An association control method and a related apparatus are provided and are applied to short-range communication. The method includes: determining that an identity of a second node is trusted; sending a first authentication request to the second node, where the first authentication request includes first identity authentication information generated based on a shared key; receiving a first authentication response from the second node, where the first authentication response includes second identity authentication information; performing verification on the second identity authentication information based on the shared key; and updating a first authentication failure counter if the verification fails. This can prevent a node from establishing an association with an unauthorized attacker, and protect data security of the node.

A network node of a mobile communications network may need to generate at least one new Input Offset Value, IOV value, for use in protecting communications between the network node and a mobile station. The network node then associates a fresh counter value with the or each new IOV value; calculates a Message Authentication Code based on at least the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and a constant indicating that the Message Authentication Code is calculated to protect the new IOV value; and transmits the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and the calculated Message Authentication Code to the mobile station.

A network node of a mobile communications network may need to generate at least one new Input Offset Value, IOV value, for use in protecting communications between the network node and a mobile station. The network node then associates a fresh counter value with the or each new IOV value; calculates a Message Authentication Code based on at least the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and a constant indicating that the Message Authentication Code is calculated to protect the new IOV value; and transmits the at least one new IOV value, the fresh counter value associated with the or each new IOV value, and the calculated Message Authentication Code to the mobile station.

An integrity protection method, a terminal and a base station are provided. The integrity protection method, which is applied to a terminal, includes: performing an integrity protection check on data packets transmitted on a DRB, a split bearer corresponding to the DRB or a logical channel corresponding to the DRB, and determining whether an integrity protection of the DRB fails based on a result of the integrity protection check; and when it is determined that the integrity protection of the DRB fails, suspending the DRB or continuing receiving data packets carried by the DRB.

An integrity protection method, a terminal and a base station are provided. The integrity protection method, which is applied to a terminal, includes: performing an integrity protection check on data packets transmitted on a DRB, a split bearer corresponding to the DRB or a logical channel corresponding to the DRB, and determining whether an integrity protection of the DRB fails based on a result of the integrity protection check; and when it is determined that the integrity protection of the DRB fails, suspending the DRB or continuing receiving data packets carried by the DRB.

The present disclosure relates to the technical field of communication security, and provides a data transmission method applicable to a control plane function entity, including: determining target user plane data which needs to be subjected to security protection between a target user equipment and a user plane function entity; and sending a notification message to a Radio Access Network function entity and the target user equipment, with the notification message configured to instruct that the security protection is performed on the target user plane data between the target user equipment and the user plane function entity. The present disclosure further provides a data transmission system, an electronic device, and a computer-readable storage medium.

The present disclosure relates to the technical field of communication security, and provides a data transmission method applicable to a control plane function entity, including: determining target user plane data which needs to be subjected to security protection between a target user equipment and a user plane function entity; and sending a notification message to a Radio Access Network function entity and the target user equipment, with the notification message configured to instruct that the security protection is performed on the target user plane data between the target user equipment and the user plane function entity. The present disclosure further provides a data transmission system, an electronic device, and a computer-readable storage medium.

Example embodiments of the present disclosure relate to partial integrity protection in telecommunication systems. According to embodiments of the present disclosure, there is provided a solution for implementing partial integrity protection. The terminal device receives configuration of the partial integrity protection and applies the integrity protection on a portion of data packets which are communicated between communication devices. In this way, the communication devices can always provide integrity protection for services, regardless of their bit rate. Thus, security of communication can be improved. It also allows to provide integrity protection with limited impacts to power consumption and overheating.

Example embodiments of the present disclosure relate to partial integrity protection in telecommunication systems. According to embodiments of the present disclosure, there is provided a solution for implementing partial integrity protection. The terminal device receives configuration of the partial integrity protection and applies the integrity protection on a portion of data packets which are communicated between communication devices. In this way, the communication devices can always provide integrity protection for services, regardless of their bit rate. Thus, security of communication can be improved. It also allows to provide integrity protection with limited impacts to power consumption and overheating.

A network device of a network may generate a network information container including information to be sent to a communication device. The network is a home network of the communication device that is served by a visited network. The network information container may be integrity protected and/or cipher protected. The network device may send, to the communication device via the visited network, a message including the network information container and a credential indicator indicating a type of credential used to protect the network information container. The type of credential may be a 3GPP or non-3GPP credential. The communication device may verify the network information container using one or more security parameters based on the type of credential, and obtain the information in the network information container when the verification succeeds, or discard the network information container when the verification fails.