CN113645621A - Secure communication method and device - Google Patents

Abstract

The embodiment of the application discloses a secure communication method and a device, wherein the method comprises the following steps: the first NF sends a first request message to a third NF, wherein the first request message carries first pseudonym information of a first user identifier of the terminal equipment; in response to the first request message, the third NF determining trusted attributes of the first subscriber identity; and if the credible attribute of the first user identifier meets the preset condition, the third NF sends a first response message to the first NF, wherein the first response message carries second pseudonym information of the first user identifier. In the method, the first user identification exists between different NF in a pseudonymization mode, so that the first user identification is prevented from being tampered or intercepted by an untrusted NF and the like, and the safety of the first user identification is improved.

Description

Secure communication method and device

Technical Field

The present application relates to the field of communications technologies, and in particular, to a secure communication method and apparatus.

Background

In a wireless communication system, a terminal device may communicate with one or more core devices through an access device in a radio access network. For example, when the terminal device communicates with the application server, a message sent from the terminal device may reach the application server through a plurality of core devices, such as a first Network Function (NF), a second NF, a third NF, and the like.

Meanwhile, operators and government agencies of various countries pay attention to the security problem of the fifth generation communication system (5th-generation, 5G). For example, in network deployment, there may be a risk of malicious disclosure of user privacy and data.

Therefore, how to improve the credible security degree of the network and reduce the risk, the weak link is not utilized by anyone, and the security threat can be effectively dealt with is a problem which is being researched by the technical personnel in the field.

Disclosure of Invention

The application provides a secure communication method and a secure communication device, which can effectively improve the security of information interaction between terminal equipment and NF.

In a first aspect, the present application provides a secure communication method, including: a first Network Function (NF) sends a first request message to a third NF, wherein the first request message carries first pseudonym information of a first user identifier of a terminal device; in response to the first request message, the third NF determining a trusted attribute of the first subscriber identity; and if the credible attribute of the first user identifier meets the preset condition, the third NF sends a first response message to the first NF, wherein the first response message carries second pseudonym information of the first user identifier.

The trusted attribute of the first user identifier shown above meets the preset condition, and it can also be understood that the trusted attribute of the terminal device meets the preset condition. In the embodiment of the application, if the trusted attribute of the first user identifier meets the preset condition, the first user identifier may exist between different NFs in a pseudonymization manner, so that the first user identifier is prevented from being tampered or intercepted by an untrusted or unsafe NF, and the like, the first user identifier is effectively protected, and the security of the first user identifier is improved.

In one possible implementation, the third NF sending the first response message to the first NF includes: and if the credibility level of the first NF is matched with the preset level, the third NF sends a first response message to the first NF.

In the embodiment of the application, the preset level is used for measuring the credibility levels of different NF. For example, the trust level includes a strong trust level, a weak trust level and an untrusted level, and the preset level may be the weak trust level or the untrusted level, and the like. For another example, the trust level includes a high trust level, a low trust level and an untrusted level, and the preset level may be the low trust level or the untrusted level. That is, when the first NF has a low trust level, in order to protect the first subscriber identity, the third NF may send pseudonym information (i.e., second pseudonym information) of the first subscriber identity to the first NF.

In one possible implementation, the method further includes: and if the credibility level of the first NF does not match the preset level, the third NF sends a response message carrying the first user identification to the first NF.

That is, when the trust level of the first NF is high, the third NF may trust the first NF, and thus may send a real user identifier, such as the first user identifier, to the first NF.

In one possible implementation, the third NF sending the first response message to the first NF includes: and if the credibility level of the security domain where the first NF is located is matched with the preset level, the third NF sends a first response message to the first NF.

In the embodiment of the application, the credibility levels can be distinguished among different NF, and meanwhile, the credibility levels of different security domains can be distinguished. For example, in the method provided by the present application, a first security domain, a second security domain, and the like may be distinguished, and the trust level of the first security domain is different from that of the second security domain. If the first NF is located in the first security domain and the credibility level of the first security domain is weak, the third NF can send second pseudonym information of the first user identification to the first NF. Or, if the trust level of the first security domain is stronger (e.g., does not match the preset level), the third NF may send a real user identifier, such as the first user identifier, to the first NF.

In one possible implementation, the third NF determining the trusted attribute of the first subscriber identity includes: the third NF confirms the credible attribute of the first user identification according to the signing grade of the first user identification; or the third NF determines the credible attribute of the first user identifier according to the session attribute of the first user identifier; or the third NF determines the credible attribute of the first user identification according to the industry requirement of the first user identification.

The subscription level, the session attribute, or the industry requirement of the first subscriber identity shown above may also be understood as the subscription level, the session attribute, or the industry requirement of the terminal device. The trusted property of the first subscriber identity may be used to indicate whether the first subscriber identity needs to be pseudonymized. Alternatively, a trusted attribute of the first subscriber identity may be used to indicate whether the first subscriber identity needs to be protected, etc.

In one possible implementation manner, before the third NF sends the first response message to the first NF, the method further includes: and the third NF obtains a first user identifier according to the first pseudonym information and generates second pseudonym information according to the first user identifier.

In this embodiment, the third NF may obtain the first subscriber identity according to the correspondence between the first subscriber identity and the first pseudonym information. That is, the third NF stores a correspondence relationship between the first subscriber identity and the first pseudonym information. The correspondence relationship may also be understood as a mapping relationship, and the like, and this is not limited in the embodiment of the present application.

In one possible implementation, the method further includes: and the third NF stores the corresponding relation between the second pseudonym information and the first user identification.

In one possible implementation manner, before the third NF sends the first response message to the first NF, the method further includes: the third NF sends a second request message to a fourth NF, wherein the second request message carries the first pseudonym information; in response to the second request message, the fourth NF obtains a first user identifier according to the first pseudonym information, and generates second pseudonym information according to the first user identifier; and the fourth NF sends the second pseudonym information to the third NF, and the third NF receives the second pseudonym information.

In this embodiment of the application, a correspondence between the first user identifier and the first pseudonymous name information may also be stored in the fourth NF. And after the third NF determines that the credible attribute of the first user identification meets the preset condition, the third NF requests second pseudonym information from a fourth NF.

Optionally, in the method shown above, it is described that the third NF determines a trusted property of the first subscriber identity. Optionally, the fourth NF may also store the subscription level of the first subscriber identity, and the like. In other words, the first NF may further send the first request message to a fourth NF, where the fourth NF determines the trusted attribute of the first subscriber identity, and sends the first response message to the first NF when the trusted attribute of the first subscriber identity meets the preset condition.

It can be understood that, as to how the third NF or the fourth NF generates the second pseudonymous name information, the embodiment of the present application is not limited.

In a second aspect, the present application provides a secure communication method, comprising: the first NF sends a first request message to a third NF, wherein the first request message carries first pseudonym information of a first user identifier of the terminal equipment; the first NF receives a first response message from the third NF, wherein the first response message carries second pseudonym information of the first user identification.

With reference to the first aspect or the second aspect, in a possible implementation manner, after receiving the first response message, the first NF may generate a root key (Kamf) according to the second pseudonym information carried in the first response message.

With reference to the first aspect or the second aspect, in a possible implementation manner, the first response message may further carry a root key. In this case, the terminal device may generate the root key from the first subscriber identity. No influence on the terminal device is guaranteed, and therefore, a key derivation algorithm 1 (e.g., KDF1) in which the third NF (or the fourth NF) generates the second pseudonym information from the first subscriber identity, and a key derivation algorithm 2 (e.g., KDF2) in which the root key is generated from the second pseudonym information need to satisfy the following conditions: the third NF (or the fourth NF) generates a root key that is the same as the root key generated by the terminal device.

With reference to the first aspect or the second aspect, in a possible implementation manner, the first response message may further carry third indication information, where the third indication information is used to indicate that the first NF generates the root key according to the second pseudonym information. In this case, the root key generated by the terminal device according to the first subscriber identity also needs to be the same as the root key generated by the first NF according to the second pseudonym information.

It will be appreciated that in the method shown above, the terminal device may still generate the root key from the first subscriber identity. The embodiment of the present application further provides a method, for example, the terminal device generates a root key according to the second pseudonym information. As follows:

with reference to the first aspect or the second aspect, in a possible implementation manner, the first response message further carries first indication information and/or second indication information, where the first indication information is used to indicate generation of the second pseudonym information and/or the root key, and the second indication information is used to indicate generation of the user plane key.

With reference to the first aspect or the second aspect, in a possible implementation manner, the method further includes: if the first response message carries the first indication information, the first NF generates a root key according to the second pseudonym information; and the first NF sends first indication information to the terminal equipment.

The first indication information may be used to instruct the terminal device to generate the second pseudonym information. Alternatively, the first indication information may be used to instruct the terminal device to generate the root key according to the second pseudonym information.

With reference to the first aspect or the second aspect, in a possible implementation manner, the method further includes: if the first response message carries second indication information, the first NF generates a user plane key according to the second pseudonym information; and the first NF sends second indication information to the terminal equipment.

Wherein the second indication information can be used for indicating the terminal device to generate the user plane key.

With reference to the first aspect or the second aspect, in a possible implementation manner, the method further includes: the first NF sends the user plane key to the user plane function.

After receiving the user plane key, the user plane function may interact with the terminal device according to the user plane key. The user plane key is obtained according to the second pseudonym information, so that the first user identification is protected, data between the terminal equipment and the user plane function is protected according to the user plane key, and the safety of information interaction is improved.

In a third aspect, the present application provides a secure communication method, including: a third NF receives a first request message from the first NF, wherein the first request message carries first pseudonym information of a first user identifier of a terminal device; in response to the first request message, the third NF determining a trusted attribute of the first subscriber identity; and if the credible attribute of the first user identifier meets the preset condition, the third NF sends a first response message to the first NF, wherein the first response message carries second pseudonym information of the first user identifier.

In one possible implementation, the third NF sending the first response message to the first NF includes: and if the credibility level of the first NF is matched with the preset level, the third NF sends a first response message to the first NF.

In one possible implementation, the method further includes: and if the credibility level of the first NF does not match the preset level, the third NF sends a response message carrying the first user identification to the first NF.

In one possible implementation, the third NF sending the first response message to the first NF includes: and if the credibility level of the security domain where the first NF is located is matched with the preset level, the third NF sends a first response message to the first NF.

In one possible implementation, the third NF determining the trusted attribute of the first subscriber identity includes: the third NF confirms the credible attribute of the first user identification according to the signing grade of the first user identification; or the third NF determines the credible attribute of the first user identifier according to the session attribute of the first user identifier; or the third NF determines the credible attribute of the first user identification according to the industry requirement of the first user identification.

In one possible implementation manner, before the third NF sends the first response message to the first NF, the method further includes: and the third NF obtains a first user identifier according to the first pseudonym information and generates second pseudonym information according to the first user identifier.

In one possible implementation, the method further includes: and the third NF stores the corresponding relation between the second pseudonym information and the first user identification.

In one possible implementation manner, before the third NF sends the first response message to the first NF, the method further includes: the third NF sends a second request message to a fourth NF, wherein the second request message carries the first pseudonym information; the third NF receives second pseudonym information from the fourth NF.

It is understood that the method performed by the third NF shown above may also be performed by the fourth NF. For example, the fourth NF may receive first pseudonym information of a first subscriber identity of the terminal device; then determining the credible attribute of the first user identification; if the trusted attribute of the first subscriber identity meets the preset condition, the fourth NF may send second pseudonym information. For example, the fourth NF may receive the first request message from the first NF directly, etc.; alternatively, the fourth NF may also receive a request message from a third NF, etc. For another example, the fourth NF may further generate second pseudonym information, and store a correspondence between the second pseudonym information and the first subscriber identity.

In a fourth aspect, the present application provides a secure communication method, including: the fourth NF receives a second request message from the third NF, wherein the second request message carries first pseudonym information of the first user identification of the terminal equipment; in response to the second request message, the fourth NF obtains a first user identifier according to the first pseudonym information, and generates second pseudonym information according to the first user identifier; the fourth NF sends the second pseudonym information to the third NF.

In one possible implementation, the fourth NF stores a correspondence between the second pseudonym information and the first subscriber identity.

In a fifth aspect, the present application provides a secure communication method, including: the terminal equipment receives first indication information sent by a first NF, wherein the first indication information is used for indicating the terminal equipment to generate second pseudonym information and/or a root key; the terminal equipment generates second pseudonym information according to the first user identification; the terminal equipment generates a root key according to the second pseudonym information; the terminal device generates an access layer key and/or a non-access layer key according to the root key, the access layer key is used for protecting data and/or signaling between the terminal device and the access device, and the non-access layer key is used for protecting data and/or signaling between the terminal device and the first NF.

In a sixth aspect, the present application provides a secure communication method, including: the terminal equipment receives second indication information sent by the first NF, wherein the second indication information is used for indicating the terminal equipment to generate a user plane key; the terminal equipment generates second pseudonym information according to the first user identification; the terminal equipment generates a root key according to the second pseudonym information; and the terminal equipment generates a user plane key according to the root key, wherein the user plane key is used for protecting data between the terminal equipment and the user plane function.

In a seventh aspect, the present application provides a secure communication method, including: a first Network Function (NF) sends a third request message to a network storage function (NRF), the third request message carrying a trust level; in response to the third request message, the NRF determines a second NF according to the trust level; the NRF transmits identification information of the second NF to the first NF.

The NRF may determine the second NF according to the correspondence between the stored identification information of the NF and the trust level of the NF. For example, the NRF may store a correspondence between identification information of one or more NFs and trust levels of the one or more NFs. In the embodiment of the application, the NRF determines the second NF according to the trust level, so that the first NF can receive the identification information of the second NF. Therefore, the first NF can interact with the NF (namely the second NF) corresponding to the credibility level, on one hand, the requirement of the user identification corresponding to the terminal equipment on the credibility level can be met, on the other hand, the first NF and the NF (such as the second NF) with high credibility level carry out data and/or signaling interaction, and the interaction safety of the first NF and the second NF is improved.

In one possible implementation, before the NRF determines the second NF according to the trust level, the method further includes: the NRF receives a registration request message sent by a second NF, wherein the registration request message carries the credibility level of the second NF; the NRF saves the correspondence between the identification information of the second NF and the trust level of the second NF.

In other words, the NRF may receive a registration request message sent by one or more NFs, where the registration request message carries a trust level of the NF, and the NRF may store a correspondence between identification information of the one or more NFs and the trust level of the one or more NFs, where the one or more NFs include the second NF.

In one possible implementation, the NRF determining the second NF according to the trust level includes: and the NRF determines the second NF according to the corresponding relation between the stored identification information of the second NF and the credibility level carried in the third request message.

The NRF stores the correspondence between the identification information of the one or more NFs and the trust level of the one or more NFs, and thus the NRF may determine the second NF according to the stored correspondence and the trust level carried in the third message. In other words, the NRF may obtain the second NF corresponding to the trusted level (i.e., the trusted level carried in the third message) from the saved correspondence.

Optionally, before the NRF determines the second NF according to the trust level, the method further includes: the NRF pre-configures a trust level of the one or more NFs; and storing the corresponding relation between the identification information of the one or more NF and the credibility level. That is, the NRF may also determine the second NF according to the provisioning information and the trust level (i.e., the trust level carried in the third message), where the provisioning information includes the identification information of the one or more NFs and the corresponding relationship between the trust levels of the one or more NFs.

In one possible implementation, before the first NF sends the third request message to the NRF, the method further includes: the first NF acquires the credible attribute of the first user identification from the third NF; and determining the credibility level according to the credibility attribute of the first user identifier.

That is, the trust level carried in the third request message may be determined according to the trust attribute of the first user identifier. For example, the trusted attribute of the first subscriber identity satisfies a preset condition, the higher the trusted level is. For a description of the trusted property of the first subscriber identity, reference may be made to the method illustrated in the first aspect, which is not described in detail here.

In one possible implementation, before the first NF sends the third request message to the NRF, the method further includes: and the NSSF sends a fourth response message to the first NF, wherein the fourth response message carries the credibility level of the first slice.

The identification information of the first slice may be from the terminal device, that is, when the terminal device sends a related request message to the first NF, the related request message may carry the identification information of the first slice.

In one possible implementation, before the NSSF sends the fourth response message to the first NF, the method further includes: the NSSF determines the credibility level of the first slice according to first pre-configuration information and identification information of the first slice, wherein the first pre-configuration information comprises the corresponding relation between the credibility level of the first slice and the identification information of the first slice.

The first preconfigured information may be configured by an operator, or configured by other NFs, and the like, which is not limited in this application. The first preconfigured information may hold therein identification information of the slice and a confidence level of the slice. For example, the first preconfigured information may store therein a correspondence between identification information and a trust level of one or more slices.

In one possible implementation, the third request message carrying the trust level includes: the third request message carries the credibility level of the first slice, and the third request message also carries the identification information of the first slice; the NRF determining the second NF based on the confidence level includes: the NRF determines a second NF set corresponding to the first slice according to the identification information of the first slice; and determining a second NF from a second NF set according to the corresponding relation between the stored identification information of the NF and the credibility level of the first slice.

In other words, the NRF may determine, from the second set of NFs, a second NF corresponding to the trust level of the first slice according to the saved correspondence between the identification information of the one or more NFs and the trust level.

In one possible implementation, before the first NF sends the third request message to the NRF, the method further includes: the first NF sends a fourth request message to the NSSF, wherein the fourth request message carries the identification information of the first slice; and the NSSF sends a fourth response message to the first NF, wherein the fourth response message carries the identification information of the second NF set and the credibility level of the second NF set, and the second NF set is the NF set corresponding to the first slice.

In one possible implementation, before the NSSF sends the fourth response message to the first NF, the method further includes: and the NSSF determines the credibility level of the second NF set according to second pre-configuration information and the identification information of the first slice, wherein the second pre-configuration information comprises the corresponding relation between the identification information of the second NF set and the credibility level of the second NF set.

The second pre-configuration information may further include a correspondence between identification information of the first slice and identification information of the second NF set. In other words, the NSSF may determine the second NF set corresponding to the first slice from the correspondence, and then determine the trust level corresponding to the second NF set from the correspondence. The second preconfigured information may store the correspondence between one or more slices and NF sets, and the correspondence between one or more NF sets and trust levels.

In one possible implementation, the third request message carrying the trust level includes: the third request message carries the credible level of the second NF set; the third request message also carries identification information of a second NF set; the NRF determining the second NF based on the confidence level includes: and the NRF determines the second NF from the second NF set according to the corresponding relation between the stored identification information of the NF and the credibility level of the second NF set.

The NRF determining the second NF according to the trust level may include: the NRF determines a second NF from a second NF set according to the stored corresponding relation between the identification information of the NF and the credibility level of the NF, the corresponding relation between the identification information of the NF and the identification information of the set where the NF is located, the credibility level of the second NF set and the identification information of the second NF set.

In other words, the NRF may obtain one or more NFs corresponding to the second NF set according to the stored correspondence between the identification information of the NFs and the identification information of the set in which the NFs are located, and the identification information of the second NF set. And obtaining the credibility level of the one or more NF according to the corresponding relation between the stored identification information of the NF and the credibility level of the NF. And determining the second NF from the one or more NFs according to the credibility level of the second NF set and the credibility level corresponding to the one or more NFs.

The number of NFs included in the second NF set is not limited in the embodiment of the present application, for example, the second NF set may include one NF; alternatively, the second set of NFs may further include a plurality of NFs. The second set of NFs includes a second NF. Optionally, the trust level of the second NF is equal to or higher than the trust level carried in the third request message.

In an eighth aspect, the present application provides a secure communication method, including: the first NF sends a third request message to the NRF, wherein the third request message carries a credible level; the first NF receives a third response message from the NRF, wherein the third response message carries the identification information of the second NF; the first NF performs data and/or signaling interaction with the second NF.

In one possible implementation, before the first NF sends the third request message to the NRF, the method further includes: the first NF acquires the credible attribute of the first user identification from the third NF; and determining the credibility level according to the credibility attribute of the first user identifier.

In one possible implementation, before the first NF sends the third request message to the NRF, the method further includes: the first NF sends a fourth request message to the NSSF, wherein the fourth request message carries the identification information of the first slice; the first NF receives a fourth response message from the NSSF, wherein the fourth response message carries the credibility level of the first slice; or, the fourth response message carries the trust level of the second NF set.

In a possible implementation manner, when the fourth response message carries the trust level of the first slice, the third request message carries the trust level of the first slice and the identification information of the first slice; or, when the fourth response message carries the trusted level of the second NF set, the third request message carries the trusted level of the second NF set and the identification information of the second NF set.

In one possible implementation, the method further includes: and the first NF sends a registration request message to the NRF, wherein the registration request message carries the credibility level of the first NF.

Optionally, the registration request message may also carry identification information of the NF set where the first NF is located.

In a ninth aspect, the present application provides a secure communication method, comprising: the NRF receives a third request message from the first NF, wherein the third request message carries the credibility level; in response to the third request message, the NRF determines a second NF according to the trust level; and the NRF sends a third response message to the first NF, wherein the third response message carries the identification information of the second NF.

In one possible implementation, before the NRF determines the second NF according to the trust level, the method further includes: the NRF receives a registration request message sent by a second NF, wherein the registration request message carries the credibility level of the second NF; the NRF saves the correspondence between the identification information of the second NF and the trust level of the second NF.

Optionally, the registration request message may further carry identification information of the NF set where the second NF is located.

In one possible implementation, the NRF determining the second NF according to the trust level includes: and the NRF determines the second NF according to the corresponding relation between the stored identification information of the second NF and the credibility level carried in the third request message.

In one possible implementation, the third request message carrying the trust level includes: the third request message carries the credibility level of the first slice, and the third request message also carries the identification information of the first slice; the NRF determining the second NF based on the confidence level includes: the NRF determines a second NF set corresponding to the first slice according to the identification information of the first slice; and determining a second NF from a second NF set according to the corresponding relation between the stored identification information of the NF and the credibility level of the first slice.

In one possible implementation, the third request message carrying the trust level includes: the third request message carries the credible level of the second NF set; the third request message also carries identification information of a second NF set; the NRF determining the second NF based on the confidence level includes: and the NRF determines the second NF from the second NF set according to the corresponding relation between the stored identification information of the NF and the credibility level of the second NF set.

The NRF determining the second NF according to the trust level may include: the NRF determines a second NF from a second NF set according to the stored corresponding relation between the identification information of the NF and the credibility level of the NF, the corresponding relation between the identification information of the NF and the identification information of the set where the NF is located, the credibility level of the second NF set and the identification information of the second NF set.

In one possible implementation, the method further includes: the NRF receives a registration request message from the first NF, wherein the registration request message carries the credibility level of the first NF; the NRF stores the correspondence between the identification information of the first NF and the trust level of the first NF.

Optionally, the registration request message may further carry identification information of the NF set where the first NF is located.

In a tenth aspect, the present application provides a secure communication method, including: the NSSF receives a fourth request message sent by the first NF, wherein the fourth request message carries the identification information of the first slice; the NSSF sends a fourth response message to the first NF, wherein the fourth response message carries the credibility level of the first slice; or, the fourth response message carries identification information of a second NF set and a trust level of the second NF set, where the second NF set is a NF set corresponding to the first slice.

In one possible implementation, before the NSSF sends the fourth response message to the first NF, the method further includes: the NSSF determines the credibility level of the first slice according to first pre-configuration information and identification information of the first slice, wherein the first pre-configuration information comprises the corresponding relation between the credibility level of the first slice and the identification information of the first slice.

In one possible implementation, before the NSSF sends the fourth response message to the first NF, the method further includes: and the NSSF determines the credibility level of the second NF set according to second pre-configuration information and the identification information of the first slice, wherein the second pre-configuration information comprises the corresponding relation between the identification information of the second NF set and the credibility level of the second NF set.

It is to be understood that, in the first to tenth aspects, the first NF may include AMF or SMF or the like.

In an eleventh aspect, the present application provides a secure communication method, including: a Domain Name System (DNS) receives a fifth request message from a first Network Function (NF), the fifth request message carrying domain name information and a trust level; in response to the fifth request message, the DNS determines a second NF according to the domain name information and the credibility level; the DNS sends the identification information of the second NF to the first NF.

In this embodiment, the DNS may determine the second NF according to the stored correspondence between the domain name information and the identification information, and the correspondence between the identification information and the trusted level (or the correspondence between the domain name information and the trusted level, or the like). For example, the DNS may be configured with a correspondence between domain name information (or identification information) of one or more NFs and a trust level of the one or more NFs. The DNS determines the second NF according to the trust level, which may cause the first NF to receive identification information of the second NF, where the identification information of the second NF may include an IP address of the second NF, and the like. Therefore, the first NF can interact with the NF (namely the second NF) corresponding to the credibility level, on one hand, the requirement of the user identification corresponding to the terminal equipment on the credibility level can be met, on the other hand, the first NF and the NF (such as the second NF) with high credibility level carry out data and/or signaling interaction, and the interaction safety of the first NF and the second NF is improved.

In a twelfth aspect, the present application provides a communication device comprising, in one possible implementation, corresponding means to perform the method of the second aspect or any possible implementation of the second aspect. In another possible implementation form, the communication device includes corresponding means for performing the method of the third aspect or any possible implementation form of the third aspect. In yet another possible implementation form, the communication device comprises corresponding means for performing the method of the fourth aspect or any possible implementation form of the fourth aspect. In yet another possible implementation form, the communication device comprises corresponding means for performing the method of the eighth aspect or any possible implementation form of the eighth aspect. In yet another possible implementation form, the communication device comprises corresponding means for performing the method of the ninth aspect or any possible implementation form of the ninth aspect. In yet another possible implementation form, the communication device comprises corresponding means for performing the method of the tenth aspect or any possible implementation form of the tenth aspect. In yet another possible implementation manner, the communication device includes corresponding means for performing the method of the eleventh aspect.

For example, the communication device includes a transceiver unit and a processing unit.

In a thirteenth aspect, the present application provides a communication device comprising a processor for executing a program stored in a memory; in one possible implementation, the program, when executed, causes the communication device to perform a method as set forth in the second aspect or any possible implementation of the second aspect. In another possible implementation, the program, when executed, causes the communication device to perform the method as shown in the third aspect or any possible implementation of the third aspect. In yet another possible implementation form, the program, when executed, causes the communication device to perform the method as shown in the fourth aspect or any possible implementation form of the fourth aspect. In yet another possible implementation, the program, when executed, causes the communication device to perform the method as shown in the above eighth aspect or any possible implementation of the eighth aspect. In yet another possible implementation form, the program, when executed, causes the communication device to perform the method as shown in the ninth aspect or any possible implementation form of the ninth aspect. In yet another possible implementation form, the program, when executed, causes the communication device to perform the method as shown in the tenth aspect or any possible implementation form of the tenth aspect described above. In yet another possible implementation, the program, when executed, causes the communication device to perform the method as shown in the eleventh aspect.

In one possible implementation, the memory is located outside the communication device.

In one possible implementation, the memory is located within the network device described above.

In one possible implementation, the network device further includes a transceiver for receiving signals or transmitting signals. The specific implementation of the transceiver and the processor will not be described in detail here.

In a fourteenth aspect, the present application provides a communication device comprising processing circuitry and interface circuitry, the interface circuitry for receiving computer code and transmitting to a processor; the processor runs the computer code to perform the method shown above as being performed by the NF. The specific implementation of the interface circuit and the processing circuit will not be described in detail here.

In a fifteenth aspect, the present application provides a communication device comprising respective means for performing the method of the fifth aspect or any possible implementation manner of the fifth aspect. Alternatively, the communication device comprises corresponding means for performing the method of the sixth aspect or any possible implementation manner of the sixth aspect.

For example, the communication device includes a transceiving unit and a processing unit.

In a sixteenth aspect, the present application provides a communication device comprising a processor for executing a program stored in a memory, which when executed, causes the communication device to perform a method as shown in the fifth aspect or any possible implementation manner of the fifth aspect; or, when executed, cause the communication apparatus to perform a method as shown in the sixth aspect or any possible implementation manner of the sixth aspect.

In one possible implementation, the memory is located outside the communication device.

A seventeenth aspect, the present application provides a communication device comprising a processor, a memory, and a program stored on the memory and executable on the processor, which when executed, causes the communication device to perform a method as shown in the fifth aspect or any possible implementation of the fifth aspect; alternatively, the program, when executed, causes the communication device to perform a method as illustrated in the sixth aspect or any possible implementation of the sixth aspect described above.

In an eighteenth aspect, the present application provides a communication device comprising a processor, a memory, and a transceiver for receiving signals or transmitting signals; a memory for storing computer code; a processor for executing computer code to cause a communication device to perform a method as shown in the fifth aspect or any possible implementation manner of the fifth aspect; alternatively, a processor for executing computer code to cause a communication device to perform the method of the sixth aspect or any possible implementation of the sixth aspect.

In a nineteenth aspect, the present application provides a communication apparatus comprising a processing circuit and an interface circuit, the interface circuit being configured to acquire first indication information, the first indication information being used to instruct the communication apparatus to generate second pseudonym information; the processing circuit is configured to generate second pseudonym information according to the first subscriber identity, generate a root key according to the second pseudonym information, and generate an access stratum key and/or a non-access stratum key according to the root key, where the access stratum key is used to protect data and/or signaling between the communication apparatus and the access device, and the non-access stratum key is used to protect data and/or signaling between the communication apparatus and the first NF.

Or the interface circuit is used for acquiring second indication information, and the second indication information is used for indicating the communication device to generate the user plane key; and the processing circuit is used for generating second pseudonym information according to the first user identification, generating a root key according to the second pseudonym information and generating a user plane key according to the root key, wherein the user plane key is used for protecting data between the communication device and the user plane function.

In a twentieth aspect, the present application provides a computer-readable storage medium for storing a computer program which, in one possible implementation, causes a method as shown in the second aspect or any possible implementation of the second aspect described above to be performed when the computer program is run on a computer. In another possible implementation form, the method shown in the third aspect or any possible implementation form of the third aspect is caused to be performed when the computer program runs on a computer. In yet another possible implementation, the method of the fourth aspect described above or any possible implementation of the fourth aspect is caused to be performed when the computer program is run on a computer. In yet another possible implementation, the method as shown in the fifth aspect or any possible implementation of the fifth aspect described above is caused to be performed when the computer program runs on a computer. In yet another possible implementation, the method of the sixth aspect or any possible implementation of the sixth aspect is caused to be performed when the computer program runs on a computer. In yet another possible implementation, the method as shown in the above eighth aspect or any possible implementation of the eighth aspect is caused to be performed when the computer program runs on a computer. In yet another possible implementation, the method as shown in the ninth aspect or any possible implementation of the ninth aspect described above is caused to be performed when the computer program runs on a computer. In yet another possible implementation, the method as shown in the tenth aspect or any possible implementation of the tenth aspect described above is caused to be performed when the computer program runs on a computer.

In a twenty-first aspect, the present application provides a computer program product comprising a computer program or computer code which, when run on a computer, causes the method illustrated by the above aspects or any possible implementation of the aspects to be performed.

In a twenty-second aspect, the present application provides a computer program which, when run on a computer, performs a method as illustrated in the above aspects or any possible implementation of the aspects.

A twenty-third aspect provides a communication device, in one possible implementation, configured to perform the method as shown in the second aspect or any possible implementation of the second aspect. In another possible implementation form, the method is used for executing the method as shown in the third aspect or any possible implementation form of the third aspect. In yet another possible implementation form, the method is performed as shown in the fourth aspect or any possible implementation form of the fourth aspect. In yet another possible implementation form, the method is performed as shown in the fourth aspect or any possible implementation form of the fourth aspect. In yet another possible implementation form, the method is performed as shown in the fifth aspect or any possible implementation form of the fifth aspect. In yet another possible implementation form, the method is performed as shown in the sixth aspect or any possible implementation form of the sixth aspect. In yet another possible implementation form, the method is performed as shown in the seventh aspect or any possible implementation form of the seventh aspect. In yet another possible implementation form, the method is used for performing the method as shown in the eighth aspect or any possible implementation form of the eighth aspect. In yet another possible implementation form, the method is performed as shown in the ninth aspect or any possible implementation form of the ninth aspect. In yet another possible implementation form, the method is performed as shown in the tenth aspect or any possible implementation form of the tenth aspect.

In a twenty-fourth aspect, the present application provides a wireless communication system, where the wireless communication system includes a first NF and a third NF, the first NF is configured to perform the method shown in the second aspect or any possible implementation manner of the second aspect, and the third NF is configured to perform the method shown in the third aspect or any possible implementation manner of the third aspect.

In one possible implementation form, the wireless communication system further includes a fourth NF configured to perform the method of the fourth aspect or any possible implementation form of the fourth aspect.

In one possible implementation, the first NF may also be configured to perform the method of the eighth aspect or any possible implementation of the eighth aspect.

In one possible implementation form, the wireless communication system further includes an NRF configured to perform the method of the ninth aspect or any possible implementation form of the ninth aspect.

In one possible implementation form, the wireless communication system further includes an NSSF configured to perform the method according to the tenth aspect or any possible implementation form of the tenth aspect.

In one possible implementation form, the wireless communication system further comprises a terminal device configured to perform the method shown in the fifth aspect or any possible implementation form of the fifth aspect; alternatively, the terminal device may be further configured to execute the method shown in any possible implementation manner of the sixth aspect or the sixth aspect.

Drawings

Fig. 1 is a schematic diagram of a network architecture provided in an embodiment of the present application;

fig. 2 is a schematic flowchart of a secure communication method provided in an embodiment of the present application;

fig. 3a is a schematic flowchart of a secure communication method provided in an embodiment of the present application;

fig. 3b is a schematic flowchart of a secure communication method provided in an embodiment of the present application;

fig. 4 is a schematic view of a scenario of a secure communication method provided in an embodiment of the present application;

fig. 5 is a schematic flowchart of a secure communication method provided in an embodiment of the present application;

fig. 6a is a schematic flowchart of a secure communication method provided in an embodiment of the present application;

fig. 6b is a schematic flowchart of a secure communication method provided in an embodiment of the present application;

fig. 6c is a schematic flowchart of a secure communication method provided in an embodiment of the present application;

fig. 6d is a schematic flowchart of a secure communication method provided in an embodiment of the present application;

fig. 7a is a schematic diagram of a network architecture for secure communication according to an embodiment of the present application;

fig. 7b is a schematic diagram of a network architecture for secure communication according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a communication device according to an embodiment of the present application;

fig. 9 is a schematic structural diagram of a communication device according to an embodiment of the present application;

fig. 10 is a schematic structural diagram of a communication device according to an embodiment of the present application;

fig. 11 is a schematic diagram of a wireless communication system according to an embodiment of the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more clear, the present application will be further described in detail with reference to the accompanying drawings.

The terms "first" and "second," and the like in the description, claims, and drawings of the present application are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.

Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.

In this application, "at least one" means one or more, "a plurality" means two or more, "at least two" means two or three and three or more, "and/or" for describing an association relationship of associated objects, which means that there may be three relationships, for example, "a and/or B" may mean: only A, only B and both A and B are present, wherein A and B may be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one item(s) below" or similar expressions refer to any combination of these items. For example, at least one (one) of a, b, or c, may represent: a, b, c, "a and b," a and c, "" b and c, "or" a and b and c.

The following first introduces a communication system to which the present application is applied:

the technical scheme provided by the application can be applied to various communication systems, such as: a Long Term Evolution (LTE) system, an LTE Frequency Division Duplex (FDD) system, an LTE Time Division Duplex (TDD) system, a Universal Mobile Telecommunications System (UMTS), a Worldwide Interoperability for Microwave Access (WiMAX) communication system, a fifth generation (5th generation, 5G) communication system or a New Radio (NR) communication system, and other future communication systems such as 6G.

For example, taking the application of the present application to a 5G communication system as an example, the following describes an exemplary network function in the 5G system:

referring to fig. 1, the network architecture shown in fig. 1 is a 5G network architecture based on a service architecture defined in the 3rd generation partnership project (3 GPP) standardization process. As shown in fig. 1, the network architecture may include at least three parts, namely, a terminal device part, an operator network part, and a Data Network (DN) part.

The terminal device portion may include a terminal device 110, and the terminal device 110 may also be referred to as a User Equipment (UE). The terminal device 110 in this application is a device having a wireless transceiving function, and may communicate with one or more Core Network (CN) devices (or may also be referred to as core devices) through an access network device (or may also be referred to as an access device) in a Radio Access Network (RAN) 140. Terminal device 110 may also be referred to as an access terminal, subscriber unit, subscriber station, mobile, remote station, remote terminal, mobile device, user terminal, user agent, or user equipment, etc. In one possible implementation, terminal device 110 may be deployed on land, including indoors or outdoors, hand-held, or in-vehicle; can also be deployed on the water surface (such as a ship and the like); and may also be deployed in the air (e.g., airplanes, balloons, satellites, etc.). In one possible implementation, the terminal device 110 may be a handheld device with a wireless communication function, an in-vehicle device, a wearable device, or any form of terminal in the internet of things, a terminal in the internet of vehicles, a 5G network, and a future network, and the like, which is not limited in this application.

Among them, a part operated by an operator in various communication systems may be referred to as an operator network, a PLMN network, or the like. The operator network is mainly a public network in which a Mobile Network Operator (MNO) provides a mobile broadband access service for a user. For example, the operator network or the PLMN network in the present application may also be a network meeting the requirements of the 3GPP standard, which is referred to as a 3GPP network for short. Generally, a 3GPP network may be operated by an operator, and includes, but is not limited to, a fifth generation mobile communication (5th-generation, 5G) network (referred to as a 5G network), a fourth generation mobile communication (4th-generation, 4G) network (referred to as a 4G network), and so on.

As shown in fig. 1, the operator network may include: a network open function (NEF) 131, a network storage function (NRF) 132, a Policy Control Function (PCF) 133, a Unified Data Management (UDM) 134, AN Application Function (AF) 135, AN authentication server function (AUSF) 136, AN access and mobility management function (AMF) 137, a Session Management Function (SMF) 138, a user plane function (user plane function, UPF)139, and a (radio) access network (R) AN140, etc. In the above operator network, the part other than the (radio) access network 140 part may be referred to as a Core Network (CN) part or a core network part.

The data network DN120, which may also be referred to as a Packet Data Network (PDN), is typically a network located outside the operator's network, such as a third party network. Illustratively, the operator network may have access to a plurality of data network DNs 120, and a plurality of services may be deployed on data network DNs 120 to provide services such as data and/or voice for terminal device 110. The concrete expression form of the third-party network can be determined according to the actual application scenario, and the application does not limit the concrete expression form.

By way of example, a brief description of network functions in an operator network follows.

The (R) AN140 is a sub-network of the operator network, and is AN implementation system between the service node and the terminal device 110 in the operator network. To access the operator network, the terminal device 110 first connects to the network function in the operator network via the (R) AN140 and then via the (R) AN 140. The access network device in this embodiment is a device that provides a wireless communication function for the terminal device 110, and may also be referred to as AN access device or AN (R) AN device, where the (R) AN device includes but is not limited to: next generation base station (gNB) in 5G system, evolved node B (eNB) in LTE system, Radio Network Controller (RNC), Node B (NB), Base Station Controller (BSC), Base Transceiver Station (BTS), home base station (home evolved node B, or home node B, HNB), Base Band Unit (BBU), Transmission and Reception Point (TRP), Transmission Point (TP), small base station equipment (pico), mobile switching center, or network equipment in future network. It is understood that the present application is not limited to the specific type of access network device. In systems using different radio access technologies, the names of devices that function as access network devices may differ. For convenience of description, the (R) AN140 will be described hereinafter by taking AN access device as AN example.

Optionally, in some deployments of the access device, the access device may include a Centralized Unit (CU), a Distributed Unit (DU), and the like. In other deployments of access devices, a CU may also be divided into a CU-Control Plane (CP), a CU-User Plane (UP), and so on. In some other deployments of the access device, the access device may also be an Open Radio Access Network (ORAN) architecture, and the application does not limit a specific deployment manner of the access device.

The network open function NEF (which may also be referred to as NEF network function or NEF network function entity) 131 is an operator provided control plane function. The NEF network function 131 opens the external interface of the operator network to the third party in a secure manner. When SMF network function 138 needs to communicate with a network function of a third party, NEF network function 131 may act as a relay for SMF network function 138 to communicate with a network entity of the third party. NEF network function 131, when acting as a relay, may act as a translation of the subscriber's identification information, as well as a translation of the third party's network function's identification information. For example, when the NEF network function 131 sends the SUPI of the subscriber from the carrier network to the third party, the SUPI may be translated into its corresponding external Identity (ID). Conversely, when the NEF network function 131 sends an external ID (a network entity ID of a third party) to the carrier network, it may translate it into SUPI.

The network storage function NRF132 may be used to maintain real-time information for all network function services in the network.

In this embodiment, the network storage function NRF132 may store identification information and a trust level of one or more NFs. For example, identification information of a second Network Function (NF) and a trust level of the second NF may be stored in the NRF.

Policy control function PCF133 is a control plane function provided by the operator to provide the policy of the PDU session to session management function SMF 138. The policies may include charging related policies, QoS related policies, authorization related policies, and the like.

The unified data management UDM134 is a control plane function provided by an operator, and is responsible for storing information such as a subscriber permanent identifier (SUPI), a security context (security context), and subscription data of a subscription subscriber in an operator network. The subscriber of the operator network may specifically be a subscriber using a service provided by the operator network, for example, a subscriber using a core card of a terminal device of china telecommunications, or a subscriber using a core card of a terminal device of china mobile, and the like. For example, the SUPI of the subscriber may be a number of a core card of the terminal device, or the like. The security context may be data (cookie) or token (token) stored on the local terminal device (e.g. mobile phone), etc. The subscription data of the subscriber may be a service associated with the core card of the terminal device, such as a traffic package of the core card of the mobile phone.

In this embodiment, the subscription data of the subscriber may further include a subscription level of the subscriber. For example, the subscriber is a general user or a significant user (VIP). In this embodiment of the application, the unified data management UDM134 may not only store the subscription data of the subscriber, but also determine the trusted attribute of the subscriber according to the subscription level of the subscriber.

An Application Function (AF) 135, configured to perform application-influenced data routing, access a network open function, perform policy control with a policy framework in an interactive manner, and the like.

The authentication server function AUSF136 is a control plane function provided by the operator and is typically used for a first-level authentication, i.e. authentication between the terminal device 110 (subscriber) and the operator network.

The access and mobility management function AMF137 is a control plane network function provided by the operator network and is responsible for access control and mobility management of the terminal device 110 accessing the operator network, including functions such as mobility state management, assigning a temporary user identity, authenticating and authorizing a user, for example.

The session management function SMF138 is a control plane network function provided by the operator network, and is responsible for managing a Protocol Data Unit (PDU) session of the terminal device 110. A PDU session is a channel for transmitting PDUs, which the terminal device needs to transmit to each other with the DN120 through the PDU session. The PDU session may be responsible for establishment, maintenance, deletion, etc. by the SMF 138. The SMF138 includes session-related functions such as session establishment, modification, and release, including tunnel maintenance between the UPF139 and the (R) AN140, selection and control of the UPF139, Service and Session Continuity (SSC) mode selection, roaming, and the like.

The UPF139 is a gateway provided by the operator, which is a gateway for the operator's network to communicate with the DN 120. The UPF139 includes user plane related functions such as packet routing and transmission, packet detection, service usage reporting, quality of service (QoS) processing, lawful interception, uplink packet detection, downlink packet storage, and the like.

The network functions in the operator network shown in fig. 1 may further include a Network Slice Selection Function (NSSF) (not shown in fig. 1) for being responsible for determining network slice instances, selecting the AMF network function 137, and so on.

In this embodiment of the present application, in some implementations, the NSSF may store the identification information of the slice and the trust level of the slice. For example, the NSSF may store identification information of one or more slices and trust levels of the one or more slices, where one slice corresponds to one trust level. For example, the NSSF may store identification information of the first slice and a confidence level of the first slice. In other implementations, the NSSF may further store the identification information of the slice and the NF set corresponding to the slice. For example, the NSSF may store identification information of one or more slices and NF sets corresponding to the one or more slices, where one slice corresponds to one NF set; alternatively, multiple slices correspond to one NF set, etc. For example, the NSSF may store identification information of a first slice and identification information of a second NF set corresponding to the first slice. For example, the slice identification information may include a network slice selection assistance information set (NSSAI) or a single network slice selection assistance information set (S-NSSAI), and the embodiment of the present application is not limited to a specific manner of the slice identification information.

It can be understood that the above-indicated identification information of the first slice and the identification information of the second NF set corresponding to the first slice can also be understood as a corresponding relationship between the first slice and the second NF set; or, the identification information of the first slice and the corresponding relationship between the second NF set and the first slice, and the like.

For ease of understanding, but not limited thereto, the slicing in this application is simply understood to cut the physical network of the operator into a plurality of virtual end-to-end networks, each virtual network (including devices, access, transport and core networks within the network) is logically independent, and the failure of any one virtual network does not affect the other virtual networks. In order to meet the diversity requirement and the isolation between slices, relatively independent management and operation and maintenance between services are required, and customized service functions and analysis capability are provided. Instances of different traffic types may be deployed on different network slices, as may different instances of the same traffic type. A slice may be composed of a set of network functions, sub-networks. For example, the sub-networks (R) AN140, AMF137, SMF138, UPF139 in FIG. 1 may constitute a slice. Each network function in fig. 1 is only schematically drawn as one, whereas in an actual network deployment there may be many, tens or hundreds of each network function or sub-network, etc. Many slices can be deployed in a network, and each slice can have different performances to meet the requirements of different applications and different vertical industries. It is understood that the slices shown in the present application may also be referred to as network slices or network slice examples, etc., and the names of the slices are not limited in the present application.

The network functions in the operator network shown in fig. 1 may also include unified data storage (UDR), whose functions may be referred to UDM and will not be described in detail here.

The network functions in the operator network shown in fig. 1 may also include a Domain Name System (DNS) (not shown in fig. 1), which may be used to configure (or define) Internet Protocol (IP) addressing between physical network elements, such as IP addressing between base stations and AMFs, etc.

In fig. 1, the interface serial numbers of the N nef, the Nausf, the N nrf, the Npcf, the numm, the Naf, the nmf, the Nsmf, the N1, the N2, the N3, the N4 and the N6 are interface serial numbers. For example, the meaning of the above interface sequence number can be referred to the meaning defined in the 3GPP standard protocol, and the application does not limit the meaning of the above interface sequence number. It should be noted that, in fig. 1, only the terminal device 110 is taken as an example for the UE, an interface name between each network function in fig. 1 is also only an example, and in a specific implementation, the interface name of the system architecture may also be other names, which is not limited in this application.

The mobility management network function in this application may be the AMF137 shown in fig. 1, or may be another network function having the above-mentioned access and mobility management function AMF137 in a future communication system. Alternatively, the mobility management network function in the present application may also be a Mobility Management Entity (MME) in the LTE system.

For convenience of description, in this embodiment, the access and mobility management function AMF137 is simply referred to as AMF, the unified data management UDM134 is simply referred to as UDM, and the terminal device 110 is referred to as UE, that is, in this embodiment, the AMF described later may be replaced by a mobility management network function, the UDM may be replaced by unified data management, and the UE may be replaced by the terminal device. It will be appreciated that other network functions not shown are equally applicable to this alternative approach.

The network architecture (e.g., 5G network architecture) shown in fig. 1 employs a service-based architecture and a general interface, and a conventional network element function is split into several network function service modules that are self-contained, self-managed, and reusable based on a Network Function Virtualization (NFV) technology. The network architecture diagram shown in fig. 1 can be understood as a service-based 5G network architecture diagram in a non-roaming scenario. The application is also applicable to roaming scenarios.

It is understood that in the secure communication method shown in the present application, the first NF may include an AMF (e.g., default AMF) (default AMF), an SMF, or the like. The third NF includes UDM, UDR or PCF, etc. The fourth NF may comprise UDR. The second NF may be any NF or network function. The user plane functions may include UPF. For example, the steps or functions performed by the first NF shown in this application may be implemented by AMF or SMF; the steps or functions performed by the third NF may be performed by the UDM; alternatively, UDR execution, etc. is also possible. By way of example, but the methods provided herein are not limited to the following examples, as in some embodiments, the first NF may comprise defaultAMF and the second NF may comprise AMF that the terminal device may interact with. In other embodiments, the first NF may comprise SMF and the second NF may comprise UPF. In still other embodiments, the first NF may comprise AMF and the second NF may comprise SMF.

It is understood that the NF referred to in this application can also be understood as a network element, a node or a network device, etc.

The technical scheme provided by the application can effectively improve the credible safety degree of the 5G system. In some embodiments of the present application, the user identifier may be transmitted between NFs in a pseudonymous manner, which reduces the chance that the user identifier is widely spread between NFs and improves the security of the user identifier. In other embodiments of the present application, NFs with high trust levels may transmit data and/or signaling, avoid NFs with low trust levels from contacting sensitive data, improve the security of service interaction between NFs, improve the security of a network, and have high deployment feasibility.

Referring to fig. 2, fig. 2 is a flowchart illustrating a secure communication method provided in an embodiment of the present application, where the method is applicable to the communication system shown in fig. 1, and as shown in fig. 2, the secure communication method includes:

201. the first NF sends a first request message to a third NF, wherein the first request message carries first pseudonym information of a first user identifier of the terminal equipment. Accordingly, the third NF receives the first request message.

In this embodiment, the first ue may include SUPI, and the first pseudonym information may be used to indicate a pseudonym (anonymous) of the first ue; alternatively, the first pseudonym information may be used to represent processed identification information that is different from the first subscriber identification. In other words, the first pseudonym information may be obtained from the first subscriber identity after pseudonymization. Optionally, the first pseudonym information may include a hidden user subscription identifier (SUCI); alternatively, the first pseudonym information may include a pseudonym identifier generated from SUPI, such as SUPI. It is understood that the "pseudonymous name information" shown in the embodiment of the present application may be replaced with "replacement information", "user pseudonymous name information", "anonymous information", or "pseudonymous name", and the name of the pseudonymous name information is not limited in the embodiment of the present application. It is understood that the first subscriber identity shown in this embodiment of the present application includes SUPI only for example, and in a specific implementation, the first subscriber identity may also be other identities of a terminal device, and the present application does not limit this.

202. The third NF determines a trusted attribute of the first subscriber identity.

In this embodiment of the application, the trusted attribute of the first subscriber identity may be used to indicate whether the first subscriber identity needs to be pseudonymized, for example, whether a third NF needs to perform pseudonymization on the first subscriber identity; alternatively, a trusted attribute of the first subscriber identity may be used to indicate whether the first subscriber identity needs to be protected. Since the terminal device may interact with the core device and/or the access device through the first subscriber identity, as an understanding manner, the third NF determines the trusted attribute of the first subscriber identity, which may also be understood as: the third NF determines a trusted attribute of the terminal device. The terminal device is a device using the first user identifier. Other embodiments herein are equally applicable to this understanding.

In one possible implementation, the third NF may determine the trusted attribute of the first subscriber identity according to the subscription level of the first subscriber identity.

In this embodiment, the subscription level of the first subscriber identity may be included in the subscription data of the first subscriber identity. The subscription level may be used to distinguish between different categories of users. For example, the subscription level of the first subscriber identity may be a VIP subscriber or a general subscriber. For another example, the subscription level of the first subscriber identity may be a subscriber with high privacy requirements or a subscriber with low privacy requirements. It is understood that the above subscription levels are only examples, and in practical applications, there may be more differentiation methods, etc. The embodiment of the present application does not limit the specific division manner of the subscription level.

In one possible implementation, the third NF may determine the trusted attribute of the first subscriber identity according to the session attribute of the first subscriber identity.

In this embodiment of the present application, the session attribute may be used to distinguish different session attributes performed by the first user identifier. For example, the session attribute of the first subscriber identity may be an audio-visual attribute. For another example, the session attribute of the first ue may be a time-frequency conference, a voice call, or the like. For another example, the session attribute of the first subscriber identity may be a session that has a high security requirement for data communication, and the like. The embodiment of the present application does not limit the specific dividing manner of the session attribute.

In one possible implementation, the third NF determines the trusted attribute of the first subscriber identity according to industry requirements of the first subscriber identity.

In the embodiment of the application, when the first user identification is used for interacting data and/or signaling, the data and/or signaling can determine whether to be protected according to different industries. In other words, the data and/or signaling may determine its security from industry to industry. For example, the research and development industry or the financial industry, etc. may be protected. And thus data and/or signaling relating to the industry, may be protected. Optionally, the industry requirement may also be that data and/or signaling needs to be protected in the target area (or target security domain). For example, within a certain campus, the data and/or signaling may be protected; rather than within the certain campus, whether the data and/or signaling is protected may be unlimited. The embodiments of the present application are not limited to the specific division required by the industry.

Optionally, the third NF may further determine the trusted attribute of the first user identifier according to the trusted attribute of the slice to which the first user identifier belongs. For example, a first subscriber identity, a slice identity corresponding to the first subscriber identity, and a trust level corresponding to the slice identity may be stored in the third NF, so that the third NF may determine the trust attribute of the first subscriber identity according to the trust level corresponding to the slice identity.

204. And if the credible attribute of the first user identifier meets the preset condition, the third NF sends a first response message to the first NF, wherein the first response message carries second pseudonym information of the first user identifier. Accordingly, the first NF receives the first response message.

In the embodiment of the application, the preset conditions may include user level conditions, identity privacy protection conditions, industry data security protection conditions, and the like. The preset condition may be used to distinguish credible attributes of different levels, and therefore, the specific distinguishing manner of the preset condition is not limited in the embodiment of the present application. For example, the preset condition may be determined according to a determination manner of the trusted property. For example, the trusted attribute of the first subscriber identity is determined by the subscription level of the first subscriber identity, and the preset condition may be that the subscription level is a VIP subscriber or a subscriber with high privacy requirement. For another example, the trusted attribute of the first user identifier is determined by the session attribute of the first user identifier, and the preset condition may be a session with a high security requirement on data communication, such as a video conference. For another example, if the trusted attribute of the first user identifier is determined by the industry requirement of the first user identifier, the preset condition may be a user with high industry data security. It is understood that the specific contents of the preset conditions are not limited in the embodiments of the present application.

In this embodiment of the present application, the second pseudonym information may be used to represent a pseudonym (anonymous) of the first user identifier; alternatively, the second pseudonym information may be used to represent processed identification information that is different from the first subscriber identification. If the trusted attribute of the first subscriber identity meets the preset condition, the first subscriber identity can be pseudonymized when different network elements or network functions are interacted, so that the security of the first subscriber identity is ensured. In other words, if the trusted attribute of the first subscriber identity meets the preset condition, the first subscriber identity may interact between different network elements or network functions in the form of the second pseudonym information.

In some embodiments, the first subscriber identity comprises SUPI and the second pseudonym information may comprise SUPI when the first pseudonym information comprises SUCI. In further embodiments, the first subscriber identity comprises SUPI, the first pseudonym information comprises SUPI, and the second pseudonym information may comprise new SUPI. In still other embodiments, the first subscriber identity comprises SUPI, the first pseudonym information comprises SUPI, and the second pseudonym information may also comprise SUPI. The embodiment of the present application is not limited to whether the SUPI carried in the first response message is the same as the SUPI carried in the first request message. Other embodiments of the present application are equally applicable to this description.

Optionally, if the trusted attribute of the first user identifier does not meet the preset condition, the third NF sends a first response message to the first NF, where the first response message carries the first user identifier. Accordingly, the first NF receives the first response message. For example, if the trusted attribute of the first subscriber identity indicates that the first subscriber identity is a normal subscriber, or the trusted attribute of the first subscriber identity indicates that the session requirement of the first subscriber identity is low, the first subscriber identity may not be pseudonymized when interacting between network elements or network functions. It can be understood that, in the embodiment of the present application, when the trusted attribute of the first user identifier does not meet the preset condition, there is no limitation on whether the first user identifier performs pseudonymization processing.

In one possible implementation, the third NF sending the first response message to the first NF includes: and if the credibility level of the first NF is matched with the preset level, the third NF sends a first response message to the first NF.

In the embodiment of the present application, the preset level is used for measuring the trust levels of different NFs, and the specific level of the preset level is not limited. For example, the trust level includes a strong trust level, a weak trust level, and an untrusted level, and the preset level may be the weak trust level or the untrusted level, and the like. For another example, the trust level includes a high trust level, a low trust level, and an untrusted level, and the preset level may be the low trust level or the untrusted level, and the like. That is, when the first NF has a low trust level, in order to protect the first subscriber identity, the third NF may send pseudonym information (i.e., second pseudonym information) of the first subscriber identity to the first NF. It can be understood that the embodiment of the present application is not limited to the specific dividing manner of the confidence level, and the preset level may vary with the dividing manner of the confidence level.

Optionally, if the trust level of the first NF does not match the preset level, the third NF sends a response message carrying the first subscriber identity to the first NF. That is, when the trust level of the first NF is high, the third NF may trust the first NF, and thus may send a real user identifier, such as the first user identifier, to the first NF.

And when the credible attribute of the first user identifier meets the preset condition and the credible level of the first NF is matched with the preset level, the first NF can not be completely trusted. Therefore, the third NF may send the second pseudonym information of the first subscriber identity to the first NF with a lower trusted level in order to protect the first subscriber identity and improve the security of the subscriber identity. However, when the trusted attribute of the first subscriber identity meets the predetermined condition and the trusted level of the first NF does not match the predetermined level, it indicates that the first NF is trusted, and thus, the third NF may send the first subscriber identity to the first NF.

In one possible implementation, the third NF sending the first response message to the first NF includes: and if the credibility level of the security domain to which the first NF belongs matches the preset level, the third NF sends a first response message to the first NF.

In the embodiment of the application, the credibility levels can be distinguished among different NF, and meanwhile, the credibility levels of different security domains can be distinguished. Illustratively, a first security domain, a second security domain, etc. may be distinguished, the first security domain having a different level of trust than the second security domain. If the first NF is located in the first security domain and the trust level of the first security domain is weak, it indicates that the security domain where the first NF is located is not completely trusted, and the third NF may send the second pseudonym information of the first subscriber identity to the first NF. Or, if the trust level of the first area is stronger (if the trust level is not matched with the preset level), it indicates that the security domain where the first NF is located is trustable, and thus the third NF may send a real user identifier, such as the first user identifier, to the first NF.

Optionally, a third security domain and the like may be included in addition to the first security domain and the second security domain shown above. The first security domain, the second security domain and the third security domain have different trust levels. The embodiment of the present application does not limit how to divide the security domains. And how the trust levels corresponding to the security domains are divided is not limited.

In a possible implementation manner, before the third NF sends the first response message to the first NF, the method shown in fig. 2 may further include:

2031. the third NF may obtain the first subscriber identity according to the first pseudonym information, and generate the second pseudonym information according to the first subscriber identity.

Alternatively, when the first pseudonym information is sui, the third NF may obtain SUPI according to sui, and then generate new second pseudonym information such as new SUPI according to the SUPI. Optionally, when the first pseudonym information is SUPI, the third NF may obtain the SUPI according to the corresponding relationship between SUPI and SUPI, and then generate new second pseudonym information such as new SUPI according to the SUPI. Optionally, when the first pseudonym information is SUPI, the first response message may further carry the SUPI, that is, the third NF may further continue to use the existing SUPI. For example, the third NF may determine to continue to use the existing SUPI or use the new SUPI according to local policy. The local policy, e.g., SUPI, may have a validity period during which a third NF may continue to use the SUPI; and if not within the validity period of the SUPI, the third NF may use a new SUPI. It is understood that the embodiment of the present application is not limited to the specific manner of the local policy. It is understood that the following embodiments are equally applicable with respect to the description of SUPI and the new SUPI.

The SUPI is only one shown pseudonym form, and the pseudonym information of the first subscriber identity may be in other forms, which is not limited in this embodiment of the present application. A method of the third NF generating second pseudonym information according to the first subscriber identity, illustratively, SUPI ═ KDF (SUPI, random number); alternatively, SUPI ═ KDF (SUPI, random number, serving network ID). The random number may be a random number in an authentication vector. Optionally, the parameter for generating SUPI may further include a key Kausf in the authentication vector or a Kausf derived from the authentication vector, where the Kausf is to be shared between the UE and the home network AUSF/UDM, etc.

In this embodiment, the third NF stores a correspondence between the first pseudonym information and the first user identifier, and may also store a correspondence between the second pseudonym information and the first user identifier. The third NF can make the third NF obtain the first subscriber identity according to the corresponding relationship when the first NF or other NFs send the pseudonymous name information of the first subscriber identity to the third NF by saving the corresponding relationship.

It is to be understood that the "correspondence" shown in the present application may also be understood as "mapping relationship", "correspondence list", or "mapping list", and the like, and the present application is not limited thereto.

In a possible implementation manner, before the third NF sends the first response message to the first NF, the method shown in fig. 2 may further include:

2032. the third NF may send a second request message to the fourth NF, where the second request message carries the first pseudonym information. Accordingly, the fourth NF receives the second request message.

2033. In response to the second request message, the fourth NF obtains a first subscriber identity according to the first pseudonym information, and generates second pseudonym information according to the first subscriber identity.

In this embodiment of the present application, the fourth NF may store a corresponding relationship between the first subscriber identity and the pseudonym information of the first subscriber identity, and thus, by sending the second request message to the fourth NF, the third NF may respond to the second request message to generate the second pseudonym information. Alternatively, when the first pseudonym information is sui, the fourth NF may obtain SUPI according to sui, and then generate new second pseudonym information such as new SUPI according to the SUPI. Optionally, when the first pseudonym information is SUPI, the fourth NF may obtain the SUPI according to the corresponding relationship between SUPI and SUPI, and then generate new second pseudonym information such as new SUPI according to the SUPI. Optionally, the fourth NF may also continue to use the existing SUPI according to the local policy. It is understood that, for the method of the fourth NF generating new second pseudonym information, e.g., new SUPI, according to the first subscriber identity, e.g., SUPI, reference may be made to the generation method of the third NF, which will not be described in detail herein.

2034. And the fourth NF sends the second pseudonym information to the third NF, and correspondingly, the third NF receives the second pseudonym information.

Optionally, after the third NF sends the second request message to the fourth NF, the fourth NF may further send the corresponding relationship between the first pseudonym information and the first subscriber identity to the third NF. Therefore, after receiving the corresponding relationship, the third NF can obtain the first user identifier according to the corresponding relationship, and further generate the second pseudonym information according to the first user identifier.

In combination with the method for generating the second pseudonym information by the third NF, in this embodiment of the present application, the UDM may store a corresponding relationship between the first user identifier and the first pseudonym information, and/or a corresponding relationship between the first user identifier and the second pseudonym information. The UDR may also store a correspondence between the first subscriber identity and the first pseudonym information, and/or a correspondence between the first subscriber identity and the second pseudonym information. Optionally, when the above correspondence relationship is stored in both the UDM and the UDR, the third NF executes step 2031 shown above or executes step 2032 to step 2034 shown above, which is not limited in the embodiment of the present application. Optionally, when the corresponding relationship is stored in the UDM or the UDR, the third NF may execute step 2031 or execute steps 2032 to 2034 according to a difference of the NFs storing the corresponding relationship.

It is shown above that the first response message carries the second pseudonym information, and optionally, the first response message may also carry other information. According to the difference of other information carried in the first response message, the embodiments of the present application further provide several methods:

the first method,

The first response message may also carry a root key Kamf; the root key is generated by the third NF according to SUPI, for example, Kamf KDF (SUPI, other parameters), and the embodiments of the present application are not limited to the other parameters. Since the UE also generates a root key from SUPI, e.g., Kamf KDF (SUPI, other parameters), the UE is not affected at this time. The KDF algorithm may adopt a key derivation algorithm or the like already defined in the 3GPP standard, for example, the HMAC-SHA256 algorithm, and the KDF algorithm is not limited in the embodiment of the present application.

The root key may also be generated by the third NF according to SUPI, for example, Kamf KDF2(SUPI, other parameter 2), and the embodiment of the present application is not limited to the other parameter 2. Since the UE generates the root key from SUPI, e.g., Kamf KDF (SUPI, other parameter 1). To ensure that the UE is not affected, it is required here that the key derivation algorithm KDF1 in which the third NF (or the fourth NF) generates SUPI from SUPI and the key derivation algorithm KDF2 in which the third NF generates the root key Kamf from SUPI need to satisfy the following conditions: the root key Kamf generated by the third NF from SUPI and the root key Kamf generated by the UE from SUPI are equal, i.e., Kamf KDF (SUPI, other parameter 1) ═ KDF2(SUPI, other parameter 2) ═ KDF2(KDF1(SUPI, other parameter 1), other parameter 2). KDF2 and KDF1 may be the same or different, and the examples of the present application are not limited. It is understood that the method for generating the root key shown above is only an example, and should not be construed as limiting the embodiments of the present application.

In this case, the method shown in fig. 2 may further include: if the first response message also carries the root key Kamf, the first NF may also generate the user plane key according to the root key, and the like.

The second method,

The first response message may also carry third indication information; and the third indication information is used for indicating the first NF to generate a root key according to the second pseudonym information.

The specific indication form of the third indication information is not limited in the embodiments of the present application. For example, 1 bit of information may be used to indicate that the third indication information is carried in the first response message. For example, "1" may indicate that the third indication information is carried in the first response message. For example, it may also be represented by 2 bits of information whether indication information is carried in the first response message, and the carried indication information is the third indication information. It is to be understood that the above are exemplary only and that the present application is not limited thereto.

In conjunction with the third indication information, the method shown in fig. 2 may further include: and if the first response message also carries third indication information, the first NF generates a root key Kamf according to the second pseudonym information.

For example, Kamf — KDF2(SUPI, other parameter 2), and the present embodiment is not limited to the other parameter 2. Since the UE generates the root key from SUPI, e.g., Kamf KDF (SUPI, other parameter 1). To ensure that the UE is not affected, the key derivation algorithm KDF1 for the third NF (or the fourth NF) to generate SUPI from SUPI and the key derivation algorithm KDF2 for the first NF to generate the root key Kamf from SUPI need to satisfy the following conditions: the root key Kamf generated by the first NF from SUPI and the root key Kamf generated by the UE from SUPI are equal, i.e., Kamf KDF (SUPI, other parameters 1) KDF2(SUPI, other parameters 2) KDF2(KDF1(SUPI, other parameters 1), other parameters 2). The KDF algorithm here employs a key derivation algorithm already defined in the 3GPP standard, for example the HMAC-SHA256 algorithm. KDF2 and KDF1 may be the same or different, and the examples of the present application are not limited.

After the first NF generates the root key, a user plane key may also be generated according to the root key, and the like.

The third method,

It can be understood that, when the first response message carries the second pseudonym information but does not carry the root key or the third indication information shown in the above-mentioned first method and second method, the method shown in fig. 2 may further include: and after receiving the first response message, the first NF generates a root key Kamf according to the second pseudonym information.

For example, Kamf — KDF2(SUPI, other parameter 2), and the present embodiment is not limited to the other parameter 2. Since the UE generates the root key from SUPI, e.g., Kamf KDF (SUPI, other parameter 1). To ensure that the UE is not affected, the key derivation algorithm KDF1 for the third NF (or the fourth NF) to generate SUPI from SUPI and the key derivation algorithm KDF2 for the first NF to generate the root key Kamf from SUPI need to satisfy the following conditions: the root key Kamf generated by the first NF from SUPI and the root key Kamf generated by the UE from SUPI are equal, i.e., Kamf KDF (SUPI, other parameters 1) KDF2(SUPI, other parameters 2) KDF2(KDF1(SUPI, other parameters 1), other parameters 2). The KDF algorithm here employs a key derivation algorithm already defined in the 3GPP standard, for example the HMAC-SHA256 algorithm. KDF2 and KDF1 may be the same or different, and the examples of the present application are not limited.

After the first NF generates the root key, a user plane key may also be generated according to the root key, and the like.

It is understood that other embodiments of the present application are equally applicable to the specific implementation of methods one through three.

The above-mentioned methods one to three have no influence on the UE, i.e. the UE may remain unchanged. For example, the UE generates a root key Kamf, e.g., Kamf KDF (SUPI, other parameter 1), from the SUPI, and may generate a user plane key from the root key. It is understood that the UE shown here may remain the same with respect to method four, where the UE also needs to receive the first indication information and/or the second indication information, etc. Therefore, the UE shown in the embodiments of the present application should not be construed as being limited to the embodiments of the present application.

The fourth method,

In a possible implementation manner, the first response message further carries first indication information and/or second indication information; the first indication information is used for indicating generation of second pseudonym information, and the second indication information is used for indicating generation of a user plane key.

The specific indication forms of the first indication information and the second indication information are not limited in the embodiments of the present application. For example, 1 bit of information may be used to indicate whether the first indication information or the second indication information is carried in the first response message. For example, "1" may indicate that the first indication information is carried in the first response message, and "0" may indicate that the second indication information is carried in the first response message. For example, 2 bits of information may also be used to indicate whether the indication information is carried in the first response message, and whether the carried indication information is the first indication information or the second indication information. It is to be understood that the above are exemplary only and that the present application is not limited thereto.

In conjunction with the first indication information, the method shown in fig. 2 may further include:

2051. and if the first response message comprises the first indication information, the first NF generates a root key according to the second pseudonym information.

After the first NF generates the root key, a user plane key may also be generated according to the root key, and the like. For how the first NF applies the root key, reference may be made to a relevant standard or protocol, etc. For example, Kamf — KDF (SUPI, other parameters), and the embodiments of the present application are not limited to these parameters.

2061. The first NF sends first indication information to the terminal equipment, and correspondingly, the terminal equipment receives the first indication information.

For the steps executed after the terminal device receives the first indication information, referring to fig. 3a, fig. 3a is a schematic flowchart of a secure communication method provided in an embodiment of the present application, and the method is applicable to the terminal device. As shown in fig. 3a, the method comprises:

3011. the terminal equipment receives first indication information sent by a first NF (AMF); the first indication information is used for indicating the terminal equipment to generate second pseudonym information.

Optionally, the first indication information may also be used to instruct the terminal device to generate the root key.

3012. And the terminal equipment generates second pseudonym information according to the first user identification.

3013. And the terminal equipment generates a root key according to the second pseudonym information.

3014. The terminal equipment generates an access layer key and/or a non-access layer key according to the root key; the access layer key is used for protecting data and/or signaling between the terminal equipment and the access equipment, and the non-access layer key is used for protecting data and/or signaling between the terminal equipment and the first NF.

In this embodiment, as for the method for generating the second pseudonym information and the method for generating the root key by the terminal device according to the first subscriber identity, reference may be made to a method for generating the second pseudonym information by a third NF and a method for generating the root key by the third NF, which are not described in detail here.

The embodiment of the present application does not limit the method for generating the access stratum key by the terminal device, for example, the access stratum key is KDF (Kamf, other parameters).

By implementing the embodiment of the application, the access stratum key and/or the non-access stratum key are/is generated according to the second pseudonym information, so that the security level of data and/or signaling can be effectively improved, and the transmission of the data and/or signaling is protected.

In conjunction with the second indication information, the method shown in fig. 2 may further include:

2052. and if the first response message comprises the second indication information, the first NF generates a user plane key according to the second pseudonym information.

The embodiment of the present application does not limit the method for generating the user plane key by the terminal device.

2062. And the first NF sends second indication information to the terminal equipment, and correspondingly, the terminal equipment receives the second indication information.

2072. The first NF sends a user plane key to the user plane function, which receives the user plane key accordingly.

It is understood that the sequence of step 2062 and step 2072 is not limited in the embodiments of the present application.

For the steps executed after the terminal device receives the second indication information, referring to fig. 3b, fig. 3b is a schematic flowchart of a secure communication method provided in an embodiment of the present application, and the method is applicable to the terminal device. As shown in fig. 3b, the method comprises:

3021. the terminal equipment receives second indication information sent by the first NF; and the second indication information is used for indicating the terminal equipment to generate the user plane protection key.

3022. And the terminal equipment generates second pseudonym information according to the first user identification.

3023. And the terminal equipment generates a root key according to the second pseudonym information.

3024. The terminal equipment generates a user plane key according to the root key; the user plane key is used for protecting data between the terminal equipment and the user plane function.

In the embodiment of the application, after the terminal device generates the user plane key, when the terminal device interacts with the user plane function, the user plane key can be used to protect data. The data is prevented from being tampered or intercepted by other network elements or network functions, and the safety of the data is guaranteed.

It is understood that in the secure communication method shown in fig. 3a and 3b, the terminal device may be understood as a device using the first subscriber identity. In other words, the first subscriber identity, such as SUPI, may be a subscriber identity or number, etc. stored in the core card of the terminal device.

It is understood that the method shown above is exemplified by the first user identifier, but in a specific application, a second user identifier, a third user identifier, etc. may be included. The second subscriber identity or the third subscriber identity may also apply the methods shown in fig. 2, 3a and 3 b.

By implementing the method shown in fig. 2, the third NF may determine whether to perform pseudonymization processing on the first subscriber identity according to the trusted attribute of the first subscriber identity, so that when the trusted attribute of the first subscriber identity meets a preset condition, the third NF sends the pseudonymized first subscriber identity, that is, second pseudonym information, to the first NF. The first user identification exists between different NF in a pseudonymization mode, thus preventing the first user identification from being tampered or intercepted by an unsafe or untrusted network element or network function, effectively protecting the first user identification and improving the safety of the first user identification.

For a more visual understanding of the method shown in fig. 2, the following will specifically illustrate the secure communication method provided by the embodiment of the present application.

Referring to fig. 4, fig. 4 is a scene schematic diagram of a secure communication method provided in an embodiment of the present application. The method is applicable to the network architecture shown in fig. 1. It can be understood that the method is shown with the terminal device as the UE, the first NF as the AMF, and the third NF as the UDM, and meanwhile, the method also involves network functions such as AUSF and user plane functions such as UPF. The first subscriber identity in the method comprises SUPI. Optionally, the UDM pre-stores subscription data of one or more user identifiers, and the subscription data includes a subscription level. In other words, the UDM is pre-configured with a subscription level of one or more user identities.

As shown in fig. 4, the secure communication method includes:

401. the UE sends a registration request message to the AMF, where the registration request message carries a suici or a 5G global user temporary identity (5G global user temporary identity, 5G GUTI). Accordingly, the AMF receives the registration request message.

When the UE first sends a registration request message to the AMF, the registration request message may carry the sui. When the UE does not send a registration request message to the AMF for the first time, the registration request message may carry a GUTI. For convenience of description, the UE sends a registration request message to the AMF for the first time, which may be referred to as first registration for short; the UE sends a registration request message, which may be referred to as non-initial registration, to the AMF for a non-initial time.

402. And the AMF sends an authentication request message to the AUSF, wherein the authentication request message carries SUCI or SUPI. Accordingly, the AUSF receives the authentication request message.

When registering for the first time, the authentication request message can carry SUCI; the authentication request message may carry SUPI when not first registered.

Optionally, the authentication request message may also carry an Identification (ID) of the serving network. The ID of the serving network may be an ID of a network in which the AMF is located.

403. The AUSF sends the authentication request message to the UDM, and correspondingly, the UDM receives the authentication request message.

404. And the UDM performs pseudonymization treatment on the SUPI according to the credible attribute of the SUPI to obtain a new pseudonymized user identifier such as SUPI.

It is understood that the method for UDM pseudonymization can refer to the method shown in fig. 2, and will not be described in detail here.

405. And the UDM sends an authentication response message to the AUSF, wherein the authentication response message carries a new pseudonymized user identifier such as SUPI. Accordingly, the AUSF receives the authentication response message.

Illustratively, if the authentication request message carries a SUCI, the UDM may obtain the SUPI from the SUCI. A new SUPI is then generated from the SUPI. For example, if the authentication request message carries SUPI, the UDM may obtain SUPI according to the previously stored correspondence (SUPI ), and then generate new SUPI according to SUPI. Optionally, the UDM may also continue to use the existing SUPI (e.g., the SUPI carried in the authentication request message) according to the local policy.

Optionally, the authentication response message may further carry the first indication information and/or the second indication information. Wherein, the first indication information can also be understood as pseudonymization protection indication information; the second indication information may be understood as either terminal-to-core network protection indication information.

Illustratively, for step 404, the UDM may proceed with the following processing according to the trusted attributes of the subscription (e.g., trusted attributes of the subscribed SUPI):

for example, if the trusted attributes in the subscription comply with identity privacy protection requirements, the UDM may determine that SUPI requires pseudonymization protection. For another example, if the trusted attributes in the subscription comply with industry data security protection requirements, the UDM determines that SUPI requires pseudonymization protection. For another example, if the trusted attributes in the subscription indicate that SUPI is a normal user, the UDM may process according to the normal flow. The normal flow may refer to a relevant standard or protocol, e.g., the UDM may not pseudonymize the SUPI, etc. For another example, if a trusted attribute in the subscription indicates that SUPI is a VIP user, the UDM determines that SUPI requires pseudonymization protection.

Optionally, after receiving the authentication request message, the UDM may further send the authentication request message to the UDR, and the UDR performs pseudonymization on the SUPI according to the trusted attribute of the SUPI to obtain a new SUPI. The UDR thus sends an authentication response message to the UDM, the authentication response message carrying the new SUPI. Optionally, after receiving the authentication request message, the UDR may directly perform pseudonymization on the SUPI to obtain a new SUPI. The UDR thus sends an authentication response message to the UDM, the authentication response message carrying the new SUPI. Optionally, the authentication response message sent by the UDR to the UDM may also carry a new SUPI and a corresponding relationship between SUPI. In this case, both UDM and UDR can obtain a true user identity, e.g. SUPI.

The manner in which the UDR derives SUPI may be as follows: for example, if the authentication request message carries sui, the UDR may obtain SUPI according to the sui and then generate new SUPI according to the SUPI. Optionally, if the authentication request message carries SUPI, the UDR may obtain SUPI according to the previously stored correspondence (SUPI ), and then generate a new SUPI according to SUPI. Optionally, the UDR may also continue to use the existing SUPI (e.g., the SUPI carried in the authentication request message) according to the local policy.

406. The AUSF continues to perform the authentication procedure for the UE through the AMF.

It is understood that, for the authentication procedure shown in step 406, reference may be made to relevant standards or protocols, etc., and this is not limited in this embodiment of the application.

407. AUSF confirms that the authentication is successful.

408. And the AUSF sends an authentication response message to the AMF, wherein the authentication response message carries the new SUPI. Accordingly, the AMF receives the authentication response message.

Optionally, the authentication response message may also carry an anchor key. Optionally, the authentication response message may further carry the first indication information and/or the second indication information. Optionally, the first indication information and/or the second indication information may also be integrity protected by a shared key, so as to prevent the first indication information and/or the second indication information from being maliciously tampered, and the like. The shared key may be understood as a shared key between the UE and the AUSF during the authentication process. In other words, the first indication information and/or the second indication information may be integrity protected by a recovery Message Authentication Code (MAC) value.

409. The AMF generates a root key (Kamf) from the new SUPI and anchor key.

Optionally, if the authentication response message carries the second indication information, the AMF generates a user plane key according to the root key, where the user plane key may also be referred to as a terminal-to-core network protection key, and the terminal-to-core network protection key may include a terminal-to-core network encryption key and a terminal-to-core network integrity protection key.

Optionally, when the UDM generates a new SUPI, the UDM may also generate a root key from the new SUPI. Therefore, the authentication response message can also carry the root key, so that the AMF can obtain the root key when receiving the authentication response message.

Optionally, after receiving the authentication response message, the AUSF may further generate a root key according to the new SUPI.

410. The AMF sends the first indication information and/or the second indication information to the UE.

411. The UE generates a new SUPI from SUPI.

After the authentication procedure is finished, the UE may also generate an anchor key by using the same method as the AUSF. Optionally, if the UE receives the first indication information, the UE may perform integrity protection check on the first indication information by using a shared key between the UE and the AUSF, and then generate a new SUPI. It is understood that the UE may generate the new SUPI in the same manner as the UDM generates the new SUPI. Further, the UE may also generate a root key Kamf from the new SUPI. Optionally, if the UE receives the second indication information, the UE may further generate a user plane key according to the root key.

It is understood that the first indication information and/or the second indication information shown above may also be included in the tenth message, and the embodiment of the present application is not limited to the manner in which the AMF sends the first indication information and/or the second indication information.

412. The AMF transmits a registration response message to the UE. Accordingly, the UE receives the registration response message.

The registration response message may include a registration accept message.

413. And the AMF sends the terminal-to-core network protection key to the UPF through the SMF.

In the embodiment of the application, in the process of transmitting data between the UE and the UPF, the data can be encrypted or integrity protected through a terminal-to-core network protection key, so that the data is prevented from being known by a weakly trusted or untrusted NF, and the security of data transmission is improved.

In the method shown in fig. 4, the root key Kamf is generated by the AMF from the new SUPI carried in the authentication response message. And the UE generates a new SUPI using the same method as the UDM and then generates a root key Kamf from the new SUPI.

Optionally, after the UDM generates the new SUPI, the UDM may also generate a root key Kamf from the new SUPI. Meanwhile, the new SUPI and the root key Kamf may be included in the authentication response message, so that the AMF may directly receive the root key Kamf. In this case, the UE may generate a new SUPI in the same manner as the UDM and then generate the root key Kamf from the new SUPI. Alternatively, the UDM may generate a new SUPI using the security algorithm f 1; meanwhile, the authentication response message includes the new SUPI, the AMF generates the root key Kamf using the security algorithm f2, and the new SUPI. With the security algorithm f1, f2 ensures that the root key Kamf generated by the UE from the new SUPI and the root key Kamf generated by the AMF are equal.

It is understood that the first request message in fig. 2 may be understood as the authentication request message in fig. 4, and the first response message in fig. 2 may be understood as the authentication response message in fig. 4. The first indication information in fig. 2 may be understood as the pseudonymized protection indication information in fig. 4, and the second indication information in fig. 2 may be understood as the terminal-to-core network protection indication information in fig. 4. The user plane key shown in fig. 2 may be understood as the terminal-to-core network protection key in fig. 4.

According to the technical scheme provided by the embodiment of the application, on one hand, the SUPI is prevented from being tampered or intercepted by an unsafe or untrusted network element or network function, and the like, so that the SUPI is effectively protected, and the safety of the SUPI is improved. On the other hand, the authentication response message improves the security of data interaction between the UE and the UPF by including the terminal-to-core network protection indication information.

The method shown in fig. 2 to 4 is to determine whether to perform pseudonymization processing on the user identifier according to whether the trusted attribute of the user identifier meets a preset condition. The embodiment of the application also provides a secure communication method, and the method can determine the related network elements or network functions according to the credibility level, so that the terminal equipment is provided with services through the related network elements or network functions.

Fig. 5 is a flowchart illustrating a secure communication method according to an embodiment of the present application, where the method is applicable to the network architecture shown in fig. 1. As shown in fig. 5, the secure communication method includes:

501. the first Network Function (NF) sends a third request message to the NRF, the third request message carrying the trust level. Accordingly, the NRF receives the third request message.

The first NF may also be understood as a consumer (consumerNF).

In the embodiment of the present application, the credibility level may be used to indicate the credibility of the network element or the network function. Depending on the level of trust, for example, the degree of trust of NF may vary. Alternatively, the level of trustworthiness may be proportional to the degree of trustworthiness. For example, the trust level may be classified as strongly trusted, weakly trusted, or untrusted, etc. For another example, the confidence level may be classified into level 1, level 2, level 3, and the like, and a higher level represents a higher confidence level. The embodiment of the present application does not limit the specific dividing manner of the credibility level.

Alternatively, the trust level shown above may be the trust level of the NF. Alternatively, the above-indicated confidence level may also be the confidence level of the slice, and the like. According to the different credibility levels, the embodiment of the application provides several different methods, such as fig. 6a to 6 c.

In this embodiment of the application, the third request message may be, for example, a message requesting to query NFs that may be accessed by the terminal device, where the NFs that may be accessed by the terminal device may include an AMF, an SMF, or a UPF.

502. In response to the third request message, the NRF determines a second NF according to the trust level.

The second NF may also be understood as producer NF; alternatively, it may be understood as target nf (target nf), etc.

The second NF may represent one NF, or the second NF may also represent multiple NFs.

Alternatively, the second NF may be one or more NFs corresponding to the trust level. Alternatively, the second NF may also be one or more NFs corresponding to the trust level, and the NF type requested by the first NF.

The method of NRF determining the second NF is different according to the confidence level, and may be as shown in fig. 6a to 6c, respectively.

503. The NRF transmits identification information of the second NF to the first NF. Accordingly, the first NF receives the identification information of the second NF.

The identification information of the second NF may include, for example, a type of the second NF (NF type), an instance of the second NF (NF instance), an identifier of the second NF set (NF set ID), or an IP address of the second NF, and the specific identifier of the identification information is not limited in this embodiment of the application. After receiving the identification information of the second NF, the first NF may perform service interaction with the second NF.

Alternatively, the identification information of the second NF may be included in the third response message.

In the embodiment of the application, the NRF determines the second NF according to the trust level, so that after the first NF receives the identification information of the second NF, the first NF performs data and/or signaling interaction with the second NF. Therefore, the first NF can interact with the NF (namely the second NF) corresponding to the credible level, on one hand, the requirement of the first NF on the credible level can be met, on the other hand, the first NF interacts with the NF (such as the second NF) with high credible level through data and/or signaling, and the interaction safety of the first NF and the second NF is improved.

According to the difference of the credibility levels shown in fig. 5, the embodiment of the present application further provides several methods, which are respectively as follows:

the first method,

Referring to fig. 6a, fig. 6a is a schematic flowchart of a secure communication method provided in an embodiment of the present application, and as shown in fig. 6a, the method includes:

it is understood that the NRF stores the trust level of one or more NFs (including the second NF), and the second NF is used as an example to illustrate the method provided in the embodiment of the present application. However, the method described below is applicable not only to the second NF but also to other NFs and the like. As shown in fig. 6a, the method of preserving the trust level of one or more NFs in NRF comprises steps 601 and 602.

601. And the NRF receives a registration request message sent by the second NF, wherein the registration request message carries the credibility level of the second NF. Accordingly, the NRF receives the registration request message.

The registration request message also carries identification information of the second NF.

602. The NRF saves the trust level of the second NF.

In the method, the second NF may send the trust level of the second NF to the NRF when sending the registration request message to the NRF. The method for dividing the trust level can refer to the method shown in fig. 5, and is not described in detail here.

The embodiments of the present application are not limited to how the NRF stores the trust level of the second NF, and the specific location where the trust level of the second NF is stored. For example, the NRF may store a correspondence between the identification information of the second NF and the trust level, such as (NF instance, NF type, trust level). For example, the trust level of an NF may be maintained in the NRF in a manner that the NF corresponds to a trust level. Alternatively, the NRF may store the trust levels of a plurality of NFs so that the NFs correspond to one trust level.

The above is a method for dynamically acquiring the trust level of the NF provided by the embodiment of the present application. The embodiment of the present application further provides a method for statically acquiring the trust level of an NF, for example, an NRF pre-configures one or more trust levels of NFs and stores the one or more trust levels of NFs. Illustratively, the NRF pre-configures and maintains a trust level of the second NF. For example, the operator may provision the NRF with a trust level for the second NF, etc. It is understood that the embodiments of the present application are not limited to the method for configuring the trust level of one or more NFs in NRF.

In the above-described methods for statically or dynamically acquiring the trust level of an NF, the NRF may store identification information of one or more NFs and the trust level of the one or more NFs. Illustratively, the NRF may store NFa identification information and NFa confidence level. Alternatively, the NRF may also store NFb identification information and NFb confidence level. Alternatively, the NRF may also store NFc identification information and NFc confidence level. Among them, NFa, NFb and NFc are used only to distinguish different NFs and do not have other specific meanings. It is understood that the above-shown NRF may store identification information of one or more NFs and trust levels of the one or more NFs, and may also be understood as an NRF that stores one or more NFs and trust levels of the one or more NFs; alternatively, it may also be understood that the NRF stores a correspondence between identification information of one or more NFs and a trust level, and the like, and the specific description method in the embodiment of the present application is not limited.

It is understood that the above description of maintaining identification information of a NF and the trust level of that NF in the NRF applies equally to other embodiments of the present application.

603. And the first NF acquires the credible attribute of the first user identifier from the third NF and determines the credible level according to the credible attribute of the first user identifier.

In this embodiment of the application, the trusted attribute of the first subscriber identity may be used to indicate whether pseudonymization processing needs to be performed on the first subscriber identity. Therefore, the first subscriber identity needs to be pseudonymized, which means that the first subscriber identity needs a higher confidence level. Therefore, after obtaining the trusted attribute of the first user identifier, the third NF may determine the trusted level according to the trusted attribute of the first user identifier. As to how the third NF obtains the trusted attribute of the first subscriber identity, reference may be made to the method shown in fig. 2, which is not described in detail here.

For example, the first NF may perform step 603 when receiving a message requesting to access the network, which is sent by the terminal device. For example, the first NF may further perform step 603 when receiving a message requesting to establish a session request sent by the terminal device. The first NF may also perform step 603 and the like in other scenarios, which is not limited in this embodiment.

604. The first NF sends a third request message to the NRF, wherein the third request message carries the credibility level. Accordingly, the NRF receives the third request message.

605. And responding to the third request message, the NRF determines the second NF according to the corresponding relation between the stored identification information of the second NF and the credible level carried in the third request message.

Storing identification information and a trust level of one or more NFs in the NRF; alternatively, it may also be understood that the NRF stores therein a correspondence between identification information of one or more NFs and trust levels of the one or more NFs; alternatively, it may be understood that the NRF stores therein identification information of the NF and a trust level of the NF. For the method of storing the identification information of the NF and the trust level of the NF in the NRF, reference may be made to the related description of step 601 and step 602, and details thereof are not described here.

In some implementations, the trust level of the second NF may be equal to the trust level carried in the third request message. In other implementations, the trust level of the second NF may also be higher than the trust level carried in the third request message, and the like, which is not limited in this application.

For example, NRF may be maintained (NF2, trusted level as high), (NF3, trusted level as high), (NF4, trusted level as weak), (NF5, trusted level as not trusted). The trust level carried in the third request message is high. The NRF may determine an NF having a high trust level, such as NF2 and/or NF3, as the second NF from among the trust levels of the saved NFs. It is understood that NF2, NF3, NF4, and NF5 in the above illustrated example may be the same type of NF.

Optionally, the NRF may further store trust levels of various different types of NFs, and in this case, when the NRF determines the second NF, the NRF may further determine the second NF according to the NF type requested by the first NF. For example, the first NF needs to request the AMF that the terminal device can access, and the second NF is the NF corresponding to the trusted level carried in the third request message.

Optionally, the trusted level of the second NF may correspond to the trusted level weakly when the trusted level carried in the third request message is the trusted level weakly; alternatively, the trust level of the second NF may also be weaker than the trust level.

It is understood that, in the embodiment of the present application, the trust level of an NF may also be understood as a trust level corresponding to the identity of the NF.

606. The NRF transmits the identification information of the second NF to the first NF, and accordingly, the first NF receives the identification information of the second NF.

In the embodiment of the present application, by saving the trust level of each NF (including the second NF) in the NRF, the first NF can request the NRF for an NF with a high trust level. Therefore, the first NF can perform data and/or signaling interaction with the NF with a high credibility level (such as the second NF), and the security of the data and/or the signaling is ensured.

The second method,

Referring to fig. 6b, fig. 6b is a schematic flowchart of a secure communication method provided in an embodiment of the present application, and as shown in fig. 6b, the method includes:

611. and the first NF sends a fourth request message to the NSSF, wherein the fourth request message carries the identification information of the first slice. Accordingly, the NSSF receives the fourth request message.

The specific type of the fourth request message is not limited in the embodiments of the present application.

612. And the NSSF determines the credibility level of the first slice according to the first pre-configuration information and the identification information of the first slice carried in the fourth request message.

The first pre-configuration information is configured by an operator, or configured by other NFs, etc., which is not limited in this application. The first preconfigured information may hold therein identification information of the slice and a confidence level of the slice. For example, the first preconfigured information may store therein a correspondence between identification information and a trust level of one or more slices. Wherein the first preconfigured information includes identification information of the first slice and a trust level of the first slice.

In this embodiment of the application, the confidence level of the first slice may also be understood as a confidence level corresponding to the identification information of the first slice. The confidence levels of the plurality of slices may also be understood as confidence levels corresponding to the identification information of the plurality of slices. The plurality of slices may correspond to one trust level or may correspond to a plurality of trust levels. For example, one slice corresponds to one trust level, or two slices correspond to one trust level, and the like.

After receiving the fourth request message, the NSSF may search, from among the stored trust levels of the one or more slices, the trust level corresponding to the first slice according to the identification information of the first slice, so as to obtain the trust level of the first slice.

613. And the NSSF sends a fourth response message to the first NF, wherein the fourth response message carries the credibility level of the first slice. Accordingly, the first NF receives the fourth response message.

The trust level of the first slice carried in the fourth response message may also be understood as the trust level corresponding to the identification information of the first slice carried in the fourth response message. The fourth response message also carries identification information of the first slice.

614. And the first NF sends a third request message to the NRF, wherein the third request message carries the credibility level of the first slice and the identification information of the first slice. Accordingly, the NRF receives the third request message.

615. In response to the third request message, the NRF determines a second NF set corresponding to the first slice according to the identification information of the first slice; and determining a second NF from a second NF set according to the corresponding relation between the stored identification information of the NF and the credibility level of the first slice.

In this embodiment of the present application, the NRF may store a correspondence between identification information of one or more NFs and a trust level. Alternatively, it may be understood that the NRF holds therein identification information of one or more NFs and a trust level of the one or more NFs. Thus, the NRF may determine the second NF from the second set of NFs based on the confidence level of the first slice. It is understood that the number of NFs included in the second set of NFs is not limited in the embodiments of the present application. For example, the second set of NFs may include a NF such as the second NF; for another example, the second NF set may further include a plurality of NFs, and the plurality of NFs includes the second NF. It is understood that other embodiments of the present application are equally applicable with respect to the description of the second set of NFs.

616. The NRF transmits the identification information of the second NF to the first NF, and accordingly, the first NF receives the identification information of the second NF.

In one possible implementation, before step 615, the method shown in fig. 6b may further include:

617. and the NRF receives a registration request message sent by the second NF, wherein the registration request message carries the credibility level of the second NF. Accordingly, the NRF receives the registration request message.

The registration request message also carries identification information of the second NF.

618. The NRF saves the trust level of the second NF.

It is understood that for the specific implementation of step 617 and step 618, reference may be made to step 601 and step 602 shown in fig. 6a, and details thereof are not described here.

It is understood that the method not described in detail in the embodiments of the present application may refer to the method shown in fig. 5 and 6a, and will not be described in detail here.

The third method,

Referring to fig. 6c, fig. 6c is a schematic flowchart of a secure communication method provided in an embodiment of the present application, and as shown in fig. 6c, the method includes:

621. and the first NF sends a fourth request message to the NSSF, wherein the fourth request message carries the identification information of the first slice. Accordingly, the NSSF receives the fourth request message.

The specific type of the fourth request message is not limited in the embodiments of the present application.

622. The NSSF determines a trust level of the second NF set according to the second preconfigured information and the identification information of the first slice.

The second pre-configuration information is configured by an operator, or configured by other NFs, etc., which is not limited in this application. The second pre-configured information includes identification information of the NF set and a trust level of the NF set. For example, the second preconfigured information may include a correspondence between identification information of the second NF set and a trust level of the second NF set. And the second preconfigured information may further include slice identification information and NF set identification information. For example, the second preconfigured information may include a correspondence between identification information of the first slice and identification information of the second NF set.

Optionally, one slice may correspond to one or more NF sets, and one NF set may correspond to one trust level.

After receiving the fourth request message, the NSSF may determine, according to the identification information of the first slice carried in the fourth request message, a NF set, such as a second NF set, corresponding to the first slice; and then determining the credibility level corresponding to the second NF set.

623. And the NSSF sends a fourth response message to the first NF, wherein the fourth response message carries the identification information of the second NF set and the credibility level of the second NF set. Accordingly, the first NF receives the fourth response message.

624. And the first NF sends a third request message to the NRF, wherein the third request message carries the credibility level of the second NF set and the identification information of the second NF set. Accordingly, the NRF receives the third request message.

625. And responding to the third request message, the NRF determines the second NF from the second NF set according to the stored corresponding relation between the identification information of the NF and the credibility level of the second NF set.

626. The NRF transmits the identification information of the second NF to the first NF, and accordingly, the first NF receives the identification information of the second NF.

In one possible implementation, before step 625, the method shown in fig. 6b may further include:

627. and the NRF receives a registration request message sent by the second NF, wherein the registration request message carries the credibility level of the second NF. Accordingly, the NRF receives the registration request message.

The registration request message also carries identification information of the second NF.

628. The NRF saves the trust level of the second NF.

It is understood that for the specific implementation of step 627 and step 628, reference may be made to step 601 and step 602 shown in fig. 6a, and details thereof are not described here.

It is understood that the methods not described in detail in the embodiments of the present application may refer to the methods shown in fig. 5 to 6b, and will not be described in detail here.

The fourth method,

Referring to fig. 6d, fig. 6d is a schematic flowchart of a secure communication method provided in an embodiment of the present application, and as shown in fig. 6d, the method includes:

631. and the first NF sends a fourth request message to the NSSF, wherein the fourth request message carries the identification information of the first slice. Accordingly, the NSSF receives the fourth request message.

632. The NSSF determines one or more NFs corresponding to the first slice and a trust level corresponding to the one or more NFs according to the third preconfigured information and the identification information of the first slice.

The third pre-configuration information includes a correspondence between identification information of the slice and identification information of the NF. In other words, the third preconfigured information may include a correspondence of one or more slices and NFs. Alternatively, one slice may correspond to one or more NFs, and one NF may correspond to one trust level.

Optionally, the trust levels corresponding to the multiple NFs are the same, or the trust levels corresponding to the multiple NFs are different, and the like, which is not limited in this embodiment of the application. For example, a first slice may correspond to NF7 (high confidence level), NF8 (high confidence level), and NF9 (high confidence level). As another example, the first slice may correspond to NF7 (high confidence level), NF8 (high confidence level), and NF10 (weak confidence level).

633. The NSSF sends a fourth response message to the first NF, wherein the fourth response message carries the identification information of the one or more NFs and the credibility level of the one or more NFs. Accordingly, the first NF receives the fourth response message.

The method shown in the embodiment of the present application is different from that in fig. 6c, a fourth response message in fig. 6c carries the trust level of the second NF set, and a fourth response message in fig. 6d carries the trust level of one or more NFs. In other words, the trust level in fig. 6c is set-specific, and as to whether the trust level of the corresponding NF(s) in the second NF set is the same, the embodiment of the present application is not limited. I.e. the trust level of the NFs comprised in the second set of NFs may also be lower than the trust level carried in the third request message. In fig. 6d, the fourth response message directly carries the identification information of the one or more NFs and the trust levels of the one or more NFs, so that the first NF can directly select one NF from the one or more NFs as the second NF. That is, after the first NF receives the fourth response message, the first NF may determine a second NF to interact with the first NF according to the trust level of one or more NFs.

In the embodiment of the application, the NSSF sends the credible levels of one or more NF to the first NF, so that the first NF can quickly determine the second NF, and the method is simple to implement and high in efficiency.

It can be understood that the first NF and the second NF shown above are only an example, and in practical applications, in a scenario where the terminal device needs to access the network or establish a session connection, more NFs may be involved. In other words, the technical solution provided by the embodiment of the present application can be applied to more NFs.

By implementing the technical solutions provided in fig. 5 to fig. 6d, in a scenario where the terminal device accesses a network or establishes a session connection, the first NF interacts with the NRF or NSSF, and can obtain a second NF with a high trust level interacting with the first NF. And when relevant processing is processed, the safety of service interaction is ensured.

The application also provides a secure communication method, which comprises the following steps:

1) a first Network Function (NF) sends a fifth request message to a Domain Name System (DNS), where the fifth request message carries domain name information and a trusted level; accordingly, the DNS receives the fifth request message.

2) In response to the fifth request message, the DNS determines a second NF according to the domain name information and the credibility level; the DNS sends the identification information of the second NF to the first NF.

In this embodiment, the DNS may determine the second NF according to the stored correspondence between the domain name information and the identification information, and the correspondence between the identification information and the trusted level (or the correspondence between the domain name information and the trusted level, or the like). For example, the DNS may be configured with a correspondence between domain name information (or identification information) of one or more NFs and a trust level of the one or more NFs. The DNS determines the second NF according to the trust level, which may cause the first NF to receive identification information of the second NF, where the identification information of the second NF may include an IP address of the second NF, and the like. Therefore, the first NF can interact with the NF (namely the second NF) corresponding to the credibility level, on one hand, the requirement of the user identification corresponding to the terminal equipment on the credibility level can be met, on the other hand, the first NF and the NF (such as the second NF) with high credibility level carry out data and/or signaling interaction, and the interaction safety of the first NF and the second NF is improved.

It is understood that the identification information of the second NF may be carried in the fifth response message, and the like, which is not limited in this embodiment of the application.

In this embodiment, the first NF may further include an access device, and the second NF may include an AMF.

It will be appreciated that the methods of fig. 5 to 6d, shown above, may also be combined with the methods shown in fig. 2 to 4. For example, when the trusted attribute of the first subscriber identity meets a preset condition, the first subscriber identity may exist between different NFs in a pseudonymized manner. Meanwhile, when the UE interacts with different NF, the first NF can select the NF with high credibility level, such as a second NF, to interact; and when the first NF interacts with the second NF, the first subscriber identity may also exist between the first NF and the second NF in a pseudonymized manner (or a real subscriber identity). Therefore, the security of the first user identification is improved, and the security or reliability of data and/or signaling interaction is effectively ensured. Further, when the UE interacts with the UPF, data and/or signaling may also be encrypted by the user plane key, thereby ensuring security of the data and/or signaling.

In other words, the secure communication method provided by the application can reduce privacy disclosure or weak links utilized by people and reduce excessive worry of each area caused by policy reasons from the viewpoints of user identification security, communication network topology security, terminal-to-core network security protection and the like. Through hierarchical arrangement, a small number of sensitive network elements are controlled to perform sub-node credit granting, so that most network element equipment can not relate to sensitive data or the requirement of safety level is reduced, and the deployment feasibility of the existing network is greatly improved.

The secure communication method provided by the present application will be exemplified by specific NF. The method realizes modes of grading, pseudonymization, NF credit granting and the like, and improves feasibility, data security and the like of network deployment.

The trust levels of NFs shown above may include, for example, trusted NFs, weakly trusted NFs, and untrusted NFs. The trusted NF may include trusted data NF, trusted control NF, and trusted chassis NF, as shown in table 1. The trusted data NF may be used to store subscription data and the like; the credible data NF may include the third NF, the fourth NF shown above. The trusted control NF may be used to address NF's, etc.; the trusted control NF may comprise the first NF, NRF, NSSF, or the like, shown above. The trusted rack NF may include the user plane functionality shown above, and may include UPFs, MECs, and the like. The trusted mount NF may be a user plane network element authorized by the operator. Optionally, the trusted mount NF may perform data non-upload (support agreed inspection) according to industry data requirements; or, according to the access network condition, starting the terminal to core network protection (namely encrypting the data by using the user plane key); or starting protection among the trusted brackets NF according to network conditions, and the like.

TABLE 1

The trusted network element is described in detail below:

the trusted data NF may comprise 5GUDM, 4G UDM, HSS, PCF in a mobile network, etc., or may also be a subscriber database part in the above network element, etc. The trusted data NF is trusted because it needs to store user sensitive information such as user ID, keys and subscription data. In other words, the high sensitivity of the trusted data NF is that the trusted data NF needs to preserve the user-sensitive information described above.

The trusted control NF may include 5G NRF, DNS, and 4G DNS, among others. Addressing between NFs is controlled by NRF, DNS, etc., topology hiding, directed forking, etc. can be performed. The high sensitivity of the trusted control NF is that the trusted control NF needs to store data information such as network topology control.

Illustratively, DNS is used to configure IP addressing between physical network elements (e.g., between an access device and an AMF). NRFs are used to configure addressing between Virtual Network Functions (VNFs) (e.g., between an AMF and an SMF of the same physical data center, etc.). The NRF can also be configured with a trusted support NF, a weak trusted support NF and the like.

The trusted control NF may also comprise an SCP for handling indirect addressing procedures and topology hiding procedures specified in the 3GPP standards. Illustratively, the AMF2 as in fig. 7b may be indirectly addressed to the SMF2 through an SCP, and then the AMF2 may communicate indirectly with the SMF2 through the SCP.

Alternatively, the SMF may pre-configure some trusted legs NF to be trusted for all UEs.

The trusted control NF may further comprise a default AMF (or default AMF such as default AMF), NSSF, for obtaining the real subscription data of the user before slice selection. As in fig. 7a, the default AMF uses the real ID (e.g., the first subscriber identity) of the UE1 obtained from the trusted UDM when the UE1(VIP user) registers (or attaches) to the mobile communication network through the trusted access network.

The trusted support NF may include a UPF, which may be a UPF that decrypts the viewed data, or may not be all the UPFs in the network. Alternatively, the trusted mount NF may further include a multi-access edge computer (MEC). The MEC and the UPF may be two different NFs, or the MEC and the UPF may also be integrated into one NF.

In some implementations, the trusted data NF, trusted control NF, and trusted leg NF shown above may be configured by an operator, etc., i.e., the trusted NFs in the network are configured in a static manner. Accordingly, the information related to the trusted NF may be stored in the trusted data NF. Alternatively, the information (e.g., pre-configuration information) related to the trusted NF may be stored in the NRF or NSSF.

In other implementations, the trusted NFs shown above may also be determined by a trusted control NF (e.g., NRF), and so on. Illustratively, the NRF may determine a second NF that interacts with the first NF. Optionally, the trusted control NF may configure some trusted shelves NF according to preset NF types (such as AMF, SMF, UPF, and the like) to be trusted by all UEs; alternatively, some trusted legs NF may also be configured to be trusted for certain UEs. As in fig. 7a, for UE1, UPF1 may act as trusted cradle NF. However, for the UE5 (not shown in fig. 7 a), the trusted support NF interacting with the UE5 is not necessarily UPF 1. In other words, the trusted control NF may configure some trusted legs NF that are trusted for all UEs; alternatively, the trusted leg NF may be trusted only for certain UEs, etc.

In connection with the methods shown in fig. 2 to 6d, the trusted data NF may configure the trusted cradle NF according to the following method. Exemplary, such as:

1) and configuring a trusted support NF, a weak trusted support NF or an untrusted support NF and the like according to the trusted attribute of the subscription data of the user identification (such as the first user identification and the like).

2) The trusted leg NF, the weakly trusted leg NF, or the untrusted leg NF, etc. are configured according to the user type of the user identification (e.g., normal user, VIP user). For example, for VIP users, the NFs configured for them may all be trusted NFs. For a common user, a common NF or a weakly trusted NF, etc. may be configured for the common user.

3) Configuring a trusted support NF for the industrial property/data according to the requirements that the industrial property/data cannot be out of the park and the like; such as MEC and UPF1, UPF4 co-constructed MEC1, MEC4, and the like.

4) According to the session attribute of the user identifier, for example, the security requirement of audio/video call or data communication is high, or the session requires a high security level, a trusted support NF may be configured for the session.

5) According to the slice to which the user identifier belongs, the trusted support NF corresponding to the slice can provide trusted service for the user identifier.

In one possible implementation, the trusted data NF may also configure the trusted cradle NF according to the following.

6) According to the safety control requirements of the network, certain conditions are met and certain trusted support NF (negative feedback) inspection is required;

7) according to the load balance of the network, sharing among certain trusted brackets NF is allowed;

8) according to the real-time monitoring of the network, the risk of a certain terminal is considered to be increased, and a trusted support NF and a control measure are adjusted;

9) the method comprises the following steps of assuming a certain type of trusted support NF of a user according to boundary protection measures of a network, such as whether an anti-virus function or a firewall function exists;

10) selecting a proper trusted support NF according to the network physical deployment position;

11) and selecting a proper trusted support NF according to the roaming agreement and the charging agreement.

As in table 2, an example of the trusted attributes of the user identity and the network configuration policy in the trusted data NF is shown in table 2.

TABLE 2

The trusted attribute in table 2 is a trusted attribute representing a subscriber identity (e.g. a first subscriber identity), or may also be understood as a trusted attribute of a terminal device to which the subscriber identity applies. The trusted data NF may represent an NF that holds information such as subscription data for the subscriber identity. The credible data NF in table 2 may be understood as the third NF and/or the fourth NF to which the present application relates. The trusted control NF is understood to be the first NF, NRF, NSSF, etc. to which this application relates. The trusted NFs trusted according to the policy rules in table 2 may be denoted NFs that provide services for the terminal device, which may be understood as the second NF to which the present application relates.

For example, when the trusted attribute of the user identification is a VIP user, the policy rule may indicate that the NF serving the VIP user is a trusted NF, in which case the trusted NF may include a trusted control NF, such as an SMF and/or an AMF, and a trusted shelf NF, such as a UPF, etc. As in fig. 7a, the UE1 may interact with the application server via a trusted access network, a trusted transport network, a trusted support NF such as UPF1, a trusted control NF, trusted data NF, and a trusted support NF such as UPF 4. Optionally, the user identifier of the VIP user may also be pseudonymized, thereby protecting the user identifier. Further, the UE may interact with UPFs 1, 4 through user plane keys.

For example, when the trusted attribute of the user identifier is an industry data security attribute, the policy rule may process the user identifier for pseudonymization. As shown in fig. 7b, when accessing the network, the UE2 or UE3 may encrypt or pseudonymize the real UE id. Optionally, the policy rule may further include that the UE interacts with the UPF using the user plane key. If the UE does not support interaction with the UPF through the user plane key (i.e., the UE does not support terminal-to-core network protection), the UE may also interact with the trusted UPF. As shown in fig. 7b, when the UE2 or UE3 interacts with the application server, the UE2 or UE3 may pass through a trusted support node such as UPF4, thereby implementing network HOP by HOP (HOP by HOP) encryption or integrity protection (i.e., encryption of UE2 or UE3 to UPF4, and encryption of UPF4 to the application server), etc.

Table 3 shows the function of each trusted control node. For example, the trust level of the NF, the trust level of the set of NFs or the trust level of the slice, etc. may be saved in the trust control NF.

TABLE 3

As shown in table 4, table 4 shows different network topology configuration policies and requirements for different subscriber identities. It is understood that table 4 may also be understood as a supplementary description of table 3.

TABLE 4

As shown in fig. 7a and 7b, fig. 7a and 7b are schematic diagrams of network architectures of secure communications provided by an embodiment of the present application. For example, the trusted data NF included in the network architecture may be as UDM1 in fig. 7 a; the trusted control NF may be as NRF/DNS/default AMF/NSSF in FIG. 7 a; the trusted rack NF may be as in UPF1 and UPF4 in FIG. 7 a. The NFs (e.g., AMF, SMF, UPF, etc.) in the remaining 5 GCs may be weak, trusted, general purpose NFs (or may also be referred to as normal NFs). For example, AMF2, AMF3, SMF2, SMF3, UPF2, UPF3, etc. in fig. 7b may be a general NF. By deploying some trusted NFs and the rest general NFs, the method is simple to implement and can rapidly deploy the network architecture. The terminal device to which fig. 7a and 7b are applied may be any type of device, and the specific type of the terminal device is not limited in this embodiment of the application.

The weak trust NF cannot get the real user identity of the terminal device. For example, AMF2 and AMF3 may obtain pseudonymized user identities of UE2 and UE3 from trusted data NF of an operator, and perform service processing (which may also be understood as data and/or signaling processing, etc.) through the pseudonymized user identities. AMF2 and AMF3 do not need to perceive real user identities; further, AMF2 and AMF3 may generate a root key based on the pseudonymized user id and further generate a user plane key based on the root key, interacting with the trusted support node UPF4 via SMFs (e.g., SMF2, SMF 3). When the user plane data of the UE is sent to the trusted support UPF4 node through the weak trusted support node UPF2 or UPF3, the user plane data may be encrypted by the user plane key between the UE and the UPF4, so that the middle weak trusted support node UPF2 or UPF3 cannot know the real data of the UE.

The untrusted NF may be access equipment such as WiFi that is easy to monitor an air interface, or risky transmission NF such as a wide area network. The user data must be encrypted or integrity protected data streams through the end device to the trusted leg NF, or e2e application layer protection, while passing through these untrusted NFs. Thereby making the untrusted NF (e.g., UPF2 or UPF3) unable to know the true data of the UE.

The credible attribute of the UE1 meets the preset condition, and the credible attributes of the UE2 and the UE3 do not meet the preset condition. The subscription data of the UE1, UE2, and UE3 may be stored in the trusted data NF. The UE1, UE2, UE3 sign up for the operator AN1, and the operator AN1 stores the true subscriber identity and true subscription data, true keys, etc. in the trusted data NF (trusted UDM, trusted PCF, or trusted database therein, etc.).

In fig. 7a, the UE1 is a VIP user, and thus the NFs interacting with the UE1 may be highly trusted NFs such as trusted NFs. Illustratively, the UE1 may interact with the application server via a trusted access network, a trusted transport network, a trusted fifth generation mobile communications core network (5G core, 5 GC). In this case, optionally, the UE1 user identity may traverse different NFs in a pseudonymized manner. Optionally, the user identity of the UE1 may also traverse different NFs (or traverse in a trusted security domain) with the true user identity.

In fig. 7b, UE2 or UE3 (e.g., a general user) may interact with an application server via an untrusted or weakly trusted access network, an untrusted or weakly trusted transport network, a weakly trusted 5GC, and a trusted support node such as UPF 4. In this case, the user identity of UE2 or UE3 may be pseudonymized. Alternatively, the user data of the UE2 or UE3 may also be encrypted for transmission, and so on.

For example, as shown in fig. 7b, when the UE2 accesses the 5GC through a weakly trusted access network or an untrusted access network, the data stream of the UE2 may perform e2e application layer protection according to service needs, and may also perform data protection between the terminal and a trusted support NF (e.g., UPF 4). When the user IDs of the UE2 and the UE3 cross an untrusted area (i.e., untrusted domain) such as UPF2 or UPF3 to the UPF4, they will be protected by the pseudonymization scheme in this application; the data encryption and integrity protection of the user plane can also be performed by the user plane key between the terminal and the trusted mount NF (e.g. UPF4) in the present application. If the data protection of the application layer is carried out, the data cannot be monitored, and the content is required to be obligated for illegal use.

The specific description of the UE3 in fig. 7b may refer to the UE2 described above and will not be described in detail here.

It is understood that the network architectures shown in fig. 7a and 7b are merely examples and should not be construed as limiting the embodiments of the present application.

Due to the concern of the credibility of the 5GNF in some countries, a large number of 5 GNFs need to be added with credible supervision measures, and the network construction burden is increased. By implementing the secure communication method provided by the application, a small amount of trusted NF such as trusted data NF, trusted control NF and trusted support NF can be deployed, the trusted NF can obtain real data (such as real user identification or user data) and network topology, and other NF does not need to know the real data, so that the deployment is simple and high in efficiency, and the feasibility of network construction is improved.

The communication device provided in the embodiments of the present application will be described in detail below.

Fig. 8 is a schematic structural diagram of a communication apparatus according to an embodiment of the present application, where the communication apparatus may be configured to perform operations performed by a terminal device in the foregoing method embodiments. For example, the communication device may be configured to perform the method illustrated in fig. 3a and/or fig. 3 b.

As shown in fig. 8, the communication apparatus includes a transceiver unit 801 and a processing unit 802.

In some implementations, the transceiver 801 is configured to receive first indication information sent by a first NF; the first indication information is used for indicating the terminal equipment to generate second pseudonym information and/or a root key;

a processing unit 802, configured to generate second pseudonym information according to the first subscriber identity; generating a root key according to the second pseudonym information; generating an access layer key and/or a non-access layer key according to the root key; the access layer key is used for protecting data and/or signaling between the terminal equipment and the access equipment, and the non-access layer key is used for protecting data and/or signaling between the terminal equipment and the first NF.

In other implementations, the transceiver 801 is configured to receive second indication information sent by the first NF; the second indication information is used for indicating the terminal equipment to generate a user plane protection key;

a processing unit 802, configured to generate second pseudonym information according to the first subscriber identity; generating a root key according to the second pseudonym information; generating a user plane key according to the root key; the user plane key is used for protecting data between the terminal equipment and the user plane function.

In the embodiment of the present application, for specific descriptions of the first subscriber identity, the second pseudonym information, the root key, or the user plane key, etc., reference may be made to fig. 2 to fig. 7b, and details are not described here.

It is to be understood that when the communication apparatus is a terminal device or a component of a terminal device, which implements the above functions, the processing unit 802 may be one or more processors, the transceiving unit 801 may be a transceiver, or the transceiving unit 801 may also be a transmitting unit and a receiving unit, the transmitting unit may be a transmitter, the receiving unit may be a receiver, and the transmitting unit and the receiving unit are integrated into one device, such as a transceiver.

When the communication device is a circuit system such as a chip, the processing unit 802 may be one or more processors, or the processing unit 802 may be a processing circuit or the like. The transceiving unit 801 may be an input output interface, also alternatively referred to as a communication interface, or an interface circuit, or an interface, etc. Or the transceiving unit 801 may also be a transmitting unit and a receiving unit, the transmitting unit may be an output interface, the receiving unit may be an input interface, and the transmitting unit and the receiving unit are integrated into one unit, such as an input-output interface.

The communication apparatus according to the embodiment of the present application may perform any function performed by the terminal device in the foregoing method embodiment, and specific steps and/or functions that may be performed may refer to the detailed description in the foregoing method embodiment, which is only briefly summarized here and will not be described again.

In some implementations, the communication device may be a terminal device in each of the method embodiments. In this case, the transceiver unit 801 may be implemented by a transceiver, and the processing unit 802 may be implemented by a processor. As shown in fig. 9, the communication device 90 includes one or more processors 920 and a transceiver 910. The processor and transceiver may be configured to perform functions or operations performed by the terminal device, etc.

For example, the transceiver may be configured to receive first indication information transmitted by a first NF. For example, the processor may be configured to generate second pseudonym information based on the first subscriber identity; generating a root key according to the second pseudonym information; an access stratum key and/or a non-access stratum key and the like are generated according to the root key.

For another example, the transceiver may be configured to receive second indication information transmitted by the first NF. For example, the processor may be operative to generate second pseudonym information based on the first subscriber identity; or, generating a root key according to the second pseudonym information; or, a user plane key is generated from the root key, etc.

For the specific implementation of the processor and the transceiver, reference may be made to the methods shown in fig. 2 to 7b, and details thereof are not described here.

In various implementations of the communications apparatus shown in fig. 9, the transceiver may include a receiver for performing a receiving function (or operation) and a transmitter for performing a transmitting function (or operation). And transceivers for communicating with other devices/apparatuses over a transmission medium. The processor 920 receives and transmits data and/or signaling via the transceiver 910, and is configured to implement the corresponding method described in fig. 3a and/or fig. 3b in the above method embodiments, and the like.

Optionally, the communication device 90 may also include one or more memories 930 for storing program instructions and/or data. A memory 930 is coupled to the processor 920. Illustratively, the memory 930 may be used to store root keys, access stratum keys or non-access stratum keys, and the like.

The coupling in the embodiments of the present application is an indirect coupling or a communication connection between devices, units or modules, and may be an electrical, mechanical or other form for information interaction between the devices, units or modules. The processor 920 may operate in conjunction with the memory 930. Processor 920 may execute program instructions stored in memory 930. Optionally, at least one of the one or more memories may be included in the processor.

The specific connection medium among the transceiver 910, the processor 920 and the memory 930 is not limited in the embodiments of the present application. In the embodiment of the present application, the memory 930, the processor 920, and the transceiver 910 are connected through a bus 940 in fig. 9, the bus is represented by a thick line in fig. 9, and the connection manner between other components is merely illustrative and is not limited thereto. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 9, but this does not indicate only one bus or one type of bus.

In the embodiments of the present application, the processor may be a general-purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a discrete gate or transistor logic device, a discrete hardware component, or the like, which may implement or execute the methods, steps, and logic blocks disclosed in the embodiments of the present application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules in a processor.

It is understood that, when the communication apparatus shown in fig. 9 is a terminal device, the terminal device may further have more components than those shown in fig. 9, for example, the terminal device shown in fig. 9 may further include an antenna, and the like, which is not limited in this embodiment of the application.

It will be appreciated that the methods performed by the processor and transceiver shown above are merely examples, and reference may be made to the methods described above for the steps specifically performed by the processor and transceiver.

It is to be understood that the core devices shown below are applicable to the above description of the connection relationship among the processor, the transceiver, and the memory, the description of the processor, and the like. For example, the core device may be any one of a third NF, a fourth NF, NRF, NSSF, DNS, or the like.

In other implementations, the communication device may be a circuit system in a terminal device. In this case, the processing unit 802 may be implemented by a processing circuit, and the transceiver unit 801 may be implemented by an interface circuit. As shown in fig. 10, the communication device may include a processing circuit 1002 and an interface circuit 1001. The processing circuit 1002 may be a chip, a logic circuit, an integrated circuit, a processing circuit, a system on chip (SoC) chip, or the like, and the interface circuit 1001 may be a communication interface, an input/output interface, or the like.

For example, the interface circuit may be configured to obtain the first indication information and/or the second indication information. For example, the processing circuitry may be configured to generate second pseudonym information based on the first subscriber identity; generating a root key according to the second pseudonym information; an access stratum key and/or a non-access stratum key and the like are generated according to the root key. For another example, the processing circuitry may be further configured to generate second pseudonym information based on the first subscriber identity; generating a root key according to the second pseudonym information; a user plane key is generated from the root key, etc.

For the specific implementation of the processing circuit and the interface circuit, reference may be made to the methods shown in fig. 2 to 7b, which are not described in detail here.

In the embodiments of the present application, the processing circuit may be a general-purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a discrete gate or transistor logic device, a discrete hardware component, or the like, and may implement or execute the methods, steps, and logic blocks disclosed in the embodiments of the present application. It is understood that for the description of the processing circuit, the circuitry shown below applies, for example, to circuitry that is any one of the third NF, fourth NF, NRF, NSSF, or DNS.

It will be appreciated that the methods performed by the interface circuit and the processing circuit shown above are merely examples, and reference may be made to the methods described above for the steps specifically performed by the interface circuit and the processing circuit.

Referring to fig. 8 again, fig. 8 is a schematic structural diagram of a communication apparatus provided in an embodiment of the present application, where the communication apparatus may be configured to perform the operations performed by the first NF in the above method embodiments. For example, the communication device may be configured to perform the methods performed by the first NF of fig. 2-6 d. Also for example, the communication device may be used to perform the method performed by the trusted control NF of fig. 7a, etc. As shown in fig. 8, the communication apparatus includes a transceiver unit 801 and a processing unit 802.

In some implementation manners, the transceiver 801 is configured to send a first request message to the third NF, where the first request message carries first pseudonym information of a first subscriber identity of the terminal device;

the transceiving unit 801 is further configured to receive a first response message from the third NF, where the first response message carries the second pseudonym information of the first subscriber identity.

In a possible implementation manner, the first response message further carries first indication information and/or second indication information, where the first indication information is used to indicate generation of the second pseudonym information and/or the root key, and the second indication information is used to indicate generation of the user plane key.

In a possible implementation manner, the processing unit 802 is further configured to generate a root key according to the second pseudonym information if the first response message carries the first indication information;

the transceiving unit 801 is further configured to send the first indication information to the terminal device.

In a possible implementation manner, the processing unit 802 is further configured to generate a user plane key according to the second pseudonym information if the first response message carries the second indication information;

the transceiving unit 801 is further configured to send second indication information to the terminal device.

In a possible implementation, the transceiving unit 801 is further configured to send the user plane key to the user plane function.

In other implementations, the transceiving unit 801 is configured to send a third request message to the NRF, where the third request message carries the trusted level; receiving a third response message from the NRF, wherein the third response message carries identification information of a second NF; the communication device interacts data and/or signaling with the second NF through the transceiving unit 801.

In a possible implementation manner, the processing unit 802 is configured to obtain a trusted attribute of the first user identifier; and determining the credibility level according to the credibility attribute of the first user identifier.

In a possible implementation manner, the transceiving unit 801 is further configured to send a fourth request message to the NSSF, where the fourth request message carries identification information of the first slice; and receiving a fourth response message from the NSSF, the fourth response message carrying the trust level of the first slice; or, the fourth response message carries the trust level of the second NF set.

In a possible implementation manner, when the fourth response message carries the trust level of the first slice, the third request message carries the trust level of the first slice and the identification information of the first slice; or, when the fourth response message carries the trusted level of the second NF set, the third request message carries the trusted level of the second NF set and the identification information of the second NF set.

In a possible implementation manner, the transceiving unit 801 is further configured to send a registration request message to the NRF, where the registration request message carries the trust level of the first NF.

In still other implementation manners, the transceiving unit 801 is further configured to send a fifth request message to the DNS, where the fifth request message carries domain name information and a trusted level; and the transceiving unit 801 may be further configured to receive identification information of the second NF from the DNS. The identification information of the second NF may be carried in a fifth response message, etc.

It is to be understood that when the communication device is a first NF or a component of the first NF (such as a core device or a network element) implementing the above functions, the processing unit 802 may be one or more processors, the transceiver unit 801 may be a transceiver, or the transceiver unit 801 may also be a transmitting unit and a receiving unit, the transmitting unit may be a transmitter, the receiving unit may be a receiver, and the transmitting unit and the receiving unit are integrated into one device, such as a transceiver.

When the communication device is a circuit system such as a chip, the processing unit 802 may be one or more processors, or the processing unit 802 may be a processing circuit or the like. The transceiving unit 801 may be an input output interface, also alternatively referred to as a communication interface, or an interface circuit, or an interface, etc. Or the transceiving unit 801 may also be a transmitting unit and a receiving unit, the transmitting unit may be an output interface, the receiving unit may be an input interface, and the transmitting unit and the receiving unit are integrated into one unit, such as an input-output interface. It is understood that, when the communication device is any one of the third NF, the fourth NF, the NRF, the NSSF, and the DNS, the following communication devices are applied to the description.

The communication device according to the embodiment of the present application may perform any function performed by the first NF in the above method embodiment, and specific steps and/or functions that may be performed may refer to the detailed description in the above method embodiment, which is only briefly summarized here and will not be described again.

In some implementations, the communication apparatus may be the first NF in each of the above method embodiments, and the first NF may be a core device. In this case, the transceiver unit 801 may be implemented by a transceiver, and the processing unit 802 may be implemented by a processor. Referring again to fig. 9, the communications device 90 includes one or more processors 920 and a transceiver 910, as shown in fig. 9. The processor and transceiver may be configured to perform the functions or operations performed by the first NF, etc.

Illustratively, for example, the transceiver may be operative to send a first request message to a third NF and to receive a first response message from the third NF. For example, the processor may be configured to generate a root key according to the second pseudonym information if the first response message carries the first indication information; or, the processor may be configured to generate the user plane key according to the second pseudonym information if the first response message carries the second indication information. Also for example, the transceiver may be further configured to transmit the first indication information and/or the second indication information to the terminal device. Also for example, the transceiver may be used to send a user plane key to a user plane function.

Illustratively, the transceiver may be configured to send a third request message to the NRF and receive a third response message from the NRF, for example. For example, the processor may be operative to obtain a trusted attribute of the first user identification; and determining the credibility level according to the credibility attribute of the first user identifier. For another example, the transceiver may be further configured to send a fourth request message to the NSSF and receive a fourth response message sent by the NSSF. As another example, the transceiver may also be used to send a registration request message to the NRF.

Illustratively, the transceiver may also be configured to send a fifth request message to the DNS, receive identification information of a second NF from the DNS, and the like, for example.

It is understood that for a detailed description of the first request message, the first response message, the first indication information, the second indication information, the third request message, etc., reference may be made to fig. 2 to 7 b. Further, for the specific implementation of the processor and the transceiver, reference may be made to the methods shown in fig. 2 to 7b, and details thereof are not described here.

It is understood that more description of the communication apparatus as the first NF can refer to the description of the foregoing embodiments, for example, refer to the description of fig. 9 when the communication apparatus is a terminal device, and will not be described in detail here. It can be understood that, when the communication apparatus shown in fig. 9 is a core device, the core device may further have more components than those shown in fig. 9, for example, the core device shown in fig. 9 may further include an antenna, and the like, which is not limited in this embodiment of the application.

It will be appreciated that the methods performed by the processor and transceiver shown above are merely examples, and reference may be made to the methods described above for the steps specifically performed by the processor and transceiver.

In other implementations, the communication device may be circuitry in the first NF. In this case, the processing unit 802 may be implemented by a processing circuit, and the transceiver unit 801 may be implemented by an interface circuit. As shown in fig. 10, the communication device may include a processing circuit 1002 and an interface circuit 1001. The processing circuit 1002 may be a chip, a logic circuit, an integrated circuit, a processing circuit, a system on chip (SoC) chip, or the like, and the interface circuit 1001 may be a communication interface, an input/output interface, or the like.

Illustratively, the interface circuit may be configured to obtain the first response message, the third response message, or the fourth response message, for example. Alternatively, the interface circuit may be configured to acquire identification information of the second NF. For example, the interface circuit may be configured to output a first request message, a first indication information, a second indication information, a user plane key, a third request message, a fourth request message, a fifth request message, a registration request message, or the like. For example, the processing circuitry may be configured to generate a root key or a user plane key, etc., based on the second pseudonym information. For another example, the processing circuitry may be further configured to obtain a trusted attribute of the first subscriber identity; and determining the credibility level according to the credibility attribute of the first user identifier.

For the specific implementation of the processing circuit and the interface circuit, reference may be made to the methods shown in fig. 2 to 7b, which are not described in detail here. It is understood that more description of the communication device as the circuitry of the first NF can be referred to the description of the communication device as the circuitry of the terminal equipment, and will not be described in detail here.

Referring to fig. 8 again, fig. 8 is a schematic structural diagram of a communication apparatus provided in an embodiment of the present application, where the communication apparatus may be configured to perform operations performed by the third NF in the above method embodiments. For example, the communication device may be configured to perform the method performed by the third NF of fig. 2-6 d. Also for example, the communication means may be adapted to perform the method performed by the trusted data NF of fig. 7a, etc. As shown in fig. 8, the communication apparatus includes a transceiver unit 801 and a processing unit 802.

Illustratively, for example, the transceiving unit 801 may be configured to receive a first request message from a first NF; a processing unit 802 operable to determine a trusted property of the first user identity; the transceiving unit 801 is further configured to send a first response message to the first NF.

For another example, the processing unit 802 may be further configured to obtain a first user identifier according to the first pseudonym information, and generate second pseudonym information according to the first user identifier.

For another example, the processing unit 802 may be further configured to control the memory to store the correspondence between the second pseudonym information and the first subscriber identity.

Also for example, the transceiving unit 801 may be further configured to send a second request message to the fourth NF, and receive second pseudonymous name information and the like from the fourth NF.

It is to be understood that when the communication apparatus is a third NF or a component of the third NF (such as a core device or a network element) implementing the above functions, the processing unit 802 may be one or more processors, the transceiver unit 801 may be a transceiver, or the transceiver unit 801 may also be a transmitting unit and a receiving unit, the transmitting unit may be a transmitter, the receiving unit may be a receiver, and the transmitting unit and the receiving unit are integrated into one device, such as a transceiver.

When the communication device is a circuit system such as a chip, the processing unit 802 may be one or more processors, or the processing unit 802 may be a processing circuit or the like. The transceiving unit 801 may be an input output interface, also alternatively referred to as a communication interface, or an interface circuit, or an interface, etc. Or the transceiving unit 801 may also be a transmitting unit and a receiving unit, the transmitting unit may be an output interface, the receiving unit may be an input interface, and the transmitting unit and the receiving unit are integrated into one unit, such as an input-output interface.

In some implementations, the communication apparatus may be a third NF in the above method embodiments, and the third NF may be a core device. In this case, the transceiver unit 801 may be implemented by a transceiver, and the processing unit 802 may be implemented by a processor. Referring again to fig. 9, the communications device 90 includes one or more processors 920 and a transceiver 910, as shown in fig. 9. The processor and transceiver may be configured to perform functions or operations, etc., performed by the third NF described above.

Illustratively, the apparatus may include a transceiver operable to receive a first request message from a first NF; a processor operable to determine a trusted attribute of the first user identification; a transceiver further configured to send a first response message to the first NF. For another example, the processor may be further configured to obtain a first user identifier according to the first pseudonym information, and generate second pseudonym information according to the first user identifier. For another example, the processor may be further configured to control the memory to store a correspondence between the second pseudonym information and the first subscriber identity. Alternatively, the memory may directly store the correspondence between the second pseudonym information and the first user identifier. For another example, the transceiver may be further configured to send a second request message to the fourth NF, and receive second pseudonymous information from the fourth NF, and the like.

In other implementations, the communication device may be circuitry (or a chip, an integrated circuit, etc.) in the third NF. In this case, the processing unit 802 may be implemented by a processing circuit, and the transceiver unit 801 may be implemented by an interface circuit. As shown in fig. 10, the communication device may include a processing circuit 1002 and an interface circuit 1001. The processing circuit 1002 may be a chip, a logic circuit, an integrated circuit, a processing circuit, a system on chip (SoC) chip, or the like, and the interface circuit 1001 may be a communication interface, an input/output interface, or the like.

Illustratively, for example, the interface circuitry may be configured to obtain a first request message; processing circuitry operable to determine a trusted attribute of the first subscriber identity; the interface circuit is further used for outputting the first response message. For another example, the processing circuit may be further configured to obtain a first user identifier according to the first pseudonym information, and generate second pseudonym information according to the first user identifier. For another example, the processing circuitry may be further operative to control the memory to store a correspondence of the second pseudonym information and the first subscriber identity. Also for example, the interface circuit may be further configured to output a second request message, and to obtain second pseudonym information, and the like.

The communication device according to the embodiment of the present application may perform any function performed by the third NF in the above method embodiment, and specific steps and/or functions that may be performed may refer to the detailed description in the above method embodiment, which is only briefly summarized here and will not be described again.

Referring to fig. 8 again, fig. 8 is a schematic structural diagram of a communication apparatus provided in an embodiment of the present application, where the communication apparatus may be configured to perform the operations performed by the fourth NF in the foregoing method embodiments. For example, the communication device may be configured to perform the method performed by the fourth NF of fig. 2-6 d. Also for example, the communication means may be adapted to perform the method performed by the trusted data NF of fig. 7a, etc. As shown in fig. 8, the communication apparatus includes a transceiver unit 801 and a processing unit 802.

Exemplarily, the transceiver 801 is configured to receive a second request message from the third NF, where the second request message carries first pseudonym information of the first subscriber identity of the terminal device;

a processing unit 802, configured to, in response to the second request message, obtain a first user identifier according to the first pseudonym information, and generate second pseudonym information according to the first user identifier;

the transceiving unit 801 may further be configured to send second pseudonym information to the third NF.

In a possible implementation manner, the processing unit 802 may further be configured to store a correspondence between the second pseudonym information and the first subscriber identity.

In some implementations, the communication device may be a fourth NF (e.g., a core device) in the above method embodiments. In this case, the transceiver unit 801 may be implemented by a transceiver, and the processing unit 802 may be implemented by a processor. As shown in fig. 9, the communication device 90 includes one or more processors 920 and a transceiver 910. The processor and transceiver may be configured to perform functions or operations, etc., performed by the fourth NF, as described above.

Illustratively, for example, the transceiver is configured to receive a second request message from the third NF, where the second request message carries first pseudonym information of the first subscriber identity of the terminal device; the processor is used for responding to the second request message, obtaining a first user identifier according to the first pseudonym information and generating second pseudonym information according to the first user identifier; the transceiver may be further operable to transmit the second pseudonym information to the third NF. For another example, the processor may be further configured to control the memory to store a correspondence between the second pseudonym information and the first subscriber identity.

It is understood that for the above detailed description of the respective messages and the like, and the specific implementation of the processor and the transceiver, reference may be made to fig. 2 to 7b, which are not described in detail herein.

In other implementations, the communication device may be circuitry in a fourth NF. In this case, the processing unit 802 may be implemented by a processing circuit, and the transceiver unit 801 may be implemented by an interface circuit. As shown in fig. 10, the communication device may include a processing circuit 1002 and an interface circuit 1001.

For example, the interface circuit may be configured to obtain a second request message, where the second request message carries first pseudonym information of a first subscriber identity of the terminal device; the processing circuitry may be configured to, in response to the second request message, obtain a first subscriber identity based on the first pseudonym information, and generate second pseudonym information based on the first subscriber identity; the interface circuit may be further operable to output the second pseudonym information.

For another example, the processing circuitry may be further operative to control the memory to store a correspondence of the second pseudonym information and the first subscriber identity. Alternatively, the memory may directly store the correspondence between the second pseudonym information and the first subscriber identity, and the like.

For the specific implementation of the processing circuit and the interface circuit, and for the description of the respective messages and the like shown above, reference may be made to the methods shown in fig. 2 to 7b, which are not described in detail here.

Referring again to fig. 8, the communication device may be configured to perform the operations performed by the NRF in the above-described method embodiments. For example, the communication device may be used to perform the methods performed by the NRF of figures 2-6 d. Also for example, the communication device may be used to perform the method performed by the trusted control NF of fig. 7a, etc. As shown in fig. 8, the communication apparatus includes a transceiver unit 801 and a processing unit 802.

Exemplarily, the transceiving unit 801 may be configured to receive a third request message from the first NF; a processing unit 802 operable to determine a second NF from the trust level; the transceiving unit 801 may further be configured to send a third response message to the first NF.

In a possible implementation manner, the transceiver 801 may be further configured to receive a registration request message sent by the second NF; the processing unit 802 may further be configured to store a correspondence between the identification information of the second NF and the trust level of the second NF.

In a possible implementation manner, the processing unit 802 is specifically configured to determine the second NF according to the stored correspondence between the identification information of the second NF and the trust level of the second NF, and the trust level carried in the third request message.

In one possible implementation, the third request message carrying the trust level includes: the third request message carries the credibility level of the first slice, and the third request message also carries the identification information of the first slice; a processing unit 802, specifically configured to determine, according to the identification information of the first slice, a second NF set corresponding to the first slice; and determining a second NF from a second NF set according to the corresponding relation between the stored identification information of the NF and the credibility level of the first slice.

In one possible implementation, the third request message carrying the trust level includes: the third request message carries the credible level of the second NF set; the third request message also carries identification information of a second NF set; the processing unit 802 is specifically configured to determine a second NF from the second NF set according to the correspondence between the stored identification information of the NF and the trust level of the NF, and the trust level of the second NF set.

In a possible implementation manner, the transceiver 801 is further configured to receive a registration request message from the first NF, where the registration request message carries a trust level of the first NF; the processing unit 802 may further be configured to store a correspondence between the identification information of the first NF and the trust level of the first NF.

In some implementations, the communication apparatus may be an NRF in each of the above method embodiments, and the NRF may be a core device. In this case, the transceiver unit 801 may be implemented by a transceiver, and the processing unit 802 may be implemented by a processor. Referring again to fig. 9, the communications device 90 includes one or more processors 920 and a transceiver 910, as shown in fig. 9. The processor and transceiver may be configured to perform the functions or operations, etc., performed by the NRF described above.

Illustratively, the transceiver may be operable to receive a third request message from the first NF; a processor operable to determine a second NF based on the confidence level; the transceiver may be further operable to transmit a third response message to the first NF.

For another example, the transceiver may be further configured to receive a registration request message sent by the second NF; the processor may be further configured to store a correspondence between the identification information of the second NF and the trust level of the second NF.

For another example, the transceiver may be further configured to receive a registration request message from the first NF, the registration request message carrying a trust level of the first NF; the processor may be further configured to store a correspondence between the identification information of the first NF and the trust level of the first NF.

In other implementations, the communication device may be circuitry in the NRF. In this case, the processing unit 802 may be implemented by a processing circuit, and the transceiver unit 801 may be implemented by an interface circuit. As shown in fig. 10, the communication device may include a processing circuit 1002 and an interface circuit 1001. The processing circuit 1002 may be a chip, a logic circuit, an integrated circuit, a processing circuit, a system on chip (SoC) chip, or the like, and the interface circuit 1001 may be a communication interface, an input/output interface, or the like.

Illustratively, the interface circuitry may be configured to obtain the third request message, for example; the processing circuit may be operative to determine a second NF from the trust level; the interface circuit may be further operable to output a third response message.

Also for example, the interface circuitry may be used to obtain registration request messages and the like.

It is understood that, regarding the specific implementation of NRF or the circuitry in NRF, and the introduction of the above messages, etc., reference may be made to the foregoing embodiments, and detailed description thereof is omitted here.

Referring again to fig. 8, the communications apparatus may be configured to perform the operations performed by the NSSF in the above-described method embodiments. For example, the communication device may be used to perform the NSSF-performed methods of fig. 2-6 d. Also for example, the communication device may be used to perform the method performed by the trusted control NF of fig. 7a, etc. As shown in fig. 8, the communication apparatus includes a transceiver unit 801 and a processing unit 802. Wherein the content of the first and second substances,

a transceiving unit 801, configured to receive a fourth request message sent by the first NF, where the fourth request message carries identification information of the first slice; sending a fourth response message to the first NF, wherein the fourth response message carries the credibility level of the first slice; or, the fourth response message carries identification information of a second NF set and a trust level of the second NF set, where the second NF set is a NF set corresponding to the first slice.

In a possible implementation manner, the processing unit 802 may be configured to determine a trust level of the first slice according to first preconfigured information and identification information of the first slice, where the first preconfigured information includes a correspondence between the trust level of the first slice and the identification information of the first slice.

In a possible implementation manner, the processing unit 802 may be further configured to determine a trust level of the second NF set according to second preconfigured information and the identification information of the first slice, where the second preconfigured information includes a correspondence between the identification information of the second NF set and the trust level of the second NF set.

In some implementations, the communication device may be an NSSF in each of the above method embodiments, and the NSSF may be a core device. In this case, the transceiver unit 801 may be implemented by a transceiver, and the processing unit 802 may be implemented by a processor. Referring again to fig. 9, the communications device 90 includes one or more processors 920 and a transceiver 910, as shown in fig. 9. The processor and transceiver may be configured to perform the functions or operations performed by the NSSF, etc., described above.

Illustratively, for example, the transceiver may be configured to receive a fourth request message sent by the first NF, where the fourth request message carries identification information of the first slice; sending a fourth response message to the first NF, wherein the fourth response message carries the credibility level of the first slice; or, the fourth response message carries identification information of a second NF set and a trust level of the second NF set, where the second NF set is a NF set corresponding to the first slice.

For another example, the processor 802 may be configured to determine a confidence level of the first slice according to first preconfigured information and identification information of the first slice, where the first preconfigured information includes a correspondence between the confidence level of the first slice and the identification information of the first slice.

For another example, the processor 802 may be further configured to determine a trust level of the second NF set according to second preconfigured information and the identification information of the first slice, where the second preconfigured information includes a corresponding relationship between the identification information of the second NF set and the trust level of the second NF set.

In other implementations, the communication device may be circuitry in an NSSF. In this case, the processing unit 802 may be implemented by a processing circuit, and the transceiver unit 801 may be implemented by an interface circuit. As shown in fig. 10, the communication device may include a processing circuit 1002 and an interface circuit 1001. The processing circuit 1002 may be a chip, a logic circuit, an integrated circuit, a processing circuit, a system on chip (SoC) chip, or the like, and the interface circuit 1001 may be a communication interface, an input/output interface, or the like.

Illustratively, the interface circuit may be configured to obtain a fourth request message and output a fourth response message. The processing circuit may be operative to determine a trustworthiness level of the first slice or a trustworthiness level of the second set of NFs, etc.

It is understood that, regarding the implementation of the NSSF or the circuitry in the NSSF, and the introduction of the above messages, etc., reference may be made to the foregoing embodiments, and detailed description is omitted here.

Referring to fig. 8, the communication apparatus may also be configured to perform the operations performed by the DNS in the above-described method embodiment. For example, the transceiving unit 801 may be configured to receive a fifth request message from the first NF, where the fifth request message carries domain name information and a trusted level; the processing unit 802 may be configured to determine, in response to the fifth request message, a second NF according to the domain name information and the trust level; and the transceiving unit 801 may be further configured to transmit the identification information of the second NF to the first NF.

In some implementations, the processing unit 802 may be implemented with a processor and the transceiving unit 801 may be implemented with a transceiver. As shown in fig. 9, the processor and transceiver may be configured to perform the functions or operations performed by the DNS described above, and the like. Illustratively, the transceiver may be configured to receive a fifth request message; the processor may be configured to determine a second NF based on the domain name information and the confidence level; and the transceiver may be further operable to transmit the identification information of the second NF to the first NF.

In other implementations, the processing unit 802 may also be implemented by processing circuitry, and the transceiving unit 801 may also be implemented by interface circuitry. As shown in fig. 10, the interface circuit may be configured to obtain a fifth request message, the processing circuit may be configured to determine a second NF according to the domain name information and the trust level, and the interface circuit may be further configured to output identification information of the second NF.

The communication device according to the embodiment of the present application may perform any function performed by the DNS in the foregoing method embodiment, and specific steps and/or functions that may be performed may refer to the detailed description in the foregoing method embodiment, which is only briefly summarized here and will not be described again.

Fig. 11 is a schematic diagram of a wireless communication system according to an embodiment of the present disclosure, and as shown in fig. 11, the wireless communication system may include a first NF, a third NF, an NRF, and an NSSF. Further, the wireless communication system may further include a fourth NF (not shown in fig. 11), a terminal device (not shown in fig. 11), a second NF, and the like. Further, the wireless communication system may further include a DNS (not shown in fig. 11) or the like. For the steps or functions performed by the respective NFs, reference may be made to the foregoing embodiments, which are not described in detail herein.

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implementing, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electric, mechanical or other form of connection.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the technical effects of the solutions provided by the embodiments of the present application.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a readable storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned readable storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

In addition, the present application also provides a computer program for implementing the operations and/or processes performed by the first NF in the secure communication method provided by the present application.

The present application also provides a computer program for implementing the operations and/or processes performed by the third NF in the secure communication method provided by the present application.

The present application also provides a computer program for implementing the operations and/or processes performed by the NRF in the secure communication method provided by the present application.

The present application also provides a computer program for implementing the operations and/or processes performed by the NSSF in the secure communication method provided by the present application.

The present application also provides a computer program for implementing the operations and/or processes performed by the terminal device in the secure communication method provided by the present application.

The present application also provides a computer program for implementing the operations and/or processes performed by the fourth NF in the secure communication method provided by the present application.

The present application also provides a computer program for implementing the operations and/or processes performed by the DNS in the secure communication method provided by the present application.

The present application also provides a computer-readable storage medium having stored therein computer code, which, when executed on a computer, causes the computer to perform the operations and/or processes performed by the first NF in the secure communication method provided herein.

The present application also provides a computer-readable storage medium having stored therein computer code, which, when run on a computer, causes the computer to perform the operations and/or processes performed by the third NF of the secure communication method provided herein.

The present application also provides a computer-readable storage medium having stored therein computer code, which, when run on a computer, causes the computer to perform the operations and/or processes performed by the NRF in the secure communication method provided herein.

The present application also provides a computer-readable storage medium having stored therein computer code, which, when run on a computer, causes the computer to perform the operations and/or processes performed by the NSSF in the secure communication method provided herein.

The present application also provides a computer-readable storage medium having stored therein computer code, which, when run on a computer, causes the computer to perform the operations and/or processes performed by the terminal device in the secure communication method provided by the present application.

The present application also provides a computer-readable storage medium having stored therein computer code, which, when executed on a computer, causes the computer to perform the operations and/or processes performed by the fourth NF of the secure communication method provided herein.

The present application also provides a computer-readable storage medium having stored therein computer code, which, when run on a computer, causes the computer to perform the operations and/or processes performed by the DNS in the secure communication method provided herein.

The present application also provides a computer program product comprising computer code or a computer program which, when run on a computer, causes the operations and/or processes performed by the first NF to be implemented in the secure communication method provided herein.

The present application also provides a computer program product comprising computer code or a computer program which, when run on a computer, causes the operations and/or processes performed by the third NF to be implemented in the secure communication method provided herein.

The present application also provides a computer program product comprising computer code or a computer program which, when run on a computer, causes the operations and/or processes performed by the NRF in the secure communication method provided by the present application to be carried out.

The present application also provides a computer program product comprising computer code or a computer program which, when run on a computer, causes the operations and/or processes performed by the NSSF in the secure communication method provided herein to be carried out.

The present application also provides a computer program product comprising computer code or a computer program which, when run on a computer, causes the operations and/or processes performed by the terminal device in the secure communication method provided by the present application to be implemented.

The present application also provides a computer program product comprising computer code or a computer program which, when run on a computer, causes the operations and/or processes performed by the fourth NF to be implemented in the secure communication method provided herein.

The present application also provides a computer program product comprising computer code or a computer program which, when run on a computer, causes the operations and/or processes performed by the DNS in the secure communication method provided by the present application to be implemented.

The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (45)

1. A method of secure communication, the method comprising:

a first Network Function (NF) sends a first request message to a third NF, wherein the first request message carries first pseudonym information of a first user identifier of a terminal device;

in response to the first request message, the third NF determining a trusted attribute of the first subscriber identity;

and if the credible attribute of the first user identifier meets a preset condition, the third NF sends a first response message to the first NF, wherein the first response message carries second pseudonym information of the first user identifier.

2. The method of claim 1, wherein the third NF sending a first response message to the first NF comprises:

and if the credibility level of the first NF is matched with a preset level, the third NF sends the first response message to the first NF.

3. The method of claim 1 or 2, wherein the third NF sending a first response message to the first NF comprises:

and if the credibility level of the security domain where the first NF is located is matched with a preset level, the third NF sends the first response message to the first NF.

4. The method of any of claims 1-3, wherein the third NF determining trusted attributes of the first subscriber identity comprises:

the third NF determines the credible attribute of the first user identification according to the signing level of the first user identification; alternatively, the first and second electrodes may be,

the third NF determines the credible attribute of the first user identifier according to the session attribute of the first user identifier; alternatively, the first and second electrodes may be,

and the third NF determines the credible attribute of the first user identification according to the industry requirement of the first user identification.

5. The method of any of claims 1-4, wherein prior to the third NF sending a first response message to the first NF, the method further comprises:

and the third NF obtains the first user identification according to the first pseudonym information and generates the second pseudonym information according to the first user identification.

6. The method of claim 5, further comprising:

and the third NF stores the corresponding relation between the second pseudonym information and the first user identification.

7. The method of any of claims 1-4, wherein prior to the third NF sending a first response message to the first NF, the method further comprises:

the third NF sends a second request message to a fourth NF, wherein the second request message carries the first pseudonym information;

responding to the second request message, the fourth NF obtaining the first user identification according to the first pseudonym information, and generating the second pseudonym information according to the first user identification;

and the fourth NF sends the second pseudonym information to the third NF, and the third NF receives the second pseudonym information.

8. The method according to any one of claims 1 to 7, wherein the first response message further carries first indication information and/or second indication information, the first indication information is used for indicating generation of the second pseudonym information and/or the root key, and the second indication information is used for indicating generation of the user plane key.

9. The method of claim 8, further comprising:

if the first response message comprises the first indication information, the first NF generates the root key according to the second pseudonym information;

and the first NF sends the first indication information to the terminal equipment.

10. The method of claim 8, further comprising:

if the first response message comprises the second indication information, the first NF generates the user plane key according to the second pseudonym information;

and the first NF sends the second indication information to the terminal equipment.

11. The method of claim 10, further comprising:

and the first NF sends the user plane key to a user plane function.

12. A method of secure communication, the method comprising:

the terminal equipment receives first indication information sent by a first Network Function (NF); the first indication information is used for indicating the terminal equipment to generate second pseudonym information and/or a root key;

the terminal equipment generates the second pseudonym information according to the first user identification;

the terminal equipment generates the root key according to the second pseudonym information;

the terminal equipment generates an access layer key and/or a non-access layer key according to the root key; the access stratum key is used for protecting data and/or signaling between the terminal equipment and the access equipment, and the non-access stratum key is used for protecting data and/or signaling between the terminal equipment and the first NF.

13. A method of secure communication, the method comprising:

the terminal equipment receives second indication information sent by the first NF, wherein the second indication information is used for indicating the terminal equipment to generate a user plane key;

the terminal equipment generates second pseudonym information according to the first user identification;

the terminal equipment generates a root key according to the second pseudonym information;

and the terminal equipment generates the user plane key according to the root key, and the user plane key is used for protecting data between the terminal equipment and the user plane function.

14. A method of secure communication, the method comprising:

the first network function NF sends a third request message to a network storage function NRF, wherein the third request message carries a credible level;

in response to the third request message, the NRF determining a second NF according to the trust level;

the NRF transmits identification information of the second NF to the first NF.

15. The method of claim 14, wherein prior to the NRF determining a second NF from the trust level, the method further comprises:

the NRF receives a registration request message sent by the second NF, wherein the registration request message carries the credibility level of the second NF;

and the NRF stores the corresponding relation between the identification information of the second NF and the credibility level of the second NF.

16. The method of claim 15, wherein the NRF determines a second NF based on the trust level, comprising:

and the NRF determines the second NF according to the corresponding relation between the stored identification information of the second NF and the credible level carried in the third request message.

17. Method according to any of the claims 14-16, wherein before the first network function NF sends the third request message to the network storage function NRF, the method further comprises:

the first NF acquires the credible attribute of the first user identification from a third NF;

and the first NF determines the credibility level according to the credibility attribute of the first user identification.

18. Method according to claim 14 or 15, wherein before the first network function NF sends a third request message to a network storage function NRF, the method further comprises:

the first NF sends a fourth request message to a network slice selection function NSSF, wherein the fourth request message carries the identification information of the first slice;

and the NSSF sends a fourth response message to the first NF, wherein the fourth response message carries the credibility level of the first slice.

19. The method of claim 18, wherein before the NSSF sends a fourth response message to the first NF, the method further comprises:

the NSSF determines a credibility level of the first slice according to first preconfigured information and identification information of the first slice, wherein the first preconfigured information comprises a corresponding relation between the credibility level of the first slice and the identification information of the first slice.

20. The method of claim 19, wherein the third request message carrying a trust level comprises: the third request message carries the trust level of the first slice; the third request message also carries identification information of the first slice;

the NRF determining a second NF according to the trust level, comprising:

the NRF determines a second NF set corresponding to the first slice according to the identification information of the first slice;

and the NRF determines the second NF from the second NF set according to the corresponding relation between the stored identification information of the NF and the credibility level of the first slice.

21. Method according to claim 14 or 15, wherein before the first network function NF sends a third request message to a network storage function NRF, the method further comprises:

the first NF sends a fourth request message to a network slice selection function NSSF, wherein the fourth request message carries the identification information of the first slice;

and the NSSF sends a fourth response message to the first NF, wherein the fourth response message carries identification information of a second NF set and the credibility level of the second NF set, and the second NF set is the NF set corresponding to the first slice.

22. The method of claim 21, wherein before the NSSF sends a fourth response message to the first NF, the method further comprises:

and the NSSF determines the credibility level of the second NF set according to second preconfigured information and the identification information of the first slice, wherein the second preconfigured information comprises the corresponding relation between the identification information of the second NF set and the credibility level of the second NF set.

23. The method of claim 22, wherein the third request message carrying a trust level comprises: the third request message carries the trust level of the second NF set; the third request message also carries identification information of the second NF set;

the NRF determining a second NF according to the trust level, comprising:

and the NRF determines the second NF from the second NF set according to the corresponding relation between the stored identification information of the NF and the credibility level of the second NF set.

24. A method of secure communication, the method comprising:

receiving a fifth request message from a first network function NF by a domain name system DNS, wherein the fifth request message carries domain name information and a credible level;

in response to the fifth request message, the DNS determining a second NF according to the domain name information and the trust level;

and the DNS sends the identification information of the second NF to the first NF.

25. A wireless communication system, the system comprising:

a first network function NF, configured to send a first request message to a third NF, where the first request message carries first pseudonym information of a first subscriber identity of a terminal device;

the third NF is used for responding to the first request message and determining the credible attribute of the first user identification; and if the credible attribute of the first user identifier meets a preset condition, sending a first response message to the first NF, wherein the first response message carries second pseudonym information of the first user identifier.

26. The system of claim 25,

the third NF is specifically configured to send the first response message to the first NF if the trusted level of the first NF matches a preset level.

27. The system of claim 25 or 26,

the third NF is specifically configured to send the first response message to the first NF if the trust level of the security domain where the first NF is located matches a preset level.

28. The system of any one of claims 25-27,

the third NF is specifically configured to determine a trusted attribute of the first subscriber identity according to the subscription level of the first subscriber identity; alternatively, the first and second electrodes may be,

the third NF is specifically configured to determine, according to the session attribute of the first user identifier, a trusted attribute of the first user identifier; alternatively, the first and second electrodes may be,

the third NF is specifically configured to determine a trusted attribute of the first user identifier according to an industry requirement of the first user identifier.

29. The system of any one of claims 25-28,

the third NF is further configured to obtain the first user identifier according to the first pseudonym information, and generate the second pseudonym information according to the first user identifier.

30. The system of claim 29,

and the third NF is also used for storing the corresponding relation between the second pseudonym information and the first user identifier.

31. The system of any one of claims 25-28,

the third NF is also used for sending a second request message to a fourth NF, wherein the second request message carries the first pseudonym information;

the system further comprises:

the fourth NF is configured to, in response to the second request message, obtain the first user identifier according to the first pseudonym information, and generate the second pseudonym information according to the first user identifier; and sending the second pseudonym information to the third NF;

the third NF is further configured to receive the second pseudonym information.

32. The system according to any one of claims 25 to 31, wherein the first response message further carries first indication information and/or second indication information, the first indication information is used to indicate generation of the second pseudonym information and/or the root key, and the second indication information is used to indicate generation of the user plane key.

33. The system of claim 32,

the first NF is further configured to generate the root key according to the second pseudonym information if the first response message includes the first indication information; and sending the first indication information to the terminal equipment.

34. The system of claim 32,

the first NF is further configured to generate the user plane key according to the second pseudonym information if the first response message includes the second indication information; and sending the second indication information to the terminal equipment.

35. The system of claim 34,

the first NF is also used for sending the user plane key to a user plane function.

36. A wireless communication system, the system comprising:

the first network function NF is used for sending a third request message to a network storage function NRF, wherein the third request message carries a credible level;

the NRF is used for responding to the third request message and determining a second NF according to the credibility level; and transmitting identification information of the second NF to the first NF.

37. The system of claim 36,

the NRF is further configured to receive a registration request message sent by the second NF, where the registration request message carries a trust level of the second NF; and storing the corresponding relation between the identification information of the second NF and the credibility level of the second NF.

38. The system of claim 37,

the NRF is specifically configured to determine the second NF according to the stored correspondence between the identification information of the second NF and the trust level of the second NF, and the trust level carried in the third request message.

39. The system of any one of claims 36-38,

the first NF is also used for acquiring the credible attribute of the first user identification from the third NF; and determining the credibility level according to the credibility attribute of the first user identifier.

40. The system of claim 36 or 37,

the first NF is further configured to send a fourth request message to a network slice selection function NSSF, where the fourth request message carries identification information of the first slice;

the system further comprises:

the NSSF is configured to send a fourth response message to the first NF, where the fourth response message carries the trust level of the first slice.

41. The system of claim 40,

the NSSF is further configured to determine a trust level of the first slice according to first preconfigured information and identification information of the first slice, where the first preconfigured information includes a correspondence between the trust level of the first slice and the identification information of the first slice.

42. The system of claim 40, wherein the third request message carrying a trust level comprises: the third request message carries the trust level of the first slice; the third request message also carries identification information of the first slice;

the NRF is specifically configured to determine, according to the identification information of the first slice, a second NF set corresponding to the first slice; and determining the second NF from the second NF set according to the corresponding relation between the stored identification information of the NF and the credibility level of the first slice.

43. The system of claim 36 or 37,

the first NF is further configured to send a fourth request message to a network slice selection function NSSF, where the fourth request message carries identification information of the first slice;

the system further comprises:

the NSSF is configured to send a fourth response message to the first NF, where the fourth response message carries identification information of a second NF set and a trust level of the second NF set, and the second NF set is a NF set corresponding to the first slice.

44. The system of claim 43,

the NSSF is further configured to determine a trust level of the second NF set according to second preconfigured information and the identification information of the first slice, where the second preconfigured information includes a correspondence between the identification information of the second NF set and the trust level of the second NF set.

45. The system of claim 44, wherein the third request message carrying a trust level comprises: the third request message carries the trust level of the second NF set; the third request message also carries identification information of the second NF set;

the NRF is specifically configured to determine the second NF from the second NF set according to the correspondence between the stored identification information of the NF and the trust level of the NF, and the trust level of the second NF set.

Images