Method and apparatus performed by nodes in a wireless communication system

Abstract

The disclosure relates to a 5G or 6G communication system for supporting a higher data transmission rate. According to one aspect of the present disclosure, there is provided a method performed by a user equipment in a wireless communication system, comprising: receiving a first configuration message transmitted by a first node including security configuration information of data, the data being processed and / or transmitted by a third node when the user equipment moves between nodes where at least one cell is located, and determining the security configuration information during a cell handover procedure.

Description

METHOD AND APPARATUS PERFORMED BY NODES IN A WIRELESS COMMUNICATION SYSTEM

[0001] The present application relates to wireless communication technology, and in particular to methods performed by nodes in a wireless communication system and each node.

[0002] 5G mobile communication technologies define broad frequency bands such that high transmission rates and new services are possible, and can be implemented not only in "Sub 6GHz" bands such as 3.5GHz, but also in "Above 6GHz" bands referred to as mmWave including 28GHz and 39GHz. In addition, it has been considered to implement 6G mobile communication technologies (referred to as Beyond 5G systems) in terahertz bands (for example, 95GHz to 3THz bands) in order to accomplish transmission rates fifty times faster than 5G mobile communication technologies and ultra-low latencies one-tenth of 5G mobile communication technologies.

[0003] At the beginning of the development of 5G mobile communication technologies, in order to support services and to satisfy performance requirements in connection with enhanced Mobile BroadBand (eMBB), Ultra Reliable Low Latency Communications (URLLC), and massive Machine-Type Communications (mMTC), there has been ongoing standardization regarding beamforming and massive MIMO for mitigating radio-wave path loss and increasing radio-wave transmission distances in mmWave, supporting numerologies (for example, operating multiple subcarrier spacings) for efficiently utilizing mmWave resources and dynamic operation of slot formats, initial access technologies for supporting multi-beam transmission and broadbands, definition and operation of BWP (BandWidth Part), new channel coding methods such as a LDPC (Low Density Parity Check) code for large amount of data transmission and a polar code for highly reliable transmission of control information, L2 pre-processing, and network slicing for providing a dedicated network specialized to a specific service.

[0004] Currently, there are ongoing discussions regarding improvement and performance enhancement of initial 5G mobile communication technologies in view of services to be supported by 5G mobile communication technologies, and there has been physical layer standardization regarding technologies such as V2X (Vehicle-to-everything) for aiding driving determination by autonomous vehicles based on information regarding positions and states of vehicles transmitted by the vehicles and for enhancing user convenience, NR-U (New Radio Unlicensed) aimed at system operations conforming to various regulation-related requirements in unlicensed bands, NR UE Power Saving, Non-Terrestrial Network (NTN) which is UE-satellite direct communication for providing coverage in an area in which communication with terrestrial networks is unavailable, and positioning.

[0005] Moreover, there has been ongoing standardization in air interface architecture / protocol regarding technologies such as Industrial Internet of Things (IIoT) for supporting new services through interworking and convergence with other industries, IAB (Integrated Access and Backhaul) for providing a node for network service area expansion by supporting a wireless backhaul link and an access link in an integrated manner, mobility enhancement including conditional handover and DAPS (Dual Active Protocol Stack) handover, and two-step random access for simplifying random access procedures (2-step RACH for NR). There also has been ongoing standardization in system architecture / service regarding a 5G baseline architecture (for example, service based architecture or service based interface) for combining Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) technologies, and Mobile Edge Computing (MEC) for receiving services based on UE positions.

[0006] As 5G mobile communication systems are commercialized, connected devices that have been exponentially increasing will be connected to communication networks, and it is accordingly expected that enhanced functions and performances of 5G mobile communication systems and integrated operations of connected devices will be necessary. To this end, new research is scheduled in connection with eXtended Reality (XR) for efficiently supporting AR (Augmented Reality), VR (Virtual Reality), MR (Mixed Reality) and the like, 5G performance improvement and complexity reduction by utilizing Artificial Intelligence (AI) and Machine Learning (ML), AI service support, metaverse service support, and drone communication.

[0007] Furthermore, such development of 5G mobile communication systems will serve as a basis for developing not only new waveforms for providing coverage in terahertz bands of 6G mobile communication technologies, multi-antenna transmission technologies such as Full Dimensional MIMO (FD-MIMO), array antennas and large-scale antennas, metamaterial-based lenses and antennas for improving coverage of terahertz band signals, high-dimensional space multiplexing technology using OAM (Orbital Angular Momentum), and RIS (Reconfigurable Intelligent Surface), but also full-duplex technology for increasing frequency efficiency of 6G mobile communication technologies and improving system networks, AI-based communication technology for implementing system optimization by utilizing satellites and AI (Artificial Intelligence) from the design stage and internalizing end-to-end AI support functions, and next-generation distributed computing technology for implementing services at levels of complexity exceeding the limit of UE operation capability by utilizing ultra-high-performance communication and computing resources.

[0008] Embodiments of the present disclosure is to provide an apparatus and method for effectively providing a service in a wireless communication system.

[0009] In an embodiment, a method performed by a user equipment in a wireless communication system is provided. The method includes: receiving a first configuration message including security configuration information of data transmitted by a first node; and determining, based on the first configuration message, a security configuration required for a handover to one of at least one cell. The data belongs to at least one of: a control plane, a user plane, a data plane. The data is processed and / or transmitted by a third node when the user equipment moves between second nodes where the at least one cell is located.

[0010] In an embodiment, a method performed by a first node in a wireless communication system is provided. The method includes: receiving a first configuration response message transmitted by a third node, wherein the first configuration response message is used to provide configuration information of data of a user equipment; and transmitting a first configuration message including security configuration information of the data to the user equipment. The data belongs to at least one of: a control plane, a user plane, a data plane. The data is processed and / or transmitted by the third node when the user equipment moves between second nodes where the at least one cell is located.

[0011] In an embodiment, a user equipment in a wireless communication system is provided. The user equipment includes at least one transceiver; at least one processor communicatively coupled to the at least one transceiver; and at least one memory, communicatively coupled to the at least one processor, storing instructions executable by the at least one processor individually or in any combination to cause the user equipment to receive a first configuration message including security configuration information of data transmitted by a first node, and determine, based on the first configuration message, a security configuration required for a handover to one of at least one cell. The data belongs to at least one of: a control plane, a user plane, a data plane. The data is processed and / or transmitted by a third node when the user equipment moves between second nodes where the at least one cell is located.

[0012] In an embodiment, a first node in a wireless communication system is provided. The first node includes at least one transceiver; at least one processor communicatively coupled to the at least one transceiver; and at least one memory, communicatively coupled to the at least one processor, storing instructions executable by the at least one processor individually or in any combination to cause the first node to receive a first configuration response message transmitted by a third node, wherein the first configuration response message is used to provide configuration information of data of a user equipment, and transmit a first configuration message including security configuration information of the data to the user equipment. The data belongs to at least one of: a control plane, a user plane, a data plane. The data is processed and / or transmitted by the third node when the user equipment moves between second nodes where the at least one cell is located.

[0013] Embodiments of the present disclosure provide a method performed by a network node, a method performed by a node, a network node, and a node. The technical solutions provided by the embodiments of the present disclosure are as follows:

[0014] An embodiment of the present disclosure provides a method performed by a user equipment in a wireless communication system, comprising: receiving a first configuration message including security configuration information of data transmitted by a first node;

[0015] determining, based on the first configuration message, a security configuration required for a handover to one of at least one cell;

[0016] wherein the data belongs to at least one of: a control plane, a user plane, a data plane;

[0017] wherein the data is processed and / or transmitted by a third node when the user equipment moves between second nodes where the at least one cell is located.

[0018] According to an embodiment of the present disclosure, further comprising the security configuration information of the data includes at least one of: information related to a security algorithm, security indication information indicating configuration information of a key, key indication information used when key is updated, and first applicable information indicating an applicable range of security configuration information related to the data.

[0019] According to an embodiment of the present disclosure, further comprising the first configuration message also includes configuration information of the at least one cell, and the at least one cell can be at least one of a serving cell, a target cell, and a candidate cell;

[0020] the configuration information of the at least one cell includes at least one of: second cell identification information, configuration identification information, range indication information to which a cell indicated by the second cell identification information belongs, security configuration information used when the user equipment accesses a cell indicated by the second cell identification information, at least one of assistant information and identification information required for generating a key when the user equipment accesses the cell indicated by the second cell identification information.

[0021] According to an embodiment of the present disclosure, further comprising the third node is used to process at least one of control plane data, user plane data and data plane data; and / or

[0022] the third node includes at least one of the following functions: data mapping, data security processing, and data retransmission; and / or

[0023] the third node includes at least one of the following protocol layers: a Service Data Adaptation Protocol, a Packet Data Convergence Protocol, and some or all of a Radio Link Control Protocol.

[0024] According to an embodiment of the present disclosure, further comprising the second node is a base station where the at least one cell is located, or a centralized unit of the base station, or a control plane part of the centralized unit of the base station.

[0025] According to an embodiment of the present disclosure, further comprising the first configuration message is transmitted by the first node after receiving at least one of the following messages:

[0026] a second configuration message transmitted by the third node, wherein the second configuration message provides assistant information for generating a security related configuration and / or provides security related configuration information;

[0027] a first configuration response message transmitted by the third node, wherein the first configuration response message is configuration information for providing data after the third node receives the first configuration request message transmitted by the first node;

[0028] a second configuration response message transmitted by the second node, wherein the second configuration response message is used to provide configuration information of a target cell or a candidate cell at the second node after the second node receives a second configuration request message transmitted by the first node.

[0029] According to an embodiment of the present disclosure, further comprising the information related to the security algorithm includes at least one of: full plane algorithm information used to indicate a security algorithm required for data of all planes of the user equipment, partial plane algorithm information used to indicate a security algorithm required for data of at least two planes of the user equipment, and single plane algorithm information used to indicate a security algorithm required for one plane of the user equipment;

[0030] the security indication information includes at least one of: first key change indication information indicating whether a key applicable to the data of the all planes needs to be changed, second key change indication information indicating whether a key applicable to the data of the at least two planes needs to be changed, third key change indication information indicating whether a key applicable to the data of the one plane needs to be changed, key separation indication information indicating whether data of different planes use different keys, key update range indication information for judging whether key update is required;

[0031] the key indication information includes at least one of: key information, key update information for updating a key, first assistant information for generating a key;

[0032] the first applicable information includes at least one of: area identification information, cell identification information, cell set identification information, candidate configuration identification information, path identification information, plane indication information.

[0033] According to an embodiment of the present disclosure, further comprising the second configuration message includes at least one of: identification information of the third node, information indicating a service range of the third node, and support information indicating a function or parameter supported by the third node;

[0034] the first configuration request message includes at least one of: first data request information including information for requesting data served by the third node, first serving node information including information of an old serving node or a current serving node of the user equipment, second security configuration information generated by the first node, first security configuration request information for requesting the third node to provide information related to security configuration;

[0035] the first configuration response message includes at least one of: first data response information including configuration information for the third node side to service the data, and security related configuration information generated by the third node;

[0036] the second configuration request message includes at least one of: first cell request information including information of a requested target cell or candidate cell, and second serving node information including information indicating a node currently serving the data of the user equipment, information related to a configured cell including configuration information of at least one target cell or candidate cell configured for the user equipment;

[0037] the second configuration response message includes at least one of: first cell response information including configuration information of an accepted cell, fourth serving node information indicating information of a node serving the data after the user equipment accesses the accepted cell.

[0038] Embodiments of the present disclosure also provide a method performed by a first node in a wireless communication system, comprising: receiving a first configuration response message transmitted by a third node, wherein the first configuration response message is used to provide configuration information of data of a user equipment;

[0039] transmitting a first configuration message including security configuration information of the data to the user equipment;

[0040] wherein the data belongs to at least one of: a control plane, a user plane, a data plane;

[0041] wherein the data is processed and / or transmitted by the third node when the user equipment moves between second nodes where the at least one cell is located.

[0042] According to an embodiment of the present disclosure, further comprising the security configuration information of the data includes at least one of: information related to a security algorithm, security indication information indicating configuration information of a key, key indication information used when key is updated, and first applicable information indicating an applicable range of security configuration information related to the data.

[0043] According to an embodiment of the present disclosure, further comprising the first configuration message also includes configuration information of the at least one cell, and the at least one cell can be at least one of a serving cell, a target cell, and a candidate cell;

[0044] the configuration information of the at least one cell includes at least one of: second cell identification information, configuration identification information, range indication information to which a cell indicated by the second cell identification information belongs, security configuration information used when the user equipment accesses a cell indicated by the second cell identification information, at least one of assistant information and identification information required for generating a key when the user equipment accesses the cell indicated by the second cell identification information.

[0045] According to an embodiment of the present disclosure, further comprising the third node is used to process at least one of control plane data, user plane data and data plane data; and / or

[0046] the third node includes at least one of the following functions: data mapping, data security processing, and data retransmission; and / or

[0047] the third node includes at least one of the following protocol layers: a Service Data Adaptation Protocol, a Packet Data Convergence Protocol, and some or all of a Radio Link Control Protocol.

[0048] According to an embodiment of the present disclosure, further comprising receiving a second configuration message transmitted by the third node, wherein the second configuration message provides assistant information for generating a security related configuration and / or provides security related configuration information; and / or

[0049] transmitting a first configuration request message to the third node; and / or

[0050] transmitting a second configuration request message to the second node; and / or

[0051] receiving a second configuration response message transmitted by the second node, wherein the second configuration response message is used to provide configuration information of a target cell or a candidate cell at the second node; and / or

[0052] transmitting a first notification message including handover information of the user equipment to the third node.

[0053] According to an embodiment of the present disclosure, further comprising the information related to the security algorithm includes at least one of: full plane algorithm information used to indicate a security algorithm required for data of all planes of the user equipment, partial plane algorithm information used to indicate a security algorithm required for data of at least two planes of the user equipment, and single plane algorithm information used to indicate a security algorithm required for one plane of the user equipment;

[0054] the security indication information includes at least one of: first key change indication information indicating whether a key applicable to the data of the all planes needs to be changed, second key change indication information indicating whether a key applicable to the data of the at least two planes needs to be changed, third key change indication information indicating whether a key applicable to the data of the one plane needs to be changed, key separation indication information indicating whether data of different planes use different keys, key update range indication information for judging whether key update is required;

[0055] the key indication information includes at least one of: key information, key update information for updating a key, first assistant information for generating a key;

[0056] the first applicable information includes at least one of: area identification information, cell identification information, cell set identification information, candidate configuration identification information, path identification information, plane indication information.

[0057] According to an embodiment of the present disclosure, further comprising the second configuration message includes at least one of: identification information of the third node, information indicating a service range of the third node, and support information indicating a function or parameter supported by the third node;

[0058] the first configuration request message includes at least one of: first data request information including information for requesting data served by the third node, first serving node information including information of an old serving node or a current serving node of the user equipment, second security configuration information generated by the first node, first security configuration request information for requesting the third node to provide information related to security configuration;

[0059] the first configuration response message includes at least one of: first data response information including configuration information for the third node side to service the data, and security related configuration information generated by the third node;

[0060] the second configuration request message includes at least one of: first cell request information including information of a requested target cell or candidate cell, and second serving node information including information indicating a node currently serving the data of the user equipment, information related to a configured cell including configuration information of at least one target cell or candidate cell configured for the user equipment;

[0061] the second configuration response message includes at least one of: first cell response information including configuration information of an accepted cell, fourth serving node information indicating information of a node serving the data after the user equipment accesses the accepted cell;

[0062] the first notification message includes at least one of: target node information, information required for transmission of the data.

[0063] Embodiments of the present disclosure also provide a method performed by a third node in a wireless communication system, comprising: transmitting a first configuration response message to a first node, wherein the first configuration response message is used to provide configuration information of data of a user equipment;

[0064] processing and / or transmitting the data while the user equipment moves between second nodes where the at least one cell is located;

[0065] wherein the data belongs to at least one of: a control plane, a user plane, a data plane;

[0066] wherein the second node is a base station where the at least one cell is located, or a centralized unit of the base station, or a control plane part of the centralized unit of the base station.

[0067] According to an embodiment of the present disclosure, further comprising receiving a first configuration request message transmitted by the first node; and / or

[0068] transmitting a second configuration message to the first node, wherein the second configuration message provides assistant information for generating a security related configuration and / or provides security related configuration information; and / or

[0069] receiving a first notification message including handover information of the user equipment, transmitted by the first node.

[0070] According to an embodiment of the present disclosure, further comprising the third node is used to process at least one of control plane data, user plane data and data plane data; and / or

[0071] the third node includes at least one of the following functions: data mapping, data security processing, and data retransmission; and / or

[0072] the third node includes at least one of the following protocol layers: a Service Data Adaptation Protocol, a Packet Data Convergence Protocol, and some or all of a Radio Link Control Protocol.

[0073] According to an embodiment of the present disclosure, further comprising the second configuration message includes at least one of: identification information of the third node, information indicating a service range of the third node, and support information indicating a function or parameter supported by the third node;

[0074] the first configuration request message includes at least one of: first data request information including information for requesting data served by the third node, first serving node information including information of an old serving node or a current serving node of the user equipment, second security configuration information generated by the first node, first security configuration request information for requesting the third node to provide information related to security configuration;

[0075] the first configuration response message includes at least one of: first data response information including configuration information for the third node side to service the data, and security related configuration information generated by the third node;

[0076] the first notification message includes at least one of: target node information, information required for transmission of the data.

[0077] Embodiments of the present disclosure also provide a user equipment or a first node or a second node or a third node in a wireless communication system, including: a transceiver configured to transmit and receive signals; and a controller coupled with the transceiver and configured to perform a method as previously described as performed by the corresponding user equipment or first node or second node or a third node.

[0078] Embodiments of the present disclosure provides an apparatus and method for effectively providing a service in a wireless communication system.

[0079] Figure 1 is an exemplary architecture of a wireless network.

[0080] Figure 2 is an exemplary structural diagram of a base station.

[0081] Figure 3 is an exemplary structural diagram of a user equipment.

[0082] Figure 4 is a first schematic diagram of a network structure.

[0083] Figure 5 is a second schematic diagram of a network structure.

[0084] Figure 6 is a third schematic diagram of a network structure.

[0085] Figure 7 is a first schematic diagram of a signaling flow.

[0086] Figure 8 is a second schematic diagram of a signaling flow.

[0087] Figure 9 is a third schematic diagram of a signaling flow.

[0088] Figure 10 is a fourth schematic diagram of a signaling flow.

[0089] Figure 11 is a fifth schematic diagram of a signaling flow.

[0090] Figure 12 is a sixth schematic diagram of a signaling flow.

[0091] Figure 13 is a seventh schematic diagram of a signaling flow.

[0092] Figure 14 is an eighth schematic diagram of the signaling flow.

[0093] Figure 15 illustrates an exemplary structure of various nodes suitable for use in the present disclosure.

[0094] The following description with reference to the accompanying drawings is provided to facilitate a comprehensive understanding of various embodiments of the present disclosure defined by the claims and their equivalents. This description includes various specific details to facilitate understanding but should only be considered as exemplary. Therefore, those skilled in the art will recognize that various changes and modifications can be made to the various embodiments described herein without departing from the scope of the present disclosure. In addition, for the sake of clarity and conciseness, descriptions of well-known functions and structures may be omitted. In the present disclosure, elements expressed in the singular form may also be understood to be expressed in the plural form. Similar words such as singular forms "a", "an" or "the" do not express a limitation of quantity, but express the existence of at least one of the referenced item, unless the context clearly dictates otherwise. For example, reference to "a component surface" includes reference to one or more of such surfaces.

[0095] The terms and expressions used in the following specification and claims are not limited to their dictionary meanings, but are only used by the inventors to enable a clear and consistent understanding of the present disclosure. Therefore, it should be obvious to those skilled in the art that the following descriptions of various embodiments of the present disclosure are provided for illustration usages only and are not intended to limit the usages of the present disclosure as defined in the appended claims and their equivalents.

[0096] It should be understood that singular forms of "a", "an" and "the" include plural referents unless the context clearly indicates otherwise. Thus, for example, a reference to a "component surface" includes a reference to one or more such surfaces.

[0097] The terms "include" or "may include" refer to the existence of a corresponding disclosed function, operation or component that can be used in various embodiments of the present disclosure, and do not limit the existence of one or more additional functions, operations or features. In addition, the terms "including" or "having" can be interpreted as indicating certain characteristics, numbers, steps, operations, constituent elements, components or combinations thereof, but should not be interpreted as excluding the possibility of the existence of one or more other characteristics, numbers, steps, operations, constituent elements, components or combinations thereof.

[0098] The term "or" used in various embodiments of the present disclosure includes any of the listed terms and all combinations thereof. For example, "a or b" may include a, may include b, or may include both a and b.

[0099] Unless defined differently, all terms (including technical terms or scientific terms) used in this disclosure have the same meaning as those understood by those skilled in the art in this disclosure. Common terms, as defined in dictionaries, are interpreted as having meanings consistent with the context in the related technical fields, and should not be interpreted in an idealized or overly formal way unless explicitly defined in this disclosure.

[0100] Figures discussed below and various embodiments for describing the principles of the present disclosure in this patent document are only for illustration and should not be interpreted as limiting the scope of the disclosure in any way. Those skilled in the art will understand that the principles of the present disclosure can be implemented in any suitably arranged system or device.

[0101] Considering the development of wireless communication from generation to generation, the technologies have been developed mainly for services targeting humans, such as voice calls, multimedia services, and data services. Following the commercialization of 5th-generation (5G) communication systems, it is expected that the number of connected devices will exponentially grow. Increasingly, these will be connected to communication networks. Examples of connected things may include vehicles, robots, drones, home appliances, displays, smart sensors connected to various infrastructures, construction machines, and factory equipment. Mobile devices are expected to evolve in various form-factors, such as augmented reality glasses, virtual reality headsets, and hologram devices. In order to provide various services by connecting hundreds of billions of devices and things in the 6th-generation (6G) era, there have been ongoing efforts to develop improved 6G communication systems. For these reasons, the 6G communication system is called a beyond 5G system.

[0102] 6G communication systems, which are expected to be commercialized around 2030, will have a peak data rate of tera (1,000 giga)-level bps and a radio latency less than 100μsec, and thus will be 50 times as fast as 5G communication systems and have the 1 / 10 radio latency thereof.

[0103] In order to achieve such high data rates and ultra-low latency, it has been considered to implement 6G communication systems in the Terahertz (e.g., 95 GHz to 3 THz band). It is expected that since path loss and atmospheric absorption in the terahertz band are more severe than those in the millimeter wave (mmWave) band introduced in 5G, technologies capable of ensuring signal transmission distance (i.e., coverage) will become more critical. As the main technologies to ensure coverage, it is necessary to develop radio frequency (RF) elements, antennas, a new wave with better coverage than orthogonal frequency division multiplexing (OFDM), beamforming, and massive multiple input multiple output (MIMO), full dimensional MIMO (FD-MIMO), array antennas and multi-antenna transmission techniques such as massive antennas. In addition, new technologies to improve signal coverage in the terahertz band, such as metamaterial-based lenses and antennas, orbital angular momentum (OAM), and reconfigurable intelligent surfaces (RIS), have been discussed.

[0104] Moreover, in order to improve the spectral efficiency and the overall network performances, the following technologies have been developed for 6G communication systems: a full-duplex technology for enabling an uplink transmission and a downlink transmission to simultaneously use the same frequency resource at the same time; a network technology for utilizing satellites, high-altitude platform stations (HAPS), and the like in an integrated manner; an improved network structure for supporting mobile base stations and the like and enabling network operation optimization and automation and the like; a dynamic spectrum sharing technology via collision avoidance based on a prediction of spectrum usage; an use of artificial intelligence (AI) in wireless communication for improvement of overall network operation by utilizing AI from a designing phase for developing 6G and internalizing end-to-end AI support functions; and a next-generation distributed computing technology for overcoming the limit of user equipment (UE) computing ability through reachable super-high-performance communication and computing resources (such as mobile edge computing (MEC), clouds, and the like) over the network. In addition, through designing new protocols to be used in 6G communication systems, developing mechanisms for implementing a hardware-based security environment and safe use of data, and developing technologies for maintaining privacy, attempts to strengthen the connectivity between devices, optimize the network, promote softwarization of network entities, and increase the openness of wireless communications are continuing.

[0105] It is expected that research and development of 6G communication systems in hyper-connectivity, including person to machine (P2M) as well as machine to machine (M2M), will allow the next hyper-connected experience. Particularly, it is expected that services such as truly immersive extended reality (XR), high-fidelity mobile hologram, and digital replica could be provided through 6G communication systems. In addition, services such as remote surgery for security and reliability enhancement, industrial automation, and emergency response will be provided through the 6G communication system such that the technologies could be applied in various fields such as industry, medical care, automobiles, and home appliances.

[0106] In order to improve the throughput of user equipment, dual connectivity technology has become one of the important technologies. That is, one user equipment can establish connections with two base stations at the same time and perform data transmission. However, since one user equipment needs to maintain connections with two base stations, dual connectivity technology increases the complexity of resource management and mobility management of the user equipment, resulting in an increase in the design complexity of the user equipment. In future 6G systems, on the basis of improving the throughput of the user equipment, how to reduce the complexity of user equipment is an urgent problem that needs to be solved.

[0107] FIG. 1 illustrates an example wireless network according to embodiments of the present disclosure. The embodiment of the wireless network shown in FIG. 1 is for illustration only. Other embodiments of the wireless network 100 could be used without departing from the scope of the present disclosure.

[0108] As shown in FIG. 1, the wireless network includes a base station (next generation nodeB, gNB or gNodeB) 101, a gNB 102, and a gNB 103. The gNB 101 communicates with the gNB 102 and the gNB 103. The gNB 101 also communicates with at least one network 130, such as the Internet, a proprietary Internet Protocol (IP) network, or other data network.

[0109] The gNB 102 provides wireless broadband access to the network 130 for a first plurality of user equipments (UEs) within a coverage area 120 of the gNB 102. The first plurality of UEs includes a UE 111, which may be located in a small business; a UE 112, which may be located in an enterprise (E); a UE 113, which may be located in a WiFi hotspot (HS); a UE 114, which may be located in a first residence (R1); a UE 115, which may be located in a second residence (R2); and a UE 116, which may be a mobile device (M), such as a cell phone, a wireless laptop, a wireless personal digital assistant (PDA), or the like. The gNB 103 provides wireless broadband access to the network 130 for a second plurality of UEs within a coverage area 125 of the gNB 103. The second plurality of UEs includes the UE 115 and the UE 116, as well as subscriber stations (SS, for example, UEs) 117, 118 and 119. In some embodiments, one or more of the gNBs 101-103 may communicate with each other and with the UEs 111-116 using existing wireless communication techniques, and one or more of the UE 111-119 may communicate directly with each other (e.g., UEs 117-119) using other existing or proposed wireless communication techniques.

[0110] Depending on the network type, the term "base station" or "BS" can refer to any component (or collection of components) configured to provide wireless access to a network, such as transmit point (TP), transmit-receive point (TRP), an enhanced (or "evolved") base station (eNodeB or eNB), a 5G base station (gNB), a macrocell, a femtocell, a wireless fidelity (WiFi) access point (AP), or other wirelessly enabled devices. Base stations may provide wireless access in accordance with one or more wireless communication protocols, e.g., 3GPP 5G New Radio (NR), Long Term Evolution (LTE), LTE Advanced (LTE-A), high speed packet access (HSPA), Wi-Fi 802.11a / b / g / n / ac, etc. For the sake of convenience, the various names for a base station-type apparatus and functionality are used interchangeably in this patent document to refer to network infrastructure components that provide wireless access to remote terminals. Also, depending on the network type, the term "user equipment" (UE) can refer to any component such as a mobile station (MS), subscriber station (SS), remote terminal, wireless terminal, receive point, or user equipment. For the sake of convenience, the various names for a user equipment-type device and functionality are used interchangeably in this patent document to refer to remote wireless equipment that wirelessly accesses a BS, whether the UE is a mobile device (such as a mobile telephone or smartphone) or is normally considered a stationary device (such as a desktop computer or vending machine).

[0111] Dotted lines show the approximate extents of the coverage areas 120 and 125, which are shown as approximately circular for the purposes of illustration and explanation only. It should be clearly understood that the coverage areas associated with gNBs, such as the coverage areas 120 and 125, may have other shapes, including irregular shapes, depending upon the configuration of the gNBs and variations in the radio environment associated with natural and man-made obstructions.

[0112] As described in more detail below, one or more of the UEs 111-119 include circuitry, programing, or a combination thereof. In certain embodiments, and one or more of the gNBs 101-103 includes circuitry, programing, or a combination thereof.

[0113] Although FIG. 1 illustrates one example of a wireless network, various changes may be made to FIG. 1. For example, the wireless network could include any number of gNBs and any number of UEs in any suitable arrangement. Also, the gNB 101 could communicate directly with any number of UEs and provide those UEs with wireless broadband access to the network 130. Similarly, each gNB 102-103 could communicate directly with the network 130 and provide UEs with direct wireless broadband access to the network 130. Further, the gNBs 101, 102, and / or 103 could provide access to other or additional external networks, such as external telephone networks or other types of data networks.

[0114] FIG. 2 illustrates an example base station according to embodiments of the present disclosure. The embodiment of the gNB 102 illustrated in FIG. 2 is for illustration only, and the gNBs 101 and 103 of FIG. 1 could have the same or similar configuration. However, gNBs come in a wide variety of configurations, and FIG. 2 does not limit the scope of the present disclosure to any particular implementation of a gNB.

[0115] As shown in FIG 2, the gNB 102 includes multiple antennas 200a-200n, multiple radio frequency (RF) transceivers 201a-201n, transmit (TX) processing circuitry 203, and receive (RX) processing circuitry 204. The gNB 102 also includes a controller / processor 205, a memory 206, and a backhaul or network interface 207.

[0116] The RF transceivers 201a-201n receive, from the antennas 200a-200n, incoming RF signals, such as signals transmitted by UEs in the network 100. The RF transceivers 201a-201n down-convert the incoming RF signals to generate intermediate frequency (IF) or baseband signals. The IF or baseband signals are transmitted to the RX processing circuitry 204, which generates processed baseband signals by filtering, decoding, and / or digitizing the baseband or IF signals. The RX processing circuitry 204 transmits the processed baseband signals to the controller / processor 205 for further processing.

[0117] The TX processing circuitry 203 receives analog or digital data (such as voice data, web data, electronic mail, or interactive video game data) from the controller / processor 205. The TX processing circuitry 203 encodes, multiplexes, and / or digitizes the outgoing baseband data to generate processed baseband or IF signals. The RF transceivers 201a-201n receive the outgoing processed baseband or IF signals from the TX processing circuitry 203 and up-converts the baseband or IF signals to RF signals that are transmitted via the antennas 201a-201n.

[0118] The controller / processor 205 can include one or more processors or other processing devices that control the overall operation of the gNB 102. For example, the controller / processor 205 could control the reception of forward channel signals and the transmission of reverse channel signals by the RF transceivers 201a-201n, the RX processing circuitry 204, and the TX processing circuitry 203 in accordance with well-known principles. The controller / processor 205 could support additional functions as well, such as more advanced wireless communication functions.

[0119] For instance, the controller / processor 205 could support beam forming or directional routing operations in which outgoing signals from multiple antennas 200a-200n are weighted differently to effectively steer the outgoing signals in a desired direction. Any of a wide variety of other functions could be supported in the gNB 102 by the controller / processor 205.

[0120] The controller / processor 205 is also capable of executing programs and other processes resident in the memory 206, such as an operating system (OS). The controller / processor 205 can move data into or out of the memory 206 as required by an executing process.

[0121] The controller / processor 205 is also coupled to the backhaul or network interface 207. The backhaul or network interface 207 allows the gNB 102 to communicate with other devices or systems over a backhaul connection or over a network. The interface 207 could support communications over any suitable wired or wireless connection(s). For example, when the gNB 102 is implemented as part of a cellular communication system (such as one supporting 5G, LTE, or LTE-A), the interface 207 could allow the gNB 102 to communicate with other gNBs over a wired or wireless backhaul connection. When the gNB 102 is implemented as an access point, the interface 207 could allow the gNB 102 to communicate over a wired or wireless local area network or over a wired or wireless connection to a larger network (such as the Internet). The interface 207 includes any suitable structure supporting communications over a wired or wireless connection, such as an Ethernet or RF transceiver.

[0122] The memory 206 is coupled to the controller / processor 205. Part of the memory 206 could include a random access memory (RAM), and another part of the memory 206 could include a Flash memory or other read only memory (ROM).

[0123] Although FIG. 2 illustrates one example of gNB 102, various changes may be made to FIG. 2. For example, the gNB 102 could include any number of each component shown in FIG. 2. As a particular example, an access point could include a number of interfaces 207, and the controller / processor 205 could support routing functions to route data between different network addresses. As another particular example, while shown as including a single instance of TX processing circuitry 203 and a single instance of RX processing circuitry 204, the gNB 102 could include multiple instances of each (such as one per RF transceiver). Also, various components in FIG. 2 could be combined, further subdivided, or omitted and additional components could be added according to particular needs.

[0124] FIG. 3 illustrates an example user equipment according to embodiments of the present disclosure. The embodiment of the UE 116 illustrated in FIG. 3 is for illustration only, and the UEs 111-115 and 117-119 of FIG. 1 could have the same or similar configuration. However, UEs come in a wide variety of configurations, and FIG. 3 does not limit the scope of the present disclosure to any particular implementation of a UE.

[0125] As shown in FIG. 3, the UE 116 includes an antenna 301, a radio frequency (RF) transceiver 302, TX processing circuitry 303, a microphone 304, and receive (RX) processing circuitry 305. The UE 116 also includes a speaker 306, a controller or processor 307, an input / output (I / O) interface (IF) 308, an input device 309, a touchscreen display 310, and a memory 311. The memory 311 includes an OS 312 and one or more applications 313.

[0126] The RF transceiver 302 receives, from the antenna 301, an incoming RF signal transmitted by a gNB of the network 100. The RF transceiver 302 down-converts the incoming RF signal to generate an IF or baseband signal. The IF or baseband signal is transmitted to the RX processing circuitry 305, which generates a processed baseband signal by filtering, decoding, and / or digitizing the baseband or IF signal. The RX processing circuitry 305 transmits the processed baseband signal to the speaker 306 (such as for voice data) or to the processor 307 for further processing (such as for web browsing data).

[0127] The TX processing circuitry 303 receives analog or digital voice data from the microphone 304 or other outgoing baseband data (such as web data, e-mail, or interactive video game data) from the processor 307. The TX processing circuitry 303 encodes, multiplexes, and / or digitizes the outgoing baseband data to generate a processed baseband or IF signal. The RF transceiver 302 receives the outgoing processed baseband or IF signal from the TX processing circuitry 303 and up-converts the baseband or IF signal to an RF signal that is transmitted via the antenna 301.

[0128] The processor 307 can include one or more processors or other processing devices and execute the OS 312 stored in the memory 311 in order to control the overall operation of the UE 116. For example, the processor 307 could control the reception of forward channel signals and the transmission of reverse channel signals by the RF transceiver 302, the RX processing circuitry 305, and the TX processing circuitry 303 in accordance with well-known principles. In some embodiments, the processor 307 includes at least one microprocessor or microcontroller.

[0129] The processor 307 is also capable of executing other processes and programs resident in the memory 311, such as processes for CSI reporting on uplink channel. The processor 307 can move data into or out of the memory 311 as required by an executing process. In some embodiments, the processor 307 is configured to execute the applications 313 based on the OS 312 or in response to signals received from gNBs or an operator. The processor 307 is also coupled to the I / O interface 308, which provides the UE 116 with the ability to connect to other devices, such as laptop computers and handheld computers. The I / O interface 308 is the communication path between these accessories and the processor 307.

[0130] The processor 307 is also coupled to the touchscreen display 310. The user of the UE 116 can use the touchscreen display 310 to enter data into the UE 116. The touchscreen display 310 may be a liquid crystal display, light emitting diode display, or other display capable of rendering text and / or at least limited graphics, such as from web sites.

[0131] The memory 311 is coupled to the processor 307. Part of the memory 311 could include RAM, and another part of the memory 311 could include a Flash memory or other ROM.

[0132] Although FIG. 3 illustrates one example of UE 116, various changes may be made to FIG. 3. For example, various components in FIG. 3 could be combined, further subdivided, or omitted and additional components could be added according to particular needs. As a particular example, the processor 307 could be divided into multiple processors, such as one or more central processing units (CPUs) and one or more graphics processing units (GPUs). Also, while FIG. 3 illustrates the UE 116 configured as a mobile telephone or smartphone, UEs could be configured to operate as other types of mobile or stationary devices.

[0133] The text and drawings of this disclosure are provided as examples only to assist in understanding the present disclosure. They should not be construed as limiting the scope of the disclosure in any way. Although certain embodiments and examples have been provided, it will be apparent to those skilled in the art, based upon this disclosure, that changes can be made to the embodiments and examples shown without departing from the scope of the disclosure.

[0134] The message names in the disclosure are only examples, and other message names can be used.

[0135] The "first" and "second" included in the message name of the disclosure are only used to distinguish one message from another, and do not represent the execution or transmission order.

[0136] Detailed description of steps irrelated to the disclosure is omitted in the present invention.

[0137] In the disclosure, the steps in each procedure can be executed in combination with each other or independently. The execution steps of each process are only examples, and other possible execution steps and / or orders are not excluded.

[0138] In the present disclosure, the base station can be one of the following types (other types that can be used for user terminal access are not excluded):

[0139] * Long Term Evolution (LTE) base station;

[0140] * 5G base station;

[0141] * 6G base station

[0142] * RAN node;

[0143] * Non-Terrestrial Networks (NTN) base station;

[0144] * High Altitude Platform Station (HAPS) base station;

[0145] * Drone base station; and

[0146] * WIFI access point.

[0147] In a wireless network, in order to ensure the security of the data of the user equipment, the network will perform the security related configuration on the user equipment. Based on this configuration, the user equipment will generate the related security key and encrypt data transmission. During the movement of the user equipment, its security configuration may be updated, such as the security key, resulting in the other configuration of the user equipment also requiring corresponding update. For example, the Packet Data Convergence Protocol (PDCP) layer of the user equipment needs to be reconstructed, and the Radio Link Control (RLC) layer needs to be reconstructed. These configuration updates can cause interruptions or slowing down of data transmission during movement of the user equipment, thus affecting the user's experience. Therefore, how to reduce the interruption or slowdown of data transmission during movement of user equipment is an urgent problem that needs to be solved.

[0148] The data of the user equipment considered in the present invention can be divided into data of different planes. On the air interface, these data can be transmitted by Radio Bearers (RBs). Examples of these planes include:

[0149] * a Control Plane (CP). Control Plane data is mainly control signaling of the user equipment. One example is Radio Resource Control (RRC) signaling, which is transmitted through Signaling Radio Bearer (SRB).

[0150] * a User Plane (UP). User Plane data is mainly application layer data of the user equipment. An example is data transmitted by a Data Radio Bearer (DRB). This data can be Session data, or Packet data unit session (PDU Session) data, or flow data, or Quality of Service flow (QoS flow) Data, or Internet Protocol (IP) flow data.

[0151] * a Data plane (DP). Data plane data is mainly the assistant data provided by the user equipment to the network side or the assistant data provided by the network side to the user equipment. One possible use of these data is for training or inference of artificial intelligence algorithms or models. One example is data transmitted by a specific bearer (such as an artificial intelligence radio bearer), or data transmitted by a specific DRB, or data transmitted by a specific SRB.

[0152] The above-mentioned control plane, user plane, and data plane are only examples of planes for user data, and other planes are not excluded. The following description in the present invention applies to data of any plane or any plurality of planes.

[0153] For convenience of description, the following two planes are defined in the following description of the present invention:

[0154] * First plane: This plane is at least one of the above planes

[0155] * Second plane: This plane is at least one plane different from the above-mentioned first plane, and may also be called a non-first plane.

[0156] In one example, the first plane is a control plane and the second plane is a non-control plane (such as a user plane, a data plane). In another example, the first plane is a user plane and the second plane is a non-user plane (such as a control plane, a data plane). In another example, the first plane is a data plane. and the second plane is a non-data plane (e.g., control plane, user plane).

[0157] In addition to user equipment, the present invention may involve the following possible nodes:

[0158] * First node: a base station, or a centralized unit of a base station, or a control plane part of a centralized unit of a base station. In one example, the first node may be the first base station, or a centralized unit of the first base station, or a first plane part of the centralized unit of the first base station (such as a control plane part of the centralized unit of the first base station).

[0159] * Second node: a base station, or a centralized unit of a base station, or a control plane part of a centralized unit of a base station. The node is different from the first node. In one example, the second node may be the second base station, or a centralized unit of the second base station, or a first plane part of the centralized unit of the second base station (such as a control plane part of the centralized unit of the second base station).

[0160] * Third node: This entity is a network side device or a part of the function of a network side device. It is mainly used to process and / or transmit data of a part of planes (such as data of other planes in user data except control plane data, and the data of the other planes is data of one or more planes, such as user plane data and data plane data, user plane and data plane data, etc.) or data of all planes. If the node is only used for user plane data, the node can also be called a user plane entity (UP). If the node is only used for data plane data, the node can also be called a data plane entity (DP). In one example, the node is an independent node. In another example, the node is a part of the function of a base station or a core network node. In another example, the node is a device of a core network, such as a device used for user plane data processing and transmission (such as User Plane Function (UPF)), or a device used for data plane data processing and transmission (such as Data Plane function (DPF));

[0161] * Fourth node: a distributed unit of a base station. In one example, the fourth node is the first distributed unit;

[0162] * Fifth node: a distributed unit of a base station, which is a distributed unit different from the fourth node. In one example, the fifth node is the second distributed unit;

[0163] * Sixth node: a second plane part of a centralized unit of the base station, the node is configured to process and transmit the data of the second plane, i.e. the node is configured to process the data of at least one plane of the plurality of plane data of the user equipment except the first plane. In one example, the sixth node is the user plane part of the first centralized unit, and is used to process the user plane data of the user equipment. In another example, the sixth node is the data plane part of the first centralized unit, and is used to process the data plane data of the user equipment;

[0164] * Seventh node: a second plane part of a centralized unit of the base station, which is the second plane part of the centralized unit of the base station different from the sixth node. In one example, the seventh node is the user plane part of the second centralized unit, and is used to process the user plane data of the user equipment. In another example, the seventh node is the data plane part of the second centralized unit, and is used to process the data plane data of the user equipment;

[0165] The above nodes can be different nodes or the same node. If they are the same node, in one example, the node can be used to process data of all planes, then when the user equipment moves between different nodes, the node is always responsible for processing data of all planes of the user equipment. For example, the node is a centralized unit of one base station. When the user equipment moves between different base stations, the data of all planes of the user will be handed over by the centralized unit of the base station. This ensures that the key of the user equipment does not need to be updated, and can also reduce the interruption or slowdown of data transmission during movement of user equipment.

[0166] The present invention includes the following keys:

[0167] * First key: this key is a key used for the data of all planes of the user equipment, that is, the data of all planes use the same key. An example of this first key is a key applicable to the data of all planes (such as the control plane, the user plane, the data plane);

[0168] * Second key: this key is a key used for data of a part of planes of the user equipment, the part of planes are at least two planes among all planes of the user equipment. An example is a key applicable to data of any two planes among the control plane, user plane and data plane;

[0169] * Third key: this key is a key used for data of one plane of the user equipment. An example is a key applicable to data of any one of the control plane, user plane and data plane;

[0170] In the present invention, the update of the above key may lead to the reconstruction of the PDCP layer serving the data of the user equipment, or the reconstruction of the RLC layer, etc., thereby causing the interruption or slowing down of data transmission. In order to reduce the impact (such as interruption, slowing down, etc.) of the movement of user equipment on data transmission, the present invention proposes a user equipment key update method. In this method, the data of different planes of the user equipment may adopt different configuration methods, resulting in different key update methods for different planes. In one example, the user equipment only needs to update the key of the control plane data during movement, but does not need to update the key of the user plane data. In this way, the user plane data of the user equipment is not affected, but only the control plane data. Considering that during movement, the user equipment has no or less control plane data that needs to be transmitted, the impact of mobility on the data transmission of the user equipment can become small. Further, in order to support this method, the present invention defines a new network device and a corresponding network architecture. This device is a device that processes and transmits data of the first plane or the second plane, such as the above-mentioned third node. An example of this node is an independent node, such as a Common non-control plane entity (Common non-CP), Common user plane entity (Common UP), or common data plane entity (Common DP). Further, the independent node can be a non-core network device (such as a device in the Radio Access Network (RAN)) or a core network device. Another example of the node is a part of the functions of a node in the network, such as the user plane entity of the base station / core network node and the data plane entity of the base station / core network node.

[0171] The present invention gives examples of different network structures (the third node described below is a non-control plane entity, and the plane it serves can be data of at least one plane except the control plane):

[0172] - Example structure 1: The third node is an independent non-core network device (such as a device on the RAN side)

[0173] In this structure, different base stations are connected to the third node. The interface between each base station with the third node is the first interface. When the base station is a split architecture, the base station includes a centralized unit of the base station or a first plane part of the centralized unit of the base station, and a distributed unit of the base station. In one example, the interface between the centralized unit of the base station or the first plane part of the centralized unit of the base station and the third node is the first plane (such as the control plane) part of the first interface (such as the E1 interface, or the enhanced E1 (enE1) interface), The interface between the distributed unit of the base station and the third node is the second plane (such as user plane, data plane, etc.) part of the first interface (such as the F1 interface, or the F1 user plane interface). As shown in Figure 4, the figure includes two base stations (such as base station 1 and base station 2) and a third node. Examples of the third node are a common non-control plane entity, a common user plane entity or a common data plane entity. Further, there may be multiple third nodes, and the interface between the base station and the third node is the first interface. When the base station is a split structure, the base station includes a centralized unit (or a first plane part of the centralized unit, such as a control plane part of the centralized unit) and at least one distributed unit, and the centralized unit and the third node can be the first plane part (control plane part) of the first interface. The interface between the distributed unit of the base station and the third node can be the second plane part of the first interface (such as the user plane part or the data plane part), and the interface between the centralized unit and the distributed unit is the second interface (such as the F1 control plane interface F1-C), the interface between the two base stations is the third interface (such as the Xn interface, or the Xn control plane interface Xn-C, X2 interface, or X2 control plane interface X2-C).

[0174] - Example Structure 2: The third node is part of the functions of another node

[0175] In this structure, the third node can be a part of the functions of a base station, or a part of the functions of a core network node, and the interface between the other base station and the base station or core network node is the fourth interface (such as Xn interface, or Xn control plane interface Xn-C, X2 interface, or X2 control plane interface X2-C, NG interface, or NG interface control plane interface NG-C, S1 interface, or S1 interface control plane interface S1-C). As shown in Figure 5, three base stations are included in the figure. Base station 1 includes the functions of the above-mentioned third node. Base station 2 and base station 3 are connected to base station 1 through the fourth interface. In this example, when the third node can process data of all planes of the user equipment, the user equipment may not update the key during movement, reducing the interruption or slowing down of user data transmission.

[0176] - Example structure 3: the third node is a core network device, or a part of a core network device

[0177] In this structure, the third node is located in the core network, and the interface between the third node and different base stations is the fifth interface (such as NG interface, or NG user plane interface, or NG data plane interface, S1 interface, or S1 user plane interface, or S1 data plane interface). Each base station can be a non-split architecture or a split architecture. As shown in Figure 6, the figure includes a third node and two base stations (base station 1 and base station 2). If the base station is a split architecture, each base station includes the first plane (such as control plane) part of the centralized unit of the base station, the second plane (such as user plane, data plane) part of the centralized unit of the base station, and the distributed unit of the base station; or each base station includes a centralized unit of the base station and a distributed unit of the base station.

[0178] In the above structure, when the user equipment moves between different base stations (such as switching between different base stations), the data of certain planes of the user equipment (such as user plane data, data plane data) is always processed by the third node or transmitted. Since the third node does not change during movement of the user, the security configuration of the data of a part of planes of the user equipment may also not change. Furthermore, the user equipment side does not need to perform operations related to the security configuration update (such as PDCP reconstruction, Radio link control (RLC) reconstruction), which can reduce the impact on data transmission of the user equipment (such as data transmission of certain planes).

[0179] In the present invention, the third node may include at least one of the following functions:

[0180] * data mapping. This function is to map received data, which can be data received from other nodes or data received from other protocol layers of the third node. When the third node maps data received from other nodes, in one example, if the other node is a device of the core network, the received data may be session data, packet data unit session data, IP data, IP flow data, QoS flow data, etc., then the function of the data mapping is to map these data into RBs, or data radio bearers, or artificial intelligence radio bearers; in another example, if the other node is a node on the RAN side (such as a distributed unit of a base station), the received data may be a Protocol Data Unit (PDU) or a Service Data Unit (SDU) of the data bearer, such as PDCP PDU / SDU, RLC PDU / SDU Etc., the function of the data mapping is to map these data into session data, packet data unit session data, IP data, IP flow data, QoS flow data, etc. Further, the function may be implemented by a specific protocol, e.g., Service Data Adaptation Protocol (SDAP), i.e., the third node includes an SDAP protocol layer

[0181] * data security. This function is to perform security related processing on data, such as ciphering, integrity protection, or de-ciphering, integrity protection, etc. Further, this function can be implemented by a specific protocol, such as PDCP, that is, the third node includes a PDCP protocol layer.

[0182] * data retransmission. This function can retransmit data. In one example, the data retransmission is based on the Automatic Repeat request (ARQ) protocol. Further, this function may be implemented by a specific protocol, such as Radio Link Control (RLC), that is, the third node includes an RLC protocol layer. In another example, the third node only includes part of the functions of the RLC protocol layer, for example, only includes the functions of the RLC protocol layer except data fragmentation, that is, the third node includes the high-level part of the RLC protocol layer.

[0183]

[0184] In the present invention, the third node may include at least one of the protocol layers:

[0185] * a SDAP protocol layer, further, the protocol layer is an SDAP layer for serving the above-mentioned first plane or second plane

[0186] * a PDCP protocol layer, further, the protocol layer is a PDCP layer for serving the above-mentioned first plane or second plane

[0187] * an RLC protocol layer or a partial RLC protocol layer, further, the protocol layer is an RLC layer for serving the first plane or the second plane

[0188]

[0189] The present invention includes the following procedures:

[0190] * Procedure 1: a configuration procedure of a user equipment. One function of this procedure is to configure the serving cell or target cell or candidate cell of the user equipment, and the other function is to trigger the cell change of the user equipment.

[0191] * Procedure 2: a configuration procedure of a network node. This procedure is to exchange respective configuration information between network nodes.

[0192] * Procedure 3: a procedure for a network side to configure configuration information required to serve data of the user equipment.

[0193] * Procedure 4: a preparation procedure of a cell (such as a serving cell, a target cell, a candidate cell) of the user equipment.

[0194] * Procedure 5: a notification procedure of user equipment movement. This procedure is to notify the user equipment of the configuration information when the user equipment undergoes cell handover.

[0195] The above five procedures can be performed independently or combined with each other. The details of each procedure are introduced below.

[0196]

[0197] <Procedure 1: Configuration procedure of user equipment>

[0198] In order to support the security configuration update of user equipment during movement, the present invention includes the following steps, as shown in Figure 7:

[0199] Step 1-1: The first node transmits a first configuration message to a user equipment, the message including at least one of the following roles: 1) configuring a serving cell of the user equipment, 2) configuring a target cell for handover of the user equipment, 3) configuring at least one candidate cell for handover of the user equipment. When configuring these cells, security configuration information related to the data of different planes of the user equipment is included. The message includes at least one of:

[0200] * first security configuration information, which is used to configure security information of the user equipment, and includes security configuration information related to data of the user equipment. The information includes at least one of:

[0201] ** information related to a security algorithm, which indicates the security algorithm for data of different planes. The information includes at least one of the following:

[0202] *** full plane algorithm information used to indicate a security algorithm required for data of all planes of the user equipment. In one example, the security algorithm is applicable to control plane, user plane and data plane, and the information includes at least one of ciphering algorithm information and integrity protection algorithm information.

[0203] *** partial plane algorithm information used to indicate a security algorithm required for data of a part of planes (at least two planes) of the user equipment. In one example, the algorithm is applicable to data of any two planes of the control plane, the user plane and the data plane, and the information includes at least one of ciphering algorithm information and integrity protection algorithm information.

[0204] *** single plane algorithm information used to indicate a security algorithm required for one plane of the user equipment. In one example, the algorithm is applicable to data of any one of a control plane, a user plane and a data plane, and the information includes at least one of ciphering algorithm information and integrity protection algorithm information.

[0205] The beneficial effects of the above-mentioned "full plane algorithm information", "partial plane algorithm information", and "single plane algorithm information" are that data in different planes use different algorithms, improve the efficiency of data transmission in different planes, and reduce the interruption or slowing down of data transmission in different planes during handover of the user.

[0206] ** security indication information indicating configuration information of a key of the user equipment. The beneficial effect of this information is that the data in different planes uses different keys, or the data in different planes will undergo different key updates based on the different ranges that occur during the movement of the user equipment, which can reduce the interruption and slowdown of data transmission caused by key update during the movement of the user equipment. The information includes at least one of the following:

[0207] *** first key change indication information indicating whether a first key used by the user equipment needs to be changed. An example of the first key is a key applicable to data of all planes (such as the control plane, the user plane, the data plane).

[0208] *** second key change indication information indicating whether a second key used by the user equipment needs to be changed, wherein the second key is a key for data of a part of planes (e.g., at least two planes) of the user equipment, and an example is a key for any two of control plane data, user plane data and data plane data.

[0209] *** third key change indication information indicating third key change indication information applicable to the user equipment. The third key is a key for data of one plane of the user equipment. An example is a key applicable to any one of control plane data, user plane data and data plane data.

[0210] *** key separation indication information, which indicates whether data of different planes use different keys, and further indicates which planes' data require the user equipment to use different keys, or for which planes the key changes need to be performed separately. An example of these planes is any one or any two of the control plane, the user plane, and the data plane. In another example, when the data of the user equipment includes more planes, the planes may be a combination of a part of planes (such as at least two planes) among the plurality of planes. For example, the information indicates whether the control plane and / or the user plane and / or the data plane use different keys or whether the key change for the control plane and / or the key change for the user plane and / or the key change for the data plane can be performed separately.

[0211] *** key update range indication information which is used by the user equipment for judging whether key update is required, or indication information indicating the range in which the user equipment does not require key update (or requires key update), that is, when the user equipment performs a handover within the range indicated by the range information, it does not need to update the key (or needs to update the key). An example of the key is the above-mentioned first key (such as the key common to the data of the control plane, the user plane and the data plane). Another example is the above-mentioned second key (such as any two of the control plane key, the user plane key, and the data plane key). Another example is the above-mentioned third key (such as any one of the control plane key, the user plane key, and the data plane key). Further, the information may indicate ranges separately for different types of keys. The beneficial effect of this information is that the keys for different data will be updated differently depending on the movement range of the user equipment, reducing the interruption or slowing down of data transmission caused by the key update during the movement of the user equipment. For one type of key (one of the first key, the second key, and the third key), the information includes at least one of:

[0212] **** area identification information, or area indication information, which indicates an area that does not require key update (or requires key update). In one example, the area indicated by the information may include one or more cells, or include one or more base stations, etc. If the cell accessed by the user equipment is within the area indicated by the identification information, the user equipment does not need to perform key update (or needs key update).

[0213] **** cell identification information indicating one or more cells for which a key update is not required (or is required). If the cell accessed by the user equipment is within the cell indicated by the identification information, the user equipment does not need to perform key update (or needs key update).

[0214] **** candidate identification information indicating a configuration of one or more candidate cells for which key update is not required. If the configuration used by the cell accessed by the user equipment is the configuration indicated by the identification information, the user equipment does not need to perform key update (or needs key update).

[0215] **** path identification information indicating one or more paths for which key update is not required. If the path of the cell accessed by the user equipment is the path indicated by the information, the user equipment does not need to perform key update (or needs key update).

[0216] ** key indication information, which indicates information used by the user equipment when performing the key update. An example of the key is the above-mentioned first key (such as a key common to data of the control plane, user plane and data plane). Another example is the above-mentioned second key (such as any two of the control plane key, the user plane key, the data plane key). Another example is the above-mentioned third key (such as any one of the control plane key, the user plane key or the data plane key). Further, the information may be indicated separately for different types of keys. The beneficial effect of this information is that data in different planes of the user equipment can use different keys, reducing the interruption or slowing down of data transmission of the user equipment due to the key update. For one type of key (one of the first key, the second key, and the third key), the information includes at least one of:

[0217] *** key information, which indicates the key of the user equipment, and the key can be used for ciphering and / or integrity protection. In one example, after the user equipment receives the information, it can directly use the received key for ciphering and / or integrity protection. One example of this information is first key information, e.g. the information which indicates a key for data of all planes, e.g. the control plane, the user plane and the data plane. One example of the information is second key information, e.g. the information which indicates a key for data of at least two of the planes, e.g. at least two of the control plane, the user plane and the data plane. One example of the information is third key information, e.g. the information which indicates a key for data of one plane, e.g. one of the control plane, the user plane and the data plane.

[0218] *** key update information, which indicates the information used by the user equipment for updating a key. One example of the information is first key update information, such as information which indicates the information for updating a key for data of all planes, e.g. the control plane, the user plane and the data plane. Another example of the information is second key update information, such as information which indicates the information for updating a key for data of at least two of the planes, e.g. at least two of the control plane, the user plane and the data plane. Another example of the information is third key update information, such as information which indicates the information for updating a key for data of one of the planes, e.g.one of the control plane, the user plane and the data plane. For a type of key, the information includes at least one of:

[0219] **** next hop information for generating a key required by the user equipment.

[0220] **** next hop chaining count information, which may be used to correlate keys generated by the user equipment. In one example, if the information received by the user equipment is different from the NCC associated with the key it is using, the user equipment needs to generate a new key.

[0221] *** first assistant information, which includes the information required for generating a key. In one example, this information is used as input to the ciphering algorithm and is then used to generate the key of the user equipment. The generated key can be a first key (e.g. a key for data of all planes, e.g. a key common to the data of the control plane / user plane / data plane) or a second key (e.g. a key for data of at least two of planes, e.g. a key for data of at least two planes among the control plane / user plane / data plane), or may be a third key (such as a key for data of one plane, such as a key for data of one of the control plane / user plane / data plane). For a type of key, the information includes at least one of:

[0222] **** cell indication information, which indicates cell information required by the user equipment for generating a key, such as Physical cell identity (PCI) .

[0223] **** area indication information, which indicates area information required by the user equipment for generating a key, such as area identification information (Area ID).

[0224] **** node indication information, which indicates node information required by the user equipment for generating a key. In one example, this information is the identification of the above-mentioned third node.

[0225] **** candidate configuration indication information, which indicates candidate configuration information required by the user equipment for generating a key, such as candidate configuration identification information.

[0226] **** path indication information, which indicates path information required by the user equipment for generating a key, such as path identification information.

[0227] **** first identification information, which indicates a key identification required by the user equipment for generating a key.

[0228] ** first applicable information, which indicates the range information to which the information contained in the above-mentioned "first security configuration information" is applicable. This information can be for the first key, the second key, or the third key. For a type of key, the information includes at least one of:

[0229] *** area identification information, or area indication information, which indicates an area that does not require key update (or requires key update). In one example, the area indicated by the information may include one or more cells, or include one or more base stations, etc. If the cell accessed by the user equipment is within the area indicated by the identification information, the user equipment does not need to perform key update (or needs key update).

[0230] *** cell identification information indicating one or more cells for which a key update is not required (or is required). If the cell accessed by the user equipment is within the cell indicated by the identification information, the user equipment does not need to perform key update (or needs key update).

[0231] *** cell set identification information indicating a set of one or more cells for which a key update is not required (or in need of a key update). If the cell accessed by the user equipment is within the cell set indicated by the identification information, the user equipment does not need to perform key update (or needs key update).

[0232] *** candidate configuration identification information indicating a configuration of one or more candidate cells for which a key update is not required (or which a key update is required). If the configuration used by the cell accessed by the user equipment is the configuration indicated by the identification information, the user equipment does not need to perform key update (or needs key update).

[0233] *** path identification information indicating one or more paths for which a key update is not required (or which a key update is required). If the path of the cell accessed by the user equipment is the path indicated by the information, the user equipment does not need to perform key update (or needs key update).

[0234] *** plane indication information, which indicates a plane for which a key update is not required (or which a key update is required). The plane indicated by the information may be one or more of the planes supported by the user equipment, such as a control plane, a user plane, a data plane, etc.

[0235] * configuration information of a cell, which includes configuration information of a the serving cell or a target cell or a candidate cell. For a cell, the information includes at least one of:

[0236] ** second cell identification information.

[0237] ** configuration identification information, which identifies the configuration of a cell. When the above-mentioned first configuration message is used to configure at least one candidate cell, the identification information may be candidate configuration identification information.

[0238] ** range indication information indicating a range to which a cell indicated by the "second cell identification information" belongs. The user equipment can determine based on this information whether it is necessary to update the key when accessing (such as accessing through a handover, accessing through connection re-establishment, accessing through connection resume, accessing through connection establishment, etc.) the cell identified by the "second cell identification information". In one example, When the "range indication information" of the cell accessed by the user equipment is the same as the "range indication information" of the cell previously accessed by the user equipment, the key update is not required (or key update is required). When the "range indication information" of the cell accessed by the user equipment is different from the "range indication information" of the cell previously accessed by the user equipment, the key update is required (or the key update is not required). The information includes at least one of the following:

[0239] *** area identification information, or area indication information, which indicates an area that does not require key update (or requires key update).

[0240] *** cell set identification information indicating a set of one or more cells for which a key update is not required (or in need of a key update).

[0241] *** path identification information indicating one or more paths for which a key update is not required (or which a key update is required).

[0242] ** second security configuration information indicating security configuration used by the user equipment when accessing (such as accessing through a handover, accessing through connection re-establishment, accessing through connection resume, accessing through connection establishment, etc.) a cell indicated by the "second cell identification information". The description of this information can be found in the above "first security configuration information".

[0243] ** key association information, which indicates information required by the user equipment for generating the key or information associated with generating the key when accessing (such as accessing through a handover, accessing through connection re-establishment, accessing through connection resume, accessing through connection establishment, etc.) a cell indicated by the "second cell identification information". An example of the key is the above-mentioned first key (such as the key common to the data of the control plane, the user plane and the data plane). Another example is the above-mentioned second key (such as any two of the control plane key, the user plane key, and the data plane key). Another example is the above-mentioned third key (such as any one of the control plane key, the user plane key, and the data plane key). The beneficial effect of this information is that the user equipment determine whether it is necessary to update the key, the control plane key, the user plane data or the data plane key when the cell is handover or switched , so as to reduce the interruption or slowdown of data transmission, or control plane data transmission, or user plane data transmission or data plane data transmission during handover. Further, the information may be indicated separately for different types of keys. For one type of key (one of the first key, the second key, and the third key), the information includes at least one of:

[0244] *** second assistant information, which contains assistant information required for generating a key, as described in the above-mentioned "first assistant information".

[0245] *** second identification information indicating a key identification required by the user equipment for generating a key. Further, this information can also be used by the user equipment to determine whether key update (or PDCP layer reconstruction, or RLC layer reconstruction, etc.) is required. In one example, the user equipment will compare the "second identification information" of the serving cell and the "second identification information" of the target cell (or candidate cell). If the two are the same (or different), the user equipment does not need to perform a key update, if the two are different (or the same), the user equipment needs to perform a key update.

[0246] Step 1-2: determine the required security configuration information when the user equipment accesses the cell. When the user equipment is performing cell handover or accessing a new cell, it needs to determine whether it needs to perform the key update (or PDCP reconstruction, RLC reconstruction, etc.). The updated key can be the first key, the second key, or the third key. Methods for the user equipment side to determine whether key update is required include:

[0247] - Method 1: determine based on a range configured by the network side that does not require key update.

[0248] In this method, the configuration on the network side includes range indication information that does not require key update (or requires key update), such as the "key update range indication information" in the above first configuration message, which indicates a range that key update is not required (or key update is required). When the cell accessed by the user equipment is within the range indicated by the information, the user equipment does not need to perform key update (or needs to perform key update).

[0249] - Method 2: According to the configuration information of a source cell and a target cell (or a candidate cell)

[0250] In this method, the user equipment needs to compare the configuration information of the source cell and the target cell (or candidate cell), and determine whether key update is required based on the comparison result. For example, in the above-mentioned first configuration message, the configuration information of each cell (such as the source cell, the target cell, the candidate cell) contains the above-mentioned "key association information". In one example, if the "second identification information" of the source cell and the target cell (or the candidate cell) are the same (or different), key update is not required. If they are different (or the same), key update is required. In another example, if the "second identification information" of the source cell and the target cell (or candidate cell) are the same (or different), control plane key update is not required. If they are different (or the same), control plane key update is required. In another example, if the "second identification information" of the source cell and the target cell (or candidate cell) are the same (or different), user plane key update is not required. If they are different (or the same), user plane key update is required. In another example, if the "second identification information" of the source cell and the target cell (or candidate cell) are the same (or different), data plane key update is not required. If they are different (or the same), data plane key update is required.

[0251] - Method 3: According to the instruction from the network side

[0252] In this method, the network side will transmit key update indication information to the user equipment, and the user equipment performs key update according to the information contained in the indication. The key update indication information may be at least one of the information included in the "first security configuration information" included in the above-mentioned first configuration message. The first configuration message can be an RRC message, or a Control Element (CE) of the Medium Access Control layer (MAC), or Control information (such as the following Downlink Control Information (DCI)) of a physical layer. In another example, the indication information may be given based on pre-configuration on the network side. For example, the network side (first node) first transmits a first configuration message to the user equipment through RRC signaling, and the first message includes related configuration related to security (such as the information in the above first configuration message), then the first node transmits a second message (such as RRC message, MAC CE, DCI) to the user equipment, wherein the second message contains information required for key update (such as information not included in the above first message, such as "key indication information").

[0253] Based on the configuration of the above procedure, the user equipment can update the keys of data of different planes differently during the handover procedure (or during the procedure of accessing a new cell). For example, the user equipment has two keys, key 1 and key 2. Key 1 and key 2 can be any two of the above-mentioned first key, second key, and third key respectively, or two different second keys, or two different third keys (such as two of the control plane key, the user plane key, the data plane key). In one embodiment, key 1 needs to be updated at every handover, while key 2 does not need to be updated when the user equipment switches between certain cells. In another embodiment, when the user equipment switches between cells in cell set 1, there is no need to update key 1, and when the user equipment switches between cells in cell set 2, there is no need to update key 2. Cells in cell set 1 and cells in cell set 2 can be completely different, partially the same, or completely the same.

[0254] The beneficial effect of the above procedure is that the user equipment can determine whether key update (or PDCP reconstruction, RLC reconstruction, etc.) is required according to the network configuration, thereby reducing interruption and slowing down of data transmission by the user equipment.

[0255]

[0256] <Procedure 2: a configuration procedure of a network node>

[0257] Further, in order to support the above key update method, the above third node may be connected to multiple different base stations. This third node may be used to process the data of all planes or a part of the planes or a single plane of user data. In one example, when the user equipment switches between multiple base stations connected to the third node, the user equipment may not need to update the key of the plane data processed by the third node. In order to indicate this method, the present invention may also include an interaction procedure between the third node and the above-mentioned first node or second node. As shown in Figure 8, this procedure is used to interact configuration information between the third node and the first node (or the second node):

[0258] Step 2-1: the third node transmits a second configuration message to the first node, the message including at least one of the following functions: 1) providing assistant information for generating a security related configuration to the first node. After receiving the message, the first node will generate the security related configuration information of the user equipment. 2) providing security related configuration information to the first node. After receiving the message, the first node will obtain the security related configuration information required by the user equipment. In one example, the third node is responsible for processing data of all planes of the user equipment. In another example, the third node is responsible for processing data of a part of the planes of the user equipment. In another example, the third node s is responsible for processing data of one plane of user equipment. The message includes at least one of:

[0259] * node identification information including an identification of a third node.

[0260] * indication information of a service range, which indicates a range served by the third node. In one example, if the cell accessed by the user equipment such as accessed through a handover, accessed through connection re-establishment, accessed through connection resume, accessed through connection establishment, etc.) is within the range indicated by the indication information, the key update is not required (or key update is required). An example of the key is the above-mentioned first key (such as the key common to the data of the control plane, the user plane and the data plane). Another example is the above-mentioned second key (such as any two of the control plane key, the user plane key, and the data plane key). Another example is the above-mentioned third key (such as any one of the control plane key, the user plane key, and the data plane key). After receiving this information, the first node can determine the nodes or cells that do not need to perform key update, thereby configuring these serving nodes or cells for the user equipment as much as possible, thereby reducing the interruption or slowing down in the data transmission procedure of the user equipment. The information includes at least one of the following:

[0261] ** area identification information, or area indication information, indicating an area served by the third node. In one example, the information indicates an area that the user equipment does not require key update (or requires key update).

[0262] ** cell set identification information indicating identification information of a set of cells served by the third node. In one example, the information indicates a set of one or more cells for which key update is not required (or key update is required).

[0263] ** path identification information indicating identification information of paths for user equipment served by the third node, in one example indicating one or more paths that do not require a key update (or require a key update).

[0264] ** identification information of a node, which identifies a node served by the third node. In one example, when the user equipment accesses the node indicated by the information, key update is not required (or key update is required).

[0265] ** cell identification information, which identifies a cell served by the third node. In one example, when the user equipment accesses the cell indicated by the information, key update is not required (or key update is required).

[0266] * support information, which indicates a function or parameter supported by the third node. Based on this information, the first node can determine whether to allow the third node to serve the user equipment based on this information. This information includes at least one of:

[0267] ** supported information of Public Land Mobile Network (PLMN), including PLMN identification information.

[0268] ** supported information of a QoS parameter, the information indicating QoS parameters supported by the third node, the QoS parameters including at least one of the following parameters: QoS Class Identifier (QCI), Allocation and Retention Priority (ARP), Guaranteed Bit Rate (GBR) QoS information, 5G QoS Identifier (5QI), priority information, average window information, Maximum Data Burst Volume, Downlink / Uplink Core Network Packet Delay Budget.

[0269] ** supported slice information, which indicates the slices supported by the third node, and this information includes slice identification information, such as Single Network Slice Selection Assistant Information (S-NSSAI), and further, this information includes Slice / Service Type (SST), Slice Differentiator (SD).

[0270] ** supported cell information indicating the cells supported by the third node, the information including cell identification information.

[0271] The above procedure can be used to establish an interface between the first node and the third node, or update the configuration information of the third node.

[0272] The above procedure may be performed by the third node and multiple different first nodes separately, so that each first node obtains the configuration information of the third node. The beneficial effect of the above procedure is that the first node can determine whether to configure the third node to serve the data of the user equipment, thereby reducing the interruption or slowing down of data transmission. For example, the first node may configure the user equipment with nodes or cells within the service range of the third node, so that when the user equipment moves between these nodes or cells, the interruption or slowing down of data transmission can be reduced.

[0273] The above-mentioned second configuration message transmitted by the third node to the first node may be transmitted directly by the third node to the first node (for example, when the first node and the third node are both devices on the RAN side, the third node directly transmits it to the first node), or may be transmitted by a node of the core network to the first node. For example, the first core network node transmits the above second configuration message to the first node (for example, when the third node is a node of the core network, the first core network node interacts with the third node and then transmits it to the first node).

[0274]

[0275] <Procedure 3: a procedure for a network side to configure configuration information required to serve data of the user equipment>

[0276] When configuring the user equipment, in order to generate the configuration information required to serve the data of the user equipment, the first node and the third node will perform the following procedure, as shown in Figure 9:

[0277] Step 3-1: the first node transmits a first configuration request message to the third node, the function of which is to configure the third node to service the user equipment, and the message includes at least one of:

[0278] * first data request information including information for requesting data of the user equipment served by the third node. This information may include multiple different types of data. For one type of data, the information includes at least one of:

[0279] ** first data identification information, which identifies the data of the user equipment, such as bearer identification information, SRB identification information, DRB identification information, bearer identification information of service data plane data, IP flow identification information, PDU session identification information, QoS flow identification information.

[0280] ** first indication information of a plane, which indicates a plane to which the data belongs, such as the control plane, the user plane, the data plane, the above-mentioned first plane, the above-mentioned second plane, etc. In one example, the information may be explicit information, and in another example, the information is implicit information, such as determining the plane to which the data belongs based on other information contained in the above-mentioned "first data request information".

[0281] ** first QoS parameter information including QoS parameters of data.

[0282] ** first data configuration information, such as PDCP layer configuration information.

[0283] ** first tunnel information, which indicates the information of the tunnel used when the third node transmits the data (downlink data) of the user equipment. The tunnel information may contain information on one tunnel or information on multiple tunnels. If it contains information on multiple tunnels, each tunnel may be prepared separately for different cells or nodes. For one tunnel, the information includes at least one of:

[0284] *** tunnel identification information identifying a tunnel.

[0285] *** node identification information indicating a node served by the tunnel.

[0286] *** cell identification information indicating a cell served by the tunnel.

[0287] *** address information, which includes tunnel address information, such as IP address information, Tunnel endpoint identifier (TEID).

[0288] * first serving node information. The first serving node may be an old serving node or a current serving node. The old serving node is a node that serves the user equipment before the user equipment accesses the transmitting node (such as the first node) (in one example, the node is the above-mentioned third node; in another example, the node is a node different from the third node). other nodes of the third node), the current serving node is the node currently serving the user equipment. The data of the user equipment may belong to at least one plane (such as the control plane, the user plane, the data plane, the above-mentioned first plane, the above-mentioned second plane) or may belong to different types (such as different data indicated by different identification information, the identification information may be the bearer identification information, the SRB identification information, the DRB identification information, the bearer identification information of the service data plane data, the IP flow identification information, the PDU session identification information, the QoS flow identification information), then the first serving node information can be given separately for different data. After receiving this information, the third node can determine whether it has already served the user equipment. In one example, if it has already served the user equipment, the data of the user equipment it serves does not need to perform key update (or PDCP reconstruction, RLC reconstruction, etc.), if it has not already served the user equipment, it may need to generate a key or security related information for serving the user equipment, or obtain the key based on the first configuration request message. The information includes at least one of:

[0289] ** first identification information of a serving node, which is the identification information of the above-mentioned first serving node. In one example, the information is the identification information of the above-mentioned third node. In another example, the information is the identification information of other nodes.

[0290] ** first user identification information, which is the identification information of the user equipment on the above-mentioned first serving node. In one example, after the third node receives the information, if the third node is the above-mentioned first serving node, the third node can find the context of the user equipment based on the information.

[0291] * first information related to security, which may be used to provide security related configuration information to the third node when the security configuration of the user equipment is generated by the first node, and when the security configuration of the user equipment is generated by the third node, this information may be used to request security related configuration information from the third node, the information including at least one of:

[0292] ** second security configuration information, which provides security related configuration information generated by the first node about the user equipment. The information may be given for data of different planes (e.g. the first plane, the second plane), respectively. For a specific description of the information contained in this information, please refer to the description in the above-mentioned "first security configuration information", such as "information related to a security algorithm", "key information", "key update information", "first assistant information", "first applicable information", etc. Further, the information may also include at least one of:

[0293] *** ciphering indication information indicating whether ciphering is required.

[0294] *** integrity protection information indicating whether integrity protection is required.

[0295] ** first security configuration request information for requesting the third node to provide information related to security configuration, based on which the third node can generate the information related to security configuration. The information includes at least one of the following:

[0296] *** first information of a node, which indicates information of a node where a cell (such as a serving cell, a target cell, a candidate cell, etc.) configured for the user equipment is located, and the information includes at least one of:

[0297] **** identification Information of a node.

[0298] **** cell identification information, such as identification information of a serving cell, identification information of a target cell, identification information of a candidate cell, etc.

[0299] *** first information of data, which indicates information of a node serving the data of the user equipment when the user equipment accesses the node indicated by the above-mentioned "first information of a node", and the information includes at least one of:

[0300] **** identification information of a serving node. The node indicated by the information is a node that serves data of the user equipment (such as a third node, or a node of the same type as the third node, or a node with the same function as the third node, which is different from the node indicated by the above "first information of a node").

[0301] **** indication information of service data, which indicates the data served by a node indicated by the above-mentioned "identification information of a serving node", such as control plane data, user plane data, data plane data, the above-mentioned first plane data, the above-mentioned second plane data, data indicated by different identification information (such as bearer identification information, SRB identification information, DRB identification information, bearer identification information of service data plane data, IP flow identification information, PDU session identification information, QoS flow identification information).

[0302] Step 3-2: the third node transmits a first configuration response message to the first node, the function of which is to provide configuration information at the third node, and the message includes at least one of:

[0303] * first data response information including configuration information required by the third node side to service the data of the user equipment. The information indicates the data of the user equipment accepted by the third node. The information includes at least one of the following:

[0304] ** second data identification information, which identifies the data of the user equipment, such as bearer identification information, SRB identification information, DRB identification information, bearer identification information of service data plane data, IP flow identification information, PDU session identification information, QoS flow identification information.

[0305] ** second data configuration information, such as PDCP layer configuration information.

[0306] ** second tunnel information, which indicates the information of the tunnel used when the third node receives the data (uplink data) of the user equipment. The tunnel information may contain information on one tunnel or information on multiple tunnels. If it contains information on multiple tunnels, each tunnel may be prepared separately for different service cells or target cells or candidate cells. For one tunnel, the information includes at least one of:

[0307] *** tunnel identification information identifying a tunnel.

[0308] *** node identification information indicating a node served by the tunnel.

[0309] *** cell identification information indicating a cell served by the tunnel.

[0310] *** address information, which includes tunnel address information, such as IP address information, Tunnel endpoint identifier (TEID).

[0311] * second information related to security including configuration information related to security information generated by the third node. in one example, the information may be used by the first node to generate a security configuration for the user equipment. In another example, the information may be used by the first node to configure a security configuration for the user equipment. Further, this information is generated by the third node based on the information in the above-mentioned first configuration request message (such as the above-mentioned "first security configuration request information"). The information contained in this information can be referred to the description in the above-mentioned "first security configuration information", such as "information related to a security algorithm", "key information", "key update information", "first assistant information", "first applicable information", etc.

[0312] The above-mentioned first configuration request message transmitted by the first node to the third node may be transmitted directly by the first node to the third node (for example, when the first node and the third node are both devices on the RAN side, the first node directly transmits the first configuration request message to the third node), or may be transmitted by the first node to the node of the core network. For example, the first node transmits the above-mentioned first configuration request message to the first core network node (for example, when the third node is a node of the core network, the first node transmits the first configuration request message to the first core network node, and then the first core network node interacts with the third node).

[0313] The above-mentioned first configuration response message transmitted by the third node to the first node may be transmitted directly by the third node to the first node (for example, when the first node and the third node are both devices on the RAN side, the third node directly transmits the first configuration response message to the first node), or may be transmitted by a node of the core network to the first node. For example, the first core network node transmits the above-mentioned first configuration response message to the first node (for example, when the third node is a node of the core network, the first core network node interacts with the third node and then transmits it to the first node).

[0314] The beneficial effect of the above procedure is: configuring the third node to serve the data of the user equipment and reducing the interruption or slowing down of data transmission during the movement of the user equipment (because the third node can remain unchanged during the movement of the user).

[0315]

[0316] <Procedure 4: a preparation procedure of a cell (such as a serving cell, a target cell, a candidate cell) of the user equipment>

[0317] In order to prepare the target cell or candidate cell of the user equipment, the present invention also includes an interaction procedure between the first node and the second node, as shown in Figure 10:

[0318] Step 4-1: the first node transmits a second configuration request message to the second node, the function of which is to prepare the target cell or candidate cell of the user equipment, and the message includes at least one of:

[0319] * first cell request information including information of a cell requested by the first node, and a requested cell may be a target cell or a candidate cell. After receiving the information, the second node will generate configuration information of the requested cell. The information includes at least one of the following:

[0320] ** first cell identification information indicating identification information of a target cell or a candidate cell.

[0321] ** second data request information, which includes information on data of the user equipment requested to be served by the second node. This information may include multiple different types of data. For one type of data, the information includes at least one of:

[0322] *** second data identification information, which identifies the data of the user equipment, such as bearer identification information, SRB identification information, DRB identification information, bearer identification information of service data plane data, IP flow identification information, PDU session identification information, QoS flow identification information.

[0323] *** second indication information of a plane, which indicates a plane to which the data belongs, such as the control plane, the user plane, the data plane, the above-mentioned first plane, the above-mentioned second plane, etc. In one example, the information may be explicit information, and in another example, the information is implicit information, such as determining the plane to which the data belongs based on other information contained in the above-mentioned "second data request information".

[0324] *** second QoS parameter information including QoS parameters of data.

[0325] *** indication information of a serving node, which indicates a node that serves the data indicated by the above-mentioned "second data identification information", such as the identification information of the node. After receiving this information, the second node can decide whether to use the same node to serve the data of the user equipment.

[0326] ** third identification information, which is key identification required by the second node when generating a key. Further, this information can also be used by the second node to determine whether key update (or PDCP layer reconstruction, or RLC layer reconstruction, etc.) is required. This information is associated with the requested cell. In one example, when the user equipment switches to the above requested cell, the second node can compare the third identification information with the "fourth identification information" corresponding to the source cell. If they are same, key update (or PDCP layer reconstruction, or RLC layer reconstruction, etc.) is not required, if they are different, key update (or PDCP layer reconstruction, or RLC layer reconstruction, etc.) is required. In one example, this information is only included when the first node is able to determine the node serving the data after the user equipment accesses the requested cell. Further, the information can be given separately for different data (for example, the information can be given separately for data belonging to the above-mentioned first plane and the above-mentioned second plane, for example, the information can be given separately for data belonging to different data types, which can be distinguished by different data identification information).

[0327] ** range information for third identification information indicating a range to be used by the second node when generating the third identification information for the requested cell. In one example, this information is included when the first node cannot determine the node that serves the data after the user equipment accesses the requested cell. After receiving the information, the second node will generate the third node corresponding to the requested cell and provide it in the candidate second configuration response message. Further, the information can be given separately for different data (for example, the information can be given separately for data belonging to the above-mentioned first plane and the above-mentioned second plane, for example, the information can be given separately for data belonging to different data types, which can be distinguished by different data identification information).

[0328] * second serving node information. the second serving node is a node that currently serves the data of the user equipment (that is, when the user equipment is served by a cell under the first node), and the data of the user equipment can be the data of the above-mentioned first plane or the data of the above-mentioned second plane. In one example, the serving node is the above-mentioned third node. In one example, before the handover of the user equipment, the first node and the third node are jointly serving the data of the first plane or the second plane of the user equipment; when preparing a new target cell or candidate cell, after receiving this information, the second node can determine whether the third node will still serve the user equipment, for example, if the second node will continue to serve the user equipment together with the third node, then the key update of the data served by the third node (or PDCP layer reconstruction, or RLC layer reconstruction, etc.) is not required; if the second node no longer serves the user equipment jointly with the third node (the second node serves the user equipment jointly with other nodes, or the second node serves the user equipment independently), then after the user equipment accesses the second node, the key change of the data of the user equipment in the source cell served by the third node (or PDCP layer reconstruction, or RLC layer reconstruction, etc.) is required. The information includes at least one of the following:

[0329] ** identification information of a second serving node. In one example, this information is identification information of the above-mentioned third node.

[0330] ** second user identification information, which is the identification information of the user equipment on the second serving node (such as the third node). In one example, after the second node receives this information, if the second node also selects a second serving node (such as a third node) to serve the user equipment, the second node will contain this information in the message transmitted to the third node (such as the above-mentioned first configuration request message), and then the third node can determine the context of the user equipment based on this information and continue to serve the user equipment.

[0331] ** indication information of second service data, which indicates the data served by the above-mentioned second serving node. The information includes identification information of the data, such as bearer identification information, SRB identification information, DRB identification information, bearer identification information of service data plane data, IP flow identification information, PDU session identification information, QoS flow identification information, or the information includes plane indication information, which indicates the plane to which the data served by the second serving node belongs, such as the control plane, the user plane, the data plane, the above-mentioned first plane, the above-mentioned second plane, etc.

[0332] * information related to a configured cell. The configured cell may be a target cell or a candidate cell (a cell other than "a requested cell") configured for the user equipment. The information includes configuration information for at least one configured cell. For a cell, the information includes at least one of:

[0333] ** identification information of a second cell indicating the identification of the configured cell.

[0334] ** configuration identification information indicating a configuration corresponding to the configured cell.

[0335] ** third serving node information. The third serving node is a node that serves the data of the user equipment after the user equipment accesses the above configured cell, and the information includes at least one of:

[0336] *** identification information of the third serving node.

[0337] *** indication information of third service data, which indicates data served by the above-mentioned third serving node. The information includes identification information of the data, such as bearer identification information, SRB identification information, DRB identification information, bearer identification information of service data plane data, IP flow identification information, PDU session identification information, QoS flow identification information, or the information includes plane indication information, which indicates the plane to which the data served by the third serving node belongs, such as the control plane, the user plane, the data plane, the above-mentioned first plane, the above-mentioned second plane, etc. In one example, the plane indication information may be explicit information, and in another example, the plane indication information may be implicit information.

[0338] ** security configuration information, which indicates the security configuration information required by the user equipment to access the above configured cell. For the information contained in this information, please refer to the description in the above "first security configuration information."

[0339] ** fourth identification information, which is key identification required by the second node when generating a key. Further, this information can also be used by the second node to determine whether key update (or PDCP layer reconstruction, or RLC layer reconstruction, etc.) is required. In one example, when the user equipment switches to the above requested cell from the above configured cell, or switches to the above configured cell from the above requested cell, the second node can compare the fourth identification information with the "third identification information" corresponding to the above requested cell. If they are same, key update (or PDCP layer reconstruction, or RLC layer reconstruction, etc.) is not required, if they are different, key update (or PDCP layer reconstruction, or RLC layer reconstruction, etc.) is required. Further, the information can be given separately for different data (for example, the information can be given separately for data belonging to the above-mentioned first plane and the above-mentioned second plane, for example, the information can be given separately for data belonging to different data types, which can be distinguished by different data identification information).

[0340] Step 4-2: the second node transmits a second configuration response message to the first node, which is used to provide configuration information used by the cell (such as the target cell, or the candidate cell) at the second node, and the message includes at least one of:

[0341] * first cell response information. If the second node can accept the above-mentioned requested cell, the information includes configuration information generated by the second node on the above-mentioned requested cell, and the information includes at least one of:

[0342] ** second data response information, which includes information on the data of the user equipment accepted by the second node. This information may include multiple different types of data. For one type of data, the information includes at least one of:

[0343] *** third data identification information, which identifies the data of the user equipment, such as bearer identification information, SRB identification information, DRB identification information, bearer identification information of service data plane data, IP flow identification information, PDU session identification information, QoS flow identification information.

[0344] *** third indication information of a plane, which indicates a plane to which the data belongs, such as the control plane, the user plane, the data plane, the above-mentioned first plane, the above-mentioned second plane, etc. In one example, the information may be explicit information, in another example, the information is implicit information.

[0345] *** indication information of a serving node, which indicates the node serving the data indicated by the above "third data identification information", such as the identification information of the node.

[0346] ** information related to key update, which indicates whether key (such as control plane key, user plane key, data plane key, first plane key, second plane key) update is required (or whether PDCP reconstruction or RLC reconstruction is required), after the user equipment accesses the requested cell.

[0347] ** third identification information, which is key identification required by the second node when generating a key. Further, this information can also be used by the second node to determine whether key update (or PDCP layer reconstruction, or RLC layer reconstruction, etc.) is required. That is, when the user equipment switches to the above requested cell, the second node can compare the third identification information with the "fourth identification information" corresponding to the source cell. If they are same, key update (or PDCP layer reconstruction, or RLC layer reconstruction, etc.) is not required, if they are different, key update (or PDCP layer reconstruction, or RLC layer reconstruction, etc.) is required. In one example, the information is generated based on the "range information of third identification information" contained in the second configuration request message. Further, the information can be given separately for different data (for example, the information can be given separately for data belonging to the above-mentioned first plane and the above-mentioned second plane, for example, the information can be given separately for data belonging to different data types, which can be distinguished by different data identification information).

[0348] ** configuration information of a cell, which is configuration information of the above requested cell, such as physical layer configuration information, MAC layer configuration information, PDCP / RLC / logical channel configuration information of a bearer, etc.

[0349] * fourth serving node information. The fourth serving node is a node that serves data of the user equipment when the user equipment accesses the cell served by the second node, and the information includes at least one of:

[0350] ** identification information of the fourth serving node

[0351] ** indication information of fourth service data, which indicates identification of the data served by the fourth serving node, such as the bearer identification information, the SRB identification information, the DRB identification information, and the bearer identification information of the service data plane data., IP flow identification information, PDU session identification information, QoS flow identification information, or the information includes plane indication information, which indicates the plane to which the data served by the fourth serving node belongs, such as the control plane, the user plane, the data plane, the above-mentioned first plane, the above-mentioned second plane, etc. In one example, the plane indication information may be explicit information, and in another example, the plane indication information may be implicit information.

[0352] Based on the above procedure, the first node can obtain the configuration information of the target cell or candidate cell configured to the user, and then transmit the above first configuration message to the user equipment (such as procedure 1).

[0353] The beneficial effects of the above procedure are: configuring multiple cells for user equipment, helping user equipment perform fast handover between different cells (there is no need to start preparing the target cell when handover is required) and the signaling overhead during the handover procedure. Moreover, since it is determined during the interaction procedure whether the key needs to be updated (or PDCP reconstruction, RLC reconstruction, etc.) during the handover procedure, this can also reduce the interruption or slowdown of data transmission of the user equipment.

[0354]

[0355] <Procedure 5: a notification procedure of user equipment movement>

[0356] After the user equipment completes the cell handover, the following procedure is included, as shown in Figure 11:

[0357] Step 5-1: a first node transmits a first notification message to the third node, the function of which is to notify the handover information of the user equipment, thereby helping the third node change the address for data transmission, or determine whether to delete the configuration information of the user equipment. The message includes at least one of:

[0358] * target node information, which indicates information of a node accessed by the user equipment. Based on this information, the third node can learn that the serving cell of the user equipment has changed, and can then help the third node change the target node for data transmission. In one example, this information can help the third node determine the tunnel information required to transmit data to the new node (such as the first tunnel information configured in procedure 3 above). The information includes at least one of the following:

[0359] ** node Identification Information

[0360] ** cell Identification Information

[0361] * data transmission information, which indicates information required for data transmission of the user equipment, and the information includes at least one of:

[0362] ** data identification information, which identifies the data of the user equipment, such as bearer identification information, SRB identification information, DRB identification information, bearer identification information of service data plane data, IP flow identification information, PDU session identification information, QoS flow identification information.

[0363] ** data sequence number information, which indicates a starting sequence number when the third node transmits data to the target node, such as the PDCP sequence number, the IP sequence number, the RLC sequence number, etc. After receiving the information, in one example, the data transmitted by the third node to the target node is data after the sequence number indicated by the information (including the data packet indicated by the sequence number, or not including the data packet indicated by the sequence number). From another perspective, the data packet before the sequence number indicated by the information has been correctly transmitted to the user equipment. In another example, the data packet transmitted by the third node to the target node will need to be numbered with a sequence number after the sequence number indicated by the information, or the data packet transmitted by the third node to the target node will need to be numbered with the sequence number indicated by the information and subsequent sequence numbers.

[0364] ** third tunnel information, which indicates a tunnel used by the third node to transmit the data of the user equipment to the target node.The information includes IP address information, Tunnel endpoint identifier (TEID).

[0365] The beneficial effect of the above procedure is that when the user equipment undergoes a cell change, it can help the third node quickly change the target node for transmitting user data, reducing the interruption or slowdown of data transmission.

[0366] The above procedures can also be combined with each other, and different embodiments are given below.

[0367] - Embodiment 1: configure a serving cell of user equipment

[0368] This embodiment combines the above-mentioned procedure 1 and procedure 3, as shown in Figure 12, that is:

[0369] Step a-1: a first node transmits a first configuration request message to a third node, see the description in step 3-1 above;

[0370] Step a-2: the third node transmits a first configuration response message to the first node, see the description in step 3-2 above;

[0371] Step a-3: the first node transmits a first configuration message to a user equipment, see the description in step 1-1 above.

[0372] - Embodiment 2: configure a target cell or a candidate cell of a user equipment.

[0373] This embodiment combines the above-mentioned procedure 1, procedure 3, and procedure 4, as shown in Figure 13, that is:

[0374] Step b-1: a first node transmits a second configuration request message to a second node, see the description in step 4-1 above;

[0375] Step b-2: the second node transmits a first configuration request message to the third node. For the description of the first configuration request message, please refer to the above step 3-1 (replace "first node" with "second node");

[0376] Step b-3: a third node transmits a first configuration response message to the second node. For the first configuration response message, please refer to step 3-2 above (replace "first node" with "second node");

[0377] Step b-4: the second node transmits a second configuration response message to the first node, see the description in step 4-2 above;

[0378] Step b-5: the first node transmits a first configuration message to the user equipment, see the description in step 1-1 above.

[0379] - Embodiment 3: user equipment handover

[0380] This embodiment combines the above-mentioned procedure 1 and procedure 5, as shown in Figure 14, that is:

[0381] Step c-1: a first node transmits a first configuration message to a user equipment, see description in step 1-1.

[0382] Step c-2: trigger the user equipment to perform cell handover, and the trigger message may be the first configuration message in the above step 1-1.

[0383] Step c-3: the first node transmits a first notification message to a third node, see description in step 5-1.

[0384]

[0385] In the above procedure, examples of each message are as follows:

[0386] * first configuration message: such as a RRC Reconfiguration message, a RRC Reestablishment message, a RRC Setup message, a RRC Resume message, or other RRC messages or other types of messages;

[0387] * second configuration message: such as an interface (such as E1 interface, enhanced E1 interface, or other interface) establishment request message, an interface (such as E1 interface, enhanced E1 interface, or other interface) establishment response message, a configuration update message, a configuration update acknowledge message or other messages or other types of messages;

[0388] * first configuration request message, such as a bearer context establishment request message, a bearer context modification request message, or other messages or other types of messages;

[0389] * first configuration response message, such as a bearer context establishment response message, a bearer context modification response message, or other messages or other types of messages;

[0390] * second configuration request message, such as a handover request message, or other messages or other types of messages;

[0391] * second configuration response message, such as a handover request acknowledge message, or other messages or other types of messages

[0392] * first notification message, such as a cell change notification message, a bearer context modification request message, or other messages or other types of messages.

[0393] Figure 15 is a block diagram of a node according to an example embodiment of the present disclosure. Here, the structure and function of a node are explained by taking it as an example, but it should be understood that the shown structure and function can also be applied to the base stations, the relay node and user equipment. Referring to Figure 15, the node 1500 includes a transceiver 1510, a controller 1520 and a memory 1530. Under the control of the controller 1520, which may be implemented as one or more procedureors, the node 1500 (including the transceiver 1510 and the memory 1530) is configured to perform the operations of the node described herein. Although the transceiver 1510, the controller 1520 and the memory 1530 are shown as separate entities, they may be implemented as a single entity, such as a single chip. The transceiver 1510, the controller 1520 and the memory 1530 may be electrically connected or coupled to each other. The transceiver 1510 can transmit and receive signals to and from other network entities, such as another node and / or UE. In one embodiment, the transceiver 1510 may be omitted. In this case, the controller 1520 may be configured to execute indications (including computer programs) stored in the memory 1530 to control the overall operation of the node 1500, thereby realizing the operation of the node described herein.

[0394] According to some embodiments, the user equipment described in the present disclosure may include a cellular or other communication device having a single-line display or a multi-line display or a cellular or other communication device without a multi-line display; PCS (Personal Communications Service), which can combine voice, data processing, fax and / or data communication capabilities; PDA(Personal Digital Assistant), which can include RF receiver, pager, Internet / Intranet access, web browser, notepad, calendar and / or GPS(Global Positioning System) receiver; a conventional laptop and / or palmtop computer or other device having and / or including a radio frequency receiver. As used herein, "terminal" and "terminal device" can be portable, transportable, installed in vehicles (air, sea and / or land), or suitable and / or configured to operate locally, and / or operate in any other location on the earth and / or space in a distributed form. The "terminal" and "terminal device" used here can also be communication terminals, internet terminals and music / video playing terminals, such as PDA, MID (Mobile Internet Device) and / or a mobile phone with music / video playing function, and smart TV, set-top box and other devices.

[0395] Those skilled in the art can realize that the disclosure can be realized in other specific forms without changing the technical idea or basic features of the disclosure. Therefore, it should be understood that the above-mentioned embodiments are only examples and are not limited. The scope of the present disclosure is defined by the appended claims rather than by the detailed description. Therefore, it is to be understood that all modifications or changes derived from the meaning and scope of the appended claims and their equivalents are within the scope of this disclosure.

[0396] In the above embodiments of the present disclosure, all operations and messages may be selectively performed or may be omitted. Furthermore, the operations in each embodiment do not need to be performed sequentially, and the order of the operations can be changed. Messages do not need to be transmitted in order, and the transmission order of messages may change. Each operation and each message transfer can be performed independently.

[0397] Although the present disclosure has been shown and described with reference to various embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made without departing from the spirit and scope of the disclosure as defined by the appended claims and their equivalents.

Claims

1.A method performed by a user equipment in a wireless communication system, the method comprising:receiving a first configuration message including security configuration information of data transmitted by a first node; anddetermining, based on the first configuration message, a security configuration required for a handover to one of at least one cell,wherein the data belongs to at least one of: a control plane, a user plane, a data plane, andwherein the data is processed and / or transmitted by a third node when the user equipment moves between second nodes where the at least one cell is located.2.The method of claim 1,wherein the security configuration information of the data includes at least one of: information related to a security algorithm, security indication information indicating configuration information of a key, key indication information used when key is updated, and first applicable information indicating an applicable range of security configuration information related to the data,wherein the information related to the security algorithm includes at least one of: full plane algorithm information used to indicate a security algorithm required for data of all planes of the user equipment, partial plane algorithm information used to indicate a security algorithm required for data of at least two planes of the user equipment, and single plane algorithm information used to indicate a security algorithm required for one plane of the user equipment,wherein the security indication information includes at least one of: first key change indication information indicating whether a key applicable to the data of the all planes needs to be changed, second key change indication information indicating whether a key applicable to the data of the at least two planes needs to be changed, third key change indication information indicating whether a key applicable to the data of the one plane needs to be changed, key separation indication information indicating whether data of different planes use different keys, key update range indication information for judging whether key update is required,wherein the key indication information includes at least one of: key information, key update information for updating a key, first assistant information for generating a key, andwherein the first applicable information includes at least one of: area identification information, cell identification information, cell set identification information, candidate configuration identification information, path identification information, plane indication information.3.The method of claim 1,wherein the first configuration message also includes configuration information of the at least one cell, and the at least one cell can be at least one of a serving cell, a target cell, and a candidate cell, andwherein the configuration information of the at least one cell includes at least one of: second cell identification information, configuration identification information, range indication information to which a cell indicated by the second cell identification information belongs, security configuration information used when the user equipment accesses a cell indicated by the second cell identification information, at least one of assistant information and identification information required for generating a key when the user equipment accesses the cell indicated by the second cell identification information.4.The method of claim 1,wherein the third node is used to procedure at least one of control plane data, user plane data and data plane data,wherein the third node includes at least one of the following functions: data mapping, data security processing, and data retransmission, andwherein the third node includes at least one of the following protocol layers: a Service Data Adaptation Protocol, a Packet Data Convergence Protocol, and some or all of a Radio Link Control Protocol.5.The method of claim 1,wherein the second node is a base station where the at least one cell is located, or a centralized unit of the base station, or a control plane part of the centralized unit of the base station.6.The method of claim 1,wherein the first configuration message is transmitted by the first node after receiving at least one of the following messages:a second configuration message transmitted by the third node, wherein the second configuration message provides assistant information for generating a security related configuration and / or provides security related configuration information;a first configuration response message transmitted by the third node, wherein the first configuration response message is configuration information for providing data after the third node receives the first configuration request message transmitted by the first node; anda second configuration response message transmitted by the second node, wherein the second configuration response message is used to provide configuration information of a target cell or a candidate cell at the second node after the second node receives a second configuration request message transmitted by the first node,wherein the second configuration message includes at least one of: identification information of the third node, information indicating a service range of the third node, and support information indicating a function or parameter supported by the third node,wherein the first configuration request message includes at least one of: first data request information including information for requesting data served by the third node, first serving node information including information of an old serving node or a current serving node of the user equipment, second security configuration information generated by the first node, first security configuration request information for requesting the third node to provide information related to security configuration,wherein the first configuration response message includes at least one of: first data response information including configuration information for the third node side to service the data, and security related configuration information generated by the third node,wherein the second configuration request message includes at least one of: first cell request information including information of a requested target cell or candidate cell, and second serving node information including information indicating a node currently serving the data of the user equipment, information related to a configured cell including configuration information of at least one target cell or candidate cell configured for the user equipment, andwherein the second configuration response message includes at least one of: first cell response information including configuration information of an accepted cell, fourth serving node information indicating information of a node serving the data after the user equipment accesses the accepted cell.7.A method performed by a first node in a wireless communication system, the method comprising:receiving a first configuration response message transmitted by a third node, wherein the first configuration response message is used to provide configuration information of data of a user equipment; andtransmitting a first configuration message including security configuration information of the data to the user equipment,wherein the data belongs to at least one of: a control plane, a user plane, a data plane, andwherein the data is processed and / or transmitted by the third node when the user equipment moves between second nodes where the at least one cell is located.8.The method of claim 7,wherein the security configuration information of the data includes at least one of: information related to a security algorithm, security indication information indicating configuration information of a key, key indication information used when key is updated, and first applicable information indicating an applicable range of security configuration information related to the data,wherein the information related to the security algorithm includes at least one of: full plane algorithm information used to indicate a security algorithm required for data of all planes of the user equipment, partial plane algorithm information used to indicate a security algorithm required for data of at least two planes of the user equipment, and single plane algorithm information used to indicate a security algorithm required for one plane of the user equipment,wherein the security indication information includes at least one of: first key change indication information indicating whether a key applicable to the data of the all planes needs to be changed, second key change indication information indicating whether a key applicable to the data of the at least two planes needs to be changed, third key change indication information indicating whether a key applicable to the data of the one plane needs to be changed, key separation indication information indicating whether data of different planes use different keys, key update range indication information for judging whether key update is required,wherein the key indication information includes at least one of: key information, key update information for updating a key, first assistant information for generating a key, andwherein the first applicable information includes at least one of: area identification information, cell identification information, cell set identification information, candidate configuration identification information, path identification information, plane indication information.9.The method of claim 7,wherein the first configuration message also includes configuration information of the at least one cell, and the at least one cell can be at least one of a serving cell, a target cell, and a candidate cell, andwherein the configuration information of the at least one cell includes at least one of: second cell identification information, configuration identification information, range indication information to which a cell indicated by the second cell identification information belongs, security configuration information used when the user equipment accesses a cell indicated by the second cell identification information, at least one of assistant information and identification information required for generating a key when the user equipment accesses the cell indicated by the second cell identification information.10.The method of claim 7,wherein the third node is used to procedure at least one of control plane data, user plane data and data plane data,wherein the third node includes at least one of the following functions: data mapping, data security processing, and data retransmission, andwherein the third node includes at least one of the following protocol layers: a Service Data Adaptation Protocol, a Packet Data Convergence Protocol, and some or all of a Radio Link Control Protocol.11.The method of claim 7, further comprisingreceiving a second configuration message transmitted by the third node, wherein the second configuration message provides assistant information for generating a security related configuration and / or provides security related configuration information;transmitting a first configuration request message to the third node;transmitting a second configuration request message to the second node;receiving a second configuration response message transmitted by the second node, wherein the second configuration response message is used to provide configuration information of a target cell or a candidate cell at the second node; andtransmitting a first notification message including handover information of the user equipment to the third node.12.The method of claim 7,wherein the second configuration message includes at least one of: identification information of the third node, information indicating a service range of the third node, and support information indicating a function or parameter supported by the third node,wherein the first configuration request message includes at least one of: first data request information including information for requesting data served by the third node, first serving node information including information of an old serving node or a current serving node of the user equipment, second security configuration information generated by the first node, first security configuration request information for requesting the third node to provide information related to security configuration,wherein the first configuration response message includes at least one of: first data response information including configuration information for the third node side to service the data, and security related configuration information generated by the third node,wherein the second configuration request message includes at least one of: first cell request information including information of a requested target cell or candidate cell, and second serving node information including information indicating a node currently serving the data of the user equipment, information related to a configured cell including configuration information of at least one target cell or candidate cell configured for the user equipment,wherein the second configuration response message includes at least one of: first cell response information including configuration information of an accepted cell, fourth serving node information indicating information of a node serving the data after the user equipment accesses the accepted cell, andwherein the first notification message includes at least one of: target node information, information required for transmission of the data.13.A user equipment in a wireless communication system, the user equipment comprising:at least one transceiver;at least one processor communicatively coupled to the at least one transceiver; andat least one memory, communicatively coupled to the at least one processor, storing instructions executable by the at least one processor individually or in any combination to cause the user equipment to:receive a first configuration message including security configuration information of data transmitted by a first node, anddetermine, based on the first configuration message, a security configuration required for a handover to one of at least one cell,wherein the data belongs to at least one of: a control plane, a user plane, a data plane, andwherein the data is processed and / or transmitted by a third node when the user equipment moves between second nodes where the at least one cell is located.14.The user equipment of claim 13,wherein the security configuration information of the data includes at least one of: information related to a security algorithm, security indication information indicating configuration information of a key, key indication information used when key is updated, and first applicable information indicating an applicable range of security configuration information related to the data,wherein the information related to the security algorithm includes at least one of: full plane algorithm information used to indicate a security algorithm required for data of all planes of the user equipment, partial plane algorithm information used to indicate a security algorithm required for data of at least two planes of the user equipment, and single plane algorithm information used to indicate a security algorithm required for one plane of the user equipment,wherein the security indication information includes at least one of: first key change indication information indicating whether a key applicable to the data of the all planes needs to be changed, second key change indication information indicating whether a key applicable to the data of the at least two planes needs to be changed, third key change indication information indicating whether a key applicable to the data of the one plane needs to be changed, key separation indication information indicating whether data of different planes use different keys, key update range indication information for judging whether key update is required,wherein the key indication information includes at least one of: key information, key update information for updating a key, first assistant information for generating a key, andwherein the first applicable information includes at least one of: area identification information, cell identification information, cell set identification information, candidate configuration identification information, path identification information, plane indication information.15.A first node in a wireless communication system, the first node comprising:at least one transceiver;at least one processor communicatively coupled to the at least one transceiver; andat least one memory, communicatively coupled to the at least one processor, storing instructions executable by the at least one processor individually or in any combination to cause the first node to:receive a first configuration response message transmitted by a third node, wherein the first configuration response message is used to provide configuration information of data of a user equipment, andtransmit a first configuration message including security configuration information of the data to the user equipment,wherein the data belongs to at least one of: a control plane, a user plane, a data plane, andwherein the data is processed and / or transmitted by the third node when the user equipment moves between second nodes where the at least one cell is located.

Images