value of either 0 or 1, and the second memory is initialized to '0'. In the case of a conventional information system, the state of the two memories can be changed from 'a0' to 'aa' through a copy operation. Conversely, assuming two memories capable of storing qubit information in a quantum information system, the first memory is It is initialized to, and the second memory is It is initialized to. In the case of a quantum information system, the memory state is ' 'at ' It cannot be copied. Due to this characteristic, it is impossible to implement copy-based iteration codes for error correction code design in quantum information systems.

[0317] (4) Continuity of errors

[0318] In conventional information systems, information consists of '0' and '1', and errors are represented when '0' changes to '1' or '1' changes to '0'. Qubit It can be thought of as a single point existing on the surface of a Bloch sphere; when an error occurs in a qubit in a conventional information system, it is called a bit flip error. Such an error means that the value of 'a' changes to the value of 'b', which implies that when measuring a qubit, the measurement probability has changed from the initial value due to the error. Other forms of errors different from those in conventional information systems include class There is a phase flip error in which the phase between them changes by 180 degrees. Since all points on the sphere where qubits exist exist continuously, errors in quantum information systems have a continuous nature, which means that in addition to bit flip errors and phase flip errors, the quantum state can change to any point on the sphere.

[0319] FIG. 22 is a diagram illustrating an example of three basic properties of quantum information that can be used for information communication in a system applicable to the present disclosure.

[0320] Among the characteristics of quantum information described above, the three properties of quantum information that can be used in information communication can be summarized as shown in Fig. 22.

[0321] (5) Decay of quantum information by measurement

[0322] Quantum information exists probabilistically, and at the moment of measurement, it decays into the ground state and cannot be restored to the state prior to measurement. FIG. 22 is a diagram illustrating the process of measuring quantum information by a measurement operator. In FIG. 22, the quantum information after measurement is the probability |a| 2 and |b| 2 Depending on this, it decays into one of the base states that constitute the information. The decayed information does not contain the information of 'a' or 'b' and cannot return to the state prior to measurement. From the perspective of quantum error correction codes, in order to apply quantum error correction codes in a quantum information system, codewords must be generated without measuring the information during the process of encoding and restoring the information, or without measurements that would alter the information, and the information must be restored from errors that occurred in the channel.

[0323]

[0324] quantum cryptography communication

[0325] As previously explained, quantum cryptography communication refers to a method in which secret cryptographic keys are exchanged between spatially separated senders and receivers, and encrypted communication is performed between them using the exchanged secret keys. In next-generation communication technologies, the security of information may be treated as more important than the transmission speed or efficiency of information transmission. Information protection aims to ensure that the original information cannot be identified even if it is exposed; to achieve this objective, encryption and decryption technologies, represented by encryption key generation and management technologies, are utilized, and quantum cryptography can be applied to these encryption and decryption processes. More specifically, quantum communication refers to the process of transmitting information contained in a quantum state from a sender to a receiver. In this case, the information contained in the quantum state may be binary digital information consisting of 0 or 1, or information in which 0 and 1 are superimposed. In particular, in the case of quantum communication where binary information of 0 and 1 is transmitted in a quantum state, if someone intercepts the binary information transmitted from the sender to the receiver, the receiver immediately recognizes the presence of the interceptor, and based on this immediate recognition of the interceptor, the receiver can stop the communication and take appropriate measures to avoid interception. Quantum cryptography is the application of these characteristics of quantum communication to the transmission of cryptographic keys, and reflecting the characteristic that the sender and receiver share the cryptographic key generated by applying the characteristics of quantum communication to the transmission of cryptographic keys, the above method can be referred to as Quantum Key Distribution (QKD).

[0326] Below, we will examine the protocol for quantum cryptographic key distribution and the post-processing steps for quantum key distribution.

[0327] (1) Quantum Key Distribution Protocol (QKD protocol)

[0328] Conventional cryptographic systems are based on the computational complexity of prime factorization algorithms; therefore, if an eavesdropper using a quantum computing device—which offers significantly faster processing speeds than conventional computing devices—is present, there is a risk of cryptographic keys being exposed due to eavesdropping during the key distribution process. Since quantum key distribution methods are based on the quantum uncertainty principle, the risk of cryptographic keys being intercepted by an eavesdropper can be completely eliminated. In the case of quantum information, quantum bits (qubits) are used as the unit of information, and when implementing quantum key distribution, qubits for distribution are realized using single photons. Photons have the advantage of being highly suitable for long-distance communication as they interact almost exclusively with each other.

[0329] The BB84 protocol, one of the representative quantum cryptography key distribution protocols, is constructed based on the uncertainty principle. Therefore, according to the BB84 protocol, if the information transmitted by the sender (Alice) to the receiver (Bob) during the key distribution process is intercepted by an eavesdropper (Eve), traces of the interception will remain in the information received by the receiver (Bob), and through this, the receiver (Bob) can know that the information has been intercepted.

[0330] The general operation of the BB84 protocol is as follows.

[0331] 1) The transmitting end (Alice) determines two random bit sequences related to bit information and polarizer information, respectively. At this time, the polarization results of the bits according to the polarizer are as shown in Table 3 below, and the correspondence relationship of the types of polarizers for the bits constituting the random bit sequence related to the polarizer information is as shown in Table 4. That is, referring to Table 4, when the bit at a specific position constituting the random bit sequence related to the polarizer information is 1, among the bits constituting the random bit sequence related to the bit information, the specific bit included in the random bit sequence related to the bit information corresponding to the bit at the specific position can be polarized by a diagonal polarizer.

[0332] Cross diagonal 0- / 1|\

[0333] 0 cross shape 1 diagonal

[0334] 2) Based on two determined random bit sequences, the transmitting end polarizes the bit sequence associated with the bit information onto a polarizing plate determined based on the bit sequence associated with the polarizing plate information, and transmits the acquired polarized photons to the receiving end (Bob). 3) The receiving end (Bob) measures the photons transmitted from the transmitting end (Alice) using an arbitrary polarizing plate. At this time, some of the photons transmitted by the transmitting end (Alice) may be lost due to factors such as noise in the quantum channel, and accordingly, the receiving end (Bob) may not be able to receive some of the photons.

[0335] As described above, after the process of transmitting quantum information through the quantum channel is completed, the sender (Alice) and the receiver (Bob) perform a post-processing step to share the same secret key through the public channel.

[0336] 4) The receiver (Bob) transmits information to the transmitter (Alice) about which photon it has received and also provides information about the polarizing plate at that location. At this time, the transmitter (Alice) also provides information about the polarizing plate at the location corresponding to the photon received by the receiver (Bob).

[0337] 5) Based on the polarizing plate information exchanged between them, the transmitter (Alice) and the receiver (Bob) obtain bit values ​​corresponding to bit positions where the same polarizing plate is used. The receiver (Bob) discloses only some of the obtained bit values ​​to the transmitter (Alice). If the sequence disclosed by the receiver (Bob) is the same as the bit value transmitted by the transmitter (Alice), the remaining sequence not disclosed by the receiver (Bob) is used as a secret key. Here, if the same polarizing plate is used for photon transmission by the transmitter (Alice) and photon reception by the receiver (Bob), respectively, the information transmitted by the transmitter (Alice) and the information received by the receiver (Bob) will be the same. If the information transmitted by the transmitting end (Alice) and the information received by the receiving end (Bob) differ even though the same polarizer was used for photon transmission by the transmitting end (Alice) and photon reception by the receiving end (Bob), it can be determined that eavesdropping has occurred based on the ratio of the information with different values ​​among all information for which the same polarizer was used.

[0338] (2) Post-processing of quantum key distribution

[0339] The post-processing of quantum key distribution is a process that resolves discrepancies between the sender and receiver's cryptographic keys caused by eavesdropping attacks or imperfections in the quantum channel and quantum detection device. Through this post-processing, identical key information between the sender and receiver is guaranteed, while simultaneously minimizing the correlation between exposed information and key information to prevent eavesdroppers from inferring key information from the exposed data. This post-processing consists of information reconciliation, privacy amplification, and authentication.

[0340] 1) Information correction

[0341] Information correction is a process that resolves discrepancies between a sender and receiver caused by various factors, ensuring that they possess identical information. In other words, it is identical to the error correction process in mobile communications that rectifies errors in receiver information. However, unlike conventional mobile communications where information is pre-encoded for error correction, correction is performed through additional information transmission after the encryption key transmission between the sender and receiver is completed. Since this additional information transmission takes place via a public channel with a zero error rate—similar to a typical internet environment—a problem may arise where a certain amount of information is exposed to eavesdroppers; therefore, protocols exist to address this issue. A representative example of an information correction protocol is the Cascade protocol, which consists of binary search and traceback algorithms and is characterized by being executed iteratively over multiple stages.

[0342] 2) Amplification of secrecy

[0343] Confidentiality amplification is a process that reduces the correlation between the information possessed by an eavesdropper and the cryptographic key information. As previously explained, a certain amount of information is exposed to the eavesdropper during the information correction process used to rectify errors in the cryptographic key. In other words, since an eavesdropper can obtain a certain amount of information regarding the cryptographic key, the amount of exposed information is removed from the key data to ensure perfect security. Because the additional information used to correct errors during the information correction process for the cryptographic key shared between the sender and receiver is exposed to the eavesdropper, only a portion of the key retains perfect secrecy. Therefore, confidentiality amplification can also be understood as a process of refining information so that the cryptographic key shared between the sender and receiver can maintain perfect secrecy. A representative example of confidentiality amplification is Universal Hashing, which operates based on the property that for any two different input values ​​x and y, the probability g(x) = g(y) is maximized (where m is the size of the hash function range). The characteristics of universal hashing can significantly reduce the probability that an eavesdropper can guess the encryption key.

[0344] 3) Certification

[0345] Authentication is not a process unique to quantum key distribution, but is necessary to counter man-in-the-middle attacks by eavesdroppers. A man-in-the-middle attack occurs when an eavesdropper intercepts information transmitted by a sender, alters it, and re-transmits the altered information to the receiver. Due to man-in-the-middle attacks, the receiver must verify that the received information was sent from the correct sender. To this end, a hash function is predefined between the sender and receiver, and the sender uses this hash function to generate a hash tag for the cryptographic key and transmits it to the receiver along with the key. Subsequently, the receiver inputs the received cryptographic key into its own hash function and checks if the generated hash tag matches the hash tag transmitted by the sender, thereby confirming that the sender is the legitimate sender. The authentication process is performed concurrently with all post-processing steps of key distribution; specifically, information transmission between the sender and receiver proceeds alongside authentication during the information correction and secret amplification processes.

[0346]

[0347] Quantum Direct Communication (QDC)

[0348] Quantum Direct Communication shares similarities with Quantum Key Distribution (QKD), which is used as a 4 / 5G secure communication technology, in that it is a technique for securely transmitting classical message information. However, while QKD is a method of sharing symmetric secret key information, which is necessary to securely transmit message information sent over a classical channel, between the sender and receiver via a quantum channel using the quantum mechanical property of being unclonable, QDC differs in that it is a method of sharing classical message information to be transmitted directly via a quantum channel, rather than a secret key.

[0349] Quantum secure direct communication (QSDC) is a group of QDC technologies that has the advantage of ensuring high security by not generating leakage information related to transmitted information, and can be broadly classified into DL04 QSDC and Two-step QSDC techniques that use a single photon light source and an entangled light source, respectively.

[0350] (1) DL04 QSDC protocol

[0351] FIG. 23 is a diagram illustrating an example of the DL04 QSDC protocol in a system applicable to the present disclosure.

[0352] Specifically, FIG. 23 is a diagram showing an example of the protocol of a single-photon-based DL04 QSDC technique and the overall process of operations performed in said protocol.

[0353] The single-photon-based DL04 QSDC technique is a method for directly transmitting a message (information) to be transmitted through a quantum channel, and 1 bit of classical information per photon can be transmitted. Referring to Fig. 23, the DL04 QSDC protocol in which the DL04 QSDC technique is performed can be composed of a transmitting and receiving end (Alice, Bob), a quantum channel, and a classical channel.

[0354] 1) The receiver (Bob) constructs a single-photon train based on polarization information. Each single photon included in the constructed single-photon train is It can be generated randomly as one of the four states.

[0355] Here, the generated single-photon train is used by the receiver (Bob) to transmit information about the initial quantum state to the transmitter (Alice).

[0356] 2) Next, the receiver (Bob) transmits information about the initial quantum state based on the generated single-photon train to the transmitter (Alice). At this time, some of the information about the initial quantum state can be used to estimate the Quantum bit error rate (QBER).

[0357] 3) Subsequently, the receiver (Bob) transmits position information to the transmitter (Alice) via a classical channel to be used for QBER estimation, and the transmitter (Alice) performs measurements by randomly selecting an orthogonal or diagonal basis for some of the information used for QBER estimation based on the position information among the single photons included in the received single photon train. At this time, the transmitter (Alice) transmits measurement information regarding the basis used for measurement and the value of the measured information to the receiver (Bob), and the receiver (Bob) calculates the QBER by comparing the received information with the information it initially generated, and determines whether eavesdropping has occurred, only for the information among the received information where the same basis is used. If the QBER value is higher than the threshold value for determining eavesdropping, the receiver (Bob) determines that the quantum channel is unsafe and stops communication. Conversely, the receiver (Bob) can perform subsequent operations.

[0358] 4)-5) If the transmitting end (Alice) determines, based on the QBER estimation result, that there is no eavesdropper, it encodes the message (information) to be transmitted based on the remaining single-photon sequence, excluding the single-photon used for QBER estimation from the total single-photon sequence received in step 2). Here, the encoding can be performed through an identity operation denoted by I, which causes no change, when the information contained in the message is 0, and through a unitary operation defined by U when the information is 1. The unitary operation It may include.

[0359] 6) Next, the transmitter (Alice) transmits the encoded single-photon sequence to the receiver (Bob). Here, the receiver (Bob) measures each single photon using the same basis information as the initial measurement basis to read a message (information) from the transmitted single-photon sequence. Some of the information from the same basis information as the initial measurement basis is used for QBER estimation, and the receiver (Bob) can receive the position of the photon and the value of the encoding bit to be used for QBER estimation from the transmitter (Alice) over a public channel.

[0360] 7)-8) The receiver (Bob) can determine the values ​​of parameters to be used for decoding based on the measured QBER value and perform decoding on the received message.

[0361] Through steps 1) to 8) above, the QSDC technique can safely transmit message information generated at the transmitting end to the receiving end through a quantum channel. That is, the transmitting end performs QBER estimation on the initial state generated by the receiving end, and based on the QBER estimation, can verify whether the initial state is safe from eavesdroppers; thus, message information can be encoded in an initial state that is guaranteed to be safe from eavesdroppers. Therefore, even if an eavesdropper exists in the backward quantum channel, an eavesdropper who does not know the value of the initial state cannot obtain meaningful message information from the encoded message even if they intercept it, and thus security can be guaranteed.

[0362] The single-photon-based QSDC technique described in Fig. 23 can enable communication with high security without using a quantum secret key, but it has limitations in that it only allows the transmission of classical information at a rate of 1 bit per photon, and the maximum data rate cannot exceed the maximum detection speed of the single photon detector (SPD) due to the dead time of the SPD. In a quantum information transmission system, the transmitter typically generates a quantum state to be transmitted based on the properties (characteristics) of the photon, attenuates the signal to the single-photon level through a signal attenuator (VOA), and transmits it to the receiver over a quantum channel. Here, the properties (characteristics) of the photon may include polarization, phase, time information, etc. The receiver detects the signal transmitted by the transmitter using a single-photon detector. At this time, information transmitted via photons may not be fully detected at the receiver due to various factors, and loss may occur. These various factors may include channel-related losses and the low measurement accuracy of the SPD. In particular, if the signal generation rate from the light source (LD) exceeds the maximum signal detection rate from the detector, the loss of the received signal may increase further. Such loss of the received signal may be caused by dead time, which is the time required for the SPD to return to a ready state to detect the next signal (photon) after detecting a signal at a specific point in time. More specifically, the dead time refers to the time during which no signal is detected by the SPD while the detector is turned off and recharged, following the occurrence of avalanche breakdown based on the generation and emission of numerous electrons and holes caused by the influx of light.

[0363] (2) Two-step QSDC protocol

[0364] FIG. 24 is a diagram illustrating an example of a two-step QSDC protocol in a system applicable to the present disclosure.

[0365] Two-step QSDC is a technique derived from super dense coding as shown in Fig. 24, which uses four types of single entangled photons (EPR-pairs) of [Equation 3] below to safely transmit 2 bits of classical information.

[0366]

[0367] Superdensity coding is a technique that enables the transmission of classical information using quantum communication. When using superdensity coding, a transmitter can send 2 bits of classical information to a distant receiver via a quantum channel using a single qubit. When using superdensity coding, it is assumed that the transmitter possesses the first qubit in the entangled state, and the receiver possesses the second qubit in the entangled state. There are four possible cases for the qubit that the transmitter intends to transmit: '00', '01', '10', and '11'. For these four cases, the transmitter performs qubit operations (expressed in the form of I, Z, X, and iY) corresponding to each of the four cases on the entangled qubit it possesses, and then transmits the information through the quantum channel. Each operation performed by the transmitter can be understood as serving to transform the entangled state shared by the transmitter and receiver into a different basis that is orthogonal to each other. The receiving end measures the received qubit and the qubit it owns (the second qubit in the entangled state) to recover the 2 bits of information transmitted by the transmitting end.

[0368] In FIG. 24, SR (Storage lines) 1 to 4 are optical delay lines that serve as quantum memory, CE (Checking Eavesdropping) 1 and 2 check for the presence of an eavesdropper, CM (Coding Message) encodes classical message information to be transmitted from the transmitter (Alice) to the receiver (Bob), EPR- source generates an entangled light source, and Bell state measurement measures entangled photon pairs.

[0369] In two-step QSDC, unlike super dense coding, entangled photon pairs are not transmitted all at once to ensure security, but are divided into two stages and transmitted through an upper quantum channel and a down quantum channel. Since eavesdropping on an entangled light source requires knowing the information from both sides of the entangled photon pair to determine the transmitted information through measurement, the two-step technique uses a method in which one side of the entangled photon pair is sent first to verify security against eavesdropping, and only when security is guaranteed is the message information to be sent coded into the remaining part of the photon pair and transmitted.

[0370]

[0371] Transport Layer Security (TLS)

[0372] FIG. 25 is a diagram illustrating an example of a Transport Layer Security (TLS) procedure in a system applicable to the present disclosure.

[0373] Transport Layer Security (TLS), formerly known as Secure Sockets Layer (SSL), is a protocol used to enable applications to communicate securely over a network, preventing the alteration of information through eavesdropping on email, web browsing, messaging, and other protocols. Both SSL and TLS are client / server protocols that ensure communication privacy by providing security to the network using encryption protocols that offer security over the network. When a server and a client communicate via TLS, it ensures that no third party can alter or eavesdrop on messages. TLS 1.0 and 1.1 are currently not supported; TLS 1.2 was drafted in RFC 5246 under the IEFT in 2008, and TLS 1.3 was drafted in RFC 8446 in 2018.

[0374] The TLS procedures of RFC5246 and RFC8446 are summarized as shown in Figure 25.

[0375] Referring to Fig. 25, the client sends a client hello message to the server.

[0376] The client receives a Server Hello message from the server.

[0377] The client receives a server certificate message from the server.

[0378] The client receives a server key exchange message from the server.

[0379] The client receives a certificate request message from the server.

[0380] The client receives a Server hello done message from the server.

[0381] The client sends a certificate message to the server.

[0382] The client sends a client key exchange message to the server.

[0383] The client sends a certificate verify message to the server.

[0384] The client sends a Change cipher spec message to the server.

[0385] The client sends a finished message to the server.

[0386] The client receives a Change cipher spec message from the server.

[0387] The client receives a finished message from the server.

[0388] The client communicates with the server.

[0389]

[0390] - RSA-based TLS 1.2 Handshake Process

[0391] 1. The Client transmits to the Server the encryption algorithm, protocol version, and Client Random Data corresponding to the supported Cipher Suite.

[0392] 2. Based on the list of Cipher Suits received from the Client, the Server transmits the selected encryption algorithm, protocol version, certificate, and Server Random Data to the Client.

[0393] 3. The Client verifies the certificate received from the Server, combines Client Random Data and Server Random Data in a pre-agreed manner to generate a "Pre Master Secret" value, encrypts it using the Server's public key received from the Server (RSA public key encryption method), and transmits it to the Server.

[0394] 4. The Server decrypts the received encrypted data using its private key to obtain the "Pre Master Secret" value. Subsequently, the Cline and the Server convert the "Pre Master Secret" value into a "Master Secret" value in a pre-agreed manner and generate a "Session Key" using that information.

[0395] 5. The authenticated Client and Server begin transmitting and receiving data using symmetric key encryption with the "Session Key".

[0396]

[0397] - DHE-based TLS 1.3 Handshake Process

[0398] 1. The Client generates a secret key and a public key using the encryption algorithm, protocol version, and Client Random Data corresponding to the supported Cipher Suite, and the Diffie-Hellman Key Exchange algorithm, and then transmits the public key to the Server.

[0399] 2. Based on the list of Cipher Suits received from the Client, the Server generates a secret key and a public key using the selected encryption algorithm, protocol version, Server Random Data, and the Diffie-Hellman Key Exchange algorithm, and then transmits the public key to the Client.

[0400] 3. The Client and Server generate a "Pre Master Secret" value using their respective private keys and the other party's public key, and convert the "Pre Master Secret" value into a "Master Secret" value using the exchanged Random Data. Then, a Session Key is generated using a hash function such as HMAC-SHA256 or HMAC-SHA384.

[0401] 4. The authenticated Client and Server begin transmitting and receiving data using symmetric key encryption with the "Session Key".

[0402]

[0403] Hypertext Transfer Protocol

[0404] Hypertext Transfer Protocol (HTTP) is an abbreviation for a protocol that transmits documents that can be linked to other documents via hypertext links. It is used on the Web as a protocol that allows clients to exchange information with servers. HTTP / 2 (HTTP Version 2) enables header compression and parallel transmission over a single TCP connection, and it is a protocol that improves network resource efficiency through binary protocols. It was released as RFC 7540, established by the International Internet Standardization Organization (IETF). HTTP / 2 connections are established based on TLS, and TLS 1.2 or TLS 1.3 is used.

[0405]

[0406] The symbols / abbreviations / terms used in this disclosure are as follows.

[0407] - TLS: Transport Layer Security

[0408] - PRINS: Protocol for N32 Interconnect Security

[0409] - SBI: Service based Interfaces

[0410] - SEPP: Security Edge Protection Proxy

[0411] - NF: Network Function

[0412] - IPX: IP Exchange

[0413] - JSON: JavaScript Object Notation

[0414] - QPKI: Quantum Public Key Infrastructure

[0415] - QSDC: Quantum Secure Direct Communication

[0416] - QBER: Quantum Bit Error Rate

[0417]

[0418] Technical problem to be solved in the present disclosure

[0419] FIG. 26 is a diagram illustrating an example of an N32 protocol stack in a system applicable to the present disclosure.

[0420] In 5G, SEPP functions are newly defined to protect signaling messages between network functions of mobile networks in a roaming environment. SEPP provides an application layer protection scheme to ensure the integrity and confidentiality of messages. Generally, when the SEPPs of each mobile network are directly connected without a separate IPX (Interconnect Provider) between the two mobile networks, messages between SEPPs are protected using the TLS protocol. However, when the two mobile networks are connected via IPX, an application layer integrity protection and encryption scheme for the N32 interface is applied to prevent data leakage or tampering while passing through the IPX between the SEPPs of the two networks. SEPP uses JSON Web Encryption (RFC 7516) to protect messages on the N32 interface, while IPX uses JSON Web Signatures (RFC 7515) to verify integrity during data transmission. The Protocol Stack for the N32 Interface can be represented as shown in Fig. 26 according to 3GPP TS 29.573. Figure 26 shows the 3GPP TS 29.573 Figure 4.3.1-1: N32 Protocol Stack.

[0421] The N32 interfaces (N32-c and N32-f) use the HTTP / 2 protocol (TS 29.573 clauses 4.2.2 and 4.2.3, respectively) with JSON (TS 29.573 clause 4.2.4) as the application layer serialization protocol. For the security protection at the transport layer, the SEPPs shall support TLS as specified in clause 13.1.2 of 3GPP TS 33.501.

[0422] For the N32-f interface, the application layer (i.e., the JSON content) encapsulates the complete HTTP / 2 message between the NF service consumer and the NF service producer by transforming the HTTP / 2 headers and the body into specific JSON attributes as specified in TS 29.573 clause 6.2. For scenarios where there are RIs between SEPPs, refer to TS 29.573 clause 4.3.2 for TLS / PRINS usage.

[0423] As mentioned above, security for the Application Layer is configured in PRINS (Protocol for N32 Interconnect Security), and the procedure is described as follows in 3GPP TS 33.501 clause 13.2.

[0424]

[0425] 13.2 Application layer security on the N32 interface

[0426] 13.2.1 General

[0427] The internetwork interconnect allows secure communication between service-consuming and service-producing NFs in different PLMNs. Security is enabled by the Security Edge Protection Proxies of both networks (called cSEPP and pSEPP, respectively). The SEPPs enforce protection policies regarding application layer security to ensure the integrity and confidentiality protection of the elements to be protected.

[0428] It is assumed that there are interconnect providers between cSEPP and pSEPP. The interconnect provider with which the cSEPP operator has a business relationship is called cIPX, and the interconnect provider with which the pSEPP operator has a business relationship is called pIPX. There may be other interconnect providers between cIPX and pIPX, but they are assumed to be transparent and simply forward the communication.

[0429] The SEPPs use JSON Web Encryption (JWE, specified in RFC 7516

[0059] ) for protecting messages on the N32-f interface, and the IPX providers use JSON Web Signatures (JWS, specified in RFC 7515

[0045] ) for signing their modifications needed for their mediation services.

[0430] For example, consider the case where an NF consuming a service sends a message to an NF creating a service. If this communication is made through a PLMN operator via the N32-f interface as shown in Figure 13.2.1-1 below, the cSEPP receives the message and applies symmetric key-based application layer protection as defined in Section 13.2 of this document. The resulting JWE object is delivered to the intermediary. pIPX and cIPX may provide a service that requires modifying a message transmitted through the interconnect (N32) interface. These modifications are added to the message as a digitally signed JWS object containing the desired changes. The pSEPP receiving the message from pIPX validates the JWE object, extracts the Original Message sent by the NF, verifies the signature of the JWS object, and applies patches corresponding to the intermediary's modifications. Then, the pSEPP delivers the message to the target NF. (For illustration, consider the case where a service-consuming NF sends a message to a service-producing NF. If this communication is across PLMN operators over the N32-f interface, as shown in Figure 13.2.1-1 below, the cSEPP receives the message and applies symmetric key based application layer protection, as defined in clause 13.2 of the present document. The resulting JWE object is forwarded to intermediaries.The pIPX and cIPX can offer services that require modifications of the messages transported over the interconnect (N32) interface. These modifications are appended to the message as digitally signed JWS objects which contain the desired changes. The pSEPP, which receives the message from pIPX, validates the JWE object, extracts the Original Message sent by the NF, validates the signature in the JWS object and applies patches corresponding to the modifications by intermediaries. The pSEPP then forwards the message to the destination NF.).

[0431]

[0432] FIG. 27 is a diagram illustrating an example of an overview of PRINS (Protocol for N32 Interconnect Security) in a system applicable to the present disclosure.

[0433] Figure 27 shows Figure 13.2.1-1: Overview of PRINS.

[0434] The N32 interface consists of:

[0435] - N32-c connection: For management of the N32 interface, and

[0436] - N32-f connection: A connection for sending JWE and JWS protected messages between the SEPPs.

[0437] The application layer security protocol for the N32 interface described in clause 13.2 of this document is called PRINS.

[0438]

[0439] 13.2.2 N32-c connection between SEPPs

[0440] 13.2.2.1 General (13.2.2.1 General)

[0441] When the negotiated security mechanism to use over N32, according to the procedure in clause 13.5, is PRINS (described in clause 13.2), the SEPPs use the established TLS connection (hereinafter referred to as the N32-c connection) to negotiate the N32-f specific associated security configuration parameters required to enforce application layer security on HTTP messages exchanged between the SEPPs. A second N32-c connection is established by the receiving SEPP to enable it to not only receive but also send HTTP requests.

[0442] The N32-c connection is used for the following purposes:

[0443] Key Agreement: The SEPPs independently export keying material associated with the first N32-c connection between them and use it as the pre-shared key for generating the shared session key.

[0444] - Parameter exchange: The SEPPs exchange security-related configuration parameters that they need to protect HTTP messages exchanged between the two Network Functions (NFs) in their respective networks.

[0445] - Error handling: The receiving SEPP sends an error signaling message to the peer SEPP when it detects an error on the N32-f interface.

[0446] The following security-related configuration parameters may be exchanged between the two SEPPs:

[0447] a. Modification policy. A modification policy, as specified in clause 13.2.3.4, indicates which IEs can be modified by an IPX provider of the sending SEPP.

[0448] b. Data-type encryption policy. A data-type encryption policy, as specified in 13.2.3.2, indicates which types of data will be encrypted by the sending SEPP.

[0449] c. Cipher suites for confidentiality and integrity protection, when application layer security is used to protect HTTP messages between two SEPPs.

[0450] d. N32-f context ID. As specified in clause 13.2.2.4.1, N32-f context ID identifies the set of security-related configuration parameters applicable to a protected message received from a SEPP in a different PLMN.

[0451]

[0452] 13.2.2.2 Procedure for Key agreement and Parameter exchange

[0453] 1. The two SEPPs shall perform the following cipher suite negotiation to agree on a cipher suite to use for protecting NF service-related signaling over N32-f.

[0454] 1a. The SEPP that initiated the first N32-c connection shall send a Security Parameter Exchange Request message to the responding SEPP, which shall include the initiating SEPP's supported cipher suites. The cipher suites shall be ordered in the initiating SEPP's priority order. The SEPP shall provide an initiating SEPP's N32-f context ID for the responding SEPP.

[0455] 1b. The responding SEPP shall compare the received cipher suites to its own supported cipher suites and select, based on its local policy, a cipher suite supported by both the initiating SEPP and the responding SEPP.

[0456] 1c. The responding SEPP shall send a Security Parameter Exchange Response message to the initiating SEPP, including the selected cipher suite for protecting the NF service-related signaling over N32. The responding SEPP shall provide a responding SEPP's N32-f context ID for the initiating SEPP.

[0457] 2. The two SEPPs may perform the following exchange of data-type encryption policies and modification policies. Both SEPPs shall store protection policies sent by the peer SEPP:

[0458] 2a. The SEPP which initiated the first N32-c connection shall send a Security Parameter Exchange Request message to the responding SEPP including the initiating SEPP's Data-type encryption policies, as described in clause 13.2.3.2, and Modification policies, as described in clause 13.2.3.4.

[0459] 2b. The responding SEPP shall store the policies if sent by the initiating SEPP.

[0460] 2c. The responding SEPP shall send a Security Parameter Negotiation Response message to the initiating SEPP with the responding SEPP's suite of protection policies.

[0461] 2d. The initiating SEPP shall store the protection policy information if sent by the responding SEPP.

[0462] 3. The two SEPPs shall exchange IPX security information lists that contain information on IPX public keys or certificates that are needed to verify IPX modifications at the receiving SEPP.

[0463] 4. The two SEPPs must use the TLS export function to export key material from the TLS session established between the two SEPPs. For TLS 1.2, the export tool specified in RFC 5705

[0061] must be used. For TLS 1.3, the export tool described in Section 7.5 of RFC 8446

[0060] must be used. The exported key must be used as the master key to derive the session key and IV for the N32-f context, as specified in Section 13.2.4.4.1. (4. The two SEPPs shall export keying material from the TLS session established between them using the TLS export function. For TLS 1.2, the exporter specified in RFC 5705

[0061] shall be used. For TLS 1.3, the exporter described in section 7.5 of RFC 8446

[0060] shall be used. The exported key shall be used as the master key to derive session keys and IVs for the N32-f context as specified in clause 13.2.4.4.1.)

[0464] 5. When the responding SEPP needs to initiate traffic (e.g., error reporting) in the reverse direction to the sending SEPP, the responding SEPP in the first N32-c connection shall now set up a second N32-c connection by establishing a mutually authenticated TLS connection with the peer SEPP.

[0465] Note: The second N32-c connection setup by the responding SEPP does not perform the negotiation of steps 1-4.

[0466] 6. The two SEPPs start exchanging NF to NF service-related signaling over N32-f and tear down the N32-c connection. The SEPPs may initiate new N32-c TLS sessions for any further N32-c communication that may occur over time while application layer security is applied to N32-f.

[0467] 13.2.2.3 Procedure for error detection and handling in SEPP

[0468] Errors can occur on an active N32-c connection or on one or more N32-f connections between two SEPPs.

[0469] When an error is detected, the SEPP must map the error to an appropriate cause code. The SEPP must generate a signaling message that includes the cause code as one of its parameters to inform the peer SEPP.

[0470] The SEPP must use the N32-c connection to send the signaling message to the peer SEPP. If the previous N32-c connection has been terminated, it uses a new N32-c connection instead.

[0471] If an error occurs while processing one or more N32-f messages, the SEPP must include the corresponding message ID, obtained from the metadata section of the N32-f message, as a parameter in the signaling message. This allows the peer SEPP to identify the source message (HTTP request or response) on which the other SEPP found the error.

[0472] Note: Local action performed by either SEPP is out of 3GPP scope.

[0473]

[0474] FIG. 28 is a drawing illustrating an example of an N32-f context overview in a system applicable to the present disclosure.

[0475] Figure 28 shows the context overview of Figure 13.2.2.4.0-1: N32-f.

[0476] 13.2.2.4 N32-f Context (13.2.2.4 N32-f Context)

[0477] 13.2.2.4.0 N32-f parts (13.2.2.4.0 N32-f parts)

[0478] The N32-f context consists of the following main parts as illustrated in Figure 28 (Figure 13.2.2.4.0-1):

[0479] 1. N32-f context ID (1. N32-f context ID)

[0480] 2. N32-f peer information

[0481] 3. N32-f security context

[0482] 4. N32-f context information

[0483] 13.2.2.4.1 N32-f context ID (13.2.2.4.1 N32-f context ID)

[0484] The N32-f context ID is used to refer to an N32-f context. The SEPPs shall create the N32-f context ID during the N32-c negotiation and use it over N32-f to inform the receiving peer which security context to use for decrypting a received message.

[0485] The initiating SEPP must send its N32-f context ID to the responding SEPP, and the responding SEPP must use this to identify the N32-f connection with this initiating SEPP. Conversely, the responding SEPP must send its N32-f context ID to the initiating SEPP, and the initiating SEPP must use this to identify the N32-f connection with this responding SEPP. To prevent conflicts in N32-f context ID values, the SEPP must select a random value for the N32-f prior context ID during the exchange via N32-c. (The initiating SEPP shall send the initiating SEPP's N32-f context ID to the responding SEPP which the responding SEPP shall use to identify the N32-f connection with this initiating SEPP. Vice versa, the responding SEPP shall send the responding SEPP's N32-f context ID to the initiating SEPP which the initiating SEPP shall use to identify the N32-f connection with this responding SEPP. To avoid collision of the N32-f context ID value, the SEPPs shall select the N32-f precontext ID as a random value during the exchange over N32-c.)

[0486] During the transfer of application data over N32-f, the SEPP shall include the N32-f context ID in a separate IE in the metadata part of the JSON structure (see clause 13.2.4.2). The receiving SEPP shall use this information to apply the correct key and parameters during decryption and validation.

[0487] 13.2.2.4.2 N32-f peer information (13.2.2.4.2 N32-f peer information)

[0488] The N32-f connection between SEPPs is bidirectional and consists of two SEPP endpoints and possibly up to two IPX providers. The SEPPs are identified by the PLMN ID and additionally by a SEPP ID to distinguish between several SEPPs in the same PLMN. The remote SEPP address is necessary for routing the messages to the correct destination.

[0489] The N32-f peer information shall consist of the following parameters:

[0490] - Remote PLMN ID; (- Remote PLMN ID;)

[0491] - Remote SEPP ID; (- Remote SEPP ID;)

[0492] - Remote SEPP address.

[0493] 13.2.2.4.3 N32-f security context (13.2.2.4.3 N32-f security context)

[0494] The N32-c initial handshake described in clause 13.2.2.2 establishes session keys, IVs, and negotiated cipher suites. Counters are used for replay protection. Modification policies are identified by modification policy IDs to verify received messages that have undergone IPX modifications.

[0495] The N32-f security context shall consist of the following parameters:

[0496] - Session keys

[0497] - Negotiated cipher suites

[0498] - Data type encryption policy IDs

[0499] - Modification policy list (if IPXs are used)

[0500] - Modification policy IDs

[0501] - IPX provider identifier (- IPX provider identifier)

[0502] - Counters

[0503] - IVs

[0504] - List of security information of the IPX providers connected to the SEPPs (IPX security information list)

[0505] - IPX provider identifier (- IPX provider identifier)

[0506] - List of raw public keys or certificates for that IPX

[0507] 13.2.2.4.4 N32-f context information

[0508] The N32-f context information shall consist of the following parameters:

[0509] - Validity

[0510] - Usage (PRINS)

[0511] 13.2.3 Protection policies for N32 application layer solution

[0512] 13.2.3.1 Overview of protection policies

[0513] The protection policy suite consists of a data-type encryption policy and a modification policy. Together, these policies determine which parts of a specific message must be protected as confidential and which parts can be modified by IPX providers. The SEPP must apply the protection policies for application layer protection of messages on the N32-f interface.

[0514] There are two types of protection policies:

[0515] - Data-type encryption policy: specifies which data types need to be confidentiality protected;

[0516] - Modification policy: Specifies which IEs are modifiable by intermediaries.

[0517] In addition, there is a mapping between the data types in the data-type encryption policy and the IEs in NF API descriptions, which is given in an NF-API data-type placement mapping.

[0518] 13.2.3.2 Data-type encryption policy

[0519] The SEPP shall contain an operator-controlled protection policy that specifies which types of data shall be encrypted. The defined data types are as follows:

[0520] - Data of the type 'SUPI';

[0521] - Data of the type 'authentication vector';

[0522] - Data of the type 'location data';

[0523] - Data of the type 'cryptographic material';

[0524] - Data of the type 'authorization token'.

[0525] The policy shall be specific per roaming partner. The policy shall include a policy identifier and a release number referring to the corresponding release.

[0526] The data-type encryption policies in the two partner SEPPs shall be equal to enforce a consistent ciphering of IE on N32-f.

[0527] 13.2.3.3 NF API Data-Type Placement Mapping

[0528] Each NF API data-type placement mapping shall contain the following:

[0529] - Which IEs contain data of the type 'SUPI' or type 'NAI'.

[0530] Which IEs contain data of the type 'authentication vector'.

[0531] Which IEs contain data of the type 'location data'.

[0532] Which IEs contain data of the type 'cryptographic material'.

[0533] Which IEs contain data of the type 'authorization token'.

[0534] The location of the IEs refers to the location of the IEs after the SEPP has rewritten the message for transmission over N32-f.

[0535] An NF API data-type placement mapping must also include data that identifies the NF API. That is, (An NF API data-type placement mapping shall furthermore contain data that identifies the NF API, namely)

[0536] - The name of the NF; (- The name of the NF;)

[0537] - API version; (- The API version;)

[0538] - An identifier for the NF API data-type placement mapping;

[0539] - The NF's 3GPP Release version.

[0540] Note: Larger networks can contain multiple NFs with the same API (e.g., three AMFs). The NF API policy applies to all NFs with the same API.

[0541] The NF API data-type placement mapping shall reside in the SEPP.

[0542] 13.2.3.4 Modification policy

[0543] The SEPP shall contain an operator-controlled policy that specifies which IEs can be modified by the IPX provider directly related to this particular SEPP. These IEs refer to the IEs after the sending SEPP has rewritten the message.

[0544] Each PLMN operator must agree on the modification policy with the IPX provider with whom they have a business relationship prior to establishing an N32 connection. Each modification policy applies to the individual relationship between the PLMN operator and the IPX provider. To cover the entire N32 connection, the two involved roaming partners must exchange their modification policies.

[0545] Note 1: To validate modifications for messages received on the N32-f interface, the operator's roaming partners must know the overall modification policy.

[0546] Note 2: Modification includes the removal and addition of new IE. Therefore, IE may not be present in the rewritten message.

[0547] The IEs that the IPX is allowed to modify shall be specified in a list providing an enumeration of JSON paths within the JSON object created by the SEPP. Wildcards may be used to specify paths.

[0548] This policy shall be specific per roaming partner and per IPX provider that is used for the specific roaming partner. The modification policy shall reside in the SEPP.

[0549] For each roaming partner, the SEPP must be able to store a receiving policy.

[0550] The following basic validation rules shall always be applied irrespective of the policy exchanged between two roaming partners:

[0551] - IEs requiring encryption should not be inserted at a different location in the JSON object.

[0552] 13.2.3.5 Provisioning of the policies in the SEPP

[0553] The SEPP shall include an interface that the operator can use to manually configure the protection policies in the SEPP.

[0554] The SEPP shall be able to store and process the following policies for outgoing messages:

[0555] - A generic data-type encryption policy;

[0556] - Roaming partner specific data-type encryption policies that take precedence over a generic data-type encryption policy if present;

[0557] - NF API data-type placement mappings; (- NF API data-type placement mappings;)

[0558] - Multiple modification policies to handle modifications that are specific per IPX provider and modification policies that are specific per IPX provider and roaming partner.

[0559] The SEPP shall also be able to store and process the following policies for incoming messages during the initial connection establishment via N32-c:

[0560] - Roaming partner specific data-type encryption policies;

[0561] - Roaming partner specific modification policies that specify which fields can be modified by which of its IPX providers.

[0562] 13.2.3.6 Policy Priorities in the SEPP (13.2.3.6 Precedence of policies in the SEPP)

[0563] This clause specifies the order of precedence of data-type encryption policies and modification policies available in a SEPP.

[0564] In increasing order of precedence, the following policies apply for a message to be sent on N32:

[0565] 1. The set of default rules specified in the present specification:

[0566] - For the data-type encryption policy, the rules on data-types that are mandatory to be encrypted according to clause 5.9.3.3.

[0567] - For the modification policy, the basic validation rules defined in clause 13.2.3.4.

[0568] 2. Manually configured policies:

[0569] - For the data-type encryption policy: rules according to clause 13.2.3.2, on a per roaming partner basis.

[0570] - For the modification policy: rules according to clause 13.2.3.4, per roaming partner and per IPX provider that is used for the specific roaming partner.

[0571] Note 1: It is assumed that operators agree to both data-type encryption and modification policies in advance, for example, as part of their bilateral roaming agreement. The protection policies exchanged via N32-c during the initial connection establishment are used solely for the purpose of detecting possible misconfigurations.

[0572] Note 2: It is assumed that the default rules and manually configured policies do not overlap or contradict each other. The manually configured policies are used to extend the protection by the default rules in this document and are applied on top of them.

[0573] When a SEPP receives a data-type encryption or modification policy on N32-c as specified in clause 13.2.2.2, it shall compare it to the one that has been manually configured for this specific roaming partner and IPX provider. If a mismatch occurs for one of the two policies, the SEPP shall perform one of the following actions, according to operator policy:

[0574] - Send the error message as specified in TS 29.573

[0073] , clause 6.1.4.3.2, to the peer SEPP.

[0575] - Create a local warning.

[0576] 13.2.4 N32-f connection between SEPPs

[0577] 13.2.4.1 General (13.2.4.1 General)

[0578] The SEPP receives HTTP / 2 request / response messages from the Network Function. It shall perform the following actions on these messages before they are sent on the N32-f interface to the SEPP in the other PLMN:

[0579] a) It parses the incoming message and, if present, rewrites the telescopic FQDN of the receiving NF to obtain the original FQDN as described in clause 13.1.

[0580] b) It reformats the message to produce the input to JSON Web Encryption (JWE)

[0059] as described in clause 13.2.4.3.

[0581] c) It applies JWE to the input created in b) to protect the reformatted message as described in clause 13.2.4.4.

[0582] d) It encapsulates the resulting JWE object into an HTTP / 2 message (as the body of the message) and sends the HTTP / 2 message to the SEPP in the other PLMN over the N32-f interface.

[0583] The message may be routed via the cIPX and pIPX nodes. These IPX nodes may modify messages as follows:

[0584] a) The IPX node recovers the cleartext part of the HTTP message from the JWE object, modifies it according to the modification policy, and calculates an "operations" JSON Patch object. It then creates a temporary JSON object with the "operators" JSON Patch object and some other parameters for replay protection, etc., as described in clause 13.2.4.5.1.

[0585] b) The IPX node uses the temporary JSON object as input into JSON Web Signature (JWS)

[0045] to create a JWS object, as described in clause 13.2.4.5.2.

[0586] c) The IPX node appends the JWS object to the received message and sends it to the next hop.

[0587] The JWS objects generated by the two IPX providers form an auditable chain of modifications that the receiving SEPP must apply to the parsed message after verifying that the patches comply with the modification policy.

[0588] Encryption of IEs shall take place end-to-end between cSEPP and pSEPP.

[0589] A SEPP shall not include IEs in the clear that are encrypted elsewhere in the JSON object.

[0590] A SEPP shall verify that an intermediate IPX has not moved or copied an encrypted IE to a location that would be reflected from the producer NF in an IE without encryption.

[0591] 13.2.4.2 Overall Message payload structure for message reformatting at SEPP

[0592] The SEPP reformats an HTTP message received from an internal network function into two temporary JSON objects that will be input to JWE:

[0593] a. dataToIntegrityProtect: Contains information that is only integrity protected, and consists of the following:

[0594] - clearTextEncapsulationMessage: Contains the complete original HTTP message, excluding attribute values ​​that require encryption and, including the pseudo-header fields, HTTP headers, and HTTP message body.

[0595] - metadata: Contains information generated by SEPP, namely the authorizedIPX ID, N32-f message ID, and N32-f context ID.

[0596] b. dataToIntegrityProtectAndCipher: Contains attribute values ​​of the Original Message that require both encryption and integrity protection.

[0597] For the details of JSON representation of a reformatted HTTP message, refer to TS 29.573

[0092] .

[0598] 13.2.4.3 Message reformatting in sending SEPP

[0599] 13.2.4.3.1 dataToIntegrityProtect

[0600] 13.2.4.3.1.1 clearTextEncapsulatedMessage

[0601] clearTextEncapsulatedMessage is a JSON object that contains the unencrypted portion of the original message. Specifically, it consists of the following objects:

[0602] 1.a) Pseudo_Headers - the JSON object that includes all the Pseudo Headers in the message.

[0603] For HTTP request messages, the object contains one entry for each of the ":method", ":path", ":scheme", and ":authority" pseudo headers. If the ":path" pseudo header contains multiple parts separated by a slash ( / ) or includes a query parameter (following a "?"), an array is used to represent :path, with one element per part of the path (i.e., per "directory").

[0604] Note: This enables encryption of individual elements of the path (e.g., if SUPI is passed).

[0605] - For HTTP response messages, the object contains the ":status" pseudo header.

[0606] 1.b) HTTP_Headers - the JSON object that includes all the headers in the message.

[0607] All the headers of the request are placed in a JSON array called HTTP_Headers. Each entry contains a header name and value, where the value part can be an encoded index to the dataToIntegrityProtectAndCipher block, if the header value is encrypted.

[0608] 1.c) Payload - the JSON object that includes the content of the payload of the HTTP message.

[0609] Each property or IE of the payload must form a single item in the Payload JSON object. If there are property values ​​requiring encryption, they must be moved to the dataToIntegrityProtectAndCipher JSON object (Section 13.2.4.2), where the original value of this element is {"encBlockIdx": <num>It must be replaced with an index of the format}. Here, "num" is the index of the corresponding item in the dataToIntegrityProtectAndCipher array. (Each attribute or IE in the payload shall form a single entry in the Payload JSON object. If there is any attribute value that requires encryption, it shall be moved into the dataToIntegrityProtectAndCipher JSON object (clause 13.2.4.2), and the original value in this element shall be replaced by the index in the form {"encBlockIdx": <num>} where "num" is the index of the corresponding entry in the dataToIntegrityProtectAndCipher array.)

[0610] 13.2.4.3.1.2 Metadata (13.2.4.3.1.2 metadata)

[0611] This is a JSON object containing information added by the sending SEPP. It shall contain:

[0612] a) N32-f message ID: A unique identifier (64-bit integer) representing an HTTP request / response transaction between two SEPPs. The N32-f message ID is generated by the sending SEPP and included in the HTTP request sent over the N32 interface. The receiving SEPP uses the same N32-f message ID when responding back with an HTTP response. The N32-f message ID is included in the metadata portion of the JSON structure.

[0613] b) authorizedIPX ID: A string identifying the first hop IPX (cIPX or pIPX) that is authorized to update the message. This field must always be present. If there is no IPX authorized to update, the value of this field is set to null. The sending SEPP selects one of the IPX providers from the list exchanged with the other SEPP during parameter exchange over N32-c and includes its identifier value in this field.

[0614] c) N32-f context ID: A unique identifier representing the N32-f context information used for protecting the message. This is exchanged during parameter exchange over N32-c (clause 13.2.2.4.1).

[0615] 13.2.4.3.2 dataToIntegrityProtectAndCipher

[0616] dataToIntegrityProtectAndCipher is a JSON patch document as per RFC 6902

[0064] that contains all the attribute values ​​that require both encryption and integrity protection. Attribute values ​​may come from any part of the original HTTP message, such as Pseudo_Headers, HTTP_Headers, and Payload.

[0617] The JSON array must contain one array entry per attribute value that needs encryption. Each array entry represents the value of the attribute to be protected, and the array index is used to reference the protected value within the dataToIntegrityProtect block. This associates each attribute in the dataToIntegrityProtectAndCipher block with the original attribute in the dataToIntegrityProtect block. This is necessary to reassemble the original message at the receiving SEPP.

[0618] 13.2.4.4 Protection using JSON Web Encryption (JWE)

[0619] 13.2.4.4.0 General (13.2.4.4.0 General)

[0620] The SEPP shall use JSON Web Encryption (JWE) as specified in RFC 7516

[0059] for the protection of reformatted HTTP messages between the SEPPs. All encryption methods supported by JWE are AEAD methods, i.e., methods that encrypt and integrity protect in one single operation and can additionally integrity protect additional data.

[0621] The dataToIntegrityProtectAndCipher and dataToIntegrityProtect blocks shall be input to JWE as plaintext and JWE Additional Authenticated Data (AAD), respectively. The JWE AEAD algorithm generates JWE encrypted text (ciphertext) and a JWE Authentication Tag (Message Authentication Code). The ciphertext is the output from symmetrically encrypting the plaintext, while the authentication tag is a value that verifies the integrity of both the generated ciphertext and the Additional Authenticated Data.

[0622] The Flattened JWE JSON Serialization syntax is used to represent JWE as a JSON object.

[0623] As specified in Section 13.2.4.4.1, the session key shared between the two SEPPs shall be used as the Content Encryption Key (CEK) value for the algorithm indicated in the Encryption algorithm ("enc") parameter of the JOSE header. The algorithm ("alg") parameter in the JOSE header, denoting the key exchange method, shall be set to "dir," i.e., "Direct use of a shared symmetric key as the CEK."

[0624] The 3GPP profile for supported cipher suites in the "enc" parameter is described in clause 13.2.4.9.

[0625] The generated JWE object shall be transmitted on the N32-f interface in the payload body of a SEPP to SEPP HTTP / 2 message.

[0626] 13.2.4.4.1 N32-f key hierarchy (13.2.4.4.1 N32-f key hierarchy)

[0627] The N32-f key hierarchy is based on the N32-f master key generated during the N32-c initial handshake by TLS key export. The N32-f key hierarchy consists of two pairs of session keys and two pairs of IV salts, which are used in two different HTTP / 2 sessions. In one session, the N32-c initiator acts as the HTTP client, and in the second session, the N32-c responder acts as the client.

[0628] If the exported master secret is reused to set up multiple HTTP sessions or to set up new HTTP sessions on stream ID exhaustion, a new, unique, N32-f Context ID shall be generated to avoid key and IV reuse.

[0629] The master key must be obtained from the TLS exporter. The export function takes three arguments: Label, Context, and Length (in octets) of the desired output. For the N32 master key derivation, the Label must be the IANA registered label "EXPORTER_3GPP_N32_MASTER"

[0089] , the Context must be "" (the empty string), and the Length must be 64.

[0630] N32 Key Derivation Function: N32-KDF is based on HKDF

[0062] , and since the initial key data was safely generated, only the HKDF-Expand function is used: ()

[0631] N32-KDF(label, L) = HKDF-Expand(N32-f master key, "N32" || N32-Context-ID || label, L), (N32-KDF (label, L) = HKDF-Expand (N32-f master key, "N32" || N32-Context-ID || label, L),)

[0632] Here (where)

[0633] A label is a string used for key separation.

[0634] - L is the length of output keying material in octets.

[0635] Each run of N32-KDF(label, L) produces either one session key or one IV salt.

[0636] Two pairs of session keys and IV salts are derived.

[0637] Note: In AES-GCM, reusing an IV may expose the integrity key (Joux's Forbidden attack). Binding session keys and IV salts to N32-f context IDs and labels is essential to prevent the inadvertent use of the same key with a repeated IV.

[0638] The labels for the JWE keys are as follows:

[0639] - "parallel_request_key"

[0640] - "parallel_response_key"

[0641] - "reverse_request_key", and

[0642] - "reverse_response_key"

[0643] Keys derived with labels starting with 'parallel' should be used for requests / responses in an HTTP session with the N32-c initiating SEPP acting as the client (i.e., in parallel to the N32-c connection). Keys derived with labels starting with 'reverse' should be used in an HTTP session with the N32-c responding SEPP acting as the client.

[0644] To generate the IV salt, the length is 8 and the labels are:

[0645] "parallel_request_iv_salt"

[0646] "parallel_response_iv_salt"

[0647] "reverse_request_iv_salt", and

[0648] "reverse_response_iv_salt"

[0649] The 96-bit nonce for AES_GCM shall be constructed as the concatenation of the IV salt (8 octets, 64-bits) and the sequence counter, SEQ, following section 8.2.1 of NIST Special Publication 800-38D

[0063] :

[0650] nonce = IV salt || SEQ (Nonce = IV salt || SEQ)

[0651] The sequence counter must be a 32-bit unsigned integer that starts at zero and is incremented for each invocation of the encryption. A different sequence counter must be maintained for each IV salt.

[0652] FIG. 29 is a drawing illustrating an example of a JSON (JavaScript Object Notation) representation of an IPX provider modification in a system applicable to the present disclosure.

[0653] Figure 29 shows Figure 13.2.4.5.1-1 Example of JSON representation of IPX provider modifications.

[0654] 13.2.4.5 Modifying IPX Messages

[0655] 13.2.4.5.1 modifiedDataToIntegrityProtect

[0656] This is a temporary JSON object generated by an IPX provider as it modifies the Original Message. It must contain the following:

[0657] a) Operations - This is a JSON patch document that captures IPX modifications based on RFC 6902

[0064] . If no patch is required, the operations element should be set to null.

[0658] b) Identity - This is the ID of the IPX performing the modification.

[0659] c) Tag - A JSON string element to capture the "tag" value (JWE Authentication tag) of the JWE object generated by the sending SEPP. This is required for replay protection.

[0660] Note: Since there is no central registry that can guarantee unique IPX identities, it is expected that an IPX will include its Fully Quantified Domain Name (FQDN) in the JSON modification object.

[0661] 13.2.4.5.2 Modifications by IPX

[0662] Note 1: It is assumed that operators act as a certification authority for IPX providers with whom they have a direct business relationship. To authorize N32-f message modifications, operators sign a digital certificate for each of these IPX providers and provide it to both the IPX provider itself and their roaming partners to enable them to validate any modifications made by this IPX provider.

[0663] Only cIPX and pIPX can modify messages between cSEPP and pSEPP. For messages from cSEPP to pSEPP, cIPX is the first intermediary and pIPX is the second intermediary. For messages from pSEPP to cSEPP, pIPX is the first intermediary and cIPX is the second intermediary.

[0664] The first intermediary shall parse the encapsulated request (i.e., the clearTextEncapsulationMsg in the dataToIntegrityProtect block) and determine which changes are required. The first intermediary creates an Operations JSON patch document to describe the differences between the received and desired message, using the syntax and semantics from RFC 6902

[0064] , such that when applying the JSON patch to the encapsulated request the result will be the desired request. If no patch is required, the operations element is null.

[0665] Note 2: It is necessary to create a JWS object even if no patch is required to prevent deletion of modifications.

[0666] The first intermediary shall create a modifiedDataToIntegrityProtect JSON object as described in clause 13.2.4.5.1. The JSON object shall include the intermediary's identity and the JWE authentication tag, which associates this update by the intermediary with the JWE object created by the sending SEPP.

[0667] The first intermediary creates a JWS object using the modifiedDataToIntegrityProtect JSON object as input. The first intermediary appends the generated JWS object to the payload of the HTTP message and then sends the message to the next hop.

[0668] The second intermediary parses the encapsulated request, applies the modifications described in the JSON patch appended by the first intermediary, and determines further modifications required to obtain the desired request. The second intermediary records these modifications in an additional JSON patch against the JSON object resulting from the application of the first intermediary's JSON patch. If no patch is required, the operations element for the second JSON patch is null.

[0669] The second intermediary shall create a modifiedDataToIntegrityProtect JSON object as described in clause 13.2.4.5.1. It shall include its identity and the JWE authentication tag, which associates this update by the second intermediary with the JWE object created by the sending SEPP.

[0670] The second intermediary creates a JWS object using the modifiedDataToIntegrityProtect JSON object as input. The second intermediary appends the generated JWS object to the payload of the HTTP message and then sends the message to the receiving SEPP.

[0671] 13.2.4.6 Protecting IPX modifications using JSON Web Signature (JWS)

[0672] The IPX providers shall use JSON Web Signature (JWS) as specified in RFC 7515

[0045] for the protection of IPX provider modified attributes. The mechanism described in this clause uses signatures, i.e., asymmetric methods, with private / public key pairs.

[0673] More specifically, when an IPX node modifies one or more attributes of the original HTTP message and creates a modifiedDataToIntegrityProtect object to record its modifications, it shall use JWS to integrity protect the modifiedDataToIntegrityProtect object.

[0674] The IPX provider shall use its private key as input to JWS for generating the signature representing the contents of the modifiedDataToIntegrityProtect object.

[0675] The "alg" parameter in the JOSE header indicates the chosen signature algorithm. The 3GPP profile for supported algorithms is described in clause 13.2.4.9.

[0676] The Flattened JWS JSON Serialization syntax should be used to represent JWS as a JSON object.

[0677] 13.2.4.7 Message verification by the receiving SEPP

[0678] The receiving SEPP shall decrypt the JWE ciphertext using the shared session key and the following parameters obtained from the JWE object: Initialization Vector, Additional Authenticated Data value (clearTextEncapsulatedMessage in "aad") and JWE Authentication Tag ("tag").

[0679] The receiving SEPP must verify the integrity and authenticity of the clearTextEncapsulatedMessage and the encrypted text by verifying the JWE Authentication Tag in the JWE object with the JWE AAD algorithm. The algorithm returns the decrypted plaintext (dataToIntegrityProtectAndCipher) only if the JWE Authentication Tag is correct.

[0680] The receiving SEPP refers to the NF API data-type placement mapping table to reconstruct the original reformatted message by updating corresponding entries in clearTextEncapsulatedMessage with values ​​in the dataToIntegrityProtectAndCipher array.

[0681] The receiving SEPP verifies IPX provider updates, if included, by verifying the JWS signatures added by the intermediaries. The SEPP verifies the JWS signature using the corresponding raw public key or certificate contained in the IPX provider's security information list obtained during parameter exchange in the related N32-c connection setup, or, alternatively, has been configured for the particular peer SEPP. Then, it verifies whether the raw public key or certificate of the IPX Identity in the modifiedDataToIntegrity block matches the IPX provider mentioned in the "authorizedIPX ID" field added by the sending SEPP based on the information provided in the IPX provider security information list.It shall then check that the raw public key or certificate of the JWS signature IPX's Identity in the modifiedDataToIntegrity block matches to the IPX provider referred to in the "authorizedIPX ID" field added by the sending SEPP, based on the information given in the IPX provider security information list.).

[0682] The receiving SEPP checks whether the modifications performed by the intermediaries were permitted by the respective modification policies. The receiving SEPP uses the modification policy of the cIPX obtained during parameter exchange in the related N32-c connection setup and the modification policy of the pIPX configured within the receiving SEPP.

[0683] In this case, the receiving SEPP applies the patches to the Operations field in order, performs plausibility checks, and creates a new HTTP request according to the "patched" clearTextEncapsulatedMessage.

[0684] The receiving SEPP shall verify that the PLMN-ID contained in the incoming N32-f message matches the PLMN-ID in the related N32-f context.

[0685] FIG. 30 is a diagram illustrating an example of message flow between two SEPPs (Security Edge Protection Proxy) in a system applicable to the present disclosure.

[0686] Figure 30 shows the message flow between two SEPPs in Figure 13.2.4.8-1.

[0687] 1. cNF sends an HTTP request to cSEPP.

[0688] 2. cSEPP performs message rewriting and protection using JWE.

[0689] 3. cSEPP sends a Protected HTTP Request to cIPX.

[0690] 4. cIPX appends cIPX modifications to the message.

[0691] 5. cIPX sends a Protected HTTP Request with IPX modifications to pIPX.

[0692] 6. pIPX appends pIPX modifications to the message.

[0693] 7. pIPX sends a Protected HTTP Request with IPX modifications to pSEPP.

[0694] 8. pSEPP verifies the integrity of clear text and encrypted text, decrypts encrypted blocks, verifies IPX updates in modificationsBlock and applies them, and reassembles the HTTP request message.

[0695] 9. pSEPP sends a Modified HTTP Request to pNF.

[0696] 10. pSEPP receives an HTTP response from pNF.

[0697] 11. pSEPP performs message rewriting and protection using JWE.

[0698] 12. pIPX receives a Protected HTTP Response from pSEPP.

[0699] 13. pIPX appends pIPX modifications in the message.

[0700] 14. cIPX receives a Protected HTTP Response with IPX modification from pIPX.

[0701] 15. cIPX appends cIPX modifications in the message.

[0702] 16. cSEPP receives a Protected HTTP Response with IPX modifications.

[0703] 17. cSEPP verifies the message and reassembles the HTTP response.

[0704] 18. cNF receives a Modified HTTP Response from cSEPP.

[0705]

[0706] 13.2.4.8 Procedure

[0707] The following clause illustrates the message flow between the two SEPPs with modifications from cIPX and pIPX.

[0708] 1. The cSEPP receives an HTTP request message from a network function. If the message contains a telescopic FQDN, the cSEPP removes its domain name from this FQDN to obtain the original FQDN as described in clause 13.1.

[0709] 2. The cSEPP shall reformate the HTTP Request message as follows:

[0710] a. The cSEPP shall generate blocks (JSON objects) for integrity-protected data and encrypted data, and protecting them:

[0711] The cSEPP shall encapsulate the HTTP request into a clearTextEncapsulatedMessage block containing the following child JSON objects:

[0712] - Pseudo_Headers

[0713] - HTTP_Headers with one element per header of the original request.

[0714] - Payload that contains the message body of the original request.

[0715] For each attribute that requires end-to-end encryption between the two SEPPs, the attribute value is copied into a dataToIntegrityProtectAndCipher JSON object, and the attribute's value in the clearTextEncapsulatedMessage is replaced by the index of the attribute value in the dataToIntegrityProtectAndCipher block.

[0716] The cSEPP shall create a metadata block that contains the N32-f context ID, the message ID generated by the cSEPP for this request / response transaction, and the next hop ID.

[0717] The cSEPP shall protect the dataToIntegrityProtect block and the dataToIntegrityProtectAndCipher block as per clause 13.2.4.4. This results in a single JWE object representing the protected HTTP Request message.

[0718] b. The cSEPP shall generate payload for the SEPP to SEPP HTTP message: The JWE object becomes the payload of the new HTTP message generated by cSEPP.

[0719] 3. The cSEPP shall use HTTP POST to send the HTTP message to the first intermediary.

[0720] 4. The first intermediary (e.g., the visited network's IPX provider) shall create a new modifiedDataToIntegrityProtect JSON object containing three elements:

[0721] a. The Operations JSON patch document contains modifications performed by the first intermediary as per RFC 6902

[0064] .

[0722] b. The first intermediary shall include its own identity in the Identity field of the modifiedDataToIntegrityProtect.

[0723] c. The first intermediary shall copy the "tag" element, present in the JWE object generated by the cSEPP, into the modifiedDataToIntegrityProtect object. This acts as a replay protection for updates made by the first intermediary.

[0724] The intermediary shall execute JWS on the modifiedDataToIntegrityProtect JSON object and append the resulting JWS object to the message.

[0725] 5. The first intermediary sends the modified HTTP message request to the second intermediary (e.g., the home network's IPX) as in step 3.

[0726] 6. The second intermediary shall perform further modifications as in step 4 if necessary. The second intermediary shall further execute JWS on the modifiedDataToIntegrityProtect JSON object and append the resulting JWS object to the message.

[0727] 7. The second intermediary shall send the modified HTTP message to the pSEPP as in step 3.

[0728] Note 1: The behavior of the intermediaries is not normative, but the pSEPP assumes that behavior for processing the resulting request.

[0729] 8. The pSEPP receives the message and shall perform the following actions:

[0730] - pSEPP extracts the serialized values ​​from the components of the JWE object.

[0731] The pSEPP invokes the JWE AEAD algorithm to check the integrity of the message and decrypt the dataToIntegrityProtectAndCipher block. This results in entries in the encrypted block becoming visible in cleartext.

[0732] The pSEPP updates the clearTextEncapsulationMessage block in the message by replacing the references to the dataToIntegrityProtectAndCipher block with the referenced decrypted values ​​from the dataToIntegrityProtectAndCipher block.

[0733] pSEPP then verifies IPX provider updates of the attributes in the modificationsArray. It checks whether the modifications performed by the intermediaries were permitted by policy.

[0734] The pSEPP also verifies that the PLMN-ID contained in the message is equal to the "Remote PLMN-ID" in the related N32-f context.

[0735] - pSEPP updates the modified attribute values ​​of clearTextEncapsulationMessage in order.

[0736] The pSEPP shall reassemble the full HTTP Request from the contents of the clearTextEncapsulationMessage.

[0737] 9. The pSEPP shall send the HTTP request resulting from step 8 to the home network's NF.

[0738] 10.-18. These steps are analogous to steps 1.-9.

[0739] 13.2.4.9 JOSE Profile (13.2.4.9 JOSE profile)

[0740] SEPP must follow the JWE profile defined in TS 33.210 [3] and is restricted to using only AES GCM. However, AES GCM must use 128-bit or 256-bit keys. Additionally, security considerations for the use of AES GCM in Section 8.4 of RFC 7518

[0059] must be observed. Specifically, the same key cannot be used more than 232 times, and the IV value cannot be used more than twice with the same key. (SEPPs shall follow the JWE profile defined in TS 33.210 [3] with the restriction that it shall only use AES GCM with a 128-bit or 256-bit key. The security considerations for the use of AES GCM in section 8.4 of RFC 7518

[0059] shall be taken into account. In particular, the same key shall not be used more than 232 times and an IV value shall not be used more than once with the same key.)

[0741] SEPPs and IPXs shall follow the JWS profile as defined in TS 33.210 [3] with the restriction that they shall only use ES256 algorithm.

[0742]

[0743] FIG. 31 is a diagram illustrating an example of a signal flow of JSON Web Encryption (JavaScript Object Notation Web Encryption, JSON WE, JWE) that transmits N32-f during a PRINS procedure in a system applicable to the present disclosure.

[0744] As described above, the signal flow of the transmission of JWE through N32-f during the PRINS procedure is summarized as shown in Figure 31. The description of the JWE procedure for integrity verification is excluded below.

[0745] (1) cSEPP and pSEPP share Session Key A to be used in N32-f through a TLS connection for the N32-c Initial Handshake.

[0746] (1-1) The N32-f key hierarchy is based on the N32-f master key generated during the N32-c initial handshake by TLS key export.

[0747] (2) Service-consuming NF sends the information to be sent to cSEPP as an HTTP / 2 Request over TLS.

[0748] (3) cSEPP configures the information requiring only integrity in the HTTP / 2 Request, which is the Original Message received from NF, as dataToIntegrityProtect, and the information requiring both integrity and security as dataToIntegrityProtectAndCipher.

[0749] (3-1) dataToIntegrityProtect consists of clearTextEncapsulatedMessage, which contains only the information from the Original Message that does not require encryption, and metadata corresponding to the control information added by cSEPP.

[0750] (3-1-1) ClearTextEncapsulatedMessage can be composed of a JSON object and consists of Pseudo Headers, HTTP Headers, and a Payload.

[0751] (3-1-2) Metadata consists of N32-f message ID, authorizedIPX ID, and N32-f context ID.

[0752] (3-2) dataToIntegrityProtectAndCipher is information from the Original Message that requires encryption, and is encrypted using an encryption method supported by JSON Web Encryption (JWE).

[0753] (3-2-1) The encryption key used in JWE is based on the N32-f master key that cSEPP and pSEPP have shared in advance.

[0754] (3-2-2) In JWE, the encryption method uses A128GCM and A256GCM as the "enc" parameter and "dir" as the "alg" parameter.

[0755] (3-2-2-1) dir refers to a method of directly using a shared symmetric key without additional wrapping among the methods of wrapping the Contents Encryption Key.

[0756] (3-2-3) Security information encrypted using the JWE encryption method is called Encrypted Information Elements (IEs).

[0757] FIG. 32 is a drawing illustrating an example of the configuration of a JWE in a system applicable to the present disclosure.

[0758] (3-3) The configuration of JWE is diagrammed as shown in Fig. 32.

[0759] (4) cSEPP transmits JWE to cIPX via N32-f.

[0760] (5) cIPX passes JWE to pIPX via N32-f.

[0761] (6) pIPX transmits JWE to pSEPP via N32-f.

[0762] (7) pSEPP obtains the Original Message by decrypting dataToIntegrityProtectAndCipher using Session Key A that was shared in advance.

[0763] (8) pSEPP transmits HTTP / 2 Request information containing the decoded Original Message to the Service-producing NF.

[0764]

[0765] As mentioned above, the N32 Interface of the PRINS procedure presupposes the establishment of a TLS connection. Therefore, TLS operates for the N32-c and N32-f connections, and Session Keys are exchanged through the TLS connection. Secure communication is performed using the Session Keys exchanged via the TLS connection. At this time, in the PRINS procedure, sensitive information is ciphered via N32-f, and integrity is guaranteed. Ciphering via N32-f is performed through JWE, and integrity guarantee is performed through JWS. Here, JWE is an encryption procedure performed using the Session Key from the N32-f TLS connection. Therefore, if there is a security issue with the TLS connection, it leads to a security issue with the PRINS JWE procedure. Generally, TLS connections use a Certificate based on a trusted node and an Asymmetric Key-based security system through the Certificate. At this time An asymmetric key-based security system utilizes a public key and a private key to guarantee the validity of the public key and the security of information through public key encryption. By generating secure shared information between the two ends, it creates a session key that can be utilized for secure communication.

[0766] However, due to advancements in Quantum Computers and Quantum Algorithms, systems using the aforementioned Public Key Encryption may be threatened in terms of security. It is theoretically known that encryption methods based on RSA (RIVEST-SHAMIR-ADLEMAN) or ECC (Elliptic Curve Cryptography), which are generally used in asymmetric key-based security systems, can be deciphered within the validity period through parallel computation of the Shor Algorithm. In the case of RSA 2048-bit integers, it is possible to factor them within 8 hours using 20 million noisy qubits ["How to factor 2048-bit RSA integers in 8 hours using 20 million noisy qubits" Quantum 5,433 (2021)], and a study analyzing that factoring is possible within 177 days using only 13,436 qubits based on multi-parallel quantum memory ["Factoring 2048-bit RSA Integers in 177 Days with 13,436 Qubits and a Multimode Memory" PRL, (2021)] has been published. The collapse of asymmetric key encryption systems by such Quantum Algorithms poses a serious threat to secure communication systems based on asymmetric key encryption.

[0767] To prevent such security threats, a method is required to address the threats posed by the Quantum Algorithm while maintaining an asymmetric key system. To this end, the problem of trapdoor leakage caused by the Quantum Algorithm can be adaptively prevented by periodically updating the Public Key. This ensures that real-time leakage does not occur even if a Plaintext Attack is launched by the Quantum Algorithm. However, even if real-time leakage does not occur, an attacker can still perform a Plaintext Attack later through a Harvest-Now-Decrypt-Later (HNDL) Attack. Consequently, limiting the validity period of the Public Key alone cannot achieve fundamental information security.

[0768] Furthermore, while Post-Quantum Cryptography (PQC) technology is emerging, all asymmetric key systems based on computational complexity inevitably face the risk of being threatened by the emergence of new Quantum Algorithms. Additionally, transitioning to a new security system can entail a significant technical burden to implement the new security technology across all devices. Similarly, as PQC is a security method based on computational complexity, it cannot achieve physical security. Therefore, even if real-time leakage does not occur, an attacker can subsequently perform a Plaintext Attack through a Harvest-Now-Decrypt-Later (HNDL) Attack.

[0769] Furthermore, even if there are no security issues with TLS connections, the symmetric key security system used for JWE transmission faces a security threat due to the Grover Algorithm, a quantum algorithm. When the complexity of the existing symmetric key cryptographic system is N, the Grover Algorithm is It is an algorithm capable of solving problems with a complexity corresponding to [value]. Therefore, it may lead to a weakening of security compared to existing methods. Furthermore, as quantum algorithms are developed in accordance with the advancement of quantum computers, they may lead to additional security threats. In this case, existing symmetric key security systems may be vulnerable to HNDL attacks.

[0770]

[0771] The present disclosure proposes a Quantum Security-based PRINS procedure that achieves physical information security by configuring Quantum Secure Direct Communication (QSDC) in an N32-f procedure based on the No-cloning Theorem.

[0772]

[0773] Composition of various embodiments of the present disclosure

[0774] Quantum Security based Protocol for N32 Interconnect Security

[0775] The present disclosure proposes a Quantum Security system that enables physical security based on quantum properties when transmitting Encrypted Information Elements in the N32-f procedure.

[0776] The purpose of the proposed technology is to: 1. be able to verify the presence or absence of an attacker through inspection of the quantum channel; 2. ensure that there is no leakage of the transmitted message by making repeated measurement impossible through the transmission of security information via the quantum state; and 3. make it impossible for a subsequent Plaintext Attack to be performed even against an attacker's Harvest-Now-Decrypt-Later (HNDL) Attack based on the coherent time characteristics of the quantum.

[0777] The proposed technology assumes a scenario in the PRINS procedure where a service-consuming NF sends security information through the SEPP (cSEPP) of the corresponding PLMN to the SEPP (pSEPP) of the PLMN containing the service-producing NF. In this case, there are multiple IPX Providers between cSEPP and pSEPP (e.g., cIPX and pIPX).

[0778] FIG. 33 is a diagram illustrating an example of a procedure for performing physical security based on quantum properties when transmitting an Encrypted Information Element in an N32-f procedure in a system applicable to the present disclosure.

[0779] The core procedure of the proposed technology is summarized as shown in Figure 33.

[0780] (1) cSEPP and pSEPP share Session Key A to be used in N32-f through a TLS connection for the N32-c Initial Handshake.

[0781] (1-1) The N32-f key hierarchy is based on the N32-f master key generated during the N32-c initial handshake by TLS key export.

[0782] (2) Service-consuming NF sends the information to be sent to cSEPP as an HTTP / 2 Request over TLS.

[0783] (3) cSEPP configures the information requiring only integrity in the HTTP / 2 Request, which is the Original Message received from NF, as dataToIntegrityProtect, and the information requiring both integrity and security as dataToIntegrityProtectAndCipher.

[0784] (3-1) dataToIntegrityProtect consists of clearTextEncapsulatedMessage, which contains only the information from the Original Message that does not require encryption, and metadata corresponding to the control information added by cSEPP.

[0785] (3-1-1) clearTextEncapsulatedMessage can be composed of a JSON object and consists of Pseudo Headers, HTTP Headers, and a Payload.

[0786] (3-1-2) Metadata consists of N32-f message ID, authorizedIPX ID, and N32-f context ID.

[0787] (3-2) dataToIntegrityProtectAndCipher is information from the Original Message that requires encryption, and is encrypted using an encryption method supported by JSON Web Encryption (JWE).

[0788] (3-2-1) The encryption key used in JWE is based on the N32-f master key that cSEPP and pSEPP have shared in advance.

[0789] (3-2-2) In JWE encryption, A128GCM and A256GCM are used as the "enc" parameter, and "dir" is used as the "alg" parameter.

[0790] (3-2-2-1) dir refers to a method of directly using a shared symmetric key without additional wrapping among the methods of wrapping the Contents Encryption Key.

[0791] (3-2-3) Security information encrypted using the JWE encryption method is called Encrypted Information Elements (IEs).

[0792] (4) cSEPP passes dataToIntegrityProtect to cIPX via the N32-f interface through the Classical Channel.

[0793] (4-1) Here, dataToIntegrityProtect is mapped to the attribute values ​​of dataToIntegrityProtectAndCipher and may contain information corresponding to the amount of information of dataToIntegrityProtectAndCipher.

[0794] (5) When cIPX receives dataToIntegrityProtect from cSEPP, it sends an Initial Quantum Packet to cSEPP through the Quantum Channel.

[0795] (5-1) The Initial Quantum Packet consists of a Synchronization Header and an Initial Quantum Stream.

[0796] FIG. 34 is a diagram illustrating an example of the structure of an Initial Quantum Packet in a system applicable to the present disclosure.

[0797] (5-1-1) For example, the structure of the Initial Quantum Packet may be as follows and is transmitted through a quantum channel.

[0798] (5-2) All Initial Quantum Packets are generated as Quantum States, and the Synchronization Header may consist of an Optical Signal. In this case, the Optical Signal may be a Single Photon Optical Signal or a Field composed of Multiple Photons.

[0799] (5-2-1) A Synchronization Header composed of an Optical Signal is not information requiring security, and the signal can be configured in a manner agreed upon in advance between the transmitting and receiving ends.

[0800] (5-2-2) For example, ON / Off Keying (OOK) or Phase / Amplitude / Polarization Modulation methods may be used.

[0801] (5-3) The Synchronization Header is synchronization information for synchronizing the dataToIntegrityProtect transmitted to the classical channel and the Initial Quantum Packet transmitted to the quantum channel.

[0802] (5-3-1) The Synchronization Header of dataToIntegrityProtect transmitted over a classical channel and the Synchronization Header of Initial Quantum Packet transmitted over a quantum channel consist of the same information.

[0803] (5-3-1-1) Here, the Synchronization Header of dataToIntegrityProtect is not defined separately, and Pseudo Headers or HTTP Headers may be used.

[0804] (5-3-2) The Synchronization Header may be a Synchronization Code agreed upon in a predefined manner.

[0805] (5-3-2-1) For example, it may be one of the N32-f message ID, authorizedIPX ID, or N32-f context ID corresponding to the metadata of dataToIntegrityProtect.

[0806] (5-3-2-2) Alternatively, the Synchronization Code may be an index indicating the order of the Initial Quantum Packet, and the Synchronization Code may be defined as a sequence structure that can be detected at the receiver.

[0807] (5-3-2-3) Even if the Synchronization Code above is an index representing the order of the Initial Quantum Packet, it is defined as a sequence structure with a length sufficient to perform information separation among multiple users.

[0808] (5-3-3) The Synchronization Header may be a randomly generated Synchronization Code.

[0809] (5-3-3-1) For example, it can be a sequence of random numbers generated through QRNG, etc.

[0810] (5-3-3-2) The length of the sequence consisting of random numbers corresponding to the Synchronization Code is agreed upon in advance between the transmitting and receiving ends.

[0811] (5-4) An Initial Quantum Stream is a quantum state sequence consisting of random quantum states.

[0812] (5-4-1) A random quantum state is generated as one of the pre-determined quantum states.

[0813] (5-4-1-1) For example, any Quantum State is randomly generated as one of four Quantum States according to the following [Equation 4] or [Equation 6]:

[0814]

[0815] or,

[0816]

[0817] (5-4-1-2) An Initial Quantum Stream composed of Random Quantum States can be composed of a predetermined length.

[0818] (5-4-1-2-1) or, it may be composed of the length of dataToIntegrityProtectAndCipher defined in the dataToIntegrityProtect information.

[0819] (5-4-1-2-2) or, it can be composed of (length of dataToIntegrityProtectAndCipher + number of qubits for QBER Check) defined in the dataToIntegrityProtect information.

[0820] (6) cSEPP and cIPX perform a QBER Check.

[0821] (6-1) When cSEPP receives an Initial Quantum Packet from cIPX, it randomly selects some of the Quantum States from the Initial Quantum Stream and then randomly selects an orthogonal or diagonal basis to measure.

[0822] (6-1-1) Here, the number of selected Quantum States can be determined by the number of Qubits for the predefined QBER Check.

[0823] (6-1-2) Here, the orthogonal basis among the randomly selected basis is It is a basis that can accurately measure, and the diagonal basis is It is a basis that can accurately measure.

[0824] (6-1-2-1) Here, the orthogonal basis is When measuring the quantum state of, it is possible to measure with only 50% accuracy, and the diagonal basis is When measuring quantum states, it is possible to measure with only 50% accuracy.

[0825] (6-1-3) Except for the Quantum States selected for the QBER Check, the remaining Quantum States are stored in Quantum Memory in order.

[0826] (6-2) cSEPP feeds back to cIPX via a Classical Channel the position (or index) of a randomly selected Quantum State, the basis value used for the measurement, and the measurement result.

[0827] (6-3) cIPX determines the presence of an eavesdropper by estimating the QBER, which is the rate of error, based on the selected Quantum State location and measurement basis of the received cSEPP and the measurement results.

[0828] (6-3-1) If QBER is higher than the threshold value for detecting eavesdropping, the quantum channel is unsafe and communication is stopped; otherwise, the next step is continued.

[0829] (6-3-2) The threshold value for determining eavesdropping is agreed upon in advance by the system.

[0830] (6-4) cSEPP and cIPX share the QBER Check results via the classical channel to determine whether to proceed to the next step.

[0831] (7) When cSEPP confirms that the QBER Check has been passed, it sends the dataToIntegrityProtectAndCipher Packet to cIPX via the Quantum Channel.

[0832] (7-1) The dataToIntegrityProtectAndCipher Packet consists of a Synchronization Header and q_Encrypted IEs.

[0833] FIG. 35 is a diagram illustrating an example of a data integrity protection and packet encryption packet (dataToIntegrityProtectAndCipher Packet) in a system applicable to the present disclosure.

[0834] (7-1-1) For example, the structure of the dataToIntegrityProtectAndCipher Packet may be as shown in Fig. 35 and is transmitted over a quantum channel.

[0835] (7-2) All dataToIntegrityProtectAndCipher packets are generated in Quantum State, and the Synchronization Header may consist of an Optical Signal. In this case, the Optical Signal may be a Single Photon Optical Signal or a Field composed of Multiple Photons.

[0836] (7-2-1) A Synchronization Header composed of an Optical Signal is not information requiring security, and the signal can be configured in a manner agreed upon in advance between the transmitting and receiving ends.

[0837] (7-2-2) For example, ON / Off Keying (OOK) or Phase / Amplitude / Polarization Modulation methods may be used.

[0838] (7-3) The Synchronization Header is synchronization information for linking the dataToIntegrityProtect transmitted over the classical channel, the Initial Quantum Packet transmitted over the quantum channel, and the dataToIntegrityProtectAndCipher Packet.

[0839] (7-3-1) The Synchronization Header of dataToIntegrityProtect transmitted over the classical channel, the Synchronization Header of Initial Quantum Packet transmitted over the quantum channel, and the Synchronization Header of dataToIntegrityProtectAndCipher are composed of the same information.

[0840] (7-3-1-1) Here, the Synchronization Header of dataToIntegrityProtect is not defined separately, and Pseudo Headers or HTTP Headers may be used.

[0841] (7-3-2) The Synchronization Header may be a Synchronization Code agreed upon in a predefined manner.

[0842] (7-3-2-1) For example, it may be one of the N32-f message ID, authorizedIPX ID, or N32-f context ID corresponding to the metadata of dataToIntegrityProtect.

[0843] (7-3-2-2) Alternatively, the Synchronization Code may be an index indicating the order of the Initial Quantum Packet, and the Synchronization Code may be defined as a sequence structure that can be detected at the receiver.

[0844] (7-3-2-3) Even if the Synchronization Code above is an index representing the order of the Initial Quantum Packet, it is defined as a sequence structure with a length sufficient to perform information separation among multiple users.

[0845] (7-3-3) The Synchronization Header may be a randomly generated Synchronization Code.

[0846] (7-3-3-1) For example, it can be a sequence of random numbers generated through QRNG, etc.

[0847] (7-3-3-2) The length of the sequence consisting of random numbers corresponding to the Synchronization Code is agreed upon in advance between the transmitting and receiving ends.

[0848] (7-4) q_Encrypted IEs is a quantum state in which the Encrypted IEs of dataToIntegrityProtectAndCipher are encoded into a Quantum State stored in Quantum Memory.

[0849] (7-4-1) Quantum states that are not used for the QBER Check among the Initial Quantum Streams received from cIPX are stored in Quantum Memory, and the Encrypted IEs of dataToIntegrityProtectAndCipher are encoded into the corresponding quantum states.

[0850] (7-4-1-1) The Encoding method performs Binary Encoding on the quantum states stored in Quantum Memory using Differential Encoding.

[0851] (7-4-1-2) For example, the quantum states contained in Quantum Memory When saying that, the case where the encoding information is 0 Print, and if the encoding information is 1 It can be an encoding method that outputs.

[0852] (7-4-1-3) Differential Encoding of a quantum state preserves the original quantum state when the information being encoded is 0.

[0853] (7-4-1-4) Differential Encoding of a quantum state: when the encoding information is 1, the original quantum state In the case of It converts to, and the original quantum state In the case of It converts to, and the original quantum state In the case of It converts to, and the original quantum state In the case of Convert to.

[0854] (7-4-1-4-1) or, the original quantum state In the case of It converts to, and the original quantum state In the case of It converts to, and the original quantum state In the case of It converts to, and the original quantum state In the case of Convert to.

[0855] (8) cIPX obtains a logical Encrypted IEs value by measuring the q_Encrypted IEs of the dataToIntegrityProtectAndCipher Packet received from cSEPP.

[0856] (8-1) Since cIPX knows the initial quantum state of the Initial Quantum Stream, it knows the basis information necessary to accurately measure q_Encrypted IEs. Therefore, it accurately measures q_Encrypted IEs to obtain a logical Encrypted IEs value.

[0857] (9) cIPX passes dataToIntegrityProtect to pIPX via the N32-f interface through the Classical Channel.

[0858] (9-1) The detailed procedure is the same as in 4.

[0859] (10) When pIPX receives dataToIntegrityProtect from cIPX, it sends an Initial Quantum Packet to cIPX through the Quantum Channel.

[0860] (10-1) The detailed procedure is the same as in 5.

[0861] (11) cIPX and pIPX perform QBER Check.

[0862] (11-1) The detailed procedure is the same as in 6.

[0863] (12) When cIPX confirms that the QBER Check has been passed, it sends the dataToIntegrityProtectAndCipher Packet to pIPX through the Quantum Channel.

[0864] (12-1) The detailed procedure is the same as in 7.

[0865] (13) pIPX obtains a logical Encrypted IEs value by measuring the q_Encrypted IEs of the dataToIntegrityProtectAndCipher Packet received from cIPX.

[0866] (13-1) The detailed procedure is the same as in 8.

[0867] (14) pIPX passes dataToIntegrityProtect to pSEPP via the N32-f interface through the Classical Channel.

[0868] (14-1) The detailed procedure is the same as in 4.

[0869] (15) When pSEPP receives dataToIntegrityProtect from pIPX, it sends an Initial Quantum Packet to pIPX through the Quantum Channel.

[0870] (15-1) The detailed procedure is the same as in 5.

[0871] (16) pIPX and pSEPP perform QBER Check.

[0872] (16-1) The detailed procedure is the same as in 6.

[0873] (17) When pIPX confirms that the QBER Check has been passed, it sends the dataToIntegrityProtectAndCipher Packet to pSEPP through the Quantum Channel.

[0874] (17-1) The detailed procedure is the same as in 7.

[0875] (18) pSEPP obtains a logical Encrypted IEs value by measuring the q_Encrypted IEs of the dataToIntegrityProtectAndCipher Packet received from pIPX.

[0876] (18-1) The detailed procedure is the same as in 8.

[0877] (19) pSEPP decrypts the Encrypted IEs of dataToIntegrityProtectAndCipher using Session Key A that was distributed in advance, and obtains the Original Message by combining the mapping information with dataToIntegrityProtect.

[0878] (20) pSEPP transmits HTTP / 2 Request information containing the decoded Original Message to the Service-producing NF.

[0879]

[0880] Although the overall operation described above explains the signal flow for HTTP / 2 requests from the Service-consuming NF to the Service-producing NF, it is evident that the signal flow for HTTP / 2 responses from the Service-producing NF to the Service-consuming NF can be described in the same way.

[0881] As mentioned above, Quantum Authentication technology may be added to authenticate the entity transmitting the Initial Quantum Packet. Quantum Authentication technology is a security technology that performs user authentication based on quantum states and defends against Man-in-the-Middle attacks on the Initial Quantum Packet; it is evident that the operation of the proposed technology is unaffected even if such technology is applied.

[0882] In order to improve the reliability of the q_Encrypted IEs of the dataToIntegrityProtectAndCipher Packet mentioned above, tag information regarding the transmitted information can be additionally transmitted to check the reliability of the transmitted information. For example, the entity transmitting the q_Encrypted IEs can transmit the tag information of the q_Encrypted IEs (e.g., Cyclic Redundancy Check, CRC) through a quantum channel, and the receiver can match the information measured by the q_Encrypted IEs with the CRC information to verify whether there is an error in the information of the q_Encrypted IEs measured by the receiver. It is evident that even if the reliability improvement technique for the q_Encrypted IEs mentioned above is applied, it does not affect the operation of the proposed technology.

[0883] For the above operation, the availability of Quantum Security can be reported in the Security Parameter Exchange Request Message and Security Parameter Exchange Response Message in the N32-c connection between cSEPP and pSEPP. For example, the availability of Quantum Security can be included in the Cipher Suite.

[0884]

[0885] 13.2.2.2 Procedure for Key agreement and Parameter exchange

[0886] 1. The two SEPPs shall perform the following cipher suite negotiation to agree on on a cipher suite to use for protecting NF service-related signaling over N32-f.

[0887] 1a. The SEPP that initiated the first N32-c connection shall send a Security Parameter Exchange Request message to the responding SEPP, including the initiating SEPP's supported cipher suites, including the availability of the Quantum Security. The cipher suites shall be ordered according to the initiating SEPP's priority order. The SEPP shall provide the initiating SEPP's N32-f context ID to the responding SEPP.

[0888] 1b. The responding SEPP shall compare the received cipher suites to its own supported cipher suites and select, based on its local policy, a cipher suite supported by both the initiating SEPP and the responding SEPP.

[0889] 1c. The responding SEPP shall send a Security Parameter Exchange Response message to the initiating SEPP, including the selected cipher suite and the availability of the Quantum Security for protecting the NF service-related signaling over N32. The responding SEPP shall provide a responding SEPP's N32-f context ID for the initiating SEPP.

[0890] For the above operation, an error regarding a QBER check may be added to the Error Code for an error occurring in the N32-f connection between cSEPP and pSEPP. For example, eavesdropper detection based on a QBER check may be added to the HTTP State Code. For example, in the Status Code Definition defined in Section 10 of RFC 2616, a quantum channel state exceeding the QBER Threshold may be defined in the 300-series codes corresponding to Redirection Messages, the 400-series codes corresponding to Client Error Responses, or the 500-series codes corresponding to Serve Error Responses. Alternatively, a quantum channel state exceeding the QBER Threshold may be indicated in the signaling message for the N32-c connection to report errors occurring in the N32-f connection between cSEPP and pSEPP.

[0891]

[0892] 13.2.2.3 Procedure for error detection and handling in SEPP

[0893] Errors can occur on an active N32-c connection or on one or more N32-f connections between two SEPPs.

[0894] When an error is detected, the SEPP must map the error to an appropriate cause code. The SEPP must generate a signaling message that includes the cause code as one of its parameters to inform the peer SEPP.

[0895] When QBER is checked, the SEPP shall create a signaling message to inform the peer SEPP, with the QBER value or the status of the quantum channel between the two SEPPs as one of its parameters.

[0896] The SEPP must use the N32-c connection to send the signaling message to the peer SEPP. If the previous N32-c connection has been terminated, it uses a new N32-c connection instead.

[0897] If an error occurs during the processing of one or more N32-f messages, the SEPP must include the corresponding message ID(s), obtained from the metadata section of the N32-f message, as a parameter in the signaling message. This allows the peer SEPP to identify the source message (HTTP request or response) on which the other SEPP found the error.

[0898] For the above operation, an indication for Quantum Security operation may be added to the N32-f Context. For example, a Quantum Security Indicator may be added to the N32-f security context to report the availability of Quantum Security.

[0899]

[0900] 13.2.2.4.3 N32-f security context (13.2.2.4.3 N32-f security context)

[0901] The N32-c initial handshake described in clause 13.2.2.2 establishes session keys, IVs, and negotiated cipher suites. Counters are used for replay protection. Modification policies are identified by modification policy IDs and allow verification of received messages that have undergone IPX modifications.

[0902] The N32-f security context shall consist of the following parameters:

[0903] - Session keys

[0904] - Negotiated cipher suites

[0905] - Quantum Security Indicator

[0906] - Data type encryption policy IDs

[0907] - Modification policy list (if IPXs are used)

[0908] - Modification policy IDs

[0909] - IPX provider identifier (- IPX provider identifier)

[0910] - Counters

[0911] - IV

[0912] - List of security information of the IPX providers connected to the SEPPs (IPX security information list)

[0913] - IPX provider identifier (- IPX provider identifier)

[0914] - List of raw public keys or certificates for that IPX

[0915] For the above operation, the procedure and message payload configuration for applying Quantum Security to the N32-f connection may be newly defined.

[0916]

[0917] 13.2.4 N32-f connection between SEPPs

[0918] 13.2.4.1 General (13.2.4.1 General)

[0919] The SEPP receives HTTP / 2 request / response messages from the Network Function. It shall perform the following actions on these messages before they are sent on the N32-f interface to the SEPP in the other PLMN:

[0920] a) It parses the incoming message and, if present, rewrites the telescopic FQDN of the receiving NF to obtain the original FQDN as described in clause 13.1.

[0921] b) It reformats the message to produce the input to JSON Web Encryption (JWE)

[0059] as described in clause 13.2.4.3.

[0922] c) It applies JWE to the input created in b) to protect the reformatted message as described in clause 13.2.4.4.

[0923] d) It encapsulates the resulting JWE object into an HTTP / 2 message (as the body of the message) and sends the HTTP / 2 message to the SEPP in the other PLMN over the N32-f interface.

[0924] e) It transmits a part of JWE through the quantum channel to apply Quantum Security as described in clause 13.2.4.2.1.

[0925] The message may be routed via the cIPX and pIPX nodes. These IPX nodes may modify messages as follows:

[0926] a) The IPX node recovers the cleartext part of the HTTP message from the JWE object, modifies it according to the modification policy, and calculates an "operations" JSON Patch object. It then creates a temporary JSON object with the "operators" JSON Patch object and some other parameters for replay protection, etc., as described in clause 13.2.4.5.1.

[0927] b) The IPX node uses the temporary JSON object as input into JSON Web Signature (JWS)

[0045] to create a JWS object, as described in clause 13.2.4.5.2.

[0928] c) The IPX node appends the JWS object to the received message and sends it to the next hop.

[0929] The JWS objects generated by the two IPX providers form an auditable chain of modifications that the receiving SEPP must apply to the parsed message after verifying that the patches conform to the modification policy.

[0930] Encryption of IEs shall take place end-to-end between cSEPP and pSEPP.

[0931] Quantum encryption of Encrypted IEs takes place hop by hop from cSEPP to pSEPP.

[0932] A SEPP shall not include IEs in the clear that are encrypted elsewhere in the JSON object.

[0933] A SEPP shall verify that an intermediate IPX has not moved or copied an encrypted IE to a location that would be reflected from the producer NF in an IE without encryption.

[0934]

[0935] 13.2.4.2 Overall Message payload structure for message reformatting at SEPP

[0936] The SEPP reformats an HTTP message received from an internal network function into two temporary JSON objects that will be input to JWE:

[0937] a. dataToIntegrityProtect: Contains information that is only integrity protected. It consists of the following:

[0938] - clearTextEncapsulationMessage: Contains the complete original HTTP message, excluding attribute values ​​that require encryption and, including the pseudo-header fields, HTTP headers, and HTTP message body.

[0939] - metadata: Information generated by SEPP, including the authorizedIPX ID, N32-f message ID, and N32-f context ID.

[0940] b. dataToIntegrityProtectAndCipher: Contains the synchronization header and attribute values ​​of the Original Message that require both encryption and integrity protection. It consists of the following:

[0941] - synchronization header: Contains synchronization information for linkage with the quantum channel.

[0942] - q_Encrypted IEs: Encrypted IEs containing attribute values ​​of the Original Message that require both encryption and integrity protection.

[0943] For the details of JSON representation of a reformatted HTTP message, refer to TS 29.573

[0092] .

[0944] 13.2.4.X N32-q connection between SEPPs

[0945] An N32-q connection is a quantum connection that supports physical security based on the principles of quantum physics.

[0946] All network points, including the SEPPs and IPXs, receive the dataToIntegrityProtect from other network points. The network points must transmit an Initial Quantum Packet via the quantum channels and check the status of the quantum channel.

[0947] If network point A receives dataToIntegrityProtect from network point B via the classical channel, network point A sends the Initial Quantum Packet to network point B via the quantum channel. The Initial Quantum Packet consists of the following:

[0948] a. The Initial Quantum Packet: Contains a synchronization header and an initial quantum stream, and constitutes the quantum state.

[0949] - synchronization header: Contains synchronization information for linkage with the classical channel. This must be identical to the synchronization header of the dataToIntegrityProtectAndCipher packet.

[0950] - initial quantum stream: a predetermined quantum state It contains randomly generated quantum states which is created as one of the pre-arranged quantum states. )

[0951] Network points A and B verify the security status of the quantum channel through the quantum bit error rate (QBER) check.

[0952] - If the QBER value exceeds a predefined threshold, all network points shall terminate the N32-q connection and report the status of the quantum channel as described in clause 13.2.2.3.

[0953] - If the QBER value does not exceed a predefined threshold, network point A sends the dataToIntegrityProtectAndCipher Packet to network point B via the quantum channels as described in clause 13.2.4.2.

[0954]

[0955] 13.2.4.3.2 dataToIntegrityProtectAndCipher

[0956] dataToIntegrityProtectAndCipher is a JSON patch document as per RFC 6902

[0064] that contains all the attribute values ​​that require both encryption and integrity protection. Attribute values ​​may come from any part of the original HTTP message - Pseudo_Headers, HTTP_Headers, and Payload.

[0957] The JSON array must contain one array entry per attribute value that needs encryption. Each array entry represents the value of the attribute to be protected, and the array index is used to reference the protected value within the dataToIntegrityProtect block. This associates each attribute in the dataToIntegrityProtectAndCipher block with the original attribute in the dataToIntegrityProtect block. This is necessary to reassemble the original message at the receiving SEPP.

[0958] Each attribute in the dataToIntegrityProtectAndCipher block is converted to a quantum state as the q_Encrypted IEs as described in clause 13.2.4.2. The q_Encrypted IEs constitute the dataToIntegrityProtectAndCipher packet.

[0959]

[0960] The amendment to 3GPP TS 33.501 described above is an explanation that modifies the concept of the proposed technology from a higher-level concept. Since detailed explanations of lower-level concepts have been explained in detail in the description of the proposed technology above, repetitive explanations have been omitted. For example, while the detailed process of conventional procedures such as QBER Check is not mentioned in detail, it is evident that the commonly used QBER Check method is applicable.

[0961]

[0962] Effects of various embodiments of the present disclosure

[0963] The expected effects of the various embodiments of the present disclosure are as follows.

[0964] (1) Through the configuration of JWE based on Quantum Security,

[0965] (1-1) By configuring it so that repeated measurement of security information is impossible based on Quantum Security, secure communication can be performed without leakage of the transmitted message.

[0966] (1-2) Based on the quantum coherence time characteristics, it is possible to prevent subsequent Plaintext Attacks even against an attacker's Harvest-Now-Decrypt-Later (HNDL) Attack.

[0967] (1-2-1) Even if existing security procedures collapse, there is no leakage of information that has already been communicated due to quantum security.

[0968] (1-3) Existing JWE security procedures and quantum security procedures can coexist.

[0969]

[0970] The characteristic configurations of various embodiments of the present disclosure are as follows.

[0971] (1) Quantum Security-based JWE procedure and packet configuration, standard description

[0972] (1-1) How to configure security information configured via JWE Encryption into q_Encypted IEs

[0973] (1-2) Method to check the state of a quantum channel by constructing an Initial Quantum Packet and performing a QBER Check

[0974] (1-3) Method for transmitting dataToIntegrityProtectAndCipher based on Initial Quantum Packet after QBER Check

[0975] (2) Signal Flow and Packet Design and Standard Description for Each Method

[0976]

[0977] [Explanation regarding the 1st node claim]

[0978] The embodiments described above will be explained in detail below with reference to FIG. 36 regarding the operation of the first node. The methods described below are distinguished only for convenience of explanation, and it is understood that, as long as they are not mutually exclusive, a part of one method may be substituted with a part of another method or combined with one another and applied.

[0979] FIG. 36 is a diagram illustrating an example of the operation process of a first node in a system applicable to the present disclosure.

[0980] According to various embodiments of the present disclosure, a method performed by a first node in a communication system is provided.

[0981] According to various embodiments of the present disclosure, each of the first node and the second node may correspond to either a terminal or a base station in a wireless communication system. According to various embodiments of the present disclosure, the first node may correspond to one of cSEPP, cIPX, or pIPX, and the second node may correspond to one of cIPX, pIPX, or pSEPP.

[0982] The embodiment of FIG. 36 may further include, prior to step S3601, one or more of the steps of: the first node transmitting one or more synchronization signals to the second node; the first node transmitting system information to the second node; the first node transmitting configuration information to the second node; and the first node transmitting control information to the second node.

[0983] The embodiment of FIG. 36 may further include, prior to step S3601, one or more of the steps of: the first node receiving a random access preamble from the second node; the first node transmitting a random access response (RAR) to the second node; the first node receiving a random access message 3 from the second node; and the first node transmitting a contention resolution message to the second node. Message 3 is the first PUSCH transmission scheduled by the RAR with a RAR UL grant.

[0984] In step S3601, the first node transmits non-secure information among the original information related to JSON Web Encryption (JavaScript Object Notation Web Encryption, JSON WE, JWE) through the classic channel.

[0985] In step S3602, the first node receives initial quantum information through a quantum channel.

[0986] In step S3603, the first node performs a QBER check (quantum bit error rate check) based on the initial quantum information.

[0987] In step S3604, the first node transmits the security information among the original information through the quantum channel based on the QBER verification.

[0988]

[0989] According to various embodiments of the present disclosure, the QBER verification may be performed based on some randomly selected quantum states among the quantum states included in the initial quantum information. The security information may be encoded based on the remaining quantum states among the quantum states included in the initial quantum information that are not used for the QBER verification.

[0990] According to various embodiments of the present disclosure, the security information may be transmitted based on whether the result of the QBER verification is equal to or lower than a threshold value. The security information may not be transmitted based on whether the result of the QBER verification is higher than a threshold value.

[0991] According to various embodiments of the present disclosure, the security information may be encrypted using an encryption method supported by the JWE.

[0992] According to various embodiments of the present disclosure, the non-security information, the initial quantum information, and the security information may include the same synchronization header.

[0993] According to various embodiments of the present disclosure, the embodiment of FIG. 36 may further include the step of transmitting tag information of the security information through the quantum channel. An error in the security information may be identified based on a comparison of information measured from the security information and the tag information.

[0994] According to various embodiments of the present disclosure, the embodiment of FIG. 36 may further include the step of receiving an indicator of quantum security; and the step of transmitting a response message related to the availability of said quantum security.

[0995]

[0996] According to various embodiments of the present disclosure, a first node is provided in a communication system. The first node includes a transceiver and at least one processor, and the at least one processor may be configured to perform a method of operation of the first node according to FIG. 36.

[0997]

[0998] According to various embodiments of the present disclosure, an apparatus for controlling a first node in a communication system is provided. The apparatus comprises at least one processor and at least one memory operably connected to the at least one processor. The at least one memory may be configured to store instructions for performing a method of operation of the first node according to FIG. 36 based on execution by the at least one processor.

[0999]

[1000] According to various embodiments of the present disclosure, one or more non-transitory computer readable media (CRMs) storing one or more instructions are provided. The one or more instructions perform operations based on execution by one or more processors, and the operations may include a method of operation of a first node according to FIG. 36.

[1001]

[1002] [Explanation regarding the 2nd node claim]

[1003] The embodiments described above will be explained in detail below with reference to FIG. 37 regarding the operation of the second node. The methods described below are distinguished only for convenience of explanation, and it is obvious that as long as they are not mutually excluded, a part of one method may be substituted with a part of another method or combined with one another and applied.

[1004] FIG. 37 is a diagram illustrating an example of the operation process of a second node in a system applicable to the present disclosure.

[1005] According to various embodiments of the present disclosure, a method performed by a second node in a communication system is provided.

[1006] According to various embodiments of the present disclosure, each of the first node and the second node may correspond to either a terminal or a base station in a wireless communication system. According to various embodiments of the present disclosure, the first node may correspond to one of cSEPP, cIPX, or pIPX, and the second node may correspond to one of cIPX, pIPX, or pSEPP.

[1007] The embodiment of FIG. 37 may further include, prior to step S3701, one or more of the steps of: the second node receiving one or more synchronization signals from the first node; the second node receiving system information from the first node; the second node receiving configuration information from the first node; and the second node receiving control information from the first node.

[1008] The embodiment of FIG. 37 may further include, prior to step S3701, one or more of the steps of: the second node transmitting a random access preamble to the first node; the second node receiving a random access response (RAR) from the first node; the second node transmitting a random access message 3 to the first node; and the second node receiving a contention resolution message from the first node. Message 3 is the first PUSCH transmission scheduled by the RAR with a RAR UL grant.

[1009] In step S3701, the second node receives non-secure information among the original information related to JSON Web Encryption (JavaScript Object Notation Web Encryption, JSON WE, JWE) through a classic channel.

[1010] In step S3702, the second node transmits initial quantum information through the quantum channel.

[1011] In step S3703, the second node receives security information among the original information through the quantum channel based on a QBER check (quantum bit error rate check) related to the initial quantum information.

[1012]

[1013] According to various embodiments of the present disclosure, the QBER verification may be performed based on some randomly selected quantum states among the quantum states included in the initial quantum information. The security information may be encoded based on the remaining quantum states among the quantum states included in the initial quantum information that are not used for the QBER verification.

[1014] According to various embodiments of the present disclosure, the security information may be received based on the result of the QBER verification being equal to or lower than a threshold value. The security information may not be received based on the result of the QBER verification being higher than a threshold value.

[1015] According to various embodiments of the present disclosure, the security information may be encrypted using an encryption method supported by the JWE.

[1016] According to various embodiments of the present disclosure, the non-security information, the initial quantum information, and the security information may include the same synchronization header.

[1017] According to various embodiments of the present disclosure, the embodiment of FIG. 37 may further include the step of receiving tag information of security information through the quantum channel. An error in the security information may be identified based on a comparison of information measured from the security information and the tag information.

[1018] According to various embodiments of the present disclosure, the embodiment of FIG. 37 may further include the step of transmitting an indicator of quantum security; and the step of receiving a response message related to the availability of said quantum security.

[1019]

[1020] According to various embodiments of the present disclosure, a second node is provided in a communication system. The second node includes a transceiver and at least one processor, and the at least one processor may be configured to perform the operation method of the second node according to FIG. 37.

[1021]

[1022] According to various embodiments of the present disclosure, an apparatus for controlling a first node in a communication system is provided. The apparatus comprises at least one processor and at least one memory operably connected to the at least one processor. The at least one memory may be configured to store instructions for performing a method of operation of a second node according to FIG. 37 based on execution by the at least one processor.

[1023]

[1024] According to various embodiments of the present disclosure, one or more non-transitory computer-readable media (CRMs) storing one or more instructions are provided. The one or more instructions perform operations based on execution by one or more processors, and the operations may include a method of operation of a second node according to FIG. 37.

[1025]

[1026] Communication systems applicable to the present disclosure

[1027] FIG. 38 illustrates a communication system (1) applicable to various embodiments of the present disclosure.

[1028] Referring to FIG. 38, a communication system (1) applicable to various embodiments of the present disclosure includes a wireless device, a base station, and a network. Here, the wireless device refers to a device that performs communication using wireless access technology (e.g., 5G NR (New RAT), LTE (Long Term Evolution), 6G wireless communication) and may be referred to as a communication / wireless / 5G device / 6G device. Although not limited thereto, the wireless device may include a robot (100a), a vehicle (100b-1, 100b-2), an XR (eXtended Reality) device (100c), a hand-held device (100d), a home appliance (100e), an IoT (Internet of Thing) device (100f), and an AI device / server (400). For example, the vehicle may include a vehicle equipped with wireless communication capabilities, an autonomous vehicle, a vehicle capable of performing inter-vehicle communication, etc. Here, the vehicle may include an Unmanned Aerial Vehicle (UAV) (e.g., a drone). XR devices include AR (Augmented Reality) / VR (Virtual Reality) / MR (Mixed Reality) devices and can be implemented in the form of HMDs (Head-Mounted Devices), HUDs (Head-Up Displays) equipped in vehicles, televisions, smartphones, computers, wearable devices, home appliances, digital signage, vehicles, robots, etc. Portable devices may include smartphones, smartpads, wearable devices (e.g., smartwatches, smart glasses), computers (e.g., laptops, etc.). Home appliances may include TVs, refrigerators, washing machines, etc. IoT devices may include sensors, smart meters, etc. For example, base stations and networks may be implemented as wireless devices, and a specific wireless device (200a) may operate as a base station / network node to other wireless devices.

[1029] Wireless devices (100a to 100f) can be connected to a network (300) through a base station (200). Artificial Intelligence (AI) technology may be applied to the wireless devices (100a to 100f), and wireless devices (100a to 100f) can be connected to an AI server (400) through the network (300). The network (300) can be configured using a 3G network, a 4G (e.g., LTE) network, a 5G (e.g., NR) network, or a 6G network. Wireless devices (100a to 100f) may communicate with each other through the base station (200) / network (300), but they may also communicate directly (e.g., sidelink communication) without going through the base station / network. For example, vehicles (100b-1, 100b-2) can communicate directly (e.g., V2V (Vehicle to Vehicle) / V2X (Vehicle to everything) communication). Also, IoT devices (e.g., sensors) can communicate directly with other IoT devices (e.g., sensors) or other wireless devices (100a to 100f).

[1030] Wireless communication / connection (150a, 150b, 150c) can be established between wireless devices (100a~100f) / base station (200) and base station (200) / base station (200). Here, wireless communication / connection can be achieved through various wireless access technologies (e.g., 5G NR), such as uplink / downlink communication (150a), sidelink communication (150b) (or D2D communication), and inter-base station communication (150c) (e.g., relay, IAB (Integrated Access Backhaul)). Through wireless communication / connection (150a, 150b, 150c), wireless devices and base stations / wireless devices, and base stations and base stations can transmit / receive wireless signals to / from each other. For example, wireless communication / connection (150a, 150b, 150c) can transmit / receive signals through various physical channels. To this end, based on various proposals of various embodiments of the present disclosure, at least some of the following may be performed: various configuration information setting processes for transmitting / receiving wireless signals, various signal processing processes (e.g., channel encoding / decoding, modulation / demodulation, resource mapping / demapping, etc.), resource allocation processes, etc.

[1031] Meanwhile, NR supports multiple numerologies (or subcarrier spacing (SCS)) to support various 5G services. For example, when the SCS is 15 kHz, it supports a wide area in traditional cellular bands; when the SCS is 30 kHz / 60 kHz, it supports dense-urban, lower latency, and wider carrier bandwidth; and when the SCS is 60 kHz or higher, it supports a bandwidth greater than 24.25 GHz to overcome phase noise.

[1032] The NR frequency band can be defined by two types of frequency ranges (FR1, FR2). The numerical values ​​of the frequency ranges may change, for example, the frequency ranges of the two types (FR1, FR2) may be as shown in Table 5 below. For convenience of explanation, among the frequency ranges used in the NR system, FR1 may mean "sub 6GHz range" and FR2 may mean "above 6GHz range" and may be referred to as millimeter wave (mmW).

[1033]

[1034] Frequency Range designationCorresponding frequency rangeSubcarrier SpacingFR1450MHz-6000MHz15, 30, 60kHzFR224250MHz-52600MHz60, 120, 240kHz

[1035] As described above, the numerical value of the frequency range of the NR system may change. For example, FR1 may include a band of 410 MHz to 7125 MHz as shown in Table 6 below. That is, FR1 may include a frequency band of 6 GHz (or 5850, 5900, 5925 MHz, etc.) or higher. For example, the frequency band of 6 GHz (or 5850, 5900, 5925 MHz, etc.) or higher included within FR1 may include an unlicensed band. The unlicensed band may be used for various purposes, for example, for communication for vehicles (e.g., autonomous driving).

[1036] Frequency Range designationCorresponding frequency rangeSubcarrier SpacingFR141MHz-7125MHz15, 30, 60kHzFR224250MHz-52600MHz60, 120, 240kHz

[1037] According to various embodiments of the present disclosure, the communication system (1) may support terahertz (THz) wireless communication. THz wireless communication is wireless communication using THz waves having a frequency of approximately 0.1 to 10 THz (1 THz = 10¹² Hz), and may refer to terahertz (THz) band wireless communication using a very high carrier frequency of 100 GHz or higher. The frequency band expected to be used for THz wireless communication may be a D-band (110 GHz to 170 GHz) or H-band (220 GHz to 325 GHz) band, which has low propagation loss due to molecular absorption in the air.

[1038] Wireless devices applicable to the present disclosure

[1039] Hereinafter, examples of wireless devices to which various embodiments of the present disclosure are applied will be described.

[1040] FIG. 39 illustrates a wireless device that can be applied to various embodiments of the present disclosure.

[1041] Referring to FIG. 39, the first wireless device (100) and the second wireless device (200) can transmit and receive wireless signals through various wireless access technologies (e.g., LTE, NR). Here, {the first wireless device (100), the second wireless device (200)} may correspond to {wireless device (100x), base station (200)} and / or {wireless device (100x), wireless device (100x)} of FIG. 38.

[1042] The first wireless device (100) includes one or more processors (102) and one or more memories (104), and may additionally include one or more transceivers (106) and / or one or more antennas (108). The processor (102) controls the memory (104) and / or transceivers (106) and may be configured to implement the descriptions, functions, procedures, proposals, methods and / or operation sequences disclosed herein. For example, the processor (102) may process information within the memory (104) to generate a first information / signal and then transmit a wireless signal containing the first information / signal through the transceiver (106). Additionally, the processor (102) may receive a wireless signal containing a second information / signal through the transceiver (106) and then store information obtained from the signal processing of the second information / signal in the memory (104). The memory (104) may be connected to the processor (102) and may store various information related to the operation of the processor (102). For example, the memory (104) may store software code containing instructions for performing some or all of the processes controlled by the processor (102) or for performing the descriptions, functions, procedures, proposals, methods, and / or operation sequence diagrams disclosed in this document. Here, the processor (102) and the memory (104) may be part of a communication modem / circuit / chip designed to implement wireless communication technology (e.g., LTE, NR). The transceiver (106) may be connected to the processor (102) and may transmit and / or receive wireless signals through one or more antennas (108). The transceiver (106) may include a transmitter and / or receiver. The transceiver (106) may be combined with an RF (Radio Frequency) unit. In various embodiments of the present disclosure, the wireless device may refer to a communication modem / circuit / chip.

[1043] The second wireless device (200) includes one or more processors (202) and one or more memories (204), and may additionally include one or more transceivers (206) and / or one or more antennas (208). The processor (202) controls the memory (204) and / or transceivers (206) and may be configured to implement the descriptions, functions, procedures, proposals, methods and / or operation sequences disclosed in this document. For example, the processor (202) may process information within the memory (204) to generate a third information / signal and then transmit a wireless signal containing the third information / signal through the transceiver (206). Additionally, the processor (202) may receive a wireless signal containing a fourth information / signal through the transceiver (206) and then store information obtained from the signal processing of the fourth information / signal in the memory (204). Memory (204) may be connected to the processor (202) and may store various information related to the operation of the processor (202). For example, memory (204) may store software code containing instructions for performing some or all of the processes controlled by the processor (202) or for performing the descriptions, functions, procedures, proposals, methods, and / or sequences of operation disclosed in this document. Here, the processor (202) and memory (204) may be part of a communication modem / circuit / chip designed to implement wireless communication technology (e.g., LTE, NR). A transceiver (206) may be connected to the processor (202) and may transmit and / or receive wireless signals through one or more antennas (208). The transceiver (206) may include a transmitter and / or receiver. The transceiver (206) may be interchangeable with an RF unit. In various embodiments of this disclosure, a wireless device may refer to a communication modem / circuit / chip.

[1044] Hereinafter, hardware elements of the wireless device (100, 200) will be described in more detail. Although not limited thereto, one or more protocol layers may be implemented by one or more processors (102, 202). For example, one or more processors (102, 202) may implement one or more layers (e.g., functional layers such as PHY, MAC, RLC, PDCP, RRC, SDAP). One or more processors (102, 202) may generate one or more Protocol Data Units (PDUs) and / or Service Data Units (SDUs) according to the descriptions, functions, procedures, proposals, methods, and / or flowcharts of operation disclosed in this document. One or more processors (102, 202) may generate messages, control information, data, or information according to the descriptions, functions, procedures, proposals, methods, and / or flowcharts of operation disclosed in this document. One or more processors (102, 202) may generate a signal (e.g., baseband signal) containing a PDU, SDU, message, control information, data, or information according to the functions, procedures, proposals, and / or methods disclosed in this document and provide it to one or more transceivers (106, 206). One or more processors (102, 202) may receive a signal (e.g., baseband signal) from one or more transceivers (106, 206) and may obtain a PDU, SDU, message, control information, data, or information according to the descriptions, functions, procedures, proposals, methods, and / or flowcharts disclosed in this document.

[1045] One or more processors (102, 202) may be referred to as a controller, microcontroller, microprocessor, or microcomputer. One or more processors (102, 202) may be implemented by hardware, firmware, software, or a combination thereof. For example, one or more Application Specific Integrated Circuits (ASICs), one or more Digital Signal Processors (DSPs), one or more Digital Signal Processing Devices (DSPDs), one or more Programmable Logic Devices (PLDs), or one or more Field Programmable Gate Arrays (FPGAs) may be included in one or more processors (102, 202). The descriptions, functions, procedures, proposals, methods, and / or flowcharts disclosed in this document may be implemented using firmware or software, and the firmware or software may be implemented to include modules, procedures, functions, etc. Firmware or software configured to perform the descriptions, functions, procedures, proposals, methods, and / or operation sequences disclosed in this document may be contained in one or more processors (102, 202) or stored in one or more memories (104, 204) and driven by one or more processors (102, 202). The descriptions, functions, procedures, proposals, methods, and / or operation sequences disclosed in this document may be implemented using firmware or software in the form of code, instructions, and / or sets of instructions.

[1046] One or more memories (104, 204) may be connected to one or more processors (102, 202) and may store various forms of data, signals, messages, information, programs, code, instructions, and / or commands. One or more memories (104, 204) may be composed of ROM, RAM, EPROM, flash memory, hard drive, registers, cache memory, computer read storage media, and / or combinations thereof. One or more memories (104, 204) may be located inside and / or outside of one or more processors (102, 202). Additionally, one or more memories (104, 204) may be connected to one or more processors (102, 202) through various technologies such as wired or wireless connections.

[1047] One or more transceivers (106, 206) may transmit user data, control information, wireless signals / channels, etc., as mentioned in the methods and / or operation flowcharts, etc., of this document to one or more other devices. One or more transceivers (106, 206) may receive user data, control information, wireless signals / channels, etc., as mentioned in the descriptions, functions, procedures, proposals, methods and / or operation flowcharts, etc., disclosed in this document from one or more other devices. For example, one or more transceivers (106, 206) may be connected to one or more processors (102, 202) and may transmit and receive wireless signals. For example, one or more processors (102, 202) may control one or more transceivers (106, 206) to transmit user data, control information, or wireless signals to one or more other devices. Additionally, one or more processors (102, 202) may control one or more transceivers (106, 206) to receive user data, control information, or wireless signals from one or more other devices. Additionally, one or more transceivers (106, 206) may be connected to one or more antennas (108, 208), and one or more transceivers (106, 206) may be configured to transmit and receive user data, control information, wireless signals / channels, etc., as described in the descriptions, functions, procedures, proposals, methods, and / or flowcharts of operation disclosed in this document through one or more antennas (108, 208). In this document, one or more antennas may be multiple physical antennas or multiple logical antennas (e.g., antenna ports). One or more transceivers (106, 206) can convert the received wireless signal / channel, etc. from an RF band signal to a baseband signal in order to process the received user data, control information, wireless signal / channel, etc. using one or more processors (102, 202).One or more transceivers (106, 206) can convert user data, control information, wireless signals / channels, etc. processed using one or more processors (102, 202) from baseband signals to RF band signals. To this end, one or more transceivers (106, 206) may include (analog) oscillators and / or filters.

[1048] FIG. 40 illustrates another example of a wireless device that can be applied to various embodiments of the present disclosure.

[1049] According to FIG. 40, the wireless device may include at least one processor (102, 202), at least one memory (104, 204), at least one transceiver (106, 206), and one or more antennas (108, 208).

[1050] The difference between the example of the wireless device described in FIG. 39 and the example of the wireless device in FIG. 40 is that in FIG. 39, the processor (102, 202) and the memory (104, 204) are separated, whereas in the example of FIG. 40, the memory (104, 204) is included in the processor (102, 202).

[1051] Here, since the specific descriptions of the processor (102, 202), memory (104, 204), transceiver (106, 206), and one or more antennas (108, 208) are as described above, the descriptions of the repeated descriptions will be omitted to avoid unnecessary repetition of descriptions.

[1052] Hereinafter, examples of signal processing circuits to which various embodiments of the present disclosure are applied are described.

[1053] FIG. 41 illustrates a signal processing circuit for a transmission signal.

[1054] Referring to FIG. 41, the signal processing circuit (1000) may include a scrambler (1010), a modulator (1020), a layer mapper (1030), a precoder (1040), a resource mapper (1050), and a signal generator (1060). Although not limited thereto, the operation / function of FIG. 41 may be performed in the processor (102, 202) and / or transceiver (106, 206) of FIG. 39. The hardware elements of FIG. 41 may be implemented in the processor (102, 202) and / or transceiver (106, 206) of FIG. 39. For example, blocks 1010 through 1060 may be implemented in the processor (102, 202) of FIG. 39. Additionally, blocks 1010 to 1050 may be implemented in the processor (102, 202) of FIG. 39, and block 1060 may be implemented in the transceiver (106, 206) of FIG. 39.

[1055] The codeword can be converted into a wireless signal through the signal processing circuit (1000) of FIG. 41. Here, the codeword is an encoded bit sequence of an information block. The information block may include a transmission block (e.g., UL-SCH transmission block, DL-SCH transmission block). The wireless signal can be transmitted through various physical channels (e.g., PUSCH, PDSCH).

[1056] Specifically, a codeword can be converted into a scrambled bit sequence by a scrambler (1010). The scrambled sequence used for scrambling is generated based on an initialization value, which may include ID information of a wireless device, etc. The scrambled bit sequence can be modulated into a modulation symbol sequence by a modulator (1020). The modulation method may include pi / 2-BPSK (pi / 2-Binary Phase Shift Keying), m-PSK (m-Phase Shift Keying), m-QAM (m-Quadrature Amplitude Modulation), etc. The complex modulation symbol sequence can be mapped to one or more transmission layers by a layer mapper (1030). The modulation symbols of each transmission layer can be mapped to the corresponding antenna port(s) by a precoder (1040) (precoding). The output z of the precoder (1040) can be obtained by multiplying the output y of the layer mapper (1030) by an N*M precoding matrix W. Here, N is the number of antenna ports and M is the number of transmission layers. Here, the precoder (1040) can perform precoding after performing transform precoding (e.g., DFT transform) on the complex modulation symbols. Additionally, the precoder (1040) can perform precoding without performing transform precoding.

[1057] A resource mapper (1050) can map the modulation symbols of each antenna port to a time-frequency resource. The time-frequency resource may include multiple symbols (e.g., CP-OFDMA symbols, DFT-s-OFDMA symbols) in the time domain and multiple subcarriers in the frequency domain. A signal generator (1060) generates a radio signal from the mapped modulation symbols, and the generated radio signal can be transmitted to another device through each antenna. To this end, the signal generator (1060) may include an Inverse Fast Fourier Transform (IFFT) module, a Cyclic Prefix (CP) inserter, a Digital-to-Analog Converter (DAC), a frequency uplink converter, etc.

[1058] The signal processing process for a received signal in a wireless device can be configured as the inverse of the signal processing process (1010–1060) of FIG. 41. For example, a wireless device (e.g., 100, 200 in FIG. 39) can receive a wireless signal from the outside through an antenna port / transceiver. The received wireless signal can be converted into a baseband signal through a signal restorer. To this end, the signal restorer may include a frequency downlink converter, an analog-to-digital converter (ADC), a CP remover, and a Fast Fourier Transform (FFT) module. Subsequently, the baseband signal can be restored into a codeword through a resource de-mapper process, a postcoding process, a demodulation process, and a de-scrambling process. The codeword can be restored into the original information block through decoding. Accordingly, a signal processing circuit (not shown) for a received signal may include a signal restorer, a resource de-mapper, a postcoder, a demodulator, a de-scrambler, and a decoder.

[1059] Hereinafter, examples of wireless device applications to which various embodiments of the present disclosure are applied will be described.

[1060] FIG. 42 illustrates another example of a wireless device applicable to various embodiments of the present disclosure. The wireless device may be implemented in various forms depending on the use-example / service (see FIG. 38).

[1061] Referring to FIG. 42, the wireless device (100, 200) corresponds to the wireless device (100, 200) of FIG. 39 and may be composed of various elements, components, units / parts, and / or modules. For example, the wireless device (100, 200) may include a communication unit (110), a control unit (120), a memory unit (130), and additional elements (140). The communication unit may include a communication circuit (112) and transceiver(s) (114). For example, the communication circuit (112) may include one or more processors (102, 202) and / or one or more memories (104, 204) of FIG. 39. For example, the transceiver(s) (114) may include one or more transceivers (106, 206) and / or one or more antennas (108, 208) of FIG. 39. The control unit (120) is electrically connected to the communication unit (110), the memory unit (130), and additional elements (140) and controls the general operation of the wireless device. For example, the control unit (120) may control the electrical / mechanical operation of the wireless device based on a program / code / command / information stored in the memory unit (130). Additionally, the control unit (120) may transmit information stored in the memory unit (130) to an external (e.g., another communication device) via a wireless / wired interface through the communication unit (110), or store information received from an external (e.g., another communication device) via a wireless / wired interface through the communication unit (110) in the memory unit (130).

[1062] The additional element (140) can be configured in various ways depending on the type of wireless device. For example, the additional element (140) may include at least one of a power unit / battery, an input / output unit (I / O unit), a driving unit, and a computing unit. Although not limited thereto, the wireless device may be implemented in the form of a robot (Fig. 38, 100a), a vehicle (Fig. 38, 100b-1, 100b-2), an XR device (Fig. 38, 100c), a portable device (Fig. 38, 100d), a home appliance (Fig. 38, 100e), an IoT device (Fig. 38, 100f), a digital broadcasting terminal, a hologram device, a public safety device, an MTC device, a medical device, a fintech device (or financial device), a security device, a climate / environment device, an AI server / device (Fig. 38, 400), a base station (Fig. 38, 200), a network node, etc. Wireless devices can be used in a movable or fixed location depending on the use—e.g., service.

[1063] In FIG. 42, various elements, components, units / parts, and / or modules within the wireless device (100, 200) may be entirely interconnected via a wired interface, or at least partially connected via a communication unit (110). For example, within the wireless device (100, 200), the control unit (120) and the communication unit (110) may be connected via a wire, and the control unit (120) and the first unit (e.g., 130, 140) may be connected wirelessly via the communication unit (110). Additionally, each element, component, unit / part, and / or module within the wireless device (100, 200) may include one or more additional elements. For example, the control unit (120) may be composed of one or more sets of processors. For example, the control unit (120) may be composed of a set of a communication control processor, an application processor, an Electronic Control Unit (ECU), a graphics processing processor, a memory control processor, etc. As another example, the memory unit (130) may be composed of RAM (Random Access Memory), DRAM (Dynamic RAM), ROM (Read Only Memory), flash memory, volatile memory, non-volatile memory and / or a combination thereof.

[1064] Hereinafter, an implementation example of FIG. 42 will be described in more detail with reference to the drawings.

[1065] FIG. 43 illustrates a portable device applicable to various embodiments of the present disclosure. The portable device may include a smartphone, a smartpad, a wearable device (e.g., a smartwatch, smart glasses), a portable computer (e.g., a laptop, etc.). The portable device may be referred to as an MS (Mobile Station), UT (user terminal), MSS (Mobile Subscriber Station), SS (Subscriber Station), AMS (Advanced Mobile Station), or WT (Wireless terminal).

[1066] Referring to FIG. 43, the portable device (100) may include an antenna unit (108), a communication unit (110), a control unit (120), a memory unit (130), a power supply unit (140a), an interface unit (140b), and an input / output unit (140c). The antenna unit (108) may be configured as part of the communication unit (110). Blocks 110 to 130 / 140a to 140c each correspond to blocks 110 to 130 / 140 of FIG. 42.

[1067] The communication unit (110) can transmit and receive signals (e.g., data, control signals, etc.) with other wireless devices and base stations. The control unit (120) can control the components of the portable device (100) to perform various operations. The control unit (120) may include an AP (Application Processor). The memory unit (130) can store data / parameters / programs / code / commands required for the operation of the portable device (100). Additionally, the memory unit (130) can store input / output data / information, etc. The power supply unit (140a) supplies power to the portable device (100) and may include wired / wireless charging circuits, batteries, etc. The interface unit (140b) can support the connection between the portable device (100) and other external devices. The interface unit (140b) may include various ports (e.g., audio input / output ports, video input / output ports) for connection with external devices. The input / output unit (140c) can receive or output video information / signals, audio information / signals, data, and / or information input from a user. The input / output unit (140c) may include a camera, a microphone, a user input unit, a display unit (140d), a speaker and / or a haptic module, etc.

[1068] For example, in the case of data communication, the input / output unit (140c) acquires information / signals (e.g., touch, text, voice, image, video) input from the user, and the acquired information / signals can be stored in the memory unit (130). The communication unit (110) converts the information / signals stored in the memory into wireless signals and can directly transmit the converted wireless signals to another wireless device or to a base station. Additionally, the communication unit (110) can receive wireless signals from another wireless device or base station and then restore the received wireless signals to their original information / signals. The restored information / signals can be stored in the memory unit (130) and then output in various forms (e.g., text, voice, image, video, haptic) through the input / output unit (140c).

[1069] FIG. 44 illustrates a vehicle or autonomous vehicle applicable to various embodiments of the present disclosure.

[1070] Vehicles or autonomous vehicles can be implemented as mobile robots, vehicles, trains, manned or unmanned aerial vehicles (AVs), ships, etc.

[1071] Referring to FIG. 44, a vehicle or autonomous vehicle (100) may include an antenna unit (108), a communication unit (110), a control unit (120), a driving unit (140a), a power supply unit (140b), a sensor unit (140c), and an autonomous driving unit (140d). The antenna unit (108) may be configured as part of the communication unit (110). Blocks 110 / 130 / 140a to 140d correspond to blocks 110 / 130 / 140 of FIG. 42, respectively.

[1072] The communication unit (110) can transmit and receive signals (e.g., data, control signals, etc.) with external devices such as other vehicles, base stations (e.g., base stations, roadside base stations (Roadside units), etc.), and servers. The control unit (120) can perform various operations by controlling elements of the vehicle or autonomous vehicle (100). The control unit (120) may include an Electronic Control Unit (ECU). The driving unit (140a) can drive the vehicle or autonomous vehicle (100) on the ground. The driving unit (140a) may include an engine, motor, power train, wheels, brakes, steering device, etc. The power supply unit (140b) supplies power to the vehicle or autonomous vehicle (100) and may include wired / wireless charging circuits, batteries, etc. The sensor unit (140c) can obtain vehicle status, surrounding environment information, user information, etc. The sensor unit (140c) may include an IMU (inertial measurement unit) sensor, a collision sensor, a wheel sensor, a speed sensor, an inclination sensor, a weight detection sensor, a heading sensor, a position module, a vehicle forward / reverse sensor, a battery sensor, a fuel sensor, a tire sensor, a steering sensor, a temperature sensor, a humidity sensor, an ultrasonic sensor, an illuminance sensor, a pedal position sensor, etc. The autonomous driving unit (140d) may implement technologies such as maintaining the driving lane, technologies for automatically adjusting speed such as adaptive cruise control, technologies for automatically driving along a predetermined path, and technologies for automatically setting a path and driving when a destination is set.

[1073] For example, the communication unit (110) can receive map data, traffic information data, etc. from an external server. The autonomous driving unit (140d) can generate an autonomous driving path and a driving plan based on the acquired data. The control unit (120) can control the drive unit (140a) so that the vehicle or the autonomous vehicle (100) moves along the autonomous driving path according to the driving plan (e.g., speed / direction control). During autonomous driving, the communication unit (110) can acquire the latest traffic information data from an external server non-periodically and can acquire surrounding traffic information data from surrounding vehicles. Additionally, during autonomous driving, the sensor unit (140c) can acquire vehicle status and surrounding environment information. The autonomous driving unit (140d) can update the autonomous driving path and the driving plan based on the newly acquired data / information. The communication unit (110) can transmit information regarding the vehicle location, autonomous driving path, driving plan, etc. to an external server. An external server can predict traffic information data in advance using AI technology, etc., based on information collected from vehicles or autonomous vehicles, and can provide the predicted traffic information data to vehicles or autonomous vehicles.

[1074] FIG. 45 illustrates a vehicle applicable to various embodiments of the present disclosure. The vehicle may also be implemented as a means of transport, a train, an aircraft, a ship, etc.

[1075] Referring to FIG. 45, the vehicle (100) may include a communication unit (110), a control unit (120), a memory unit (130), an input / output unit (140a), and a position measuring unit (140b). Here, blocks 110 to 130 / 140a to 140b correspond to blocks 110 to 130 / 140 of FIG. 42, respectively.

[1076] The communication unit (110) can transmit and receive signals (e.g., data, control signals, etc.) with external devices such as other vehicles or base stations. The control unit (120) can control the components of the vehicle (100) to perform various operations. The memory unit (130) can store data / parameters / programs / codes / commands that support various functions of the vehicle (100). The input / output unit (140a) can output AR / VR objects based on information within the memory unit (130). The input / output unit (140a) may include a HUD. The position measurement unit (140b) can acquire position information of the vehicle (100). The position information may include absolute position information of the vehicle (100), position information within the driving line, acceleration information, position information relative to surrounding vehicles, etc. The position measurement unit (140b) may include GPS and various sensors.

[1077] For example, the communication unit (110) of the vehicle (100) can receive map information, traffic information, etc. from an external server and store it in the memory unit (130). The location measurement unit (140b) can acquire vehicle location information through GPS and various sensors and store it in the memory unit (130). The control unit (120) creates a virtual object based on map information, traffic information, and vehicle location information, etc., and the input / output unit (140a) can display the created virtual object on the glass window inside the vehicle (1410, 1420). In addition, the control unit (120) can determine whether the vehicle (100) is operating normally within the driving line based on the vehicle location information. If the vehicle (100) deviates abnormally from the driving line, the control unit (120) can display a warning on the glass window inside the vehicle through the input / output unit (140a). Additionally, the control unit (120) can broadcast a warning message regarding a driving abnormality to surrounding vehicles through the communication unit (110). Depending on the situation, the control unit (120) can transmit the vehicle's location information and information regarding the driving / vehicle abnormality to relevant authorities through the communication unit (110).

[1078] FIG. 46 illustrates an XR device applicable to various embodiments of the present disclosure. The XR device may be implemented as an HMD, a Head-Up Display (HUD) equipped in a vehicle, a television, a smartphone, a computer, a wearable device, a home appliance, digital signage, a vehicle, a robot, etc.

[1079] Referring to FIG. 46, the XR device (100a) may include a communication unit (110), a control unit (120), a memory unit (130), an input / output unit (140a), a sensor unit (140b), and a power supply unit (140c). Here, blocks 110 to 130 / 140a to 140c correspond to blocks 110 to 130 / 140 of FIG. 42, respectively.

[1080] The communication unit (110) can transmit and receive signals (e.g., media data, control signals, etc.) with external devices such as other wireless devices, mobile devices, or media servers. The media data may include video, images, sound, etc. The control unit (120) can perform various operations by controlling the components of the XR device (100a). For example, the control unit (120) may be configured to control and / or perform procedures such as video / image acquisition, (video / image) encoding, metadata generation, and processing. The memory unit (130) may store data / parameters / programs / codes / commands required for driving the XR device (100a) or creating an XR object. The input / output unit (140a) acquires control information, data, etc. from the outside and can output the created XR object. The input / output unit (140a) may include a camera, microphone, user input unit, display unit, speaker and / or haptic module, etc. The sensor unit (140b) can obtain XR device status, surrounding environment information, user information, etc. The sensor unit (140b) may include a proximity sensor, an illuminance sensor, an accelerometer, a magnetic sensor, a gyroscope, an inertial sensor, an RGB sensor, an IR sensor, a fingerprint recognition sensor, an ultrasonic sensor, a light sensor, a microphone and / or radar, etc. The power supply unit (140c) supplies power to the XR device (100a) and may include a wired / wireless charging circuit, a battery, etc.

[1081] For example, the memory unit (130) of the XR device (100a) may contain information (e.g., data, etc.) necessary for creating an XR object (e.g., AR / VR / MR object). The input / output unit (140a) may receive a command to operate the XR device (100a) from the user, and the control unit (120) may operate the XR device (100a) according to the user's operation command. For example, if the user intends to watch movies, news, etc. through the XR device (100a), the control unit (120) may transmit content request information to another device (e.g., mobile device (100b)) or a media server through the communication unit (130). The communication unit (130) may download / stream content such as movies, news, etc. from another device (e.g., mobile device (100b)) or a media server to the memory unit (130). The control unit (120) controls and / or performs procedures such as video / image acquisition, (video / image) encoding, and metadata generation / processing for the content, and can generate / output an XR object based on information about the surrounding space or real object acquired through the input / output unit (140a) / sensor unit (140b).

[1082] Additionally, the XR device (100a) is wirelessly connected to the mobile device (100b) through the communication unit (110), and the operation of the XR device (100a) can be controlled by the mobile device (100b). For example, the mobile device (100b) can act as a controller for the XR device (100a). To this end, the XR device (100a) can acquire three-dimensional position information of the mobile device (100b), and then generate and output an XR object corresponding to the mobile device (100b).

[1083] FIG. 47 illustrates a robot applicable to various embodiments of the present disclosure. Robots may be classified into industrial, medical, domestic, military, etc., depending on the purpose or field of use.

[1084] Referring to FIG. 47, the robot (100) may include a communication unit (110), a control unit (120), a memory unit (130), an input / output unit (140a), a sensor unit (140b), and a driving unit (140c). Here, blocks 110 to 130 / 140a to 140c correspond to blocks 110 to 130 / 140 of FIG. 42, respectively.

[1085] The communication unit (110) can transmit and receive signals (e.g., driving information, control signals, etc.) with external devices such as other wireless devices, other robots, or control servers. The control unit (120) can control the components of the robot (100) to perform various operations. The memory unit (130) can store data / parameters / programs / codes / commands that support various functions of the robot (100). The input / output unit (140a) can acquire information from outside the robot (100) and output information to outside the robot (100). The input / output unit (140a) may include a camera, microphone, user input unit, display unit, speaker and / or haptic module, etc. The sensor unit (140b) can obtain internal information of the robot (100), surrounding environment information, user information, etc. The sensor unit (140b) may include a proximity sensor, an illuminance sensor, an accelerometer, a magnetic sensor, a gyroscope, an inertial sensor, an IR sensor, a fingerprint recognition sensor, an ultrasonic sensor, a light sensor, a microphone, a radar, etc. The driving unit (140c) may perform various physical movements, such as moving robot joints. Additionally, the driving unit (140c) may enable the robot (100) to travel on the ground or fly in the air. The driving unit (140c) may include an actuator, a motor, a wheel, a brake, a propeller, etc.

[1086] FIG. 48 illustrates an AI device applied to various embodiments of the present disclosure.

[1087] AI devices can be implemented as stationary devices or mobile devices, such as TVs, projectors, smartphones, PCs, laptops, digital broadcasting terminals, tablet PCs, wearable devices, set-top boxes (STBs), radios, washing machines, refrigerators, digital signage, robots, vehicles, etc.

[1088] Referring to FIG. 48, the AI ​​device (100) may include a communication unit (110), a control unit (120), a memory unit (130), an input / output unit (140a / 140b), a learning processor unit (140c), and a sensor unit (140d). Blocks 110 to 130 / 140a to 140d correspond to blocks 110 to 130 / 140 of FIG. 42, respectively.

[1089] The communication unit (110) can transmit and receive wired and wireless signals (e.g., sensor information, user input, learning model, control signal, etc.) with external devices such as other AI devices (e.g., f. W1, 100x, 200, 400) or an AI server (200) using wired and wireless communication technology. To do this, the communication unit (110) can transmit information within the memory unit (130) to an external device or transmit signals received from an external device to the memory unit (130).

[1090] The control unit (120) can determine at least one executable operation of the AI ​​device (100) based on information determined or generated using a data analysis algorithm or a machine learning algorithm. The control unit (120) can perform the determined operation by controlling the components of the AI ​​device (100). For example, the control unit (120) can request, search, receive, or utilize data from the learning processor unit (140c) or the memory unit (130), and can control the components of the AI ​​device (100) to execute a predicted operation or an operation determined to be desirable among at least one executable operation. Additionally, the control unit (120) can collect historical information, including the operation content of the AI ​​device (100) or user feedback regarding the operation, and store it in the memory unit (130) or the learning processor unit (140c), or transmit it to an external device such as an AI server (Fig. W1, 400). The collected historical information can be used to update the learning model.

[1091] The memory unit (130) can store data that supports various functions of the AI ​​device (100). For example, the memory unit (130) can store data obtained from the input unit (140a), data obtained from the communication unit (110), output data from the learning processor unit (140c), and data obtained from the sensing unit (140). Additionally, the memory unit (130) can store control information and / or software code required for the operation / execution of the control unit (120).

[1092] The input unit (140a) can acquire various types of data from outside the AI ​​device (100). For example, the input unit (120) can acquire training data for model training and input data to which the training model is applied. The input unit (140a) may include a camera, a microphone and / or a user input unit, etc. The output unit (140b) can generate output related to visual, auditory, or tactile senses, etc. The output unit (140b) may include a display unit, a speaker and / or a haptic module, etc. The sensing unit (140) can obtain at least one of internal information of the AI ​​device (100), surrounding environment information of the AI ​​device (100), and user information using various sensors. The sensing unit (140) may include a proximity sensor, an illuminance sensor, an accelerometer, a magnetic sensor, a gyroscope, an inertial sensor, an RGB sensor, an IR sensor, a fingerprint recognition sensor, an ultrasonic sensor, a light sensor, a microphone and / or radar, etc.

[1093] The learning processor unit (140c) can train a model composed of an artificial neural network using training data. The learning processor unit (140c) can perform AI processing together with the learning processor unit of the AI ​​server (Fig. W1, 400). The learning processor unit (140c) can process information received from an external device through the communication unit (110) and / or information stored in the memory unit (130). Additionally, the output value of the learning processor unit (140c) can be transmitted to an external device through the communication unit (110) and / or stored in the memory unit (130).

[1094] The claims described in various embodiments of the present disclosure may be combined in various ways. For example, the technical features of the method claims of various embodiments of the present disclosure may be combined to be implemented as a device, and the technical features of the device claims of various embodiments of the present disclosure may be combined to be implemented as a method. Furthermore, the technical features of the method claims and the technical features of the device claims of various embodiments of the present disclosure may be combined to be implemented as a device, and the technical features of the method claims and the technical features of the device claims of various embodiments of the present disclosure may be combined to be implemented as a method.< / num> < / num>

Claims

1. In a method performed by the first node, A step of transmitting non-secure information among original information related to JSON Web Encryption (JavaScript Object Notation Web Encryption, JSON WE, JWE) through a classic channel; A step of receiving initial quantum information through a quantum channel; A step of performing a QBER check (quantum bit error rate check) based on the above initial quantum information; Based on the above QBER verification, the step of transmitting security information among the above original information through the above quantum channel, method.

2. In Paragraph 1, The above QBER verification is performed based on some randomly selected quantum states, and The above security information is encoded based on the remaining quantum states among the quantum states included in the above initial quantum information that are not used for the QBER verification, method.

3. In Paragraph 2, The security information is transmitted based on whether the result of the above QBER verification is equal to or lower than a threshold value, and Based on the result of the above QBER verification being higher than the threshold value, the above security information is not transmitted, method.

4. In Paragraph 1, The above security information is encrypted using an encryption method supported by the above JWE, method.

5. In Paragraph 1, The above non-security information, the above initial quantum information, and the above security information include the same synchronization header, method.

6. In Paragraph 1, The method further includes the step of transmitting tag information of the above security information through the above quantum channel, Errors in the security information are identified based on a comparison of information measured from the security information and the tag information. method.

7. In Paragraph 1, Step of receiving a quantum security indicator; A further step of transmitting a response message related to the availability of the above-mentioned quantum security, method.

8. In a method performed by the second node, A step of receiving non-secure information among original information related to JSON Web Encryption (JavaScript Object Notation Web Encryption, JSON WE, JWE) through a classic channel; A step of transmitting initial quantum information through a quantum channel; Based on a QBER check (quantum bit error rate check) related to the initial quantum information, the method comprises the step of receiving security information among the original information through the quantum channel. method.

9. In Paragraph 8, The above QBER verification is performed based on some randomly selected quantum states among the quantum states included in the above initial quantum information, and The above security information is encoded based on the remaining quantum states among the quantum states included in the above initial quantum information that are not used for the QBER verification, method.

10. In Paragraph 9, The security information is received based on the result of the above QBER verification being equal to or lower than a threshold value, and Based on the result of the above QBER verification being higher than the threshold value, the above security information is not received, method.

11. In Paragraph 8, The above security information is encrypted using an encryption method supported by the above JWE, method.

12. In Paragraph 8, The above non-security information, the above initial quantum information, and the above security information include the same synchronization header, method.

13. In Paragraph 8, The method further includes the step of receiving tag information of the above security information through the above quantum channel, Errors in the security information are identified based on a comparison of information measured from the security information and the tag information. method.

14. In Paragraph 8, Step of transmitting a quantum security indicator; A further step of receiving a response message related to the availability of the above-mentioned quantum security, method.

15. In the first node, Transmitter / Receiver; At least one processor; and It includes at least one memory that is operablely connectable to the at least one processor and stores instructions for performing operations when executed by the at least one processor. The above operations are, Comprising all steps of the method according to any one of claims 1 to 7, Node 1.

16. In the second node, Transmitter / Receiver; At least one processor; and It includes at least one memory that is operablely connectable to the at least one processor and stores instructions for performing operations when executed by the at least one processor. The above operations are, Comprising all steps of the method according to any one of claims 8 through 14, Node 2.

17. In a control device for controlling a first node, At least one processor; and It includes at least one memory operably connected to the above at least one processor, and The above at least one memory stores instructions for performing operations based on execution by the above at least one processor, and The above operations are, Comprising all steps of the method according to any one of claims 1 to 7, controller.

18. In a control device for controlling a second node, At least one processor; and It includes at least one memory operably connected to the above at least one processor, and The above at least one memory stores instructions for performing operations based on execution by the above at least one processor, and The above operations are, Comprising all steps of the method according to any one of claims 8 through 14, controller.

19. In one or more non-transitory computer-readable media storing one or more instructions, The above one or more instructions perform operations based on being executed by one or more processors, and The above operations are, Comprising all steps of the method according to any one of claims 1 to 7, Computer-readable media.

20. In one or more non-transitory computer-readable media storing one or more instructions, The above one or more instructions perform operations based on being executed by one or more processors, and The above operations are, Comprising all steps of the method according to any one of claims 8 through 14, Computer-readable media.

Images