A secure communication method includes a second terminal device that receives a first request message about a first terminal device from a relay, the first request message includes a PC5 user plane security policy of the first terminal device and a PC5 user plane security policy of the relay; determines first information according to a PC5 user plane security policy of the second terminal device, the PC5 user plane security policy of the first terminal device, and the PC5 user plane security policy of the relay; and sends the first information to the relay, the first information indicates a user plane security protection method of a first PC5 link and a user plane security protection method of a second PC5 link, where the user plane security protection method of the first PC5 link is the same as the user plane security protection method of the second PC5 link.

A secure communication method includes a second terminal device that receives a first request message about a first terminal device from a relay, the first request message includes a PC5 user plane security policy of the first terminal device and a PC5 user plane security policy of the relay; determines first information according to a PC5 user plane security policy of the second terminal device, the PC5 user plane security policy of the first terminal device, and the PC5 user plane security policy of the relay; and sends the first information to the relay, the first information indicates a user plane security protection method of a first PC5 link and a user plane security protection method of a second PC5 link, where the user plane security protection method of the first PC5 link is the same as the user plane security protection method of the second PC5 link.

A network node of a mobile communications network may need to generate at least one new Input Offset Value, IOV value, for use in protecting communications between the network node and a mobile station. The network node then associates a fresh counter value with the or each new IOV value; calculates a Message Authentication Code based on at least the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and a constant indicating that the Message Authentication Code is calculated to protect the new IOV value; and transmits the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and the calculated Message Authentication Code to the mobile station.

A network node of a mobile communications network may need to generate at least one new Input Offset Value, IOV value, for use in protecting communications between the network node and a mobile station. The network node then associates a fresh counter value with the or each new IOV value; calculates a Message Authentication Code based on at least the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and a constant indicating that the Message Authentication Code is calculated to protect the new IOV value; and transmits the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and the calculated Message Authentication Code to the mobile station.

A communication method and a communications apparatus are provided. The method includes: when receiving a first PDU session establishment request sent by a UE, encrypting, by an access and management network element (AMF), user information in the request, to obtain encrypted user information; and sending, by the AMF, a second PDU session establishment request to an SMF in response to the first PDU session establishment request, where the second PDU session establishment request carries the encrypted user information. In this manner, after the UE accesses a core network, an AMF entity may encrypt user information of the UE. The interaction information between NF entities, for example, the AMF entity and an SMF entity, carries the encrypted user information, which helps prevent user privacy leakage.

A communication method and a communications apparatus are provided. The method includes: when receiving a first PDU session establishment request sent by a UE, encrypting, by an access and management network element (AMF), user information in the request, to obtain encrypted user information; and sending, by the AMF, a second PDU session establishment request to an SMF in response to the first PDU session establishment request, where the second PDU session establishment request carries the encrypted user information. In this manner, after the UE accesses a core network, an AMF entity may encrypt user information of the UE. The interaction information between NF entities, for example, the AMF entity and an SMF entity, carries the encrypted user information, which helps prevent user privacy leakage.

Encryption key exchange processes are disclosed. A disclosed method includes initiating communication between a portable communication device including a token and a first limited use encryption key, and an access device. After communication is initiated, the portable communication device receives a second limited use key from a remote server via the access device. The portable communication device then replaces the first limited use key with the second limited use key. The second limited use key is thereafter used to create access data such as cryptograms that can be used to conduct access transactions.

Encryption key exchange processes are disclosed. A disclosed method includes initiating communication between a portable communication device including a token and a first limited use encryption key, and an access device. After communication is initiated, the portable communication device receives a second limited use key from a remote server via the access device. The portable communication device then replaces the first limited use key with the second limited use key. The second limited use key is thereafter used to create access data such as cryptograms that can be used to conduct access transactions.

Embodiments herein provide a method for handling a user plane by a UE configured for dual connectivity operation. The method includes receiving a RRC reconfiguration message including one or more Layer 2 indications and a Layer 2 configuration corresponding to one or more radio bearers from one of a MN and a SN involved in a dual connectivity operation of the UE. Further, the method includes performing, by the UE, one of: reestablishing of a RLC entity and a data recovery procedure for a PDCP entity corresponding to the radio bearer based on the one or more Layer 2 indications and the Layer 2 configuration received in the RRC reconfiguration message, and reestablishing of a RLC entity and reestablishing of a PDCP entity corresponding to the radio bearer based on the one or more Layer 2 indications and the Layer 2 configuration received in the RRC reconfiguration message.

Embodiments herein provide a method for handling a user plane by a UE configured for dual connectivity operation. The method includes receiving a RRC reconfiguration message including one or more Layer 2 indications and a Layer 2 configuration corresponding to one or more radio bearers from one of a MN and a SN involved in a dual connectivity operation of the UE. Further, the method includes performing, by the UE, one of: reestablishing of a RLC entity and a data recovery procedure for a PDCP entity corresponding to the radio bearer based on the one or more Layer 2 indications and the Layer 2 configuration received in the RRC reconfiguration message, and reestablishing of a RLC entity and reestablishing of a PDCP entity corresponding to the radio bearer based on the one or more Layer 2 indications and the Layer 2 configuration received in the RRC reconfiguration message.