CN113574917A - Method and apparatus for wireless communication - Google Patents

Abstract

A method and apparatus of wireless communication, the method comprising: the terminal equipment sends first information to first network equipment, wherein the first information comprises preconfigured certificate information and/or preconfigured subscription information; and the terminal equipment receives second information sent by the first network equipment, wherein the second information comprises certificate information and/or subscription information which is distributed by the first network equipment for the terminal equipment and is accessed to the first network.

Description

Method and apparatus for wireless communication Technical Field

The embodiment of the application relates to the field of communication, in particular to a wireless communication method and device.

Background

In a communication system, such as a Long Term Evolution (LTE) system or a New Radio (NR) system, a Public Network system is usually deployed, for example, a Public Land Network (PLMN) based Public Land Mobile Network (PLMN), but in some scenarios, for example, an office scenario, a home scenario, a factory scenario, or the like, a local Network may be deployed for effective and safe management, and in this case, how to authenticate a terminal device to join the local Network is an urgent problem to be solved.

Disclosure of Invention

The embodiment of the application provides a wireless communication method and equipment, which can realize that terminal equipment is accessed to a local network based on a root certificate or equipment identification of the terminal equipment.

In a first aspect, a method of wireless communication is provided, including: the terminal equipment sends first information to first network equipment, wherein the first information comprises preconfigured certificate information and/or preconfigured subscription information; and the terminal equipment receives second information sent by the first network equipment, wherein the second information comprises certificate information and/or subscription information which is distributed by the first network equipment for the terminal equipment and is accessed to the first network.

In a second aspect, a method of wireless communication is provided, including: the method comprises the steps that first information is received by first network equipment of a second network, wherein the first information comprises pre-configured certificate information and/or pre-configured subscription information of terminal equipment; and the second network equipment verifies whether the terminal equipment is allowed to obtain the certificate information and/or the subscription information of the first network according to the first information.

In a third aspect, a method of wireless communication is provided, including: the method comprises the steps that first network equipment acquires first information, wherein the first information comprises preconfigured certificate information and/or preconfigured subscription information of terminal equipment; and the first network equipment sends second information to the terminal equipment, wherein the second information comprises subscription information and/or certificate information which is distributed by the first network equipment for the terminal equipment and is accessed to the first network.

In a fourth aspect, there is provided a device for wireless communication, configured to perform the method of the first aspect or any possible implementation manner of the first aspect. In particular, the apparatus comprises means for performing the method of the first aspect described above or any possible implementation manner of the first aspect.

In a fifth aspect, a wireless communication device is provided for performing the method of the second aspect or its implementation manners. In particular, the apparatus comprises means for performing the method of the second aspect or its implementations described above.

In a sixth aspect, a wireless communication device is provided for performing the method of any one of the above third aspects or implementations thereof. In particular, the apparatus comprises means for performing the method of the third aspect or its implementations described above.

In a seventh aspect, an apparatus for wireless communication is provided, the apparatus comprising: including a processor and memory. The memory is used for storing a computer program, and the processor is used for calling and running the computer program stored in the memory, and executing the method in any one of the first aspect to the third aspect or each implementation manner thereof.

In an eighth aspect, a chip is provided for implementing the method in any one of the first to third aspects or implementations thereof.

Specifically, the chip includes: a processor configured to call and run the computer program from the memory, so that the device on which the chip is installed performs the method according to any one of the first to third aspects or the implementation manners thereof.

In a ninth aspect, a computer readable storage medium is provided for storing a computer program, the computer program causing a computer to perform the method of any one of the first to third aspects or implementations thereof.

A tenth aspect provides a computer program product comprising computer program instructions to cause a computer to perform the method of any of the first to third aspects above or implementations thereof.

In an eleventh aspect, there is provided a computer program which, when run on a computer, causes the computer to perform the method of any one of the first to third aspects or implementations thereof described above.

Based on the technical scheme, the terminal equipment can apply for joining the network based on the pre-configured certificate information or the subscription information, so that the network access can be realized under the condition that the terminal equipment has no external interface.

Drawings

Fig. 1 is a schematic diagram of a communication system architecture provided in an embodiment of the present application.

Fig. 2 is a schematic flow chart of a method for wireless communication according to an embodiment of the present application.

Fig. 3 is a schematic diagram of a method of wireless communication provided by another embodiment of the present application.

Fig. 4 is a schematic diagram of a method of wireless communication provided by another embodiment of the present application.

Fig. 5 is a schematic interaction diagram according to a first embodiment of the application.

Fig. 6 is a schematic interaction diagram according to the second embodiment of the present application.

Fig. 7 is a schematic interaction diagram according to a third embodiment of the present application.

Fig. 8 is a schematic interaction diagram according to a fourth embodiment of the present application.

Fig. 9 is a schematic interaction diagram according to example five of the present application.

Fig. 10 is a schematic interaction diagram according to a sixth embodiment of the present application.

Fig. 11 is a schematic block diagram of a device for wireless communication according to an embodiment of the present disclosure.

Fig. 12 is a schematic block diagram of another wireless communication device provided in an embodiment of the present application.

Fig. 13 is a schematic block diagram of another wireless communication device provided in an embodiment of the present application.

Fig. 14 is a schematic block diagram of a communication device provided in an embodiment of the present application

Fig. 15 is a schematic block diagram of a chip provided in an embodiment of the present application.

Detailed Description

Technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

The technical scheme of the embodiment of the application can be applied to various communication systems, for example: a Global System for Mobile communications (GSM) System, a Code Division Multiple Access (CDMA) System, a Wideband Code Division Multiple Access (WCDMA) System, a General Packet Radio Service (GPRS), a Long Term Evolution (Long Term Evolution, LTE) System, an LTE Frequency Division Duplex (FDD) System, an LTE Time Division Duplex (TDD), a Universal Mobile Telecommunications System (UMTS), a Worldwide Interoperability for Microwave Access (WiMAX) communication System, or a 5G System.

Illustratively, a communication system 100 applied in the embodiment of the present application is shown in fig. 1. The communication system 100 may include a network device 110, and the network device 110 may be a device that communicates with a terminal device 120 (or referred to as a communication terminal, a terminal). Network device 110 may provide communication coverage for a particular geographic area and may communicate with terminal devices located within that coverage area. Optionally, the Network device 110 may be a Base Transceiver Station (BTS) in a GSM system or a CDMA system, a Base Station (NodeB, NB) in a WCDMA system, an evolved Node B (eNB or eNodeB) in an LTE system, or a wireless controller in a Cloud Radio Access Network (CRAN), or may be a Network device in a Mobile switching center, a relay Station, an Access point, a vehicle-mounted device, a wearable device, a hub, a switch, a bridge, a router, a Network-side device in a 5G Network, or a Network device in a Public Land Mobile Network (PLMN) for future evolution, or the like.

The communication system 100 further comprises at least one terminal device 120 located within the coverage area of the network device 110. As used herein, "terminal equipment" includes, but is not limited to, connections via wireline, such as Public Switched Telephone Network (PSTN), Digital Subscriber Line (DSL), Digital cable, direct cable connection; and/or another data connection/network; and/or via a Wireless interface, e.g., to a cellular Network, a Wireless Local Area Network (WLAN), a digital television Network such as a DVB-H Network, a satellite Network, an AM-FM broadcast transmitter; and/or means of another terminal device arranged to receive/transmit communication signals; and/or Internet of Things (IoT) devices. A terminal device arranged to communicate over a wireless interface may be referred to as a "wireless communication terminal", "wireless terminal", or "mobile terminal". Examples of mobile terminals include, but are not limited to, satellite or cellular telephones; personal Communications Systems (PCS) terminals that may combine cellular radiotelephones with data processing, facsimile, and data Communications capabilities; PDAs that may include radiotelephones, pagers, internet/intranet access, Web browsers, notepads, calendars, and/or Global Positioning System (GPS) receivers; and conventional laptop and/or palmtop receivers or other electronic devices that include a radiotelephone transceiver. Terminal Equipment may refer to an access terminal, User Equipment (UE), subscriber unit, subscriber station, mobile station, remote terminal, mobile device, User terminal, wireless communication device, User agent, or User Equipment. An access terminal may be a cellular telephone, a cordless telephone, a Session Initiation Protocol (SIP) phone, a Wireless Local Loop (WLL) station, a Personal Digital Assistant (PDA), a handheld device having Wireless communication capabilities, a computing device or other processing device connected to a Wireless modem, a vehicle mounted device, a wearable device, a terminal device in a 5G network, or a terminal device in a future evolved PLMN, etc.

Optionally, a Device to Device (D2D) communication may be performed between the terminal devices 120.

Alternatively, the 5G system or the 5G network may also be referred to as a New Radio (NR) system or an NR network.

Fig. 1 exemplarily shows one network device and two terminal devices, and optionally, the communication system 100 may include a plurality of network devices and may include other numbers of terminal devices within the coverage of each network device, which is not limited in this embodiment of the present application.

Optionally, the communication system 100 may further include other network entities such as a network controller, a mobility management entity, and the like, which is not limited in this embodiment.

It should be understood that the terms "system" and "network" are often used interchangeably herein. The term "and/or" herein is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.

Hereinafter, a method of wireless communication according to an embodiment of the present application is described with reference to fig. 2 to 10, and it should be understood that fig. 2 to 10 show main steps or operations of the method of wireless communication according to the embodiment of the present application, but these steps or operations are merely examples, and other operations or variations of various operations of fig. 2 to 10 may also be performed by the embodiment of the present application. Moreover, various steps in the method embodiments of the present application may also be performed in a different order than described in the method embodiments, and not all operations in the method embodiments may be performed.

Fig. 2 is a schematic flow chart of a method of wireless communication provided by an embodiment of the present application. As shown in fig. 2, the method 200 includes the following:

s210, the terminal device sends first information to a first network device, wherein the first information comprises preconfigured certificate information and/or preconfigured subscription information;

s220, the terminal device receives second information sent by the first network device, where the second information includes certificate information and/or subscription information that is distributed by the first network device to the terminal device and accesses the first network.

Optionally, in this embodiment of the present application, the network type may include a Non-public network (NPN) and a public network. Wherein, the public network can be a public land network based on PLMN.

The NPN, or the local network, the local area network, or the private network, is usually disposed in an office scene, a home scene, or a factory, so as to achieve more effective and secure management, and usually a local user or manager lays out the NPN. Typically, only authorized access-capable users have access to the NPN.

Optionally, the NPN may communicate using an unlicensed frequency band, or may share a licensed frequency band with a public network.

The NPN may be managed or governed by the public network, but may not be.

Alternatively, the home network may be a network belonging to the 3GPP category. The core network of the local network may be a core network based on NR technology or LTE technology, and the local network may be accessed to the core network through an access network based on NR technology, an access network based on LTE technology, or Wireless Fidelity (Wifi).

Optionally, in this embodiment of the present application, the public network and the local network may share a core network, and the access network is independent; alternatively, the access networks may be shared, while the core networks are independent; alternatively, the access network and the core network may be shared; alternatively, neither the access network nor the core network are shared.

Optionally, the network device in the embodiment of the present application may be a core network device, for example, an Access and Mobility Management Function (AMF) entity or a Session Management Function (SMF), or may also be an Access network device, which is not limited in this embodiment of the present application.

In a public network, after a terminal device leaves a factory, subscription information or certificate information of the terminal device may be obtained in an off-line manner, for example, the subscription information or certificate information of the terminal device may be stored in a Subscriber Identity Module (SIM), and then the terminal device may obtain the subscription information and certificate information required by the terminal device from the SIM.

In a non-public network, a terminal device does not usually set a space for inserting a SIM card, and there is no external interface to store the subscription information or certificate information of the terminal device in the terminal device, and how the terminal device obtains the subscription and certificate of the non-public network is an urgent problem to be solved.

In this embodiment, the terminal device may apply for access to a first network through the preconfigured certificate information or the preconfigured subscription information, and the first network may be an NPN.

In some embodiments, the preconfigured certificate information may be preconfigured by a manufacturer to the terminal device before the terminal device leaves a factory, the preconfigured certificate information may be referred to as root certificate information, and the preconfigured certificate information may include key and/or password information.

In some embodiments, the preconfigured SUbscription information may include identification information of the terminal device, for example, device identification information of the terminal device, such as SUbscription Permanent Identifier (SUPI) or SUbscription hidden Identifier (SUCI) of the terminal device.

In some embodiments, the terminal device may send the first information to the first network device through an access request when initially accessing the first network, where the access request may be a registration request message, a subscription request message, a certificate application message, or the like.

Optionally, in some embodiments, the first network device may be a Subscription and Subscription Certificate (SC), and the SC entity may have a Subscription module and a certificate module, the Subscription module is configured to allocate Subscription information of the access network to the terminal device, and the certificate module is configured to allocate a certificate module of the access network to the terminal device.

It should be understood that, in some embodiments, the SC entity may be disposed in the first network as a functional module in the first network, or, in another embodiment, the subscription module and the certificate module may be disposed separately, for example, the subscription module is disposed in the first network, the certificate module is disposed in the SC entity, or the certificate module is disposed in the first network, and the subscription module is disposed in the SC entity.

In some embodiments, the channel through which the terminal device and the first network device may directly communicate, for example, an initial default channel, such as a Protocol Data Unit (PDU) session channel, on which the terminal device may apply for certificate information or subscription information from the first network device, for example, the terminal device may directly send preconfigured certificate information to the first network device through the channel, and the first network device may send redistributed certificate information or subscription information to the terminal device on the channel.

In other embodiments, the terminal device may send the first information to the first network device through the first device, and optionally, the first device may include a network device and/or a third-party device in the first network.

Optionally, in some embodiments, the third party device may be a device capable of communicating with a network device in the first network, for example, a mobile phone terminal, such as a mobile phone of a private network operator.

For example, the terminal device may first send the first information to a network device in the first network, and further send the first information to the first network device through the network device in the first network.

For another example, the terminal device may send the first information to a third-party device, and further, the third-party device may send the first information to a network device in the first network, and then the network device in the first network may send the first information to the first network device.

For another example, the terminal device may send the first information to a third-party device, and further, the third-party device may send the first information to the first network device.

As described above, the transmission method of the first information from the terminal device to the first network device is merely an example, and the embodiment of the present application is not particularly limited thereto.

Optionally, in some embodiments, the terminal device sends a first message to a network device in the first network, where the first message may include the first information, and the first message is used to request to register to the first network or to request to acquire certificate information and/or subscription information. That is, the terminal device may send the first information to the network device in the first network through a registration request message, a certificate request message, or a subscription request message.

Optionally, in some embodiments, the first message may further include identification information of the third-party device, for example, device identification information of the third-party device, and further, the network device in the first network may send the first information to the third-party device, so that the third-party device may verify, according to the first information, whether to allow the terminal device to access the first network, or whether to allow the terminal device to obtain subscription information or certificate information of the first network.

After receiving the first information, the first network device may determine whether to allocate new subscription information or certificate information of the first network to the terminal device according to whether to allow the terminal device to obtain a verification result of the subscription information or certificate information of the first network. For example, if the terminal device is allowed to obtain the subscription information or the certificate information of the first network, that is, if the verification is successful, the first network device may allocate new certificate information and/or subscription information, that is, the second information, to the terminal device. Otherwise, rejecting the certificate request or the signing request of the terminal equipment.

It should be understood that, in this embodiment of the present application, the operation of verifying whether to allow the terminal device to obtain the subscription information or the certificate information of the first network may be performed by the first network device, or may also be performed by a network device in the first network, for example, a core network device of the first network, or may also be performed by a third-party device, which is not limited in this embodiment of the present application.

Optionally, if verifying whether to allow the terminal device to obtain the subscription information or the certificate information of the first network is performed by another device other than the first network device, the another device may send a verification result to the first network device, so that the first network device determines whether to allocate new subscription information or certificate information of the first network to the terminal device according to the verification result.

For the sake of differentiation and explanation, an entity that performs authentication to allow the terminal device to obtain the subscription information or the certificate information of the first network is referred to as an authentication entity, and it should be understood that the embodiments of the present application do not limit the manner in which the authentication entity sends the authentication result to the first network device, for example, the authentication entity may directly send the authentication result to the first network device, or the authentication entity may send the authentication result to the first network device through another device.

For example, the verification entity is a third-party device, and the third-party device may directly send the verification result to the first network device, or may send the verification result to the first network device through a network device in the first network.

In some embodiments, the first network device directly sends the certificate information and/or the subscription information reallocated for the terminal device to the terminal device, or may also send the certificate information and/or the subscription information to the terminal device through a second device, for example, a third party device or a network device in the first network, which is not limited in this embodiment of the present application.

For example, the first network device may first send the redistributed certificate information and/or subscription information to a network device in a first network, and further the network device in the first network may send the redistributed certificate information and/or subscription information to a terminal device. For example, the network device in the first network may be a core network device in the first network, and the core network device may send the re-allocated certificate information and/or subscription information to the terminal device through a second message, where the second message may be a Non-Access Stratum (NAS) message. In some embodiments, the NAS message may be a registration accept message or a UE configuration update message.

For another example, the first network device may first send the redistributed certificate information and/or subscription information to a network device in a first network, further the network device in the first network may send the redistributed certificate information and/or subscription information to a third party device, and the third party device may send the redistributed certificate information and/or subscription information to a terminal device by the first network device.

Therefore, in this embodiment of the present application, the terminal device may apply for joining the first network through the preconfigured root certificate information or the device identifier of the terminal device, and correspondingly, the verifying entity may verify whether the terminal device is allowed to obtain the subscription information and/or the certificate information of the first network according to the preconfigured root certificate information or the device identifier of the terminal device, and further, the SC entity may allocate new subscription information and/or certificate information to the terminal device when the verification result is allowed, so that the terminal device can obtain the subscription information and/or the certificate information joined to the first network when the terminal device does not have an external interface.

The method of wireless communication according to an embodiment of the present application is described in detail above from the perspective of a terminal device in conjunction with fig. 2, and the method of wireless communication according to another embodiment of the present application is described in detail below from the perspective of an authentication entity in conjunction with fig. 3. It should be understood that the description of the verification object side and the description of the terminal device side correspond to each other, and similar descriptions may be referred to above, and are not repeated herein to avoid repetition.

Fig. 3 is a schematic flow chart of a method 300 of wireless communication according to another embodiment of the present application, the method 300 may be performed by a network device or a terminal device in the communication system shown in fig. 1, and as shown in fig. 3, the method 300 includes the following:

s310, a first device receives first information, wherein the first information comprises preconfigured certificate information and/or preconfigured subscription information of a terminal device;

s320, the first device verifies whether to allow the terminal device to obtain the certificate information and/or the subscription information of the first network according to the first information.

The first device is a verification entity, and in some embodiments, the first device may be a third-party device, a network device in the first network, or may also be an SC entity.

Optionally, if the first device is a third-party device, the first information may be obtained by the third-party device from the terminal device, or may also be forwarded to the third-party device by a network device or an SC entity in the first network.

That is to say, the first device may directly receive the first information from the terminal device, or may also receive the first information forwarded by another device, which is not limited in this embodiment of the application.

For example, if the first device is a third-party device, the third device may receive a third message sent by a network device in the first network, where the third message may include the first information, and in some embodiments, the third message may further include identification information of the network device in the first network.

After receiving the first information, the first device may verify, according to the first information, whether to allow the terminal device to obtain certificate information and/or subscription information for accessing the first network, that is, whether to allow the terminal device to access the first network.

As an example, the first device may determine whether to allow the terminal device to access the first network according to the preconfigured certificate information and root certificate information pre-stored on the first device, for example, if the pre-stored root certificate information matches certificate information in the first information, it is determined that the authentication is successful, otherwise, it is determined that the authentication is failed.

As another example, the first device may determine whether to allow the terminal device to access the first network according to the preconfigured subscription information and default subscription information pre-stored on the first device, for example, if the pre-stored default subscription information matches the subscription information in the first information, it is determined that the authentication is successful, otherwise, it is determined that the authentication is failed.

Alternatively, it may also be determined whether to allow the terminal device to access the first network by combining the two, for example, in case that both are matched, the verification is determined to be successful, otherwise, the verification is determined to be failed.

As another example, the first device may determine, according to the device identification information of the terminal device and in combination with the device identification allowed to access the first network, that the terminal device is allowed to access the first network, and if the device identification information of the terminal device is in the device identification allowed to access the first network, determine that the verification is successful, otherwise determine that the verification is failed.

In some embodiments, if the first device is not an SC entity, the first device may also send the verification result to the SC entity, for example, the first device may directly send the verification result to the SC entity, or may also send the verification result to the SC entity through another device, which is not limited in this embodiment of the present application.

The method of wireless communication according to an embodiment of the present application is described in detail above from the perspective of the terminal device and the authentication entity in conjunction with fig. 2 to 3, and the method of wireless communication according to another embodiment of the present application is described in detail below from the perspective of the SC entity in conjunction with fig. 4. It should be understood that the description of the verification object side and the description of the terminal device side correspond to each other, and similar descriptions may be referred to above, and are not repeated herein to avoid repetition.

Fig. 4 is a schematic flow chart of a method 400 of wireless communication according to yet another embodiment of the present application, as shown in fig. 4, the method 400 including:

s410, a first network device acquires first information, wherein the first information comprises pre-configured certificate information and/or pre-configured subscription information of a terminal device;

s420, the first network device sends second information to the terminal device, where the second information includes subscription information and/or certificate information that is distributed by the first network device to the terminal device and accesses the first network.

In this embodiment of the present application, the first network device may be an SC entity, and the SC entity may be disposed in an NPN network and serve as a functional module of the NPN network. Alternatively, the subscription function and the certificate function may be separately provided, for example, the subscription function may be provided in the NPN network and the certificate function may be provided in the SC entity, and for example, the certificate function may be provided in the NPN network and the subscription function may be provided in the SC entity.

Specifically, the first network device may directly obtain the first information from the terminal device, or may also receive the first information forwarded by another device, for example, a third party device or a network device in a first network, and further, in a case that the terminal device is allowed to access the first network, the first network device may allocate subscription information and/or certificate information for accessing the first network to the terminal device, and further send the newly allocated subscription information and/or certificate information for accessing the first network to the terminal device.

Optionally, in some embodiments, the first network device may also serve as a verification entity, and verify whether the first network device is allowed to access the first network according to the first information, where a specific verification manner refers to a description related to the verification entity, and is not described herein again.

In some embodiments, if the first network device may not store the root certificate information or the default subscription information of the terminal, the first network device may obtain the root certificate information or the default subscription information from a manufacturer of the terminal device, for example, may obtain the root certificate information or the default subscription information from a server interface with the manufacturer.

Optionally, in some embodiments, the first network device may also configure new certificate information or subscription information for the terminal device when the terminal device is not configured with the root certificate information or the subscription information.

Hereinafter, a method of wireless communication according to an embodiment of the present application is described from the viewpoint of device interaction, in conjunction with fig. 5 to 10.

Example one

Fig. 5 is a schematic interaction diagram of a first embodiment of the present application, in which a manufacturer of a terminal device configures a root certificate for the terminal device when the terminal device leaves a factory, and the terminal device may initiate an access request to a network device using the root certificate, as shown in fig. 5, the method 20 may include the following steps:

s21, the UE initiates an access request to the NPN, where the access request includes first information, and the first information may include preconfigured root certificate information and/or preconfigured subscription information, where the preconfigured root certificate information may include information such as a key or a password, and the preconfigured subscription information may include device identification information of the terminal device.

Optionally, in some embodiments, the access request may be a registration request message, or may also be a subscription request message, or a certificate request message, etc.

S22, after receiving the access request of the UE, the NPN may initiate a subscription application or a certificate application to the SC entity, where the subscription application or the certificate application may include the first information, and optionally, in some embodiments, the subscription application or the certificate application may include identification information of the NPN.

In other embodiments, the subscription application or the certificate application of the terminal device may not carry the first information, and in this case, the SC determines to allocate new subscription information or certificate information to the terminal device.

S24, after the SC entity receives the subscription application or the certificate application, the SC entity may determine whether to allow the UE to access the NPN according to the root certificate information and/or default subscription information of the terminal device pre-stored on the SC entity.

For example, if the certificate information in the first information matches root certificate information of the terminal device pre-stored on the SC entity, it is determined that the UE is allowed to access the NPN, otherwise, it is determined that the UE is not allowed to access the NPN.

For another example, if the subscription information in the first information matches the default subscription information of the terminal device pre-stored in the SC entity, it is determined that the UE is allowed to access the NPN, otherwise, it is determined that the UE is not allowed to access the NPN.

In other embodiments, if the SC entity does not store the root certificate information and the default subscription information of the terminal device, in S23, the SC entity may obtain the root certificate information and the default subscription information of the terminal device from a terminal manufacturer.

S25, if it is determined that the UE is allowed to access the NPN, the SC entity sends the second information to the NPN, where the second information includes certificate information and/or subscription information allocated by the SC entity for the UE to access the NPN, and the second information may be specific verification information for the NPN.

The NPN may store the second information after receiving the second information.

S26, the NPN sends the second information to the UE, so that the UE can access the NPN using the second information.

In some embodiments, the NPN sends the second information to the UE through a NAS message, which may be a registration accept message or a UE configuration update message, etc.

Example two

Fig. 6 is a schematic interaction diagram of a second embodiment of the present application, in which a UE may request to access a network through a device identity of a terminal device, as shown in fig. 6, the method 30 may include the following steps:

s31, the UE initiates a first request to the NPN, where the access request includes first information, and the first information may include device identification information of the UE.

Optionally, in some embodiments, the first request may be a registration request message, a subscription request message, a certificate request message, or the like.

S32, the NPN determines whether the UE is allowed to access the NPN.

Specifically, the NPN stores device identification information of the UE allowed to access, and determines to allow the UE to access the NPN if the device identification information of the UE is included in the device identification information of the UE allowed to access, otherwise, determines not to allow the UE to access the NPN.

S33, the NPN may send a second request to the SC entity, the second request including the first information and/or identification information of the NPN.

The SC entity may store the first information.

Alternatively, the second request may be a subscription request message or a certificate request message.

S34, the SC entity generates second information, where the second information includes certificate information and/or subscription information allocated by the SC entity for the UE to access the NPN, and the second information may be specific verification information for the NPN.

And S35, the SC entity sends the second information to the NPN, and the NPN stores the second information.

S36, the NPN sends the second information to the UE, and further the UE may access the NPN using the second information.

In some embodiments, the NPN may send the second information to the UE through a NAS message, and the specific implementation refers to the foregoing related description, which is not described herein again.

It should be understood that, in the second embodiment, the UE may also join the first network through a root certificate application, which is not limited in the embodiment of the present application, and the specific verification manner may refer to the description related to the first embodiment, and is not described herein again.

EXAMPLE III

Fig. 7 is a schematic interaction diagram of a third embodiment of the present application, and as shown in fig. 7, the method 40 may include the following steps:

s41, the UE initiates a first request to the NPN, where the first request includes first information, and the first information may include identification information of the UE and identification information of a third party device.

Optionally, in some embodiments, the first request may be a registration request message, a subscription request message, a certificate request message, or the like.

S42, the NPN sends the first information to the third party device.

Optionally, the NPN may also send the identification information of the NPN to the third-party device.

And S43, the third-party equipment determines whether to allow the UE to access the NPN according to the first information.

For example, the third party device stores device identification information of the UE allowed to access, and if the device identification information of the UE is included in the device identification information of the UE allowed to access, it is determined that the UE is allowed to access the NPN, otherwise, it is determined that the UE is not allowed to access the NPN.

Or, the third party device stores root certificate information and/or default subscription information of the terminal device, and the third party device may determine whether to allow the UE to access the NPN according to whether the first information is matched with the root certificate information and/or the default subscription information.

And S44, the third-party device feeds back the verification result to the NPN.

If the third-party device fails in feedback verification, the NPN may send a rejection message to the terminal device to reject the signing/certification request of the terminal device, and if the third-party device succeeds in feedback verification, the NPN may send the signing/certification request to the SC entity if the NPN may consider successful verification.

Further, in S45, the NPN may send a second request to the SC entity, the second request including the first information and/or the identification information of the NPN.

In some embodiments, the NPN may send the second request to the SC entity upon successful authentication.

Alternatively, the second request may be a subscription request message or a certificate request message.

S46, the SC entity generates second information, where the second information includes certificate information and/or subscription information allocated by the SC entity for the UE to access the NPN, and the second information may be specific verification information for the NPN.

And S47, the SC entity sends the second information to the NPN, and the NPN stores the second information.

S48, the NPN sends the second information to the UE, and further the UE may access the NPN using the second information.

In some embodiments, the NPN may send the second information to the UE through a NAS message, and the specific implementation refers to the foregoing related description, which is not described herein again.

It should be understood that, in the second embodiment, the UE may also join the first network through a root certificate application, which is not limited in the embodiment of the present application, and the specific verification manner may refer to the description related to the first embodiment, and is not described herein again.

Example four

Fig. 8 is a schematic interaction diagram of a fourth embodiment of the present application, and as shown in fig. 8, the method 50 may include the following steps:

s51, the UE initiates a first request to the NPN, where the first request includes first information, and the first information may include device identification information of the UE and identification information of a third-party device.

Optionally, in some embodiments, the first request may be a registration request message, a subscription request message, a certificate request message, or the like.

S52, the NPN sends the first information to the SC entity.

Optionally, the NPN may send the identification information of the NPN and/or the identification information of the third-party device to the SC entity.

S53, the SC entity sends the first information to the third-party device;

optionally, the SC entity may also send the identification information of the NPN to the third-party device.

S54, the third party device determines whether to allow the UE to access the NPN according to the first information.

For a specific verification manner, reference is made to the related description of the foregoing embodiments, which are not repeated herein.

And S55, the third-party equipment feeds back the verification result to the SC entity.

If the third-party device fails in feedback verification, the SC entity may consider the verification failed, the NPN may feed back the verification failure to the NPN to reject the subscription/certificate request of the terminal device, and if the third-party device succeeds in feedback verification, the SC entity may consider the verification successful, and the SC entity may allocate new subscription information or certificate information to the terminal device.

In case of successful verification, in S56, the SC entity generates second information, where the second information includes certificate information and/or subscription information allocated by the SC entity for the UE to access the NPN, and the second information may be specific verification information for the NPN.

And S57, the SC entity sends the second information to the NPN, and the NPN stores the second information.

S58, the NPN sends the second information to the UE, and further the UE may access the NPN using the second information.

In some embodiments, the NPN may send the second information to the UE through a NAS message, and the specific implementation refers to the foregoing related description, which is not described herein again.

It should be understood that, in the second embodiment, the UE may also join the first network through a root certificate application, which is not limited in the embodiment of the present application, and the specific verification manner may refer to the description related to the first embodiment, and is not described herein again.

EXAMPLE five

Fig. 9 is a schematic interaction diagram according to an embodiment of the present application, and as shown in fig. 9, the method 60 may include the following steps:

s61, first information is interacted between the UE and the third-party device, where the first information may include preconfigured root certificate information and/or preconfigured subscription information.

And S62, the third-party device sends the first information to the NPN.

Optionally, the third party device may send a first request to the NPN, where the first request includes the first information.

Optionally, in some embodiments, the first request may be a subscription request message, or a certificate request message, or the like. That is, the third-party device may apply for the terminal device to access the first network.

S63, NPN determines whether the third party equipment is credible;

and if the third-party equipment is trusted, the NPN trusts the first information provided by the third-party equipment, namely, the verification of the terminal equipment is determined to be successful, otherwise, the verification of the terminal equipment is determined to be failed.

In other embodiments, the NPN may also perform verification according to the verification method described in the foregoing embodiment, and for brevity, no further description is provided here.

S64, the NPN sends a second request to the SC entity, the second request including the first information.

Optionally, the second request may further include identification information of the NPN and/or identification information of a third-party device.

Alternatively, the second request may be a subscription request message or a certificate request message.

In case of successful verification, in S65, the SC entity generates second information, where the second information includes certificate information and/or subscription information allocated by the SC entity for the UE to access the NPN, and the second information may be specific verification information for the NPN.

And S66, the SC entity sends the second information to the NPN, and the NPN stores the second information.

S67, the NPN sends the second information to a third-party device;

s68, the third party device sends the second information to the UE, and further the UE may access the NPN using the second information.

Optionally, in this fifth embodiment, the third party device may also send the first information and the identification information of the third party device to the SC entity, and the SC entity determines whether the third party device is trusted, and trusts the identification information of the UE provided by the third party device under the condition that the third party device is trusted, and further may allocate new certificate information and/or subscription information to the terminal device. Alternatively, the SC entity may also perform verification by referring to the verification method in the foregoing embodiment, and details are not described here for brevity.

EXAMPLE six

Fig. 10 is a schematic interaction diagram according to an embodiment of the present application, and as shown in fig. 10, the method 70 may include the steps of:

s71, the third party device sends first information to the NPN, where the first information may include preconfigured root certificate information and/or preconfigured subscription information.

In the sixth embodiment, the third party device may provide the verification information of the terminal device to the NPN in advance, so that when the terminal device initiates the subscription/certificate request, the NPN may directly verify whether to allow the terminal device to obtain the subscription information or the certificate information according to the first information.

S72, the UE initiates a subscription request or a certificate request to the NPN.

Optionally, the subscription request or the certificate request comprises the first information.

S73, the NPN determines whether the UE is allowed to access the NPN.

For specific implementation, reference is made to the related description of the foregoing embodiments, which are not repeated herein.

If the verification is successful, in S74, the NPN may send a second request to the SC entity, where the second request includes the first information and/or identification information of the NPN.

S75, the SC entity generates second information and sends the second information to the NPN. The NPN stores the second information

S76, the NPN sends the second information to the UE, and further the UE may access the NPN using the second information.

In some embodiments, the NPN may send the second information to the UE through a NAS message, and the specific implementation refers to the foregoing related description, which is not described herein again.

While method embodiments of the present application are described in detail above with reference to fig. 2-10, apparatus embodiments of the present application are described in detail below with reference to fig. 11-15, it being understood that apparatus embodiments correspond to method embodiments and that similar descriptions may be had with reference to method embodiments.

Fig. 11 shows a schematic block diagram of a device 600 for wireless communication according to an embodiment of the application. As shown in fig. 11, the apparatus 600 includes:

a communication module 610, configured to send first information to a first network device, where the first information includes preconfigured certificate information and/or preconfigured subscription information; and

and receiving second information sent by the first network equipment, wherein the second information comprises certificate information and/or subscription information which is distributed by the first network equipment for the equipment and is accessed to the first network.

Optionally, in some embodiments, the preconfigured credential information comprises key information and/or password information for accessing the first network, the preconfigured credential information comprising identification information of a preconfigured device.

Optionally, in some embodiments, the identification information of the device is device identification information of the device.

Optionally, in some embodiments, the communication module is specifically configured to: and sending the first information to the first network equipment through first equipment, wherein the first equipment comprises network equipment and/or third-party equipment in the first network.

Optionally, in some embodiments, the first device is a network device in the first network, and the communication module is specifically configured to:

and sending a first message to the first device, wherein the first message comprises the first information, and the first message is used for requesting to register to the first network or requesting to acquire certificate information and/or subscription information.

Optionally, in some embodiments, the first message further includes identification information of a third party device.

Optionally, in some embodiments, the communication module is further configured to: and receiving second information sent by the first network equipment through second equipment, wherein the second equipment comprises network equipment and/or third-party equipment in the first network.

Optionally, in some embodiments, the communication module is specifically configured to:

receiving a second message sent by the second device, where the second message includes the second information, the second device is a core network device of the first network, and the second message is a non-access stratum (NAS) message.

Optionally, in some embodiments, the NAS message is a registration accept message or a terminal equipment UE configuration update message.

Optionally, in some embodiments, the first network device is a subscription and certificate SC entity.

Specifically, the device 600 may correspond to (for example, may be configured with or be itself the terminal device described in the method 200), and each module or unit in the device 600 is respectively configured to execute each action or processing procedure executed by the terminal device in the method 200, and here, detailed descriptions thereof are omitted to avoid redundant description.

Fig. 12 is a schematic block diagram of a device for wireless communication according to an embodiment of the present application. The apparatus 700 of fig. 12 comprises:

a communication module 710, configured to receive first information, where the first information includes preconfigured certificate information and/or preconfigured subscription information of a terminal device;

a verifying module 720, configured to verify whether the terminal device is allowed to obtain the certificate information and/or the subscription information for accessing the first network according to the first information.

Optionally, in some embodiments, the preconfigured certificate information comprises key information and/or password information for accessing the first network, the preconfigured certificate information comprising identification information of a preconfigured terminal device.

Optionally, in some embodiments, the identification information of the terminal device is device identification information of the terminal device.

Optionally, in some embodiments, the device is a network device in the first network, or the device is a third party device, or the device is a subscription and certificate SC entity.

Optionally, in some embodiments, the communication module is specifically configured to: and receiving the first information sent by the terminal equipment.

Optionally, in some embodiments, the device is a third-party device, and the communication module is specifically configured to: and receiving the first information sent by the terminal device through a third device, wherein the third device comprises a network device and/or an SC entity in the first network.

Optionally, in some embodiments, the communication module is further configured to:

and receiving a third message sent by the third device, wherein the third message comprises the first information.

Optionally, in some embodiments, the third message further includes identification information of a network device in the first network.

Optionally, in some embodiments, the verification module is specifically configured to:

determining whether to allow the terminal device to obtain certificate information and/or subscription information for accessing a first network according to the first information in combination with pre-stored verification information, wherein the pre-stored verification information includes at least one of the following: the first network terminal device comprises root certificate information, default subscription information and device identification information capable of accessing the first network terminal device.

Optionally, in some embodiments, the communication module is further configured to: and if the terminal equipment is allowed to access the first network, sending a fourth message to an SC entity, wherein the fourth message is used for requesting the SC entity to distribute second information to the terminal equipment, and the second information comprises certificate information and/or subscription information used for the terminal equipment to access the first network.

Optionally, in some embodiments, the communication module is further configured to:

receiving second information sent by the SC entity, wherein the second information comprises subscription information and/or certificate information which is distributed by the SC entity for the terminal equipment and is accessed to the first network;

and sending the second information to the terminal equipment.

Specifically, the device 700 may correspond to (e.g., may be configured to or be the first device described in the method 400, and each module or unit in the device 700 is respectively configured to execute each action or processing procedure executed by the first device in the method 300, and a detailed description thereof is omitted here for avoiding redundancy.

Fig. 13 is a schematic block diagram of a device for wireless communication according to an embodiment of the application. The apparatus 800 of fig. 13 includes:

the acquisition module acquires first information, wherein the first information comprises preconfigured certificate information and/or preconfigured subscription information of the terminal equipment;

a communication module 810, configured to send second information to the terminal device, where the second information includes subscription information and/or certificate information that is distributed by the first network device for the terminal device and accesses the first network.

Optionally, in some embodiments, the communication module is further configured to: and receiving first information sent by the terminal equipment.

Optionally, in some embodiments, the communication module is specifically configured to:

and receiving the first information sent by the terminal equipment through first equipment, wherein the first equipment comprises network equipment and/or third-party equipment in the first network.

Optionally, in some embodiments, the obtaining module is further configured to: and obtaining the first information from the manufacturer of the terminal equipment.

Optionally, in some embodiments, the communication module is further configured to: and sending the second information to the terminal equipment through second equipment, wherein the second equipment comprises network equipment and/or third-party equipment of the first network.

Optionally, in some embodiments, the device is a subscription and certificate SC entity.

Specifically, the device 800 may correspond to (e.g., may be configured with or be itself the first network device described in the method 400), and each module or unit in the device 800 is respectively configured to execute each action or processing procedure executed by the first network device in the method 400, and here, a detailed description thereof is omitted to avoid redundancy.

Fig. 14 is a schematic structural diagram of a communication device 900 according to an embodiment of the present application. The communication device 900 shown in fig. 14 includes a processor 910, and the processor 910 can call and run a computer program from a memory to implement the method in the embodiment of the present application.

Optionally, as shown in fig. 14, the communication device 900 may further include a memory 920. From the memory 920, the processor 910 can call and run a computer program to implement the method in the embodiment of the present application.

The memory 920 may be a separate device from the processor 910, or may be integrated in the processor 910.

Optionally, as shown in fig. 14, the communication device 900 may further include a transceiver 930, and the processor 910 may control the transceiver 930 to communicate with other devices, and specifically, may transmit information or data to the other devices or receive information or data transmitted by the other devices.

The transceiver 930 may include a transmitter and a receiver, among others. The transceiver 930 may further include one or more antennas.

Optionally, the communication device 900 may specifically be a network device in this embodiment, and the communication device 900 may implement a corresponding process implemented by the network device in each method in this embodiment, which is not described herein again for brevity.

Optionally, the communication device 900 may specifically be a mobile terminal/terminal device according to this embodiment, and the communication device 900 may implement a corresponding process implemented by the mobile terminal/terminal device in each method according to this embodiment, which is not described herein again for brevity.

Fig. 15 is a schematic structural diagram of a chip of an embodiment of the present application. The chip 1000 shown in fig. 15 includes a processor 1010, and the processor 1010 may call and run a computer program from a memory to implement the method in the embodiment of the present application.

Optionally, as shown in fig. 15, the chip 1000 may further include a memory 1020. From the memory 1020, the processor 1010 may call and execute a computer program to implement the method in the embodiment of the present application.

The memory 1020 may be a separate device from the processor 1010 or may be integrated into the processor 1010.

Optionally, the chip 1000 may further include an input interface 1030. The processor 1010 may control the input interface 1030 to communicate with other devices or chips, and specifically may obtain information or data transmitted by the other devices or chips.

Optionally, the chip 1000 may further include an output interface 1040. The processor 1010 may control the output interface 1040 to communicate with other devices or chips, and may particularly output information or data to the other devices or chips.

Optionally, the chip may be applied to the network device in the embodiment of the present application, and the chip may implement the corresponding process implemented by the network device in each method in the embodiment of the present application, and for brevity, details are not described here again.

Optionally, the chip may be applied to the mobile terminal/terminal device in the embodiment of the present application, and the chip may implement the corresponding process implemented by the mobile terminal/terminal device in each method in the embodiment of the present application, and for brevity, no further description is given here.

It should be understood that the chips mentioned in the embodiments of the present application may also be referred to as a system-on-chip, a system-on-chip or a system-on-chip, etc.

The embodiment of the application also provides a communication system. The system comprises the terminal equipment, the verification entity and the SC entity in the embodiment.

The terminal device may be configured to implement the corresponding function implemented by the terminal device in the foregoing method, and the verification entity is configured to implement the corresponding function implemented by the first device in the foregoing method, and the SC entity may be configured to implement the corresponding function implemented by the first network device in the foregoing method, which is not described herein again for brevity.

It should be understood that the processor of the embodiments of the present application may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method embodiments may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, or discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.

It will be appreciated that the memory in the embodiments of the subject application can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. The non-volatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of example, but not limitation, many forms of RAM are available, such as Static random access memory (Static RAM, SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic random access memory (Synchronous DRAM, SDRAM), Double Data Rate Synchronous Dynamic random access memory (DDR SDRAM), Enhanced Synchronous SDRAM (ESDRAM), Synchronous link SDRAM (SLDRAM), and Direct Rambus RAM (DR RAM). It should be noted that the memory of the systems and methods described herein is intended to comprise, without being limited to, these and any other suitable types of memory.

It should be understood that the above memories are exemplary but not limiting illustrations, for example, the memories in the embodiments of the present application may also be Static Random Access Memory (SRAM), dynamic random access memory (dynamic RAM, DRAM), Synchronous Dynamic Random Access Memory (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (enhanced SDRAM, ESDRAM), Synchronous Link DRAM (SLDRAM), Direct Rambus RAM (DR RAM), and the like. That is, the memory in the embodiments of the present application is intended to comprise, without being limited to, these and any other suitable types of memory.

The embodiment of the application also provides a computer readable storage medium for storing the computer program.

Optionally, the computer-readable storage medium may be applied to the network device in the embodiment of the present application, and the computer program enables the computer to execute the corresponding process implemented by the network device in each method in the embodiment of the present application, which is not described herein again for brevity.

Optionally, the computer-readable storage medium may be applied to the mobile terminal/terminal device in the embodiment of the present application, and the computer program enables the computer to execute the corresponding process implemented by the mobile terminal/terminal device in each method in the embodiment of the present application, which is not described herein again for brevity.

Embodiments of the present application also provide a computer program product comprising computer program instructions.

Optionally, the computer program product may be applied to the network device in the embodiment of the present application, and the computer program instructions enable the computer to execute corresponding processes implemented by the network device in the methods in the embodiment of the present application, which are not described herein again for brevity.

Optionally, the computer program product may be applied to the mobile terminal/terminal device in the embodiment of the present application, and the computer program instructions enable the computer to execute the corresponding processes implemented by the mobile terminal/terminal device in the methods in the embodiment of the present application, which are not described herein again for brevity.

The embodiment of the application also provides a computer program.

Optionally, the computer program may be applied to the network device in the embodiment of the present application, and when the computer program runs on a computer, the computer is enabled to execute the corresponding process implemented by the network device in each method in the embodiment of the present application, and for brevity, details are not described here again.

Optionally, the computer program may be applied to the mobile terminal/terminal device in the embodiment of the present application, and when the computer program runs on a computer, the computer is enabled to execute the corresponding process implemented by the mobile terminal/terminal device in each method in the embodiment of the present application, which is not described herein again for brevity.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (59)

1. A method of wireless communication, the method comprising:

   the terminal equipment sends first information to first network equipment, wherein the first information comprises preconfigured certificate information and/or preconfigured subscription information;

   and the terminal equipment receives second information sent by the first network equipment, wherein the second information comprises certificate information and/or subscription information which is distributed by the first network equipment for the terminal equipment and is accessed to the first network.
2. The method of claim 1, wherein the preconfigured certificate information comprises key information and/or password information for accessing the first network, and wherein the preconfigured certificate information comprises identification information of a preconfigured terminal device.
3. The method according to claim 2, wherein the identification information of the terminal device is device identification information of the terminal device.
4. The method according to any of claims 1 to 3, wherein the terminal device sends first information to the first network device, comprising:

   and the terminal equipment sends the first information to the first network equipment through first equipment, wherein the first equipment comprises network equipment and/or third-party equipment in the first network.
5. The method of claim 4, wherein the first device is a network device in the first network, and wherein the sending, by the terminal device, the first information to the first network device by the first device comprises:

   the terminal device sends a first message to the first device, where the first message includes the first information, where the first message is used to request registration to the first network, or the first message is used to request acquisition of certificate information and/or subscription information.
6. The method of claim 5, wherein the first message further comprises identification information of a third party device.
7. The method according to any one of claims 1 to 6, wherein the receiving, by the terminal device, the second information sent by the first network device comprises:

   and the terminal equipment receives second information sent by the first network equipment through second equipment, wherein the second equipment comprises network equipment and/or third-party equipment in the first network.
8. The method of claim 7, wherein the receiving, by the terminal device, the second information sent by the first network device through the second device comprises:

   and the terminal device receives a second message sent by the second device, where the second message includes the second information, the second device is a core network device of the first network, and the second message is a non-access stratum (NAS) message.
9. The method of claim 8, wherein the NAS message is a registration accept message or a terminal equipment UE configuration update message.
10. The method according to any of claims 1 to 9, wherein the first network device is a subscription and certificate, SC, entity.
11. A method of wireless communication, comprising:

    the method comprises the steps that first information is received by first equipment, and the first information comprises pre-configured certificate information and/or pre-configured subscription information of terminal equipment;

    and the first equipment verifies whether the terminal equipment is allowed to obtain certificate information and/or subscription information accessed to the first network or not according to the first information.
12. The method of claim 11, wherein the preconfigured certificate information comprises key information and/or password information for accessing the first network, and wherein the preconfigured certificate information comprises identification information of a preconfigured terminal device.
13. The method according to claim 12, wherein the identification information of the terminal device is device identification information of the terminal device.
14. The method according to any of claims 11 to 13, wherein the first device is a network device in the first network, or the first device is a third party device, or the first device is a subscription and certificate, SC, entity.
15. The method according to any of claims 11 to 14, wherein the first device receives first information comprising:

    and the first equipment receives the first information sent by the terminal equipment.
16. The method of claim 15, wherein the first device is a third-party device, and wherein the first device receives first information, comprising:

    the first device receives the first information sent by the terminal device through a third device, where the third device includes a network device and/or an SC entity in the first network.
17. The method of claim 16, further comprising:

    and the first equipment receives a third message sent by the third equipment, wherein the third message comprises the first information.
18. The method of claim 17, wherein the third message further comprises identification information of a network device in the first network.
19. The method according to any of claims 11 to 18, wherein the first device verifying whether the terminal device is allowed to access the first network according to the first information comprises:

    the first device determines whether to allow the terminal device to obtain certificate information and/or subscription information of accessing a first network according to the first information in combination with pre-stored verification information, wherein the pre-stored verification information includes at least one of the following: the first network terminal device comprises root certificate information, default subscription information and device identification information capable of accessing the first network terminal device.
20. The method according to any one of claims 11 to 19, further comprising:

    if the terminal equipment is allowed to access the first network, the equipment sends a fourth message to an SC entity, wherein the fourth message is used for requesting the SC entity to distribute second information to the terminal equipment, and the second information comprises certificate information and/or subscription information used for the terminal equipment to access the first network.
21. The method of claim 20, further comprising:

    the first device receives second information sent by the SC entity, where the second information includes subscription information and/or certificate information that the SC entity allocates to the terminal device and accesses the first network;

    and the first equipment sends the second information to the terminal equipment.
22. A method of wireless communication, comprising:

    the method comprises the steps that first network equipment acquires first information, wherein the first information comprises preconfigured certificate information and/or preconfigured subscription information of terminal equipment;

    and the first network equipment sends second information to the terminal equipment, wherein the second information comprises subscription information and/or certificate information which is distributed by the first network equipment for the terminal equipment and is accessed to the first network.
23. The method of claim 22, wherein the first network device obtains the first information, comprising:

    and the first network equipment receives first information sent by the terminal equipment.
24. The method of claim 22, wherein the receiving, by the first network device, the first information sent by the terminal device comprises:

    the first network device receives the first information sent by the terminal device through the first device, wherein the first device comprises a network device and/or a third-party device in the first network.
25. The method of claim 22, wherein the first network device obtains the first information, comprising:

    and the first network equipment acquires the first information from a manufacturer of the terminal equipment.
26. The method according to any of claims 22 to 25, wherein the first network device sends second information to the terminal device, comprising:

    and the first network equipment sends the second information to the terminal equipment through second equipment, wherein the second equipment comprises network equipment and/or third-party equipment of the first network.
27. The method according to any of claims 22 to 26, wherein said first network device is a subscription and certificate, SC, entity.
28. An apparatus of wireless communication, the method comprising:

    a communication module, configured to send first information to a first network device, where the first information includes preconfigured certificate information and/or preconfigured subscription information; and

    and receiving second information sent by the first network equipment, wherein the second information comprises certificate information and/or subscription information which is distributed by the first network equipment for the equipment and is accessed to the first network.
29. The apparatus of claim 28, wherein the preconfigured credential information comprises key information and/or password information for accessing the first network, and wherein the preconfigured credential information comprises identification information of a preconfigured device.
30. The apparatus of claim 29, wherein the identification information of the apparatus is apparatus identification information of the apparatus.
31. The device according to any one of claims 28 to 30, wherein the communication module is specifically configured to: and sending the first information to the first network equipment through first equipment, wherein the first equipment comprises network equipment and/or third-party equipment in the first network.
32. The device of claim 31, wherein the first device is a network device in the first network, and wherein the communication module is specifically configured to:

    and sending a first message to the first device, wherein the first message comprises the first information, and the first message is used for requesting to register to the first network or requesting to acquire certificate information and/or subscription information.
33. The device of claim 32, wherein the first message further comprises identification information of a third party device.
34. The device of any of claims 28-33, wherein the communication module is further configured to: and receiving second information sent by the first network equipment through second equipment, wherein the second equipment comprises network equipment and/or third-party equipment in the first network.
35. The device of claim 34, wherein the communication module is specifically configured to:

    receiving a second message sent by the second device, where the second message includes the second information, the second device is a core network device of the first network, and the second message is a non-access stratum (NAS) message.
36. The apparatus of claim 35, wherein the NAS message is a registration accept message or a terminal equipment UE configuration update message.
37. The device according to any of claims 28 to 36, wherein said first network device is a subscription and certificate SC entity.
38. An apparatus for wireless communication, comprising:

    a communication module, configured to receive first information, where the first information includes preconfigured certificate information and/or preconfigured subscription information of a terminal device;

    and the verification module is used for verifying whether the terminal equipment is allowed to obtain the certificate information and/or the subscription information of the first network according to the first information.
39. The apparatus of claim 38, wherein the preconfigured certificate information comprises key information and/or password information for accessing the first network, and wherein the preconfigured certificate information comprises identification information of a preconfigured terminal device.
40. The device of claim 39, wherein the identification information of the terminal device is device identification information of the terminal device.
41. The device according to any of claims 38 to 40, wherein the device is a network device in the first network, or the device is a third party device, or the device is a subscription and certificate, SC, entity.
42. The device according to any one of claims 38 to 41, wherein the communication module is specifically configured to: and receiving the first information sent by the terminal equipment.
43. The device according to claim 42, wherein the device is a third-party device, and the communication module is specifically configured to: and receiving the first information sent by the terminal device through a third device, wherein the third device comprises a network device and/or an SC entity in the first network.
44. The device of claim 43, wherein the communication module is further configured to:

    and receiving a third message sent by the third device, wherein the third message comprises the first information.
45. The device of claim 44, wherein the third message further comprises identification information of a network device in the first network.
46. The device according to any one of claims 38 to 45, wherein the verification module is specifically configured to:

    determining whether to allow the terminal device to obtain certificate information and/or subscription information for accessing a first network according to the first information in combination with pre-stored verification information, wherein the pre-stored verification information includes at least one of the following: the first network terminal device comprises root certificate information, default subscription information and device identification information capable of accessing the first network terminal device.
47. The device of any of claims 38-46, wherein the communication module is further configured to: and if the terminal equipment is allowed to access the first network, sending a fourth message to an SC entity, wherein the fourth message is used for requesting the SC entity to distribute second information to the terminal equipment, and the second information comprises certificate information and/or subscription information used for the terminal equipment to access the first network.
48. The device of claim 47, wherein the communication module is further configured to:

    receiving second information sent by the SC entity, wherein the second information comprises subscription information and/or certificate information which is distributed by the SC entity for the terminal equipment and is accessed to the first network;

    and sending the second information to the terminal equipment.
49. An apparatus for wireless communication, comprising:

    the acquisition module acquires first information, wherein the first information comprises preconfigured certificate information and/or preconfigured subscription information of the terminal equipment;

    and the communication module is used for sending second information to the terminal equipment, wherein the second information comprises subscription information and/or certificate information which is distributed by the first network equipment for the terminal equipment and is accessed to the first network.
50. The device of claim 49, wherein the communication module is further configured to:

    and receiving first information sent by the terminal equipment.
51. The device of claim 50, wherein the communication module is specifically configured to:

    and receiving the first information sent by the terminal equipment through first equipment, wherein the first equipment comprises network equipment and/or third-party equipment in the first network.
52. The device of claim 49, wherein the obtaining module is further configured to:

    and obtaining the first information from the manufacturer of the terminal equipment.
53. The device of any of claims 49-52, wherein the communication module is further configured to: and sending the second information to the terminal equipment through second equipment, wherein the second equipment comprises network equipment and/or third-party equipment of the first network.
54. The device according to any of claims 49 to 53, wherein said device is a subscription and certificate SC entity.
55. An apparatus for wireless communication, comprising: a processor and a memory for storing a computer program, the processor being configured to invoke and execute the computer program stored in the memory, to perform the method of any of claims 1 to 10, or the method of any of claims 11 to 21, or the method of any of claims 22 to 27.
56. A chip, comprising: a processor for calling and running a computer program from a memory so that a device on which the chip is installed performs the method of any of claims 1 to 10, or the method of any of claims 11 to 21, or the method of any of claims 22 to 27.
57. A computer-readable storage medium for storing a computer program which causes a computer to perform the method of any one of claims 1 to 10, or the method of any one of claims 11 to 21, or the method of any one of claims 22 to 27.
58. A computer program product comprising computer program instructions to cause a computer to perform the method of any of claims 1 to 10, or the method of any of claims 11 to 21, or the method of any of claims 22 to 27.
59. A computer program, characterized in that the computer program causes a computer to perform the method of any of claims 1 to 10, or the method of any of claims 11 to 21, or the method of any of claims 22 to 27.

Images