CN115280803B - Multimedia broadcast multicast service authentication method, device, equipment and medium - Google Patents
Multimedia broadcast multicast service authentication method, device, equipment and medium Download PDFInfo
- Publication number
- CN115280803B CN115280803B CN202080098555.8A CN202080098555A CN115280803B CN 115280803 B CN115280803 B CN 115280803B CN 202080098555 A CN202080098555 A CN 202080098555A CN 115280803 B CN115280803 B CN 115280803B
- Authority
- CN
- China
- Prior art keywords
- key
- information
- network element
- gba
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/06—Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application discloses a method, a device, equipment and a medium for authenticating multimedia broadcast multicast service, and relates to the field of mobile communication. The terminal equipment and the mobile network control plane interact through NAS information to complete at least one of the following procedures: registering an authentication flow, a request authentication flow, and a key distribution flow; at least one of the registration authentication flow, the request authentication flow and the key distribution flow is used for the Multimedia Broadcast Multicast Service (MBMS). And at least one of the registration authentication flow, the request authentication flow and the key distribution flow is used for the MBMS service, a method for MBMS service is provided, and a service registration process, an MSK request verification process and a key issuing process are arranged in a mobile network control plane, so that the normal operation of the MBMS service is ensured.
Description
Technical Field
The present application relates to the field of mobile communications, and in particular, to a method, an apparatus, a device, and a medium for authenticating a multimedia broadcast multicast service.
Background
Currently, in a 4G (the 4th generation mobile communication technology, fourth generation mobile communication technology) wireless communication network, a network device may provide an MBMS (Multimedia Broadcast Multicast Service ) service to a terminal device, and a broadcast multicast service center network element as a main node of the MBMS service may create, maintain, and transport a data stream.
However, in the NR (New Radio) system, the BM-SC network element cannot be applied in the NR system, and thus a method for providing the MBMS service is needed.
Disclosure of Invention
The embodiment of the application provides a method, a device, equipment and a medium for authenticating multimedia broadcast multicast service. The technical scheme is as follows:
according to one aspect of the present application, there is provided a multimedia broadcast multicast service authentication method applied to a terminal device, the method comprising:
the terminal equipment and the mobile network control plane interact through NAS (Non-Access Stratum) information to complete at least one of the following procedures: registering an authentication flow, a request authentication flow, and a key distribution flow;
at least one of the registration authentication procedure, the request authentication procedure and the key distribution procedure is used for the MBMS.
According to one aspect of the present application, there is provided a multimedia broadcast multicast service authentication method applied to a mobile network control plane, the method comprising:
the mobile network control plane and the terminal equipment interact through NAS information to complete at least one of the following procedures: registering an authentication flow, a request authentication flow, and a key distribution flow;
At least one of the registration authentication procedure, the request authentication procedure and the key distribution procedure is used for the MBMS.
According to an aspect of the present application, there is provided a multimedia broadcast multicast service authentication apparatus,
the device comprises: a transceiver module;
the transceiver module is configured to interact with the mobile network control plane through NAS messages so as to complete at least one of the following procedures: registering an authentication flow, a request authentication flow, and a key distribution flow;
at least one of the registration authentication flow, the request authentication flow and the key distribution flow is used for the Multimedia Broadcast Multicast Service (MBMS).
According to an aspect of the present application, there is provided a multimedia broadcast multicast service authentication apparatus, the apparatus comprising a mobile network control plane module;
the mobile network control plane module is configured to interact with the terminal equipment through NAS information so as to complete at least one of the following procedures: registering an authentication flow, a request authentication flow, and a key distribution flow;
at least one of the registration authentication flow, the request authentication flow and the key distribution flow is used for the Multimedia Broadcast Multicast Service (MBMS).
According to an aspect of the present application, there is provided a terminal device comprising: a processor; a transceiver coupled to the processor; a memory for storing executable instructions of the processor; wherein the processor is configured to load and execute the executable instructions to implement the multimedia broadcast multicast service authentication method as described in the above aspect.
According to an aspect of the present application, there is provided a network device comprising: a processor; a transceiver coupled to the processor; a memory for storing executable instructions of the processor; wherein the processor is configured to load and execute the executable instructions to implement the multimedia broadcast multicast service authentication method as described in the above aspect.
According to an aspect of the present application, there is provided a computer readable storage medium having stored therein executable instructions loaded and executed by the processor to implement the multimedia broadcast multicast service authentication method as described in the above aspect.
The technical scheme provided by the embodiment of the application at least comprises the following beneficial effects:
The method provided by the embodiment of the application is that the terminal equipment and the mobile network control surface interact through NAS to finish at least one of the following registration authentication flow, request authentication flow and key distribution flow, and the at least one of the registration authentication flow, request authentication flow and key distribution flow is used for MBMS service.
And sending a service registration request for the first network element to register the terminal equipment to the first network element, when receiving a first verification success message sent by the first network element and used for indicating that the registration flow of the service registration request is successful, sending an MSK request to the first network element, receiving a second verification success message sent by the first network element, or sending an MSK request to the second network element, receiving a second verification success message sent by the second network element, and then receiving an MSK key and an MTK key sent by the third network element. The application provides a method for MBMS service, which executes the service registration process, MSK request verification process and secret key issuing process by adopting different network elements, thereby ensuring the normal operation of MBMS service.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 illustrates a block diagram of a communication system provided by an exemplary embodiment of the present application;
fig. 2 is a schematic diagram illustrating a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application;
fig. 3 is a flowchart illustrating a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application;
fig. 4 is a flowchart illustrating a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application;
fig. 5 is a flowchart illustrating a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application;
fig. 6 is a flowchart illustrating a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application;
fig. 7 is a flowchart illustrating a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application;
Fig. 8 is a flowchart illustrating a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application;
fig. 9 is a flowchart illustrating a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application;
fig. 10 is a flowchart illustrating a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application;
fig. 11 is a flowchart illustrating a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application;
fig. 12 is a flowchart illustrating a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application;
fig. 13 is a flowchart illustrating a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application;
fig. 14 illustrates an MBMS key hierarchy provided by an exemplary embodiment of the present application;
fig. 15 is a flowchart illustrating a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application;
fig. 16 is a flowchart illustrating a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application;
fig. 17 is a schematic diagram illustrating deployment among various network elements according to an exemplary embodiment of the present application;
Fig. 18 shows a schematic deployment diagram between network elements according to an exemplary embodiment of the present application;
fig. 19 is a schematic diagram illustrating deployment among various network elements according to an exemplary embodiment of the present application;
fig. 20 shows a schematic deployment diagram between network elements according to an exemplary embodiment of the present application;
FIG. 21 illustrates a block diagram of a communication device provided by an exemplary embodiment of the present application;
FIG. 22 illustrates a block diagram of a communication device provided by an exemplary embodiment of the present application;
FIG. 23 illustrates a block diagram of a communication device provided by an exemplary embodiment of the present application;
FIG. 24 illustrates a block diagram of a communication device provided by an exemplary embodiment of the present application;
fig. 25 shows a schematic structural diagram of a communication device according to an exemplary embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail with reference to the accompanying drawings.
First, the terms involved in the embodiments of the present application will be briefly described:
AMF: (Authentication Management Function, access and mobility management functions);
AUSF: (Authentication Server Function );
MBS: (BroadcastMulticast Service), multicast broadcast service);
UPF: (User Plane Function );
UDM: (Unified Data Management, unified data management function);
NEF: (Network Exposure Function, network open function);
SMF: (Session Management Function );
PCF: (Policy Control Function );
MRK: (MBMS Request Key );
MSK: (MBMS Service Key );
MTK: (MBMS Traffic Key );
MTK: (MBMS usekey, MBMS user key);
GBA: (Generic Bootstrapping Architecture );
ID: (Identity document, identification number).
Fig. 1 shows a block diagram of a communication system provided by an exemplary embodiment of the present application. The communication system includes: access network 12, terminal equipment 14, core network 16.
Access network 12 includes a number of network devices 120 therein. The network device 120 may be a base station, which is a means deployed in an access network to provide wireless communication functionality for terminals. The base stations may include various forms of macro base stations, micro base stations, relay stations, access points, and the like. In systems employing different radio access technologies, the names of base station capable devices may vary, for example in LTE systems, called enodebs or enbs; in a 5G NR-U system, it is called gNodeB or gNB.
The terminal device 14 may include various handheld devices, vehicle mounted devices, wearable devices, computing devices or other processing devices connected to a wireless modem, as well as various forms of user equipment, mobile Stations (MSs), terminals (terminal devices), etc. For convenience of description, the above-mentioned devices are collectively referred to as terminal devices. The network device 120 and the terminal device 14 communicate with each other via some air interface technology, e.g. Uu interface.
Terminal equipment 14 accesses core network 16 through access network 12.
Optionally, the core network 16 includes: UPF, AUSF, UDM, NEF, AMF, SMF and PCF. One or more network elements in the core network 16 are used to carry GBA mechanisms.
The technical scheme of the embodiment of the application can be applied to various communication systems, such as: global system for mobile communications (Global System of Mobile Communication, GSM), code division multiple access (Code Division Multiple Access, CDMA) system, wideband code division multiple access (Wideband Code Division Multiple Access, WCDMA) system, general packet Radio service (General Packet Radio Service, GPRS), long term evolution (Long Term Evolution, LTE) system, LTE frequency division duplex (Frequency Division Duplex, FDD) system, LTE time division duplex (Time Division Duplex, TDD) system, long term evolution advanced (Advanced long Term Evolution, LTE-a) system, new Radio (NR) system, evolution system of NR system, LTE (LTE-based access to Unlicensed spectrum, LTE-U) system on unlicensed frequency band, NR-U system, universal mobile telecommunication system (Universal Mobile Telecommunication System, UMTS), worldwide interoperability for microwave access (Worldwide Interoperability for Microwave Access, wiMAX) communication system, wireless local area network (Wireless Local Area Networks, WLAN), wireless fidelity (Wireless Fidelity, wiFi), next generation communication system or other communication system, etc.
Generally, the number of connections supported by the conventional communication system is limited and easy to implement, however, as the communication technology advances, the mobile communication system will support not only conventional communication but also, for example, device-to-Device (D2D) communication, machine-to-machine (Machine to Machine, M2M) communication, machine type communication (Machine Type Communication, MTC), inter-vehicle (Vehicle to Vehicle, V2V) communication, and internet of vehicles (Vehicle to Everything, V2X) systems, etc. The embodiments of the present application may also be applied to these communication systems.
Fig. 2 is a schematic diagram illustrating a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application.
The terminal equipment and the mobile network control plane can interact through NAS information to complete at least one of the following procedures: registering an authentication flow, a request authentication flow, and a key distribution flow;
at least one of the registration authentication procedure, the request authentication procedure, and the key distribution procedure is used for the MBMS service.
The registration authentication process is used for registering the terminal equipment on the mobile network control plane so that the subsequent terminal equipment and the mobile network control plane execute the MBMS service.
The request authentication flow is used for the terminal equipment to request the mobile network control surface to issue a secret key, so that the terminal equipment communicates through the secret key in the subsequent process.
The key distribution flow is used for distributing keys to the terminal equipment after the mobile network control plane verification request passes, so that the terminal equipment communicates through the received keys.
Optionally, the mobile network control plane is a network element in the core network.
Optionally, the non-access layer is present in the radio communication protocol stack of the universal mobile telecommunications system (Universal Mobile Telecommunications System, UMTS) as a functional layer between the core network and the user equipment. The NAS message is a message transmitted in a non-access stratum, and signaling and data transmission between the terminal device and the control plane of the first network element are implemented through the NAS message.
In summary, the method provided in this embodiment interacts with the mobile network control plane through NAS messages, that is, the BM-SC function is implemented by separating the user plane from the control plane, so that the MBMS service can be implemented without changing the communication device in the 3GPP (3 rd Generation Partnership Project, third generation partnership project) standard, and the method can be applied to networks in all 5G scenarios.
Fig. 3 is a flowchart illustrating a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application, which is applied to a terminal and a network device as shown in fig. 1, and includes at least some of the following contents:
in step 310, the terminal device sends a service registration request to the first network element.
In step 320, the first network element receives a service registration request sent by the terminal device.
The service registration request is used for registering the terminal equipment by the first network element.
When the terminal equipment needs to perform the MBMS service, the terminal equipment needs to register in the network equipment, and after the registration is successful, the MBMS service can be opened.
The terminal equipment sends a service registration request to the first network element, and the subsequent first network element can register the network equipment according to the service registration request sent by the terminal equipment.
Step 330, after the authentication service registration request is successful, the first network element sends a first authentication success message to the terminal device.
Step 340, the terminal device receives the first verification success message sent by the first network element.
The first verification success message is used for indicating that the registration process corresponding to the service registration request is successful.
After receiving the service registration request sent by the terminal equipment, the first network element verifies the service registration request, and after the verification is successful, a first verification success message can be sent to the terminal equipment to prompt that the service registration request of the terminal equipment is verified successfully.
It should be noted that, steps 310-340 are used to represent the registration authentication procedure in the above embodiment.
In step 350, the terminal device sends a first authentication request to the first network element.
Step 360, the first network element receives the first authentication request sent by the terminal device, and when the first authentication request is successfully authenticated, sends a second authentication success message to the terminal device.
After the terminal equipment finishes registration in the first network element, the terminal equipment can send a first verification request to the first network element, the first network element verifies the first verification request after receiving the first verification request, and when the first verification request is verified to be successful, a second verification success message is sent to the terminal equipment.
Alternatively, the first authentication request may be an MSK request, for requesting to obtain an MSK key of the third network element.
Optionally, the first authentication request includes a B-TID, and when the first network element determines that the B-TID is located in the validity period and the key corresponding to the B-TID is located in the validity period, the first network element sends a second authentication success message to the terminal device when it is determined that the authentication of the first authentication request is successful.
Wherein, the B-TID represents identity information generated by the terminal equipment after GBA mechanism.
When the first network element receives the first verification request, the validity period of the B-TID in the first verification request can be obtained, and when the B-TID is determined to be located in the validity period and the key corresponding to the B-TID is also located in the validity period, the first verification request is verified to be successful, and a second verification success message can be sent to the terminal equipment.
It should be noted that steps 350-360 are the request verification process in the above embodiment.
In step 370, the third network element sends the first key and the second key to the terminal device.
In step 380, the terminal device receives the first key and the second key sent by the third network element.
After the first network element verifies the first verification request, the third network element generates a first key, sends the first key to the terminal equipment, regenerates the second key and sends the second key to the terminal equipment.
The first key is used for protecting or generating a second key, and the second key is used for data transmission of a user plane between the terminal equipment and the session network element.
Optionally, the first network element sends a key generation instruction to the third network element, where the key generation instruction includes a key identifier, and the third network element generates the first key according to the key identifier.
The key generation instruction is an MSK generation instruction, wherein the MSK generation instruction comprises an MSKID, and the third network element generates MSK according to the MSK ID.
In one possible implementation manner, the first verification request includes an MSK ID, and the third network element generates an MSK key according to the MSK ID and sends the MSK key to the terminal device.
In another possible implementation manner, the MSK request includes an MTK ID, and the third network element generates an MTK key according to the MTK ID, and sends the MTK key to the terminal device.
In another possible implementation manner, the third network element generates an MTK ID, generates an MTK key according to the MTK ID, and sends the MTK to the terminal device.
Optionally, the MSK key is carried in a NAS (Non-Access Stratum) message, and is sent to the terminal device through the NAS message. The MTK key is carried in NAS (Non-Access Stratum) message and is sent to the terminal equipment through NAS message.
It should be noted that steps 307 to 308 are key distribution flows in the above embodiments.
Optionally, the first network element in the present application is any one of an AMF network element, an SMF network element, an AUSF network element, and a SEAF network element, and the third network element is an SMF network element.
The method provided by the embodiment of the application is that the terminal equipment and the mobile network control surface interact through NAS to finish at least one of the following registration authentication flow, request authentication flow and key distribution flow, and the at least one of the registration authentication flow, request authentication flow and key distribution flow is used for MBMS service.
And sending a service registration request for the first network element to register the terminal equipment to the first network element, when receiving a first verification success message sent by the first network element and used for indicating that the registration flow of the service registration request is successful, sending an MSK request to the first network element, receiving a second verification success message sent by the first network element, or sending an MSK request to the second network element, receiving a second verification success message sent by the second network element, and then receiving an MSK key and an MTK key sent by the third network element. The application provides a method for MBMS service, which executes the service registration process, MSK request verification process and secret key issuing process by adopting different network elements, thereby ensuring the normal operation of MBMS service.
It should be noted that, in the embodiment of fig. 3, only the service registration procedure and the MSK request verification procedure performed by the first network element are described as an example, and in the embodiment shown in fig. 4, the service registration procedure may also be performed by the first network element, and the MSK request verification procedure may also be performed by the second network element.
In an alternative embodiment based on fig. 3, fig. 4 shows a flowchart of a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application. In this embodiment, steps 350-360 may alternatively be implemented as steps 3501-3601:
In step 3501, the terminal device sends a first authentication request to the second network element.
In step 3601, the second network element receives the first verification request sent by the terminal device, and when the first verification request is verified to be successful, sends a second verification success message to the terminal device.
Optionally, after the second network element receives the first verification request, the second network element may acquire the validity period of the B-TID in the first verification request, and when it is determined that the B-TID is located in the validity period and the key corresponding to the B-TID is also located in the validity period, the first verification request is verified to be successful, and a second verification success message may be sent to the terminal device.
Step 3501 and step 3601 are similar to steps 350 and 360 in the above embodiments, and are not described herein.
Optionally, when the second network element determines that the B-TID is located in the validity period and the key corresponding to the B-TID is located in the validity period, the second network element sends a second verification success message to the terminal device when determining that the verification MSK request is successful.
The method provided by the embodiment of the application can be used for respectively setting the service registration flow and the request verification flow in different network elements, and can ensure the normal operation of the MBMS service.
In an alternative embodiment based on fig. 3, fig. 5 shows a flowchart of a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application. In this embodiment, the method further includes:
Step 510, the first network element sends a service registration request to the fourth network element.
Step 520, the fourth network element receives the service registration request, determines fourth key information according to the initial key information and the first identification information, and sends the fourth key information to the first network element, where the first identification information is used to indicate the first network element.
After the first network element receives the service registration request, the fourth network element determines the key information because the fourth network element is the network element which completes the GBA procedure with the terminal device.
Optionally, the service registration request includes a B-TID (bootstrap thing identification), and when the fourth network element determines that the B-TID is verified, a subsequent step is performed.
In addition, the service registration request further includes first identification information, where the first identification information is used to indicate the first network element.
After receiving the service registration request, the fourth network element can determine fourth key information according to the initial key information and the first identification information, and then send the fourth key information to the first network element for subsequent verification between the first network element and the terminal equipment.
Optionally, the fourth network element may further send parameters such as a user key file, a key period, and the like to the first network element.
Optionally, the initial key information is Ks, the fourth key information is ks_xx_naf, and the fourth network element may determine the fourth key information according to the Ks, the user real identity identifier SUPI, the random number RAND in the GBA flow, the GBA flow parameter GBA-xx, and the first identification information.
Wherein the random number RAND is 16 octets (octect).
For example, the fourth key information ks_xx_naf=kdf (Ks, gba-xx, RAND, SUPI, AMF _id).
It should be noted that the embodiment of the present application is only described by taking interaction between the first network element and the second network element in steps 401 to 402 as an example. In another embodiment, when the first network element is a network element performing the GBA procedure, the above steps may be performed directly by the first network element, without the first network element sending a service registration request to the fourth network element, and the fourth network element determining the fourth key information.
When the first network element determines the fourth key information, the initial key information is Ks, the fourth key information is ks_xx_naf, and the fourth network element can determine the fourth key information according to the Ks, the user real identity identifier SUPI, the random number, the GBA flow parameter GBA-xx, and the first identification information.
For example, the fourth key information ks_xx_naf=kdf (Ks, gba-xx, random number, SUPI, amf_id).
Wherein the random number may be RAND or a first random number.
In step 530, the first network element sends the first random number and the first identification information to the terminal device.
Wherein the first random number is a number randomly generated by the first network element. And the first random number is 16 octets (octect).
Step 540, the terminal device receives the first identification information and the first random number sent by the first network element, determines that the first network element is a server requiring MBS service according to the first identification information, determines first key information according to the first identification information and the initial key information, determines second key information according to the first key information, determines first summary information according to the first random number and the second key information, and sends the first summary information and the second random number to the first network element.
After receiving the first identification information and the first random number sent by the first network element, the terminal equipment determines whether the first network element is a server needing MBS service according to the first identification information, and when determining that the first network element is the server needing MBS service, the terminal equipment executes the subsequent steps.
The process of determining the fourth key information by the fourth network element in the above process of the first key information domain is similar to that of determining the fourth key information by the terminal device according to the first identification information and the initial key information, and will not be described herein.
The terminal device then determines second key information based on the first key information.
Alternatively, the second key information may be an MRK key, the first key information is ks_xx_naf, and the mrk=kdf (ks_xx_naf, mbms_ MRK) is adopted. The mbms_ mrk is an MBMS service parameter.
And the terminal equipment determines first abstract information according to the received first random number and second key information, and sends the first abstract information and the second random number to the first network element for verification by the first network element.
Optionally, the first digest information is RES, and res=f2 (MRK, first random number, B-TID).
In step 550, the first network element receives the first digest information and the second random number sent by the terminal device.
In step 560, the first network element determines the third key information according to the fourth key information, and when the first digest information is verified successfully, determines the second digest information according to the second random number and the third key information, and sends the second digest information to the terminal device.
The process of determining the third key information by the first network element according to the fourth key information is similar to the process of determining the second key information according to the first key information in the above process, and will not be described herein.
Optionally, the first digest information is verified based on the first random number and the third key information.
When the summary information determined by the first network element is the same as the first summary information sent by the terminal equipment, the first summary information is verified to be successful, at the moment, the first network element determines second summary information according to the second random number and the third key information, and the second summary information is sent to the terminal equipment so as to be verified by the terminal equipment.
Optionally, the second summary information is RES, res=f2 (MRK, second random number, B-TID).
In step 570, the terminal device receives the second summary information sent by the first network element.
In step 580, the terminal device verifies that the second summary information is successful, and completes the registration process of the terminal device.
Optionally, after the registration process of the terminal device is completed, the first network element stores registration data of the terminal device and the first network element, where the registration data includes information such as B-TID, first identification information, a user authorization status, an MBMS key status, and the like.
Optionally, the first network element in the embodiment of the present application may be any one of an AMF network element, an SMF network element, an AUSF network element, and a SEAF network element.
In the following, by way of example, service registration procedures performed respectively when the first network element is a different network element will be described in turn.
When the first network element is an AMF network element and the fourth network element is a GBA server, the service registration procedure is performed by adopting the procedure shown in fig. 6.
1. The terminal equipment sends a service registration request to the AMF network element, wherein the service registration request comprises B-TID and MBS service ID.
2. The AMF network element forwards a service registration request to the GBA server, the service registration request including the B-TID and the amf_id.
3. The GBA server returns an authentication response to the AMF network element, including ks_xx_naf, user key file, bootstrapping time, key period, etc.
4. The AMF network element sends an AMF_ID and a nonce1 to the terminal equipment.
5. The terminal device determines the MRK key, calculates the digest res=f2 (MRK, nonce1, B-TID), and selects nonce2.
6. The terminal device sends a summary res=f2 (MRK, nonce1, B-TID) and nonce2 to the AMF network element.
7. The AMF network element calculates MRK and verifies the digest res=f2 (MRK, nonce1, B-TID), calculates res=f2 (MRK, nonce2, B-TID).
8. The AMF network element verifies that the digest is successful and sends res=f2 (MRK, nonce2, B-TID) to the terminal device.
9. Terminal equipment verifies res=f2 (MRK, nonce2, B-TID) success.
When the first network element is an AUSF network element, a service registration procedure is performed using a procedure as shown in fig. 7.
1. The terminal equipment sends a service registration request to the AUSF network element, wherein the service registration request comprises B-TID and MBS service ID.
2. The AUSF network element determines ks_xx_naf, user key file, bootstrapping time, key period, etc.
3. The AUSF network element sends an ausf_id and nonce1 to the terminal device.
4. The terminal device determines the MRK key, calculates the digest res=f2 (MRK, nonce1, B-TID), and selects nonce2.
5. The terminal device sends a summary res=f2 (MRK, nonce1, B-TID) and nonce2 to the AUSF network element.
6. The AUSF network element calculates MRK and verifies the digest res=f2 (MRK, nonce1, B-TID), calculates res=f2 (MRK, nonce2, B-TID).
7. The AUSF network element verifies that the digest is successful and sends res=f2 (MRK, nonce2, B-TID) to the terminal device.
8. Terminal equipment verifies res=f2 (MRK, nonce2, B-TID) success.
If the first authentication request of steps 350-360 may fail to authenticate, the method of FIG. 8 may be performed to continue to authenticate the first authentication request. In an alternative embodiment based on fig. 3, fig. 8 shows a flowchart of a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application. In this embodiment, the method further includes:
step 810, when the first authentication request fails, the first network element sends the first authentication request to the fourth network element.
Optionally, the first authentication request includes a B-TID, and when the fourth network element determines that the B-TID is authenticated, a subsequent step is performed.
Step 820, the fourth network element receives the first authentication request, determines eighth key information according to the initial key information and the first identification information, and sends the eighth key information to the first network element.
In addition, the first authentication request further includes first identification information, where the first identification information is used to indicate the first network element.
After receiving the first verification request, the fourth network element can determine eighth key information according to the initial key information and the first identification information, and then send the eighth key information to the first network element for verification between the first network element and the terminal equipment.
Optionally, the fourth network element may further send parameters such as a user key file, a key period, and the like to the first network element.
In addition, the process of determining the eighth key information by the fourth network element is similar to the process of determining the fourth key information in step 520, and will not be described herein.
It should be noted that, the embodiment of the present application is only described by taking interaction between the first network element and the second network element in steps 801-802 as an example. In another embodiment, when the first network element is a network element performing the GBA procedure, the above steps may be performed directly by the first network element, without the first network element sending a first authentication request to the fourth network element, and the fourth network element determining the eighth key information.
In step 830, the first network element sends the third random number and the first identification information to the terminal device.
In step 840, the terminal device receives the first identification information and the third random number sent by the first network element, determines, according to the first identification information, a server that the first network element needs MBS service, determines fifth key information according to the first identification information and the initial key information, determines sixth key information according to the fifth key information, determines third digest information according to the third random number and the sixth key information, and sends the third digest information and the fourth random number to the first network element.
In step 850, the first network element receives the third digest information and the fourth random number sent by the terminal device.
In step 860, the first network element determines the seventh key information according to the eighth key information, and when the third digest information is verified successfully, determines the fourth digest information according to the fourth random number and the seventh key information, and sends the fourth digest information to the terminal device.
Optionally, the first network element verifies the third digest information according to the third random number and the seventh key information.
The process performed in steps 840-860 is similar to that performed in steps 540-560 described above, and will not be described again.
In step 870, the terminal device receives the fourth summary information sent by the first network element.
In step 880, the terminal device verifies that the fourth summary information is successful, and completes the verification process of the first verification message.
Optionally, the first network element in the embodiment of the present application may be any one of an AMF network element, an SMF network element, an AUSF network element, and a SEAF network element.
In the following, by way of example, service registration procedures performed respectively when the first network element is a different network element will be described in turn.
When the first network element is an AMF network element and the fourth network element is a GBA server, the process shown in fig. 9 is adopted to perform the verification process of the first verification request.
1. The terminal equipment sends an MSK request to the AMF network element, wherein the MSK request comprises a B-TID and an MBS service ID.
2. The AMF network element forwards an MSK request to the GBA server, wherein the MSK request comprises the B-TID and the AMF_ID.
3. The GBA server returns an authentication response to the AMF network element, including ks_xx_naf, user key file, bootstrapping time, key period, etc.
4. The AMF network element sends an AMF_ID and a nonce3 to the terminal equipment.
5. The terminal device determines the MRK key, calculates the digest res=f2 (MRK, nonce3, B-TID), nonce4.
6. The terminal device sends a summary res=f2 (MRK, nonce3, B-TID) and nonce4 to the AMF network element.
7. The AMF network element calculates the MRK and verifies res=f2 (MRK, nonce3, B-TID).
8. The AMF network element verifies that the digest is successful and sends res=f2 (MRK, nonce4, B-TID) to the terminal device.
9. Terminal equipment verifies res=f2 (MRK, nonce4, B-TID) success.
When the AMF network element verifies that the MSK request is successful in step 1, the AMF network element directly sends the second verification success information to the terminal device, and if the MSK request fails in step 2-7, the step of verifying the MSK request is continued.
When the first network element is an AUSF network element, a service registration procedure is performed using a procedure as shown in fig. 10.
1. The terminal equipment sends an MSK request to the AUSF network element, wherein the MSK request comprises B-TID and MBS service ID.
2. The AUSF network element determines ks_xx_naf, user key file, bootstrapping time, key period, etc.
3. The AUSF network element sends an ausf_id and nonce3 to the terminal device.
4. The terminal device determines the MRK key, calculates the digest res=f2 (MRK, nonce1, B-TID), nonce4.
5. The terminal device sends a digest res=f2 (MRK, nonce1, B-TID), nonce4, to the AUSF network element.
6. The AUSF network element calculates the MRK and verifies the digest res=f2 (MRK, nonce1, B-TID), nonce4.
7. The AUSF network element verifies that the third summary information is successful and sends res=f2 (MRK, nonce4, B-TID) to the terminal device.
8. Terminal equipment verifies res=f2 (MRK, nonce4, B-TID) success.
When the AUSF network element verifies that the MSK request is successful in step 1, the second verification success information is directly sent to the terminal device, and if the MSK request fails in step 2-6, the step of verifying the MSK request is continued.
It should be noted that, the embodiment of the present application is only described by taking the service registration process and the request verification process performed in the first network element as an example. In another embodiment, the service registration procedure may also be performed in the first network element and the request authentication procedure performed in the second network element. In an alternative embodiment based on fig. 4, fig. 11 shows a flowchart of a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application. In this embodiment, the method further includes:
Step 1110, the second network element sends a first authentication request to the fourth network element;
step 1120, the fourth network element receives the first verification request, determines fourth key information according to the initial key information and the first identification information, and sends the fourth key information to the second network element, where the first identification information is used to indicate the second network element;
step 1130, the second network element sends the first random number and the first identification information to the terminal device;
in step 1140, the terminal device receives the first identification information and the first random number sent by the second network element, determines that the second network element is a server that needs MBS service according to the first identification information, determines first key information according to the first identification information and the initial key information, determines second key information according to the first key information, determines first summary information according to the first random number and the second key information, and sends the first summary information and the second random number to the second network element.
In step 1150, the second network element receives the first digest information and the second random number sent by the terminal device.
In step 1160, the second network element determines the third key information according to the fourth key information, and when the first digest information is verified successfully, determines the second digest information according to the second random number and the third key information, and sends the second digest information to the terminal device.
Optionally, the second network element verifies the first digest information according to the first random number and the third key information.
In step 1170, the terminal device receives the second summary information sent by the second network element.
In step 1180, the terminal device verifies that the second summary information is successful, and completes the authentication request flow of the terminal device.
The process of steps 1110-1180 in the embodiment of the present application is similar to the process of steps 510-580 described above, and will not be described again here.
In the following, by way of example, a request authentication procedure performed when the second network element is an SMF network element will be described.
When the second network element is an SMF network element and the fourth network element is a GBA server, the service registration procedure is performed by adopting the procedure shown in fig. 12.
1. The terminal equipment sends an MSK request to the SMF network element, wherein the MSK request comprises B-TID and MBS service ID.
2. The SMF network element forwards an MSK request to the GBA server, the MSK request including the B-TID and the smf_id.
3. The GBA server returns an authentication response to the SMF network element, including ks_xx_naf, user key file, bootstrapping time, key period, etc.
4. The SMF network element sends the smf_id and nonce1 to the terminal device.
5. The terminal device determines the MRK key, calculates the digest res=f2 (MRK, nonce1, B-TID), nonce2.
6. The terminal device sends a digest res=f2 (MRK, nonce1, B-TID) and nonce2 to the SMF network element.
7. The SMF network element calculates the MRK and verifies the digest res=f2 (MRK, nonce1, B-TID).
8. The SMF network element verifies that the digest was successful and sends res=f2 (MRK, nonce2, B-TID) to the terminal device.
9. Terminal equipment verifies res=f2 (MRK, nonce2, B-TID) success.
After the authentication request flow of the terminal device and the mobile network control plane is completed, the key distribution flow may be executed, and in an alternative embodiment based on fig. 3, fig. 13 shows a flowchart of a multimedia broadcast multicast service authentication method according to an exemplary embodiment of the present application. In this embodiment, the method further includes:
in step 1310, the third network element generates a first key.
Optionally, the third network element receives the key generation instruction sent by the first network element, and generates the first key and the second key according to the key generation instruction.
The key generation instruction is used for instructing the third network element to generate the first key and the second key.
In one possible implementation, the key generation instruction includes an MSK ID, and the third network element may generate an MSK key according to the MSK ID, and then generate an MTK key according to the MTKID.
In step 1320, the third network element sends the first key to the terminal device.
In step 1330, the terminal device receives the first key sent by the third network element.
Step 1340, the terminal device sends the first acknowledgement message to the third network element.
The first confirmation message is used for indicating that the terminal equipment receives the first key sent by the third network element successfully.
Optionally, the first acknowledgement message is an ACK identifier, and after the third network element receives the ACK identifier, it is determined that the terminal device successfully receives the first key sent by the third network element.
In step 1350, the third network element generates the second key.
In step 1360, the third network element sends the second key to the terminal device.
In step 1370, the terminal device receives the second key sent by the third network element.
Step 1380, the terminal device sends a second acknowledgement message to the third network element.
The second confirmation message is used for indicating that the terminal equipment receives the second key sent by the third network element successfully.
Optionally, the second acknowledgement message is an ACK identifier, and after the third network element receives the ACK identifier, it is determined that the terminal device successfully receives the second key sent by the third network element.
Optionally, the terminal device may update the key information every a preset time period and update the MRK key information, and then the terminal device completes authentication again according to the MRK key information; updating MSK key information, generating a plurality of MTK keys according to the MSK key information, and encrypting data by adopting the MTK keys so as to carry out data transmission.
Optionally, after generating the MRK key information, the terminal device generates MUK key information, and encrypts and transmits the generated multiple MSK keys by using the MUK key information.
In one possible implementation, when the terminal device requests to acquire key information, a plurality of MTK keys are sent to the terminal device, or when the location of the terminal device changes, the MTK keys are updated, and the updated MTK keys are sent to the terminal device.
For example, fig. 14 shows an MBMS key hierarchy. Referring to fig. 14, the terminal device generates MRK key information and MSK key information, generates a plurality of MTK key information using the MSK key information, and encrypts data using the plurality of MTK key information.
In addition, the third network element is an SMF network element, and the first network element may be any one of an AMF network element, an SMF network element, an AUSF network element, and a SEAF network element.
In the following, by way of example, the flow of key distribution performed separately when the first network element is a different network element will be described in turn.
When the first network element is an AMF network element, the process of key distribution is performed by adopting the process as described in fig. 15.
1. The AMF network element sends the MSKID to the SMF network element.
2. The SMF network element receives the MSKID and generates an MSK key.
3. The SMF network element sends the MSK key to the terminal device.
4. And the terminal equipment receives the MSK and sends an ACK message.
5. The SMF network element generates an MTK key according to the MTKID.
6. The SMF network element sends the MIK key to the terminal device.
7. And the terminal equipment receives the MTK key and sends an ACK message.
When the first network element is an AUSF network element, unlike the above example, step 1 is to send the MSK ID from the AUSF network element to the SMF network element, and the other steps are similar and will not be described herein.
In addition, when the first network element is an SMF network element, a flow described in fig. 16 is adopted to perform a flow of key distribution.
1. And the SMF network element generates an MSK key according to the MSKID.
2. The SMF network element sends the MSK key to the terminal device.
3. And the terminal equipment receives the MSK and sends an ACK message.
4. And the SMF network element generates an MTK key according to the MTK ID.
5. The SMF network element sends the MIK key to the terminal device.
6. And the terminal equipment receives the MTK key and sends an ACK message.
The above embodiments are described by taking a service registration process, a request authentication process, and a key distribution process as examples, and the service registration process, the request authentication process, and the key distribution process are integrated to describe the present application.
In the first case:
when the first network element is an AMF network element, the third network element is an SMF network element, the fourth network element is a SEAF network element, or an AUSF network element, deployment between the network elements is shown in fig. 17.
In addition, referring to table 1, the function of each network element is shown.
TABLE 1
In the second case:
when the first network element is an AUSF network element, or a SEAF network element, and the third network element is an SMF network element, deployment between the network elements is shown in fig. 18.
In addition, referring to table 2, the function of each network element is shown.
TABLE 2
In the third case:
when the first network element is an SMF network element, the third network element is an SMF network element, the fourth network element is a SEAF network element, or an AUSF network element, the deployment between the network elements is as shown in fig. 19.
In addition, referring to table 3, the function of each network element is shown.
TABLE 3 Table 3
In the fourth case, when the first network element is an AMF network element or an AUSF network element, the second network element is an SMF network element, the third network element is an SMF network element, and the fourth network element is a SEAF network element or an AUSF network element, the deployment between the network elements is shown in fig. 20.
In addition, referring to table 4, the function of each network element is shown.
TABLE 4 Table 4
Fig. 21 shows a block diagram of a communication device according to an exemplary embodiment of the present application, which is applied to the terminal shown in fig. 1, and includes: a transceiver module 2101;
The transceiver module 2101 is configured to interact with the mobile network control plane through NAS messages to complete at least one of the following procedures: registering an authentication flow, a request authentication flow, and a key distribution flow;
at least one of the registration authentication flow, the request authentication flow and the key distribution flow is used for the Multimedia Broadcast Multicast Service (MBMS).
In one example, referring to fig. 22, the transceiver module 2101 includes a transmit sub-module 21011 and a receive sub-module 21012;
a sending submodule 21011 configured to send a service registration request to the first network element, the service registration request being used for the first network element to register the terminal device;
the receiving submodule 21012 is configured to receive a first authentication success message sent by the first network element, where the first authentication success message is used to indicate that a registration procedure corresponding to the service registration request is successful.
In one example, referring to fig. 22, the transceiver module 2101 includes a transmit sub-module 21011 and a receive sub-module 21012;
a sending submodule 21011 configured to send a first authentication request to the first network element;
a receiving sub-module 21012 configured to receive a second authentication success message sent by the first network element,
or alternatively, the first and second heat exchangers may be,
A sending submodule 21011 configured to send a first authentication request to the second network element;
a receiving submodule 21012 configured to receive a second authentication success message sent by the second network element;
the first authentication request is used for authentication of the first network element or the second network element, the request is used for obtaining a first key of the third network element, and the second authentication success message is used for indicating that the authentication of the first authentication request is successful.
In one example, referring to fig. 22, the transceiver module 2101 includes a receiving sub-module 21012;
a receiving submodule 21012 configured to receive the first key and the second key sent by the third network element;
the first key is used for protecting or generating a second key, and the second key is used for data transmission of a user plane between the terminal equipment and the session network element.
In one example, the receiving sub-module 21012 is configured to receive the first identification information and the first random number sent by the first network element, determine that the first network element is a server that needs MBS service according to the first identification information, determine first key information according to the first identification information and the initial key information, determine second key information according to the first key information, determine first digest information according to the first random number and the second key information, and send the first digest information and the second random number to the first network element;
Or alternatively, the first and second heat exchangers may be,
a receiving submodule 21012 configured to receive the first identification information and the first random number sent by the second network element, determine that the second network element is a server requiring MBS service according to the first identification information, determine first key information according to the first identification information and the initial key information, determine second key information according to the first key information, determine first summary information according to the first random number and the second key information, and send the first summary information and the second random number to the second network element;
the first identification information is used for indicating the first network element or the second network element.
In one example, the receiving sub-module 21012 is configured to receive second digest information sent by the first network element, the second digest information being determined by the first network element based on third key information and the second random number, the third key information being determined based on fourth key information, the fourth key information being determined based on the first identification information and the initial key information; verifying the success of the second abstract information, and completing the registration process of the terminal equipment;
or alternatively, the first and second heat exchangers may be,
a receiving submodule 21012 configured to receive second summary information sent by a second network element, the second summary information being determined by the second network element according to third key information and a second random number, the third key information being determined according to fourth key information, the fourth key information being determined according to the first identification information and the initial key information; and verifying the second abstract information successfully to finish the registration process of the terminal equipment.
In one example, the transceiver module 2101 is configured to send a first acknowledgement message to the third network element, where the first acknowledgement message is used to indicate that the terminal device successfully receives the first key sent by the third network element.
In one example, the transceiver module 2101 is configured to send a second acknowledgement message to the third network element, where the first acknowledgement message is used to indicate that the terminal device successfully receives the second key sent by the third network element.
In one example, the receiving sub-module 21012 is configured to receive the first identification information and the third random number sent by the first network element when the first authentication request fails, determine that the first network element is a server requiring MBS service according to the first identification information, determine fifth key information according to the first identification information and the initial key information, determine sixth key information according to the fifth key information, determine third digest information according to the third random number and the sixth key information, and send the third digest information and the fourth random number to the first network element.
In one example, the receiving sub-module 21012 is configured to receive fourth digest information sent by the first network element, where the fourth digest information is determined by the first network element according to seventh key information and a fourth random number, the seventh key information is determined according to eighth key information, the eighth key information is determined according to the first identification information and the initial key information, and verification of the fourth digest information is successful, so as to complete a verification process of the first verification request of the terminal device.
In one example, the first network element is any one of an access and mobility management function AMF network element, a session management function SMF network element, an authentication server function AUSF network element, and a security anchor function SEAF network element.
In one example, the second network element is a session management function, SMF, network element.
In one example, the third network element is a session management function, SMF, network element.
Fig. 23 shows a block diagram of a communication device according to an exemplary embodiment of the present application, which is applied to a mobile network control plane as shown in fig. 1, and includes: a mobile network control plane module 2301;
the mobile network control plane module 2301 is configured to interact with the terminal device via NAS messages to perform at least one of the following procedures: registering an authentication flow, a request authentication flow, and a key distribution flow;
at least one of the registration authentication flow, the request authentication flow and the key distribution flow is used for the Multimedia Broadcast Multicast Service (MBMS).
In an alternative embodiment, referring to fig. 24, a mobile network control plane module 2301 includes a first network element sub-module 23011;
a first network element submodule 23011 configured to receive a service registration request sent by a terminal device and register the terminal device;
When the service registration request is verified to be successful, the first network element submodule 23011 is configured to send a first verification success message to the terminal device, where the first verification success message is used to indicate that the registration procedure corresponding to the service registration request is successful.
In an alternative embodiment, referring to fig. 24, the mobile network control plane includes a first network element submodule 23011 and a second network element submodule 23022;
a first network element module 23011 configured to receive a first authentication request sent by a terminal device, and when the first authentication request is successful, send a second authentication success message to the terminal device, or a second network element sub-module 23012 configured to receive the first authentication request sent by the terminal device, and when the first authentication request is successful, send a second authentication success message to the terminal device;
the first authentication request is used for requesting to acquire a first key of the third network element, and the second authentication success message is used for indicating that the first authentication request is successful in authentication.
In an alternative embodiment, referring to fig. 24, mobile network control plane module 2301 includes a third network element sub-module 23013;
a third network element submodule 23013 configured to send the first key and the second key to the terminal device;
The first key is used for protecting or generating a second key, and the second key is used for data transmission of a user plane between the terminal equipment and the session network element.
In an alternative embodiment, referring to fig. 24, the mobile network control plane module further comprises a fourth network element submodule 23014;
a first network element submodule 23011 configured to send a service registration request to the fourth network element submodule;
a fourth network element submodule 23014 configured to receive the service registration request, determine fourth key information according to the initial key information and the first identification information, send the fourth key information to the first network element submodule, and the first identification information is used to indicate the first network element submodule;
a first network element submodule 23011 configured to send a first random number and first identification information to a terminal device;
a first network element submodule 23011 configured to receive first digest information and second random numbers sent by the terminal device, the first digest information being determined by the terminal device according to the first random numbers and second key information, the second key information being determined according to the first key information, the first key information being determined according to the first identification information and the initial key information;
the first network element submodule 23011 is configured to determine third key information according to the fourth key information, determine second digest information according to the second random number and the third key information when the verification of the first digest information is successful, and send the second digest information to the terminal device.
In an alternative embodiment, the first network element submodule 23011 is configured to verify the first digest information based on the first random number and the third key information.
In an alternative embodiment, the service registration request includes a bootstrap transaction identifier B-TID;
when the fourth network element submodule 23014 determines that the authentication B-TID passes, a step of determining fourth key information from the initial key information and the first identity information is performed.
In an alternative embodiment, the first authentication request includes a B-TID;
when the first network element submodule 23011 determines that the B-TID is located in the validity period and the key corresponding to the B-TID is located in the validity period, the first network element submodule sends a second verification success message to the terminal equipment when determining that the first verification request is successful;
or alternatively, the first and second heat exchangers may be,
when the second network element submodule 23012 determines that the B-TID is located in the validity period and the key corresponding to the B-TID is located in the validity period, the second network element submodule sends a second authentication success message to the terminal device when it is determined that the authentication of the first authentication request is successful.
In an alternative embodiment, when the first authentication request fails, the first network element submodule 23011 is configured to send the first authentication request to the fourth network element submodule;
The fourth network element submodule 23014 is configured to receive the first authentication request, determine eighth key information from the initial key information and the first identification information, and send the eighth key information to the first network element submodule;
a first network element submodule 23011 configured to send the third random number and the first identification information to the terminal device;
a first network element submodule 23011 configured to receive third digest information and fourth random number sent by the terminal device, the third digest information being determined by the terminal device according to the third random number and sixth key information, the sixth key information being determined according to fifth key information, the fifth key information being determined according to the first identification information and the initial key information;
a first network element submodule 23011 configured to determine seventh key information according to the eighth key information, determine fourth digest information according to the fourth random number and the seventh key information when verification of the third digest information is successful, and send the fourth digest information to the terminal device;
and after the first verification request is verified to be successful, executing the process that the first network element sends a second verification success message to the terminal equipment.
In an alternative embodiment, the first network element submodule 23011 is configured to verify the third digest information based on the third random number and the seventh key information.
In an alternative embodiment, the mobile network control plane further comprises a fourth network element sub-module,
a second network element submodule 23012 configured to send a first authentication request to the fourth network element submodule;
a fourth network element submodule 23014 configured to receive the first authentication request, determine fourth key information according to the initial key information and the first identification information, send the fourth key information to the second network element submodule, and the first identification information is used to indicate the second network element submodule;
a second network element submodule 23012 configured to send the first random number and the first identification information to the terminal device;
a second network element submodule 23012 configured to receive first digest information and second random numbers sent by the terminal device, the first digest information being determined by the terminal device according to the first random numbers and second key information, the second key information being determined according to the first key information, the first key information being determined according to the first identification information and the initial key information;
the second network element submodule 23012 is configured to determine third key information according to the fourth key information, determine second digest information according to the second random number and the third key information when the verification of the first digest information is successful, and send the second digest information to the terminal device.
In an alternative embodiment, the second network element submodule 23013 is configured to verify the first digest information based on the first random number and the third key information.
In an alternative embodiment, the third network element submodule 23013 is configured to receive a key generation instruction sent by the first network element submodule, where the key generation instruction is used to instruct the third network element submodule to generate the first key and the second key.
In an alternative embodiment, the third network element submodule 23013 is configured to receive a first acknowledgement message sent by the terminal device, where the first acknowledgement message is used to indicate that the terminal device successfully receives the first key sent by the third network element submodule.
In an alternative embodiment, the third network element submodule 23013 is configured to receive a second acknowledgement message sent by the terminal device, where the second acknowledgement message is used to indicate that the terminal device successfully receives the second key sent by the third network element submodule.
In an alternative embodiment, the first network element sub-module is any one of an AMF network element, an SMF network element, an AUSF network element, and a SEAF network element.
In an alternative embodiment, the second network element sub-module is an SMF network element.
In an alternative embodiment, the third network element sub-module is an SMF network element.
Fig. 25 is a schematic structural view of a communication device according to an exemplary embodiment of the present application, the communication device including: a processor 2501, a receiver 2502, a transmitter 2503, a memory 2504, and a bus 2505.
The processor 2501 includes one or more processing cores, and the processor 2501 executes various functional applications and information processing by running software programs and modules.
The receiver 2502 and the transmitter 2503 may be implemented as one communication component, which may be a communication chip.
The memory 2504 is connected to the processor 2501 by a bus 2505.
The memory 2504 may be used for storing at least one instruction that the processor 2501 uses to execute to implement the various steps of the method embodiments described above.
Further, the memory 104 may be implemented by any type of volatile or nonvolatile storage device or combination thereof, including but not limited to: magnetic or optical disks, electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), static Random Access Memory (SRAM), read-only memory (ROM), magnetic memory, flash memory, programmable read-only memory (PROM).
In an exemplary embodiment, there is also provided a computer readable storage medium having stored therein executable instructions loaded and executed by the processor to implement the multimedia broadcast multicast service authentication method performed by a communication device provided by the above respective method embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program for instructing relevant hardware, where the program may be stored in a computer readable storage medium, and the storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The foregoing description of the preferred embodiments of the present application is not intended to limit the application, but rather, the application is to be construed as limited to the appended claims.
Claims (36)
1. A method for authenticating a multimedia broadcast multicast service, applied to a terminal device, the method comprising:
the terminal equipment and the mobile network control plane interact through NAS information of a non-access stratum to complete the following flow: registering an authentication flow, a request authentication flow, and a key distribution flow;
The registration authentication flow, the request authentication flow and the key distribution flow are used for a Multimedia Broadcast Multicast Service (MBMS);
the registration authentication process includes:
sending a service registration request to a general guide architecture (GBA) server, wherein the service registration request is used for registering the terminal equipment by the GBA server;
receiving a first verification success message sent by the GBA server, wherein the first verification success message is used for indicating that a registration process corresponding to the service registration request is successful;
the request authentication process includes:
sending an MBMS service key MSK request to a GBA server, and receiving a second verification success message sent by the GBA server;
the MSK request is used for the GBA server to verify, the MSK request is requested to acquire an MSK key of the SMF network element, and the second verification success message is used for indicating that the MSK request is successful in verification;
the key distribution flow comprises the following steps:
receiving an MSK key and an MBMS traffic key MTK key sent by an SMF network element;
the MSK key is used for protecting or generating the MTK key, and the MTK key is used for data transmission of a user plane between the terminal equipment and the session network element;
The method further comprises the steps of:
receiving first identification information and a first random number sent by the GBA server, determining that the GBA server is a server requiring Multicast Broadcast Service (MBS) service according to the first identification information, determining first key information according to the first identification information and initial key information, determining second key information according to the first key information, determining first summary information according to the first random number and the second key information, and sending the first summary information and the second random number to the GBA server;
wherein the first identification information is used for indicating the GBA server;
the method further comprises the steps of:
receiving second abstract information sent by the GBA server, wherein the second abstract information is determined by the GBA server according to third key information and a second random number, the third key information is determined according to fourth key information, and the fourth key information is determined according to the first identification information and the initial key information; and verifying that the second abstract information is successful, and finishing the registration process of the terminal equipment.
2. The method according to claim 1, wherein the method further comprises:
And sending a first confirmation message to the SMF network element, wherein the first confirmation message is used for indicating that the terminal equipment receives the first key sent by the SMF network element successfully.
3. The method according to claim 1, wherein the method further comprises:
and sending a second confirmation message to the SMF network element, wherein the second confirmation message is used for indicating that the terminal equipment receives the second key sent by the SMF network element successfully.
4. The method according to claim 1, wherein the method further comprises:
when the MSK request fails to verify, receiving first identification information and third random number sent by the GBA server, determining that the GBA server is a server requiring multicast broadcast service MBS service according to the first identification information, determining fifth key information according to the first identification information and initial key information, determining sixth key information according to the fifth key information, determining third abstract information according to the third random number and the sixth key information, and sending the third abstract information and fourth random number to the GBA server.
5. The method according to claim 4, wherein the method further comprises:
Receiving fourth summary information sent by the GBA server, wherein the fourth summary information is determined by the GBA server according to seventh key information and the fourth random number, the seventh key information is determined according to eighth key information, the eighth key information is determined according to the first identification information and initial key information, the fourth summary information is verified to be successful, and the verification process of the MSK request of the terminal equipment is completed.
6. The method according to any of claims 1 to 5, wherein the GBA server is any one of an authentication server function AUSF network element, a security anchor function SEAF network element.
7. A method for authenticating a multimedia broadcast multicast service, applied to a mobile network control plane, the method comprising:
the mobile network control plane and the terminal equipment interact through NAS information of a non-access stratum to complete the following flow: registering an authentication flow, a request authentication flow, and a key distribution flow;
the registration authentication flow, the request authentication flow and the key distribution flow are used for a Multimedia Broadcast Multicast Service (MBMS);
the mobile network control plane comprises a generic bootstrapping architecture GBA server, and the registration authentication flow comprises:
The GBA server receives a service registration request sent by a terminal device and registers the terminal device;
after the service registration request is verified to be successful, the Generic Bootstrapping Architecture (GBA) server sends a first verification success message to the terminal equipment, wherein the first verification success message is used for indicating that a registration process corresponding to the service registration request is successful, the mobile network control plane comprises the GBA server, and the request authentication process comprises the following steps:
the GBA server receives an MBMS service key MSK request sent by the terminal equipment, and when the MSK request is verified to be successful, a second verification success message is sent to the terminal equipment;
wherein, the MSK request is used for requesting to acquire the MSK key of the SMF network element, and the second verification success message is used for indicating that the MSK request is verified successfully;
wherein the mobile network control plane includes an SMF network element, and the key distribution flow includes:
the SMF network element sends an MSK key and an MBMS traffic key MTK key to the terminal equipment;
the MSK key is used for protecting or generating the MTK key, and the MTK key is used for data transmission of a user plane between terminal equipment and a session network element.
8. The method of claim 7, wherein the method further comprises:
the GBA server determines fourth key information according to initial key information and first identification information, wherein the first identification information is used for indicating the GBA server;
the GBA server sends a first random number and the first identification information to the terminal equipment;
the GBA server receives first summary information and second random numbers sent by the terminal equipment, the first summary information is determined by the terminal equipment according to the first random numbers and second key information, the second key information is determined according to first key information, and the first key information is determined according to the first identification information and the initial key information;
and the GBA server determines third key information according to the fourth key information, determines second digest information according to the second random number and the third key information when the first digest information is verified successfully, and sends the second digest information to the terminal equipment.
9. The method of claim 8, wherein the method further comprises:
and the GBA server verifies the first abstract information according to the first random number and the third key information.
10. The method of claim 8, wherein the service registration request includes a bootstrap identification B-TID, and wherein before determining the fourth key information from the initial key information and the first identification information, the method further comprises:
and when the GBA server determines that the B-TID passes the verification, the step of determining fourth key information according to the initial key information and the first identification information is executed.
11. The method of claim 7, wherein the MSK request includes a B-TID, wherein the GBA server receives the MSK request sent by the terminal device, and wherein when the MSK request is verified to be successful, sending a second verification success message to the terminal device includes:
and when the GBA server determines that the B-TID is located in the validity period and the secret key corresponding to the B-TID is located in the validity period, the GBA server sends a second verification success message to the terminal equipment when the MSK request is determined to be verified to be successful.
12. The method of claim 7, wherein the method further comprises:
when the MSK request is verified to be failed, the GBA server determines eighth key information according to the initial key information and the first identification information;
The GBA server sends a third random number and the first identification information to the terminal equipment;
the GBA server receives third abstract information and fourth random numbers sent by the terminal equipment, the third abstract information is determined by the terminal equipment according to the third random numbers and sixth key information, the sixth key information is determined according to fifth key information, and the fifth key information is determined according to the first identification information and the initial key information;
the GBA server determines seventh key information according to the eighth key information, determines fourth digest information according to the fourth random number and the seventh key information when the third digest information is verified successfully, and sends the fourth digest information to the terminal equipment;
and after the MSK request is verified to be successful, executing a process that the GBA server sends a second verification success message to the terminal equipment.
13. The method according to claim 12, wherein the method further comprises:
and the GBA server verifies the third abstract information according to the third random number and the seventh key information.
14. The method of claim 7, wherein the method further comprises:
The SMF network element receives a key generation instruction sent by the GBA server, wherein the key generation instruction is used for indicating the SMF network element to generate the MSK key and the MTK key.
15. The method of claim 7, wherein the method further comprises:
the SMF network element receives a first confirmation message sent by the terminal equipment, wherein the first confirmation message is used for indicating that the terminal equipment successfully receives a first key sent by the SMF network element.
16. The method of claim 7, wherein the method further comprises:
and the SMF network element receives a second confirmation message sent by the terminal equipment, wherein the second confirmation message is used for indicating that the terminal equipment successfully receives a second key sent by the SMF network element.
17. The method according to any of claims 7 to 16, wherein the GBA server is any one of an AUSF network element and a SEAF network element.
18. A multimedia broadcast multicast service authentication apparatus, the apparatus comprising: a transceiver module;
the transceiver module is configured to interact with the mobile network control plane through NAS messages so as to complete the following procedures: registering an authentication flow, a request authentication flow, and a key distribution flow;
The registration authentication flow, the request authentication flow and the key distribution flow are used for a Multimedia Broadcast Multicast Service (MBMS);
the receiving and transmitting module comprises a sending sub-module and a receiving sub-module;
the sending submodule is configured to send a service registration request to a Generic Bootstrapping Architecture (GBA) server, wherein the service registration request is used for registering the device by the GBA server;
the receiving submodule is configured to receive a first verification success message sent by the GBA server, wherein the first verification success message is used for indicating that a registration flow corresponding to the service registration request is successful;
the sending submodule is configured to send an MBMS service key MSK request to the GBA server;
the receiving sub-module is configured to receive a second verification success message sent by the GBA server,
the MSK request is used for the GBA server to verify, the MSK request is requested to acquire an MSK key of the SMF network element, and the second verification success message is used for indicating that the MSK request is successful in verification;
wherein the transceiver module comprises a receiving sub-module;
the receiving submodule is configured to receive an MSK key and an MBMS traffic key MTK key sent by an AMF network element;
The MSK key is used for protecting or generating the MTK key, and the MTK key is used for data transmission of a user plane between the device and a session network element;
the receiving sub-module is configured to receive first identification information and a first random number sent by the GBA server, determine that the GBA server is a server requiring multicast broadcast service MBS service according to the first identification information, determine first key information according to the first identification information and initial key information, determine second key information according to the first key information, determine first summary information according to the first random number and the second key information, and send the first summary information and the second random number to the GBA server;
wherein the first identification information is used for indicating the GBA server;
the receiving sub-module is configured to receive second summary information sent by the GBA server, the second summary information is determined by the GBA server according to third key information and a second random number, the third key information is determined according to fourth key information, and the fourth key information is determined according to the first identification information and the initial key information; and verifying that the second abstract information is successful, and finishing the registration process of the device.
19. The apparatus of claim 18, wherein the device comprises a plurality of sensors,
the transceiver module is configured to send a first acknowledgement message to an AMF network element, where the first acknowledgement message is used to indicate that the device successfully receives a first key sent by the AMF network element.
20. The apparatus of claim 18, wherein the device comprises a plurality of sensors,
the transceiver module is configured to send a second acknowledgement message to an AMF network element, where the second acknowledgement message is used to indicate that the device successfully receives a second key sent by the AMF network element.
21. The apparatus of claim 18, wherein the device comprises a plurality of sensors,
the receiving sub-module is configured to receive first identification information and third random number sent by the GBA server when the MSK request fails to verify, determine that the GBA server is a server requiring multicast broadcast service MBS service according to the first identification information, determine fifth key information according to the first identification information and initial key information, determine sixth key information according to the fifth key information, determine third digest information according to the third random number and the sixth key information, and send the third digest information and the fourth random number to the GBA server.
22. The apparatus of claim 21, wherein the device comprises a plurality of sensors,
the receiving sub-module is configured to receive fourth summary information sent by the GBA server, the fourth summary information is determined by the GBA server according to seventh key information and the fourth random number, the seventh key information is determined according to eighth key information, the eighth key information is determined according to the first identification information and the initial key information, verification of the fourth summary information is successful, and the verification process of the MSK request of the device is completed.
23. The apparatus according to any of claims 18 to 22, wherein the GBA server is any of an authentication server function AUSF network element, a security anchor function SEAF network element.
24. A multimedia broadcast multicast service authentication device, the device comprising a mobile network control plane module;
the mobile network control plane module is configured to interact with the terminal equipment through a non-access stratum (NAS) message so as to complete the following flow: registering an authentication flow, a request authentication flow, and a key distribution flow;
the registration authentication flow, the request authentication flow and the key distribution flow are used for Multimedia Broadcast Multicast Service (MBMS), wherein a mobile network control plane module comprises a general guidance architecture (GBA) server sub-module;
The GBA server sub-module is configured to receive a service registration request sent by a terminal device and register the terminal device;
after the service registration request is verified to be successful, the Generic Bootstrapping Architecture (GBA) server sub-module is configured to send a first verification success message to the terminal equipment, wherein the first verification success message is used for indicating that a registration process corresponding to the service registration request is successful, and the mobile network control plane comprises the GBA server sub-module;
the GBA server module is configured to receive an MBMS service key MSK request sent by the terminal equipment, and send a second verification success message to the terminal equipment when the MSK request is verified to be successful;
the MSK request is used for requesting to acquire an MSK key of an AMF network element, the second verification success message is used for indicating that the MSK request is verified successfully, and the mobile network control plane module comprises an AMF network element sub-module;
the AMF network element submodule is configured to send an MSK key and an MBMS traffic key MTK key to the terminal equipment;
the MSK key is used for protecting or generating the MTK key, and the MTK key is used for data transmission of a user plane between terminal equipment and a session network element;
The GBA server sub-module is configured to determine fourth key information according to initial key information and first identification information, wherein the first identification information is used for indicating the GBA server sub-module;
the GBA server sub-module is configured to send a first random number and the first identification information to the terminal equipment;
the GBA server sub-module is configured to receive first summary information and second random numbers sent by the terminal equipment, wherein the first summary information is determined by the terminal equipment according to the first random numbers and second key information, the second key information is determined according to first key information, and the first key information is determined according to the first identification information and the initial key information;
the GBA server sub-module is configured to determine third key information according to the fourth key information, determine second digest information according to the second random number and the third key information when the first digest information is verified successfully, and send the second digest information to the terminal equipment.
25. The apparatus of claim 24, wherein the device comprises a plurality of sensors,
the GBA server sub-module is configured to verify the first digest information based on the first random number and the third key information.
26. The apparatus of claim 24, wherein the service registration request includes a bootstrapping transaction identifier B-TID;
and when the GBA server determines that the B-TID passes the verification, the step of determining fourth key information according to the initial key information and the first identification information is executed.
27. The apparatus of claim 24, wherein the MSK request includes a B-TID;
and when the GBA server submodule determines that the B-TID is positioned in the valid period and the secret key corresponding to the B-TID is positioned in the valid period, the GBA server submodule sends a second verification success message to the terminal equipment when the MSK request is determined to be verified to be successful.
28. The apparatus of claim 24, wherein the device comprises a plurality of sensors,
when the MSK request fails to be verified, the GBA server sub-module is configured to determine eighth key information according to the initial key information and the first identification information;
the GBA server sub-module is configured to send a third random number and the first identification information to the terminal device;
the GBA server sub-module is configured to receive third digest information and fourth random number sent by the terminal device, wherein the third digest information is determined by the terminal device according to the third random number and sixth key information, the sixth key information is determined according to fifth key information, and the fifth key information is determined according to the first identification information and the initial key information;
The GBA server sub-module is configured to determine seventh key information according to the eighth key information, determine fourth digest information according to the fourth random number and the seventh key information when the third digest information is verified successfully, and send the fourth digest information to the terminal device;
and after the MSK request is verified to be successful, executing a process that the GBA server sub-module sends a second verification success message to the terminal equipment.
29. The apparatus of claim 28, wherein the device comprises a plurality of sensors,
the GBA server sub-module is configured to verify the third digest information based on the third random number and the seventh key information.
30. The apparatus of claim 24, wherein the device comprises a plurality of sensors,
the AMF network element submodule is configured to receive a key generation instruction sent by the GBA server submodule, and the key generation instruction is used for indicating the AMF network element submodule to generate the MSK key and the MTK key.
31. The apparatus of claim 24, wherein the device comprises a plurality of sensors,
the AMF network element submodule is configured to receive a first confirmation message sent by the terminal equipment, and the first confirmation message is used for indicating that the terminal equipment receives the MSK key sent by the AMF network element submodule successfully.
32. The apparatus of claim 24, wherein the device comprises a plurality of sensors,
the AMF network element submodule is configured to receive a second confirmation message sent by the terminal equipment, and the second confirmation message is used for indicating that the terminal equipment receives the MTK key sent by the AMF network element submodule successfully.
33. The apparatus according to any of claims 24 to 32, wherein the GBA server sub-module is any one of an AUSF network element and a SEAF network element.
34. A terminal device, characterized in that the terminal comprises:
a processor;
a transceiver coupled to the processor;
a memory for storing executable instructions of the processor;
wherein the processor is configured to load and execute the executable instructions to implement the multimedia broadcast multicast service authentication method as claimed in any one of claims 1 to 6.
35. A network device, the network device comprising:
a processor;
a transceiver coupled to the processor;
a memory for storing executable instructions of the processor;
wherein the processor is configured to load and execute the executable instructions to implement the multimedia broadcast multicast service authentication method as claimed in any one of claims 7 to 17.
36. A computer readable storage medium having stored therein executable instructions that are loaded and executed by a processor to implement the multimedia broadcast multicast service authentication method of any of claims 1 to 17.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2020/086778 WO2021212495A1 (en) | 2020-04-24 | 2020-04-24 | Multimedia broadcast multicast service authentication method and apparatus, device, and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115280803A CN115280803A (en) | 2022-11-01 |
| CN115280803B true CN115280803B (en) | 2023-10-13 |
Family
ID=78270978
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202080098555.8A Active CN115280803B (en) | 2020-04-24 | 2020-04-24 | Multimedia broadcast multicast service authentication method, device, equipment and medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN115280803B (en) |
| WO (1) | WO2021212495A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116506810A (en) * | 2022-01-19 | 2023-07-28 | 华为技术有限公司 | Verification method, communication device and communication system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1756162A (en) * | 2004-09-27 | 2006-04-05 | 华为技术有限公司 | Method for user joining multimedia broadcast/multicast service |
| CN102378118A (en) * | 2010-08-17 | 2012-03-14 | 电信科学技术研究院 | Method and equipment for querying receiving state of multimedia broadcast multicast service (MBMS) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7400593B2 (en) * | 2003-08-15 | 2008-07-15 | Samsung Electronics Co., Ltd | Method for distinguishing MBMS service request from other service requests |
| CN101170796B (en) * | 2006-10-24 | 2011-08-24 | 中兴通讯股份有限公司 | A method for establishing or reconfiguring special radio carrier in service selection |
| CN101848464B (en) * | 2009-03-28 | 2012-11-21 | 华为技术有限公司 | Method, device and system for implementing network security |
| CN102790948B (en) * | 2011-05-17 | 2017-04-05 | 中兴通讯股份有限公司 | A kind of method, device and user equipment for indicating that MBMS is interrupted |
| CN107820242A (en) * | 2016-09-14 | 2018-03-20 | 中国移动通信有限公司研究院 | A kind of machinery of consultation of authentication mechanism and device |
-
2020
- 2020-04-24 CN CN202080098555.8A patent/CN115280803B/en active Active
- 2020-04-24 WO PCT/CN2020/086778 patent/WO2021212495A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1756162A (en) * | 2004-09-27 | 2006-04-05 | 华为技术有限公司 | Method for user joining multimedia broadcast/multicast service |
| WO2006034636A1 (en) * | 2004-09-27 | 2006-04-06 | Huawei Technologies Co., Ltd. | A method of user joining multimedia broadcast/multicast service |
| CN102378118A (en) * | 2010-08-17 | 2012-03-14 | 电信科学技术研究院 | Method and equipment for querying receiving state of multimedia broadcast multicast service (MBMS) |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021212495A1 (en) | 2021-10-28 |
| CN115280803A (en) | 2022-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108028758B (en) | Method and apparatus for downloading profiles in a communication system | |
| CN107580790B (en) | Method and apparatus for providing a profile | |
| US11496883B2 (en) | Apparatus and method for access control on eSIM | |
| KR20200027555A (en) | Technology for remote SIM provisioning | |
| CN104956638A (en) | Restricted certificate enrollment for unknown devices in hotspot networks | |
| CN108886674B (en) | System and method for relaying data over a communication network | |
| CN101946536A (en) | Application specific master key selection in evolved networks | |
| KR20190004499A (en) | Apparatus and methods for esim device and server to negociate digital certificates | |
| CN102934470A (en) | Method and apparatus for binding subscriber authentication and device authentication in communication systems | |
| CN110351725B (en) | Communication method and device | |
| WO2008069410A1 (en) | Method of providing multicast broadcast service | |
| CN113784343A (en) | Method and apparatus for securing communications | |
| CN112449323B (en) | Communication method, device and system | |
| EP4142319A1 (en) | Method and apparatus for transferring network access information between terminals in mobile communication system | |
| CN113498057A (en) | Communication system, method and device | |
| US20230396602A1 (en) | Service authorization method and system, and communication apparatus | |
| CN111615837B (en) | Data transmission method, related equipment and system | |
| CN114449521B (en) | Communication method and communication device | |
| WO2022175538A1 (en) | A method for operating a cellular network | |
| CN115280803B (en) | Multimedia broadcast multicast service authentication method, device, equipment and medium | |
| US20240073212A1 (en) | Communication method and apparatus | |
| KR101431214B1 (en) | Mutual authentication method and system with network in machine type communication, key distribution method and system, and uicc and device pair authentication method and system in machine type communication | |
| CN111770496B (en) | 5G-AKA authentication method, unified data management network element and user equipment | |
| JP2023552486A (en) | Target information acquisition method, transmission method, apparatus, device and storage medium | |
| WO2021212491A1 (en) | Multimedia broadcast/multicast service authentication method and apparatus, and device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |