CN117178583A - Information processing method and device, communication equipment and storage medium - Google Patents

Information processing method and device, communication equipment and storage medium Download PDF

Info

Publication number
CN117178583A
CN117178583A CN202280001053.8A CN202280001053A CN117178583A CN 117178583 A CN117178583 A CN 117178583A CN 202280001053 A CN202280001053 A CN 202280001053A CN 117178583 A CN117178583 A CN 117178583A
Authority
CN
China
Prior art keywords
request
pegc
pine
authentication
credential
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202280001053.8A
Other languages
Chinese (zh)
Inventor
梁浩然
陆伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xiaomi Mobile Software Co Ltd
Original Assignee
Beijing Xiaomi Mobile Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xiaomi Mobile Software Co Ltd filed Critical Beijing Xiaomi Mobile Software Co Ltd
Publication of CN117178583A publication Critical patent/CN117178583A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the disclosure provides an information processing method and device, a communication device and a storage medium. The signal processing method performed by the PEGC may include: and sending a first request to a network function, wherein the first request is used for requesting the network function to perform credential configuration on the PINE connected with the PEGC.

Description

Information processing method and device, communication equipment and storage medium Technical Field
The present disclosure relates to the field of wireless communication technology, and in particular, to an information processing method and apparatus, a communication device, and a storage medium.
Background
There are a wide variety of internet of things (Internet of Things, ioT) devices.
Typical internet of things devices include, but are not limited to: wearable device, smart home device and/or smart office device.
Typical wearable devices include, but are not limited to: headphones, smart watches, and/or health monitoring sensors.
Typical smart home devices include, but are not limited to: intelligent lights, cameras, thermostats, access control devices, voice assistant devices, speakers, refrigerators, washing machines, lawnmowers, and/or robots.
Intelligent office appliances may be applied in offices or factories in small businesses, typical intelligent office appliances include, but are not limited to: printers, meters, and/or sensors.
Some internet of things devices have very specific requirements in terms of size (e.g., headphones) and some internet of things devices have very specific requirements in terms of weight (e.g., eyeglasses).
Some internet of things devices have very specific requirements in a number of areas (i.e., size, weight, and power consumption).
Based on the substantial increase in the number of internet of things devices, users have created (e.g., planned, changed topology) networks using all of these internet of things devices, primarily at home, at offices, at factories, and/or around the body. Personal networking (Personal IoT Network, PIN) may consist of a variety of devices that are often used by users.
Disclosure of Invention
The embodiment of the disclosure provides an information processing method and device, a communication device and a storage medium.
A first aspect of an embodiment of the present disclosure provides an information processing method, where the method is performed by a personal internet of things gateway PEGC, the method including:
and sending a first request to a network function, wherein the first request is used for requesting the network function to perform credential configuration on the personal internet of things unit PINE connected with the PEGC.
Based on the above scheme, the first request at least includes: identification of PINE.
Based on the above scheme, the first request further includes at least one of the following:
a credential configuration indicator indicating that a credential configuration is requested;
the identifier of the PEGC is at least used for verifying the validity of the PEGC.
Based on the above scheme, the identification of the PEGC includes: a hidden identifier of the PEGC.
Based on the above scheme, the sending the first request to the network function includes:
and sending a non-access stratum (NAS) message containing the first request to the network function.
Based on the above scheme, the first request further includes: capability information indicating the PEGC, wherein the capability information indicates at least security capability of the PEGC.
Based on the above scheme, the method further comprises:
receiving an operator credential sent by the network function after a default credential verification of the PINE passes;
and sending the operator certificate to the PINE.
A second aspect of the embodiments of the present disclosure provides an information processing method, wherein the method is performed by a network access function AMF, the method including:
receiving a first request sent by PEGC; the first request requests the PINE to be subjected to credential configuration;
And sending the second request to an authentication service function AUSF, wherein the second request is used for triggering the UDM to perform the credential configuration of the PINE by the AUSF.
Based on the above scheme, the first request includes: an identification of the PEGC;
the sending the second request to the authentication service function AUSF includes:
and sending the second request to the AUSF selected according to the identifier of the PEGC.
Based on the above scheme, the second request includes:
and the PINE identifier is used for identifying the PINE to be subjected to credential configuration.
Based on the above, the second request further includes at least one of:
a credential configuration indicator indicating that a credential configuration is requested;
an identification of the PEGC;
a visited network name of the PEGC;
the identifier of the PEGC and the name of the visited network are used for verifying whether the PEGC is legal or not.
Based on the above scheme, the method further comprises:
a third aspect of the disclosed embodiments provides an information processing method, wherein the method is performed by an AUSF, and the method includes:
receiving a second request sent by the AMF; the second request requests the PINE to be subjected to credential configuration;
and sending a third request to a User Data Management (UDM) according to the second request, wherein the third request is used for configuring credentials of PINE by the UDM.
Based on the above scheme, the third request includes:
and the PINE identifier is used for identifying the PINE to be subjected to credential configuration.
Based on the above, the third request further includes at least one of:
a credential configuration indicator indicating that a credential configuration is requested;
an identification of the PEGC;
and the name of the visited network of the PEGC.
Based on the above scheme, the method further comprises:
receiving a request response to the third request, wherein the request response includes: authentication mode information;
and when the authentication mode information needs authentication and authorization accounting AAA authentication service authentication, a fourth request is sent to a slice independent networking private network authentication and authorization network element NSSAAF, wherein the fourth request is used for the NSSAAF to select an authentication and authorization accounting AAA authentication server to authenticate the default certificate of the PINE.
Based on the above scheme, the receiving the request response of the third request includes:
and receiving a request response of the third request returned when the PEGC is verified to be legal.
Based on the above scheme, the fourth request includes: an identification of a PINE, wherein the identification of the PINE is used for the NSSAAF to select an authentication authorization accounting AAA authentication server for performing default credential authentication of the PINE;
Or,
the fourth request includes: the identifier of the PEGC and the identifier of the PINE are used for the NSSAAF to select an Authentication Authorization Accounting (AAA) authentication server for performing default credential authentication of the PINE.
Based on the above scheme, the method further comprises:
receiving an authentication response of the fourth request;
when the authentication response indicates that the default credential of the PINE is authenticated, sending an authentication result of the PINE to the UDM; and the authentication result of the default credential authentication is used for starting the configuration flow of the operator credential of the PINE.
Based on the above scheme, the second request includes: capability information of the PEGC;
the method further comprises the steps of:
and selecting a security algorithm used in the PINE operator certificate configuration flow according to the capability information of the PEGC.
A fourth aspect of the disclosed embodiments provides an information processing method, wherein the method is performed by a user data management UDM, the method further comprising:
receiving a third request sent by an authentication service function AUSF; the third request is used for configuring credentials of PINE.
Based on the above scheme, the method further comprises:
Transmitting a request response of the third request to the AUSF, wherein the request response of the third request includes: authentication mode information; the authentication mode information is used for indicating whether the AAA authentication server is authenticated by adopting authentication authorization to perform authentication of default credentials of the PINE.
Based on the above scheme, the third request includes: the identity of the PEGC and/or the visited network name of the PEGC;
the sending a request response to the AUSF for the third request includes:
and when the PEGC is verified to be legal according to the identification of the PEGC and/or the network name of the visited place of the PEGC, sending a request response carrying the third request of the authentication mode information to the AUSF.
Based on the above scheme, the method further comprises:
receiving an authentication result of a default credential of the PINE from the AUSF;
and when the default credentials of the PINE are legal, starting an operator credential configuration flow of the PINE.
Based on the above scheme, the third request at least includes:
and the identification of the PINE.
Based on the above, the third request further includes at least one of:
a credential configuration indicator indicating that an operator credential configuration is requested;
an identification of the PEGC;
And the name of the visited network of the PEGC.
A fifth aspect of the embodiments of the present disclosure provides an information processing method, where the method is performed by a slice independent networking private network authentication and authorization network element NSSAAF, and includes:
receiving a fourth request sent by AUSF;
according to the fourth request, a fifth request is sent to an AAA authentication server; wherein the fifth request is for the AAA authentication server to verify a default credential of the pin;
receiving a request response of the fifth request;
according to the request response of the fifth request, sending a request response of a fourth request to the AUSF; and the request response of the fourth request is used for carrying the authentication result of the default certificate.
Based on the above scheme, the fourth request includes an identification of PEGC;
the sending a fifth request to the AAA authentication server according to the authentication mode information carried by the fourth request includes:
and sending the fifth request to an AAA authentication server determined according to the identifier of the PEGC according to the authentication mode information carried by the fourth request.
A sixth aspect of the disclosed embodiments provides an information processing apparatus, wherein the apparatus includes:
The first sending module is configured to send a first request to a network function, wherein the first request is used for requesting the network function to perform credential configuration on the personal internet of things unit PINE connected with the PEGC.
Based on the above scheme, the first request at least includes: identification of PINE.
Based on the above scheme, the first request further includes at least one of the following:
a credential configuration indicator indicating that a credential configuration is requested;
the identifier of the PEGC is at least used for verifying the validity of the PEGC.
Based on the above scheme, the identification of the PEGC includes: a hidden identifier of the PEGC.
Based on the above solution, the first sending module is configured to send a non-access stratum NAS message including the first request to the network function.
Based on the above scheme, the first request further includes: capability information indicating the PEGC, wherein the capability information indicates at least security capability of the PEGC.
Based on the above scheme, the device further comprises:
a first receiving module configured to receive an operator credential sent by the network function after a default credential verification of the PINE is passed;
the first sending module is further configured to send the operator credential to the PINE.
A seventh aspect of the disclosed embodiments provides an information processing apparatus, wherein the apparatus includes:
the second receiving module is configured to receive a first request sent by the PEGC; the first request requests the PINE to be subjected to credential configuration;
and the second sending module is configured to send the second request to an authentication service function AUSF, wherein the second request is used for the AUSF to trigger the UDM to perform the credential configuration of the PINE.
Based on the above scheme, the first request includes: an identification of the PEGC;
the second sending module is configured to send the second request to the AUSF selected according to the identity of the PEGC.
Based on the above scheme, the second request includes:
and the PINE identifier is used for identifying the PINE to be subjected to credential configuration.
Based on the above, the second request further includes at least one of:
a credential configuration indicator indicating that a credential configuration is requested;
an identification of the PEGC;
a visited network name of the PEGC;
the identifier of the PEGC and the name of the visited network are used for verifying whether the PEGC is legal or not.
Based on the above solution, the second sending module is further configured to send capability information of the PEGC to an AUSF, where the capability information indicates a security capability of the PEGC.
An eighth aspect of the disclosed embodiments provides an information processing apparatus, wherein the apparatus is executed by an AUSF, the apparatus comprising:
a third receiving module configured to receive a second request sent by the AMF; the second request requests the PINE to be subjected to credential configuration;
and the third sending module is configured to send a third request to the User Data Management (UDM) according to the second request, wherein the third request is used for configuring credentials of PINE by the UDM.
Based on the above scheme, the third request includes:
and the PINE identifier is used for identifying the PINE to be subjected to credential configuration.
Based on the above, the third request further includes at least one of:
a credential configuration indicator indicating that a credential configuration is requested;
an identification of the PEGC;
and the name of the visited network of the PEGC.
Based on the above solution, the third receiving module is configured to receive a request response of the third request, where the request response includes: authentication mode information;
the third sending module is configured to send a fourth request to a slice independent networking private network authentication and authorization network element NSSAAF when the authentication mode information needs authentication and authorization accounting AAA authentication service authentication, wherein the fourth request is used for the NSSAAF to select an authentication and authorization accounting AAA authentication server to authenticate the default credentials of the PINE.
Based on the above scheme, the third receiving module is configured to receive a request response of the third request returned when the PEGC verifies that the PEGC is legal.
Based on the above scheme, the fourth request includes: an identification of PINE, wherein the identification of INE is used for the NSSAAF to select an authentication authorization accounting AAA authentication server for performing default credential authentication of PINE;
or,
the fourth request includes: the identifier of the PEGC and the identifier of the PINE are used for the NSSAAF to select an Authentication Authorization Accounting (AAA) authentication server for performing default credential authentication of the PINE.
Based on the above, the third receiving module is further configured to receive an authentication response of the fourth request;
the third sending module is configured to send an authentication result of the PINE to the UDM when the authentication response indicates that the default credential of the PINE is authenticated; and the authentication result of the default credential authentication is used for starting the configuration flow of the operator credential of the PINE.
Based on the above scheme, the second request includes: capability information of the PEGC;
the apparatus further comprises:
And the selection module is configured to select a security algorithm used in the PINE operator credential configuration flow according to the capability information of the PEGC.
A ninth aspect of an embodiment of the present disclosure provides an information processing apparatus, wherein the apparatus further includes:
a fourth receiving module configured to receive a third request sent by the authentication service function AUSF; the third request is used for configuring credentials of PINE.
Based on the above scheme, the device further comprises:
a fourth sending module configured to send a request response of the third request to the AUSF, where the request response of the third request includes: authentication mode information; the authentication mode information is used for indicating whether the AAA authentication server is authenticated by adopting authentication authorization to perform authentication of default credentials of the PINE.
Based on the above scheme, the third request includes: the identity of the PEGC and/or the visited network name of the PEGC;
the fourth sending module is configured to send a request response carrying the third request of the authentication mode information to the AUSF when the PEGC is verified to be legal according to the identifier of the PEGC and/or the visited network name of the PEGC.
Based on the above-mentioned scheme, the fourth receiving module is further configured to receive an authentication result of a default credential of the PINE from the AUSF;
the apparatus further comprises:
and the starting module is configured to start the configuration flow of the operator credentials of the PINE when the default credentials of the PINE are legal.
Based on the above scheme, the third request at least includes:
and the identification of the PINE.
Based on the above, the third request further includes at least one of:
a credential configuration indicator indicating that an operator credential configuration is requested;
an identification of the PEGC;
and the name of the visited network of the PEGC.
A tenth aspect of the embodiments of the present disclosure provides an information processing apparatus, wherein the apparatus includes:
a fifth receiving module configured to receive a fourth request sent by the AUSF;
a fifth sending module configured to send a fifth request to the AAA authentication server according to the fourth request carrying; wherein the fifth request is for the AAA authentication server to verify a default credential of the pin;
the fifth receiving module is configured to receive a request response of the fifth request;
the fifth sending module is configured to send a request response of a fourth request to the AUSF according to a request response of the fifth request; and the request response of the fourth request is used for carrying the authentication result of the default certificate.
Based on the above scheme, the fourth request includes an identification of PEGC;
the sending a fifth request to the AAA authentication server according to the authentication mode information carried by the fourth request includes:
and sending the fifth request to an AAA authentication server determined according to the identifier of the PEGC according to the authentication mode information carried by the fourth request.
An eleventh aspect of the disclosed embodiments provides a communication device, including a processor, a transceiver, a memory, and an executable program stored on the memory and capable of being executed by the processor, where the processor executes the information processing method provided in the foregoing first or second aspect when the executable program is executed by the processor.
A twelfth aspect of the presently disclosed embodiments provides a computer storage medium storing an executable program; the executable program, when executed by a processor, can implement the information processing method provided in the foregoing first aspect or second aspect.
The technical scheme provided by the embodiment of the disclosure is that the strategy related to the UE is determined according to the physical state information of the UE, and the strategy for controlling the data flow of the UE is determined in this way, so that the physical state of the UE is not ignored only due to the consideration of the network state, the phenomenon of network resource waste and/or poor communication quality of the UE caused by the fact that the formulated strategy is inconsistent with the physical state of the UE is reduced, the communication quality of the UE is improved, and the network resource waste is reduced.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of embodiments of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the embodiments of the invention.
Fig. 1 is a schematic diagram of a wireless communication system according to an exemplary embodiment;
FIG. 2 is a flow chart of a method of information processing according to an exemplary embodiment;
FIG. 3 is a flow chart of a method of information processing according to an exemplary embodiment;
FIG. 4 is a flow chart of a method of information processing according to an exemplary embodiment;
FIG. 5 is a flow chart of a method of information processing according to an exemplary embodiment;
FIG. 6 is a flow chart of a method of information processing according to an exemplary embodiment;
FIG. 7 is a flow chart of a method of information processing according to an exemplary embodiment;
FIG. 8 is a flow chart of a method of information processing according to an exemplary embodiment;
fig. 9 is a schematic diagram showing a structure of an information processing apparatus according to an exemplary embodiment;
Fig. 10 is a schematic structural view of an information processing apparatus according to an exemplary embodiment;
fig. 11 is a schematic structural view of an information processing apparatus according to an exemplary embodiment;
fig. 12 is a schematic structural view of an information processing apparatus according to an exemplary embodiment;
fig. 13 is a schematic structural view of an information processing apparatus according to an exemplary embodiment;
fig. 14 is a schematic diagram illustrating a structure of a UE according to an exemplary embodiment;
fig. 15 is a schematic diagram of a communication device according to an exemplary embodiment.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with embodiments of the invention. Rather, they are merely examples of apparatus and methods consistent with aspects of embodiments of the invention.
The terminology used in the embodiments of the disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the embodiments of the disclosure. As used in this disclosure, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in embodiments of the present disclosure to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of embodiments of the present disclosure. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.
Referring to fig. 1, a schematic structural diagram of a wireless communication system according to an embodiment of the disclosure is shown. As shown in fig. 1, the wireless communication system is a communication system based on a cellular mobile communication technology, and may include: a number of UEs 11 and a number of access devices 12.
Wherein UE11 may be a device that provides voice and/or data connectivity to a user. The UE11 may communicate with one or more core networks via a radio access network (Radio Access Network, RAN), and the UE11 may be an internet of things UE such as a sensor device, a mobile phone (or "cellular" phone) and a computer with an internet of things UE, for example, a fixed, portable, pocket, hand-held, computer-built-in or vehicle-mounted device. Such as a Station (STA), subscriber unit (subscriber unit), subscriber Station (subscriber Station), mobile Station (mobile Station), mobile Station (mobile), remote Station (remote Station), access point, remote UE (remote terminal), access UE (access terminal), user terminal, user agent (user agent), user device (user equipment), or user UE (UE). Alternatively, the UE11 may be an unmanned aerial vehicle device. Alternatively, the UE11 may be a vehicle-mounted device, for example, a laptop with a wireless communication function, or a wireless communication device externally connected to the laptop. Alternatively, the UE11 may be a roadside device, for example, a street lamp, a signal lamp, or other roadside devices having a wireless communication function.
Access device 12 may be a network-side device in a wireless communication system. Wherein the wireless communication system may be a fourth generation mobile communication technology (the 4th generation mobile communication,4G) system, also known as a long term evolution (Long Term Evolution, LTE) system; alternatively, the wireless communication system may be a 5G system, also known as a New Radio (NR) system or a 5G NR system. Alternatively, the wireless communication system may be a next generation system of the 5G system. Among them, the access network in the 5G system may be called NG-RAN (New Generation-Radio Access Network, new Generation radio access network). Or, an MTC system.
Wherein the access device 12 may be an evolved access device (eNB) employed in a 4G system. Alternatively, access device 12 may be an access device (gNB) in a 5G system that employs a centralized and distributed architecture. When the access device 12 employs a centralized and distributed architecture, it typically includes a Centralized Unit (CU) and at least two Distributed Units (DUs). A protocol stack of a packet data convergence protocol (Packet Data Convergence Protocol, PDCP) layer, a radio link layer control protocol (Radio Link Control, RLC) layer, and a medium access control (Media Access Control, MAC) layer is provided in the centralized unit; a Physical (PHY) layer protocol stack is provided in the distribution unit, and the specific implementation of the access device 12 is not limited by the embodiments of the present disclosure.
A wireless connection may be established between access device 12 and UE11 over a wireless air interface. In various embodiments, the wireless air interface is a fourth generation mobile communication network technology (4G) standard-based wireless air interface; or, the wireless air interface is a wireless air interface based on a fifth generation mobile communication network technology (5G) standard, for example, the wireless air interface is a new air interface; alternatively, the wireless air interface may be a wireless air interface based on a 5G-based technology standard of a next generation mobile communication network.
Three types of personal internet of things units (Personal IoT Network Element, PINE) exist in the PIN: a device with gateway function (PEGC), a device with management function (PEMC), and a general PINE without gateway and management functions.
PEGC and PEMC are also UEs that can directly access a 5G network. PEMCs can also access 5G networks through PEGC.
PINE cannot directly access 5G networks, which require identification of PINE to enhance management. To meet the demand, 5G networks need to provide operator credentials for PINE. With the operator credentials, the 5GS can verify and identify the PINE behind the PEGC. The default credentials of the PINE need to be authenticated before the 5G network is provided to the PINE. However, there is a lack of a mechanism for authentication of the default credentials provided by the authentication, authorization and accounting (Authentication, authorization, accounting, AAA) server of the third party by the 5GC, which delays the communication control of the pin by the 5GC, resulting in a communication delay.
As shown in fig. 2, an embodiment of the present disclosure provides an information processing method, which is performed by PEGC, the method including:
s1110: and sending a first request to a network function, wherein the first request is used for requesting the network function to perform credential configuration on the PINE connected with the PEGC.
The Network Function (NF) may include various core Network functions. The core network functions include, but are not limited to: access management function (Access Management Function, AMF)
The first request may be for requesting the NF to assign operator credentials for the PINE. The operator credentials may be credentials of a communication network operator, e.g., operator credentials of a 5G network, a 4G network, or a next generation mobile communication network.
The PEGC here is a gateway that has been validated by NF and issued a PIN of the operator's credentials.
The PEGC establishes a 3GPP connection with NF, while the PEGC establishes a secure non-3 GPP connection with PINE. The non-3 GPP connections include, but are not limited to: bluetooth connection and/or WiFi connection.
In the embodiment of the disclosure, if a pin configured with only default credentials, after connection with the PEGC is established, the PEGC applies for the operator credentials to the network, and subsequently, if the pin needs to use network communication, communication can be performed quickly and efficiently, communication delay is reduced, and communication efficiency is improved.
In one embodiment, the first request includes at least: identification of PINE.
The identity of the PINE may be used for NF to know which PINE applies for operator credentials. The identification of the PINE may include at least one of: international mobile equipment identification (International Mobile Equipment Identity, IMEI), media Access Control (MAC) address, etc. of a pin uniquely identifies any identity of the pin.
In some embodiments, the first request further comprises at least one of:
a credential configuration indicator indicating that a credential configuration is requested;
the identifier of the PEGC is at least used for verifying the validity of the PEGC.
The credential configuration indicator indicates that an operator credential needs to be configured for the PINE, and if the first request carries the credential configuration indicator, the request indicates that the first request is a request for PEGC request NF to perform the configuration of the operator credential for the PINE.
In one embodiment, the credential configuration indicator may include one or more bits. Illustratively, when the credential configuration indicator is 1 bit, requesting credential configuration if the bit is 1 or 0. The credential configuration requested here may be: carrier credential configuration.
The identifier of the PEGC may be used for NF to verify the validity of the PEGC, and if the PEGC passes the validity verification, the first request is indicated to be trusted.
Illustratively, the identification of the PEGC includes, but is not limited to:
a user hidden identifier (Subscription Concealed Identifier, sui); and/or a user hidden identity (Subscription Concealed Identifier, SUPI).
In some embodiments, the sending the first request to the network function comprises:
and sending a non-access stratum (NAS) message containing the first request to the network function.
Namely, the PEGC can be used as the UE accessed to the 3GPP network, NAS information is directly transmitted between the UE and the first network element, and the first request is carried by various NAS information, namely, NAS information provided by the PEGC can be transmitted through access network functions such as a base station and the like, so that a core network for rapidly providing the first request is realized. In some embodiments, the first request further comprises: capability information indicating the PEGC, wherein the capability information indicates at least security capability of the PEGC.
Illustratively, the capability information may at least indicate: whether PEGC supports data encryption or data integrity checking; if data encryption and/or integrity checking is supported, PEGC supports which security algorithms.
Thus, if the PEGC needs to perform secure communication with the network function, the network function may select an appropriate security algorithm to perform data encryption and/or integrity verification according to the capability information of the PEGC.
For example, if the PEGC receives an operator certificate issued by an operator from a network function, encrypted transmission of the operator certificate may be performed based on security capabilities of the PEGC.
As shown in fig. 3, an embodiment of the present disclosure provides an information processing method, which is performed by PEGC, the method including:
s1210: and sending a first request to a network function, wherein the first request is used for requesting the network function to perform credential configuration on the PINE connected with the PEGC.
S1220: receiving an operator credential sent by the network function after a default credential verification of the PINE passes;
s1230: and sending the operator certificate to the PINE.
In some embodiments, if the default credentials of the PINE are verified, indicating that the current PINE is a safe and/or legal trusted device, the network function will issue the operator credentials to the PINE. If the network function issues the operator certificate, the PEGC will receive the operator certificate, and after receiving the operator certificate, the PEGC will forward to the PINE.
Subsequently, when the PINE needs to register to the 3GPP network or communicate through the 3GPP network, quick authentication can be realized based on the operator credentials, and the PINE communication efficiency is improved.
As shown in fig. 4, an embodiment of the present disclosure provides an information processing method, in which a network access function (Access Management Function, AMF) performs, the method including:
s2110: receiving a first request sent by PEGC; the first request requests the PINE to be subjected to credential configuration;
s2120: the second request is sent to an authentication service function (Authentication Service Function, AUSF), wherein the second request is used for the AUSF to trigger UDM to perform credential configuration of the pin.
In one embodiment, the AMF is an NF in the information processing method described above.
In the embodiment of the disclosure, the AMF receives the first request, and the first request is received to send a request to the AUSF, so that after the AUSF receives the second request, the UDM is requested to perform the operator credential configuration for the pin.
In some embodiments, the first request includes: and (5) identifying the PEGC.
The S2120 may include: and sending the second request to the AUSF selected according to the identifier of the PEGC.
In the embodiment of the present disclosure, after the first request carries the identifier of the PEGC and the AUSF receives the identifier of the PEGC, the identifier of the PEGC may be carried in the second request, so that after the UDM distributes the operator credential for the PINE, the operator credential may be returned to the corresponding PEGC according to the identifier of the PEGC.
In some embodiments, the second request includes: and the PINE identifier is used for identifying the PINE to be subjected to credential configuration.
The identity of the PINE may be carried by the first request, such that upon receipt of the first request, the AUSF receives the identity of the PINE, and carries the identity of the PINE in the second request, such that the UDM is conveniently aware of which PINE is assigned the operator credential.
In some embodiments, the second request further comprises at least one of:
a credential configuration indicator indicating that a credential configuration is requested;
an identification of the PEGC;
a visited network name of the PEGC;
the identifier of the PEGC and the name of the visited network are used for verifying whether the PEGC is legal or not.
In some embodiments, the credential configuration indicator may include one or more bits. For example, the credential configuration indicator includes 1 bit that indicates that the credential configuration is requested when the bit is 0 or 1.
In some embodiments, the method further comprises:
and sending the capability information of the PEGC to an AUSF, wherein the capability information indicates the security capability of the PEGC.
In the disclosed embodiment, the AMF may also know the capability information of the PEGC, where the capability information of the PEGC may be carried in the first request, or may be that the AMF informs the AMF when the PEGC registers to the network.
In summary, the AMF will also carry an identity of the PEGC in the second request, which indicates to which PEGC the subsequent AUSF or UDM needs to send an identity issued to the PINE.
In still other embodiments, the second request may further carry a visitor name of the PEGC to facilitate selection of an AAA server of the subsequent network element that performs the default credential authentication, so as to select an AAA server that is closer to the PEGC to perform authentication of the default credential, thereby improving an authentication rate of the default credential.
As shown in fig. 5, an embodiment of the present disclosure provides an information processing method, wherein the method is performed by an AUSF, and includes:
s3110: receiving a second request sent by the AMF; the second request requests the PINE to be subjected to credential configuration;
s3120: and sending a third request to the UDM according to the second request, wherein the third request is used for configuring credentials of PINE by the UDM.
The information processing method provided by the embodiment of the present disclosure may be performed by the AUSF in the NF described above.
The AUSF can interact various information with the AMF. The AUSF may receive a second request sent by the AMF, where the second request is for requesting an operator credential for the pin.
After receiving the second request, the AUSF sends a third request to the UDM, which triggers the UDM to make an operator credential for the PINE.
In one embodiment, the third request includes:
and the PINE identifier is used for identifying the PINE to be subjected to credential configuration.
Illustratively, the third request further comprises at least one of:
a credential configuration indicator indicating that a credential configuration is requested;
an identification of the PEGC;
and the name of the visited network of the PEGC.
In some embodiments, the identity of the PEGC and/or the visited network name is used to verify whether the PEGC is legitimate.
In some embodiments, the method further comprises:
receiving a request response to the third request, wherein the request response includes: authentication mode information;
and when the authentication mode information needs authentication and authorization accounting AAA authentication service authentication, a fourth request is sent to a slice independent networking private network authentication and authorization network element NSSAAF, wherein the fourth request is used for the NSSAAF to select an authentication and authorization accounting AAA authentication server to authenticate the default certificate of the PINE.
If the default credentials of the PINE are not pre-issued or pre-configured by the network operator, the default credentials need to be authenticated by the third party server, whereas if the default credentials of the PINE are pre-issued or pre-configured by the network operator, the default credentials need to be authenticated by NF within the network, such as UDM.
In the disclosed embodiment, after the AUSF sends the third request to the UDM, the AUSF receives a request response returned by the UDM, where the request response carries authentication mode information, where the authentication mode information indicates whether authentication by the AAA server of the third party is required, and if so, the AUSF sends a fourth request to the nsaaf according to the request response, where after the fourth request is transmitted to the nsaaf, the nsaaf selects the AAA server that performs authentication by using the default credentials of the pin.
The fourth request may include: the identifier of the PEGC and/or the visited network identifier of the PEGC may be used for the nsaaf to select an AAA server with a physical distance or a network distance close to the PEGC to perform authentication of the default credentials of the pin.
In some embodiments, the receiving the request response of the third request includes:
and receiving a request response of the third request returned when the PEGC is verified to be legal.
In order to reduce the random issuance of the operator credentials and ensure the issuance security of the operator credentials, the third request may carry the PEGC identification, so that the UDM may perform PEGC validity verification on the PEGC. After the validity of the PEGC is verified, the UDM returns a request response that causes the AUSF to send a fourth request to the NSSAAF.
In some embodiments, the fourth request comprises: and the identification of the PINE is used for the NSSAAF to select an authentication authorization accounting AAA authentication server for performing default credential authentication of the PINE.
In one embodiment, the fourth request includes: the identifier of the PEGC and the identifier of the PINE are used for the NSSAAF to select an Authentication Authorization Accounting (AAA) authentication server for performing default credential authentication of the PINE.
In one embodiment, NSSAAF may select the appropriate AAA server based solely on the identity of PINE. In another embodiment, NSSAAF would inform the selection of the appropriate AAA server based on the identity of PINE and the identity of PEGC.
In some embodiments, the method further comprises:
receiving an authentication response of the fourth request;
when the authentication response indicates that the default credential of the PINE is authenticated, sending an authentication result of the PINE to the UDM; and the authentication result of the default credential authentication is used for starting the configuration flow of the operator credential of the PINE.
In some embodiments, if the selected AAA server can complete the default credential authentication of the pin, the authentication result is fed back to the nsaaf once and returned to the AUSF by the nsaaf.
If the AUSF receives the authentication response, and determines that the default credentials of the PINE pass the authentication, the AUSF can send the authentication result of the PINE to the UDM, so that the UDM is triggered to start a flow configured as the credentials of the PINE operator.
In some embodiments, the second request includes: capability information of the PEGC;
the method further comprises the steps of: and selecting a security algorithm used in the PINE operator certificate configuration flow according to the capability information of the PEGC.
In the embodiment of the disclosure, the AUSF may also select a security algorithm for configuring the PINE with the operator credentials, and the selected security algorithm is used for an encryption algorithm and/or an integrity protection algorithm in configuring the PINE with the operator credentials.
After the AUSF completes the selection of the security algorithm, at least one of the UDM, the AMF, and the PEGC may be notified of the algorithm identification of the security algorithm, respectively, so that information interaction about the operator credentials is performed between any two of the subsequent UDM, AMF, and PEGC.
As shown in fig. 6, an embodiment of the present disclosure provides an information processing method, wherein the method is performed by a UDM, and the method further includes:
s4110: receiving a third request sent by AUSF; the third request is used for configuring credentials of PINE.
The UDM of the disclosed embodiment receives a third request, which is a request to configure the operator credentials for the PINE.
In the embodiment of the present disclosure, the UDM may be an execution body performing configuration of an operator credential, and if the operator credential is configured for the PINE, the configured operator credential is transmitted to the PEGC, and is finally returned to the PINE by the PEGC.
In some embodiments, the method further comprises:
transmitting a request response of the third request to the AUSF, wherein the request response of the third request includes: authentication mode information; the authentication mode information is used for indicating whether the AAA authentication server is authenticated by adopting authentication authorization to perform authentication of default credentials of the PINE. Upon receipt of the third request, the UDM determines whether authentication of the default credentials by means of a third party AAA authentication server is required.
In some embodiments, the third request includes: the identity of the PEGC and/or the visited network name of the PEGC;
the sending a request response to the AUSF for the third request includes:
and when the PEGC is verified to be legal according to the identification of the PEGC and/or the network name of the visited place of the PEGC, sending a request response carrying the third request of the authentication mode information to the AUSF.
In the embodiment of the present disclosure, the third request further includes an identifier of the PEGC and/or a visited network name of the PEGC, and the subsequent UDM may perform validity verification of the PEGC according to the identifier of the PEGC and/or the visited network name of the PEGC, so as to ensure security of operator credential configuration of the PINE.
In some embodiments, the method further comprises:
receiving an authentication result of a default credential of the PINE from the AUSF;
and when the default credentials of the PINE are legal, starting an operator credential configuration flow of the PINE.
In some embodiments, the UDM may receive an authentication result of a default credential of the PINE from the AUSF, and if the default credential of the PINE is legal, that is, the default credential of the PINE passes the authentication, may initiate a configuration procedure for an operator credential of the PINE, thereby implementing the authentication of the operator credential of the PINE.
In some embodiments, the third request includes at least: and the identification of the PINE.
Illustratively, the third request further comprises at least one of:
a credential configuration indicator indicating that an operator credential configuration is requested;
an identification of the PEGC;
and the name of the visited network of the PEGC.
As shown in fig. 7, an embodiment of the present disclosure provides an information processing method, in which NSSAAF is performed, the method including:
S4110: receiving a fourth request sent by AUSF;
s4120: according to the fourth request, a fifth request is sent to an AAA authentication server; wherein the fifth request is for the AAA authentication server to verify a default credential of the pin;
s4130: receiving a request response of the fifth request;
s4140: according to the request response of the fifth request, sending a request response of a fourth request to the AUSF; and the request response of the fourth request is used for carrying the authentication result of the default certificate.
NSSAAF in the disclosed embodiment receives a fourth request for AUSF; and if the fourth request is received, sending a request to the AAA server, thereby triggering the selected AAA server to perform default credential authentication of the PINE. Specifically, the NSSAAF may send a fifth request to the AAA server according to the fourth request, and trigger the AAA server to perform default credential authentication of the pin through the fifth request. The authentication result of the AAA server for the default credentials may be returned in response to the request of the fifth request.
After receiving the request response, NSSAAF sends a request response of a fourth request to the corresponding AUSF, and after receiving the request response of the fourth request, the AUSF determines whether to trigger the UDM to distribute the operator certificate for PINE.
In some embodiments, the fourth request includes an identification of a PEGC;
the sending a fifth request to the AAA authentication server according to the authentication mode information carried by the fourth request includes:
and sending the fifth request to an AAA authentication server determined according to the identifier of the PEGC according to the authentication mode information carried by the fourth request.
Referring to fig. 8, assume that PINE has established a secure non-3 GPP connection with PEGC.
The PINE is preconfigured with default credentials that are generated by the third party AAA server. The AAA server maintains a mapping between the device identifier and the default credentials for each pin.
PEGC has registered with the 5G core network (5 GC). The connection between PEGC and AMF is NAS secured.
The following is a process for default credential authentication of a personal internet of things device using a third party AAA server.
PINE is connected to PEGC through secure non-3 GPP.
The pine sends an operator credential configuration request to the PEGC. The 5GC contains an identification of the PINE. The identification of the PINE may include at least: a device identifier. The operator credential configuration request may be the first request described above, which may be abbreviated as a credential configuration request.
Pegc sends a credential configuration request to AMF via NAS message. The credential configuration request includes a credential configuration indicator, a device identifier of the PINE, a sui of the PEGC, and/or capability information of the PEGC, which capability information is at least security capabilities of the PEGC. A credential configuration indicator for indicating the purpose of the request.
The amf may send an operator credential configuration request to the AUSF, which may include capability information of the PEGC, which indicates at least security capabilities of the PEGC. For example, the AMF initiates a PINE authentication process for PINE using an AUSF_UEAU_authentication_authentication service operation, e.g., sending a Nausf_UEAU-authentication Req to AUSF. The AMF should select AUSF according to the sui of PEGC. Inputs to the Nausf_UEAuthority_ Authentication service operation include a credential configuration request, the device identifier of the PINE, the SUCI of the PEGC, and the visitor network (SN) name.
Ausf initiates Nudm __ Get service operation through UDM. The input of the nudm_ ueu _get service operation includes a credential set indicator, the peci of the PEGC, and the SN name.
The udm first checks whether the PEGC is authorized as a legitimate gateway based on the subscription information of the PEGC. If the PEGC is not authorized to act as a gateway, the UDM will terminate the credential provisioning process. Otherwise, the UDM will decide the identity verification method of the pin according to the subscription data and the credential configuration request of the PEGC.
Udm responded with Nudm __ Get procedure and AUSF. The input of the operation includes the sui of the PEGC and authentication mode information.
Ausf initiates an nnssaaf_aiwf_authentication operation to NSSAAF. The input to the operation includes an identification of the PINE. Specifically, AUSF selects NSSAAF according to the sui of PEGC.
NSSAAF should select the AAA server based on the identity of PINE. The identity of the PINE is then sent to a third party AAA server.
The pine and AAA server perform mutual authentication based on an extended authentication protocol (Extensible Authentication Protocol, EAP) EAP authentication mechanism and corresponding default credentials.
11. If the mutual authentication is successful, the third party server sends an EAP success message to the NSSAAF, otherwise the third party AAA server will terminate the operator credential configuration process.
NSSAAF sends an EAP success message to AUSF through the NSSAaf_AIWF_authentication service operator.
Ausf starts the authentication result indication procedure. In the indication process, the AUSF sends a credential configuration indicator, EAP success, an identity of the pin, SUPI of the PEGC, and corresponding authentication mode information to the UDM. The authentication result indication procedure may be implemented by defining a new UDM service operation or reusing an existing nudm_ueauthentication_resultation assignment operation.
The udm performs an operator credential configuration procedure, which may specifically include: the UDM stores the authentication result of the PINE. If the validation result indicates that the PINE has been successfully validated, the UDM will initiate the operator credential configuration process.
Pegc sends the configured operator credentials to PINE.
As shown in fig. 9, an embodiment of the present disclosure provides an information processing apparatus, wherein the apparatus includes:
the first sending module 110 is configured to send a first request to a network function, where the first request is used to request the network function to perform credential configuration on the PEGC-connected personal internet of things unit PINE.
The information processing apparatus may be included in a PEGC.
The information processing apparatus further includes: a storage module; the storage module may be configured to store at least the first request.
In some embodiments, the information processing apparatus may further include: a storage module; the storage module is operable to store at least the first request.
In some embodiments, the first sending module 110 may be a program module; the above-described operations can be performed by program modules when executed by a processor.
In other embodiments, the first transmitting module 110 may include: a soft-hard combination module; the soft and hard combined die block comprises but is not limited to: a programmable array; the programmable array includes, but is not limited to: a field programmable array and/or a complex programmable array.
In still other embodiments, the first transmitting module 110 may include: pure hardware modules. The pure hardware modules include, but are not limited to: an application specific integrated circuit.
In some embodiments, the first request includes at least: identification of PINE.
In some embodiments, the first request further comprises at least one of:
a credential configuration indicator indicating that a credential configuration is requested;
the identifier of the PEGC is at least used for verifying the validity of the PEGC.
In some embodiments, the identifying of the PEGC includes: a hidden identifier of the PEGC.
In some embodiments, the first sending module 110 is configured to send a non-access stratum NAS message containing the first request to the network function.
In some embodiments, the first request further comprises: capability information indicating the PEGC, wherein the capability information indicates at least security capability of the PEGC.
In some embodiments, the apparatus further comprises:
a first receiving module configured to receive an operator credential sent by the network function after a default credential verification of the PINE is passed;
the first sending module 110 is further configured to send the operator credential to the PINE.
As shown in fig. 10, an embodiment of the present disclosure provides an information processing apparatus, wherein the apparatus includes:
a second receiving module 210 configured to receive a first request sent by the PEGC; the first request requests the PINE to be subjected to credential configuration;
A second sending module 220, configured to send the second request to an authentication service function AUSF, where the second request is used for the AUSF to trigger the UDM to perform credential configuration of the pin.
The information processing apparatus may be included in an AMF.
In some embodiments, the second receiving module 210 and the second transmitting module 220 may be program modules; the above-described operations can be performed by program modules when executed by a processor.
In still other embodiments, the second receiving module 210 and the second transmitting module 220 may be soft-hard combination modules; the soft and hard combined die block comprises but is not limited to: a programmable array; the programmable array includes, but is not limited to: a field programmable array and/or a complex programmable array.
In still other embodiments, the second receiving module 210 and the second transmitting module 220 may be pure hardware modules; the pure hardware modules include, but are not limited to: an application specific integrated circuit.
In some embodiments, the first request includes: an identification of the PEGC;
the second sending module 220 is configured to send the second request to the AUSF selected according to the identity of the PEGC.
In some embodiments, the second request includes:
and the PINE identifier is used for identifying the PINE to be subjected to credential configuration.
In some embodiments, the second request further comprises at least one of:
a credential configuration indicator indicating that a credential configuration is requested;
an identification of the PEGC;
a visited network name of the PEGC;
the identifier of the PEGC and the name of the visited network are used for verifying whether the PEGC is legal or not.
In some embodiments, the second sending module 220 is further configured to send capability information of the PEGC to an AUSF, wherein the capability information indicates a security capability of the PEGC.
As shown in fig. 11, an embodiment of the present disclosure provides an information processing apparatus including:
a third receiving module 310 configured to receive a second request sent by the AMF; the second request requests the PINE to be subjected to credential configuration;
and a third sending module 320 configured to send a third request to the user data management UDM according to the second request, where the third request is used for configuring credentials of the PINE by the UDM.
The information processing apparatus may be included in an AUSF.
In some embodiments, the third receiving module 310 and the third transmitting module 320 may be program modules; the above-described operations can be performed by program modules when executed by a processor.
In still other embodiments, the third receiving module 310 and the third transmitting module 320 may be soft-hard combination modules; the soft and hard combined die block comprises but is not limited to: a programmable array; the programmable array includes, but is not limited to: a field programmable array and/or a complex programmable array.
In still other embodiments, the third receiving module 310 and the third transmitting module 320 may be pure hardware modules; the pure hardware modules include, but are not limited to: an application specific integrated circuit.
In some embodiments, the third request includes:
and the PINE identifier is used for identifying the PINE to be subjected to credential configuration.
In some embodiments, the third request further comprises at least one of:
a credential configuration indicator indicating that a credential configuration is requested;
an identification of the PEGC;
and the name of the visited network of the PEGC.
In some embodiments, the third receiving module 310 is configured to receive a request response of the third request, where the request response includes: authentication mode information;
the third sending module 320 is configured to send a fourth request to a slice independent networking private network authentication and authorization network element NSSAAF when the authentication mode information needs authentication and authorization accounting AAA authentication service authentication, where the fourth request is used for the NSSAAF to select an authentication and authorization accounting AAA authentication server to perform authentication of the default credentials of the PINE.
In some embodiments, the third receiving module 310 is configured to receive a request response of the third request returned when the PEGC verifies that it is legal.
In some embodiments, the fourth request comprises: an identification of PINE, wherein the identification of INE is used for the NSSAAF to select an authentication authorization accounting AAA authentication server for performing default credential authentication of PINE;
or,
the fourth request includes: the identifier of the PEGC and the identifier of the PINE are used for the NSSAAF to select an Authentication Authorization Accounting (AAA) authentication server for performing default credential authentication of the PINE.
In some embodiments, the third receiving module 310 is further configured to receive an authentication response of the fourth request;
the third sending module 320 is configured to send an authentication result of the PINE to the UDM when the authentication response indicates that the default credential of the PINE is authenticated; and the authentication result of the default credential authentication is used for starting the configuration flow of the operator credential of the PINE.
In some embodiments, the second request includes: capability information of the PEGC;
The apparatus further comprises:
and the selection module is configured to select a security algorithm used in the PINE operator credential configuration flow according to the capability information of the PEGC.
As shown in fig. 12, an embodiment of the present disclosure provides an information processing apparatus, wherein the apparatus further includes:
a fourth receiving module 410 configured to receive a third request sent by the authentication service function AUSF; the third request is used for configuring credentials of PINE.
The information processing apparatus may be included in NSSAA.
The information processing apparatus may further include: a storage module that can store the third request.
In some embodiments, the fourth receiving module 410 may be a program module that, when executed by a processor, is capable of performing the operations described above.
In other embodiments, the fourth receiving module 410 may be a hard-soft combined module including, but not limited to, various programmable arrays; the programmable array includes, but is not limited to: a field programmable array and/or a complex programmable array.
In still other embodiments, the fourth receiving module 410 may also be a pure hardware module; the pure hardware modules include, but are not limited to: an application specific integrated circuit.
In some embodiments, the apparatus further comprises:
a fourth sending module configured to send a request response of the third request to the AUSF, where the request response of the third request includes: authentication mode information; the authentication mode information is used for indicating whether the AAA authentication server is authenticated by adopting authentication authorization to perform authentication of default credentials of the PINE.
In some embodiments, the third request includes: the identity of the PEGC and/or the visited network name of the PEGC;
the fourth sending module is configured to send a request response carrying the third request of the authentication mode information to the AUSF when the PEGC is verified to be legal according to the identifier of the PEGC and/or the visited network name of the PEGC.
In some embodiments, the fourth receiving module 410 is further configured to receive an authentication result of the default credential of the PINE from the AUSF;
the apparatus further comprises:
and the starting module is configured to start the configuration flow of the operator credentials of the PINE when the default credentials of the PINE are legal.
In some embodiments, the third request includes at least:
and the identification of the PINE.
In some embodiments, the third request further comprises at least one of:
A credential configuration indicator indicating that an operator credential configuration is requested;
an identification of the PEGC;
and the name of the visited network of the PEGC.
As shown in fig. 13, an embodiment of the present disclosure provides an information processing apparatus, wherein the apparatus includes:
a fifth receiving module 510 configured to receive a fourth request sent by the AUSF;
a fifth sending module 520 configured to send a fifth request to the AAA authentication server according to the fourth request bearer; wherein the fifth request is for the AAA authentication server to verify a default credential of the pin;
the fifth receiving module 510 is configured to receive a request response of the fifth request;
the fifth sending module 520 is configured to send a request response of a fourth request to the AUSF according to the request response of the fifth request; and the request response of the fourth request is used for carrying the authentication result of the default certificate.
The information processing apparatus may be included in a UDM.
In some embodiments, the fifth receiving module 510 and the fifth transmitting module 520 may be program modules that, when executed by a processor, perform the operations described above.
In other embodiments, the fifth receiving module 510 and the fifth transmitting module 520 may be soft and hard combined modules including, but not limited to, various programmable arrays; the programmable array includes, but is not limited to: a field programmable array and/or a complex programmable array.
In still other embodiments, the fifth receiving module 510 and the fifth transmitting module 520 may also be purely hardware modules; the pure hardware modules include, but are not limited to: an application specific integrated circuit.
In some embodiments, the fourth request includes an identification of a PEGC;
the sending a fifth request to the AAA authentication server according to the authentication mode information carried by the fourth request includes:
and sending the fifth request to an AAA authentication server determined according to the identifier of the PEGC according to the authentication mode information carried by the fourth request.
The embodiment of the disclosure provides a communication device, comprising:
a memory for storing processor-executable instructions;
the processor is connected with the memories respectively;
wherein the processor is configured to execute the information processing method provided in any of the foregoing technical solutions.
The processor may include various types of storage medium, which are non-transitory computer storage media, capable of continuing to memorize information stored thereon after a power down of the communication device.
Here, the communication apparatus includes: UE or a network element, which may be any one of the first to fourth network elements described above.
The processor may be coupled to the memory via a bus or the like for reading an executable program stored on the memory, for example, at least one of the methods shown in fig. 2-8.
Fig. 14 is a block diagram of a UE800, according to an example embodiment. For example, the UE800 may be a mobile phone, a computer, a digital broadcast user equipment, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.
Referring to fig. 14, ue800 may include one or more of the following components: a processing component 802, a memory 804, a power component 806, a multimedia component 808, an audio component 810, an input/output (I/O) interface 812, a sensor component 814, and a communication component 816.
The processing component 802 generally controls overall operation of the UE800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 802 may include one or more processors 820 to execute instructions to generate all or part of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interactions between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.
The memory 804 is configured to store various types of data to support operations at the UE 800. Examples of such data include instructions for any application or method operating on the UE800, contact data, phonebook data, messages, pictures, videos, and the like. The memory 804 may be implemented by any type or combination of volatile or nonvolatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk.
The power supply component 806 provides power to the various components of the UE 800. The power components 806 may include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power for the UE 800.
The multimedia component 808 includes a screen between the UE800 and the user that provides an output interface. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may sense not only the boundary of a touch or slide action, but also the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front camera and/or a rear camera. The front camera and/or the rear camera may receive external multimedia data when the UE800 is in an operation mode, such as a photographing mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have focal length and optical zoom capabilities.
The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the UE800 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may be further stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 further includes a speaker for outputting audio signals.
The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be a keyboard, click wheel, buttons, etc. These buttons may include, but are not limited to: homepage button, volume button, start button, and lock button.
The sensor component 814 includes one or more sensors that provide status assessment of various aspects for the UE 800. For example, the sensor component 814 may detect an on/off state of the device 800, a relative positioning of components, such as a display and keypad of the UE800, the sensor component 814 may also detect a change in position of the UE800 or a component of the UE800, the presence or absence of user contact with the UE800, an orientation or acceleration/deceleration of the UE800, and a change in temperature of the UE 800. The sensor assembly 814 may include a proximity sensor configured to detect the presence of nearby objects without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscopic sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 816 is configured to facilitate communication between the UE800 and other devices, either wired or wireless. The UE800 may access a wireless network based on a communication standard, such as WiFi,2G, or 3G, or a combination thereof. In one exemplary embodiment, the communication component 816 receives broadcast signals or broadcast related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the UE800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic elements for executing the methods described above.
In an exemplary embodiment, a non-transitory computer-readable storage medium is also provided, such as memory 804 including instructions executable by processor 820 of UE800 to generate the above-described method. For example, the non-transitory computer readable storage medium may be ROM, random Access Memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.
As shown in fig. 15, an embodiment of the present disclosure shows a structure of an access device. For example, the communication device 900 may be provided as a network-side device. The communication device may be any of the aforementioned access network elements and/or network functions.
Referring to fig. 15, communication device 900 includes a processing component 922 that further includes one or more processors and memory resources represented by memory 932 for storing instructions, such as application programs, executable by processing component 922. The application programs stored in memory 932 may include one or more modules that each correspond to a set of instructions. Further, processing component 922 is configured to execute instructions to perform any of the methods described above as applied to the access device, e.g., as shown in any of fig. 2-8.
The communication device 900 may also include a power supply component 926 configured to perform power management of the communication device 900, a wired or wireless network interface 950 configured to connect the communication device 900 to a network, and an input output (I/O) interface 958. The communication device 900 may operate based on an operating system stored in memory 932, such as Windows Server TM, mac OS XTM, unixTM, linuxTM, freeBSDTM, or the like.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This disclosure is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It is to be understood that the invention is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

Claims (35)

  1. An information processing method, wherein the method is performed by a personal internet of things gateway PEGC, the method comprising:
    and sending a first request to a network function, wherein the first request is used for requesting the network function to perform credential configuration on the personal internet of things unit PINE connected with the PEGC.
  2. The method of claim 1, wherein the first request comprises at least: identification of PINE.
  3. The method of claim 1 or 2, wherein the first request further comprises at least one of:
    a credential configuration indicator indicating that a credential configuration is requested;
    the identifier of the PEGC is at least used for verifying the validity of the PEGC.
  4. The method of claim 3, wherein the identifying of the PEGC comprises: a hidden identifier of the PEGC.
  5. The method of any of claims 1-4, wherein the sending a first request to a network function comprises:
    and sending a non-access stratum (NAS) message containing the first request to the network function.
  6. The method of any of claims 1-5, wherein the first request further comprises: capability information indicating the PEGC, wherein the capability information indicates at least security capability of the PEGC.
  7. The method of any one of claims 1 to 5, wherein the method further comprises:
    receiving an operator credential sent by the network function after a default credential verification of the PINE passes;
    and sending the operator certificate to the PINE.
  8. An information processing method, wherein the method is performed by a network access function AMF, the method comprising:
    receiving a first request sent by PEGC; the first request requests the PINE to be subjected to credential configuration;
    And sending the second request to an authentication service function AUSF, wherein the second request is used for triggering the UDM to perform the credential configuration of the PINE by the AUSF.
  9. The method of claim 8, wherein the first request comprises: an identification of the PEGC;
    the sending the second request to the authentication service function AUSF includes:
    and sending the second request to the AUSF selected according to the identifier of the PEGC.
  10. The method of claim 8 or 9, wherein the second request comprises:
    and the PINE identifier is used for identifying the PINE to be subjected to credential configuration.
  11. The method of claim 10, wherein the second request further comprises at least one of:
    a credential configuration indicator indicating that a credential configuration is requested;
    an identification of the PEGC;
    a visited network name of the PEGC;
    the identifier of the PEGC and the name of the visited network are used for verifying whether the PEGC is legal or not.
  12. The method of claim 8, wherein the method further comprises:
    and sending the capability information of the PEGC to an AUSF, wherein the capability information indicates the security capability of the PEGC.
  13. An information processing method, wherein the method is performed by an AUSF, the method comprising:
    Receiving a second request sent by the AMF; the second request requests the PINE to be subjected to credential configuration;
    and sending a third request to a User Data Management (UDM) according to the second request, wherein the third request is used for configuring credentials of PINE by the UDM.
  14. The method of claim 13, wherein the third request comprises:
    and the PINE identifier is used for identifying the PINE to be subjected to credential configuration.
  15. The method of claim 14, wherein the third request further comprises at least one of:
    a credential configuration indicator indicating that a credential configuration is requested;
    an identification of the PEGC;
    and the name of the visited network of the PEGC.
  16. The method of any one of claims 13 to 15, wherein the method further comprises:
    receiving a request response to the third request, wherein the request response includes: authentication mode information;
    and when the authentication mode information needs authentication and authorization accounting AAA authentication service authentication, a fourth request is sent to a slice independent networking private network authentication and authorization network element NSSAAF, wherein the fourth request is used for the NSSAAF to select an authentication and authorization accounting AAA authentication server to authenticate the default certificate of the PINE.
  17. The method of claim 16, wherein the receiving the request response to the third request comprises:
    and receiving a request response of the third request returned when the PEGC is verified to be legal.
  18. The method of claim 16 or 17, wherein the fourth request comprises: an identification of a PINE, wherein the identification of the PINE is used for the NSSAAF to select an authentication authorization accounting AAA authentication server for performing default credential authentication of the PINE;
    or,
    the fourth request includes: the identifier of the PEGC and the identifier of the PINE are used for the NSSAAF to select an Authentication Authorization Accounting (AAA) authentication server for performing default credential authentication of the PINE.
  19. The method of any one of claims 15 to 18, wherein the method further comprises:
    receiving an authentication response of the fourth request;
    when the authentication response indicates that the default credential of the PINE is authenticated, sending an authentication result of the PINE to the UDM; and the authentication result of the default credential authentication is used for starting the configuration flow of the operator credential of the PINE.
  20. The method of any of claims 15 to 19, wherein the second request comprises: capability information of the PEGC;
    The method further comprises the steps of:
    and selecting a security algorithm used in the PINE operator certificate configuration flow according to the capability information of the PEGC.
  21. An information processing method, wherein the method is performed by a user data management, UDM, the method further comprising:
    receiving a third request sent by an authentication service function AUSF; the third request is used for configuring credentials of PINE.
  22. The method of claim 21, wherein the method further comprises:
    transmitting a request response of the third request to the AUSF, wherein the request response of the third request includes: authentication mode information; the authentication mode information is used for indicating whether the AAA authentication server is authenticated by adopting authentication authorization to perform authentication of default credentials of the PINE.
  23. The method of claim 22, wherein the third request comprises: the identity of the PEGC and/or the visited network name of the PEGC;
    the sending a request response to the AUSF for the third request includes:
    and when the PEGC is verified to be legal according to the identification of the PEGC and/or the network name of the visited place of the PEGC, sending a request response carrying the third request of the authentication mode information to the AUSF.
  24. The method of any one of claims 21 to 23, wherein the method further comprises:
    receiving an authentication result of a default credential of the PINE from the AUSF;
    and when the default credentials of the PINE are legal, starting an operator credential configuration flow of the PINE.
  25. The method of claim 22, wherein the third request comprises at least:
    and the identification of the PINE.
  26. The method of claim 25, wherein the third request further comprises at least one of:
    a credential configuration indicator indicating that an operator credential configuration is requested;
    an identification of the PEGC;
    and the name of the visited network of the PEGC.
  27. An information processing method, wherein a slice independent networking private network authentication authorization network element NSSAAF is performed, the method comprising:
    receiving a fourth request sent by AUSF;
    according to the fourth request, a fifth request is sent to an AAA authentication server; wherein the fifth request is for the AAA authentication server to verify a default credential of the pin;
    receiving a request response of the fifth request;
    according to the request response of the fifth request, sending a request response of a fourth request to the AUSF; and the request response of the fourth request is used for carrying the authentication result of the default certificate.
  28. The method of claim 27, wherein the fourth request includes an identification of a PEGC;
    the sending a fifth request to the AAA authentication server according to the authentication mode information carried by the fourth request includes:
    and sending the fifth request to an AAA authentication server determined according to the identifier of the PEGC according to the authentication mode information carried by the fourth request.
  29. An information processing apparatus, wherein the apparatus comprises:
    the first sending module is configured to send a first request to a network function, wherein the first request is used for requesting the network function to perform credential configuration on the personal internet of things unit PINE connected with the PEGC.
  30. An information processing apparatus, wherein the apparatus comprises:
    the second receiving module is configured to receive a first request sent by the PEGC; the first request requests the PINE to be subjected to credential configuration;
    and the second sending module is configured to send the second request to an authentication service function AUSF, wherein the second request is used for the AUSF to trigger the UDM to perform the credential configuration of the PINE.
  31. An information processing apparatus, wherein the apparatus comprises:
    a third receiving module configured to receive a second request sent by the AMF; the second request requests the PINE to be subjected to credential configuration;
    And the third sending module is configured to send a third request to the User Data Management (UDM) according to the second request, wherein the third request is used for configuring credentials of PINE by the UDM.
  32. An information processing apparatus, wherein the apparatus further comprises:
    a fourth receiving module configured to receive a third request sent by the authentication service function AUSF; the third request is used for configuring credentials of PINE.
  33. An information processing apparatus, wherein the apparatus comprises:
    a fifth receiving module configured to receive a fourth request sent by the AUSF;
    a fifth sending module configured to send a fifth request to the AAA authentication server according to the fourth request carrying; wherein the fifth request is for the AAA authentication server to verify a default credential of the pin;
    the fifth receiving module is configured to receive a request response of the fifth request;
    the fifth sending module is configured to send a request response of a fourth request to the AUSF according to a request response of the fifth request; and the request response of the fourth request is used for carrying the authentication result of the default certificate.
  34. A communication device comprising a processor, a transceiver, a memory and an executable program stored on the memory and capable of being run by the processor, wherein the processor when running the executable program performs the method as provided in any one of claims 1 to 7, 8 to 12, 13 to 20, 21 to 26 or 27 to 28.
  35. A computer storage medium storing an executable program; the executable program, when executed by a processor, is capable of implementing the method as provided in any one of claims 1 to 7, 8 to 12, 13 to 20, 21 to 26 or 27 to 28.
CN202280001053.8A 2022-04-02 2022-04-02 Information processing method and device, communication equipment and storage medium Pending CN117178583A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2022/085134 WO2023184548A1 (en) 2022-04-02 2022-04-02 Information processing method and apparatus, communication device, and storage medium

Publications (1)

Publication Number Publication Date
CN117178583A true CN117178583A (en) 2023-12-05

Family

ID=88198884

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202280001053.8A Pending CN117178583A (en) 2022-04-02 2022-04-02 Information processing method and device, communication equipment and storage medium

Country Status (2)

Country Link
CN (1) CN117178583A (en)
WO (1) WO2023184548A1 (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112105021B (en) * 2019-06-17 2022-05-10 华为技术有限公司 Authentication method, device and system
CN113709732B (en) * 2020-05-21 2024-06-25 阿里巴巴集团控股有限公司 Network access method, user equipment, network entity and storage medium
US20210368341A1 (en) * 2020-08-10 2021-11-25 Ching-Yu LIAO Secure access for 5g iot devices and services

Also Published As

Publication number Publication date
WO2023184548A1 (en) 2023-10-05

Similar Documents

Publication Publication Date Title
CN117795915A (en) Application program interface API authentication method, device, communication equipment and storage medium
CN117178583A (en) Information processing method and device, communication equipment and storage medium
WO2024031523A1 (en) Information processing method and apparatus, communication device, and storage medium
WO2024145947A1 (en) Information processing methods and apparatuses, and communication device and storage medium
WO2023231018A1 (en) Personal iot network (pin) primitive credential configuration method and apparatus, communication device, and storage medium
WO2023240661A1 (en) Authentication and authorization method and apparatus, and communication device and storage medium
WO2024000439A1 (en) Information processing methods and apparatuses, communication device, and storage medium
WO2024092735A1 (en) Communication control method, system and apparatus, and communication device and storage medium
WO2024031549A1 (en) Information processing method and apparatus, and communication device and storage medium
WO2023240657A1 (en) Authentication and authorization method and apparatus, communication device and storage medium
CN117597957A (en) Information processing method and device, communication equipment and storage medium
WO2024031640A1 (en) Information transmission method and apparatus, and communication device and storage medium
WO2024031399A1 (en) Method and apparatus for ue to join pin, and communication device and storage medium
WO2023197178A1 (en) Information processing methods, apparatus, communication device and storage medium
WO2023230924A1 (en) Authentication method, apparatus, communication device, and storage medium
WO2023226051A1 (en) Method and apparatus for selecting authentication mechanism for personal internet-of-things device, ue, network function, and storage medium
WO2023000139A1 (en) Credential transmission method and apparatus, communication device, and storage medium
CN117256166A (en) Information processing method and device, communication equipment and storage medium
CN117643088A (en) Key generation method and device, communication equipment and storage medium
CN117158046A (en) Information processing method and device, communication equipment and storage medium
CN117882414A (en) Information processing method and device, communication equipment and storage medium
CN117882483A (en) Information processing method and device, communication equipment and storage medium
CN117204001A (en) Information processing method and device, communication equipment and storage medium
CN116889002A (en) Information processing method, apparatus, communication device and storage medium
CN118614101A (en) Authorization method, device, communication equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination