CN113645621B

CN113645621B - Secure communication method and device

Info

Publication number: CN113645621B
Application number: CN202010389032.0A
Authority: CN
Inventors: 周艳; 何承东; 林青春
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2020-04-27
Filing date: 2020-05-09
Publication date: 2023-04-28
Anticipated expiration: 2040-05-09
Also published as: CN113645621A

Abstract

The embodiment of the application discloses a secure communication method and device, wherein the method comprises the following steps: the first NF sends a first request message to a third NF, wherein the first request message carries first pseudonym information of a first user identifier of the terminal equipment; in response to the first request message, the third NF determines a trusted attribute of the first user identification; if the trusted attribute of the first user identifier meets a preset condition, the third NF sends a first response message to the first NF, wherein the first response message carries second pseudonym information of the first user identifier. In the method, the first user identifier exists among different NFs in a pseudonymized mode, so that the first user identifier is prevented from being tampered or intercepted by untrustworthy NFs, and the safety of the first user identifier is improved.

Description

Secure communication method and device

Technical Field

The present disclosure relates to the field of communications technologies, and in particular, to a secure communication method and apparatus.

Background

In a wireless communication system, a terminal device may communicate with one or more core devices through an access device in a radio access network. For example, when the terminal device communicates with the application server, a message sent from the terminal device may reach the application server through a plurality of core devices, such as a first Network Function (NF), a second NF, or a third NF.

Meanwhile, operators and government agencies in various countries are paying attention to the security problem of the fifth generation communication system (5 th-generation, 5G). For example, there may be a risk of malicious disclosure of user privacy and data in a network deployment.

Therefore, how to improve the credible security degree of the network, reduce the risk, make weak links not used by anyone, and effectively cope with the security threat is a problem under study by those skilled in the art.

Disclosure of Invention

The application provides a secure communication method and device, which can effectively improve the security of information interaction between terminal equipment and NF.

In a first aspect, the present application provides a secure communication method, the method comprising: a first Network Function (NF) sends a first request message to a third NF, wherein the first request message carries first pseudonym information of a first user identifier of terminal equipment; in response to the first request message, the third NF determines a trusted attribute of the first user identification; if the trusted attribute of the first user identifier meets a preset condition, the third NF sends a first response message to the first NF, wherein the first response message carries second pseudonym information of the first user identifier.

The above-mentioned trusted attribute of the first user identifier meets a preset condition, which may also be understood that the trusted attribute of the terminal device meets the preset condition. In the embodiment of the application, if the trusted attribute of the first user identifier meets the preset condition, the first user identifier can exist between different NFs in a pseudonymized mode, so that the first user identifier is prevented from being tampered or intercepted by untrustworthy or unsafe NFs, the first user identifier is effectively protected, and the safety of the first user identifier is improved.

In one possible implementation, the sending, by the third NF, the first response message to the first NF includes: if the trusted level of the first NF matches the preset level, the third NF sends a first response message to the first NF.

In this embodiment, the preset level is used to measure the trust levels of different NFs. For example, the trusted level includes a strong trusted level, a weak trusted level, and an untrusted level, and the preset level may be a weak trusted level or an untrusted level, etc. As another example, the trusted level includes a high trusted level, a low trusted level, and an untrusted level, and the preset level may be a low trusted level or an untrusted level, etc. That is, when the trust level of the first NF is low, to protect the first user identifier, the third NF may send the pseudonym information (i.e., the second pseudonym information) of the first user identifier to the first NF.

In one possible implementation, the method further includes: if the trusted level of the first NF is not matched with the preset level, the third NF sends a response message carrying the first user identification to the first NF.

That is, when the trust level of the first NF is higher, the third NF may trust the first NF, so that a real user identifier, such as the first user identifier, may be sent to the first NF.

In one possible implementation, the sending, by the third NF, the first response message to the first NF includes: if the trusted level of the security domain where the first NF is located matches the preset level, the third NF sends a first response message to the first NF.

In the embodiment of the application, the trust level can be distinguished between different NFs, and meanwhile, the trust level of different security domains can be distinguished. Illustratively, the method provided herein may distinguish between a first security domain, a second security domain, and the like, where the first security domain has a different trust level than the second security domain. If the first NF is located in the first security domain and the trust level of the first security domain is weak, the third NF may send the second pseudonym information of the first user identification to the first NF. Or if the trust level of the first security domain is strong (e.g., does not match the preset level), the third NF may send the first NF a real user identifier, such as the first user identifier.

In one possible implementation, the determining, by the third NF, the trusted attribute of the first user identification includes: the third NF determines the credible attribute of the first user identifier according to the subscription level of the first user identifier; or the third NF determines the credible attribute of the first user identifier according to the conversation attribute of the first user identifier; or the third NF determines the credible attribute of the first user identifier according to the industry requirement of the first user identifier.

The subscription level, the session attribute, the industry requirement, etc. of the first user identifier shown above may also be understood as the subscription level, the session attribute, the industry requirement, etc. of the terminal device. The trusted attribute of the first user identity may be used to indicate whether the first user identity needs to be pseudonymized. Alternatively, the trusted attribute of the first user identification may be used to indicate whether the first user identification needs to be protected, etc.

In one possible implementation, before the third NF sends the first response message to the first NF, the method further includes: the third NF obtains the first user identification according to the first pseudonym information, and generates the second pseudonym information according to the first user identification.

In this embodiment of the present application, the third NF may obtain the first user identifier according to a correspondence between the first user identifier and the first pseudonym information. That is, the third NF stores the correspondence between the first user identifier and the first pseudonym information. The correspondence relationship may also be understood as a mapping relationship or the like, which is not limited in the embodiment of the present application.

In one possible implementation, the method further includes: and the third NF stores the corresponding relation between the second pseudonym information and the first user identifier.

In one possible implementation, before the third NF sends the first response message to the first NF, the method further includes: the third NF sends a second request message to the fourth NF, wherein the second request message carries the first pseudonym information; responding to the second request message, the fourth NF obtains a first user identification according to the first pseudonym information, and generates second pseudonym information according to the first user identification; the fourth NF sends the second pseudonym information to the third NF, which receives the second pseudonym information.

In this embodiment of the present application, the fourth NF may also store a correspondence between the first user identifier and the first pseudonym information. And after the third NF determines that the trusted attribute of the first user identifier meets the preset condition, the third NF requests the second pseudonym information from the fourth NF.

Optionally, the method shown above describes that the third NF determines the trusted attribute of the first user identifier. Optionally, the fourth NF may also store the subscription level of the first user identifier, etc. In other words, the first NF may further send a first request message to the fourth NF, where the fourth NF determines the trusted attribute of the first user identifier and sends a first response message to the first NF when the trusted attribute of the first user identifier meets a preset condition.

It can be appreciated that the embodiments of the present application are not limited as to how the third NF or the fourth NF generates the second pseudonym information.

In a second aspect, the present application provides a secure communication method, the method comprising: the first NF sends a first request message to a third NF, wherein the first request message carries first pseudonym information of a first user identifier of the terminal equipment; the first NF receives a first response message from the third NF, the first response message carrying second pseudonym information of the first user identification.

With reference to the first aspect or the second aspect, in one possible implementation manner, after the first NF receives the first response message, a root key (Kamf) may be generated according to second pseudonym information carried in the first response message.

With reference to the first aspect or the second aspect, in one possible implementation manner, the root key may also be carried in the first response message. In this case, the terminal device may generate the root key according to the first user identification. Ensuring no impact on the terminal device, whereby the third NF (or fourth NF) generates a key derivation algorithm 1 (e.g., KDF 1) of the second pseudonym information according to the first user identification, and generates a key derivation algorithm 2 (e.g., KDF 2) of the root key according to the second pseudonym information, needs to satisfy the following conditions: the root key generated by the third NF (or the fourth NF) is the same as the root key generated by the terminal device.

With reference to the first aspect or the second aspect, in one possible implementation manner, the first response message may further carry third indication information, where the third indication information is used to instruct the first NF to generate the root key according to the second pseudonym information. In this case, the root key generated by the terminal device according to the first user identifier also needs to be the same as the root key generated by the first NF according to the second pseudonym information.

It will be appreciated that in the method shown above, the terminal device may still generate the root key from the first user identity. The embodiment of the application also provides a method, such as the terminal equipment generates the root key according to the second pseudonym information. The following is shown:

with reference to the first aspect or the second aspect, in one possible implementation manner, the first response message further carries first indication information and/or second indication information, where the first indication information is used to indicate generation of the second pseudonym information and/or the root key, and the second indication information is used to indicate generation of the user plane key.

With reference to the first aspect or the second aspect, in a possible implementation manner, the method further includes: if the first response message carries the first indication information, the first NF generates a root key according to the second pseudonym information; and the first NF sends first indication information to the terminal equipment.

Wherein the first indication information may be used to instruct the terminal device to generate the second pseudonym information. Alternatively, the first indication information may be used to instruct the terminal device to generate the root key from the second pseudonym information.

With reference to the first aspect or the second aspect, in a possible implementation manner, the method further includes: if the first response message carries the second indication information, the first NF generates a user plane key according to the second pseudonym information; and the first NF sends second indication information to the terminal equipment.

The second indication information may be used to instruct the terminal device to generate the user plane key.

With reference to the first aspect or the second aspect, in a possible implementation manner, the method further includes: the first NF sends the user plane key to the user plane function.

After receiving the user plane key, the user plane function may interact with the terminal device according to the user plane key. The user plane key is obtained according to the second pseudonym information, so that not only the first user identifier is protected, but also data between the terminal equipment and the user plane function are protected according to the user plane key, and the safety of information interaction is improved.

In a third aspect, the present application provides a secure communication method, the method comprising: the third NF receives a first request message from the first NF, wherein the first request message carries first pseudonym information of a first user identifier of the terminal equipment; in response to the first request message, the third NF determines a trusted attribute of the first user identification; if the trusted attribute of the first user identifier meets the preset condition, the third NF sends a first response message to the first NF, wherein the first response message carries second pseudonym information of the first user identifier.

In one possible implementation, before the third NF sends the first response message to the first NF, the method further includes: the third NF sends a second request message to the fourth NF, wherein the second request message carries the first pseudonym information; the third NF receives the second pseudonym information from the fourth NF.

It will be appreciated that the method performed by the third NF shown above may also be performed by the fourth NF. For example, the fourth NF may receive the first pseudonym information of the first user identification of the terminal device; then determining the trusted attribute of the first user identification; if the trusted attribute of the first user identifier meets a preset condition, the fourth NF may send the second pseudonym information. Illustratively, the fourth NF may directly receive the first request message or the like from the first NF; alternatively, the fourth NF may receive a request message or the like from the third NF. For another example, the fourth NF may also generate the second pseudonym information, and store a correspondence between the second pseudonym information and the first user identifier, and so on.

In a fourth aspect, the present application provides a secure communication method, the method comprising: the fourth NF receives a second request message from the third NF, wherein the second request message carries first pseudonym information of a first user identifier of the terminal equipment; responding to the second request message, the fourth NF obtains a first user identification according to the first pseudonym information, and generates second pseudonym information according to the first user identification; the fourth NF sends the second pseudonym information to the third NF.

In one possible implementation manner, the fourth NF stores the correspondence between the second pseudonym information and the first user identifier.

In a fifth aspect, the present application provides a secure communication method, the method comprising: the terminal equipment receives first indication information sent by a first NF, wherein the first indication information is used for indicating the terminal equipment to generate second pseudonym information and/or a root key; the terminal equipment generates second pseudonym information according to the first user identification; the terminal equipment generates a root key according to the second pseudonym information; the terminal equipment generates an access layer key and/or a non-access layer key according to the root key, wherein the access layer key is used for protecting data and/or signaling between the terminal equipment and the access equipment, and the non-access layer key is used for protecting data and/or signaling between the terminal equipment and the first NF.

In a sixth aspect, the present application provides a secure communication method, the method comprising: the terminal equipment receives second indication information sent by the first NF, wherein the second indication information is used for indicating the terminal equipment to generate a user plane key; the terminal equipment generates second pseudonym information according to the first user identification; the terminal equipment generates a root key according to the second pseudonym information; the terminal equipment generates a user plane key according to the root key, and the user plane key is used for protecting data between the terminal equipment and the user plane function.

In a seventh aspect, the present application provides a secure communication method, the method comprising: the first Network Function (NF) sending a third request message to the network storage function (network function repository function, NRF), the third request message carrying a trust level; in response to the third request message, the NRF determines a second NF according to the trust level; the NRF transmits identification information of the second NF to the first NF.

The NRF may determine the second NF according to the correspondence between the stored identification information of the NF and the trusted level of the NF. For example, the NRF may store correspondence between identification information of one or more NFs and trust levels of the one or more NFs. In this embodiment of the present application, the NRF determines the second NF according to the trust level, so that the first NF may receive the identification information of the second NF. Therefore, the first NF can interact with the NF (namely the second NF) corresponding to the credible level, on one hand, the requirement of the user identification corresponding to the terminal equipment on the credible level can be met, and on the other hand, the first NF interacts data and/or signaling with the NF (such as the second NF) with high credible level, so that the interaction safety of the first NF and the second NF is improved.

In one possible implementation, before the NRF determines the second NF according to the trust level, the method further includes: the NRF receives a registration request message sent by a second NF, wherein the registration request message carries the trust level of the second NF; the NRF stores the corresponding relation between the identification information of the second NF and the credible level of the second NF.

In other words, the NRF may receive a registration request message sent by one or more NFs, where the registration request message carries a trust level of the NF, and the NRF may store correspondence between identification information of the one or more NFs and the trust level of the one or more NFs, where the one or more NFs include a second NF.

In one possible implementation, the NRF determining the second NF according to the trust level includes: the NRF determines the second NF according to the stored corresponding relation between the identification information of the second NF and the trust level carried in the third request message.

The NRF stores correspondence between identification information of one or more NFs and trust levels of the one or more NFs, so that the NRF can determine the second NF according to the stored correspondence and the trust levels carried in the third message. In other words, the NRF may obtain the second NF corresponding to the trust level (i.e., the trust level carried in the third message) from the saved correspondence.

Optionally, before the NRF determines the second NF according to the trust level, the method further includes: NRF pre-configures a trust level of one or more NFs; and storing the correspondence between the identification information of the one or more NFs and the trust level. That is, the NRF may further determine the second NF according to the preconfiguration information and the trust level (i.e. the trust level carried in the third message), where the preconfiguration information includes a correspondence between identification information of one or more NFs and the trust level of the one or more NFs.

In one possible implementation, before the first NF sends the third request message to the NRF, the method further includes: the first NF acquires the trusted attribute of the first user identifier from the third NF; and determining the credibility level according to the credibility attribute of the first user identifier.

That is, the trust level carried in the third request message may be determined according to the trust attribute of the first user identification. For example, the trusted attribute of the first user identifier meets a preset condition, the higher the trusted level. For a description of the trusted nature of the first user identity, reference may be made to the method of the first aspect, which is not described in detail herein.

In one possible implementation, before the first NF sends the third request message to the NRF, the method further includes: the first NF sends a fourth request message to the NSSF, the fourth request message carrying identification information of the first slice, and the NSSF sends a fourth response message to the first NF, the fourth response message carrying a trust level of the first slice.

The identification information of the first slice may be from the terminal device, that is, when the terminal device sends a related request message to the first NF, the related request message may carry the identification information of the first slice.

In one possible implementation, before the NSSF sends the fourth response message to the first NF, the method further includes: the NSSF determines the credibility level of the first slice according to the first pre-configuration information and the identification information of the first slice, wherein the first pre-configuration information comprises the corresponding relation between the credibility level of the first slice and the identification information of the first slice.

The first preconfiguration information may be configured by an operator, or configured by other NFs, etc., which is not limited in this application. The identification information of the slice and the trust level of the slice can be stored in the first pre-configuration information. For example, the first preconfiguration information may store a correspondence between identification information of one or more slices and a trust level.

In one possible implementation, the third request message carrying a trust level includes: the third request message carries the credibility level of the first slice, and the third request message also carries the identification information of the first slice; the NRF determining the second NF according to the trust level comprises: the NRF determines a second NF set corresponding to the first slice according to the identification information of the first slice; and determining a second NF from the second NF set according to the corresponding relation between the stored identification information of the NF and the trusted level of the first slice.

In other words, the NRF may determine, from the second NF set, a second NF corresponding to the trusted level of the first slice according to the correspondence between the stored identification information of the one or more NFs and the trusted level.

In one possible implementation, before the first NF sends the third request message to the NRF, the method further includes: the first NF sends a fourth request message to the NSSF, wherein the fourth request message carries the identification information of the first slice; the NSSF sends a fourth response message to the first NF, wherein the fourth response message carries identification information of a second NF set and the credibility level of the second NF set, and the second NF set is the NF set corresponding to the first slice.

In one possible implementation, before the NSSF sends the fourth response message to the first NF, the method further includes: the NSSF determines the credibility level of the second NF set according to the second pre-configuration information and the identification information of the first slice, wherein the second pre-configuration information comprises the corresponding relation between the identification information of the second NF set and the credibility level of the second NF set.

The second preconfiguration information may further include a correspondence between identification information of the first slice and identification information of the second NF set. In other words, the NSSF may determine the second NF set corresponding to the first slice from the above correspondence, and then determine the trust level corresponding to the second NF set from the above correspondence. The second preconfiguration information may store a correspondence between one or more slices and NF sets, and a correspondence between one or more NF sets and a trusted level.

In one possible implementation, the third request message carrying a trust level includes: the third request message carries the trust level of the second NF set; and the third request message also carries identification information of the second NF set; the NRF determining the second NF according to the trust level comprises: the NRF determines a second NF from the second NF set according to the corresponding relation between the stored identification information of the NF and the trust level of the second NF set.

The NRF determining the second NF according to the trust level includes: the NRF determines a second NF from the second NF set according to the stored correspondence between the identification information of the NF and the trusted level of the NF, the correspondence between the identification information of the NF and the identification information of the set where the NF is located, the trusted level of the second NF set and the identification information of the second NF set.

In other words, the NRF may obtain one or more NFs corresponding to the second NF set according to the correspondence between the stored identification information of the NFs and the identification information of the set in which the NFs are located, and the identification information of the second NF set. And obtaining the credibility level of the one or more NFs according to the stored correspondence between the identification information of the NFs and the credibility level of the NFs. And determining a second NF from the one or more NF according to the trust level of the second NF set and the trust level corresponding to the one or more NF.

The number of NFs included in the second NF set is not limited, for example, the second NF set may include one NF; alternatively, the second NF set may further include a plurality of NFs. The second NF includes a second NF in the second set of NFs. Optionally, the trust level of the second NF is equal to or higher than the trust level carried in the third request message.

In an eighth aspect, the present application provides a secure communication method, the method comprising: the first NF sends a third request message to the NRF, wherein the third request message carries a trusted level; the first NF receives a third response message from the NRF, wherein the third response message carries identification information of the second NF; the first NF performs data and/or signaling interactions with the second NF.

In one possible implementation, before the first NF sends the third request message to the NRF, the method further includes: the first NF sends a fourth request message to the NSSF, wherein the fourth request message carries the identification information of the first slice; the first NF receives a fourth response message from the NSSF, the fourth response message carrying the trust level of the first slice; alternatively, the fourth response message carries the trust level of the second NF set.

In one possible implementation manner, when the fourth response message carries the trusted level of the first slice, the third request message carries the trusted level of the first slice and the identification information of the first slice; or when the fourth response message carries the trust level of the second NF set, the third request message carries the trust level of the second NF set and the identification information of the second NF set.

In one possible implementation, the method further includes: the first NF sends a registration request message to the NRF, the registration request message carrying the trust level of the first NF.

Optionally, the registration request message may further carry identification information of the NF set in which the first NF is located.

In a ninth aspect, the present application provides a secure communication method, the method comprising: the NRF receives a third request message from the first NF, wherein the third request message carries a trust level; in response to the third request message, the NRF determines a second NF according to the trust level; the NRF sends a third response message to the first NF, wherein the third response message carries the identification information of the second NF.

Optionally, the registration request message may further carry identification information of the NF set in which the second NF is located.

In one possible implementation, the method further includes: the NRF receives a registration request message from a first NF, wherein the registration request message carries the trust level of the first NF; the NRF stores the corresponding relation between the identification information of the first NF and the credible level of the first NF.

In a tenth aspect, the present application provides a secure communication method, the method comprising: the NSSF receives a fourth request message sent by the first NF, wherein the fourth request message carries the identification information of the first slice; the NSSF sends a fourth response message to the first NF, wherein the fourth response message carries the credibility level of the first slice; or the fourth response message carries identification information of a second NF set and a trust level of the second NF set, wherein the second NF set is the NF set corresponding to the first slice.

It is to be appreciated that in the first to tenth aspects, the first NF may include AMF, SMF, or the like.

In an eleventh aspect, the present application provides a secure communication method, the method comprising: the domain name system (domain name system, DNS) receives a fifth request message from the first Network Function (NF), the fifth request message carrying domain name information and a trust level; responsive to the fifth request message, the DNS determines a second NF according to the domain name information and the trust level; the DNS sends the identification information of the second NF to the first NF.

In this embodiment of the present application, the DNS may determine the second NF according to a correspondence between the stored domain name information and the identification information, and a correspondence between the identification information and the trusted level (or a correspondence between the domain name information and the trusted level, etc.). For example, the DNS may be configured with a correspondence between domain name information (or identification information) of one or more NFs and a trust level of the one or more NFs. The DNS determines the second NF according to the trust level, so that the first NF receives identification information of the second NF, where the identification information of the second NF may include an IP address of the second NF, and so on. Therefore, the first NF can interact with the NF (namely the second NF) corresponding to the credible level, on one hand, the requirement of the user identification corresponding to the terminal equipment on the credible level can be met, and on the other hand, the first NF interacts data and/or signaling with the NF (such as the second NF) with high credible level, so that the interaction safety of the first NF and the second NF is improved.

In a twelfth aspect, the present application provides a communication device comprising, in one possible implementation, a respective unit with means for performing the method of the second aspect or any possible implementation of the second aspect. In another possible implementation manner, the communication apparatus includes a corresponding unit with means for performing the method in the third aspect or any possible implementation manner of the third aspect. In a further possible implementation manner, the communication apparatus includes a corresponding unit with a function of performing the method in the fourth aspect or any possible implementation manner of the fourth aspect. In a further possible implementation manner, the communication apparatus includes a corresponding unit with a function of performing the method in the eighth aspect or any possible implementation manner of the eighth aspect. In a further possible implementation manner, the communication apparatus includes a corresponding unit with a function of performing the method in the ninth aspect or any possible implementation manner of the ninth aspect. In a further possible implementation manner, the communication apparatus includes a corresponding unit with a function of performing the method in the tenth aspect or any possible implementation manner of the tenth aspect. In a further possible implementation manner, the communication device includes a corresponding unit with a function of executing the method according to the eleventh aspect.

For example, the communication device includes a transceiver unit and a processing unit.

In a thirteenth aspect, the present application provides a communication apparatus comprising a processor for executing a program stored in a memory; in one possible implementation manner, the program, when executed, causes the communication apparatus to perform the method as described in the second aspect or any possible implementation manner of the second aspect. In another possible implementation manner, the program, when executed, causes the communication apparatus to perform the method as described in the third aspect or any of the possible implementation manners of the third aspect. In a further possible implementation manner, the program, when executed, causes the communication apparatus to perform the method as shown in the fourth aspect or any possible implementation manner of the fourth aspect. In a further possible implementation manner, the program, when executed, causes the communication apparatus to perform a method as shown in the above eighth aspect or any possible implementation manner of the eighth aspect. In a further possible implementation manner, the program, when executed, causes the communication apparatus to perform a method as shown in the above-mentioned ninth aspect or any possible implementation manner of the ninth aspect. In a further possible implementation manner, the program, when executed, causes the communication apparatus to perform a method as shown in the tenth aspect or any of the possible implementation manners of the tenth aspect. In a further possible implementation manner, the program, when executed, causes the communication device to perform the method as described in the eleventh aspect above.

In one possible implementation, the memory is located outside the communication device.

In one possible implementation, the memory is located within the network device.

In one possible implementation, the network device further comprises a transceiver for receiving signals or transmitting signals. The specific implementation of the transceiver and the processor will not be described in detail here.

In a fourteenth aspect, the present application provides a communications device comprising processing circuitry and interface circuitry for receiving computer code and transmitting to a processor; the processor runs computer code to perform the methods illustrated above as being performed by NF. The specific implementation of the interface circuit and the processing circuit will not be described in detail here.

In a fifteenth aspect, the present application provides a communication device comprising a respective unit having means for performing the method of the fifth aspect or any possible implementation of the fifth aspect. Alternatively, the communication device comprises a respective unit with means for performing the method of the sixth aspect or any possible implementation of the sixth aspect.

In a sixteenth aspect, the present application provides a communication device comprising a processor for executing a program stored in a memory, which when executed causes the communication device to perform a method as shown in the fifth aspect or any possible implementation of the fifth aspect; or, when executed, cause the communication device to perform a method as shown in the sixth aspect or any possible implementation of the sixth aspect.

In a seventeenth aspect, the present application provides a communication device comprising a processor, a memory and a program stored on the memory and executable on the processor, which when executed causes the communication device to perform a method as shown in the fifth aspect or any possible implementation of the fifth aspect; or, when the program is run, cause the communication device to perform the method as shown in the sixth aspect or any possible implementation of the sixth aspect described above.

In an eighteenth aspect, the present application provides a communication device comprising a processor, a memory, and a transceiver for receiving signals or transmitting signals; a memory for storing computer code; a processor configured to execute computer code to cause a communication device to perform the method of the fifth aspect or any possible implementation manner of the fifth aspect; alternatively, a processor configured to execute computer code to cause a communication device to perform the method of the sixth aspect or any possible implementation manner of the sixth aspect.

In a nineteenth aspect, the present application provides a communication apparatus including a processing circuit and an interface circuit configured to acquire first instruction information for instructing the communication apparatus to generate second pseudonym information; the processing circuit is configured to generate second pseudonym information according to the first user identifier, generate a root key according to the second pseudonym information, and generate an access layer key and/or a non-access layer key according to the root key, where the access layer key is used for protecting data and/or signaling between the communication device and the access equipment, and the non-access layer key is used for protecting data and/or signaling between the communication device and the first NF.

Or the interface circuit is used for acquiring second indication information, and the second indication information is used for indicating the communication device to generate the user plane key; and the processing circuit is used for generating second pseudonym information according to the first user identification, generating a root key according to the second pseudonym information and generating a user plane key according to the root key, wherein the user plane key is used for protecting data between the communication device and a user plane function.

In a twentieth aspect, the present application provides a computer readable storage medium for storing a computer program, which, in one possible implementation, when executed on a computer, causes the method of the second aspect or any of the possible implementations of the second aspect to be performed. In another possible implementation manner, the computer program, when run on a computer, causes the method described in the third aspect or any of the possible implementation manners of the third aspect to be performed. In a further possible implementation manner, the computer program, when run on a computer, causes the method shown in the fourth aspect or any possible implementation manner of the fourth aspect to be performed. In a further possible implementation manner, the computer program, when run on a computer, causes the method shown in the fifth aspect or any possible implementation manner of the fifth aspect to be performed. In a further possible implementation manner, the computer program, when run on a computer, causes the method described in the sixth aspect or any possible implementation manner of the sixth aspect to be performed. In a further possible implementation manner, the computer program, when run on a computer, causes the method shown in the eighth aspect or any possible implementation manner of the eighth aspect to be performed. In a further possible implementation manner, the computer program, when run on a computer, causes the method shown in the ninth aspect or any possible implementation manner of the ninth aspect to be performed. In a further possible implementation manner, the computer program, when run on a computer, causes the method shown in the tenth aspect or any of the possible implementation manners of the tenth aspect to be performed.

In a twenty-first aspect, the present application provides a computer program product comprising a computer program or computer code which, when run on a computer, causes a method as shown in each of the above aspects or any of the possible implementations of each of the aspects to be performed.

In a twenty-second aspect, the present application provides a computer program which, when run on a computer, performs the method as shown in the above aspects or any possible implementation of the aspects.

In a twenty-third aspect, the present application provides a communications apparatus, in one possible implementation manner, for performing a method as shown in the second aspect or any possible implementation manner of the second aspect. In another possible implementation manner, the method according to the third aspect or any possible implementation manner of the third aspect is performed. In a further possible implementation manner, the method shown in the fourth aspect or any possible implementation manner of the fourth aspect is performed. In a further possible implementation manner, the method shown in the fourth aspect or any possible implementation manner of the fourth aspect is performed. In a further possible implementation manner, the method according to the fifth aspect or any possible implementation manner of the fifth aspect is performed. In a further possible implementation manner, the method according to the sixth aspect or any possible implementation manner of the sixth aspect is performed. In a further possible implementation manner, the method as shown in the seventh aspect or any possible implementation manner of the seventh aspect is performed. In a further possible implementation manner, the method according to the eighth aspect or any possible implementation manner of the eighth aspect is performed. In a further possible implementation manner, the method according to the ninth aspect or any possible implementation manner of the ninth aspect is performed. In a further possible implementation manner, the method according to the tenth aspect or any possible implementation manner of the tenth aspect is performed.

In a twenty-fourth aspect, the present application provides a wireless communication system comprising a first NF for performing the method shown in the second aspect or any of the possible implementations of the second aspect, and a third NF for performing the method shown in the third aspect or any of the possible implementations of the third aspect.

In a possible implementation manner, the wireless communication system further includes a fourth NF, where the fourth NF is configured to perform the method described in the fourth aspect or any possible implementation manner of the fourth aspect.

In one possible implementation manner, the first NF may also be used to perform the method shown in the eighth aspect or any possible implementation manner of the eighth aspect.

In a possible implementation manner, the wireless communication system further includes an NRF, where the NRF is configured to perform the method shown in the ninth aspect or any possible implementation manner of the ninth aspect.

In a possible implementation manner, the wireless communication system further includes an NSSF, where the NSSF is configured to perform the method in the tenth aspect or any possible implementation manner of the tenth aspect.

In a possible implementation manner, the wireless communication system further includes a terminal device, where the terminal device is configured to perform the method of the fifth aspect or any possible implementation manner of the fifth aspect; alternatively, the terminal device may be adapted to perform the method of the sixth aspect or any possible implementation manner of the sixth aspect.

Drawings

Fig. 1 is a schematic diagram of a network architecture according to an embodiment of the present application;

fig. 2 is a schematic flow chart of a secure communication method according to an embodiment of the present application;

fig. 3a is a schematic flow chart of a secure communication method according to an embodiment of the present application;

FIG. 3b is a flow chart of a method of secure communication according to an embodiment of the present application;

fig. 4 is a schematic view of a scenario of a secure communication method according to an embodiment of the present application;

fig. 5 is a schematic flow chart of a secure communication method according to an embodiment of the present application;

fig. 6a is a schematic flow chart of a secure communication method according to an embodiment of the present application;

FIG. 6b is a flow chart of a method of secure communication according to an embodiment of the present application;

FIG. 6c is a flow chart of a method of secure communication according to an embodiment of the present application;

FIG. 6d is a flow chart of a method of secure communication according to an embodiment of the present application;

FIG. 7a is a schematic diagram of a network architecture for secure communications according to an embodiment of the present application;

FIG. 7b is a schematic diagram of a network architecture for secure communications according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a communication device according to an embodiment of the present application;

Fig. 9 is a schematic structural diagram of a communication device according to an embodiment of the present application;

fig. 10 is a schematic structural diagram of a communication device according to an embodiment of the present application;

fig. 11 is a schematic diagram of a wireless communication system according to an embodiment of the present application.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the present application will be described in further detail with reference to the accompanying drawings.

The terms first and second and the like in the description, in the claims and in the drawings, are used for distinguishing between different objects and not for describing a particular sequential order. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus.

Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the present application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.

In the present application, "at least one (item)" means one or more, "a plurality" means two or more, and "at least two (items)" means two or three or more, and/or "for describing an association relationship of an association object, three kinds of relationships may exist, for example," a and/or B "may represent: only a, only B and both a and B are present, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of (a) or a similar expression thereof means any combination of these items. For example, at least one (one) of a, b or c may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c".

The following first describes a communication system applied to the present application:

the technical scheme provided by the application can be applied to various communication systems, such as: long term evolution (long term evolution, LTE) system, LTE frequency division duplex (frequency division duplex, FDD) system, LTE time division duplex (time division duplex, TDD), universal mobile telecommunications system (universal mobile telecommunication system, UMTS), worldwide interoperability for microwave access (worldwide interoperability for microwave access, wiMAX) telecommunications system, fifth generation (5th generation,5G) telecommunications system or New Radio (NR), as well as other future telecommunications systems such as 6G, etc.

By way of example, the application is applied to a 5G communication system, and the following exemplary description is given to a network function in the 5G system:

referring to fig. 1, the network architecture shown in fig. 1 is exemplified by a 5G network architecture based on a service architecture defined in the third generation partnership project (3rd generation partnership project,3GPP) standardization process. As shown in fig. 1, the network architecture may include at least three parts, namely, a terminal device part, an operator network part, and a Data Network (DN) part.

The terminal device part may include a terminal device 110, and the terminal device 110 may also be referred to as a User Equipment (UE). The terminal device 110 in the present application is a device having a radio transceiver function, and may communicate with one or more Core Network (CN) devices (or may also be referred to as core devices) via an access network device (or may also be referred to as an access device) in the radio access network (radioaccess network, RAN) 140. Terminal equipment 110 may also be called an access terminal, subscriber unit, subscriber station, mobile station, remote terminal, mobile device, user terminal, user agent, user device, or the like. In one possible implementation, terminal device 110 may be deployed on land, including indoors or outdoors, hand-held, or vehicle-mounted; can also be deployed on the water surface (such as ships, etc.); but may also be deployed in the air (e.g., on aircraft, balloon, satellite, etc.). In one possible implementation manner, the terminal device 110 may be a handheld device, an in-vehicle device, a wearable device or an internet of things, a terminal in the internet of vehicles, a 5G network, and a terminal in any form in a future network, which is not limited in this application.

Among them, the portion operated by the operator in various communication systems may be referred to as an operator network or PLMN network, etc. The operator network is mainly a public network of mobile network operators (mobile network operator, MNO) providing mobile broadband access services for subscribers. The operator network or PLMN network in the present application may be a network meeting the requirements of the 3GPP standard, and simply referred to as the 3GPP network. In general, the 3GPP network may be operated by an operator, including, but not limited to, a fifth generation mobile communication (5 th-generation, 5G) network (abbreviated as 5G network), a fourth generation mobile communication (4 th-generation, 4G) network (abbreviated as 4G network), and the like.

As shown in fig. 1, the operator network may include: network open function (network exposure function, NEF) 131, network storage function (network function repository function, NRF) 132, policy control function (policy control function, PCF) 133, unified data management (unified data management, UDM) 134, application function (application function, AF) 135, authentication server function (authentication server function, AUSF) 136, access and mobility management function (access and mobility management function, AMF) 137, session management function (session management function, SMF) 138, user plane function (user plane function, UPF) 139, and (radio) access network (R AN) 140, etc. Of the above-described operator networks, the part other than the (radio) access network 140 part may be referred to as a Core Network (CN) part or a core network part.

The data network DN120, which may also be referred to as a packet data network (packet data network, PDN), is typically a network outside the operator network, such as a third party network. Illustratively, the operator network may access a plurality of data networks DN120, and a plurality of services may be deployed on the data networks DN120, so as to provide services such as data and/or voice for the terminal device 110. The specific expression form of the third party network can be specifically determined according to the actual application scenario, and the application is not limited to this.

Illustratively, a brief description of network functions in an operator network follows.

(R) AN140 is a subnetwork of AN operator network, and is AN implementation system between service nodes and terminal devices 110 in the operator network. The terminal device 110 is to access the operator network, and is first connected to the network function in the operator network through the (R) AN140 and then through the (R) AN140. The access network device in the embodiment of the present application is a device that provides a wireless communication function for the terminal device 110, and may also be referred to as AN access device or AN (R) AN device, where the R AN device includes, but is not limited to: a next generation base station (next generation node basestation, gNB) in the 5G system, an evolved node B (eNB) in the LTE system, a radio network controller (radio network controller, RNC), a Node B (NB), a base station controller (base station controller, BSC), a base transceiver station (base transceiver station, BTS), a home base station (home evolved nodeB, or home node B, HNB), a baseband unit (BBU), a transmission reception point (transmitting and receiving point, TRP), a transmission point (transmitting point, TP), a small base station device (pico), a mobile switching center, or a network device in a future network, and the like. It will be appreciated that the specific type of access network device is not limited in this application. In systems employing different radio access technologies, the names of access network device-capable devices may vary. For convenience of description, the (R) AN140 will be described hereinafter by taking AN access device as AN example.

Alternatively, in some deployments of the access device, the access device may include a Centralized Unit (CU), a Distributed Unit (DU), and the like. In other deployments of the access device, the CUs may also be divided into a CU-Control Plane (CP) and a CU-User Plane (UP), etc. In still other deployments of the access device, the access device may also be an open radio access network (ora) architecture, and the specific deployment manner of the access device is not limited in this application.

The network opening function NEF (which may also be referred to as a NEF network function or a NEF network function entity) 131 is a control plane function provided by the operator. The NEF network function 131 opens an external interface to the third party open operator network in a secure manner. The NEF network function 131 may act as a relay for the SMF network function 138 to communicate with a network entity of a third party when the SMF network function 138 needs to communicate with a network function of the third party. The NEF network function 131 may be used as a relay to translate identification information of subscribers and to translate identification information of network functions of third parties. For example, when the NEF network function 131 sends the SUPI of the subscriber from the operator network to the third party, the SUPI may be translated into its corresponding external Identity (ID). Conversely, when the NEF network function 131 sends the external ID (network entity ID of the third party) to the operator network, it may be translated into SUPI.

The network storage function NRF132 may be used to maintain real-time information for all network function services in the network.

In the embodiment of the present application, the network storage function NRF132 may store identification information and trust levels of one or more NFs. For example, the NRF may store identification information of a second Network Function (NF) and a trust level of the second NF.

Policy control function PCF133 is a control plane function provided by the operator for providing the policies of the PDU session to session management function SMF 138. Policies may include charging related policies, qoS related policies, and authorization related policies, among others.

The unified data management UDM134 is a control plane function provided by an operator and is responsible for storing information such as a user permanent identifier (subscriber permanent identifier, SUPI), security context (security context), subscription data, etc. of an signing user in an operator network. The subscribers of the operator network may specifically be subscribers using services provided by the operator network, for example, subscribers using terminal equipment core cards of chinese telecommunications, subscribers using terminal equipment core cards of chinese mobile, or the like. For example, the SUPI of the subscriber may be the number of the core card of the terminal device, etc. The security context may be data (cookie) or token (token) stored on a local terminal device (e.g., a cell phone), etc. The subscription data of the subscriber can be the matched service of the core card of the terminal equipment, such as the flow package of the mobile phone core card, etc.

In this embodiment of the present application, the subscription data of the subscriber may further include a subscription level of the subscriber. For example, the subscriber is a normal or important user (very important person, VIP). In this embodiment of the present application, the unified data management UDM 134 may not only store the subscription data of the subscriber, but also determine the trusted attribute of the subscriber according to the subscription level of the subscriber.

An application function (application function, AF) 135 for performing application-influenced data routing, access network opening functions, policy control with policy framework interactions, etc.

The authentication server function AUSF136 is a control plane function provided by the operator and is typically used for primary authentication, i.e. authentication between the terminal device 110 (subscriber) and the operator network.

The access and mobility management function AMF137 is a control plane network function provided by the operator network, and is responsible for access control and mobility management of the terminal device 110 accessing the operator network, for example, including mobility state management, allocation of a temporary identity of a user, authentication and authorization of the user, and the like.

The session management function SMF138 is a control plane network function provided by the operator network and is responsible for managing protocol data unit (protocol data unit, PDU) sessions of the terminal device 110. A PDU session is a channel for transmitting PDUs, and the terminal device needs to transmit PDUs to each other through the PDU session and DN 120. PDU sessions may be responsible for setup, maintenance, deletion, etc. by the SMF 138. The SMF138 includes session management (e.g., session establishment, modification, and release, including maintenance of tunnels between the UPF139 and (R) AN140, etc.), selection and control of the UPF139, traffic and session continuity (service and session continuity, SSC) mode selection, roaming, etc., session related functions.

UPF139 is a gateway provided by the operator and is a gateway for the operator network to communicate with DN 120. The UPF139 includes functions related to the user plane such as packet routing and transmission, packet detection, traffic reporting, quality of service (quality of service, qoS) handling, lawful interception, uplink packet detection, downlink packet storage, etc.

The network functions in the operator network shown in fig. 1 may also include a network slice selection function (network slice selection function, NSSF) (not shown in fig. 1) for being responsible for determining network slice instances, selecting AMF network function 137, etc.

In some implementations, the NSSF may store identification information of a slice and a trust level of the slice. For example, the NSSF may store identification information for one or more slices and a trust level for the one or more slices, where one slice corresponds to one trust level. For example, the NSSF may store therein identification information of the first slice and a trust level of the first slice. In other implementations, the NSSF may further store identification information of a slice and an NF set corresponding to the slice. For example, the NSSF may store identification information of one or more slices and NF sets corresponding to the one or more slices, where one slice corresponds to one NF set; alternatively, multiple slices correspond to one NF set, etc. For example, the NSSF may store the identification information of the first slice and the identification information of the second NF set corresponding to the first slice. Illustratively, the identification information of the slice may include a network slice selection assistance information set (network slice selection assistance information, NSSAI) or single network slice selection assistance information (single network slice selection assistance information, S-NSSAI), and the embodiment of the present application is not limited to the specific manner of the identification information of the slice.

It can be understood that the identification information of the first slice and the identification information of the second NF set corresponding to the first slice shown above can also be understood as the correspondence between the first slice and the second NF set; or, the relationship between the identification information of the first slice and the second NF set corresponding to the first slice is not limited in the embodiment of the present application.

For ease of understanding, but not limited thereto, slicing is simply understood in this application to cut an operator's physical network into multiple virtual end-to-end networks, each of which is logically independent (e.g., including devices, access, transport, and core networks within the network), and failure of any one virtual network does not affect the other virtual network. To meet the diversity requirements and isolation between slices, relatively independent management and operation between services is required, and custom-made service functions and analysis capabilities are provided. Instances of different traffic types may be deployed on different network slices, as may different instances of the same traffic type. A slice may be made up of a set of network functions, subnetworks. For example, the subnetworks (R) AN 140, AMF 137, SMF138, UPF139 in fig. 1 may constitute one slice. Each network function in fig. 1 is only schematically drawn, and in an actual network deployment, there may be a plurality, tens or hundreds, etc. of each network function or sub-network. Many slices can be deployed in the network, and each slice can have different performances to meet the requirements of different applications and different vertical industries. It is to be appreciated that the slices shown herein may also be referred to as network slices or network slice instances, etc., the names of which are not limiting in this application.

The network functions in the operator network shown in fig. 1 may also comprise unified data stores (unified data repository, UDR), the functions of which may be referred to as UDM, which is not described in detail here.

The network functions in the operator network shown in fig. 1 may also include a domain name system (domain name system, DNS) (not shown in fig. 1) that may be used to configure (or define) internet protocol (internet protocol, IP) addressing between physical network elements, such as IP addressing between base stations and AMFs, etc.

Nnef, nausf, nnrf, npcf, nudm, naf, namf, nsmf, N1, N2, N3, N4, and N6 in fig. 1 are interface serial numbers. For example, the meaning of the above-mentioned interface serial number may be referred to the meaning defined in the 3GPP standard protocol, and the present application does not limit the meaning of the above-mentioned interface serial number. It should be noted that, in fig. 1, only the terminal device 110 is used to make an exemplary description for the UE, and the interface names between the network functions in fig. 1 are also merely an example, and in a specific implementation, the interface names of the system architecture may also be other names, which is not limited in this application.

The mobility management network function in the present application may be the AMF137 shown in fig. 1, or may be another network function with the above access and mobility management function AMF137 in a future communication system. Alternatively, the mobility management network function in the present application may also be a mobility management entity (mobility management entity, MME) in the LTE system, or the like.

For convenience of explanation, in the embodiment of the present application, the access and mobility management function AMF137 is simply referred to as an AMF, the unified data management UDM 134 is simply referred to as a UDM, and the terminal device 110 is referred to as a UE, that is, the AMFs described later in the embodiment of the present application may be replaced by mobility management network functions, the UDMs may be replaced by unified data management, and the UEs may be replaced by terminal devices. It will be appreciated that other network functions not shown are equally applicable to this alternative approach.

The network architecture (e.g., 5G network architecture) shown in fig. 1 employs a service-based architecture and a generic interface, and conventional network element functions are split into several self-contained, self-managed, reusable network function service modules based on network function virtualization (network function virtualization, NFV) technology. The network architecture diagram shown in fig. 1 may be understood as a service-based 5G network architecture diagram in a non-roaming scenario. The present application applies equally to roaming scenarios.

It is appreciated that in the secure communication method illustrated in the present application, the first NF may include an AMF (e.g., default AMF (default AMF)) or an SMF, or the like. The third NF includes UDM, UDR, PCF, or the like. The fourth NF may comprise UDR. The second NF may be any NF or network function. The user plane functions may include UPF. Illustratively, the steps or functions illustrated herein as performed by the first NF may be performed by an AMF or an SMF; the steps or functions performed by the third NF may be performed by the UDM; alternatively, it may be performed by UDR or the like. By way of example, but not limitation, the methods provided herein are not limited to the following examples, as in some embodiments, the first NF may include a defaultAMF and the second NF may include an AMF that the terminal device may interact with. In other embodiments, the first NF may comprise an SMF and the second NF may comprise a UPF. In still other embodiments, the first NF may comprise an AMF and the second NF may comprise an SMF.

It is to be appreciated that NF referred to herein may also be understood as a network element, node, network device, or the like.

The technical scheme provided by the application can effectively improve the credible safety degree of the 5G system. In some embodiments of the present application, the user identifier may be transmitted between NFs in a pseudonymous manner, so that the chance of the user identifier spreading widely between NFs is reduced, and the security of the user identifier is improved. In other embodiments of the present application, the NF with high trust level may transmit data and/or signaling, which avoids NF with low trust level from touching sensitive data, improves security of service interaction between NFs, improves security of network, and has higher deployment feasibility.

Referring to fig. 2, fig. 2 is a flow chart of a secure communication method according to an embodiment of the present application, where the method may be applied to the communication system shown in fig. 1, and as shown in fig. 2, the secure communication method includes:

201. the first NF sends a first request message to the third NF, the first request message carrying first pseudonym information of the first user identification of the terminal device. Correspondingly, the third NF receives the first request message.

In this embodiment of the present application, the first user identifier may include SUPI, and the first pseudonym information may be used to represent a pseudonym (anonymous) of the first user identifier; alternatively, the first pseudonym information may be used to represent identification information that is different and processed from the first user identification. In other words, the first pseudonym information may be obtained by pseudonymizing the first user identification. Optionally, the first pseudonym information may comprise a hidden subscriber subscription identifier (subscription concealed identifier, sui); alternatively, the first pseudonym information may include a pseudonym identifier generated from SUPI, such as SUPI. It can be understood that "kana information" shown in the embodiment of the present application may also be replaced by "replacement information", "user kana information", "anonymous information" or "kana", and the name of the kana information is not limited in the embodiment of the present application. It may be understood that the first user identifier shown in the embodiment of the present application includes SUPI only as an example, and in a specific implementation, the first user identifier may also be other identifiers of a terminal device, etc., which is not limited in this embodiment of the present application.

202. The third NF determines a trusted attribute of the first user identification.

In this embodiment of the present application, the trusted attribute of the first user identifier may be used to indicate whether the first user identifier needs to be subjected to pseudonymization, for example, whether the third NF needs to perform pseudonymization on the first user identifier; alternatively, the trusted attribute of the first user identification may be used to indicate whether protection of the first user identification is required. Since the terminal device may interact with the core device and/or the access device through the first user identifier, as an understanding manner, the third NF determines the trusted attribute of the first user identifier, which may also be understood as: the third NF determines a trusted attribute of the terminal device. The terminal equipment is equipment using the first user identifier. Other embodiments herein are equally applicable to this manner of understanding.

In one possible implementation, the third NF may determine the trusted attribute of the first subscriber identity according to the subscription level of the first subscriber identity.

In this embodiment of the present application, the subscription level of the first user identifier may be included in subscription data of the first user identifier. The subscription level may be used to distinguish between different kinds of users. For example, the subscription level of the first user identification may be VIP user or normal user. For another example, the subscription level of the first user identification may be a user with high privacy requirements or a user with low privacy requirements. It will be appreciated that the subscription levels shown above are merely examples, and that in practical applications, there may be more differentiation methods, etc. The embodiment of the application is not limited to a specific division manner of the subscription level.

In one possible implementation, the third NF may determine the trusted attribute of the first user identification from the session attribute of the first user identification.

In the embodiment of the application, the session attribute can be used for distinguishing different session attributes performed by the first user identifier. For example, the session attribute of the first user identification may be an audio-video attribute. As another example, the session attribute of the first user identification may be a time-frequency conference or a voice call, or the like. As another example, the session attribute of the first user identification may be a session with a high security requirement for data communication, or the like. The embodiment of the application does not limit the specific division manner of the session attribute.

In one possible implementation, the third NF determines the trusted attribute of the first user identification according to the industry requirement of the first user identification.

In the embodiment of the application, when the first user identifier is utilized to interact with data and/or signaling, the data and/or signaling can be determined whether to be protected according to different industries. In other words, the data and/or signaling may determine its security from industry to industry. For example, research and development industries or financial industries, etc. may be protected. And thus data and/or signaling related to the industry, may be protected. Optionally, the industry requirements may also be that data and/or signaling needs to be protected in the target area (or target security domain). For example, within a campus, the data and/or signaling may be protected; rather than on the campus, whether the data and/or signaling is protected may not be limited. The embodiments of the present application are not limited to the specific division of the industry requirements.

Optionally, the third NF may further determine the trusted attribute of the first user identifier according to the trusted attribute of the slice to which the first user identifier belongs. For example, the third NF may store the first user identifier, the slice identifier corresponding to the first user identifier, and the trust level corresponding to the slice identifier, so that the third NF may determine the trust attribute of the first user identifier according to the trust level corresponding to the slice identifier.

204. If the trusted attribute of the first user identifier meets a preset condition, the third NF sends a first response message to the first NF, wherein the first response message carries second pseudonym information of the first user identifier. Correspondingly, the first NF receives the first response message.

In the embodiment of the application, the preset conditions may include a user level condition, an identity privacy protection condition, an industry data security protection condition, and the like. The preset conditions may be used to distinguish between different levels of trusted attributes, so the specific distinguishing manner of the preset conditions in the embodiments of the present application is not limited. The preset condition may be, for example, dependent on the manner in which the trusted attribute is determined. For example, if the trusted attribute of the first user identifier is determined by the subscription level of the first user identifier, the preset condition may be that the subscription level is VIP user or a user with high privacy requirement, etc. For another example, if the trusted attribute of the first user identifier is determined by the session attribute of the first user identifier, the preset condition may be a session with a high security requirement for data communication, such as a video conference. For another example, if the trusted attribute of the first user identifier is determined by the industry requirement of the first user identifier, the preset condition may be a user with high industry data security. It can be appreciated that the embodiment of the present application is not limited to the specific content of the preset condition.

In the embodiment of the application, the second pseudonym information may be used to represent a pseudonym (anonymous) of the first user identifier; alternatively, the second pseudonym information may be used to represent identification information that is different and processed from the first user identification. If the trusted attribute of the first user identifier meets the preset condition, the first user identifier can be subjected to pseudonymization during interaction between different network elements or network functions, so that the safety of the first user identifier is ensured. In other words, if the trusted attribute of the first user identifier meets the preset condition, the first user identifier may interact between different network elements or network functions in the manner of the second pseudonym information.

In some embodiments, the first user identification comprises SUPI, and the second pseudonym information may comprise SUPI when the first pseudonym information comprises SUPI. In other embodiments, the first user identification includes SUPI, the first pseudonym information includes SUPI, and the second pseudonym information may include new SUPI. In further embodiments, the first user identification comprises SUPI, the first pseudonym information comprises SUPI, and the second pseudonym information may also comprise SUPI. The embodiment of the present application is not limited as to whether the SUPI x carried in the first response message is the same as the SUPI x carried in the first request message. Other embodiments of the present application are equally applicable to this description.

Optionally, if the trusted attribute of the first user identifier does not meet the preset condition, the third NF sends a first response message to the first NF, where the first response message carries the first user identifier. Correspondingly, the first NF receives the first response message. For example, if the trusted attribute of the first user identifier indicates that the first user identifier is a normal user, or if the trusted attribute of the first user identifier indicates that the session performed by the first user identifier has a low requirement, the first user identifier may not be subjected to pseudonymization when interacting between network elements or network functions. It can be understood that, in the embodiment of the present application, when the trusted attribute of the first user identifier does not meet the preset condition, whether the first user identifier performs the pseudonymization process is not limited.

In this embodiment, the preset level is used to measure the trust levels of different NFs, and the specific level of the preset level is not limited. For example, the trusted level includes a strong trusted level, a weak trusted level, and an untrusted level, and the preset level may be a weak trusted level or an untrusted level, etc. As another example, the trusted level includes a high trusted level, a low trusted level, and an untrusted level, and the preset level may be a low trusted level or an untrusted level, etc. That is, when the trust level of the first NF is low, to protect the first user identifier, the third NF may send the pseudonym information (i.e., the second pseudonym information) of the first user identifier to the first NF. It can be appreciated that the embodiment of the present application is not limited to a specific division manner of the trusted level, and the preset level may vary with the division manner of the trusted level, and so on.

Optionally, if the trusted level of the first NF does not match the preset level, the third NF sends a response message carrying the first user identifier to the first NF. That is, when the trust level of the first NF is higher, the third NF may trust the first NF, so that a real user identifier, such as the first user identifier, may be sent to the first NF.

When the trusted attribute of the first user identifier meets a preset condition and the trusted level of the first NF is matched with the preset level, the first NF is not completely trusted. Therefore, the third NF is used for protecting the first user identifier and improving the security of the user identifier, and can send the second pseudonym information of the first user identifier to the first NF with lower trust level. However, when the trusted attribute of the first user identifier meets the preset condition and the trusted level of the first NF does not match the preset level, it is indicated that the first NF is trusted, and thus, the third NF may send the first user identifier to the first NF.

In one possible implementation, the sending, by the third NF, the first response message to the first NF includes: if the trusted level of the security domain to which the first NF belongs matches the preset level, the third NF sends a first response message to the first NF.

In the embodiment of the application, the trust level can be distinguished between different NFs, and meanwhile, the trust level of different security domains can be distinguished. By way of example, a first security domain, a second security domain, etc., may be distinguished, the trust level of the first security domain being different from the trust level of the second security domain. If the first NF is located in the first security domain and the trust level of the first security domain is weak, it is indicated that the security domain in which the first NF is located is not completely trusted, and the third NF may send the second pseudonym information of the first user identifier to the first NF. Or if the trust level of the first area is stronger (if the trust level does not match the preset level), the security domain where the first NF is located is indicated to be trusted, so that the third NF can send the real user identifier, such as the first user identifier, to the first NF.

Optionally, a third security domain may be included in addition to the first and second security domains shown above, and so on. The first, second and third security domains have different trust levels. The embodiments of the present application are not limited to how the security domains are specifically partitioned. And how the trust level corresponding to each security domain is specifically divided is not limited.

In one possible implementation, before the third NF sends the first response message to the first NF, the method shown in fig. 2 may further include:

2031. The third NF may obtain a first user identification from the first pseudonym information and generate the second pseudonym information from the first user identification.

Alternatively, when the first pseudonym information is sui, the third NF may obtain sui according to the sui, and then generate new second pseudonym information, such as new sui, according to the sui. Optionally, when the first pseudonym information is SUPI, the third NF may obtain the SUPI according to a correspondence between SUPI and SUPI, and then generate new second pseudonym information, such as new SUPI, according to the SUPI. Optionally, when the first pseudonym information is SUPI, the first response message may further carry the SUPI, that is, the third NF may further use the existing SUPI. For example, the third NF may determine whether to continue using the existing SUPI or the new SUPI according to the local policy. The local policy, such as SUPI, may have a validity period, and during the validity period of the SUPI, the third NF may continue to use the SUPI; if not within the validity period of the SUPI, the third NF may use a new SUPI. It will be appreciated that embodiments of the present application are not limited to a specific manner of local policy. It will be appreciated that the following examples apply equally as regards the description of SUPI and new SUPI.

The SUPI is only one pseudonym form, and the pseudonym information of the first user identifier may be other forms, which is not limited in the embodiment of the present application. The third NF may generate the second pseudonym information according to the first user id, for example, such as supi=kdf (SUPI, random number); alternatively, supi=kdf (SUPI, random number, serving network ID). The random number may be a random number in an authentication vector. Optionally, the parameters for generating SUPI may further include a key Kausf in the authentication vector or a Kausf derived from the authentication vector, where Kausf is to be shared between the UE and the home network AUSF/UDM, etc.

In this embodiment of the present application, the third NF stores a correspondence between the first pseudonym information and the first user identifier, and the third NF may also store a correspondence between the second pseudonym information and the first user identifier. The third NF can obtain the first user identifier according to the corresponding relationship when the first NF or other NFs send the pseudonym information of the first user identifier to the third NF by storing the corresponding relationship.

It is to be understood that the "correspondence" shown in the present application may be understood as "mapping relationship", "correspondence list", or "mapping list", etc., which is not limited in this application.

2032. the third NF may send a second request message to the fourth NF, the second request message carrying the first pseudonym information. Correspondingly, the fourth NF receives the second request message.

2033. In response to the second request message, the fourth NF obtains the first user identification according to the first pseudonym information, and generates the second pseudonym information according to the first user identification.

In this embodiment of the present application, the fourth NF may store a correspondence between the first user identifier and the pseudonym information of the first user identifier, so that the third NF may generate the second pseudonym information by sending a second request message to the fourth NF, so that the fourth NF may respond to the second request message. Alternatively, when the first pseudonym information is sui, the fourth NF may obtain sui according to the sui, and then generate new second pseudonym information, such as new sui, according to the sui. Optionally, when the first pseudonym information is SUPI, the fourth NF may obtain the SUPI according to a correspondence between SUPI and SUPI, and then generate new second pseudonym information, such as new SUPI, according to the SUPI. Optionally, the fourth NF may also continue to use existing SUPI according to the local policy. It will be appreciated that, for the method for generating the new second pseudonym information, such as the new SUPI, by the fourth NF according to the first user identifier, such as the SUPI, reference may be made to the method for generating the third NF, which will not be described in detail herein.

2034. The fourth NF sends the second pseudonym information to the third NF, and correspondingly, the third NF receives the second pseudonym information.

Optionally, after the third NF sends the second request message to the fourth NF, the fourth NF may further send the correspondence between the first pseudonym information and the first user identifier to the third NF. Therefore, after the third NF receives the corresponding relation, the first user identification can be obtained according to the corresponding relation, and further, second pseudonym information is generated according to the first user identification.

In combination with the method for generating the second pseudonym information by using the third NF, in this embodiment of the present invention, the corresponding relationship between the first user identifier and the first pseudonym information and/or the corresponding relationship between the first user identifier and the second pseudonym information may be stored in the UDM. The UDR may also store a correspondence between the first user identifier and the first pseudonym information and/or a correspondence between the first user identifier and the second pseudonym information. Optionally, when the above correspondence is stored in each of the UDM and the UDR, the embodiment of the present application is not limited to whether the third NF performs the step 2031 shown above or performs the steps 2032 to 2034 shown above. Alternatively, when the above correspondence is stored in the UDM or the UDR, the third NF may perform step 2031 or perform steps 2032 to 2034 according to the difference of NFs storing the above correspondence.

The above shows that the first response message carries the second pseudonym information, and optionally, the first response message may also carry other information. According to the difference of other information carried in the first response message, the embodiments of the present application further provide several methods:

a first method,

The first response message may further carry a root key Kamf; the root key is generated by the third NF according to SUPI, for example kamf=kdf (SUPI, other parameters), which are not limited in the embodiments of the present application. Since the UE also generates a root key from SUPI, e.g. kamf=kdf (SUPI, other parameters), the UE is not affected at this time. The KDF algorithm may be a key derivation algorithm already defined in the 3GPP standard, for example, an HMAC-SHA256 algorithm, which is not limited in the embodiments of the present application.

The root key may also be generated by the third NF according to SUPI, for example kamf=kdf 2 (supi×other parameter 2), and the embodiment of the present application is not limited to other parameter 2. Since the UE generates the root key from SUPI, for example kamf=kdf (SUPI, other parameter 1). In order to ensure that the UE is not affected, the third NF (or the fourth NF) is required to generate the key derivation algorithm KDF1 of SUPI from SUPI and the third NF is required to generate the key derivation algorithm KDF2 of the root key Kamf from SUPI, so that the following conditions are satisfied: the root key Kamf generated by the third NF according to SUPI and the root key Kamf generated by the UE according to SUPI are equal, i.e., kamf=kdf (SUPI, other parameter 1) =kdf 2 (SUPI x, other parameter 2) =kdf 2 (KDF 1 (SUPI, other parameter 1), other parameter 2). In this case, the KDF2 may be the same as or different from the KDF1, which is not limited in the embodiment of the present application. It will be appreciated that the method of generating a root key shown above is merely an example and should not be construed as limiting the embodiments of the present application.

In this case, the method shown in fig. 2 may further include: if the first response message further carries the root key Kamf, the first NF may also generate a user plane key according to the root key, and the method how the first NF applies the root key is not limited in this embodiment of the present application.

A second method,

The first response message may further carry third indication information; the third indication information is used for indicating the first NF to generate a root key according to the second pseudonym information.

The embodiment of the application does not limit the specific indication form of the third indication information. For example, the first response message may be represented by 1 bit of information, and the third indication information is carried in the first response message. For example, "1" may indicate that the first response message carries third indication information. For example, it may be further indicated by 2 bits of information whether the indication information is carried in the first response message, and the carried indication information is the third indication information. It is to be understood that the above is merely an example, which is not limiting in this application.

In combination with the third indication information, the method shown in fig. 2 may further include: if the first response message also carries the third indication information, the first NF generates a root key Kamf according to the second pseudonym information.

For example, kamf=kdf 2 (SUPI, other parameter 2), and other parameter 2 is not limited to the embodiments of the present application. Since the UE generates the root key from SUPI, for example kamf=kdf (SUPI, other parameter 1). In order to ensure that the UE is not affected, the third NF (or the fourth NF) is required to generate the key derivation algorithm KDF1 of SUPI from SUPI and the first NF is required to generate the key derivation algorithm KDF2 of the root key Kamf from SUPI, so that the following conditions are satisfied: the root key Kamf generated by the first NF according to SUPI and the root key Kamf generated by the UE according to SUPI are equal, i.e., kamf=kdf (SUPI, other parameter 1) =kdf 2 (SUPI x, other parameter 2) =kdf 2 (KDF 1 (SUPI, other parameter 1), other parameter 2). The KDF algorithm here employs a key derivation algorithm already defined in the 3GPP standard, such as the HMAC-SHA256 algorithm. In this case, the KDF2 may be the same as or different from the KDF1, which is not limited in the embodiment of the present application.

After the first NF generates the root key, a user plane key may also be generated according to the root key, which is not limited in the method how the first NF applies the root key.

Method III,

It can be appreciated that, when the first response message carries the second pseudonym information, but does not carry the root key or the third indication information shown in the first and second methods, the method shown in fig. 2 may further include: and after receiving the first response message, the first NF generates a root key Kamf according to the second pseudonym information.

It is understood that other embodiments of the present application are equally applicable to the specific implementation of methods one through three.

The above methods one to three have no effect on the UE, i.e. the UE may remain unchanged. For example, the UE generates a root key Kamf from SUPI, e.g., kamf=kdf (SUPI, other parameter 1), and may further generate a user plane key from the root key. It is to be appreciated that the UE illustrated herein may remain unchanged relative to method four, where the UE also needs to receive the first indication information and/or the second indication information, etc. Therefore, the UE shown in the embodiments of the present application should not be construed as being limited to the embodiments of the present application.

A fourth method,

In a possible implementation manner, the first response message further carries first indication information and/or second indication information; the first indication information is used for indicating to generate second pseudonym information, and the second indication information is used for indicating to generate a user plane key.

The specific indication forms of the first indication information and the second indication information are not limited in the embodiments of the present application. For example, 1 bit of information may be used to indicate whether the first response message carries the first indication information or the second indication information. For example, "1" may indicate that the first indication information is carried in the first response message, and "0" may indicate that the second indication information is carried in the first response message. For example, it may also be indicated by 2 bits of information whether the first response message carries indication information, and whether the carried indication information is the first indication information or the second indication information. It is to be understood that the above is merely an example, which is not limiting in this application.

In combination with the first indication information, the method shown in fig. 2 may further include:

2051. if the first response message includes the first indication information, the first NF generates a root key according to the second pseudonym information.

After the first NF generates the root key, a user plane key may also be generated according to the root key, which is not limited in the method for applying the root key to the first NF in the embodiment of the present application. For how the first NF applies the root key, reference may be made to a related standard or protocol, etc. For example, kamf=kdf (supi×other parameters), and other parameters are not limited to the embodiments of the present application.

2061. The first NF sends first indication information to the terminal equipment, and correspondingly, the terminal equipment receives the first indication information.

For the steps performed after the terminal device receives the first indication information, referring to fig. 3a, fig. 3a is a schematic flow chart of a secure communication method provided in the embodiment of the present application, and the method may be applied to the terminal device. As shown in fig. 3a, the method comprises:

3011. the terminal equipment receives first indication information sent by a first NF (AMF); the first indication information is used for indicating the terminal equipment to generate second pseudonym information.

Alternatively, the first indication information may be further used to instruct the terminal device to generate the root key.

3012. The terminal equipment generates second pseudonym information according to the first user identification.

3013. The terminal device generates a root key from the second pseudonym information.

3014. The terminal equipment generates an access layer key and/or a non-access layer key according to the root key; the access layer key is used for protecting data and/or signaling between the terminal equipment and the access equipment, and the non-access layer key is used for protecting data and/or signaling between the terminal equipment and the first NF.

In this embodiment of the present application, for the method for generating the second pseudonym information and the method for generating the root key by the terminal device according to the first user identifier, reference may be made to the method for generating the second pseudonym information by the third NF and the method for generating the root key by the third NF, which are not described in detail herein.

The method for generating the access layer key by the terminal device in the embodiment of the present application is not limited, for example, the access layer key=kdf (Kamf, other parameters).

By implementing the embodiment of the application, the access layer key and/or the non-access layer key are generated according to the second pseudonym information, so that the security level of data and/or signaling can be effectively improved, and the transmission of the data and/or signaling is protected.

In combination with the second indication information, the method shown in fig. 2 may further include:

2052. If the first response message includes the second indication information, the first NF generates a user plane key according to the second pseudonym information.

The method for generating the user plane key by the terminal equipment is not limited in the embodiment of the application.

2062. The first NF sends second indication information to the terminal equipment, and correspondingly, the terminal equipment receives the second indication information.

2072. The first NF sends a user plane key to the user plane function, and correspondingly, the user plane function receives the user plane key.

It is understood that the embodiments of the present application are not limited as to the order of steps 2062 and 2072.

For the steps performed after the terminal device receives the second indication information, refer to fig. 3b, and fig. 3b is a schematic flow chart of a secure communication method provided in the embodiment of the present application, where the method may be applied to the terminal device. As shown in fig. 3b, the method comprises:

3021. the terminal equipment receives second indication information sent by the first NF; the second indication information is used for indicating the terminal equipment to generate a user plane protection key.

3022. The terminal equipment generates second pseudonym information according to the first user identification.

3023. The terminal device generates a root key from the second pseudonym information.

3024. The terminal equipment generates a user plane key according to the root key; the user plane key is used for protecting data between the terminal equipment and the user plane function.

In the embodiment of the application, after the terminal device generates the user plane key, when the terminal device interacts with the user plane function, the data can be protected by using the user plane key. The data is prevented from being tampered or intercepted by other network elements or network functions, and the safety of the data is ensured.

It will be appreciated that in the secure communication methods shown in fig. 3a and 3b, the terminal device may be understood as a device using the first user identification. In other words, the first user identification, such as SUPI, may be a user identification or number or the like stored by the terminal device core card.

It will be appreciated that the method shown above is illustrated with a first user identification, but in particular applications, a second user identification, a third user identification, etc. may also be included. The second user identification or the third user identification may also apply the methods shown in fig. 2, 3a and 3 b.

By implementing the method shown in fig. 2, the third NF may determine whether to perform the pseudonymization processing on the first user identifier according to the trusted attribute of the first user identifier, so that when the trusted attribute of the first user identifier meets a preset condition, the third NF sends the first user identifier, that is, the second pseudonymization information, subjected to the pseudonymization processing to the first NF. The first user identifier exists among different NFs in a pseudonymized mode, so that the first user identifier is prevented from being tampered or intercepted by unsafe or untrustworthy network elements or network functions, the first user identifier is effectively protected, and the safety of the first user identifier is improved.

For a more visual understanding of the method shown in fig. 2, the secure communication method provided in the embodiment of the present application will be specifically shown below.

Referring to fig. 4, fig. 4 is a schematic view of a scenario of a secure communication method according to an embodiment of the present application. The method is applicable to the network architecture shown in fig. 1. It can be understood that the method uses the terminal equipment as UE, the first NF is AMF, the third NF is UDM, and meanwhile, the method also involves network functions such as AUSF and user plane functions such as UPF. The method wherein the first user identification comprises SUPI. Optionally, subscription data of one or more user identities are pre-stored in the UDM, and the subscription data includes subscription levels. In other words, the UDM is preconfigured with subscription levels of one or more subscriber identities.

As shown in fig. 4, the secure communication method includes:

401. the UE sends a registration request message to the AMF, the registration request message carrying a sui or 5G global user temporary identity (5G global user temporary identity,5G GUTI). Accordingly, the AMF receives the registration request message.

When the UE first sends a registration request message to the AMF, the registration request message may carry the sui. When the UE does not send the registration request message to the AMF for the first time, the registration request message may carry the GUTI. For convenience of description, the UE first sends a registration request message to the AMF, which may be simply referred to as first registration; the UE does not first send a registration request message to the AMF, which may be simply referred to as non-first registration.

402. The AMF sends an authentication request message to the AUSF, where the authentication request message carries a sui or a SUPI. Correspondingly, the AUSF receives the authentication request message.

When registering for the first time, the authentication request message can carry SUCI; and when the authentication request message is not registered for the first time, the authentication request message can carry SUPI.

Optionally, the authentication request message may also carry an Identification (ID) of the service network. The ID of the service network may be the ID of the network in which the AMF is located.

403. The AUSF sends the authentication request message to the UDM, and correspondingly, the UDM receives the authentication request message.

404. And the UDM performs pseudonymization processing on the SUPI according to the trusted attribute of the SUPI to obtain a new pseudonymized user identifier such as SUPI.

It will be appreciated that reference is made to the method shown in fig. 2 for the method of the UDM pseudonymization process, which is not described in detail here.

405. The UDM sends an authentication response message to the AUSF, which carries a new pseudonymized user identity, e.g., SUPI. Correspondingly, the AUSF receives the authentication response message.

Illustratively, if the authentication request message carries a sui, the UDM may obtain the SUPI according to the sui. New SUPI is then generated from the SUPI. For example, if the authentication request message carries SUPI, the UDM may obtain SUPI according to the previously stored correspondence (SUPI ), and then generate a new SUPI according to the SUPI. Optionally, the UDM may further use existing SUPI (e.g. carried in the authentication request message) according to the local policy.

Optionally, the authentication response message may further carry the first indication information and/or the second indication information. The first indication information may be understood as a pseudonymized protection indication information; the second indication information may be understood as or terminal-to-core network protection indication information.

Illustratively, for step 404, the udm may perform the following processing according to the trusted attributes of the subscription (e.g., the trusted attributes of the subscription SUPI):

for example, if the trusted attributes in the subscription meet the identity privacy protection requirement, the UDM may determine that SUPI requires pseudonymization protection. For another example, if the trusted attribute in the subscription meets industry data security requirements, the UDM determines that the SUPI requires kana protection. For another example, if the trusted attribute in the subscription indicates that the SUPI is a normal user, the UDM may be processed according to the normal flow. The normal flow may refer to a related standard or protocol, e.g., UDM may not pseudonymize SUPI, etc. For another example, if the trusted attribute in the subscription indicates that the SUPI is a VIP user, the UDM determines that the SUPI requires pseudonymization protection.

Optionally, after receiving the authentication request message, the UDM may further send the authentication request message to the UDR, where the UDR performs pseudonymization on the SUPI according to the trusted attribute of the SUPI to obtain a new SUPI. The UDR thus sends an authentication response message to the UDM, the authentication response message carrying the new SUPI x. Optionally, after receiving the authentication request message, the UDR may directly perform pseudonymization processing on the SUPI to obtain a new SUPI. The UDR thus sends an authentication response message to the UDM, the authentication response message carrying the new SUPI x. Optionally, the authentication response message sent by the UDR to the UDM may further carry a new mapping relationship between the SUPI and the SUPI. In this case, both UDM and UDR can obtain a real user identity such as SUPI.

The manner in which UDR obtains SUPI may be as follows: for example, if the authentication request message carries a sui, the UDR may obtain a sui according to the sui, and then generate a new sui according to the sui. Optionally, if the authentication request message carries SUPI, the UDR may obtain SUPI according to a previously stored correspondence (SUPI ), and then generate a new SUPI according to the SUPI. Optionally, the UDR may further use existing SUPI (e.g. carried in the authentication request message) according to the local policy.

406. The AUSF continues to perform the authentication procedure for the UE through the AMF.

It will be appreciated that, for the authentication procedure shown in step 406, reference may be made to related standards or protocols, etc., which are not limited in this embodiment of the present application.

407. The AUSF acknowledges the authentication success.

408. The AUSF sends an authentication response message to the AMF, where the authentication response message carries a new SUPI. Accordingly, the AMF receives the authentication response message.

Optionally, the authentication response message may also carry an anchor key. Optionally, the authentication response message may further carry the first indication information and/or the second indication information. Optionally, the first indication information and/or the second indication information may also be integrity protected by a shared key, so as to prevent the first indication information and/or the second indication information from being tampered with maliciously, etc. The shared key may be understood as a shared key between the UE and the AUSF during authentication. In other words, the first indication information and/or the second indication information may be integrity protected by recovering a message authentication code (message authentication code, MAC) value.

409. The AMF generates a root key (Kamf) from the new SUPI and the anchor key.

Optionally, if the authentication response message carries the second indication information, the AMF generates a user plane key according to the root key, where the user plane key may also be referred to as a terminal-to-core network protection key, and the terminal-to-core network protection key may include a terminal-to-core network encryption key and a terminal-to-core network integrity protection key.

Optionally, when the UDM generates a new SUPI, the UDM may also generate a root key according to the new SUPI. The root key can be carried in the authentication response message, so that the root key can be obtained when the AMF receives the authentication response message.

Optionally, after the AUSF receives the authentication response message, the AUSF may also generate a root key according to the new SUPI.

410. The AMF sends the first indication information and/or the second indication information to the UE.

411. The UE generates a new SUPI from the SUPI.

After the authentication procedure is finished, the UE may also generate an anchor key using the same method as the AUSF. Optionally, if the UE receives the first indication information, the UE may perform integrity protection check on the first indication information by using a shared key between the UE and the AUSF, and then the UE generates a new SUPI. It is understood that the method of generating new SUPI by the UE may be the same as the method of generating new SUPI by the UDM. Further, the UE may also generate a root key Kamf from the new SUPI. Optionally, if the UE receives the second indication information, the UE may further generate a user plane key according to the root key.

It can be appreciated that the first indication information and/or the second indication information shown above may also be included in the tenth message, and the manner in which the first indication information and/or the second indication information are sent by the AMF is not limited in the embodiments of the present application.

412. The AMF sends a registration response message to the UE. Accordingly, the UE receives the registration response message.

The registration response message may include a registration accept message.

413. The AMF sends the terminal-to-core network protection key to the UPF via the SMF.

In the embodiment of the application, in the process of transmitting the data between the UE and the UPF, the data can be encrypted or integrity protected through the terminal-to-core network protection key, so that the data is prevented from being known by weak trusted or untrusted NF, and the safety of data transmission is improved.

In the method shown in fig. 4, the root key Kamf is generated by the AMF according to the new SUPI carried in the authentication response message. And the UE generates a new SUPI x by the same method as the UDM and then generates the root key Kamf from the new SUPI x.

Optionally, after the UDM generates the new SUPI, the UDM may also generate the root key Kamf according to the new SUPI. Meanwhile, the authentication response message may include the new SUPI and the root key Kamf, so that the AMF may directly receive the root key Kamf. In this case, the UE may generate a new SUPI by the same method as the UDM, and then generate the root key Kamf from the new SUPI. Alternatively, UDM may generate a new SUPI using security algorithm f 1; meanwhile, the authentication response message includes a new SUPI, and the AMF generates the root key Kamf using the security algorithm f2 and the new SUPI. And ensuring that the root key Kamf generated by the UE according to the new SUPI is equal to the root key Kamf generated by the AMF through a security algorithm f1 and f 2.

It is understood that the first request message in fig. 2 may be understood as the authentication request message in fig. 4, and the first response message in fig. 2 may be understood as the authentication response message in fig. 4. The first indication information in fig. 2 may be understood as the pseudonymized protection indication information in fig. 4, and the second indication information in fig. 2 may be understood as the terminal-to-core network protection indication information in fig. 4. The user plane keys shown in fig. 2 can be understood as the terminal-to-core network protection keys in fig. 4.

According to the technical scheme provided by the embodiment of the application, on one hand, the SUPI is prevented from being tampered or intercepted by unsafe or untrustworthy network elements or network functions, the SUPI is effectively protected, and the safety of the SUPI is improved. On the other hand, the authentication response message comprises the terminal-to-core network protection indication information, so that the safety of data interaction between the UE and the UPF is improved.

The method shown in fig. 2 to fig. 4 is to determine whether to pseudonymize the user identifier according to whether the trusted attribute of the user identifier meets a preset condition. The embodiment of the application also provides a secure communication method, in which the related network element or network function can be determined according to the trusted level, so that the service can be provided for the terminal equipment through the related network element or network function.

Fig. 5 is a flow chart of a secure communication method according to an embodiment of the present application, and the method may be applied to the network architecture shown in fig. 1. As shown in fig. 5, the secure communication method includes:

501. the first Network Function (NF) sends a third request message to the NRF, the third request message carrying a trust level. Accordingly, the NRF receives the third request message.

The first NF may also be understood as consumer NF.

In the embodiment of the application, the trust level may be used to represent the trust level of the network element or the network function. Depending on the level of trust, the degree of trust, e.g., NF, varies. Alternatively, the level of trust may be proportional to the degree of trust. For example, the trust level may be classified as strongly trusted, weakly trusted, or untrusted, etc. For another example, the trust level may be classified as level 1, level 2, level 3, etc., with higher levels representing higher degrees of trust. The embodiment of the application does not limit the specific division manner of the credibility level.

Alternatively, the trust level shown above may be the trust level of NF. Alternatively, the above-described trust level may also be the trust level of a slice, or the like. Depending on the level of trust, the embodiments of the present application provide several different methods, as shown in fig. 6a to 6c, respectively.

In this embodiment of the present application, the third request message may be a message for requesting to query the NF that the terminal device may access, where the NF that the terminal device may access may include an AMF, an SMF, or a UPF, etc.

502. In response to the third request message, the NRF determines a second NF according to the trust level.

The second NF can also be understood as a producer NF; alternatively, it can also be understood as a target NF (target NF), or the like.

The second NF may represent one NF, or the second NF may also represent a plurality of NFs.

Alternatively, the second NF may be one or more NFs corresponding to a trust level. Alternatively, the second NF may also be one or more NFs corresponding to the trust level, and the NF type requested by the first NF.

The method for determining the second NF by the NRF is different according to the level of trust, and may be shown in fig. 6a to 6c, respectively.

503. The NRF transmits identification information of the second NF to the first NF. Correspondingly, the first NF receives the identification information of the second NF.

The identification information of the second NF may include, for example, a type (NF type) of the second NF, an instance (NF instance) of the second NF, an identification (NF set ID) of the second NF set, or an IP address of the second NF, which specific identification is not limited in the embodiment of the present application. After receiving the identification information of the second NF, the first NF may perform service interaction with the second NF.

Optionally, the identification information of the second NF may be included in the third response message.

In this embodiment of the present application, the NRF determines the second NF according to the trust level, so that after the first NF receives the identification information of the second NF, the first NF performs data and/or signaling interaction with the second NF. Therefore, the first NF can interact with the NF (namely the second NF) corresponding to the credible level, on one hand, the requirement of the first NF on the credible level can be met, and on the other hand, the first NF interacts data and/or signaling with the NF (such as the second NF) with high credible level, so that the interaction safety of the first NF and the second NF is improved.

According to the difference of the trust level shown in fig. 5, several methods are provided in the embodiments of the present application, as follows:

a first method,

Referring to fig. 6a, fig. 6a is a schematic flow chart of a secure communication method according to an embodiment of the present application, as shown in fig. 6a, the method includes:

it can be appreciated that in this method, the NRF stores a trust level of one or more NFs (including a second NF), and the method provided in the embodiment of the present application is illustrated below by taking the second NF as an example. However, the method described below is applicable not only to the second NF but also to other NFs and the like. As shown in fig. 6a, the method of preserving the trust level of one or more NFs in an NRF includes steps 601 and 602.

601. The NRF receives a registration request message sent by the second NF, wherein the registration request message carries the trust level of the second NF. Accordingly, the NRF receives the registration request message.

The registration request message also carries identification information of the second NF.

602. The NRF maintains a trust level of the second NF.

In the method, the second NF may send the trust level of the second NF to the NRF when sending the registration request message to the NRF. The method of dividing the trust level may be referred to as the method shown in fig. 5, and will not be described in detail here.

The embodiments of the present application are not limited as to how the NRF saves the trust level of the second NF, and the location where the trust level of the second NF is specifically saved. For example, the NRF may store correspondence between the identification information of the second NF and a trust level, such as (NF instance, NF type, trust level), and the like. Illustratively, the trust level of an NF may be stored in the NRF in a manner that the NF corresponds to a trust level. Alternatively, the NRF may store the trust levels of the NF, etc. in such a manner that the NF corresponds to one trust level.

The above is a method for dynamically obtaining the trust level of NF provided by the embodiments of the present application. The embodiment of the application also provides a method for statically obtaining the trust level of the NF, such as the NRF pre-configures the trust level of one or more NF and stores the trust level of the one or more NF. Illustratively, the NRF pre-configures a trust level of the second NF and saves the trust level of the second NF. For example, the operator may pre-configure the trust level of the second NF for the NRF, etc. It can be appreciated that embodiments of the present application are not limited to methods of configuring the trust level of one or more NFs in an NRF.

In the method for statically or dynamically obtaining the trust level of the NF, the NRF may store the identification information of one or more NFs and the trust level of the one or more NFs. Illustratively, the NRF may store therein NFa identification information and NFa trust level. Alternatively, the NRF may also store the identification information of NFb and the trust level of NFb. Alternatively, the NRF may also store the identification information of NFc and the trust level of NFc. Among them, NFa, NFb, and NFc are used only to distinguish different NFs, and have no other specific meaning. It is understood that the NRF shown above may store identification information of one or more NFs and trust levels of the one or more NFs, and may also be understood as storing one or more NFs and trust levels of the one or more NFs in the NRF; alternatively, it may be understood that the NRF stores correspondence between identification information of one or more NFs and a trust level, and the embodiment of the present application is not limited to a specific description method.

It will be appreciated that the above description of the identification information of the NF and the trust level of the NF is maintained by the NRF, and that other embodiments of the present application are equally applicable.

603. The first NF acquires the trusted attribute of the first user identifier from the third NF, and determines the trusted level according to the trusted attribute of the first user identifier.

In this embodiment of the present application, the trusted attribute of the first user identifier may be used to indicate whether a pseudonymization process needs to be performed on the first user identifier or not. Thus requiring a pseudonymization of the first subscriber identity, the higher the level of trust that the first subscriber identity requires. Therefore, after the third NF obtains the trusted attribute of the first user identifier, the trusted level may be determined according to the trusted attribute of the first user identifier. For how the third NF obtains the trusted attribute of the first user identity, reference is made to the method shown in fig. 2, which is not described in detail here.

Illustratively, the first NF may perform step 603 when receiving a message sent by the terminal device requesting access to the network. The first NF may also perform step 603 when receiving a message sent by the terminal device requesting to establish a session. The first NF may also perform step 603 in other scenarios, which is not limited in this embodiment of the present application.

604. The first NF sends a third request message to the NRF, the third request message carrying a trust level. Accordingly, the NRF receives the third request message.

605. Responding to the third request message, and determining the second NF by the NRF according to the stored corresponding relation between the identification information of the second NF and the trust level carried in the third request message.

The NRF stores identification information and credibility levels of one or more NF; alternatively, it may be understood that the NRF stores correspondence between identification information of one or more NFs and trust levels of the one or more NFs; alternatively, it may be understood that the NRF stores identification information of the NF and a trust level of the NF. For the method of preserving the identification information of NF and the trust level of NF in the NRF, reference is made to the relevant descriptions of step 601 and step 602, which will not be described in detail here.

In some implementations, the trust level of the second NF may be equal to the trust level carried in the third request message. In other implementations, the trust level of the second NF may also be higher than the trust level carried in the third request message, which is not limited in this application.

For example, NRF may store (NF 2, trusted level such as high), (NF 3, trusted level such as high), (NF 4, trusted level such as weak), (NF 5, trusted level such as untrusted). The trust level carried in the third request message is high. The NRF may determine a NF of high trust level, such as NF2 and/or NF3, from the trust level of the saved NF as the second NF. It is understood that NF2, NF3, NF4, and NF5 in the examples shown above may be the same type of NF.

Optionally, the NRF may also store trust levels of NFs of various different types, where, when determining the second NF, the NRF may also determine the second NF according to the NF type requested by the first NF. For example, if the first NF needs to request an AMF that the terminal device can access, the second NF is an NF corresponding to the trust level carried in the third request message.

Optionally, in the case that the trust level carried in the third request message is weak, the trust level of the second NF may correspond to the trust level weak; alternatively, the trust level of the second NF may also be weaker than the trust level.

It may be understood that in the embodiment of the present application, the trust level of the NF may also be understood as the trust level corresponding to the identifier of the NF.

606. The NRF sends the identification information of the second NF to the first NF, and correspondingly, the first NF receives the identification information of the second NF.

In the embodiment of the application, by storing the trust level of each NF (including the second NF) in the NRF, the first NF may request the NRF for an NF with a high trust level. Therefore, the first NF can interact with the NF with high credibility level (such as the second NF) for data and/or signaling, and the security of the data and/or signaling is ensured.

A second method,

Referring to fig. 6b, fig. 6b is a schematic flow chart of a secure communication method according to an embodiment of the present application, as shown in fig. 6b, the method includes:

611. the first NF sends a fourth request message to the NSSF, where the fourth request message carries identification information of the first slice. Accordingly, the NSSF receives the fourth request message.

The embodiments of the present application are not limited with respect to the specific type of the fourth request message.

612. The NSSF determines the credibility level of the first slice according to the first pre-configuration information and the identification information of the first slice carried in the fourth request message.

The first preconfiguration information is configured by an operator, or by other NFs, etc., which is not limited in this application. The identification information of the slice and the trust level of the slice can be stored in the first pre-configuration information. For example, the first preconfiguration information may store a correspondence between identification information of one or more slices and a trust level. The first pre-configuration information comprises identification information of a first slice and a credibility level of the first slice.

In this embodiment of the present application, the trusted level of the first slice may also be understood as the trusted level corresponding to the identification information of the first slice. The trust level of the plurality of slices can also be understood as the trust level corresponding to the identification information of the plurality of slices. The plurality of slices may correspond to one confidence level or the plurality of slices may correspond to a plurality of confidence levels. For example, one slice corresponds to one trust level, or two slices correspond to one trust level, etc., the embodiment of the present application does not limit how NSSF holds the relationship between slices and trust levels.

After receiving the fourth request message, the NSSF may search the trusted level corresponding to the first slice from the saved trusted levels of the one or more slices according to the identification information of the first slice, thereby obtaining the trusted level of the first slice.

613. The NSSF sends a fourth response message to the first NF, wherein the fourth response message carries the credibility level of the first slice. Correspondingly, the first NF receives the fourth response message.

The fourth response message carries the trusted level of the first slice may also be understood as carrying the trusted level corresponding to the identification information of the first slice in the fourth response message. The fourth response message also carries identification information of the first slice.

614. The first NF sends a third request message to the NRF, where the third request message carries the trust level of the first slice and the identification information of the first slice. Accordingly, the NRF receives the third request message.

615. In response to the third request message, the NRF determines a second NF set corresponding to the first slice according to the identification information of the first slice; and determining a second NF from the second NF set according to the corresponding relation between the stored identification information of the NF and the trusted level of the first slice.

In this embodiment of the present application, the NRF may store correspondence between identification information of one or more NFs and a trust level. Alternatively, it may be understood that the NRF stores identification information of one or more NFs and trust levels of the one or more NFs. Thus, the NRF may determine a second NF from the second set of NFs based on the trust level of the first slice. It can be appreciated that the number of NFs included in the second NF set is not limited in the embodiments of the present application. For example, one NF, such as a second NF, may be included in the second set of NFs; for another example, the second NF set may further include a plurality of NFs, and the plurality of NFs includes the second NF. It is understood that other embodiments of the present application are equally applicable with respect to the description of the second NF set.

616. The NRF sends the identification information of the second NF to the first NF, and correspondingly, the first NF receives the identification information of the second NF.

In one possible implementation, the method shown in fig. 6b may further comprise, prior to step 615:

617. the NRF receives a registration request message sent by the second NF, wherein the registration request message carries the trust level of the second NF. Accordingly, the NRF receives the registration request message.

618. The NRF maintains a trust level of the second NF.

It will be appreciated that for a specific implementation of step 617 and step 618 reference may be made to step 601 and step 602 shown in fig. 6a, which will not be described in detail here.

It will be appreciated that the method not described in detail in the embodiments of the present application may refer to the method shown in fig. 5 and 6a, and will not be described in detail here.

Method III,

Referring to fig. 6c, fig. 6c is a schematic flow chart of a secure communication method according to an embodiment of the present application, as shown in fig. 6c, the method includes:

621. the first NF sends a fourth request message to the NSSF, where the fourth request message carries identification information of the first slice. Accordingly, the NSSF receives the fourth request message.

622. The NSSF determines the trust level of the second NF set according to the second pre-configuration information and the identification information of the first slice.

This second preconfiguration information is configured by the operator, or by other NF configurations, etc., which is not limited in this application. The second preconfiguration information comprises identification information of the NF set and a trust level of the NF set. For example, the second preconfiguration information may include a correspondence between identification information of the second NF set and a trust level of the second NF set. And the second preconfiguration information can further comprise identification information of the slice and identification information of the NF set. For example, the second preconfiguration information may include a correspondence between identification information of the first slice and identification information of the second NF set.

Alternatively, a slice may correspond to one or more NF sets, and a NF set may correspond to a trust level.

After receiving the fourth request message, the NSSF may determine, according to the identification information of the first slice carried in the fourth request message, an NF set corresponding to the first slice, for example, a second NF set; a trust level corresponding to the second set of NFs is then determined.

623. The NSSF sends a fourth response message to the first NF, wherein the fourth response message carries the identification information of the second NF set and the trust level of the second NF set. Correspondingly, the first NF receives the fourth response message.

624. The first NF sends a third request message to the NRF, wherein the third request message carries the trust level of the second NF set and the identification information of the second NF set. Accordingly, the NRF receives the third request message.

625. Responding to a third request message, and determining a second NF from the second NF set according to the stored correspondence between the identification information of the NF and the trust level of the second NF set.

626. The NRF sends the identification information of the second NF to the first NF, and correspondingly, the first NF receives the identification information of the second NF.

In one possible implementation, before step 625, the method shown in fig. 6b may further include:

627. the NRF receives a registration request message sent by the second NF, wherein the registration request message carries the trust level of the second NF. Accordingly, the NRF receives the registration request message.

628. The NRF maintains a trust level of the second NF.

It will be appreciated that for a specific implementation of step 627 and step 628, reference may be made to step 601 and step 602 shown in fig. 6a, which will not be described in detail herein.

It will be appreciated that the method not described in detail in the embodiments of the present application may refer to the method shown in fig. 5-6 b, and will not be described in detail here.

A fourth method,

Referring to fig. 6d, fig. 6d is a schematic flow chart of a secure communication method according to an embodiment of the present application, as shown in fig. 6d, the method includes:

631. the first NF sends a fourth request message to the NSSF, where the fourth request message carries identification information of the first slice. Accordingly, the NSSF receives the fourth request message.

632. The NSSF determines one or more NF corresponding to the first slice and the trust level corresponding to the one or more NF according to the third pre-configuration information and the identification information of the first slice.

The third pre-configuration information comprises the corresponding relation between the identification information of the slice and the identification information of the NF. In other words, the third preconfiguration information may include a correspondence between one or more slices and NF. Alternatively, a slice may correspond to one or more NFs, and an NF may correspond to a trust level.

Optionally, the trust levels corresponding to the NFs are the same, or the trust levels corresponding to the NFs are different, which is not limited in the embodiment of the present application. For example, the first slice may correspond to NF7 (high confidence level), NF8 (high confidence level), and NF9 (high confidence level). As another example, the first slice may correspond to NF7 (high confidence level), NF8 (high confidence level), and NF10 (weak confidence level).

633. The NSSF sends a fourth response message to the first NF, wherein the fourth response message carries identification information of one or more NF and the trust level of the one or more NF. Correspondingly, the first NF receives the fourth response message.

The method shown in the embodiment of the present application is different from fig. 6c, in that the fourth response message in fig. 6c carries the trust level of the second NF set, and in that the fourth response message in fig. 6d carries the trust level of one or more NFs. In other words, the trust level in fig. 6c is set, and the embodiments of the present application are not limited as to whether the trust level of the corresponding NF or NFs in the second NF set is the same. I.e. the trust level of the NFs comprised in the second set of NFs may also be lower than the trust level carried in the third request message. In fig. 6d, the fourth response message directly carries the identification information of one or more NFs and the trust level of the one or more NFs, so that the first NF can directly select one NF from the one or more NFs as the second NF. That is, after the first NF receives the fourth response message, the first NF may determine a second NF that interacts with the first NF according to the trust level of the one or more NFs.

In the embodiment of the application, NSSF sends the credibility level of one or more NF to the first NF, so that the first NF can quickly determine the second NF, and the NSSF is simple to realize and high in efficiency.

It will be appreciated that the first NF and the second NF shown above are only examples, and in practical applications, more NFs may be involved in the scenario that the terminal device needs to access the network or establish a session connection. In other words, the technical solution provided by the embodiments of the present application may be applicable to more NFs.

By implementing the technical schemes provided in fig. 5 to 6d, under the scenarios of accessing a network, or establishing session connection, etc., a first NF may obtain a second NF with high trust level that interacts with the first NF by interacting with an NRF or an NSSF. And when relevant processing is processed, the safety of service interaction is ensured.

The application also provides a secure communication method, which comprises the following steps:

1) The first Network Function (NF) sends a fifth request message to the domain name system (domain name system, DNS), the fifth request message carrying domain name information and a trust level; accordingly, the DNS receives the fifth request message.

2) Responsive to the fifth request message, the DNS determines a second NF according to the domain name information and the trust level; the DNS sends the identification information of the second NF to the first NF.

It may be appreciated that the identification information of the second NF may be carried in the fifth response message, which is not limited in the embodiment of the present application.

In this embodiment of the present application, the first NF may further include an access device, and the second NF may include an AMF.

It will be appreciated that the method of figures 5 to 6d shown above may also be combined with the method shown in figures 2 to 4. For example, when the trusted attribute of the first user identifier meets a preset condition, the first user identifier may exist between different NFs in a pseudonymized manner. Meanwhile, when the UE interacts with different NFs, the first NF can select the NF with high credibility level, such as the second NF, to interact; and the first NF and the second NF may also exist between the first NF and the second NF in a pseudonymized manner (or a real user identification) when the first NF and the second NF interact. Therefore, the security of the first user identification is improved, and the security or reliability of data and/or signaling interaction is effectively ensured. Furthermore, when the UE interacts with the UPF, the data and/or the signaling can be encrypted through the user plane key, so that the security of the data and/or the signaling is ensured.

In other words, the secure communication method provided by the application can reduce privacy disclosure or weak links to be utilized by people and the like from the viewpoints of user identification security, communication network topology security, terminal to core network protection security and the like, and reduce excessive worry caused by policy reasons in each area. By means of hierarchical setting, a small number of sensitive network elements are controlled to carry out node-division trust, so that most network element equipment can be free of sensitive data or security level requirements are reduced, and the deployment feasibility of the existing network is greatly improved.

The secure communication method provided in the present application will be illustrated below with specific NF as an example. The method realizes the modes of grading, pseudonymization, NF trust and the like, and improves the feasibility of network deployment, data security and the like.

The trust level of NFs shown above may include, for example, trusted NFs, weakly trusted NFs, and untrusted NFs. The trusted NF may include trusted data NF, trusted control NF, and trusted stent NF, as shown in table 1. Wherein, the trusted data NF can be used for storing subscription data and the like; the trusted data NF may include the third NF, the fourth NF shown above. The trusted control NF may be used to address NF, etc.; the trusted control NF may comprise the first NF, NRF, NSSF, or the like shown above. The trusted bracket NF may include the user plane functions shown above, which may include UPF, MEC, etc. The trusted bracket NF may be an operator-authorized user plane network element. Optionally, the trusted bracket NF may perform no upload of data (support contracted checking) according to industry data requirements; or, starting terminal to core network protection (namely, encrypting data by using a user plane key) according to the access network condition; or, protection among trusted brackets NF is started according to network conditions.

TABLE 1

The trusted network element is described in detail below:

the trusted data NF may comprise a 5GUDM, a 4G UDM, a HSS, a PCF in a mobile network, etc., or may be a subscriber database part in a network element as described above, etc. The trusted data NF is trusted because it needs to store user sensitive information such as user ID, key and subscription data. In other words, the high sensitivity of the trusted data NF is that the trusted data NF needs to hold the above-mentioned user-sensitive information.

Trusted control NFs may include 5G NRF, DNS, and 4G DNS, among others. Addressing between NFs is controlled by NRF, DNS, etc., topology hiding, directional splitting, etc. can be performed. The high sensitivity of the trusted control NF is that the trusted control NF needs to save data information such as network topology control.

Illustratively, DNS is used to configure IP addressing between physical network elements (e.g., between an access device and an AMF). NRF is used to configure addressing between virtual network functions (virtual network function, VNF) (e.g. between AMF and SMF of the same physical data center, etc.). The NRF may also configure trusted shelves NF, weak trusted shelves NF, etc.

The trusted control NF may also contain an SCP for handling the indirect addressing procedure and the topology hiding procedure specified in the 3GPP standard. Illustratively, AMF2 as in FIG. 7b may be indirectly addressed to SMF2 by the SCP, and then the AMF2 may communicate indirectly with SMF2 by the SCP.

Alternatively, the SMF may pre-configure some trusted shelves NF to be trusted for all UEs.

The trusted control NF may also comprise a default AMF (or default AMF such as default AMF), NSSF for acquiring real subscription data of the user before the slice selection. As in fig. 7a, UE1 (VIP user) uses the real ID (e.g. first user identity) of UE1 obtained from the trusted UDM when registering (or attaching) to the mobile communication network through the trusted access network.

The trusted bracket NF may include a UPF, which may be a UPF that decrypts viewing data, or may not be all UPFs in the network. Alternatively, the trusted stent NF may also include multiple access edge computing (multi edge compute, MEC). The MEC and the UPF may be two different NFs or the MEC and the UPF may be integrated into one NF.

In some implementations, the trusted data NF, the trusted control NF, and the trusted rack NF shown above may be configured by the operator, etc., i.e., the trusted NF in the network is configured in a static manner. Accordingly, the relevant information of the trusted NF may be stored in the trusted data NF. Alternatively, the relevant information (such as pre-configuration information) of the trusted NF may also be stored in NRF or NSSF, etc.

In other implementations, the trusted NF shown above may also be determined by a trusted control NF (e.g., NRF), or the like. For example, an NRF may determine a second NF that interacts with the first NF. Optionally, the trusted control NF may configure some trusted brackets NF according to a preset NF type (such as AMF, SMF, UPF, etc.) and may be trusted for all UEs; alternatively, some trusted shelves NF may be configured to be trusted for certain UEs. As in fig. 7a, for UE1, UPF1 may act as a trusted cradle NF. However, for a UE5 (not shown in fig. 7 a), the trusted leg NF interacting with that UE5 is not necessarily UPF1. In other words, the trusted control NF may configure some trusted shelves NF that are trusted for all UEs; alternatively, the trusted bracket NF may be trusted only for certain UEs, etc.

In connection with the methods shown in fig. 2 to 6d, the trusted data NF may configure the trusted stent NF according to the following method. Exemplary, for example:

1) And configuring a trusted bracket NF, a weak trusted bracket NF or an untrusted bracket NF and the like according to the trusted attribute of the subscription data of the user identification (such as the first user identification and the like).

2) The trusted stent NF, the weakly trusted stent NF, the untrusted stent NF, or the like is configured according to the user type (e.g., normal user, VIP user) of the user identification. For example, for VIP users, the NFs for which configuration may be trusted NFs. For an ordinary user, an ordinary NF or a weak trusted NF, etc. can be configured for it.

3) A trusted bracket NF is configured for industry attribute/data according to the requirements of not going out of a park and the like; such as MEC1, MEC4, etc. co-established with upc 1, UPF 4.

4) The trusted bracket NF may be configured for the session attribute of the user identifier, for example, that the security requirement for audio-video call or data communication is high, or that the session requires a high security level.

5) According to the slice to which the user identifier belongs, the trusted bracket NF corresponding to the slice can provide trusted service for the user identifier.

In one possible implementation, the trusted data NF may also configure the trusted bracket NF according to the following manner.

6) According to the safety control requirement of the network, certain trusted brackets NF must be checked according to certain conditions;

7) According to the load balance of the network, sharing among certain trusted brackets NF is allowed;

8) According to the real-time monitoring of the network, the risk of a certain terminal is considered to rise, and the NF and the management and control measures of the trusted bracket are adjusted;

9) The trusted support NF of a certain class of users is born according to boundary protection measures of the network, such as whether the network has an antiviral or firewall function or not;

10 Selecting a proper trusted bracket NF according to the physical deployment position of the network;

11 According to roaming agreements, billing agreements, a suitable trusted bracket NF is selected.

Examples of trusted attributes and network configuration policies for user identities in trusted data NF are shown in table 2, as table 2.

TABLE 2

The trusted attribute in table 2 represents the trusted attribute of the user identifier (such as the first user identifier), or may be understood as the trusted attribute of the terminal device to which the user identifier is applied. The trusted data NF may represent NF that holds information such as subscription data of the user identification. The trusted data NF in table 2 may be understood as the third NF and/or the fourth NF referred to in this application. Trusted control NF means that the first NF, NRF or NSSF etc. referred to in this application can be understood. The trusted NF trusted according to the policy rules in table 2 may represent an NF that provides a service for the terminal device, and the trusted NF may be understood as a second NF referred to in the present application.

For example, when the trusted attribute of the user identity is a VIP user, the policy rule may indicate that the NF serving the VIP user is a trusted NF, in which case the trusted NF may include a trusted control NF such as SMF and/or AMF, and a trusted support NF such as UPF, or the like. As in fig. 7a, UE1 may interact with an application server via a trusted access network, a trusted transport network, a trusted support NF, such as UPF1, a trusted control NF, trusted data NF, and a trusted support NF, such as UPF 4. Optionally, the user identity of the VIP user may also be pseudonymized, thereby protecting the user identity. Further, the UE may interact with UPF1, UPF4 through the user plane key.

For example, when the trusted attribute of the user identification is an industry data security protection attribute, the policy rules may process the user identification for pseudonymization. As in fig. 7b, when the UE2 or the UE3 accesses the network, the real user identity may be encrypted or pseudonymized. Optionally, the policy rules may further include the UE interacting with the UPF using a user plane key. The UE may also interact with the trusted UPF if the UE does not support interaction with the UPF through the user plane key (i.e., the UE does not support terminal-to-core network protection). As shown in fig. 7b, when a UE2 or UE3 interacts with an application server, the UE2 or UE3 may go through a trusted support node such as UPF4, thereby implementing network HOP-by-HOP (HOP) encryption or integrity protection (i.e., encryption of UE2 or UE3 to UPF4, and encryption of UPF4 to the application server), and so on.

Table 3 shows the functions of the respective trusted control nodes. Illustratively, the trust level of the NF set, the trust level of the slice, etc. may be saved in the trust control NF.

TABLE 3 Table 3

As shown in table 4, table 4 shows different network topology configuration policies and requirements for different user identities. It is understood that table 4 may also be understood as a supplementary illustration of table 3.

TABLE 4 Table 4

As shown in fig. 7a and fig. 7b, fig. 7a and fig. 7b are schematic diagrams of a network architecture for secure communication according to an embodiment of the present application. Illustratively, the trusted data NF comprised in the network architecture may be as UDM1 in fig. 7 a; the trusted control NF may be NRF/DNS/default AMF/NSSF as in fig. 7 a; the trusted stent NF may be as UPF1 and UPF4 in fig. 7 a. The NFs in the remaining 5GC (e.g., AMF, SMF, UPF, etc.) may be weakly trusted general NFs (or may also be referred to as normal NFs). For example, AMF2, AMF3, SMF2, SMF3, UPF2, UPF3, etc. in FIG. 7b may be a universal NF. By deploying some trusted NFs, the rest NFs are universal NFs, the implementation of the method is simple, and the network architecture can be rapidly deployed. The terminal device to which fig. 7a and 7b are applied may be any type of device, and the specific type of the terminal device is not limited in the embodiments of the present application.

The weak trust NF cannot obtain the true user identity of the terminal device. For example, AMF2 and AMF3 may obtain the pseudonymized subscriber identities of UE2 and UE3 from the trusted data NF of the operator, and perform service processing (which may also be understood as data and/or signaling processing, etc.) by the pseudonymized subscriber identities. AMF2 and AMF3 do not need to sense the real user identification; further, AMF2 and AMF3 may generate a root key from the pseudonymized subscriber identity and further generate a user plane key from the root key, interacting with the trusted cradle node UPF4 via an SMF (e.g. SMF2, SMF 3). When user plane data of the UE is sent to the trusted support UPF4 node through the weak trusted support node UPF2 or UPF3, the intermediate weak trusted support node UPF2 or UPF3 cannot learn the real data of the UE, since the user plane data can be encrypted by the user plane key between the UE and the UPF4.

The untrusted NF may be an access device such as WiFi that is easy to monitor the air interface, or a transmission NF with risk such as a wide area network. When passing through these untrusted NFs, the user data must be data streams encrypted or integrity protected by the terminal device to the trusted bracket NF, or e2e application layer protection. So that the untrusted NF (e.g., UPF2 or UPF 3) cannot know the UE's real data.

Wherein, the trusted attribute of the UE1 accords with a preset condition, and the trusted attributes of the UE2 and the UE3 do not accord with the preset condition. The subscription data of the UE1, UE2, and UE3, etc. may be stored in the trusted data NF. UE1, UE2, UE3 sign up for operator AN1, operator AN1 stores the real user identification and the real sign up data, the real key etc. in trusted data NF (trusted UDM, trusted PCF, or trusted database therein etc.).

In fig. 7a, UE1 is a VIP user, and thus the NF that interacts with UE1 may be a NF with a high trust level, such as a trusted NF. By way of example, UE1 may interact with an application server via a trusted access network, a trusted transport network, a trusted fifth generation mobile communication core network (5 g core,5 gc). In this case, optionally, the user identity of the UE1 may cross different NFs in a pseudonymized manner. Optionally, the UE1 user identity may also traverse different NFs (or traverse in a trusted security domain) with a real user identity.

In fig. 7b, UE2 or UE3 (e.g. as a regular user, etc.) may interact with the application server via an untrusted access network or a weakly trusted access network, an untrusted transport network or a weakly trusted transport network, a weakly trusted 5GC, a trusted support node such as UPF 4. In this case, the user identity of UE2 or UE3 may be pseudonymized. Alternatively, the user data of the UE2 or UE3 may also be transmitted encrypted, etc.

For example, when the UE2 accesses the 5GC through the weakly trusted access network or the untrusted access network in fig. 7b, the data flow of the UE2 may perform e2e application layer protection according to the service requirement, and may also perform data protection between the terminal and the trusted support NF (e.g. UPF 4). When the user IDs of the UE2 and the UE3 pass through an untrusted region (i.e. an untrusted domain) such as UPF2 or UPF3 to reach UPF4, the user IDs are protected by a pseudonymization scheme in the application; data encryption and integrity protection of the user plane may also be performed by a user plane key between the terminal in the present application and the trusted cradle NF (e.g., UPF 4). If the application layer data is protected, the responsibility of the content such as the rule violation is offered because the data cannot be regulated.

The specific description of UE3 in fig. 7b refers to UE2 described above and will not be described in detail here.

It will be appreciated that the network architecture shown in fig. 7a and 7b is only an example and should not be construed as limiting the embodiments of the present application.

Because of the concern of some countries about the credibility of 5 GNFs, a large number of 5 GNFs need to add a supervision measure for credibility, and the burden of network construction is increased. By implementing the secure communication method provided by the application, a small amount of trusted NF (e.g. trusted data NF, trusted control NF and trusted support NF) can be deployed, the trusted NF can obtain real data (e.g. real user identification or user data and the like) and network topology, other NF does not need to know the contents, the deployment is simple and the efficiency is high, and the feasibility of network construction is improved.

The communication device provided in the embodiment of the present application will be described in detail below.

Fig. 8 is a schematic structural diagram of a communication apparatus provided in an embodiment of the present application, where the communication apparatus may be used to perform the operations performed by the terminal device in the above method embodiment. For example, the communication device may be used to perform the method shown in fig. 3a and/or fig. 3 b.

As shown in fig. 8, the communication apparatus includes a transceiving unit 801 and a processing unit 802.

In some implementations, the transceiver 801 is configured to receive first indication information sent by the first NF; the first indication information is used for indicating the terminal equipment to generate second pseudonym information and/or a root key;

A processing unit 802, configured to generate second pseudonym information according to the first user identifier; and generating a root key from the second pseudonym information; generating an access layer key and/or a non-access layer key according to the root key; the access layer key is used for protecting data and/or signaling between the terminal equipment and the access equipment, and the non-access layer key is used for protecting data and/or signaling between the terminal equipment and the first NF.

In other implementations, the transceiver unit 801 is configured to receive second indication information sent by the first NF; the second indication information is used for indicating the terminal equipment to generate a user plane protection key;

a processing unit 802, configured to generate second pseudonym information according to the first user identifier; and generating a root key from the second pseudonym information; generating a user plane key according to the root key; the user plane key is used for protecting data between the terminal equipment and the user plane function.

In this embodiment of the present application, for a specific description of the first user identifier, the second pseudonym information, the root key or the user plane key, etc., reference may be made to fig. 2 to 7b, which are not described in detail here.

It is to be understood that when the above-mentioned communication means is a terminal device or a component in a terminal device implementing the above-mentioned functions, the processing unit 802 may be one or more processors, the transceiver unit 801 may be a transceiver, or the transceiver unit 801 may also be a transmitting unit and a receiving unit, the transmitting unit may be a transmitter, the receiving unit may be a receiver, and the transmitting unit and the receiving unit are integrated in one device, for example, a transceiver.

When the communication device is circuitry such as a chip, the processing unit 802 may be one or more processors, or the processing unit 802 may be a processing circuit or the like. The transceiver unit 801 may be an input-output interface, also referred to as a communication interface, or an interface circuit, an interface, or the like. Alternatively, the transceiver unit 801 may be a transmitting unit and a receiving unit, the transmitting unit may be an output interface, and the receiving unit may be an input interface, and the transmitting unit and the receiving unit are integrated into one unit, for example, an input/output interface.

The communication device of the embodiment of the present application may perform any function performed by the terminal device in the foregoing method embodiment, and specific executable steps and/or functions may refer to the detailed description in the foregoing method embodiment, which is only briefly summarized here and not repeated herein.

In some implementations, the communication apparatus may be a terminal device in the foregoing method embodiments. In this case, the transceiver unit 801 may be implemented as a transceiver, and the processing unit 802 may be implemented as a processor. As shown in fig. 9, the communication device 90 includes one or more processors 920 and a transceiver 910. The processor and transceiver may be adapted to perform the functions or operations performed by the terminal device described above, etc.

For example, the transceiver may be configured to receive first indication information sent by the first NF. For example, the processor may be configured to generate second pseudonym information from the first user identification; generating a root key from the second pseudonym information; an access layer key and/or a non-access layer key is generated from the root key, etc.

For another example, the transceiver may be configured to receive second indication information sent by the first NF. For example, the processor may be configured to generate second pseudonym information from the first user identification; or generating a root key according to the second pseudonym information; alternatively, the user plane key may be generated from the root key, etc.

For a specific implementation of the processor and transceiver, reference may be made to the methods shown in fig. 2 to 7b, which are not described in detail here.

In various implementations of the communication device shown in fig. 9, the transceiver may include a receiver to perform the functions (or operations) of receiving and a transmitter to perform the functions (or operations) of transmitting. And transceivers are used to communicate with other devices/means via transmission media. The processor 920 is configured to send and receive data and/or signaling via the transceiver 910 and is configured to implement the corresponding method described in fig. 3a and/or fig. 3b in the above-described method embodiments, etc.

Optionally, the communication device 90 may also include one or more memories 930 for storing program instructions and/or data. The memory 930 is coupled to the processor 920. By way of example, memory 930 may be used to store root keys, access layer keys, or non-access layer keys, etc.

The coupling in the embodiments of the present application is an indirect coupling or communication connection between devices, units, or modules, which may be in electrical, mechanical, or other forms for information interaction between the devices, units, or modules. Processor 920 may operate in conjunction with memory 930. Processor 920 may execute program instructions stored in memory 930. In the alternative, at least one of the one or more memories may be included in the processor.

The specific connection medium between the transceiver 910, the processor 920, and the memory 930 is not limited in the embodiments of the present application. In the embodiment of the present application, the memory 930, the processor 920 and the transceiver 910 are connected through the bus 940 in fig. 9, where the bus is indicated by a thick line in fig. 9, and the connection manner between other components is only schematically illustrated, but not limited to. The buses may be classified as address buses, data buses, control buses, etc. For ease of illustration, only one thick line is shown in fig. 9, but not only one bus or one type of bus.

In the embodiments of the present application, the processor may be a general-purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a discrete gate or transistor logic device, a discrete hardware component, or the like, and may implement or execute the methods, steps, and logic blocks disclosed in the embodiments of the present application. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be embodied directly in a hardware processor, or in a combination of hardware and software modules in the processor.

It will be appreciated that, when the communication apparatus shown in fig. 9 is a terminal device, the terminal device may further have more components than those shown in fig. 9, for example, the terminal device shown in fig. 9 may further include an antenna, etc., which is not limited in this embodiment of the present application.

It will be appreciated that the methods performed by the processors and transceivers shown above are merely examples, and that reference may be made to the methods described above for specific steps performed by the processors and transceivers.

It will be appreciated that the above description of the connection relationship between the processor, transceiver and memory, the description of the processor, etc., applies to the core devices shown below. The core device may be, for example, any of the third NF, fourth NF, NRF, NSSF, DNS, or the like.

In other implementations, the communication device may be circuitry in the terminal device. In this case, the processing unit 802 may be implemented by a processing circuit, and the transmitting/receiving unit 801 may be implemented by an interface circuit. As shown in fig. 10, the communication device may include a processing circuit 1002 and an interface circuit 1001. The processing circuit 1002 may be a chip, a logic circuit, an integrated circuit, a processing circuit, a system on chip (SoC) chip, or the like, and the interface circuit 1001 may be a communication interface, an input-output interface, or the like.

For example, the interface circuit may be configured to obtain the first indication information and/or the second indication information. For example, the processing circuitry may be operative to generate second pseudonym information from the first user identification; generating a root key from the second pseudonym information; an access layer key and/or a non-access layer key is generated from the root key, etc. For another example, the processing circuitry may be further operable to generate second pseudonym information from the first user identification; generating a root key according to the second pseudonym information; generating a user plane key from the root key, etc.

For a specific implementation of the processing circuit and the interface circuit, reference is made to the methods shown in fig. 2 to 7b, which are not described in detail here.

In the embodiments of the present application, the processing circuit may be a general-purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a discrete gate or transistor logic device, a discrete hardware component, or the like, and may implement or execute the methods, steps, and logic blocks disclosed in the embodiments of the present application. It is understood that the circuitry shown below applies to the description of the processing circuitry, for example, circuitry for which the circuitry is any one of the third NF, fourth NF, NRF, NSSF, or DNS.

It will be appreciated that the methods performed by the interface circuits and processing circuits shown above are merely examples, and that reference may be made to the methods described above for specific steps performed by the interface circuits and processing circuits.

Multiplexing fig. 8, fig. 8 is a schematic structural diagram of a communication device provided in an embodiment of the present application, where the communication device may be used to perform the operations performed by the first NF in the foregoing method embodiment. For example, the communication device may be configured to perform the method performed by the first NF of fig. 2-6 d. As another example, the communication device may also be used to perform the method performed by the trusted control NF in fig. 7a, etc. As shown in fig. 8, the communication apparatus includes a transceiving unit 801 and a processing unit 802.

Wherein in some implementations, the transceiver unit 801 is configured to send a first request message to the third NF, where the first request message carries first pseudonym information of a first user identifier of the terminal device;

the transceiver unit 801 is further configured to receive a first response message from the third NF, where the first response message carries second pseudonym information of the first user identifier.

In a possible implementation manner, the first response message further carries first indication information and/or second indication information, where the first indication information is used to indicate that second pseudonym information and/or root key are generated, and the second indication information is used to indicate that the user plane key is generated.

In a possible implementation manner, the processing unit 802 is further configured to generate a root key according to the second pseudonym information if the first response message carries the first indication information;

the transceiver 801 is further configured to send the first indication information to the terminal device.

In a possible implementation manner, the processing unit 802 is further configured to generate a user plane key according to the second pseudonym information if the second indication information is carried in the first response message;

the transceiver 801 is further configured to send second instruction information to the terminal device.

In a possible implementation, the transceiver unit 801 is further configured to send a user plane key to a user plane function.

Wherein, in other implementations, the transceiver unit 801 is configured to send a third request message to the NRF, where the third request message carries a trust level; and receiving a third response message from the NRF, the third response message carrying identification information of the second NF; the communication device performs data and/or signaling interaction with the second NF through the transceiving unit 801.

In a possible implementation manner, the processing unit 802 is configured to obtain a trusted attribute of the first user identifier; and determining the credibility level according to the credibility attribute of the first user identifier.

In a possible implementation manner, the transceiver unit 801 is further configured to send a fourth request message to the NSSF, where the fourth request message carries identification information of the first slice; and receiving a fourth response message from the NSSF, the fourth response message carrying a trust level of the first slice; alternatively, the fourth response message carries the trust level of the second NF set.

In a possible implementation, the transceiver unit 801 is further configured to send a registration request message to the NRF, where the registration request message carries the trust level of the first NF.

In further implementations, the transceiver unit 801 is further configured to send a fifth request message to the DNS, where the fifth request message carries domain name information and a trust level; and the transceiver unit 801 may be further configured to receive identification information of the second NF from the DNS. The identification information of the second NF may be carried in a fifth response message, etc.

It should be understood that when the communication apparatus is the first NF or a component of the first NF (e.g. a core device or a network element) that implements the above function, the processing unit 802 may be one or more processors, the transceiver unit 801 may be a transceiver, or the transceiver unit 801 may also be a transmitting unit and a receiving unit, the transmitting unit may be a transmitter, and the receiving unit may be a receiver, where the transmitting unit and the receiving unit are integrated into one device, e.g. a transceiver.

When the communication device is circuitry such as a chip, the processing unit 802 may be one or more processors, or the processing unit 802 may be a processing circuit or the like. The transceiver unit 801 may be an input-output interface, also referred to as a communication interface, or an interface circuit, an interface, or the like. Alternatively, the transceiver unit 801 may be a transmitting unit and a receiving unit, the transmitting unit may be an output interface, and the receiving unit may be an input interface, and the transmitting unit and the receiving unit are integrated into one unit, for example, an input/output interface. It is understood that when the communication apparatus is any one of the third NF, the fourth NF, NRF, NSSF, and the DNS, each communication apparatus shown below is applicable to this explanation.

The communication device of the present application may perform any function performed by the first NF in the foregoing method embodiment, and specific executable steps and/or functions may refer to the detailed description in the foregoing method embodiment, which is only briefly summarized herein and not repeated herein.

In some implementations, the communication apparatus may be a first NF in the foregoing method embodiments, where the first NF may be a core device. In this case, the transceiver unit 801 may be implemented as a transceiver, and the processing unit 802 may be implemented as a processor. Multiplexing fig. 9, as shown in fig. 9, the communication device 90 includes one or more processors 920 and a transceiver 910. The processor and transceiver may be configured to perform functions or operations performed by the first NF described above, and the like.

For example, the transceiver may be configured to send a first request message to a third NF and receive a first response message from the third NF. For example, the processor may be configured to generate a root key according to the second pseudonym information if the first response message carries first indication information; or the processor may be configured to generate the user plane key according to the second pseudonym information if the second indication information is carried in the first response message. As another example, the transceiver may be further configured to send the first indication information and/or the second indication information to the terminal device. As another example, the transceiver may also be used to send the user plane key to the user plane function.

For example, the transceiver may be configured to send a third request message to the NRF and receive a third response message from the NRF. For example, the processor may be configured to obtain a trusted attribute of the first user identification; and determining the credibility level according to the credibility attribute of the first user identifier. For another example, the transceiver may be further configured to send a fourth request message to the NSSF and receive a fourth response message sent by the NSSF. For another example, the transceiver may also be configured to send a registration request message to the NRF.

For example, the transceiver may also be configured to send a fifth request message to the DNS, receive identification information of the second NF from the DNS, and the like.

It is understood that for a detailed description of the first request message, the first response message, the first indication information, the second indication information, the third request message, etc., reference may be made to fig. 2 to 7b. Further, for specific implementation of the processor and the transceiver, reference may be made to the methods shown in fig. 2 to 7b, which are not described in detail here.

It will be appreciated that the communication device is a further description of the first NF, reference may be made to the description of the previous embodiments, for example, reference may be made to the description of fig. 9 when the communication device is a terminal device, and this will not be described in detail here. It will be appreciated that when the communication apparatus shown in fig. 9 is a core device, the core device may further have more components than those shown in fig. 9, for example, the core device shown in fig. 9 may further include an antenna, etc., which is not limited in this embodiment of the present application.

In other implementations, the communication device may be circuitry in the first NF. In this case, the processing unit 802 may be implemented by a processing circuit, and the transmitting/receiving unit 801 may be implemented by an interface circuit. As shown in fig. 10, the communication device may include a processing circuit 1002 and an interface circuit 1001. The processing circuit 1002 may be a chip, a logic circuit, an integrated circuit, a processing circuit, a system on chip (SoC) chip, or the like, and the interface circuit 1001 may be a communication interface, an input-output interface, or the like.

For example, the interface circuit may be configured to obtain the first response message, the third response message, the fourth response message, or the like. Alternatively, the interface circuit may be configured to obtain the identification information of the second NF. For example, the interface circuit may be configured to output a first request message, a first indication information, a second indication information, a user plane key, a third request message, a fourth request message, a fifth request message, a registration request message, or the like. For example, the processing circuitry may be operative to generate a root key, a user plane key, or the like from the second pseudonym information. For another example, the processing circuit may be further configured to obtain a trusted attribute of the first user identifier; and determining the credibility level according to the credibility attribute of the first user identifier.

For a specific implementation of the processing circuit and the interface circuit, reference is made to the methods shown in fig. 2 to 7b, which are not described in detail here. It will be appreciated that the communication device is a further description of the circuitry of the first NF, reference being made to the description of the circuitry of the communication device being a terminal device, and this will not be described in detail here.

Multiplexing fig. 8, fig. 8 is a schematic structural diagram of a communication device provided in an embodiment of the present application, where the communication device may be used to perform the operations performed by the third NF in the foregoing method embodiment. For example, the communication device may be configured to perform the method performed by the third NF of fig. 2-6 d. As another example, the communication device may also be used to perform the method performed by the trusted data NF in fig. 7a, etc. As shown in fig. 8, the communication apparatus includes a transceiving unit 801 and a processing unit 802.

Illustratively, for example, the transceiver unit 801 may be configured to receive a first request message from a first NF; a processing unit 802 operable to determine a trusted attribute of the first user identification; the transceiver unit 801 is further configured to send a first response message to the first NF.

For another example, the processing unit 802 may be further configured to obtain a first user identifier according to the first pseudonym information, and generate second pseudonym information according to the first user identifier.

For another example, the processing unit 802 may be further configured to control the memory to store a correspondence between the second pseudonym information and the first user identifier.

For another example, the transceiver 801 may be further configured to send a second request message to the fourth NF, receive second pseudonym information from the fourth NF, and so on.

It should be understood that when the communication apparatus is the third NF or a component of the third NF (e.g. the core device or the network element) that implements the above function, the processing unit 802 may be one or more processors, the transceiver unit 801 may be a transceiver, or the transceiver unit 801 may also be a transmitting unit and a receiving unit, the transmitting unit may be a transmitter, and the receiving unit may be a receiver, where the transmitting unit and the receiving unit are integrated into one device, for example, a transceiver.

In some implementations, the communication apparatus may be a third NF in the foregoing method embodiments, where the third NF may be a core device. In this case, the transceiver unit 801 may be implemented as a transceiver, and the processing unit 802 may be implemented as a processor. Multiplexing fig. 9, as shown in fig. 9, the communication device 90 includes one or more processors 920 and a transceiver 910. The processor and transceiver may be configured to perform functions or operations performed by the third NF described above, and so on.

For example, a transceiver may be configured to receive a first request message from a first NF; a processor operable to determine a trusted attribute of the first user identification; the transceiver is further configured to send a first response message to the first NF. For another example, the processor may be further configured to obtain a first user identifier according to the first pseudonym information, and generate second pseudonym information according to the first user identifier. For another example, the processor may be further configured to control the memory to store a correspondence between the second pseudonym information and the first user identification. Alternatively, the memory may directly store the correspondence between the second pseudonym information and the first user identifier, and so on. For another example, the transceiver may be further configured to send a second request message to the fourth NF, receive second pseudonym information from the fourth NF, and so on.

In other implementations, the communication device may be circuitry (or a chip, an integrated circuit, etc.) in the third NF. In this case, the processing unit 802 may be implemented by a processing circuit, and the transmitting/receiving unit 801 may be implemented by an interface circuit. As shown in fig. 10, the communication device may include a processing circuit 1002 and an interface circuit 1001. The processing circuit 1002 may be a chip, a logic circuit, an integrated circuit, a processing circuit, a system on chip (SoC) chip, or the like, and the interface circuit 1001 may be a communication interface, an input-output interface, or the like.

For example, the interface circuit may be configured to obtain the first request message; processing circuitry operable to determine a trusted attribute of the first user identification; the interface circuit is also used for outputting the first response message. For another example, the processing circuit may be further configured to obtain a first user identifier according to the first pseudonym information, and generate second pseudonym information according to the first user identifier. For another example, the processing circuit may be further configured to control the memory to store a correspondence between the second pseudonym information and the first user identifier. For another example, the interface circuit may be further configured to output a second request message, obtain second pseudonym information, and the like.

The communication device of the present application may perform any function performed by the third NF in the foregoing method embodiment, and specific executable steps and/or functions may refer to the detailed description in the foregoing method embodiment, which is only briefly summarized here and not repeated herein.

Multiplexing fig. 8, fig. 8 is a schematic structural diagram of a communication device provided in an embodiment of the present application, where the communication device may be used to perform the operations performed by the fourth NF in the foregoing method embodiment. For example, the communication device may be configured to perform the method performed by the fourth NF of fig. 2-6 d. As another example, the communication device may also be used to perform the method performed by the trusted data NF in fig. 7a, etc. As shown in fig. 8, the communication apparatus includes a transceiving unit 801 and a processing unit 802.

Illustratively, the transceiver unit 801 is configured to receive a second request message from the third NF, where the second request message carries first pseudonym information of the first user identifier of the terminal device;

a processing unit 802, configured to obtain a first user identifier according to the first pseudonym information in response to the second request message, and generate second pseudonym information according to the first user identifier;

the transceiver unit 801 may be further configured to send the second pseudonym information to the third NF.

In a possible implementation manner, the processing unit 802 may be further configured to store a correspondence between the second pseudonym information and the first user identifier.

In some implementations, the communication apparatus may be a fourth NF (e.g., a core device) in the foregoing method embodiments. In this case, the transceiver unit 801 may be implemented as a transceiver, and the processing unit 802 may be implemented as a processor. As shown in fig. 9, the communication device 90 includes one or more processors 920 and a transceiver 910. The processor and transceiver may be configured to perform functions or operations performed by the fourth NF described above, and so on.

Illustratively, for example, the transceiver is configured to receive a second request message from the third NF, the second request message carrying first pseudonym information of the first user identification of the terminal device; the processor is used for responding to the second request message, obtaining a first user identification according to the first pseudonym information and generating second pseudonym information according to the first user identification; the transceiver may also be configured to transmit the second pseudonym information to a third NF. For another example, the processor may be further configured to control the memory to store a correspondence between the second pseudonym information and the first user identification.

It will be appreciated that for a detailed description of the various messages and the like above, and for a specific implementation of the processor and transceiver, reference may be made to fig. 2 to 7b, which are not described in detail here.

In other implementations, the communication device may be circuitry in the fourth NF. In this case, the processing unit 802 may be implemented by a processing circuit, and the transmitting/receiving unit 801 may be implemented by an interface circuit. As shown in fig. 10, the communication device may include a processing circuit 1002 and an interface circuit 1001.

For example, the interface circuit may be configured to obtain a second request message carrying first pseudonym information of a first user identification of the terminal device; the processing circuit is used for responding to the second request message, obtaining a first user identification according to the first pseudonym information and generating second pseudonym information according to the first user identification; the interface circuit may be further operable to output second pseudonym information.

For another example, the processing circuit may be further configured to control the memory to store a correspondence between the second pseudonym information and the first user identifier. Alternatively, the memory may directly store the correspondence between the second pseudonym information and the first user identification, and so on.

For a specific implementation of the processing circuit and the interface circuit, and for the description of the respective messages etc. shown above, reference is made to the method shown in fig. 2 to 7b, which is not described in detail here.

Multiplexing fig. 8, the communication device may be used to perform the operations performed by the NRF in the method embodiments described above. For example, the communication device may be used to perform the method performed by the NRF in fig. 2 to 6 d. As another example, the communication device may also be used to perform the method performed by the trusted control NF in fig. 7a, etc. As shown in fig. 8, the communication apparatus includes a transceiving unit 801 and a processing unit 802.

Illustratively, the transceiver unit 801 is configured to receive a third request message from the first NF; a processing unit 802, configured to determine a second NF according to the trust level; the transceiver unit 801 may be further configured to send a third response message to the first NF.

In a possible implementation manner, the transceiver unit 801 may be further configured to receive a registration request message sent by the second NF; the processing unit 802 may be further configured to store a correspondence between identification information of the second NF and a trust level of the second NF.

In a possible implementation manner, the processing unit 802 is specifically configured to determine the second NF according to the stored correspondence between the identification information of the second NF and the trusted level of the second NF, and the trusted level carried in the third request message.

In one possible implementation, the third request message carrying a trust level includes: the third request message carries the credibility level of the first slice, and the third request message also carries the identification information of the first slice; the processing unit 802 is specifically configured to determine, according to the identification information of the first slice, a second NF set corresponding to the first slice; and determining a second NF from the second NF set according to the corresponding relation between the stored identification information of the NF and the trusted level of the first slice.

In one possible implementation, the third request message carrying a trust level includes: the third request message carries the trust level of the second NF set; and the third request message also carries identification information of the second NF set; the processing unit 802 is specifically configured to determine a second NF from the second NF set according to the stored correspondence between the identification information of the NF and the trust level of the second NF set.

In a possible implementation manner, the transceiver unit 801 is further configured to receive a registration request message from the first NF, where the registration request message carries a trust level of the first NF; the processing unit 802 may be further configured to store a correspondence between the identification information of the first NF and a trust level of the first NF.

In some implementations, the communication apparatus may be an NRF in the foregoing method embodiments, where the NRF may be a core device. In this case, the transceiver unit 801 may be implemented as a transceiver, and the processing unit 802 may be implemented as a processor. Multiplexing fig. 9, as shown in fig. 9, the communication device 90 includes one or more processors 920 and a transceiver 910. The processor and transceiver may be used to perform functions or operations performed by the NRF described above, etc.

For example, a transceiver may be configured to receive a third request message from the first NF; a processor operable to determine a second NF based on the trust level; the transceiver may be further configured to send a third response message to the first NF.

For another example, the transceiver may be further configured to receive a registration request message sent by the second NF; and the processor is also used for storing the corresponding relation between the identification information of the second NF and the credible level of the second NF.

For another example, the transceiver may be further configured to receive a registration request message from the first NF, the registration request message carrying a trust level of the first NF; and the processor is also used for storing the corresponding relation between the identification information of the first NF and the credibility level of the first NF.

In other implementations, the communication device may be circuitry in the NRF. In this case, the processing unit 802 may be implemented by a processing circuit, and the transmitting/receiving unit 801 may be implemented by an interface circuit. As shown in fig. 10, the communication device may include a processing circuit 1002 and an interface circuit 1001. The processing circuit 1002 may be a chip, a logic circuit, an integrated circuit, a processing circuit, a system on chip (SoC) chip, or the like, and the interface circuit 1001 may be a communication interface, an input-output interface, or the like.

For example, the interface circuit may be configured to obtain a third request message; the processing circuitry may be operable to determine a second NF based on the trust level; the interface circuit may also be configured to output a third response message.

For another example, the interface circuit may also be used to obtain registration request messages, and the like.

It will be appreciated that reference may be made to the foregoing embodiments for specific implementations of NRF or circuitry in NRF and the description of the various messages above, etc., and that no further details will be given here.

Multiplexing fig. 8, the communications apparatus can be configured to perform the operations performed by the NSSF in the method embodiments described above. For example, the communication device may be used to perform the method performed by NSSF in fig. 2-6 d. As another example, the communication device may also be used to perform the method performed by the trusted control NF in fig. 7a, etc. As shown in fig. 8, the communication apparatus includes a transceiving unit 801 and a processing unit 802. Wherein,,

a transceiver unit 801, configured to receive a fourth request message sent by the first NF, where the fourth request message carries identification information of the first slice; and sending a fourth response message to the first NF, the fourth response message carrying the trust level of the first slice; or the fourth response message carries identification information of a second NF set and a trust level of the second NF set, wherein the second NF set is the NF set corresponding to the first slice.

In a possible implementation manner, the processing unit 802 may be configured to determine the trusted level of the first slice according to the first preconfiguration information and the identification information of the first slice, where the first preconfiguration information includes a correspondence between the trusted level of the first slice and the identification information of the first slice.

In a possible implementation manner, the processing unit 802 is further configured to determine a trust level of the second NF set according to the second preconfiguration information and the identification information of the first slice, where the second preconfiguration information includes a correspondence between the identification information of the second NF set and the trust level of the second NF set.

In some implementations, the communication apparatus may be an NSSF in the foregoing method embodiments, where the NSSF may be a core device. In this case, the transceiver unit 801 may be implemented as a transceiver, and the processing unit 802 may be implemented as a processor. Multiplexing fig. 9, as shown in fig. 9, the communication device 90 includes one or more processors 920 and a transceiver 910. The processor and transceiver may be used to perform the functions or operations performed by the NSSF described above, etc.

For example, the transceiver may be configured to receive a fourth request message sent by the first NF, where the fourth request message carries identification information of the first slice; and sending a fourth response message to the first NF, the fourth response message carrying the trust level of the first slice; or the fourth response message carries identification information of a second NF set and a trust level of the second NF set, wherein the second NF set is the NF set corresponding to the first slice.

For another example, the processor 802 may be configured to determine the trusted level of the first slice according to the first pre-configuration information and the identification information of the first slice, where the first pre-configuration information includes a correspondence between the trusted level of the first slice and the identification information of the first slice.

For another example, the processor 802 may be further configured to determine a trust level of the second NF set according to the second preconfiguration information and the identification information of the first slice, where the second preconfiguration information includes a correspondence between the identification information of the second NF set and the trust level of the second NF set.

In other implementations, the communication device may be circuitry in the NSSF. In this case, the processing unit 802 may be implemented by a processing circuit, and the transmitting/receiving unit 801 may be implemented by an interface circuit. As shown in fig. 10, the communication device may include a processing circuit 1002 and an interface circuit 1001. The processing circuit 1002 may be a chip, a logic circuit, an integrated circuit, a processing circuit, a system on chip (SoC) chip, or the like, and the interface circuit 1001 may be a communication interface, an input-output interface, or the like.

Illustratively, the interface circuit is operable to obtain the fourth request message and output a fourth response message. The processing circuitry may be operative to determine a trust level of the first slice or a trust level of the second NF set, etc.

It will be appreciated that reference may be made to the foregoing embodiments for specific implementations of NSSF or circuitry in NSSF, and the description of the various messages above, etc., and that no further details will be given here.

Multiplexing fig. 8, the communication device may also be used to perform the operations performed by DNS in the method embodiments described above. For example, the transceiver unit 801 may be configured to receive a fifth request message from the first NF, where the fifth request message carries domain name information and a trust level; the processing unit 802 may be configured to determine, in response to the fifth request message, a second NF according to the domain name information and the trust level; and the transceiver unit 801 may be further configured to send identification information of the second NF to the first NF.

In some implementations, the processing unit 802 may be implemented with a processor and the transceiver unit 801 may be implemented with a transceiver. As shown in fig. 9, the processor and transceiver may be used to perform the functions or operations performed by the DNS described above, and the like. Illustratively, the transceiver may be configured to receive a fifth request message; the processor may be configured to determine a second NF based on the domain name information and the trust level; and the transceiver may be further configured to send identification information of the second NF to the first NF.

In other implementations, the processing unit 802 may be implemented with processing circuitry, and the transceiver unit 801 may be implemented with interface circuitry. As shown in fig. 10, the interface circuit may be configured to obtain the fifth request message, the processing circuit may be configured to determine the second NF according to the domain name information and the trust level, and the interface circuit may be further configured to output identification information of the second NF.

The communication device of the present application may perform any function performed by DNS in the above method embodiment, and specific executable steps and/or functions may refer to the detailed description in the above method embodiment, which is only briefly summarized here and not repeated herein.

Fig. 11 is a schematic diagram of a wireless communication system provided in an embodiment of the present application, and as shown in fig. 11, the wireless communication system may include a first NF, a third NF, an NRF, and an NSSF. Further, the wireless communication system may further include a fourth NF (not shown in fig. 11), a terminal device (not shown in fig. 11), a second NF, and the like. Further, the wireless communication system may further include DNS (not shown in fig. 11) or the like. For the steps or functions performed by the respective NFs, reference may be made to the foregoing embodiments, which will not be described in detail herein.

In the several embodiments provided in this application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. In addition, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices, or elements, or may be an electrical, mechanical, or other form of connection.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the technical effects of the scheme provided by the embodiment of the application.

In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application is essentially or a part contributing to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a readable storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method described in the embodiments of the present application. And the aforementioned readable storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

Furthermore, the present application also provides a computer program for implementing the operations and/or processes performed by the first NF in the secure communication method provided in the present application.

The present application also provides a computer program for implementing the operations and/or processes performed by the third NF in the secure communication method provided herein.

The present application also provides a computer program for implementing operations and/or processes performed by NRF in the secure communication method provided by the present application.

The present application also provides a computer program for implementing the operations and/or processes performed by the NSSF in the secure communication method provided herein.

The present application also provides a computer program for implementing the operations and/or processes performed by the terminal device in the secure communication method provided by the present application.

The present application also provides a computer program for implementing the operations and/or processes performed by the fourth NF in the secure communication method provided herein.

The present application also provides a computer program for implementing operations and/or processes performed by DNS in the secure communication method provided herein.

The present application also provides a computer readable storage medium having computer code stored therein, which when run on a computer causes the computer to perform operations and/or processes performed by a first NF in a secure communication method provided herein.

The present application also provides a computer readable storage medium having computer code stored therein, which when run on a computer causes the computer to perform operations and/or processes performed by a third NF in the secure communication method provided herein.

The present application also provides a computer-readable storage medium having computer code stored therein, which when run on a computer, causes the computer to perform operations and/or processes performed by the NRF in the secure communication method provided by the present application.

The present application also provides a computer readable storage medium having computer code stored therein that, when run on a computer, causes the computer to perform operations and/or processes performed by the NSSF in the secure communication method provided herein.

The present application also provides a computer-readable storage medium having computer code stored therein, which when run on a computer, causes the computer to perform operations and/or processes performed by a terminal device in the secure communication method provided by the present application.

The present application also provides a computer readable storage medium having computer code stored therein, which when run on a computer causes the computer to perform operations and/or processes performed by a fourth NF in the secure communication method provided herein.

The present application also provides a computer readable storage medium having computer code stored therein, which when run on a computer causes the computer to perform operations and/or processes performed by DNS in the secure communication method provided herein.

The present application also provides a computer program product comprising computer code or a computer program which, when run on a computer, causes the operations and/or processing performed by the first NF in the secure communication method provided by the present application to be carried out.

The present application also provides a computer program product comprising computer code or a computer program which, when run on a computer, causes the operations and/or processing performed by the third NF in the secure communication method provided by the present application to be implemented.

The present application also provides a computer program product comprising computer code or a computer program which, when run on a computer, causes the operations and/or processing performed by the NRF in the secure communication method provided by the present application to be implemented.

The present application also provides a computer program product comprising computer code or a computer program which, when run on a computer, causes the operations and/or processes performed by the NSSF in the secure communication method provided by the present application to be carried out.

The present application also provides a computer program product comprising computer code or a computer program which, when run on a computer, causes the operations and/or processing performed by a terminal device in the secure communication method provided by the present application to be carried out.

The present application also provides a computer program product comprising computer code or a computer program which, when run on a computer, causes the operations and/or processing performed by the fourth NF in the secure communication method provided by the present application to be implemented.

The present application also provides a computer program product comprising computer code or a computer program which, when run on a computer, causes operations and/or processes performed by DNS in the secure communication method provided by the present application to be implemented.

The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A method of secure communication, the method comprising:

the first network function NF sends a first request message to a third NF, wherein the first request message carries first pseudonym information of a first user identifier of the terminal equipment;

Responding to the first request message, and determining the credible attribute of the first user identifier by the third NF according to the subscription level of the first user identifier; or the third NF determines the credible attribute of the first user identifier according to the conversation attribute of the first user identifier; or the third NF determines the credible attribute of the first user identifier according to the industry requirement of the first user identifier;

if the trusted attribute of the first user identifier meets a preset condition, the third NF sends a first response message to the first NF, wherein the first response message carries second pseudonym information of the first user identifier.

2. The method of claim 1, wherein the third NF sending a first response message to the first NF comprises:

and if the trust level of the first NF is matched with a preset level, the third NF sends the first response message to the first NF.

3. The method according to claim 1 or 2, wherein the third NF sending a first response message to the first NF comprises:

and if the trusted level of the security domain where the first NF is located matches a preset level, the third NF sends the first response message to the first NF.

4. The method of claim 1 or 2, wherein before the third NF sends the first response message to the first NF, the method further comprises:

the third NF obtains the first user identification according to the first pseudonym information, and generates the second pseudonym information according to the first user identification.

5. The method of claim 3, wherein before the third NF sends the first response message to the first NF, the method further comprises:

6. The method according to claim 4, wherein the method further comprises:

and the third NF stores the corresponding relation between the second pseudonym information and the first user identifier.

7. The method of claim 5, wherein the method further comprises:

8. The method of claim 1 or 2, wherein before the third NF sends the first response message to the first NF, the method further comprises:

The third NF sends a second request message to a fourth NF, wherein the second request message carries the first pseudonym information;

responding to the second request message, the fourth NF obtains the first user identification according to the first pseudonym information, and generates the second pseudonym information according to the first user identification;

the fourth NF sends the second pseudonym information to the third NF, which receives the second pseudonym information.

9. The method of claim 3, wherein before the third NF sends the first response message to the first NF, the method further comprises:

10. The method according to any of claims 1, 2, 5, 6, 7, 9, wherein the first response message further carries first indication information and/or second indication information, the first indication information being used for indicating that the second pseudonym information and/or root key are generated, and the second indication information being used for indicating that a user plane key is generated.

11. A method according to claim 3, wherein the first response message further carries first indication information and/or second indication information, the first indication information being used for indicating generation of the second pseudonym information and/or root key, and the second indication information being used for indicating generation of the user plane key.

12. The method of claim 4, wherein the first response message further carries first indication information and/or second indication information, where the first indication information is used to indicate generation of the second pseudonym information and/or root key, and the second indication information is used to indicate generation of a user plane key.

13. The method according to claim 8, wherein the first response message further carries first indication information and/or second indication information, where the first indication information is used to indicate that the second pseudonym information and/or root key are generated, and the second indication information is used to indicate that the user plane key is generated.

14. The method according to claim 10, wherein the method further comprises:

if the first response message includes the first indication information, the first NF generates the root key according to the second pseudonym information;

And the first NF sends the first indication information to the terminal equipment.

15. The method according to any one of claims 11-13, further comprising:

16. The method according to claim 10, wherein the method further comprises:

if the first response message includes the second indication information, the first NF generates the user plane key according to the second pseudonym information;

and the first NF sends the second indication information to the terminal equipment.

17. The method according to any one of claims 11-13, further comprising:

18. The method of claim 16, wherein the method further comprises:

The first NF sends the user plane key to a user plane function.

19. The method of claim 17, wherein the method further comprises:

the first NF sends the user plane key to a user plane function.

20. The method according to claim 14, characterized in that the method comprises:

the terminal equipment receives first indication information sent by a first network function NF; the first indication information is used for indicating the terminal equipment to generate second pseudonym information and/or a root key;

the terminal equipment generates the second pseudonym information according to the first indication information;

the terminal equipment generates the root key according to the second pseudonym information;

the terminal equipment generates an access layer key and/or a non-access layer key according to the root key; the access layer key is used for protecting data and/or signaling between the terminal equipment and the access equipment, and the non-access layer key is used for protecting data and/or signaling between the terminal equipment and the first NF.

21. The method according to claim 15, characterized in that the method comprises:

22. The method according to claim 16, characterized in that the method comprises:

the terminal equipment receives second indication information sent by the first NF, wherein the second indication information is used for indicating the terminal equipment to generate a user plane key;

the terminal equipment generates second pseudonym information according to the second indication information;

the terminal equipment generates a root key according to the second pseudonym information;

and the terminal equipment generates the user plane key according to the root key, wherein the user plane key is used for protecting data between the terminal equipment and a user plane function.

23. The method according to claim 17, characterized in that the method comprises:

24. A wireless communication system, the system comprising:

the first network function NF is configured to send a first request message to the third NF, where the first request message carries first pseudonym information of a first user identifier of the terminal device;

the third NF is configured to determine, in response to the first request message, a trusted attribute of the first user identifier according to a subscription level of the first user identifier; or determining the credible attribute of the first user identifier according to the conversation attribute of the first user identifier; or determining the credible attribute of the first user identifier according to the industry requirement of the first user identifier; and if the trusted attribute of the first user identifier meets a preset condition, sending a first response message to the first NF, wherein the first response message carries second pseudonym information of the first user identifier.

25. The system of claim 24, wherein the system further comprises a controller configured to control the controller,

the third NF is specifically configured to send the first response message to the first NF if the trusted level of the first NF matches a preset level.

26. The system of claim 24 or 25, wherein the system comprises a plurality of sensors,

the third NF is specifically configured to send the first response message to the first NF if the trusted level of the security domain where the first NF is located matches a preset level.

27. The system of claim 24 or 25, wherein the system comprises a plurality of sensors,

the third NF is further configured to obtain the first user identifier according to the first pseudonym information, and generate the second pseudonym information according to the first user identifier.

28. The system of claim 26, wherein the system further comprises a controller configured to control the controller,

29. The system of claim 27, wherein the system further comprises a controller configured to control the controller,

and the third NF is further used for storing the corresponding relation between the second pseudonym information and the first user identifier.

30. The system of claim 28, wherein the system further comprises a controller configured to control the controller,

31. The system of claim 24 or 25, wherein the system comprises a plurality of sensors,

the third NF is further configured to send a second request message to a fourth NF, where the second request message carries the first pseudonym information;

the system further comprises:

the fourth NF is configured to obtain the first user identifier according to the first pseudonym information in response to the second request message, and generate the second pseudonym information according to the first user identifier; and sending the second pseudonym information to the third NF;

the third NF is further configured to receive the second pseudonym information.

32. The system of claim 26, wherein the system further comprises a controller configured to control the controller,

the system further comprises:

The third NF is further configured to receive the second pseudonym information.

33. The system according to any of claims 24, 25, 28, 29, 30, 32, wherein the first response message further carries first indication information and/or second indication information, the first indication information being used for indicating that the second pseudonym information and/or root key are generated, and the second indication information being used for indicating that a user plane key is generated.

34. The system according to claim 26, wherein the first response message further carries first indication information and/or second indication information, where the first indication information is used to indicate that the second pseudonym information and/or root key are generated, and the second indication information is used to indicate that the user plane key is generated.

35. The system according to claim 27, wherein the first response message further carries first indication information and/or second indication information, where the first indication information is used to indicate that the second pseudonym information and/or root key are generated, and the second indication information is used to indicate that the user plane key is generated.

36. The system according to claim 31, wherein the first response message further carries first indication information and/or second indication information, where the first indication information is used to indicate that the second pseudonym information and/or root key are generated, and the second indication information is used to indicate that the user plane key is generated.

37. The system of claim 33, wherein the system further comprises a controller configured to,

the first NF is further configured to generate the root key according to the second pseudonym information if the first response message includes the first indication information; and sending the first indication information to the terminal equipment.

38. The system of any one of claims 34-36, wherein,

39. The system of claim 33, wherein the system further comprises a controller configured to,

the first NF is further configured to generate the user plane key according to the second pseudonym information if the second indication information is included in the first response message; and sending the second indication information to the terminal equipment.

40. The system of any one of claims 34-36, wherein,

41. The system of claim 39, wherein the system comprises,

the first NF is further configured to send the user plane key to a user plane function.

42. The system of claim 40, wherein the system further comprises, in combination,