Communication method and apparatus

By implementing homomorphic encryption between wireless access network devices and terminal devices, the problem of data privacy protection in wireless network computing services is solved, achieving efficient data privacy protection and improved processing performance.

WO2026138407A1PCT designated stage Publication Date: 2026-07-02HUAWEI TECH CO LTD

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
HUAWEI TECH CO LTD
Filing Date
2025-12-02
Publication Date
2026-07-02

AI Technical Summary

Technical Problem

Computing services provided by wireless networks present challenges in terms of privacy protection, especially the data privacy of terminal devices, which is difficult to protect effectively, and existing technologies have failed to provide efficient solutions.

Method used

By implementing homomorphic encryption between wireless access network devices and terminal devices, and utilizing homomorphic encryption algorithms and configuration information, the privacy and security of data during transmission and processing are ensured, including key generation and bootstrap noise reduction processing, thereby reducing the risk of data privacy leakage.

Benefits of technology

This technology enables the provision of computing services to terminal devices in wireless networks while effectively protecting data privacy and improving system processing performance and the quality of data processing results.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN2025139518_02072026_PF_FP_ABST
    Figure CN2025139518_02072026_PF_FP_ABST
Patent Text Reader

Abstract

A communication method and apparatus, which are applied to the technical field of communications. In the method, homomorphic encryption configuration information is acquired by means of the interaction between a terminal apparatus and a radio access network apparatus. The configuration information can instruct the terminal apparatus to perform homomorphic encryption on task data sent to and to be processed by the radio access network apparatus, thereby reducing the risk of data privacy leakage. That is, the present solution provides a feasible solution for protecting data privacy on a terminal apparatus side in a scenario in which the radio access network apparatus provides a computing service for the terminal apparatus.
Need to check novelty before this filing date? Find Prior Art

Description

Communication methods and devices

[0001] This application claims priority to Chinese Patent Application No. 202411984175.0, filed on December 27, 2024, with the China National Intellectual Property Administration, entitled “Communication Method and Apparatus”, the entire contents of which are incorporated herein by reference. Technical Field

[0002] This application relates to the field of communication technology, and in particular to a communication method and apparatus. Background Technology

[0003] In recent years, to provide services closer to users and reduce latency during data transmission, a trend has emerged of migrating cloud-based computing functions to wireless networks. The computing functions for these services are then implemented by devices within the wireless network. This is particularly relevant for large-scale calculations that terminal devices cannot handle, such as calculations for artificial intelligence (AI) services or other large model processing tasks; these can be migrated to wireless networks.

[0004] However, compared to the centralized service model of cloud computing, wireless networks face greater privacy protection challenges in providing related computing services. First, compared to the technologically mature cloud service platforms, the privacy protection methods or mechanisms for computing services provided by wireless networks are still immature. Second, while some computing services on wireless networks are provided by operators, the execution of specific tasks is handled by the equipment vendor's platform, increasing concerns about the inability to protect data privacy. Summary of the Invention

[0005] This application provides a communication method and apparatus that can provide a feasible solution for protecting data privacy on the terminal device side in scenarios where a wireless access network device provides computing services to a terminal device.

[0006] In a first aspect, this application provides a communication method applied to a terminal device, the method comprising:

[0007] Send a first request message; the first request message is used to request the implementation of homomorphic encryption of the task data, and the first request message includes the identifier of the service object used to process the task data in the wireless access network device and the homomorphic encryption algorithm supported by the terminal device;

[0008] Receive homomorphic encryption configuration information; the configuration information includes the selection of the first homomorphic encryption algorithm to be used.

[0009] In the above scheme, the terminal device can obtain configuration information for implementing homomorphic encryption of task data. This configuration information can guide the terminal device to perform homomorphic encryption on the task data sent to the RAN device for processing, thereby reducing the risk of data privacy leakage. In other words, this scheme provides a feasible solution for protecting the data privacy of the terminal device in scenarios where the RAN device provides computing services to the terminal device.

[0010] In one possible implementation, the first request information may further include one or more of the following: the homomorphic encryption algorithm preferred by the terminal device, the complexity of the homomorphic encryption algorithm supported by the terminal device, the processing accuracy requirements of the terminal device for task processing, and the latency requirements of the terminal device for task transmission and / or processing.

[0011] In the above scheme, the first request information may also include other information, such as the homomorphic encryption algorithm preferred by the terminal device, the complexity of the homomorphic encryption algorithm supported by the terminal device, the processing accuracy requirements of the terminal device for task processing, and some or all of the latency requirements of the terminal device for task transmission and / or processing. With this information, a more suitable homomorphic encryption algorithm and other configuration information can be determined, thereby ensuring that the RAN device can efficiently and quickly complete the calculation of homomorphic encrypted data, improving the system's processing performance.

[0012] In one possible implementation, the configuration information may also include one or more of the following:

[0013] The first parameter of the first homomorphic encryption algorithm includes the key length and / or the number of bytes of expansion for homomorphic encryption.

[0014] A first service object selected for processing task data in a wireless access network device and a second parameter of the first service object; the second parameter indicates that the first service object supports encrypted data computation, or the second parameter indicates a method for converting the first service object into a service object that supports encrypted data computation;

[0015] Configuration for bootstrapping noise reduction processing of homomorphically encrypted data.

[0016] In the above scheme, the homomorphic encryption configuration may also include some or all of the aforementioned information. With this information, it can be further ensured that the homomorphically encrypted data meets the capability limitations of the RAN device and that the quality of subsequent data processing results is improved.

[0017] In one possible implementation, the method further includes: performing homomorphic encryption initialization based on configuration information. In this scheme, the terminal device performs the corresponding initialization operation based on the configuration information, so that subsequent encryption, transmission, and decryption of homomorphic encrypted data can be achieved, ensuring data privacy and security.

[0018] In one possible implementation, the configuration information also includes a configuration for homomorphically encrypted data bootstrap denoising, with the configuration indicating that homomorphically encrypted data bootstrap denoising is required.

[0019] The initialization operation includes generating a homomorphic encryption key based on the first homomorphic encryption algorithm; the key includes the key required for the homomorphic encryption bootstrap noise reduction operation; the method also includes:

[0020] Send the key required for homomorphic encryption bootstrap noise reduction operation to the wireless access network device.

[0021] In the above scheme, homomorphically encrypted data can be configured for bootstrap noise reduction processing in the wireless access network device. After the terminal device generates a homomorphically encrypted key based on the configuration information, it can send the key required for the bootstrap noise reduction operation to the wireless access network device. This enables the wireless access network device to perform bootstrap noise reduction processing on the homomorphically encrypted data, thereby reducing data noise.

[0022] Secondly, this application provides a communication method applied to a wireless access network device, the method comprising:

[0023] Receive first request information; the first request information is used to request the implementation of homomorphic encryption of task data, and the first request information includes the identifier of the service object used to process task data in the wireless access network device and the homomorphic encryption algorithm supported by the terminal device;

[0024] Send configuration information for homomorphic encryption; the configuration information includes the selection of the first homomorphic encryption algorithm to be used.

[0025] In the above scheme, the radio access network (RAN) device can receive request information from the terminal device and obtain configuration information for homomorphic encryption of task data, which is then sent to the terminal device. This configuration information guides the terminal device to perform homomorphic encryption on the task data sent to the RAN device for processing, thereby reducing the risk of data privacy leakage. In other words, this scheme provides a feasible approach to protect the data privacy of the terminal device in scenarios where the RAN device provides computing services to the terminal device.

[0026] In one possible implementation, the first request information may further include one or more of the following: the homomorphic encryption algorithm preferred by the terminal device, the complexity of the homomorphic encryption algorithm supported by the terminal device, the processing accuracy requirements of the terminal device for task processing, and the latency requirements of the terminal device for task transmission and / or processing.

[0027] In the above scheme, the first request information may also include other information, such as the homomorphic encryption algorithm preferred by the terminal device, the complexity of the homomorphic encryption algorithm supported by the terminal device, the processing accuracy requirements of the terminal device for task processing, and some or all of the latency requirements of the terminal device for task transmission and / or processing. With this information, a more suitable homomorphic encryption algorithm and other configuration information can be determined, thereby ensuring that the RAN device can efficiently and quickly complete the calculation of homomorphic encrypted data, improving the system's processing performance.

[0028] In one possible implementation, the configuration information may also include one or more of the following:

[0029] The first parameter of the first homomorphic encryption algorithm includes the key length and / or the number of bytes of expansion for homomorphic encryption.

[0030] A first service object selected for processing task data in a wireless access network device and a second parameter of the first service object; the second parameter indicates that the first service object supports encrypted data computation, or the second parameter indicates that the wireless access network device converts the first service object into a service object that supports encrypted data computation.

[0031] Configuration for bootstrapping noise reduction processing of homomorphically encrypted data.

[0032] In the above scheme, the homomorphic encryption configuration may also include some or all of the aforementioned information. With this information, it can be further ensured that the homomorphically encrypted data meets the capability limitations of the RAN device and that the quality of subsequent data processing results is improved.

[0033] One possible implementation method also includes:

[0034] Send a second request message; the second request message includes the content included in the first request message and the capability information of the wireless access network device, the capability information including the homomorphic encryption algorithm supported by the selectable service objects in the wireless access network device;

[0035] Receive homomorphic encryption configuration information.

[0036] In the above scheme, the radio access network device can request configuration information for homomorphic encryption from other devices, such as the core network device. This implementation eliminates the need for the radio access network device to perform decision calculations, thus saving the computational resources of the radio access network device.

[0037] In one possible implementation, the method further includes: determining configuration information based on the first request information and the capability information of the wireless access network device, wherein the capability information includes the homomorphic encryption algorithms supported by the service object.

[0038] In the above scheme, the radio access network device can independently determine the homomorphic encryption configuration information. This implementation reduces the risk of interaction with core network equipment. For example, it simplifies privacy-preserving signaling interactions and process complexity, and avoids the exposure of RAN-side service object deployment information or capability information.

[0039] In one possible implementation, the capability information of the wireless access network device also includes its computing power and / or air interface transmission capability. This scheme can also consider the computing power and / or air interface transmission capability of the wireless access network device together to determine the homomorphic encryption configuration, making the determined configuration more reasonable, more feasible, and better optimizing the overall system performance.

[0040] Thirdly, this application provides a communication method applied to a core network device, the method comprising:

[0041] Receive second request information; the second request information includes the content included in the first request information and the capability information of the wireless access network device, the capability information including the homomorphic encryption algorithm supported by the service object; the first request information is used to request the implementation of homomorphic encryption of task data, the first request information includes the identifier of the service object in the wireless access network device used to process task data and the homomorphic encryption algorithm supported by the terminal device;

[0042] Send configuration information for homomorphic encryption; the configuration information includes the selection of the first homomorphic encryption algorithm to be used.

[0043] Optionally, the first request information may also include one or more of the following: the homomorphic encryption algorithm preferred by the terminal device, the complexity of the homomorphic encryption algorithm supported by the terminal device, the processing accuracy requirements of the terminal device for task processing, and the latency requirements of the terminal device for task transmission and / or processing.

[0044] In one possible implementation, the method further includes: determining the configuration information for homomorphic encryption based on the second request information.

[0045] The above scheme presents a method where the core network device decides on the homomorphic encrypted computing configuration for services. This process comprehensively considers factors such as the terminal's task data encryption requirements, the radio access network's network transmission capabilities, the network service node's computing capabilities, and the encrypted computing support of the deployed service objects to determine the homomorphic encryption configuration. This enables the radio access network device to provide computing services for task data in an encrypted state, thereby reducing the risk of data privacy leakage.

[0046] In one possible implementation, the configuration information may also include one or more of the following:

[0047] The first parameter of the first homomorphic encryption algorithm includes the key length and / or the number of bytes of expansion for homomorphic encryption.

[0048] A first service object selected for processing task data in a wireless access network device and a second parameter of the first service object; the second parameter indicates that the first service object supports encrypted data computation, or the second parameter indicates a method for converting the first service object into a service object that supports encrypted data computation;

[0049] Configuration for bootstrapping noise reduction processing of homomorphically encrypted data.

[0050] In the above scheme, the homomorphic encryption configuration may also include some or all of the aforementioned information. With this information, it can be further ensured that the homomorphically encrypted data meets the capability limitations of the RAN device and that the quality of subsequent data processing results is improved.

[0051] Fourthly, this application provides a communication method applied to a terminal device, the method comprising:

[0052] Send a first request message; the first request message is used to request the implementation of homomorphic encryption of the task data, and the first request message includes the identifier of the first service object in the wireless access network device used to process the task data;

[0053] Receive capability information from the radio access network device; the capability information includes the homomorphic encryption algorithms supported by the service objects in the radio access network device used to process task data, and the capability information is used together with the homomorphic encryption capability information of the terminal device itself to determine the configuration information for implementing homomorphic encryption of task data.

[0054] In the above scheme, the terminal device can request and obtain the homomorphic encryption capability information of the RAN device, and then determine the configuration information for implementing homomorphic encryption of task data based on the obtained information. This configuration information can guide the terminal device to perform homomorphic encryption on the task data sent to the RAN device for processing, thereby reducing the risk of data privacy leakage. In other words, this scheme provides a feasible approach to protect the data privacy of the terminal device in scenarios where the RAN device provides computing services to the terminal device.

[0055] One possible implementation method also includes:

[0056] Based on the capability information of the wireless access network device, the homomorphic encryption algorithm supported by the terminal device, and the homomorphic encryption requirements of the terminal device, the configuration information of homomorphic encryption is determined. The configuration information includes the first homomorphic encryption algorithm to be used, and the homomorphic encryption requirements include one or more of the following: the complexity of the homomorphic encryption algorithm supported by the terminal device, the processing accuracy requirements of the terminal device for task processing, and the latency requirements of the terminal device for task transmission and / or processing.

[0057] Send homomorphic encryption configuration information.

[0058] In the above scheme, the terminal device decides the configuration information, retains the terminal device's main control, ensures that homomorphic encryption is completely controlled by the terminal device, and reduces the risk of data decryption.

[0059] In one possible implementation, the capability information of the wireless access network device also includes its computing power and / or air interface transmission capability. This scheme can also consider the computing power and / or air interface transmission capability of the wireless access network device together to determine the homomorphic encryption configuration, making the determined configuration more reasonable, more feasible, and better optimizing the overall system performance.

[0060] In one possible implementation, the configuration information may also include one or more of the following:

[0061] The first parameter of the first homomorphic encryption algorithm includes the key length and / or the number of bytes of expansion for homomorphic encryption.

[0062] A first service object selected for processing task data in a wireless access network device and a second parameter of the first service object; the second parameter indicates that the first service object supports encrypted data computation, or the second parameter indicates that the wireless access network device converts the first service object into a service object that supports encrypted data computation.

[0063] Configuration for bootstrapping noise reduction processing of homomorphically encrypted data.

[0064] In one possible implementation, the configuration information also includes configuration for homomorphically encrypted data bootstrapping denoising processing, with the configuration indicating the need for homomorphically encrypted data bootstrapping denoising operations; the method also includes:

[0065] The homomorphic encryption key is generated based on the first homomorphic encryption algorithm; the key includes the key required for the homomorphic encryption bootstrap noise reduction operation.

[0066] Send the key required for homomorphic encryption bootstrap noise reduction operation to the wireless access network device.

[0067] In the above scheme, homomorphically encrypted data can be configured for bootstrap noise reduction processing in the wireless access network device. After the terminal device generates a homomorphically encrypted key based on the configuration information, it can send the key required for the bootstrap noise reduction operation to the wireless access network device. This enables the wireless access network device to perform bootstrap noise reduction processing on the homomorphically encrypted data, thereby reducing data noise.

[0068] Fifthly, this application provides a communication method applied to a wireless access network device, the method comprising:

[0069] Receive a first request message; the first request message is used to request the implementation of homomorphic encryption of task data, and the first request message includes the identifier of the service object in the wireless access network device used to process task data;

[0070] Send capability information of the radio access network device; the capability information includes the homomorphic encryption algorithm supported by the service object in the radio access network device used to process task data, and the capability information is used together with the homomorphic encryption capability information of the terminal device to determine the configuration information for implementing homomorphic encryption of task data.

[0071] Optionally, the capability information of the wireless access network device may also include the computing power and / or air interface transmission capability of the wireless access network device.

[0072] In the above scheme, the RAN device can send its own capability information to the terminal device so that the terminal device can make decisions on the configuration information. This retains the terminal device's control and ensures that homomorphic encryption is completely controlled by the terminal device, reducing the risk of data decryption.

[0073] Sixthly, this application provides a communication apparatus for performing the method in the first aspect or any possible implementation thereof. The communication apparatus includes modules for performing the method in the first aspect or any possible implementation thereof.

[0074] In a seventh aspect, this application provides a communication apparatus for performing the method in the second aspect or any possible implementation thereof. The communication apparatus includes modules for performing the method in the second aspect or any possible implementation thereof.

[0075] Eighthly, this application provides a communication apparatus for performing the method in the third aspect or any possible implementation thereof. The communication apparatus includes modules for performing the method in the third aspect or any possible implementation thereof.

[0076] Ninthly, this application provides a communication apparatus for performing the method in the fourth aspect or any possible implementation thereof. The communication apparatus includes modules for performing the method in the fourth aspect or any possible implementation thereof.

[0077] In a tenth aspect, this application provides a communication apparatus for performing the method in the fifth aspect or any possible implementation thereof. The communication apparatus includes modules for performing the method in the fifth aspect or any possible implementation thereof.

[0078] Eleventhly, this application provides a communication device including a processor for executing the method shown in the first aspect or any possible implementation thereof. The processor executes a program stored in a memory, and when the program is executed, the method shown in the first aspect or any possible implementation thereof is executed.

[0079] In one possible implementation, the memory is located outside the aforementioned communication device.

[0080] In one possible implementation, the memory is located within the aforementioned communication device.

[0081] In this embodiment, the processor and memory can also be integrated into a single device, that is, the processor and memory can be integrated together. For example, the communication device can be a chip.

[0082] In one possible implementation, the communication device further includes a transceiver for receiving or sending information.

[0083] In a twelfth aspect, this application provides a communication device including a processor for executing the methods described in the second aspect or any possible implementation thereof. The processor executes a program stored in a memory, and when the program is executed, the methods described in the second aspect or any possible implementation thereof are executed.

[0084] In one possible implementation, the memory is located outside the aforementioned communication device.

[0085] In one possible implementation, the memory is located within the aforementioned communication device.

[0086] In this embodiment, the processor and memory can also be integrated into a single device; that is, the processor and memory can be integrated together. For example, the communication device can be a chip.

[0087] In one possible implementation, the communication device further includes a transceiver for receiving or sending information.

[0088] In a thirteenth aspect, this application provides a communication device including a processor for executing the methods described in the third aspect or any possible implementation thereof. The processor executes a program stored in a memory, and when the program is executed, the methods described in the third aspect or any possible implementation thereof are executed.

[0089] In one possible implementation, the memory is located outside the aforementioned communication device.

[0090] In one possible implementation, the memory is located within the aforementioned communication device.

[0091] In this embodiment, the processor and memory can also be integrated into a single device; that is, the processor and memory can be integrated together. For example, the communication device can be a chip.

[0092] In one possible implementation, the communication device further includes a transceiver for receiving or sending information.

[0093] In a fourteenth aspect, this application provides a communication device including a processor for executing the methods described in the fourth aspect or any possible implementation thereof. The processor executes a program stored in a memory, and when the program is executed, the methods described in the fourth aspect or any possible implementation thereof are executed.

[0094] In one possible implementation, the memory is located outside the aforementioned communication device.

[0095] In one possible implementation, the memory is located within the aforementioned communication device.

[0096] In this embodiment, the processor and memory can also be integrated into a single device; that is, the processor and memory can be integrated together. For example, the communication device can be a chip.

[0097] In one possible implementation, the communication device further includes a transceiver for receiving or sending information.

[0098] In a fifteenth aspect, this application provides a communication device including a processor for executing the methods described in the fifth aspect or any possible implementation thereof. The processor executes a program stored in a memory, and when the program is executed, the methods described in the fifth aspect or any possible implementation thereof are executed.

[0099] In one possible implementation, the memory is located outside the aforementioned communication device.

[0100] In one possible implementation, the memory is located within the aforementioned communication device.

[0101] In this embodiment, the processor and memory can also be integrated into a single device; that is, the processor and memory can be integrated together. For example, the communication device can be a chip.

[0102] In one possible implementation, the communication device further includes a transceiver for receiving or sending information.

[0103] In a sixteenth aspect, this application provides a communication device including a logic circuit and an interface, the logic circuit and the interface being coupled; the interface is used for inputting and / or outputting information, and the logic circuit is used for performing the method as described in the first aspect or any possible implementation thereof.

[0104] In a seventeenth aspect, this application provides a communication device including a logic circuit and an interface, the logic circuit and the interface being coupled; the interface is used for inputting and / or outputting information, and the logic circuit is used for performing the method as described in the second aspect or any possible implementation thereof.

[0105] In an eighteenth aspect, this application provides a communication device including a logic circuit and an interface, the logic circuit and the interface being coupled; the interface is used for inputting and / or outputting information, and the logic circuit is used for performing the method as described in the third aspect or any possible implementation thereof.

[0106] In a nineteenth aspect, this application provides a communication device including a logic circuit and an interface, the logic circuit and the interface being coupled; the interface is used for inputting and / or outputting information, and the logic circuit is used for performing the method as described in the fourth aspect or any possible implementation thereof.

[0107] In a twentieth aspect, this application provides a communication device including a logic circuit and an interface, the logic circuit and the interface being coupled; the interface is used for inputting and / or outputting information, and the logic circuit is used for performing the method as described in the fifth aspect or any possible implementation thereof.

[0108] In a twentieth aspect, this application provides a computer-readable storage medium for storing a computer program that, when run on a computer, causes the methods shown in any of the first to fifth aspects or any possible implementation thereof to be executed.

[0109] In a twentieth aspect, this application provides a computer program product that, when run on a computer, causes the method shown in any of the first to fifth aspects or any possible implementation thereof to be executed.

[0110] In a twentieth aspect, this application provides a computer program that, when run on a computer, executes the methods shown in any of the first to fifth aspects or any possible implementations described above.

[0111] In a twentieth aspect, this application provides a communication system, which includes a terminal device and a wireless access network device. The terminal device is configured to perform the method as described in any of the first aspects, and the wireless access network device is configured to perform the method as described in any of the second aspects.

[0112] Alternatively, the terminal device may be used to perform the method as described in any of the fourth aspects, and the wireless access network device may be used to perform the method as described in the fifth aspect.

[0113] In one possible implementation, the communication system further includes a core network device; if the terminal device is used to perform the method as described in any of the first aspects, and the radio access network device is used to perform the method as described in any of the second aspects, the core network device is used to perform the method as described in any of the third aspects. Attached Figure Description

[0114] Figure 1 is a schematic diagram of the communication system provided in an embodiment of this application.

[0115] Figure 2 shows a schematic diagram of an NR protocol stack.

[0116] Figures 3 to 6 are schematic diagrams of the method flow provided in this application.

[0117] Figures 7 to 9 are schematic diagrams of the device structure provided in this application. Detailed Implementation

[0118] To facilitate understanding of the technical solution of this application, the application will be further described below with reference to the accompanying drawings.

[0119] The terms "first" and "second," etc., used in the specification, claims, and drawings of this application are used only to distinguish different objects and not to describe a specific order. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion. For example, a process, method, system, product, or apparatus that includes a series of steps or units is not limited to the listed steps or units, but may optionally include steps or units not listed, or may optionally include other steps or units inherent to these processes, methods, products, or apparatuses.

[0120] The term "embodiment" as used herein means that a particular feature, structure, or characteristic described in connection with an embodiment may be included in at least one embodiment of this application. The appearance of this phrase in various places throughout the specification does not necessarily refer to the same embodiment, nor is it a separate or alternative embodiment mutually exclusive with other embodiments. It will be explicitly and implicitly understood by those skilled in the art that the embodiments described herein can be combined with other embodiments.

[0121] In this application, "at least one (item)" refers to one or more, "more than one" refers to two or more, "at least two (items)" refers to two or three or more, and "and / or" is used to describe the relationship between related objects, indicating that there can be three relationships. For example, "A and / or B" can mean: only A exists, only B exists, and both A and B exist simultaneously, where A and B can be singular or plural. "Or" indicates that there can be two relationships, such as only A exists and only B exists; when A and B are not mutually exclusive, it can also mean that there are three relationships, such as only A exists, only B exists, and both A and B exist simultaneously. The character " / " generally indicates that the preceding and following related objects are in an "or" relationship. "At least one (item) of the following" or similar expressions refer to any combination of these items. For example, at least one (item) of a, b, or c can mean: a, b, c, "a and b", "a and c", "b and c", or "a and b and c".

[0122] In this application, "instruction" can include direct instruction, indirect instruction, explicit instruction, and implicit instruction. When describing a certain instruction information for the purpose of instructing A, it can be understood that the instruction information carries A, directly instructs A, or indirectly instructs A.

[0123] In this application, the information indicated by the instruction information is called the information to be instructed. In specific implementations, there are many ways to indicate the information to be instructed, such as, but not limited to, directly indicating the information to be instructed, such as the information to be instructed itself or its index. It can also indirectly indicate the information to be instructed by indicating other information, where there is a relationship between the other information and the information to be instructed. It can also indicate only a part of the information to be instructed, while the other parts are known or pre-agreed upon. For example, the instruction of specific information can be achieved by using a pre-agreed (e.g., protocol-defined) arrangement of various pieces of information, thereby reducing instruction overhead to some extent. Furthermore, the information to be instructed can be sent as a whole or divided into multiple sub-information pieces, and the sending period and / or timing of these sub-information pieces can be the same or different.

[0124] In this application, "send" and "receive" indicate the direction of signal transmission. For example, "send information to XX" can be understood as the destination of the information being XX, which can include direct transmission via the air interface or indirect transmission via the air interface from other units or modules. "Receive information from YY" can be understood as the source of the information being YY, which can include direct reception from YY via the air interface or indirect reception from YY via the air interface from other units or modules. "Send" can also be understood as the "output" of the chip interface, and "receive" can also be understood as the "input" of the chip interface. In other words, sending and receiving can occur between devices, such as between RAN devices and terminal devices, or within a device, such as between components, modules, chips, software modules, or hardware modules within the device via a bus, wiring, or interface.

[0125] In the various embodiments of this application, unless otherwise specified or in case of logical conflict, the terminology and / or descriptions between the various embodiments are consistent and can be referenced by each other. Technical features in different embodiments can be combined to form new embodiments according to their inherent logical relationships.

[0126] The embodiments of this application will be described below with reference to the accompanying drawings.

[0127] Referring to Figure 1, a possible communication system applicable to embodiments of this application is illustrated. This communication system includes a terminal device and a radio access network (RAN) device. The terminal device and the RAN device communicate via a wireless communication link. In another possible implementation, the communication system may further include a core network device. The core network device can communicate with the RAN device via wired or wireless means. The terminal device communicates with the core network device through the RAN device. In yet another possible implementation, the communication system may further include a cloud server. The cloud server can communicate with the core network device via wired or wireless means.

[0128] For example, the aforementioned terminal equipment may also be referred to as user equipment (UE), subscriber station (STA), mobile station (MS), mobile terminal (MT), etc., and is a device that provides data connectivity to users. The terminal equipment may have wireless transceiver capabilities. For example, terminal devices can be handheld terminals, very small aperture terminals (VSAT), laptops, customer premise equipment (CPE) laptops, subscriber units, cellular phones, smartphones, wireless data cards, personal digital assistant (PDA) computers, tablet computers, handheld devices, laptop computers, cordless phones, wireless local loop (WLL) stations, machine type communication (MTC) terminals, wearable devices (such as smartwatches, smart bracelets, pedometers, etc.), in-vehicle equipment (such as cars, bicycles, electric vehicles, airplanes, ships, trains, high-speed trains, etc.), virtual reality (VR) devices, augmented reality (AR) devices, wireless terminals in industrial control, smart home devices (such as refrigerators, televisions, air conditioners, electricity meters, etc.), intelligent robots, workshop equipment, and self-driving vehicles. Wireless terminals in applications such as driving, telemedicine, smart grids, transportation safety, smart cities, smart homes, and flying equipment (such as intelligent robots, hot air balloons, drones, airplanes, etc.) or other devices capable of accessing networks. This application does not limit the specific technology or form of the terminal device.

[0129] In this embodiment, the device for implementing the functions of the terminal device can be the terminal device itself; it can also be a device capable of supporting the terminal device in implementing the functions, such as a chip system or functional module. This device can be installed in the terminal device or used in conjunction with the terminal device. In this embodiment, the chip system can be composed of chips or can include chips and other discrete devices. For ease of description, the following description uses the example of a terminal device as the means to implement the functions of the terminal device.

[0130] For example, the aforementioned RAN equipment can be a device deployed in a radio access network to provide wireless communication services to terminal devices. For instance, it can be a base station or other RAN equipment. For example, the RAN equipment can be a next-generation NodeB (gNB), transmission reception point (TRP), evolved Node B (eNB), radio network controller (RNC), Node B (NB), base station controller (BSC), base transceiver station (BTS), home base station (e.g., home evolved NodeB, or home Node B (HNB)), base band unit (BBU), WiFi access point (AP), or integrated access and backhaul (IAB) equipment, etc., in a new radio (NR) system.

[0131] In another network architecture, the aforementioned RAN device can be a RAN device including a centralized unit (CU), a distributed unit (DU), or a RAN device including both CU and DU. In a RAN device including both CU and DU, some protocol layer functions are centrally controlled by the CU, while the remaining partial or complete protocol layer functions are distributed in the DU, which is centrally controlled by the CU. For ease of understanding, please refer to Figure 2, which exemplarily illustrates a schematic diagram of an NR protocol stack.

[0132] As shown in Figure 2(a), the CU is deployed with a radio resource control (RRC) layer, a service data adaptation protocol (SDAP) layer, and a packet data convergence protocol (PDCP) layer. The DU is deployed with a radio link control (RLC) layer, a media access control (MAC) layer, and a physical layer (PHY). Therefore, the CU has processing capabilities for the RRC, SDAP, and PDCP layers. The DU has processing capabilities for the RLC, MAC, and PHY layers.

[0133] It should be understood that the above functional division is merely an example and does not constitute a limitation on CU and DU. In other words, there are other ways to divide functions between CU and DU, which are not limited here.

[0134] In one possible implementation, the functionality of the CU can be implemented by a single entity or by different entities. As shown in Figure 2(b), the functionality of the CU can be further divided. For example, the control plane (CP) and user plane (UP) in the CU can be separated to obtain the CU control plane (CU-CP) and the CU user plane (CU-UP). Exemplarily, CU-CP and CU-UP can be implemented by different functional entities, and CU-CP and CU-UP can be coupled with the DU to jointly complete the functions of the access network device.

[0135] In one possible implementation, CU-CP handles control plane functions, primarily responsible for RRC and PDCP-C. PDCP-C is mainly responsible for control plane data encryption / decryption, integrity protection, and data transmission. CU-UP handles user plane functions, primarily responsible for SDAP and PDCP-U. SDAP is mainly responsible for processing core network data and mapping data flows to bearers. PDCP-U is mainly responsible for data plane encryption / decryption, integrity protection, header compression, sequence number maintenance, and data transmission. CU-CP and CU-UP can connect via an E1 interface. CU-CP can connect to core network equipment via a next-generation (NG) interface. DU and CU-CP can connect via an F1-C interface. DU and CU-UP can connect via an F1-U interface. Another possible implementation is that PDCP-C is also located within CU-UP.

[0136] In one possible real-time approach, CU-CP can be divided into CU-CP1 and CU-CP2. CU-CP1 includes various radio resource management functions, while CU-CP2 only includes PDCP-C functions (i.e., the basic functions of control plane signaling at the PDCP layer).

[0137] For example, the core network equipment described above is a network element included in the core network (CN) portion of a mobile communication system. Core network equipment enables terminal devices to access different data networks and performs services such as authentication, accounting, mobility management, session management, policy control, and user plane forwarding. Core network equipment can be the core network equipment in current mobile communication systems (such as 5th generation (5G) mobile communication systems) or in future mobile communication systems. In different mobile communication systems, the names of core network equipment with the same functions may differ. However, this application does not limit the specific name of the core network equipment having each function.

[0138] For example, in 4th generation (4G) mobile communication systems (i.e., Long Term Evolution, LTE), the aforementioned core network equipment may include, but is not limited to, the following network elements: a Mobile Management Entity (MME) responsible for access control, security control, and signaling coordination; a Serving Gateway (S-GW) serving as the local mobile management anchor point; a Packet Data Network (PDN) Gateway (P-GW) responsible for Internet Protocol (IP) address allocation and serving as the anchor point for handover to external data networks; a Home Subscriber Server (HSS) storing user-related data and subscription data; and a Policy and Charging Rule Function (PCRF) network element responsible for policy and charging functions.

[0139] For example, in a 5G mobile communication system, based on specific logical functions, the core network can be divided into the control plane (CP) and the user plane (UP). Network elements responsible for control plane functions within the core network (CN) can be collectively referred to as control plane network elements, while those responsible for user plane functions can be collectively referred to as user plane network elements. Specifically, in the user plane, network elements that serve as interfaces to the data network and are responsible for user plane data forwarding are called user plane function (UPF) network elements. In the control plane, network elements responsible for access control and mobility management functions are called access and mobility management function (AMF) network elements; network elements responsible for session management and control policy execution are called session management function (SMF) network elements; network elements responsible for managing subscription data and user access authorization are called unified data management (UDM) network elements; network elements responsible for billing and policy control functions are called policy and charging function (PCF) network elements; and application function (AF) network elements are responsible for handling the network side's requirements from the transmission application side.

[0140] In one possible implementation, the aforementioned terminal equipment and RAN equipment can be connected via a Uu interface. The RAN equipment and core network equipment can be connected via an NG interface.

[0141] For example, the cloud server described above can be used to provide services to terminal devices. For instance, it can provide services such as image or voice processing, translation, big data analysis, intelligent chat, or personal assistant. Or it can provide services such as AI-based mobility prediction or load balancing. As can be seen, these services may include, for example, various AI services or large model processing services, etc. It is understood that the description of the services provided by the cloud server herein is merely illustrative and does not constitute a limitation on the embodiments of this application.

[0142] It should be noted that the communication system shown in Figure 1 is not limited to the terminal equipment, RAN equipment, core network equipment or cloud server shown in the figure, but may also include other equipment not shown in the figure. These will not be listed here.

[0143] The aforementioned communication system can be applied to long-term evolution (LTE) systems, NR systems, and communication systems evolving after 5G, such as 6th generation (6G). The communication system can be applied to various communication scenarios, including non-terrestrial network (NTN) systems and narrowband Internet of Things (NB-IoT) systems. This application's embodiments do not impose any limitations on this.

[0144] For example, the wireless access network architecture in the communication system shown in Figure 1 above can be a network architecture such as 5G RAN, open RAN (O-RAN) or cloud-based RAN (C-RAN), and this application embodiment does not limit it.

[0145] The network architecture and business scenarios described in the embodiments of this application are for the purpose of more clearly illustrating the technical solutions of the embodiments of this application, and do not constitute a limitation on the technical solutions provided in the embodiments of this application. As those skilled in the art will know, with the evolution of network architecture and the emergence of new business scenarios, the technical solutions and network architectures provided in the embodiments of this application are also applicable to similar technical problems.

[0146] For example, in this embodiment of the application, in order to provide services closer to the user and reduce latency during service data transmission, the computing functions of the services provided by the cloud server can be migrated to the RAN. In particular, large-scale calculations that cannot be completed by the computing power of some terminal devices, such as AI service calculations or other large model processing calculations, can be migrated to the RAN. Based on this, the computing models, algorithms, functions, or applications of these services can be deployed on the computing nodes in the RAN. For example, assuming the service to be provided is image processing, then the computing node can deploy the image processing computing model, algorithm, function, or application. Other services are similar and will not be elaborated further. That is, the computing model, algorithm, function, or application deployed on the computing nodes in the RAN is the service object that processes the task data corresponding to the service.

[0147] For example, the computing node belongs to a service unit (SU) in the RAN. In one possible implementation, the computing node can be a functional module in the RAN device shown in Figure 1. Alternatively, the computing node can be a cloud-based virtual node. This virtual node can be deployed in the RAN device. Alternatively, the computing node can be a physical device independent of the RAN device described in Figure 1, but this physical device is also part of the RAN. In the following description, the device including the computing node in this application embodiment will be simply referred to as a radio access network device. For example, if the computing node is deployed in the RAN device, then the RAN device is the radio access network device. If the computing node is an independent device, then the independent device is the radio access network device.

[0148] The aforementioned computational functions implemented in the RAN face greater privacy protection challenges. To protect terminal-side data privacy in scenarios where the radio access network device provides computational services to the terminal, this application embodiment employs homomorphic encryption to encrypt the terminal-side task data before sending it to the aforementioned radio access network device. The radio access network device processes the received task data in the encrypted state, obtains the processing result, and returns it to the terminal. To implement this homomorphic encryption, this application provides a method flow for configuring this homomorphic encryption. An exemplary description follows.

[0149] For example, Figure 3 is a flowchart illustrating a communication method provided in an embodiment of this application.

[0150] S301, The terminal device sends a first request message; the first request message is used to request the implementation of homomorphic encryption of the task data, and the first request message includes the identifier of the service object used to process the task data in the wireless access network device and the homomorphic encryption algorithm supported by the terminal device.

[0151] For example, the description of the terminal device can be found in the foregoing description, and will not be repeated here.

[0152] For example, the terminal device may send the aforementioned first request information before initiating a new computing task to the wireless access network device. A description of the wireless access network device can be found in the foregoing description, and will not be repeated here.

[0153] For example, the aforementioned first request information is used to request homomorphic encryption of task data. This first request information may include an identifier of the service object used by the radio access network device to process the task data. That is, it may include an identifier of the application, model, or function used to process the task data. With this identifier, the radio access network device can know the type of task to be calculated next and quickly find the corresponding service object. Furthermore, the first request information may also include homomorphic encryption algorithms supported by the terminal device to inform the terminal device of its homomorphic encryption capabilities. For example, the homomorphic encryption algorithm supported by the terminal device included in the first request information may be a homomorphic encryption algorithm already selected by the terminal device. Alternatively, in another implementation, the homomorphic encryption algorithm supported by the terminal device included in the first request information may be one or more selectable homomorphic encryption algorithms supported by the terminal device. For example, the homomorphic encryption algorithm may include, but is not limited to, the YASHE algorithm, BGV algorithm, TFHE algorithm, or CKKS algorithm. This application embodiment does not limit the specific homomorphic encryption algorithm used; it can be any algorithm capable of implementing homomorphic encryption.

[0154] In one possible implementation, in addition to the identifier of the service object and the homomorphic encryption algorithm supported by the terminal device, the first request information may also include one or more of the following: the homomorphic encryption algorithm preferred by the terminal device, the complexity of the homomorphic encryption algorithm supported by the terminal device, the processing accuracy requirements of the terminal device for task processing, and the latency requirements of the terminal device for task transmission and / or processing. Since homomorphic encryption of data increases the number of transmitted bits and processing complexity, it also increases transmission and processing latency. By including the latency requirements for task transmission and / or processing in the first request information, a reasonable configuration that meets these requirements can be determined subsequently to ensure the processing performance of homomorphically encrypted data. For example, if the first request information includes one or more selectable homomorphic encryption algorithms supported by the terminal device, then the request information may also include indication information of the homomorphic encryption algorithm preferred by the terminal device. The homomorphic encryption algorithm preferred by the terminal device may be one of the selectable homomorphic encryption algorithms. For example, the complexity of the homomorphic encryption algorithm supported by the terminal device may include, for example, the maximum complexity of each homomorphic encryption algorithm supported by the terminal device. For example, the information included in the first request can help determine a more suitable homomorphic encryption algorithm, thereby improving the system's processing performance.

[0155] S302, The wireless access network device receives the first request information.

[0156] For example, after the terminal device sends the first request information, the radio access network device can receive the first request information. In one possible implementation, the core network device determines the homomorphic encryption configuration information, and then the radio access network device can forward the first request information to the core network device. The core network device can be the core network equipment of the communication system shown in Figure 1, or a chip system or processor in the core network equipment, etc. In another possible implementation, the radio access network device determines the homomorphic encryption configuration information. These two implementation methods are described below.

[0157] For example, in one possible implementation, the core network device determines the configuration information for homomorphic encryption. Referring to Figure 4, after S302, steps S302A to S302D may also be included, but are not limited to, the following steps.

[0158] S302A, The wireless access network device sends a second request message; the second request message includes the content of the first request message and the capability information of the wireless access network device, which includes the homomorphic encryption algorithm supported by the service object.

[0159] For example, the second request information sent by the radio access network device to the core network device may include, in addition to the content included in the first request information, the capability information of the radio access network device. This capability information includes the homomorphic encryption algorithms supported by selectable service objects in the radio access network device. For example, it may include indication information on whether each service object supports encrypted data computation.

[0160] For example, a wireless access network device may deploy one or more service objects for providing computing services to terminal devices. Different service objects may provide different computing services. For example, some may provide image processing services, some may provide voice processing services, some may provide mobility prediction services, some may provide load balancing computing services, and so on. Alternatively, even if they provide the same type of processing service, different service objects may have different processing complexity or processing precision, etc. This application embodiment does not limit the type, processing complexity, or processing precision of the computing services provided by the service objects. Furthermore, some service objects support homomorphic encryption data computation, i.e., they support encrypted data computation. Some service objects do not support encrypted data computation, depending on the actual service object deployment. Based on this, the information in the second request message that includes the homomorphic encryption algorithms supported by selectable service objects in the wireless access network device can be used to determine the configuration of homomorphic encryption computation that meets the needs of the terminal device.

[0161] For example, in another possible implementation, the capability information of the aforementioned wireless access network device may further include the computing power and / or air interface transmission capability of the wireless access network device. That is, when considering homomorphic encryption configuration, the computing power and / or air interface transmission capability of the wireless access network device must also be considered. Only when these two capabilities are satisfied can subsequent homomorphic encryption calculations and the transmission and reception of homomorphically encrypted data be realized. For example, the computing power can be represented by the computing resources in the wireless access network device, which will not be elaborated in this embodiment. For example, the air interface transmission capability may include downlink transmission rate, uplink transmission rate, or modulation scheme, which will not be elaborated in this embodiment.

[0162] For example, in one possible implementation, the terminal device may send the first request information via non-access stratum (NAS) signaling. In this case, the radio access network device may transparently transmit the NAS signaling including the first request information to the core network device. Furthermore, the radio access network device also sends its capability information to the core network device. That is, the content included in the first request information and the capability information of the radio access network device in the second request information may be sent separately. Alternatively, in another possible implementation, the radio access network device receives the first request information sent by the terminal device. After obtaining the content of the first request information, it combines the obtained content and the capability information of the radio access network device to form the second request information and sends it. This application embodiment does not limit the specific sending method.

[0163] For example, in one possible implementation, if the aforementioned wireless access network device is the aforementioned RAN device, and the aforementioned computing node is deployed within the RAN device, and the RAN device includes CU and DU, and the CU and DU implement communication within the RAN device, then there is interaction between units within the RAN device. For example, if the air interface transmission capability is provided by the CU, then the CU requests the capability information of the aforementioned wireless access network device from the computing node in the RAN device. After the computing node sends the capability information to the CU, it is then transmitted out through the CU. It is understood that this is merely one possible implementation and does not constitute a limitation on the embodiments of this application.

[0164] S302B, the core network device receives the second request information and determines the configuration information for homomorphic encryption; the configuration information includes the first homomorphic encryption algorithm to be used.

[0165] For example, after receiving the second request information, the core network device can determine the homomorphic encryption configuration information based on the content included in the second request information. For example, the configuration information may include a selected first homomorphic encryption algorithm. For example, the first homomorphic encryption algorithm is one of the homomorphic encryption algorithms supported by the terminal device included in the first request information. For example, if the first request information may further include one or more of the following: the homomorphic encryption algorithm preferred by the terminal device, the complexity of the homomorphic encryption algorithm supported by the terminal device, the processing accuracy requirements of the terminal device for task processing, and the latency requirements of the terminal device for task transmission and / or processing, then in one example, the first homomorphic encryption algorithm may be a homomorphic encryption algorithm preferred by the terminal device. In one example, the first homomorphic encryption algorithm satisfies the terminal device's requirements for algorithm complexity. In one example, the first homomorphic encryption algorithm satisfies the terminal device's requirements for processing accuracy and / or latency.

[0166] In one possible implementation, the configuration information may further include a first parameter of the first homomorphic encryption algorithm. This first parameter includes the key length of the homomorphic encryption and / or the number of bytes to be expanded. For example, a longer key length increases the difficulty of cracking and improves security. The key length can be determined based on security requirements. For instance, a pre-defined correspondence between security levels and key lengths can be established, and the corresponding key length can be determined based on the security level requirements. The amount of data after homomorphic encryption increases, i.e., the number of bytes expands. The greater the byte expansion, the more data needs to be transmitted, and the higher the requirements for the device's transmission capacity. Therefore, the number of bytes to be expanded can be determined based on the air interface transmission capacity of the aforementioned wireless access network device. For example, a pre-defined correspondence between air interface transmission capacity and the number of bytes to be expanded can be established, and the corresponding number of bytes to be expanded can be determined based on the air interface transmission capacity of the wireless access network device. In one example, the number of bytes to be expanded also needs to meet the limitations of the wireless access network device's computing power. Since a larger number of bytes to be expanded means more data for the wireless access network device to process, an excessive number of bytes to be expanded also poses a challenge to the computing power of the wireless access network device. Therefore, the computing power of the wireless access network device can also be considered when determining the number of bytes to be expanded. For example, the correspondence between computing power, air interface transmission capability, and the number of bytes to be expanded can be preset, and the corresponding number of bytes to be expanded can be determined based on the computing power and air interface transmission capability of the wireless access network device.

[0167] In one possible implementation, the configuration information may further include a first service object selected by the radio access network device for processing task data and a second parameter of the first service object. For example, the first service object may be a service object determined from the selectable service objects in the radio access network device based on the identifier of the service object included in the first request information. Then, the second parameter indicates whether the first service object supports encrypted data computation, or indicates a method for converting the first service object into a first service object that supports encrypted data computation. For example, the second request information includes indication information as to whether each selectable service object in the radio access network device supports encrypted data computation. Based on this, the indication information as to whether the first service object supports encrypted data computation can be obtained. If the first service object supports encrypted data computation, the second parameter in the configuration information indicates that the first service object supports encrypted data computation. If the first service object does not support encrypted data computation, the second parameter in the configuration information indicates a method for converting the first service object into a service object that supports encrypted data computation. For example, it may indicate that the first service object is converted into a service object that supports encrypted data computation through a conversion method in CryptoNets. It is understood that the conversion method described here is merely an example, and the embodiments of this application do not limit the specific conversion method; any feasible conversion method can be used.

[0168] In one possible implementation, the configuration information may further include configuration for bootstrapping noise reduction processing of homomorphically encrypted data. For example, it may include indication information on whether bootstrapping noise reduction processing is required. Optionally, it may also include indication information on the timing of bootstrapping noise reduction processing. For example, since homomorphic encryption introduces noise, introducing a bootstrapping operation during computation can reduce noise. For example, the bootstrapping operation requires knowledge of the homomorphic encryption key. The bootstrapping operation is completed by homomorphically decrypting and re-encrypting the data using this key. The noise of the data after bootstrapping is reduced. The specific implementation process of the bootstrapping operation is not described in detail in this embodiment.

[0169] The S302C and core network devices send homomorphic encryption configuration information.

[0170] For example, after the core network device determines the configuration information, it can send the configuration information to the radio access network device.

[0171] For example, in one possible implementation, the core network device may also send the aforementioned configuration information to a cloud server. This cloud server may be the cloud server of the first service object mentioned above. Sending the configuration information to the cloud server informs it of the specific configuration details for data synchronization and storage.

[0172] The S302D wireless access network device receives homomorphic encrypted configuration information.

[0173] For example, the wireless access network can receive homomorphically encrypted configuration information sent by the aforementioned core network device.

[0174] For example, in one possible implementation, the configuration information for homomorphic encryption is determined by the wireless access network device. Referring to Figure 5, following S302, steps including but not limited to S3021 may also be included.

[0175] S3021, The wireless access network device determines the configuration information for homomorphic encryption; the configuration information includes the selection of the first homomorphic encryption algorithm to be used.

[0176] For example, after receiving the first request information, the radio access network device can obtain the content included in the first request information. Then, it combines the radio access network device's own capability information and the first request information to determine the homomorphic encryption configuration information. For example, the content included in the first request information and the radio access network device's capability information can be found in the foregoing description. Furthermore, the specific implementation of determining the homomorphic encryption configuration information based on the radio access network device's capability information and the first request information can be found in the corresponding description in S302B above, and will not be repeated here.

[0177] The above, in conjunction with Figures 4 and 5, exemplarily illustrates two methods for implementing configuration information for decision homomorphic encryption. It should be understood that the foregoing description is merely an example and does not constitute a limitation on the embodiments of this application.

[0178] S303. The wireless access network device sends configuration information for homomorphic encryption; the configuration information includes the selection of the first homomorphic encryption algorithm to be used.

[0179] For example, in conjunction with the implementation shown in Figure 4 above, if the core network device sends configuration information to the terminal device via NAS signaling, then the radio access network device will transparently transmit the NAS signaling including the configuration information to the terminal device. Furthermore, the core network device also sends the configuration information to the radio access network device. The radio access network device can obtain this configuration information. Then, the radio access network device can complete the configuration of encrypted computing based on the configuration information. For example, the configuration of encrypted computing includes, but is not limited to: activating the first service object indicated in the configuration information for selecting to process task data; or, converting the first service object into a service object supporting encrypted computing according to the conversion method indicated by the second parameter in the configuration information.

[0180] For example, in conjunction with the implementation shown in Figure 4 above, if the core network device does not send configuration information via NAS signaling, the wireless network device, after obtaining the configuration information, can send all the configuration information to the terminal device, or it can send only the configuration information for the terminal device. For example, if only the configuration information for the terminal device is sent, the first homomorphic encryption algorithm selected in the configuration information, optionally, the first parameters of the first homomorphic encryption algorithm and / or the configuration of the homomorphically encrypted data bootstrapping noise reduction processing, can be sent to the terminal device. The unsent configuration information, namely the first service object selected for processing task data in the wireless access network device and the second parameters of the first service object, can be used by the wireless access network device to complete the configuration for encrypted calculation. Furthermore, for example, if the configuration of the homomorphically encrypted data bootstrapping noise reduction processing indicates that bootstrapping noise reduction processing is required, optionally, the time for bootstrapping noise reduction processing is also indicated. Then, after receiving the homomorphically encrypted task data sent by the terminal device, the wireless access network device can complete the bootstrapping noise reduction processing operation of the homomorphically encrypted task data according to the configuration.

[0181] For example, in conjunction with the implementation shown in Figure 5 above, after the wireless access network device determines the homomorphic encryption configuration information, it can send all the configuration information to the terminal device, or it can send only the configuration information for the terminal device to the terminal device. See the relevant descriptions above for details, which will not be repeated here. In one possible implementation, the wireless access network device can also send the determined configuration information to the core network device and / or the cloud server corresponding to the first service object mentioned above.

[0182] S304. The terminal device receives homomorphic encryption configuration information.

[0183] For example, after receiving the configuration information, the terminal device can configure and initialize the first homomorphic encryption algorithm indicated in the configuration information. Initialization may include, for example, generating a homomorphic encryption key based on the first homomorphic encryption algorithm.

[0184] For example, if the configuration information includes a configuration for homomorphically encrypted data bootstrapping noise reduction, and this configuration indicates that bootstrapping noise reduction processing is required, then the terminal device will also send the homomorphically encrypted key required for bootstrapping noise reduction processing to the radio access network device. The radio access network device can then complete the subsequent bootstrapping noise reduction processing operation based on this key. For example, the homomorphically encrypted key generated based on the first homomorphic encryption algorithm includes the homomorphically encrypted key required for the bootstrapping noise reduction processing. An example is provided for ease of understanding.

[0185] For example, suppose the key generated based on this first homomorphic encryption algorithm consists of two key pairs. Suppose the first key pair is represented by P. 11 and P 12 To represent, the second key pair is represented by P. 21 and P 22 Let P be used to represent this. 11 P is the encryption key for the first key pair. 12 P is the decryption key for the first key pair. 21 P is the encryption key for the second key pair. 22 This is the decryption key for the second key pair. For example, in one possible implementation, the terminal device can use the encryption key P of the first key pair. 11 The task data x is homomorphically encrypted to obtain homomorphically encrypted task data P1(x). The terminal device sends the task data P1(x) to the radio access network device. The radio access network device can use the first service object to calculate the encrypted task data P1(x) to obtain the encrypted calculation result P1(y). Since the first service object performs calculations on the homomorphically encrypted data, unnecessary noise is introduced. To reduce data noise, bootstrapping noise reduction processing can be performed. For example, bootstrapping noise reduction processing is as follows: The radio access network device can use the encryption key P of the second key pair. 21 Encrypt the calculation result P1(y) to obtain a processed result P2(P1(y)); then, use the decryption key P from the first key pair. 12The processing result P2(P1(y)) is homomorphically decrypted to obtain a processing result P2(y). This processing result P2(y) is the low-noise calculation result obtained after bootstrapping noise reduction processing. This is equivalent to refreshing the homomorphically encrypted key pair to a second key pair without decryption. Then, the wireless access network device sends this calculation result P2(y) to the terminal device. The terminal device uses the decryption key P of the second key pair... 22 Decrypt the processing result P2(y) to obtain the plaintext processing result y.

[0186] Therefore, based on the above description, it can be seen that the homomorphic encryption key required for bootstrapping noise reduction processing includes the encryption key P of the second key pair. 21 And the decryption key P of the first key pair 12 Based on this, the aforementioned terminal device can transmit the encryption key P of the second key pair. 21 And the decryption key P of the first key pair 12 It is sent to the wireless access network device. It is understood that the example given is merely illustrative and does not constitute a limitation on the embodiments of this application.

[0187] For example, after the terminal device and the wireless access network device complete the homomorphic encryption configuration, they can enter the homomorphically encrypted task data interaction and processing flow. For example, before sending task data, the terminal device first performs homomorphic encryption processing on the data according to the first homomorphic encryption algorithm. Then, it sends out the homomorphically encrypted task data. The wireless access network device processes the encrypted task data. If bootstrapping noise reduction processing is configured for the homomorphically encrypted task data, the wireless access network device first performs bootstrapping noise reduction processing on the received task data to obtain the noise-reduced homomorphically encrypted task data. Then, it calculates the task data through the first service object to obtain the calculation result and sends the calculation result to the terminal device. The terminal device performs homomorphic decryption on the calculation result to obtain the plaintext calculation result. For example, in one possible implementation, the wireless access network device can also send the obtained calculation result to the cloud server through the core network device, and the cloud server can also perform homomorphic decryption on the calculation result to obtain the plaintext calculation result.

[0188] The above embodiments provide a process for core network devices or radio access network devices to decide on the homomorphic encrypted computing configuration for services. This process can consider the task data encryption requirements on the terminal side. Optionally, it can also consider the network transmission capabilities of the radio access network side, the computing capabilities of network service nodes, and the encrypted computing support of deployed service objects to implement the homomorphic encryption configuration decision, so as to enable the radio access network device to provide computing services for task data in an encrypted state. This reduces the risk of data privacy leakage. That is, this solution provides a feasible solution for protecting the data privacy of the terminal device side in the scenario where the RAN device provides computing services to the terminal device. In addition, the above-mentioned scheme in which the radio access network device decides on the configuration information can simplify the signaling interaction and process complexity for privacy protection, and avoid the exposure of the deployment status or capability information of the RAN-side service objects.

[0189] For example, Figure 6 is a flowchart illustrating another communication method provided in an embodiment of this application.

[0190] S601, The terminal device sends a first request message; the first request message is used to request homomorphic encryption of the task data, and the first request message includes the identifier of the service object in the wireless access network device used to process the task data.

[0191] For example, the description of the terminal device can be found in the foregoing description, and will not be repeated here.

[0192] For example, the terminal device may send the aforementioned first request information before initiating a new computing task to the wireless access network device. A description of the wireless access network device can be found in the foregoing description, and will not be repeated here.

[0193] For example, the aforementioned first request information is used to request homomorphic encryption of task data. For example, in this implementation, the terminal device determines the homomorphic encryption configuration information. Therefore, the first request information can also be seen as a request to obtain the capability information of the wireless access network device. This capability information, together with the homomorphic encryption capability information of the terminal device, is used to determine the configuration information for implementing homomorphic encryption of the task data.

[0194] For example, the first request information may include an identifier of the service object used by the radio access network device to process task data. That is, it may include an identifier of the application, model, or function used to process the task data. With this identifier, the radio access network device can determine the type of task to be calculated and quickly locate the corresponding service object.

[0195] S602, The wireless access network device receives the first request information.

[0196] For example, after receiving the first request information, the wireless access network device can obtain its own capability information.

[0197] In one possible implementation, the capability information of the wireless access network device can be found in the description of the capability information in step S302A above.

[0198] For example, in another possible implementation, the capability information may include information about the homomorphic encryption algorithms supported by the first service object used to process task data. The radio access network device can determine the first service object from among the service objects selectable by the radio access network device based on the identifier of the service object included in the first request information. This allows the acquisition of information about the homomorphic encryption algorithms supported by the first service object. This information may include indication information on whether the first service object supports encrypted data computation. Optionally, the capability information may also include the computing power and / or air interface transmission capabilities of the radio access network device.

[0199] S603. The wireless access network device transmits capability information of the wireless access network device; the capability information includes the homomorphic encryption algorithm supported by the first service object in the wireless access network device used to process task data, and the capability information is used together with the homomorphic encryption capability information of the terminal device to determine the configuration information for implementing homomorphic encryption of task data.

[0200] After receiving its own capability information in response to the first request, the aforementioned wireless network device can send out that capability information. In one possible implementation, the wireless network device can also send one or more pieces of information, such as its preferred homomorphic encryption algorithm, the processing precision of the computation task data, and the processing latency, to the terminal device to assist the terminal device in making a better decision on appropriate homomorphic encryption configuration information.

[0201] S604. The terminal device receives capability information from the wireless access network device.

[0202] For example, after receiving the capability information sent by the wireless access network device, the terminal device can determine the homomorphic encryption configuration information by combining the homomorphic encryption algorithms it supports and its homomorphic encryption requirements. These requirements include one or more of the following: the complexity of the homomorphic encryption algorithms supported by the terminal device, the processing accuracy requirements of the terminal device for task processing, and the latency requirements of the terminal device for task processing. For specific implementation details, please refer to the relevant description of the decision-making process in S302B above; these will not be repeated here.

[0203] For example, in one possible implementation, the wireless network device may also send one or more pieces of information, such as the preferred homomorphic encryption algorithm, the processing precision of the computation task data, and the processing latency, to the terminal device. Then, the terminal device can consider this information during the decision-making process and jointly determine the configuration information. Further details will not be elaborated here.

[0204] For example, the homomorphic encryption configuration information determined by the decision can be found in the foregoing description, and will not be repeated here.

[0205] For example, after determining the configuration information, the terminal device can configure and initialize the first homomorphic encryption algorithm indicated in the configuration information. Initialization may include, for example, generating a homomorphic encryption key based on the first homomorphic encryption algorithm.

[0206] For example, in one possible implementation, after the terminal device determines the homomorphic encryption configuration, it can send the configuration to the radio access network device. The radio access network device can then configure encrypted computation based on the configuration information. For example, the encrypted computation configuration includes, but is not limited to: activating the first service object indicated in the configuration information for processing task data; or converting the first service object into a service object supporting encrypted computation according to the conversion method indicated by the second parameter in the configuration information.

[0207] For example, if the configuration information includes a configuration for homomorphically encrypted task data bootstrapping noise reduction, and this configuration indicates that bootstrapping noise reduction processing is required, then the terminal device will also send the homomorphically encrypted key required for bootstrapping noise reduction processing to the radio access network device. The radio access network device can then complete the subsequent bootstrapping noise reduction processing operation based on this key.

[0208] For example, in one possible implementation, the terminal device may also send the determined configuration information to the core network device and / or the cloud server corresponding to the first service object mentioned above.

[0209] For example, after the terminal device and the wireless access network device complete the homomorphic encryption configuration, they can enter the homomorphically encrypted task data interaction and processing flow. For specific implementation details, please refer to the foregoing descriptions; they will not be repeated here.

[0210] In the above embodiments, the configuration information is determined by the terminal device, which retains the main control of the terminal device and ensures that homomorphic encryption is completely controlled by the terminal device, thereby reducing the risk of data decryption.

[0211] In summary, this embodiment, targeting scenarios where computing services are provided via wireless networks, presents a configuration process for terminal-side privacy protection and network-side enhancement of task data, enabling RAN-side service nodes to perform computations on task data in encrypted form. In this embodiment, the homomorphic encryption configuration comprehensively considers network transmission capabilities, encryption and cryptographic processing complexity and accuracy, ensuring that computing tasks initiated by the terminal device can be executed securely and efficiently.

[0212] The following describes the communication device provided in the embodiments of this application.

[0213] This application divides the communication device into functional modules according to the above method embodiments. For example, each function can be divided into its own functional modules, or two or more functions can be integrated into one processing module. The integrated modules can be implemented in hardware or as software functional modules. It should be noted that the module division in this application is illustrative and only represents one logical functional division; other division methods may be used in actual implementation. The communication device of this application embodiment will be described below with reference to Figures 7 to 9.

[0214] Figure 7 is a schematic diagram of a communication device provided in an embodiment of this application. As shown in Figure 7, the communication device includes a processing module 701 and a transceiver module 702. The transceiver module 702 can implement corresponding communication functions, and the processing module 701 is used to implement corresponding processing functions. For example, the transceiver module 702 can also be called an interface, a communication interface, or a communication module, etc.

[0215] In some embodiments of this application, the communication device can be used to perform the actions performed by the terminal communication device in the above method embodiments. In this case, the terminal device can be the terminal device itself or a chip or functional module configurable in the terminal device. The transceiver module 702 is used to perform the transceiver-related operations of the terminal device in the above method embodiments, and the processing module 701 is used to perform the processing-related operations of the terminal device in the above method embodiments. For details, please refer to Figures 3, 4, 5, or 6 and their possible implementations for the operations performed by the terminal device, which will not be repeated here.

[0216] Reusing Figure 7, in some other embodiments of this application, the communication device can be used to perform the actions performed by the radio access network device in the above method embodiments. In this case, the communication device can be the RAN device itself or a chip or functional module configurable in the RAN device. The transceiver module 702 is used to perform the transceiver-related operations of the radio access network device in the above method embodiments, and the processing module 701 is used to perform the processing-related operations of the radio access network device in the above method embodiments. For details, please refer to Figures 3, 4, 5, or 6 and their possible implementations for the operations performed by the radio access network device, which will not be repeated here.

[0217] Reusing Figure 7, in some other embodiments of this application, the communication device can be used to perform the actions performed by the core network device in the above method embodiments. In this case, the communication device can be the core network device itself or a chip or functional module configurable in the core network device. The transceiver module 702 is used to perform the transceiver-related operations of the core network device in the above method embodiments, and the processing module 701 is used to perform the processing-related operations of the core network device in the above method embodiments. See Figure 4 and its possible implementations for details of the operations performed by the radio access network device, which will not be repeated here.

[0218] Optionally, in the above embodiments, the communication device may further include a storage module, which can be used to store instructions and / or data. The processing module 701 can read the instructions and / or data in the storage module so that the communication device can implement the aforementioned method embodiments.

[0219] The specific descriptions of the transceiver module and processing module shown in the above embodiments are merely examples. For the specific functions or execution steps of the transceiver module and processing module, please refer to the above method embodiments, which will not be described in detail here.

[0220] The communication device according to the embodiments of this application has been described above. The possible product forms of the communication device are described below. Any product possessing the functions of the communication device described in FIG. 7 above falls within the protection scope of the embodiments of this application. The following description is merely illustrative and does not limit the product form of the communication device according to the embodiments of this application to this extent.

[0221] In one possible implementation, in the communication device shown in FIG7, the processing module 701 can be one or more processors, and the transceiver module 702 can be a transceiver, or the transceiver module 702 can also be a transmitting module and a receiving module. The transmitting module can be a transmitter, and the receiving module can be a receiver. The transmitting module and the receiving module are integrated into one device, such as a transceiver. In the embodiments of this application, the processor and the transceiver can be coupled, etc., and the connection method of the processor and the transceiver is not limited in the embodiments of this application. In the process of executing the above method, the process of sending information in the above method can be the process of the processor outputting the above information. When outputting the above information, the processor outputs the above information to the transceiver so that the transceiver can transmit it. After the above information is output by the processor, it may need to undergo other processing before reaching the transceiver. Similarly, the process of receiving information in the above method can be the process of the processor receiving the input above information. When the processor receives the input information, the transceiver receives the above information and inputs it into the processor. Furthermore, after the transceiver receives the above information, the above information may need to undergo other processing before being input into the processor.

[0222] As shown in Figure 8, the communication device 80 includes one or more processors 820 and transceivers 810.

[0223] In some embodiments of this application, the communication device 80 can be used to execute the steps, methods, or functions performed by the terminal device described above. For example, the processor 820 can be used to execute the functions or steps implemented by the processing module 701 shown in FIG. 7, and the transceiver 810 can be used to execute the functions or steps implemented by the transceiver module 702 shown in FIG. 7. For a detailed description of the processor 820 and the transceiver 810, please refer to FIG. 7 or the method embodiments shown above, which will not be described in detail here.

[0224] In other embodiments of this application, the communication device is used to perform the steps, methods, or functions performed by the aforementioned wireless access network device. For example, the processor 820 can be used to perform the functions or steps implemented by the processing module 701 shown in FIG. 7, and the transceiver 810 can be used to perform the functions or steps implemented by the transceiver module 702 shown in FIG. 7. Detailed descriptions of the processor 820 and transceiver 810 can be found in FIG. 7 or the method embodiments shown above, and will not be elaborated further here.

[0225] In other embodiments of this application, the communication device is used to execute the steps, methods, or functions performed by the core network device described above. For example, the processor 820 can be used to execute the functions or steps implemented by the processing module 701 shown in FIG. 7, and the transceiver 810 can be used to execute the functions or steps implemented by the transceiver module 702 shown in FIG. 7. Detailed descriptions of the processor 820 and the transceiver 810 can be found in FIG. 7 or the method embodiments shown above, and will not be elaborated further here.

[0226] In various implementations of the communication device shown in Figure 8, the transceiver may include a receiver for performing a receiving function (or operation) and a transmitter for performing a transmitting function (or operation). The transceiver is also used to communicate with other devices / appliances via a transmission medium.

[0227] Optionally, the communication device 80 may further include one or more memories 830 for storing program instructions and / or data. The memory 830 is coupled to the processor 820. The coupling in this embodiment is an indirect coupling or communication connection between communication devices, units, or modules, and can be electrical, mechanical, or other forms, used for information exchange between the communication devices, units, or modules. The processor 820 may operate in conjunction with the memory 830. The processor 820 may execute program instructions stored in the memory 830. Optionally, at least one of the above-mentioned memories may be included in the processor.

[0228] This application embodiment does not limit the specific connection medium between the transceiver 810, processor 820, and memory 830. In this application embodiment, the memory 830, processor 820, and transceiver 810 are connected via a bus 840 in Figure 8. The bus is represented by a thick line in Figure 8. The connection methods between other components are only for illustrative purposes and are not intended to be limiting. The bus can be divided into address bus, data bus, control bus, etc. For ease of illustration, only one thick line is used in Figure 8, but this does not mean that there is only one bus or one type of bus.

[0229] In the embodiments of this application, the processor may be a general-purpose processor, a digital signal processor, an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc., and can implement or execute the various methods, steps, and logic block diagrams disclosed in the embodiments of this application. The general-purpose processor may be a microprocessor or any conventional processor. The steps of the methods disclosed in the embodiments of this application can be directly manifested as being executed by a hardware processor, or being executed by a combination of hardware and software modules within the processor.

[0230] In this application embodiment, the memory may include, but is not limited to, non-volatile memory such as hard disk drive (HDD) or solid-state drive (SSD), random access memory (RAM), erasable programmable read-only memory (EPROM), read-only memory (ROM), or compact disc read-only memory (CD-ROM), etc. Memory is any storage medium capable of carrying or storing program code having instruction or data structure forms, and capable of being read and / or written by a computer (such as the communication device shown in this application), but is not limited to this. The memory in this application embodiment may also be a circuit or any other device capable of implementing storage functions, used to store program instructions and / or data.

[0231] The processor 820 is primarily used for processing communication protocols and data, controlling the entire communication device, executing software programs, and processing software program data. The memory 830 is primarily used for storing software programs and data. The transceiver 810 may include control circuitry and an antenna. The control circuitry is primarily used for converting baseband signals to radio frequency signals and processing radio frequency signals. The antenna is primarily used for transmitting and receiving radio frequency signals in the form of electromagnetic waves. Input / output devices, such as touchscreens, displays, and keyboards, are primarily used for receiving user input data and outputting data to the user.

[0232] When the communication device is powered on, the processor 820 can read the software program in the memory 830, interpret and execute the instructions of the software program, and process the data of the software program. When data needs to be transmitted wirelessly, the processor 820 performs baseband processing on the data to be transmitted and outputs the baseband signal to the radio frequency (RF) circuit. The RF circuit processes the baseband signal and transmits the RF signal outward in the form of electromagnetic waves through the antenna. When data is sent to the communication device, the RF circuit receives the RF signal through the antenna, converts the RF signal into a baseband signal, and outputs the baseband signal to the processor 820. The processor 820 converts the baseband signal into data and processes the data.

[0233] In another implementation, the radio frequency circuitry and antenna can be set up independently of the processor performing baseband processing. For example, in a distributed scenario, the radio frequency circuitry and antenna can be arranged remotely, independent of the communication device.

[0234] The communication device shown in this application embodiment may also have more components than those in Figure 8, and this application embodiment does not limit this. The methods executed by the processor and transceiver shown above are only examples, and the specific steps executed by the processor and transceiver can be referred to the methods described above.

[0235] In another possible implementation, in the communication device shown in Figure 7, the processing module 701 can be one or more logic circuits, and the transceiver module 702 can be an input / output interface, or a communication interface, or an interface circuit, or an interface, etc. Alternatively, the transceiver module 702 can also be a transmitting module and a receiving module. The transmitting module can be an output interface, and the receiving module can be an input interface. The transmitting module and the receiving module are integrated into one module, such as an input / output interface. As shown in Figure 9, the communication device shown in Figure 9 includes a logic circuit 901 and an interface 902. That is, the above-mentioned processing module 701 can be implemented using the logic circuit 901, and the transceiver module 702 can be implemented using the interface 902. Among them, the logic circuit 901 can be a chip, a processing circuit, an integrated circuit, or a system-on-a-chip (SoC) chip, etc., and the interface 902 can be a communication interface, an input / output interface, pins, etc. For example, Figure 9 illustrates the above-mentioned communication device as a chip, which includes a logic circuit 901 and an interface 902.

[0236] In this embodiment, the logic circuit and the interface can also be coupled to each other. The specific connection method of the logic circuit and the interface is not limited in this embodiment. For example, the logic circuit 901 can be used to execute the functions or steps implemented by the processing module 701 shown in FIG. 7, and the interface 902 can be used to execute the functions or steps implemented by the transceiver module 702 shown in FIG. 7. Specific implementations can be referred to FIG. 7 or the method embodiments shown above, and will not be detailed here.

[0237] The communication device shown in the embodiments of this application can implement the method provided in the embodiments of this application in hardware form, or it can implement the method provided in the embodiments of this application in software form, etc., and the embodiments of this application do not limit it in this way.

[0238] This application also provides a communication system, which includes a terminal device and a wireless access network device, and the terminal device and the wireless access network device can be used to perform the methods in any of the foregoing embodiments.

[0239] This application also provides a communication system, which includes a terminal device, a wireless access network device, and a core network device. The terminal device, the wireless access network device, and the core network device can be used to execute the method in the embodiment shown in FIG4 above.

[0240] In addition, this application also provides a computer program for implementing the operations and / or processes performed by various communication devices in the method provided in this application.

[0241] This application also provides a computer-readable storage medium storing computer code that, when executed on a computer, causes the computer to perform the operations and / or processes performed by various communication devices in the methods provided in this application.

[0242] This application also provides a computer program product comprising computer code or a computer program that, when run on a computer, causes the operations and / or processes performed by various entities in the method provided in this application to be executed.

[0243] In the embodiments provided in this application, it should be understood that the disclosed systems, communication devices, and methods can be implemented in other ways. For example, the communication device embodiments described above are merely illustrative. For instance, the division of modules is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple modules or components may be combined or integrated into another system, or some features may be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be indirect coupling or communication connection through some interfaces, communication devices, or modules, or it may be an electrical, mechanical, or other form of connection.

[0244] The modules described as separate components may or may not be physically separate. The components shown as modules may or may not be physical modules; that is, they may be located in one place or distributed across multiple network modules. Some or all of the modules can be selected according to actual needs to achieve the technical effects of the solutions provided in the embodiments of this application.

[0245] Furthermore, the functional modules in the various embodiments of this application can be integrated into one processing module, or each module can exist physically separately, or two or more modules can be integrated into one module. The integrated modules described above can be implemented in hardware or as software functional modules.

[0246] If the integrated module is implemented as a software functional module and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a readable storage medium and includes several instructions to cause a computer device (which may be a personal computer, a server, or a RAN device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned readable storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

[0247] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.

Claims

1. A communication method, characterized in that, The method is applied to a terminal device, and the method includes: Send a first request message; the first request message is used to request the implementation of homomorphic encryption of the task data, and the first request message includes the identifier of the service object in the wireless access network device used to process the task data and the homomorphic encryption algorithm supported by the terminal device; The configuration information for the homomorphic encryption is received; the configuration information includes the selection of a first homomorphic encryption algorithm.

2. The method according to claim 1, characterized in that, The first request information also includes one or more of the following: The preferred homomorphic encryption algorithm used by the terminal device, the complexity of the homomorphic encryption algorithm supported by the terminal device, the processing accuracy requirements of the terminal device for task processing, and the latency requirements of the terminal device for task transmission and / or processing.

3. The method according to claim 1 or 2, characterized in that, The configuration information also includes one or more of the following: The first parameter of the first homomorphic encryption algorithm; the first parameter includes the key length of the homomorphic encryption and / or the number of bytes of expansion; The first service object selected in the wireless access network device for processing the task data and the second parameter of the first service object; The second parameter indicates that the first service object supports encrypted data computation, or the second parameter indicates the method of converting the first service object into a service object that supports encrypted data computation; Configuration for bootstrapping noise reduction processing of homomorphically encrypted data.

4. The method according to any one of claims 1-3, characterized in that, The method further includes: The initialization operation of homomorphic encryption is completed based on the configuration information.

5. The method according to claim 4, characterized in that, The configuration information also includes a configuration for homomorphically encrypted data bootstrap denoising, the configuration indicating that homomorphically encrypted data bootstrap denoising operation is required; The initialization operation includes generating a homomorphic encryption key based on the first homomorphic encryption algorithm; The key includes the key required for homomorphic encryption bootstrap noise reduction operation; The method further includes: Send the key required for the homomorphic encryption bootstrap noise reduction operation to the wireless access network device.

6. A communication method, characterized in that, The method is applied to a wireless access network device, and the method includes: Receive first request information; the first request information is used to request the implementation of homomorphic encryption of task data, and the first request information includes the identifier of the service object in the wireless access network device used to process the task data and the homomorphic encryption algorithm supported by the terminal device; Send the configuration information for the homomorphic encryption; the configuration information includes the selection of a first homomorphic encryption algorithm.

7. The method according to claim 6, characterized in that, The first request information also includes one or more of the following: The preferred homomorphic encryption algorithm used by the terminal device, the complexity of the homomorphic encryption algorithm supported by the terminal device, the processing accuracy requirements of the terminal device for task processing, and the latency requirements of the terminal device for task transmission and / or processing.

8. The method according to claim 6 or 7, characterized in that, The configuration information also includes one or more of the following: The first parameter of the first homomorphic encryption algorithm; the first parameter includes the key length of the homomorphic encryption and / or the number of bytes of expansion; The first service object selected in the wireless access network device for processing the task data and the second parameter of the first service object; The second parameter indicates that the first service object supports encrypted data computation, or the second parameter indicates that the radio access network device converts the first service object into a service object that supports encrypted data computation. Configuration for bootstrapping noise reduction processing of homomorphically encrypted data.

9. The method according to any one of claims 6-8, characterized in that, The method further includes: Send a second request message; the second request message includes the content included in the first request message and the capability information of the wireless access network device, the capability information including the homomorphic encryption algorithm supported by the selectable service objects in the wireless access network device; Receive the configuration information for the homomorphic encryption.

10. The method according to any one of claims 6-8, characterized in that, The method further includes: The configuration information is determined based on the first request information and the capability information of the wireless access network device, wherein the capability information includes the homomorphic encryption algorithms supported by the selectable service objects in the wireless access network device.

11. The method according to claim 9 or 10, characterized in that, The capability information of the wireless access network device also includes the computing power and / or air interface transmission capability of the wireless access network device.

12. A communication method, characterized in that, The method is applied to a core network device, and the method includes: Receive a second request message; the second request message includes the content included in the first request message and the capability information of the wireless access network device, the capability information including the homomorphic encryption algorithm supported by the selectable service objects in the wireless access network device; the first request message is used to request the implementation of homomorphic encryption of task data, the first request message includes the identifier of the service object in the wireless access network device used to process the task data and the homomorphic encryption algorithm supported by the terminal device; Send the configuration information for the homomorphic encryption; the configuration information includes the selection of a first homomorphic encryption algorithm.

13. The method according to claim 12, characterized in that, The first request information also includes one or more of the following: The preferred homomorphic encryption algorithm used by the terminal device, the complexity of the homomorphic encryption algorithm supported by the terminal device, the processing accuracy requirements of the terminal device for task processing, and the latency requirements of the terminal device for task transmission and / or processing.

14. The method according to claim 12 or 13, characterized in that, The configuration information also includes one or more of the following: The first parameter of the first homomorphic encryption algorithm; the first parameter includes the key length of the homomorphic encryption and / or the number of bytes of expansion; The first service object selected in the wireless access network device for processing the task data and the second parameter of the first service object; The second parameter indicates that the first service object supports encrypted data computation, or the second parameter indicates the method of converting the first service object into a service object that supports encrypted data computation; Configuration for bootstrapping noise reduction processing of homomorphically encrypted data.

15. The method according to any one of claims 12-14, characterized in that, The method further includes: The configuration information for homomorphic encryption is determined based on the second request information.

16. A communication method, characterized in that, The method is applied to a terminal device, and the method includes: Send a first request message; the first request message is used to request the implementation of homomorphic encryption of task data, and the first request message includes the identifier of a first service object in the wireless access network device used to process the task data; The capability information of the wireless access network device is received; the capability information includes the homomorphic encryption algorithm supported by the service object in the wireless access network device used to process the task data, and the capability information is used together with the homomorphic encryption capability information of the terminal device itself to determine the configuration information for implementing homomorphic encryption of the task data.

17. The method according to claim 16, characterized in that, The method further includes: Based on the capability information of the wireless access network device, the homomorphic encryption algorithm supported by the terminal device, and the homomorphic encryption requirements of the terminal device, the configuration information of the homomorphic encryption is determined; the configuration information includes the first homomorphic encryption algorithm to be used, and the homomorphic encryption requirements include one or more of the following: the complexity of the homomorphic encryption algorithm supported by the terminal device, the processing accuracy requirements of the terminal device for task processing, and the latency requirements of the terminal device for task transmission and / or processing; Send the configuration information for the homomorphic encryption.

18. The method according to claim 16 or 17, characterized in that, The capability information of the wireless access network device also includes the computing power and / or air interface transmission capability of the wireless access network device.

19. The method according to claim 17 or 18, characterized in that, The configuration information also includes one or more of the following: The first parameter of the first homomorphic encryption algorithm; the first parameter includes the key length of the homomorphic encryption and / or the number of bytes of expansion; The first service object selected in the wireless access network device for processing the task data and the second parameter of the first service object; The second parameter indicates that the first service object supports encrypted data computation, or the second parameter indicates that the radio access network device converts the first service object into a service object that supports encrypted data computation. Configuration for bootstrapping noise reduction processing of homomorphically encrypted data.

20. The method according to claim 17, characterized in that, The configuration information also includes configuration for homomorphically encrypted data bootstrap denoising, the configuration indicating that homomorphically encrypted data bootstrap denoising operation is required; the method further includes: A homomorphic encryption key is generated based on the first homomorphic encryption algorithm; the key includes the key required for the homomorphic encryption bootstrap noise reduction operation; Send the key required for the homomorphic encryption bootstrap noise reduction operation to the wireless access network device.

21. A communication method, characterized in that, The method is applied to a wireless access network device, and the method includes: Receive a first request message; the first request message is used to request the implementation of homomorphic encryption of task data, and the first request message includes the identifier of the service object in the wireless access network device used to process the task data; Send capability information of the wireless access network device; the capability information includes the homomorphic encryption algorithm supported by the service object in the wireless access network device used to process the task data, and the capability information is used together with the homomorphic encryption capability information of the terminal device to determine the configuration information for implementing homomorphic encryption of the task data.

22. The method according to claim 21, characterized in that, The capability information of the wireless access network device also includes the computing power and / or air interface transmission capability of the wireless access network device.

23. A communication device, characterized in that, The communication device includes a module for performing the method as described in any one of claims 1-22.

24. A communication device, characterized in that, Includes a processor for performing the method as described in any one of claims 1-22.

25. A communication device, characterized in that, It includes logic circuitry and an interface, the logic circuitry and the interface being coupled; the interface is used for inputting and / or outputting information, and the logic circuitry is used for performing the method as described in any one of claims 1-22.

26. A computer-readable storage medium, characterized in that, The computer-readable storage medium is used to store a computer program, which, when executed, performs the method as described in any one of claims 1-22.

27. A computer program product, characterized in that, When the computer program product is executed, the method described in any one of claims 1-22 is performed.

28. A communication system, characterized in that, The communication system includes a terminal device and a wireless access network device, wherein the terminal device is configured to perform the method as described in any one of claims 1-5, and the wireless access network device is configured to perform the method as described in any one of claims 6-11; or... The terminal device is configured to perform the method as described in any one of claims 16-20, and the wireless access network device is configured to perform the method as described in claim 21 or 22.

29. The communication system according to claim 28, characterized in that, The communication system further includes a core network device; when the terminal device is used to perform the method as described in any one of claims 1-5, and the radio access network device is used to perform the method as described in any one of claims 6-11, the core network device is used to perform the method as described in any one of claims 12-15.