EP-4242898-B1 - TECHNIQUES TO MANAGE INTEGRITY PROTECTION

Inventors

• DAI, QIAN
• HUANG, HE

Dates

Publication Date

20260513

Application Date

20180404

Claims (10)

1. A wireless communication method, comprising: receiving (1002) by a secondary node from a master node, an integrity protection data rate threshold for a user equipment; and controlling by the secondary node (1004) an integrity protection enabled data rate to be less than or equal to the integrity protection data rate threshold, wherein the integrity protection enabled data rate is allocated to the user equipment on one or more data radio bearers, DRBs, terminated at the secondary node, wherein the integrity protection enabled data rate is controlled by scheduling a downlink transmission to the user equipment at a data rate that does not exceed the integrity protection data rate threshold during a time period.
2. The method of claim 1, wherein the integrity protection data rate threshold is associated with a packet data unit, PDU, session.
3. The method of claim 2, wherein the integrity protection data rate threshold is received with an identity of the PDU session.
4. The method of claim 1, wherein the integrity protection data rate threshold is for an aggregate integrity protection enabled data rate that describes the integrity protection enabled data rate of all of the one or more DRBs of the user equipment.
5. The method of claim 4, wherein the aggregate integrity protection enabled data rate is less than or equal to the integrity protection data rate threshold by controlling the integrity protection enabled data rate of the one or more DRBs.
6. A secondary node (1400) including a processor (1410) that is configured to perform a method, comprising: receiving, by a secondary node from a master node, an integrity protection data rate threshold for a user equipment; and controlling an integrity protection enabled data rate to be less than or equal to the integrity protection data rate threshold, wherein the integrity protection enabled data rate is allocated to the user equipment on one or more data radio bearers, DRBs, terminated at the secondary node, wherein the integrity protection enabled data rate is controlled by scheduling a downlink transmission to the user equipment at a data rate that does not exceed the integrity protection data rate threshold during a time period.
7. The secondary node of claim 6, wherein the integrity protection data rate threshold is associated with a packet data unit, PDU, session.
8. The secondary node of claim 7, wherein the integrity protection data rate threshold is received with an identity of the PDU session.
9. The secondary node of claim 6, wherein the integrity protection data rate threshold is for an aggregate integrity protection enabled data rate that describes the integrity protection enabled data rate of all of the one or more DRBs of the user equipment.
10. The secondary node of claim 9, wherein the aggregate integrity protection enabled data rate is less than or equal to the integrity protection data rate threshold by controlling the integrity protection enabled data rate of the one or more DRBs.

Description

TECHNICAL FIELD This disclosure is directed generally to digital wireless communications. BACKGROUND Mobile telecommunication technologies are moving the world toward an increasingly connected and networked society. In comparison with the existing wireless networks, next generation systems and wireless communication techniques will need to support a much wider range of use-case characteristics and provide a more complex and sophisticated range of access requirements and flexibilities. Long-Term Evolution (LTE) is a standard for wireless communication for mobile devices and data terminals developed by 3rd Generation Partnership Project (3GPP). LTE Advanced (LTE-A) is a wireless communication standard that enhances the LTE standard. The 5th generation of wireless system, known as 5G, advances the LTE and LTE-A wireless standards and is committed to supporting higher data-rates, large number of connections, ultra-low latency, high reliability and other emerging business needs. 3GPP, R2-1802965, "Supporting Integrity protection for DRB in EN-DC and Standalone NR" relates to a method involving that UE selects another cell on detection of IP failure on a DRB and performs re-establishment. 3GPP TR 33.899 V1.3.0 mentions a method involve that it shall be possible for the master eNB or gNB to control the security keys and security parameters for the dual connectivity link; it shall be possible for the master eNB or gNB to indicate the type of protection ie integrity or encryption to be applied on a DRB basis to the secondary eNB whenever new DRBs are added; and it shall be possible to update the security keys on the secondary eNB or gNB when the main eNB or gNB meets the trigger conditions or when secondary eNB or gNB meets the trigger conditions. SUMMARY The invention is specified by the independent claims. Preferred embodiments are defined in the dependent claims. In the following description, although numerous features may be designated as optional, it is nevertheless acknowledged that all features comprised in the independent claims are not to be read as optional. Techniques are disclosed for managing integrity protection and encryption related mechanisms. A first exemplary embodiment comprises detecting, by a first network node, one or more integrity protection failures related to user plane data carried by one or more data radio bearers (DRBs), generating, by the first network node, a failure message, and transmitting, by the first network node, the failure message to a second network node. In some embodiments of the first exemplary method where the first network node is a user equipment and the second network node is a core network, the failure message is transmitted using a non-access stratum (NAS) signaling technique. In some embodiments of the first exemplary method, the first network node is a radio access network (RAN) node and the second network node is a user equipment. In some embodiments of the first exemplary method, the failure message includes at least one of (1) a number of detected integrity protection failures, and (2) one or more reasons for the one or more integrity protection failures. In some embodiments of the first exemplary method, the number of detected integrity protection failures are provided per user equipment, per quality of service (QoS) flow, per packet data unit (PDU) session, per DRB, or per service flow. In some embodiments of the first exemplary method, the one or more reasons include an attack, a packet data convergence protocol (PDCP) counts desynchronization, or a cyclic redundancy check (CRC) bits error. In some embodiments of the first exemplary method, the failure message is transmitted in response to determining that a number of detected integrity protection failures has reached a predetermined number of failures. In some embodiments, the first exemplary method further comprises transmitting, by the RAN node, a DRB release message to the user equipment to release the one or more DRBs related to the one or more integrity protection failures. In some embodiments of the first exemplary method, the first network node is a radio access network (RAN) node and the second network node is a core network. In some embodiments of the first exemplary method, the core network includes an Access and Mobility Management Function (AMF), a user plane function (UPF), or a session management function (SMF), wherein the failure message is provided to the AMF, the UPF, or the SMF. In some embodiments of the first exemplary method, the AMF receives the failure message and provides the failure message to the SMF or a policy control function (PCF). In some embodiments, the first exemplary method further comprises providing, by the core network, the failure message to a user equipment. In some embodiments of the first exemplary method, the first network node is a secondary node and the second network node is a master node, wherein the secondary node and the master node operate in a dual connect