Search

CN-122001434-A - Communication method and device

CN122001434ACN 122001434 ACN122001434 ACN 122001434ACN-122001434-A

Abstract

A communication method and device belong to the technical field of communication. The method comprises the steps of receiving a broadcast message from a first satellite, determining a first security algorithm corresponding to the first satellite according to the broadcast message, and protecting communication security between the first satellite and the terminal side device by using the first security algorithm, wherein the first security algorithm is selected by negotiating with a second satellite before the terminal side device receives the broadcast message of the first satellite. The above-mentioned implementation establishes a secure connection with the first satellite. In addition, the scheme does not need NAS security negotiation between the terminal side equipment and the first satellite and does not need signaling for receiving and transmitting NAS security negotiation, so that signaling overhead and time delay for establishing the security connection are saved.

Inventors

  • HUANG LI
  • WU YIZHUANG
  • GUO LONGHUA
  • LEI AO
  • LEI ZHONGDING

Assignees

  • 华为技术有限公司

Dates

Publication Date
20260508
Application Date
20241103

Claims (20)

  1. 1. A communication method, wherein the method is applied to a terminal-side device, the method comprising: Receiving a broadcast message from a first satellite; Determining a first security algorithm corresponding to the first satellite according to the broadcast message; Securing communications between the first satellite and the terminal-side device using the first security algorithm; wherein the first security algorithm is selected by the terminal-side device in negotiation with a second satellite before receiving the broadcast message of the first satellite.
  2. 2. The method of claim 1, wherein the first satellite and the second satellite are configured with a same list of security algorithms, the first security algorithm being determined based on the list of security algorithms and security capability information of the terminal-side device.
  3. 3. The method according to claim 1 or 2, wherein the broadcast message comprises an identification corresponding to the first satellite or an identification corresponding to a network element carried on the first satellite, Wherein, the determining, according to the broadcast message, a first security algorithm corresponding to the first satellite includes: Determining the first security algorithm corresponding to the first satellite based on the identification corresponding to the first satellite, or And determining the first security algorithm corresponding to the first satellite based on the identifier corresponding to the network element borne on the first satellite.
  4. 4. The method of claim 3, wherein the determining the first security algorithm corresponding to the first satellite based on the identification corresponding to the first satellite comprises: Determining that the first satellite belongs to a first group based on an identification corresponding to the first satellite; a security algorithm common to satellites in the first group is determined as the first security algorithm, wherein the first group includes the first satellite and the second satellite.
  5. 5. The method of claim 3, wherein the determining the first security algorithm corresponding to the first satellite based on the identification corresponding to the first satellite comprises: determining that the first satellite and the second satellite belong to the same group based on the identification of the first satellite; And determining a security algorithm corresponding to the second satellite as the first security algorithm.
  6. 6. The method of claim 3, wherein the determining the first security algorithm corresponding to the first satellite based on the identification corresponding to the first satellite comprises: Determining that the security algorithm list configured by the first satellite is the same as the security algorithm list configured by the second satellite based on the identification of the first satellite; and determining a security algorithm corresponding to the second satellite as the first security algorithm.
  7. 7. A method according to claim 3, wherein said determining the first security algorithm corresponding to the first satellite based on the identity corresponding to the network element carried on the first satellite comprises: determining that the network element borne on the first satellite belongs to a second group based on the identifier corresponding to the network element borne on the first satellite; And determining a security algorithm shared by network elements in the second group as the first security algorithm, wherein the second group comprises the network elements carried on the first satellite and the network elements carried on the second satellite.
  8. 8. A method according to claim 3, wherein said determining the first security algorithm corresponding to the first satellite based on the identity corresponding to the network element carried on the first satellite comprises: Based on the identification of the network element borne on the first satellite, determining that the network element borne on the first satellite and the network element borne on the second satellite belong to the same group; and determining a security algorithm corresponding to the network element borne on the second satellite as the first security algorithm.
  9. 9. A method according to claim 3, wherein said determining the first security algorithm corresponding to the first satellite based on the identity corresponding to the network element carried on the first satellite comprises: Determining that the identifier of the network element carried on the first satellite is the same as the identifier of the network element carried on the second satellite; and determining a security algorithm corresponding to the network element borne on the second satellite as the first security algorithm.
  10. 10. A method according to claim 3, wherein said determining the first security algorithm corresponding to the first satellite based on the identity corresponding to the network element carried on the first satellite comprises: based on the identification corresponding to the network element carried on the first satellite, determining that the network element carried on the first satellite is identical to the security algorithm list configured by the network element carried on the second satellite; and determining a security algorithm corresponding to the network element borne on the second satellite as the first security algorithm.
  11. 11. The method according to any one of claims 1 to 10, wherein the securing of communication between the first satellite and the terminal-side device using the first security algorithm comprises: And using the first security algorithm to secure a first uplink non-access stratum NAS message sent by the terminal side equipment to the first satellite.
  12. 12. The method of claim 11, wherein prior to securing the first upstream NAS message sent by the terminal side device to the first satellite using the first security algorithm, the method further comprises: the encryption and/or integrity protection of NAS messages is turned on.
  13. 13. The method of claim 12, wherein the first upstream NAS message includes an indication of the first security algorithm.
  14. 14. The method according to any one of claims 11 to 13, wherein the using the first security algorithm to secure the first uplink NAS message sent by the terminal side device to the first satellite includes: And using the first security algorithm to secure a first uplink NAS message sent by the terminal side equipment to a mobility management network element (MME) borne on the first satellite.
  15. 15. A method according to any of claims 3, or 7 to 10, wherein the network element carried on the first satellite comprises a mobility management network element.
  16. 16. A method of communication, the method being applied to a first satellite, the method comprising: Receiving indication information of a first security algorithm and identification of terminal side equipment from a ground network element; and using the first security algorithm to secure communication between the first satellite and the terminal side equipment.
  17. 17. The method of claim 16, wherein the securing communications between the first satellite and the terminal-side device using the first security algorithm comprises: decryption and/or integrity verification of the non-access stratum NAS message is turned on.
  18. 18. The method according to claim 17, wherein after decryption and/or integrity verification of the NAS message is turned on, the method further comprises: Receiving a first uplink NAS message from the terminal side equipment; Decrypting and/or integrity verifying the first upstream NAS message.
  19. 19. The method of claim 18, wherein decrypting and/or integrity verifying the first upstream NAS message comprises: Discarding the first uplink NAS message if the first uplink NAS message is not integrity protected and/or the integrity verification of the first uplink NAS message fails.
  20. 20. The method according to any of the claims 17 to 19, characterized in that before said opening encryption and/or integrity protection of non-access stratum, NAS, messages, the method further comprises: Determining a first NAS key based on the first security algorithm, or Receiving information related to a first NAS key from the ground network element; wherein the first NAS key is used for decrypting and/or verifying the integrity of the NAS message.

Description

Communication method and device Technical Field The present application relates to the field of communications technologies, and in particular, to a communication method and apparatus. Background In a non-terrestrial network (non-TERRESTRIAL NETWORK, NTN) scenario, an aircraft (e.g., an airplane or drone) or satellite, etc., is introduced into the communication system. During the continued movement of the satellites, the coverage of the satellites is also changing, so that the satellites used to serve the terminal devices are also changing. And, the core network elements may be respectively carried on different satellites. Thus, the terminal device needs to frequently establish a secure connection with a core network element on a different satellite. Therefore, in the NTN scenario, how to establish a secure connection between the terminal device and the satellite is a problem to be solved. Disclosure of Invention The application provides a communication method and a communication device, which can realize the safe connection between terminal equipment and a satellite and save signaling overhead for establishing the safe connection. In a first aspect, a method of communication is provided. The main execution body of the method provided in the first aspect may be a terminal side device, and in the present application, the terminal side device may be a terminal device, a component (for example, a processor, an apparatus, a chip, or a chip system) in the terminal device, or a logic module or software capable of implementing all or part of functions of the terminal device, or the like, without specific description. For convenience of description, the following description will be given by taking a terminal-side device as an example. The method comprises the steps of receiving a broadcast message from a first satellite, determining a first security algorithm corresponding to the first satellite according to the broadcast message, and protecting communication security between the first satellite and the terminal side device by using the first security algorithm, wherein the first security algorithm is selected by negotiating with a second satellite before the terminal side device receives the broadcast message of the first satellite. Based on the scheme, the terminal side equipment can determine the first security algorithm according to the broadcast message, and the first security algorithm is used for protecting the communication security between the first satellite and the terminal side equipment, so that the secure connection with the first satellite is established. In addition, the scheme does not need NAS security negotiation between the terminal side equipment and the first satellite and does not need signaling for receiving and transmitting NAS security negotiation, so that signaling overhead and time delay for establishing the security connection are saved. In some implementations, the first satellite and the second satellite are configured with the same list of security algorithms, the first security algorithm being determined based on the list of security algorithms and the security capability information of the terminal-side device. In some implementations, the broadcast message includes an identifier corresponding to the first satellite or an identifier corresponding to a network element carried on the first satellite, where determining a first security algorithm corresponding to the first satellite according to the broadcast message includes determining the first security algorithm corresponding to the first satellite based on the identifier corresponding to the first satellite, or determining the first security algorithm corresponding to the first satellite based on the identifier corresponding to the network element carried on the first satellite. In some implementations, determining the first security algorithm corresponding to the first satellite based on the identification corresponding to the first satellite includes determining that the first satellite belongs to a first group based on the identification corresponding to the first satellite, and determining a security algorithm common to satellites in the first group as the first security algorithm, wherein the first group includes the first satellite and the second satellite. In some implementations, determining the first security algorithm corresponding to the first satellite based on the identification corresponding to the first satellite includes determining that the first satellite and the second satellite belong to the same group based on the identification of the first satellite, and determining the security algorithm corresponding to the second satellite as the first security algorithm. In some implementations, determining the first security algorithm corresponding to the first satellite based on the identification corresponding to the first satellite includes determining that a list of security algorithms configured by the first satel