CN118432807A - Communication method and communication device - Google Patents

Abstract

The embodiments of the present application provide a communication method and a communication device. The method includes: the authentication server function network element obtains a key update parameter when determining that the first key needs to be updated, uses the key update parameter to update the first key to obtain a second key, and sends the key update parameter, key update indication, message authentication code, and counter value associated with the first key to the terminal device through the unified data management function network element, so that the terminal device synchronously updates the first key. The technical solution of the present application realizes the synchronous update of the first key on the terminal side and the network side through the SoR or UPU mechanism, and determines the subsequent use of the second key and the initialized counter value associated with the second key, thereby preventing service suspension caused by SoR or UPU counter rollover, and better improving user experience.

Description

Communication method and communication device

Technical Field

The present application relates to the field of communications, and more specifically, to a communication method and a communication device.

Background technique

In communication systems, the widespread use of data services has increased users' demand for bandwidth. In order to ensure network security, it is necessary to authenticate and authorize user equipment (UE) accessing the network. Only after passing authentication and authorization can UE access the network and further request to establish a protocol data unit (PDU) session to access various services on the data network (DN).

For example, the roaming guidance (SoR) mechanism supports the home network to manage the visited network accessed by the terminal device, and the UE parameters update (UPU) mechanism supports the unified data management (UDM) network element to update user parameters through the control plane process. However, in actual use, the counter rollover may cause service suspension, reducing user experience.

Summary of the invention

The present application provides a communication method and a communication device, which can ensure that users can effectively obtain SoR services or UPU services and improve user experience.

In a first aspect, a communication method is provided, which can be executed by an authentication server function network element, or can also be executed by a chip or circuit used for the authentication server function network element, and the present application does not limit this. For ease of description, the following is an example of execution by the authentication server function network element.

The method includes: an authentication server function network element determines whether a first key needs to be updated, the first key is used to protect secure communication between a terminal device and a unified data management function network element; when it is determined that the first key needs to be updated, the authentication server function network element obtains a key update parameter; the authentication server function network element uses the key update parameter to update the first key to obtain a second key; the authentication server function network element uses the first key, a counter value associated with the first key, and the key update parameter as input parameters to generate a message authentication code; the authentication server function network element sends the key update parameter, the key update indication, the message authentication code, and the counter value associated with the first key to the terminal device through the unified data management function network element, the key update indication is used to instruct the terminal device to update the first key according to the key update parameter.

The counter value associated with the first key refers to a parameter newly added to the input parameters in order to prevent a replay attack, and can also ensure that the generated message authentication code is fresh.

According to the solution provided by the present application, based on the SoR or UPU mechanism, the authentication server function network element obtains the key update parameters when determining that the first key needs to be updated, uses the key update parameters to update the first key to obtain the second key, and sends the key update parameters, key update indication, message authentication code, and counter value associated with the first key to the terminal device through the unified data management function network element, so that the terminal device synchronously updates the first key. The technical solution of the present application can ensure the synchronous update of the first key on the terminal side and the network side, and determine the subsequent use of the second key and the initialized counter value associated with the second key, thereby avoiding service suspension caused by the rollover of the SoR or UPU counter and better improving the user experience. Compared with the prior art of resetting the value of the SoR or UPU counter by updating multiple keys through the main authentication to obtain SoR or UPU services, it can simplify the implementation method and reduce signaling overhead.

In combination with the first aspect, in certain implementation methods of the first aspect, after the authentication server function network element uses the key update parameter to update the first key to obtain the second key, it also includes: the authentication server function network element generates a counter associated with the second key, and initializes the counter associated with the second key to obtain the initialized counter value.

Based on this implementation method, by generating a timer associated with the second key and initializing the value of the counter, for example, resetting the value of the UPU counter associated with the second key to 1, when the authentication server function network element subsequently receives the key update result sent by the terminal device and determines that the terminal side has successfully updated the first key, the terminal side and the network side can synchronously use the second key and the counter value associated with the second key, thereby ensuring the orderly progress of subsequent SoR services or UPU services and protecting user experience.

In combination with the first aspect, in certain implementations of the first aspect, the authentication server function network element determines whether the first key needs to be updated, including: the authentication server function network element receives first indication information from the network management device; the authentication server function network element determines that the first key needs to be updated based on the first indication information.

Exemplarily, when the network management determines that the first key is expired, or the network system needs maintenance, the authentication server function network element determines that the first key needs to be updated based on the indication information from the network management device.

In combination with the first aspect, in some implementations of the first aspect, the authentication server function network element determines whether the first key needs to be updated, including: when a counter value associated with the first key is about to roll over, the authentication server function network element determines that the first key needs to be updated.

In one example, "about to roll over" can be understood as the counter value of the SoR/UPU is about to reach the upper limit of the value that can be expressed by the number of bits that the counter can store. Assume that the value of the SoR/UPU counter is stored in a variable with a length of 16 bits, and the upper limit is 65535. If it exceeds the upper limit, it will roll over, and if it approaches the upper limit, it is considered to be about to roll over. For example, if the current value of the SoR/UPU counter corresponds to the upper limit of 65535, the SoR/UPU counter will roll over; for another example, if the predefined SoR/UPU counter value is about to roll over and corresponds to 65530, it means that the SoR/UPU counter value will roll over when it reaches 65530, which means that the first key is about to be updated.

In another example, about to roll over can be understood as the counter value of the SoR/UPU is about to reach a logical threshold set by the authentication server function (AUSF). For example, the AUSF sets a threshold for the counter value of the SoR/UPU counter, and the threshold needs to be less than the maximum value indicated by the counter. Assuming that the counter value of the SoR/UPU is stored in a variable with a length of 16 bits, the AUSF can set the threshold of the SoR/UPU counter to 60000, and if it exceeds the threshold, it is considered to be about to roll over.

In combination with the first aspect, in some implementations of the first aspect, the key update parameter is a random number; or, the key update parameter is the value of another counter maintained locally; wherein the key update parameter makes the second key different from the first key.

In combination with the first aspect, in certain implementations of the first aspect, the authentication server function network element sends key update parameters, key update indications, message authentication codes, and counter values associated with a first key to a terminal device through a unified data management function network element, including: the authentication server function network element sends key update parameters and key update indications to the unified data management function network element; the authentication server function network element receives a first request message from the unified data management function network element, the first request message is used to request to obtain a message authentication code and a counter value associated with the first key, the first request message includes the key update parameters and a user permanent identification of the terminal device; in response to the first request message, the authentication server function network element sends a message authentication code and a counter value associated with the first key to the unified data management function network element.

Based on this implementation method, the authentication server function network element sends a message authentication code and a counter value associated with the first key to the unified data management function network element according to the received request message, ensures that the key update parameters and key update indications are sent to the terminal device using the UPU mechanism, instructs the terminal device to update the first key, and thereby enables the terminal side and the network side to synchronously update the key, and ensures the subsequent synchronous use of the second key, as well as the counter value associated with the second key, to effectively provide SoR or UPU services and improve user experience.

In combination with the first aspect, in some implementations of the first aspect, the key update parameter, the key update indication, the message authentication code, and the counter value associated with the first key are sent through the same message.

Based on this implementation, by sending the key update parameter, the key update indication, the message authentication code, and the counter value associated with the first key through the same message, signaling overhead can be reduced and latency can be lowered.

In combination with the first aspect, in certain implementations of the first aspect, the authentication server function network element sends a second request message to the unified data management function network element, and the second request message is used to request the unified data management function network element to send key update parameters, key update indication, message authentication code and counter value associated with the first key to the terminal device.

In combination with the first aspect, in certain implementations of the first aspect, the second request message includes second indication information, and the second indication information is used to instruct the unified data management function network element to send key update parameters, key update indication, message authentication code and counter value associated with the first key to the terminal device.

Based on this implementation method, the unified data management function network element determines to send key update parameters, key update indication, message authentication code, and counter value associated with the first key to the terminal device according to the request message from the authentication server function network element, and instructs the terminal device to update the first key, thereby ensuring that the first key is updated synchronously on the terminal side and the network side, and the counter value associated with the second key is subsequently used synchronously, avoiding suspension of SoR or UPU services due to counter rollover, ensuring the orderly provision and acquisition of SoR or UPU services, and improving user experience and system transmission performance.

In combination with the first aspect, in certain implementations of the first aspect, the authentication server function network element receives a confirmation message from the terminal device through the unified data management function network element, the confirmation message includes a key update result, and the key update result indicates whether the terminal device successfully updates the first key.

Based on this implementation method, the terminal device sends a confirmation message so that the authentication server function network element can determine whether the terminal device has successfully updated the first key according to the key update result. Then, when it is determined that the keys on the terminal side and the network side are updated synchronously, it can ensure that the subsequent terminal devices can effectively obtain SoR or UPU services, thereby improving the user experience.

In combination with the first aspect, in certain implementations of the first aspect, when the key update result indicates that the terminal device successfully updates the first key, the authentication server function network element determines to use the second key and the initialized counter value.

Based on this implementation method, by limiting the case where the first key has been successfully updated on the terminal side, the authentication server function network element determines to use the second key and the initialized counter value. This can ensure the orderly progress of subsequent SoR or UPU services and guarantee user experience while ensuring a secure connection between the terminal side and the network side.

In a second aspect, a communication method is provided, which can be executed by a unified data management function network element, or can also be executed by a chip or circuit for a unified data management function network element, and this application does not limit this. For ease of description, the following is an example of execution by a unified data management function network element.

The method includes: a unified data management function network element receives key update parameters, a key update indication, a message authentication code, and a counter value associated with a first key from an authentication server function network element, the key update indication is used to instruct a terminal device to update the first key according to the key update parameters, and the first key is used to protect the secure communication between the terminal device and the unified data management function network element; the unified data management function network element sends a notification message to the terminal device through an access and mobility management function network element, and the notification message includes the key update parameters, the key update indication, the message authentication code, and the counter value associated with the first key.

According to the solution provided in the present application, based on the SoR or UPU mechanism, the unified data management function network element sends the key update parameters, key update indication, message authentication code, and counter value associated with the first key from the authentication server function network element to the terminal device, and sends the key update result from the terminal device to the authentication server function network element, so that the terminal device and the authentication server function network element can realize the synchronous update of the key, and the subsequent synchronous use of the second key and the counter value associated with the second key, thereby ensuring that the user can effectively obtain the SoR or UPU service, thereby improving the user experience.

In combination with the second aspect, in certain implementations of the second aspect, in response to the notification message, the unified data management function network element receives a confirmation message from the terminal device through the access and mobility management function network element, the confirmation message includes a key update result, and the key update result indicates whether the terminal device successfully updates the first key; the unified data management function network element sends the key update result to the authentication server function network element.

Based on this implementation method, the terminal device sends a confirmation message so that the authentication server function network element can determine whether the terminal device has successfully updated the first key according to the key update result. Then, when it is determined that the keys on the terminal side and the network side are updated synchronously, it can ensure that the subsequent terminal devices can effectively obtain SoR or UPU services, thereby improving the user experience.

In combination with the second aspect, in certain implementations of the second aspect, the unified data management function network element receives key update parameters, key update indications, message authentication codes, and counter values associated with the first key from the authentication server function network element, including: the unified data management function network element receives key update parameters and key update indications from the authentication server function network element; the unified data management function network element sends a first request message to the authentication server function network element, the first request message is used to request to obtain the message authentication code and the counter value associated with the first key, the first request message includes the key update parameters and the user permanent identification of the terminal device; in response to the first request message, the unified data management function network element receives the message authentication code and the counter value associated with the first key from the authentication server function network element.

Based on this implementation method, the authentication server function network element sends a message authentication code and a counter value associated with the first key to the unified data management function network element according to the received request message, ensures that the key update parameters and key update indications are sent to the terminal device using the UPU mechanism, instructs the terminal device to update the first key, and thereby enables the terminal side and the network side to synchronously update the key, and ensures the subsequent synchronous use of the second key, as well as the counter value associated with the second key, to effectively provide SoR or UPU services and improve user experience.

In combination with the second aspect, in some implementations of the second aspect, the key update parameter, the key update indication, the message authentication code, and the counter value associated with the first key are sent through the same message.

Based on this implementation, by sending the key update parameter, the key update indication, the message authentication code, and the counter value associated with the first key through the same message, signaling overhead can be reduced and latency can be lowered.

In combination with the second aspect, in certain implementation methods of the second aspect, before the unified data management function network element sends a notification message to the terminal device through the access and mobility management function network element, it also includes: the unified data management function network element receives a second request message from the authentication server function network element, and the second request message is used to request the unified data management function network element to send key update parameters, key update indications, message authentication codes, and counter values associated with the first key to the terminal device; wherein the unified data management function network element sends a notification message to the terminal device through the access and mobility management function network element, including: in response to the second request message, the unified data management function network element sends a notification message to the terminal device through the access and mobility management function network element.

In combination with the second aspect, in certain implementations of the second aspect, the second request message includes second indication information, and the second indication information is used to instruct the unified data management function network element to send the key update parameters, key update indication, message authentication code and counter value to the terminal device.

Based on this implementation method, the unified data management function network element determines to send key update parameters, key update indication, message authentication code, and counter value associated with the first key to the terminal device according to the request message from the authentication server function network element, and instructs the terminal device to update the first key, thereby ensuring that the first key is updated synchronously on the terminal side and the network side, and the counter value associated with the second key is subsequently used synchronously, avoiding suspension of SoR or UPU services due to counter rollover, ensuring the orderly provision and acquisition of SoR or UPU services, and improving user experience and system transmission performance.

In a third aspect, a communication method is provided, which may be executed by a communication device, or may be executed by a chip or circuit for a communication device, which is not limited in the present application. For ease of description, the following description is given by taking the communication device as an example.

Optionally, the communication device may be a terminal device, such as a mobile phone, a car, a drone, a wearable device, etc., or a chip in the terminal device. In addition, the terminal device may also be referred to as a user device, so the communication device may also be a user device, or a chip in the user device. This application does not specifically limit this.

The method includes: a communication device receives a notification message from a unified data management function network element through an access and mobility management function network element, the notification message includes a key update parameter, a key update indication, a message authentication code, and a counter value associated with a first key, the key update indication is used to instruct the communication device to update the first key according to the key update parameter, and the first key is used to protect the secure communication between the communication device and the unified data management function network element; when the message authentication code and the counter value associated with the first key are verified, the communication device uses the key update parameter to update the first key to obtain a second key; in response to the notification message, the communication device sends a confirmation message to the unified data management function network element through the access and mobility management function network element, the confirmation message includes a key update result, and the key update result indicates whether the terminal device successfully updates the first key.

According to the solution provided by the present application, based on the SoR or UPU mechanism, after receiving the key update parameter, key update indication, message authentication code, counter value associated with the first key, and successfully verifying the message authentication code, counter value associated with the first key, the terminal device needs to update the first key to ensure that the terminal side and the network side synchronously update the first key. The technical solution of the present application can ensure the synchronous update of the first key on the terminal side and the network side, and determine the subsequent synchronous use of the second key and the initialized counter value associated with the second key, thereby avoiding service suspension caused by SoR or UPU counter rollover, and better improving user experience.

In combination with the third aspect, in certain implementations of the third aspect, after the communication device uses the key update parameter to update the first key and obtains the second key, it also includes: the communication device generates a counter associated with the second key, and initializes the counter associated with the second key to obtain the initialized counter value.

In combination with the third aspect, in certain implementations of the third aspect, when the key update result indicates that the terminal device successfully updates the first key, the terminal device determines to use the second key and the initialized counter value.

Based on this implementation, by generating a timer associated with the second key and initializing the value of the counter, for example, resetting the value of the UPU counter associated with the second key to 1, when the terminal device has successfully updated the first key, the key update result is sent to the authentication server function network element, so that the terminal side and the network side subsequently use the second key synchronously, and the counter value associated with the second key, which can ensure the orderly progress of subsequent SoR services or UPU services and protect user experience. By limiting the use of the second key and the initialized counter value when the terminal side has successfully updated the first key, the terminal device can ensure the orderly progress of subsequent SoR services or UPU services and protect user experience while ensuring a secure connection between the terminal side and the network side.

In a fourth aspect, an authentication server function network element is provided. The network element includes: a processing unit, used to determine whether a first key needs to be updated, the first key is used to protect the secure communication between the terminal device and the unified data management function network element; when it is determined that the first key needs to be updated, a transceiver unit, used to obtain a key update parameter; the processing unit is also used to update the first key using the key update parameter to obtain a second key; the processing unit is also used to use the first key, the counter value associated with the first key, and the key update parameter as input parameters to generate a message authentication code; the transceiver unit is also used to send the key update parameter, the key update indication, the message authentication code, and the counter value associated with the first key to the terminal device through the unified data management function network element, and the key update indication is used to instruct the terminal device to update the first key according to the key update parameter.

The transceiver unit can perform the reception and transmission processing in the aforementioned first aspect, and the processing unit can perform other processing except reception and transmission in the aforementioned first aspect.

In a fifth aspect, a unified data management function network element is provided. The network element includes: a transceiver unit, which is used to receive a key update parameter, a key update indication, a message authentication code, and a counter value associated with a first key from an authentication server function network element, the key update indication is used to instruct a terminal device to update the first key according to the key update parameter, and the first key is used to protect the secure communication between the terminal device and the unified data management function network element; the transceiver unit is also used to send a notification message to the terminal device through the access and mobility management function network element, the notification message includes the key update parameter, the key update indication, the message authentication code, and the counter value associated with the first key.

The transceiver unit can perform the reception and transmission processing in the aforementioned second aspect, and the processing unit can perform other processing except reception and transmission in the aforementioned second aspect.

In a sixth aspect, a communication device is provided. The device includes: a transceiver unit, which is also used to receive a notification message from a unified data management function network element through an access and mobility management function network element, the notification message includes a key update parameter, a key update indication, a message authentication code, and a counter value associated with a first key, the key update indication is used to instruct the communication device to update the first key according to the key update parameter, and the first key is used to protect the secure communication between the communication device and the unified data management function network element; when the message authentication code and the counter value associated with the first key are verified, the processing unit is also used to update the first key using the key update parameter to obtain a second key; in response to the notification message, the transceiver unit is also used to send a confirmation message to the unified data management function network element through the access and mobility management function network element, the confirmation message includes a key update result, and the key update result indicates whether the terminal device successfully updates the first key.

The transceiver unit can perform the receiving and sending processing in the aforementioned third aspect, and the processing unit can perform other processing except receiving and sending in the aforementioned third aspect.

In the seventh aspect, a communication device is provided, comprising a transceiver, a processor and a memory, wherein the processor is used to control the transceiver to receive and send signals, the memory is used to store a computer program, and the processor is used to call and run the computer program from the memory, so that the communication device executes the methods in the above-mentioned first to third aspects and any possible implementation methods thereof.

Optionally, the number of the processors is one or more, and the number of the memories is one or more.

Optionally, the memory may be integrated with the processor, or the memory may be provided separately from the processor.

Optionally, the communication device further includes a transmitter (transmitter) and a receiver (receiver).

In an eighth aspect, a communication system is provided, comprising one or more of the aforementioned communication device, authentication server functional network element, or unified data management functional network element.

In the ninth aspect, a computer-readable storage medium is provided, wherein the computer-readable storage medium stores a computer program or code, and when the computer program or code is run on a computer, the computer executes the method in the above-mentioned first to third aspects and any possible implementation manner thereof.

In the tenth aspect, a chip is provided, comprising at least one processor, wherein the at least one processor is coupled to a memory, the memory is used to store a computer program, and the processor is used to call and run the computer program from the memory, so that a communication device equipped with the chip system executes the methods in the above-mentioned first to third aspects and any possible implementation methods thereof.

The chip may include an input circuit or interface for sending information or data, and an output circuit or interface for receiving information or data.

In the eleventh aspect, a computer program product is provided, comprising: a computer program code, which, when executed by a communication device, enables the communication device to execute the methods in the above-mentioned first to third aspects and any possible implementation manner thereof.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG1 shows a schematic diagram of a network architecture 100 applicable to an embodiment of the present application.

FIG2 shows a flow chart of a method 200 for 5G authentication and key negotiation.

FIG. 3 is a flowchart illustrating an exemplary communication method 300 according to an embodiment of the present application.

FIG. 4 is a flowchart illustrating an exemplary communication method 400 according to an embodiment of the present application.

FIG. 5 is a flowchart illustrating an exemplary communication method 500 according to an embodiment of the present application.

FIG. 6 is a schematic diagram of the structure of a communication device 1000 provided in an embodiment of the present application.

FIG. 7 is a schematic diagram of the structure of a communication device 2000 provided in an embodiment of the present application.

FIG8 is a schematic diagram of the structure of a chip system 3000 provided in an embodiment of the present application.

Detailed ways

The technical solution in this application will be described below in conjunction with the accompanying drawings.

The technical solution provided in this application can be applied to various communication systems, such as: new radio (NR) system, long term evolution (LTE) system, LTE frequency division duplex (FDD) system, LTE time division duplex (TDD) system, etc. The technical solution provided in this application can also be applied to device to device (D2D) communication, vehicle to everything (V2X) communication, machine to machine (M2M) communication, machine type communication (MTC), and Internet of things (IoT) communication system or other communication systems.

In the communication system, the part operated by the operator can be called a public land mobile network (PLMN), or an operator network, etc. PLMN is a network established and operated by the government or an operator approved by it for the purpose of providing land mobile communication services to the public. It is mainly a public network in which mobile network operators (MNO) provide mobile broadband access services to users. The PLMN described in the embodiment of the present application may specifically be a network that meets the requirements of the third generation partnership project (3GPP) standards, referred to as a 3GPP network. 3GPP networks generally include but are not limited to fifth-generation mobile communication (5th generation, 5G) networks, fourth-generation mobile communication (4th-generation, 4G) networks, and other future communication systems, such as (6th-generation, 6G) networks, etc.

For the convenience of description, the 5G network will be used as an example in the embodiments of the present application.

FIG1 is a schematic diagram of a network architecture 100 applicable to an embodiment of the present application. As shown in FIG1 , the network architecture may specifically include the following network elements:

1. User equipment (UE): can be called terminal equipment, terminal, access terminal, user unit, user station, mobile station, mobile station, remote station, remote terminal, mobile device, user terminal, wireless communication equipment, user agent or user device. The terminal equipment can also be a cellular phone, a cordless phone, a session initiation protocol (SIP) phone, a wireless local loop (WLL) station, a personal digital assistant (PDA), a handheld device with wireless communication function, a computing device or other processing device connected to a wireless modem, a vehicle-mounted device, a drone, a wearable device, a terminal device in a 5G network or a terminal device in an evolved PLMN, etc., and the embodiments of the present application are not limited to this. The UE can be connected to the next generation radio access network (NG-RAN) device through the Uu interface, for example, UE#A and UE#D shown in Figure 1 are connected to NG-RAN through the Uu interface.

2. Access network (AN): provides network access for authorized users in a specific area and can use transmission tunnels of different qualities according to the user level, business requirements, etc. The access network can be an access network that uses different access technologies. Current access network technologies include: the wireless access network technology used in the third generation (3rd generation, 3G) system, the wireless access network technology used in the 4G system, or the NG-RAN technology shown in Figure 1 (such as the wireless access technology used in the 5G system).

An access network that implements access network functions based on wireless communication technology can be called a radio access network (RAN). The radio access network can manage wireless resources, provide access services to terminals, and then complete the forwarding of control signals and user data between terminals and the core network.

The wireless access network device may be, for example, a base station (NodeB), an evolved NodeB (eNB or eNodeB), a next generation Node Base station (gNB) in a 5G mobile communication system, a base station in a mobile communication system or an access point (AP) in a wifi wireless hotspot (WiFi) system, etc. It may also be a wireless controller in a cloud radio access network (CRAN) scenario, or the wireless access network device may be a relay station, an access point, a vehicle-mounted device, a drone, a wearable device, a network device in a 5G network, or a network device in an evolved PLMN, etc. The embodiments of the present application do not limit the specific technology and specific device form adopted by the wireless access network device.

3. Access management network element: mainly used for mobility management and access management, responsible for transferring user policies between user equipment and policy control function (PCF) network element, etc., can be used to implement other functions of mobility management entity (MME) except session management. Access authorization (or authentication) function.

The access and mobility management function (AMF) network element establishes a NAS connection with the UE. It has the same 5G NAS security context as the UE. The 5G NAS security context includes the key identification information of the NAS layer key, the UE security capability, and the uplink and downlink NAS COUNT values. The NAS layer key includes the NAS encryption key and the NAS integrity protection key. They are used for confidentiality protection and integrity protection of NAS messages respectively.

In a 5G communication system, the access management network element may be an AMF network element. In future communication systems, the access management network element may still be an AMF network element, or may have other names, which are not limited in this application.

4. Session management network element: mainly used for session management, allocation and management of Internet protocol (IP) addresses of user equipment, selection of endpoints of manageable user plane functions, policy control and charging function interfaces, and downlink data notification.

In a 5G communication system, the session management network element may be a session management function (SMF) network element. In future communication systems, the session management network element may still be an SMF network element, or may have other names, which are not limited in this application.

5. User plane network element: used for packet routing and forwarding, quality of services (QoS) processing of user plane data, completion of user plane data forwarding, session/flow-level billing statistics, bandwidth limitation and other functions.

In a 5G communication system, a user plane network element may be a user plane function (UPF) network element. In future communication systems, a user plane network element may still be a UPF network element, or may have other names, which are not limited in this application.

6. Data network element: a network used to provide data transmission.

In a 5G communication system, a data network element may be a data network (DN) element. In future communication systems, a data network element may still be a DN element, or may have other names, which are not limited in this application.

7. Policy control network element: A unified policy framework used to guide network behavior and provide policy rule information for control plane functional network elements (such as AMF, SMF network elements, etc.).

In a 4G communication system, the policy control network element may be a policy and charging rules function (PCRF) network element. In a 5G communication system, the policy control network element may be a policy control function (PCF) network element. In future communication systems, the policy control network element may still be a PCF network element, or may have other names, which are not limited in this application.

8. Data management network element: used to process user equipment identification, access authentication, registration and mobility management, etc.

In a 5G communication system, the data management network element may be a unified data management (UDM) network element; in a 4G communication system, the data management network element may be a home subscriber server (HSS) network element. In future communication systems, the data management network element may still be a UDM network element, or may have other names, which are not limited in this application.

9. Data repository network element: responsible for the storage and access of contract data, policy data, application data and other types of data.

In a 5G communication system, the data repository network element may be a unified data repository (UDR) network element. In future communication systems, the data repository network element may still be a UDR network element, or may have other names, which are not limited in this application.

10. Network exposure function (NEF) entity: used to securely expose the services and capabilities provided by 3GPP network functions to the outside world.

11. Authentication Server Function AUSF: After receiving the authentication request initiated by the contracted user, AUSF can authenticate and/or authorize the contracted user through the authentication information and/or authorization information stored in the UDM, or generate the authentication and/or authorization information of the contracted user through the UDM. AUSF can feedback the authentication information and/or authorization information to the contracted user.

It is understandable that the above network element or function can be a network element in a hardware device, a software function running on dedicated hardware, or a virtualized function instantiated on a platform (e.g., a cloud platform). The above network element or function can be implemented by one device, or by multiple devices together, or can be a functional module in one device, and the embodiments of the present application do not specifically limit this.

It should also be understood that the network architecture applicable to the embodiment of the present application shown in Figure 1 above is only an example, and the network architecture applicable to the embodiment of the present application is not limited to this. Any network architecture that can realize the functions of the above-mentioned network elements is applicable to the embodiment of the present application.

For example, in some network architectures, network function network element entities such as AMF, SMF network elements, PCF network elements and UDM network elements are all called network function NF network elements; or, in other network architectures, a collection of network elements such as AMF, SMF network elements, PCF network elements, UDM network elements, etc. can be called control plane function network elements, etc.

In the key architecture of the 5G system, the upper-layer keys of the key architecture include the root key K as well as CK and IK. When the EAP-AKA' authentication mechanism is adopted, CK' and IK' will also be used to deduce K _AUSF in the subsequent process; if the 5G-AKA authentication mechanism is adopted, K _AUSF is directly derived from CK and IK. Considering that the connection between the home public land mobile network (HPLMN) and the visited public land mobile network (VPLMV) may also be at risk, the 5G system introduces the intermediate keys K _AUSF and K _SEAF to isolate the risks of different networks. In addition to the root key K and IK/CK, the 5G key system contains the following keys, and their functions are:

AUSF key in the home network. _{K AUSF} is derived from CK' and IK' via the mobile equipment (ME) and the AUSF for EAP-AKA' authentication. CK' and IK' are part of the authentication vector sent to the AUSF. For 5G-AKA authentication, K AUSF is derived from CK and IK via the ME and the authentication credential repository and processing function (ARPF). K _AUSF is part of the 5G home network authentication vector sent by the ARPF to the AUSF.

The security anchor function (SEAF) key in the home network. K _SEAF is the anchor key derived by the ME and AUSF from K _AUSF . K _SEAF is provided by the AUSF to the SEAF in the serving network.

AMF key in the serving network. K _AMF is the key derived by ME and SEAF from K _SEAF . When the UE moves, K _AMF of the target AMF can also be derived by the UE and the source AMF.

NAS signaling key. K _NASint is the key derived by ME and _AMF from KAMF and is used to protect NAS signaling through the integrity algorithm. K _NASenc is the key derived by ME and _AMF from KAMF and is used to protect NAS signaling through the encryption algorithm.

ng-RAN key. _KgNB is the key derived by ME and _AMF from KAMF. During handover, the _KgNB of the target gNB can also be derived from the UE and the source _KgNB through horizontal and vertical derivation.

UP data key. K _UPenc is the key derived by K _gNB between ME and gNB and is used for encryption algorithm to protect user plane data; K _UPint is the key derived by K _gNB between ME and gNB and is only used for protecting user plane data through integrity algorithm.

RRC signaling key. K _RRCint is the key derived by K _gNB between the ME and gNB and is used to protect RRC signaling through the integrity algorithm. K _RRCenc is the key derived by K _gNB between the ME and gNB and is used to protect RRC signaling through the tariff algorithm.

Non-3GPP access key. K _N3IWF is the key for non-3GPP access derived by ME and _AMF from KAMF. K _N3IWF is not forwarded between N3IWFs.

On the network side, the 5G system generates multi-level, multi-purpose session keys based on the root key and distributes them to the corresponding network elements, forming the key architecture in the system. On the terminal side, the same key derivation mechanism is used to generate a key set corresponding to the network side. In the 5G system, the network elements holding keys and the functions of the keys are as follows:

Keys in ARPF. ARPF stores the long-term key K, and the length of key K is 128 bits or 256 bits. During the authentication and key negotiation process, if EAP-AKA' authentication is used, ARPF derives CK' and IK' from K. If 5G-AKA authentication is used, ARPF derives K _AUSF from K. ARPF sends the derived key to AUSF. ARPF retains the private key of the home network, which is used by the subscription identifier de-concealing function (SIDF) to remove the subscription concealed identifier (SUCI) and reconstruct the subscription permanent identifier (SUPI).

Keys in AUSF. If EAP-AKA' authentication is used, AUSF derives K _AUSF from CK' and IK', and K AUSF may be stored in AUSF during two consecutive authentication and key agreement processes.

Keys in SEAF. SEAF receives the anchor key K _SEAF from AUSF after master authentication in each service network. SEAF does not allow K _SEAF to be stored in entities other than SEAF. Once K _AMF is exported, K _SEAF will be deleted. SEAF should derive K _AMF from K _SEAF and send it to AMF immediately after the authentication and key agreement process. This means that new K _SEAF and K _AMF will be derived during each authentication and key agreement process.

Keys in AMF. AMF receives K _AMF from SEAF or another AMF. For mobility between AMFs, AMF derives the key K _AMF ' from K _AMF according to the policy and transmits it to another AMF. The receiving AMF uses K _AMF ' as its K _AMF . AMF derives the keys KNASint and KNASenc to protect the NAS layer. AMF derives the access network key K _gNB and sends it to the gNB.

Keys in RAN. NG-RAN (gNB or ng-eNB) receives _KgNB and HN from AMF. ng-eNB uses _KgNB as _KeNB .

The following briefly introduces the roaming guidance SoR mechanism and UPU mechanism.

The SoR mechanism is used for roaming management. The SoR process can occur during the registration process or after the registration is completed to support the HPLMN to roam the VPLMN accessed by the UE. Through the SoR function, the HPLMN can dynamically manage which VPLMN the UE is registered to. The SoR list includes a list of "preferred PLMN/access technology combinations"; or, the SoR list includes an indication of the PLHMN, which is used to indicate that there is no need to change the "preferred PLMN/access technology" list controlled by the operator and stored in the UE. It should be noted that the SoR message is integrity protected by calculating the message authentication code for the SoR Header, the "preferred PLMN ID/access technology" list and the SoR counter in the message. Among them, the message authentication code depends on the K _AUSF key. The SoR counter is created and initialized when the K _AUSF is derived. When the Counter value of the SoR counter reaches the set maximum value, the SoR service will be suspended until a primary authentication occurs again and the counter value of the SoR counter is reset, and the SoR service will be resumed. In other words, the reset of the SoR counter requires the update of the K _AUSF .

The UPU mechanism enables the UDM to update the UE's parameters through the control plane process. After the UE successfully registers with the 5G network, it supports sending the UE's updated parameters from the UDM to the UE. It should be noted that the UPU message is integrity protected and protected by calculating the message authentication code based on the UE's updated parameters and the UPU counter. Among them, the message authentication code depends on the K _AUSF key. The UPU counter is created and initialized when deriving the K _AUSF . When the Counter value of the UPU counter reaches the set maximum value, the UPU service will be suspended until the main authentication occurs again and the Counter value of the UPU counter is reset. The UPU service will be resumed. In other words, resetting the UPU counter requires an update of the K _AUSF .

Currently, according to the standard definition, the update of K _AUSF must be achieved by triggering the main authentication. For example, 5G AKA authentication, or EAP-AKA' authentication. The following takes the triggering of the 5G AKA main authentication process as an example to explain how to update K _AUSF .

Fig. 2 is a flow chart of a method 200 of 5G authentication and key agreement (AKA) provided in an embodiment of the present application. As shown in Fig. 2, it specifically includes the following steps, and the parts not described in detail can refer to the existing protocol.

It should be noted that, in this method, the global user identity module may be USIM, the mobile terminal may be ME, the security anchor function network element may be SEAF, the authentication server function network element may be AUSF, the unified data management may be UDM, or the authentication credential storage and processing function network element may be ARPF is used as an example for explanation.

S201, UDM or ARPF generates a 5G home environment authentication vector 5G HE AV.

Among them, 5G HE AV includes four variables: RAND, AUTN, XRES* and K _AUSF .

Exemplarily, AUSF sends SUCI/SUPI and serial number (SN-name) to UDM, and UDM uses SUCI/SUPI and service network name SN-name as input parameters to generate 5G HE AV.

S202, UDM sends a notification message to AUSF;

Correspondingly, AUSF receives notification messages from UDM.

Exemplarily, the notification message may be a Nudm_UEAuthentication_Get Response message.

The notification message includes 5G HE AV, and the notification message indicates that 5G HE AV is used for 5G AKA.

It should be noted that if the input parameters used to generate 5G HE AV in step S201 include SUCI, the UDM needs to decrypt the SUCI into SUPI and carry the SUPI in the notification message and send it to the AUSF.

Optionally, the notification message may further include one or more of the following: SUPI, AKAM indication, or Routing indicaticator.

S203, AUSF stores the XRES* variable in the 5G HE AV, and calculates HXRES* through XRES*, and calculates K _SEAF through K _AUSF .

Exemplarily, HXRES* is calculated through XRES*, specifically: AUSF takes XRES* and RAND as input parameters, and outputs HXRES* through a hash function, wherein the hash function may be SHA-256.

Exemplarily, K _SEAF is calculated by K _AUSF , specifically: AUSF takes K _AUSF and the service network name SN-name as input parameters and outputs K _SEAF .

Optionally, if the notification message carries SUPI or SUCI in step S202, the AUSF may also store the SUPI or SUCI amount.

S204, AUSF sends a 5G service environment authentication vector 5G SE AV to SEAF;

Correspondingly, SEAF receives the 5G service environment authentication vector 5G SE AV from AUSF.

Among them, 5G SE AV includes RAND, AUTH and HXRES*.

Exemplarily, AUSF sends the 5G service environment authentication vector 5G SE AV to SEAF via a Nausf_UEAuthentication_Authenticate Response message.

S205, SEAF sends an authentication request message #1 to ME;

Correspondingly, ME receives authentication request message #1 from SEAF.

Exemplarily, the authentication request message #1 may be an Authentication Request message, and the authentication request message #1 is a NAS message.

Among them, the authentication request message #1 includes RAND and AUTH in 5G SE AV. In addition, the authentication request message #1 also includes the next generation key set identifier (ngKSI), where ngKSI is the key identifier of _KAMF , which is used to uniquely identify a _KAMF . ngKSI is used for ME's AMF to identify _KAMF , and after AMF identification and authentication are passed, a local security context is created.

S206, ME sends RAND and AUTH in 5G SE AV to USIM;

Correspondingly, the USIM receives RAND and AUTH from the ME.

S207, the USIM verifies the freshness of AUTH, and if the verification is successful, calculates RES.

Exemplarily, after receiving RAND and AUTH, USIM first needs to verify the freshness of AUTH. For example, UE extracts SQN from AUTH, compares the SQN value maintained locally by UE with the SQN value received from the network side, to verify whether the SQN on the network side is within the correct range, so as to judge the freshness of AUTH.

Furthermore, when the freshness verification of AUTH passes, the USIM calculates RES. For example, the USIM uses the root key K and the random number RAND as input parameters and calculates RES.

S208, USIM sends RES, the encryption key CK derived from the root key, and the integrity protection key IK derived from the root key to ME;

Correspondingly, ME receives RES, CK and IK from USIM.

S209, ME calculates RES* through RES, calculates K _AUSF through CK||IK, and calculates K _SEAF through K _AUSF .

Exemplarily, RES* is obtained by calculating RES, specifically, using SN-name, RAND, RES and CK||IK as input parameters and outputting RES*.

Exemplarily, K _AUSF is calculated by CK||IK, specifically: using SN-name, SQNx or AK, CK||IK as input parameters, and outputting K _AUSF .

Exemplarily, K _SEAF is obtained by calculating K _AUSF , specifically, using SN-name and K _AUSF as input parameters, and outputting K _SEAF .

The following is a brief introduction to the derivation process of K _AUSF in 5G AKA. For the parts not involved, please refer to the description in the existing protocol, including:

When deriving K _AUSF from CK, IK and serving network name when generating authentication vectors, and when the UE calculates K _AUSF during the 5G AKA procedure, the following parameters shall form the input S to the key derivation function (KDF):

FC = 0x6A;

P0 = service network name;

L0 = length of the serving network name (variable length specified in 24.501 [35]);

P1＝SQN AK，

L1 = length of SQN AK (ie, 0x00 0x06).

The XOR of the sequence number (SQN) and the anonymous key (AK) is sent to the UE as part of the authentication token. For details, please refer to TS 33.102. If AK is not used, AK should be processed according to TS 33.102, that is, 000...0.

S210, ME sends authentication response message #1 to SEAF;

Correspondingly, SEAF receives the authentication response message #1 from ME.

Exemplarily, the authentication response message #1 may be an Authentication Responset message, and the authentication response message #1 is a NAS message.

Among them, the authentication response message #1 includes RES*.

S211, SEAF calculates HRES* through RES*, and determines whether the authentication is successful based on HRES* and HXRES*.

Exemplarily, HRES* is calculated by RES*, specifically: SEAF takes RES* and RAND as input parameters, and outputs HRES* through a hash function, wherein the hash function may be SHA-256.

Furthermore, SEAF compares HRES* with HXRES*. If the two are consistent, SEAF considers that the identity authentication of the ME is successful from the perspective of the service network.

Optionally, if SEAF does not receive RES* for a long time, it can be considered that ME is unreachable, and SEAF determines that authentication fails.

S212, SEAF sends authentication request message #2 to AUSF;

Correspondingly, AUSF receives authentication request message #2 from SEAF.

The authentication request message #2 includes RES*.

Exemplarily, the authentication request message #2 may be a Nausf_UEAuthentication_AuthenticateResquest message.

S213, AUSF determines whether the authentication is successful based on RES* and XRES*.

Exemplarily, AUSF first verifies whether 5G HE AV has expired. For example, AUSF can locally set a timer (countdown), such as 10 minutes, when executing step S203. If AUSF receives the authentication request message #2 sent in step S212 before the timer expires, it is considered that the authentication vector has not expired; conversely, if AUSF receives the authentication request message #2 sent in step S212 after the timer expires, it is considered that the authentication vector has expired.

Specifically, if the 5G HE AV has expired, AUSF may consider the ME's authentication to be unsuccessful from the perspective of the home network. If the 5G HE AV has not expired, AUSF compares the received RES* with the stored XRES*, and if the two are consistent, AUSF considers the ME's authentication to be successful from the perspective of the home network.

S214, AUSF sends authentication response message #2 to SEAF;

Correspondingly, SEAF receives authentication response message #2 from AUSF.

Exemplarily, the authentication response message #2 may be a Nausf_UEAuthentication_AuthenticateResponse message.

The authentication response message #2 includes the authentication result, which indicates whether the identity of the ME is successfully authenticated from the perspective of the home network. If the authentication is successful, the authentication response message #2 includes K _SEAF . It should be understood that, in the case of successful authentication, K _SEAF will be used as an anchor key.

Optionally, if AUSF receives SUCI in step S202 during authentication initialization, AUSF needs to decrypt SUCI into SUPI and return the SUPI to SEAF by carrying it in authentication response message #2.

S215, SEAF derives K _AMF according to K _SEAF , ABBA (anti-bidding down between architectures) and SUPI, wherein ABBA can be understood as a parameter for preventing downgrade attacks.

Furthermore, SEAF sends ngKSI and _KAMF to AMF, where ngKSI is the unique key identifier of _KAMF , which is used by ME's AMF to identify _KAMF and create a local security context after the identification and authentication are passed.

It should be noted that SEAF will only provide ngKSI and _KAMF to AMF after receiving a message containing SUPI. That is to say, SEAF will not provide communication services to ME before the service network (visited network) obtains SUPI.

In summary, the update of K _AUSF must be achieved by triggering the main authentication, which is triggered by the AMF network element of the service network. The home network cannot trigger the update of K _AUSF autonomously, which will cause the UPU service or SoR service to be suspended. The UPU service or SoR service can only be restored after the AMF of the service network re-triggers the main authentication to update the K _AUSF key. In addition, when updating K _AUSF by triggering the main authentication, all keys in the 5G system key architecture will be updated, which is also unnecessary to some extent.

In view of this, the present application provides a communication method and device, which actively triggers the update of K _AUSF through the authentication server function network element AUSF of the home network, and uses the UPU mechanism to transmit the key update parameters of K _AUSF to the communication device (such as UE), so as to achieve the synchronous update of the key of K _AUSF on the user side and the network side, thereby ensuring the user experience. Moreover, the method can update the K _AUSF key in a targeted manner without affecting the update of other keys in the key architecture, which can save signaling overhead.

In order to facilitate understanding of the embodiments of the present application, the following points are explained:

First, in this application, unless otherwise specified or there is a logical conflict, the terms and/or descriptions between different embodiments are consistent and can be referenced to each other, and the technical features in different embodiments can be combined to form new embodiments according to their internal logical relationships.

Second, in this application, "at least one" means one or more, and "more than one" means two or more. "And/or" describes the association relationship of associated objects, indicating that three relationships may exist. For example, A and/or B can mean: A exists alone, A and B exist at the same time, and B exists alone, where A and B can be singular or plural. In the text description of this application, the character "/" generally indicates that the associated objects before and after are in an "or" relationship. "At least one of the following" or similar expressions refers to any combination of these items, including any combination of single or plural items. For example, at least one of a, b and c can mean: a, or b, or c, or a and b, or a and c, or b and c, or a, b and c. Where a, b and c can be single or multiple, respectively.

Third, in the present application, "first", "second" and various numerical numbers (e.g., #1, #2, etc.) indicate distinctions made for ease of description and are not used to limit the scope of the embodiments of the present application. For example, to distinguish between different messages, etc., rather than to describe a specific order or sequence. It should be understood that the objects described in this way can be interchanged where appropriate so as to be able to describe solutions other than the embodiments of the present application.

Fourth, in this application, descriptions such as "when...", "in the case of..." and "if" all mean that the device will make corresponding processing under certain objective circumstances, but do not limit the time, nor do they require the device to have a judgment action when implementing it, nor do they mean the existence of other limitations.

Fifth, in this application, the terms "include" and "have" and any variations thereof are intended to cover non-exclusive inclusions. For example, a process, method, system, product or apparatus comprising a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to these processes, methods, products or apparatuses.

Sixth, in this application, "used for indication" may include being used for direct indication and being used for indirect indication. When describing that a certain indication information is used for indicating A, it may include that the indication information directly indicates A or indirectly indicates A, but it does not mean that the indication information must carry A.

The indication method involved in the embodiments of the present application should be understood to include various methods that can enable the party to be indicated to know the information to be indicated. The information to be indicated can be sent as a whole or divided into multiple sub-information and sent separately, and the sending period and/or sending time of these sub-information can be the same or different. The present application does not limit the specific sending method.

The "indication information" in the embodiments of the present application may be an explicit indication, i.e., directly indicated by signaling, or obtained by combining other rules or other parameters or by deduction according to the parameters indicated by the signaling. It may also be an implicit indication, i.e., obtained according to a rule or relationship, or according to other parameters, or by deduction. The present application does not make specific restrictions on this.

Seventh, in this application, "protocol" may refer to a standard protocol in the field of communications, such as 5G protocol, NR protocol, and related protocols used in future communication systems, which are not limited in this application. "Predefined" may include pre-definition. For example, protocol definition. "Preconfiguration" can be implemented by pre-saving corresponding codes, tables, or other methods that can be used to indicate relevant information in the device, and this application does not limit its specific implementation method.

Eighth, in this application, "storage" may refer to storage in one or more memories. The one or more memories may be separately set or integrated in an encoder or decoder, a processor, or a communication device. The one or more memories may also be partially separately set and partially integrated in a decoder, a processor, or a communication device. The type of memory may be any form of storage medium, which is not limited in this application.

Ninth, in this application, "communication" can also be described as "data transmission", "information transmission", "data processing", etc. "Transmission" includes "sending" and "receiving".

The communication method provided by the embodiment of the present application will be described in detail below in conjunction with the accompanying drawings. The embodiment provided by the present application can be applied to communication scenarios such as SoR service or UPU service, such as the communication system shown in FIG1 above.

Fig. 3 is a flowchart of a communication method 300 provided in an embodiment of the present application. The method 300 can be applied to the network architecture given in Fig. 1. As shown in Fig. 3, the method includes the following steps, and the parts not described in detail can refer to the existing protocol.

S301, optionally, executing a main authentication process to generate a first key (eg, K _AUSF ).

Among them, the specific implementation method of generating the first key can refer to the 5G AKA main authentication process of the above method 200. For the sake of brevity, it will not be repeated here.

Optionally, the first key may also be implemented through the EAP-AKA' main authentication process. For details, please refer to the relevant description in the existing protocol. For the sake of brevity, it will not be repeated here.

S302: The authentication server function network element (eg AUSF) determines whether the first key K _AUSF needs to be updated.

In a possible implementation, the network manager instructs the authentication server function network element to update the first key according to management requirements. For example, when the network manager determines that the K _AUSF key has expired or the network system needs maintenance, the network manager instructs the authentication server function network element to update K _AUSF by issuing an indication message (i.e., an example of the first indication message). Furthermore, the AUSF triggers the key K _AUSF update process according to the network manager's instructions.

In another possible implementation, the authentication server function network element triggers the update of the first key. For example, when the AUSF determines that the K _AUSF key is expired or that the network system needs maintenance, the AUSF autonomously triggers the key K _AUSF update process.

In another possible implementation, when the authentication server function network element detects that the counter value of the SoR or UPU service associated with the first key is about to roll over, the key K _AUSF update process is triggered, that is, it is determined that the first key needs to be updated.

In the embodiment of the present application, flipping can be understood as resetting the value of the counter. For example, the counter value of SoR/UPU is represented by 2 bits, namely 00, 01, 10 and 11, corresponding to 0, 1, 2 and 3 respectively. Each time a SoR service or UPU service is obtained or provided, the counter value of SoR/UPU will be increased by 1 accordingly. Assuming that the current counter value is 11, it means that the counter needs to be flipped to 00.

In one example, "about to roll over" can be understood as the counter value of the SoR/UPU is about to reach the upper limit of the value that can be expressed by the number of bits that the counter can store. Assume that the value of the SoR/UPU counter is stored in a variable with a length of 16 bits, and the upper limit is 65535. If it exceeds the upper limit, it will roll over, and if it approaches the upper limit, it is considered to be about to roll over. For example, if the current value of the SoR/UPU counter corresponds to the upper limit of 65535, the SoR/UPU counter will roll over; for another example, if the predefined SoR/UPU counter value is about to roll over and corresponds to 65530, it means that the SoR/UPU counter value will roll over when it reaches 65530, which means that the first key is about to be updated.

In another example, about to roll over can be understood as the counter value of the SoR/UPU is about to reach the logical threshold set by the AUSF. For example, the AUSF sets a threshold for the counter value of the SoR/UPU counter, and the threshold needs to be less than the maximum value indicated by the counter. Assuming that the counter value of the SoR/UPU is stored in a variable with a length of 16 bits, the AUSF can set the threshold of the SoR/UPU counter to 60000, and if it exceeds this threshold, it is considered to be about to roll over.

Optionally, the timer rollover may be predefined when the counter value in the above example is 10. The above counter values are also examples given for ease of understanding, and this application does not make any specific limitation on this.

Based on the above step S302, when the authentication server function network element determines that the first key K _AUSF needs to be updated, it executes the following step S303.

S303, the authentication server function network element obtains key update parameters (eg AUSF _KRP ).

It should be noted that the key update parameter can make the first key different from the second key.

In a possible implementation manner, the authentication server function network element locally generates a random number (Nonce), and uses the random number value as the key update parameter AUSF _KRP .

In another possible implementation, the authentication server function network element locally maintains a counter and uses the value of the counter as the key update parameter AUSF _KRP . It should be noted that the counter is different from the counter associated with the first key and the counter associated with the second key.

In yet another possible implementation, the authentication server function network element sends a request message #A to the access and mobility management function network element, for requesting to obtain the NAS Counter value as the key update parameter AUSF _KRP .

The NAS Counter value may be a NAS UL Count value (for example, a NAS Count value maintained locally by the terminal device and sent to the authentication server function network element), or a NAS DL Count value (for example, a NAS Count value maintained locally by the authentication server function network element and sent to the terminal device).

Exemplarily, the authentication server function network element sends a query message to the unified data management function network element (e.g., UDM) to query the access and mobility management function network element (e.g., AMF) that provides services for the current terminal device (e.g., UE); in response to the query message, UDM sends AMF identification information, such as AMF ID, to AMF. Furthermore, AUSF determines the corresponding AMF based on the AMF ID, and sends a request message #A to the AMF to request the NAS Counter value. In response to the request message #A, the AMF sends the NAS Counter value to the AUSF. Optionally, AUSF can obtain the NAS UL Counter value from the AMF, or it can obtain the NAS DL Counter value from the AMF, which is not specifically limited in this application.

S304: The authentication server function network element uses the key update parameter AUSF _KRP to update the first key K _AUSF to obtain a second key (eg K _AUSF ').

The deduction process of K _AUSF ' is: K _AUSF '=KDF(K _AUSF ,AUSF _KRP ). That is, the authentication server function network element takes K _AUSF and AUSF _KRP as input parameters and calculates K _AUSF ' through the key derivation function KDF.

In a possible implementation, after the authentication server function network element generates the second key K _AUSF ', a counter associated with the second key is generated, and the counter is initialized to obtain an initialized counter value. For example, the value of the UPU counter associated with the second key is reset to 1.

Further, in one example, the reset counter value associated with the second key is used as a freshness parameter (e.g., UPU counter Counter _UPU ) in subsequent steps 306 to S309; or, in another example, the counter value associated with the first key continues to be used as a freshness parameter (e.g., UPU counter Counter _UPU ) in subsequent steps S306 to S309 until the authentication server function network element receives the key update result of the terminal device in step S312, and determines that the terminal device has successfully updated the first key based on the key update result, then deletes the counter associated with the first key, and determines to use the second key and the counter value associated with the second key subsequently.

S305, the authentication server function network element uses the second key, the counter value associated with the first key, and the key update parameter as input parameters to generate a message authentication code (MAC).

Optionally, the counter value (count) associated with the first key is a parameter newly added to the input parameter to prevent replay attacks. The counter value associated with the first key is added to the input parameter to ensure that the output parameter is newly generated (fresh). For example, the counter value associated with the first key can be called a freshness parameter, and commonly used freshness parameters can also include but are not limited to: a random number (Nonce) used once, a timestamp (timestamp), etc.

For ease of description, the following description is made by taking the message authentication code as UPU-MAC-I _AUSF and the counter value associated with the first key as UPU counter Counter _UPU as an example. It should be understood that the UPU counter Counter _UPU is created and initialized when K _AUSF is derived (ie, step S301).

In one example, the authentication server function network element may retrieve the first key K _AUSF of the terminal device according to the SUPI of the terminal device, and then use the first key K _AUSF , the counter value associated with the first key, and the key update parameter AUSF _KRP as input parameters to generate a message authentication code UPU-MAC-I _AUSF .

In another example, the authentication server function network element may retrieve the first key K _AUSF of the terminal device according to the SUPI of the terminal device, and then use the first key K _AUSF , the counter value associated with the first key, the key update parameter AUSF _KRP and the key update indication as input parameters to generate a message authentication code UPU-MAC-I _AUSF .

Optionally, a private key in an asymmetric key is used to digitally sign the information, or a one-way function (such as a hash function) is used with a symmetric key (shared key) and the information as input parameters to generate a message authentication code MAC, or a one-way function (such as a hash function) is used alone without using a key, with the information as an input parameter to generate a hash value Hash value.

Next, based on the UPU mechanism, the authentication server function network element instructs the terminal device to update the first key through the unified data management function network element. Specifically, the authentication server function network element requests the unified data management function network element to send the key update parameter and the key update instruction to the terminal device to achieve key update synchronization between the terminal device side and the network side.

S306, the authentication server function network element sends a key update parameter AUSF _KRP , a counter value associated with the first key, a key update indication and a message authentication code to the unified data management function network element;

Correspondingly, the unified data management function network element receives the key update parameter AUSF _KRP , the counter value associated with the first key, the key update indication and the message authentication code from the authentication server function network element.

Optionally, the key update parameter AUSF _KRP and the key update indication (Refresh Ind) may be sent in a bundle.

In one possible implementation, the unified data management function network element receives data (for example, key update parameter AUSF _KRP ) that the authentication server function network element expects to send to the terminal device through a specific message. The specific message can be understood as instructing the unified data management function network element to call the UPU mechanism to send a UPU message; correspondingly, after receiving the data, the unified data management function network element sends the above data to the terminal device by executing the UPU process or the SoR process.

In another possible implementation, the authentication server function network element sends a request message (i.e., an example of the second request message) to the unified data management function network element, and the request message itself can be used to request the unified data management function network element to send key update parameters, key update indication, message authentication code, and counter value associated with the first key to the terminal device; correspondingly, after receiving the request message, the unified data management function network element sends key update parameters, key update indication, message authentication code, and counter value associated with the first key to the terminal device through the access and mobility management function network element.

In another possible implementation, when the authentication server function network element sends data (for example, the key update parameter AUSF _KRP ) to the unified data management function network element, it also sends indication information or other parameters with an indication function, and the indication information or other parameters with an indication function may be a key update indication; correspondingly, after receiving the data, the unified data management function network element determines to execute the UPU process or the SoR process through the indication information or other parameters with an indication function, and sends the above data to the terminal device.

It should be pointed out that when the unified data management function network element executes the UPU process or the SoR process, it needs to send the counter value and the message authentication code associated with the first key to the terminal device at the same time as sending the above data.

In one example, the authentication server function network element autonomously generates a message authentication code, and sends the message authentication code, a counter value associated with the first key, a key update indication, and a key update parameter to the unified data management function network element. The above parameters may be sent through the same message.

In another example, the message authentication code, the counter value associated with the first key, the key update indication, and the key update parameter are not sent to the unified data management function network element at the same time. For example, the authentication server function network element first sends the key update parameter and the key update indication to the unified data management function network element, which is used to instruct the unified data management function network element to forward the key update parameter to the terminal device through the UPU mechanism. Further, the unified data management function network element sends a request message (i.e., an example of a first request message) to the authentication server function network element, which is used to request to obtain the message authentication code, the counter value associated with the first key, and the request message includes the SUPI of the terminal device and the key update parameter.

S307, the unified data management function network element sends a notification message to the access and mobility management function network element;

Correspondingly, the access and mobility management function network element receives the notification message from the unified data management function network element.

The notification message includes a key update parameter, a message authentication code, a counter value associated with the first key, and a key update indication.

Optionally, if the notification message itself can be a key update indication message, the notification message may not carry the key update indication.

S308, the access and mobility management function network element sends a notification message to the terminal device;

Correspondingly, the terminal device receives a notification message from the access and mobility management functional network element.

The notification message is a NAS downlink message, including a key update parameter, a message authentication code, a counter value associated with the first key, and a key update indication.

S309: When the message authentication code and the counter value associated with the first key are verified, the terminal device uses the key update parameter AUSF _KRP to update the first key K _AUSF to obtain the second key K _AUSF '.

The specific verification method of the message authentication code and the counter value associated with the first key can refer to the existing protocol, and for the sake of brevity, it is not repeated here. It should be understood that only when the message authentication code and the counter value associated with the first key are verified, the terminal device uses the key update parameter to update the first key, and then derives the second key. The specific deduction process can refer to the above step S304, and for the sake of brevity, it is not repeated here.

It should be noted that in the above steps S306 to S309, the counter value associated with the first key is used as the input parameter of the message authentication code, which can reduce the changes to the existing protocol and reduce the signaling overhead.

Optionally, the counter value carried in steps S306 to S309 may also be the counter value associated with the second key generated in step S304. The difference lies in that, during the execution of the UPU, the unified data management function network element sends additional indication information to the terminal device through the access and mobility management function network element, instructing the terminal device to use the counter value associated with the second key to verify the message authentication code, instead of using the counter value associated with the first key for verification.

Based on this implementation, by verifying the message authentication code and the counter value associated with the first key, replay attacks can be prevented, the authentication of security credibility in network communications can be improved, and potential security risks can be reduced.

Further, in response to the notification messages of steps S307 and S308, the terminal device may send a confirmation message to the unified data management function network element through the access and mobility management function network element, that is, execute steps S310 and S311.

S310, the terminal device sends a confirmation message to the access and mobility management function network element;

Correspondingly, the access and mobility management function network element receives a confirmation message from the terminal device.

Exemplarily, the confirmation message is a NAS uplink message.

S311, the access and mobility management function network element sends a confirmation message to the unified data management function network element;

Correspondingly, the unified data management function network element receives a confirmation message from the access and mobility management function network element.

In a possible implementation, the confirmation message sent by the terminal device includes response information in response to the notification message and a key update result (Key Refresh RES) on the terminal device side. The response information is an acknowledgement (ACK) or a negative acknowledgement (NACK), which is used to inform the unified data management function network element through the access and mobility management function network element that the terminal device has successfully received the notification message, and the key update result information is used to indicate the local key update result of the terminal device, indicating that the update is successful or failed.

In another possible implementation, the terminal device sends a confirmation message only when the terminal device successfully receives the notification message and the local key of the terminal device is successfully updated. In other words, the confirmation message indicates that the first key on the terminal device side has been successfully updated.

It should be noted that, when the key update result indicates that the terminal device successfully updates the first key, the terminal device generates a counter associated with the second key, initializes the counter associated with the second key, and obtains the initialized counter value, that is, sets the value of the counter to 1. In addition, the second key is used in subsequent UPU or SoR services, and the initialized counter value associated with the second key is used.

Optionally, if the access and mobility management function network element cannot establish a NAS secure connection with the terminal device, the access and mobility management function network element may set the key update result Key Refresh RES to failure and notify the unified data management function network element.

S312, the unified data management function network element sends a response message to the authentication server function network element;

Correspondingly, the authentication server functional network element receives a response message from the unified data management functional network element.

The response message includes the key update result on the terminal device side.

In a possible implementation, the confirmation message received by the unified data management function network element contains key update result information Key Refresh RES. At this time, the unified data management function network element only needs to forward the key update result information to AUSF.

In another possible implementation, the confirmation message received by the unified data management function network element contains only confirmation information ACK of the transmission result. At this time, the unified data management function network element sends a message indicating successful key update to the authentication server function network element.

S313, the authentication server function network element determines to use the second key and the initialized counter value associated with the second key according to the key update result on the terminal device side.

Exemplarily, if the key update result indicates that the key update on the terminal device side is successful, the authentication server function network element may determine that the local starts to use the newly derived second key K _AUSF ' in step S304 for subsequent SoR services or UPU services. If a counter value associated with the first key is also stored locally, the authentication server function network element may delete the counter associated with the first key and start using the counter associated with the second key.

Optionally, if the key update result indicates that the key update on the terminal device side is unsuccessful, the authentication server function network element may determine to continue using the first key K _AUSF in step S301 for subsequent SoR service or UPU service; or repeat the above steps S303 to S313, etc.

The solution provided by the present application triggers the key update process of the first key K _AUSF through the authentication server function network element of the home network, without waiting for the access and mobile management function network elements of the service network to trigger the key update of K _AUSF . In addition, by using the UPU mechanism to pass the key update parameter AUSF _KRP of K _AUSF to the terminal device, the key synchronization update of K _AUSF on the user side and the network side can be achieved. In addition, the technical solution of the present application can update the first key K _AUSF separately, and other network elements SEAF, AMF, etc. do not need to synchronize and update their own keys. While ensuring network security communications, this method can enable the network to provide SoR services or UPU services to terminal devices.

Next, taking the terminal device as UE, the authentication server function network element as AUSF, the unified data management network element as UDM, and the mobility and access management function network element as AMF as an example, the key update scheme of the home network triggering K _AUSF is respectively described in combination with Figures 4 and 5. In the technical solution of the present application, the home network triggers and updates K _AUSF by other means except the main authentication, and the newly generated second key K _AUSF 'is generated by horizontal deduction of the old key K _AUSF .

FIG4 is a flow chart of a communication method 400 provided in an embodiment of the present application. The method triggers the key update process of K _AUSF by AUSF, and transmits the key update parameters of K _AUSF to UE by using the UPU mechanism, so as to realize the key synchronization update of K _AUSF on the user side and the network side. As shown in FIG4, the method includes the following steps.

S401, UE registers, executes the main authentication process, and generates K _AUSF (i.e., an example of the first key).

The specific implementation method may refer to the 5G AKA main authentication process of method 200, which will not be described here for brevity. Optionally, K _AUSF may also be generated through EAP-AKA' authentication, which is not specifically limited in this application.

S402, AUSF triggers the key update process of K _AUSF .

In a possible implementation, the network manager instructs the AUSF to update K _AUSF according to management requirements, that is, the AUSF triggers the key update of K _AUSF . Exemplarily, the network manager instructs the AUSF to update K _AUSF when determining that the K _AUSF key is expired or the network system is under maintenance.

In another possible implementation, AUSF actively triggers the key update of K _AUSF after detecting that the service associated with the K _AUSF key is missing or the service associated with the K _AUSF key is stopped.

S403, AUSF queries UDM for the AMF ID serving the UE.

Exemplarily, AUSF sends a query message to UDM, where the query message is used to query the AMF that provides services for the current UE; correspondingly, UDM returns the identification information AMF ID of the AMF to AUSF.

S404, AUSF requests AMF to obtain the NAS Counter value as the key refresh parameter (KRP) of K _AUSF . For ease of description, the key refresh parameter of K _AUSF is denoted by AUSF _KRP below.

Exemplarily, the AUSF sends a request message #A to the corresponding AMF according to the AMF ID, and the request message #A is used to request to obtain the NAS Counter value. Correspondingly, the AMF returns the NAS Counter value to the AUSF.

Optionally, the AUSF may obtain the NAS UL Counter value from the AMF as the AUSF _KRP , or may obtain the NAS DL Counter value from the AMF as the AUSF _KRP , which is not specifically limited in this application.

S405, AUSF generates K _AUSF ' (ie, an example of the second key) according to the first key K _AUSF and the key update parameter AUSF _KRP .

The specific implementation method may refer to step S304 of the above method 300, which will not be described again for the sake of brevity.

Further, after AUSF generates K _AUSF ', a counter associated with K _AUSF ' is generated, and the counter is initialized to obtain the initialized counter value. For example, the value of the UPU counter associated with K _AUSF ' is reset to 1. Exemplarily, the counter value associated with K _AUSF continues to be used in subsequent steps S409 to S411 until AUSF receives the key update result of the UE in step S414, and determines that the UE has successfully updated K _AUSF according to the key update result, then deletes the counter associated with K _AUSF , and determines to use K _AUSF ' and the counter value associated with K _AUSF ' in the future.

S406, AUSF sends a request message #1 (i.e., an example of a second request message) to UDM;

Correspondingly, UDM receives request message #1 from AUSF.

In one example, the request message #1 includes the key update parameter AUSF _KRP and the key update indication (KeyRefresh Ind), and the request message #1 is used to request the UDM to send the key update parameter AUSF _KRP and the key update indication to the UE. That is, the UDM sends the key update parameter AUSF _KRP and the key update indication to the UE through the UPU mechanism.

In another example, the request message #1 includes a key update parameter AUSF _KRP , and the request message #1 is used to request the UDM to send the key update parameter AUSF _KRP to the UE. Further, the UDM determines the key update indication based on a local specific function (the specific function is used to receive the key update request and trigger the key update) and the key update parameter AUSF _KRP , and then the UDM sends the key update parameter AUSF _KRP and the key update indication to the UE through the UPU mechanism.

S407, UDM sends a request message #2 (i.e., an example of the first request message) to AUSF;

Correspondingly, AUSF receives request message #2 from UDM.

The request message #2 includes the SUPI of the UE, and is used to request to obtain the message authentication code MAC and the counter value associated with the K _AUSF , which is used for the UE to verify the integrity protection and freshness of the NAS downlink message in the subsequent step S411.

In one example, when step 406 includes the key update parameter AUSF _KRP and the key update indication, the request message #2 also includes the key update parameter AUSF _KRP and the key update indication. That is, the UDM regards the key update parameter AUSF _KRP and the key update indication as a whole, and sends them to the AUSF as input parameters for the AUSF to generate the message authentication code MAC in the subsequent step S405.

In another example, when step 406 includes the key update parameter AUSF _KRP and the key update indication, the request message #2 also includes the key update parameter AUSF _KRP , that is, the key update parameter AUSF _KRP is used as an input parameter for AUSF to generate a message authentication code MAC in the subsequent step S405.

Exemplarily, the request message #2 may be a Nausf_UPUProtection Request message.

Exemplarily, the following description is made by taking the message authentication code as UPU-MAC-I _AUSF and the counter value associated with K _AUSF as UPU counter Counter _UPU as an example.

Exemplarily, the AUSF determines the key K _AUSF according to the SUPI of the UE, and generates the message authentication code UPU-MAC-I _AUSF according to the key K _AUSF , the UPU counter Counter _UPU , the key update parameter AUSF _KRP and the key update indication. Alternatively, the AUSF generates the message authentication code UPU-MAC-I _AUSF according to the key K _AUSF , the UPU counter Counter _UPU and the key update parameter AUSF _KRP .

S408, AUSF sends a response message #2 to UDM;

Correspondingly, UDM receives response message #2 from AUSF.

The response message #2 includes a message authentication code UPU-MAC-I _AUSF and a UPU counter Counter _UPU .

Exemplarily, the response message #2 may be a Nausf_UPUProtection Response message.

S409, UDM sends a notification message #1 (i.e., an example of a notification message) to AMF through the UPU mechanism;

Correspondingly, AMF receives notification message #1 from UDM.

In one example, if the key update parameter AUSF _KRP and the key update indication are carried in step 406, and the key update parameter AUSF _KRP and the key update indication are sent to the AUSF as a whole in step 407, then the notification message #1 may include the UPU data to be sent (i.e., the key update parameter AUSF _KRP and the key update indication are regarded as a whole), the message authentication code UPU-MAC-I _AUSF and the UPU counter Counter _UPU . Among them, the key update parameter AUSF _KRP and the key update indication are integrity protected.

In another example, if the key update parameter AUSF _KRP and the key update indication are carried in step 406, and the key update parameter AUSF _KRP is sent to the AUSF in step 407, the notification message #1 may include UPU data to be sent (i.e., the key update parameter AUSF _KRP ), the message authentication code UPU-MAC-I _AUSF , the UPU counter Counter _UPU and the key update indication. Among them, the key update parameter AUSF _KRP is integrity protected, and the key update indication is not integrity protected.

In another example, if the key update parameter AUSF _KRP and the key update indication are carried in step 406, and the key update parameter AUSF _KRP is sent to the AUSF in step 407, then the notification message #1 may include the UPU data to be sent (i.e., the key update parameter AUSF _KRP ), the message authentication code UPU-MAC-I _AUSF and the UPU counter Counter _UPU . Among them, the notification message #1 itself may be the key update indication information, then the notification message #1 may not carry the key update indication, and the signaling overhead may be reduced. Among them, the key update parameter AUSF _KRP is integrity protected.

Exemplarily, the notification message #1 may be a Nudm_SDM_Notification message.

S410, AMF sends notification message #1 to UE;

Correspondingly, the UE receives notification message #1 from the AMF, which may be a NAS downlink message.

In an example, the NAS downlink message includes a key update parameter AUSF _KRP , a message authentication code UPU-MAC-I _AUSF , a UPU counter Counter _UPU and a key update indication.

In another example, the NAS downlink message is key update indication information, and the NAS downlink message includes a key update parameter AUSF _KRP , a message authentication code UPU-MAC-I _AUSF and a UPU counter Counter _UPU .

S411: The UE generates K _AUSF ′ (ie, an example of the second key) according to the first key K _AUSF and the key update parameter AUSF _KRP .

Among them, after receiving the notification message #1, the UE needs to verify the message authentication code UPU-MAC-I _AUSF and the UPU counter Counter _UPU . Only if the verification is passed, the UE will update K _AUSF according to the AUSF _KRP to obtain K _AUSF '. The specific deduction process of generating K _AUSF ' is similar to step S405, and will not be repeated here for the sake of brevity.

It should be noted that, when the key update result indicates that the terminal device successfully updates K _AUSF , the UE generates a counter associated with K _AUSF ', initializes the counter associated with K _AUSF ', and obtains the initialized counter value, that is, sets the value of the counter to 1. In addition, K _AUSF ' is started to be used in subsequent UPU or SoR services, and the initialized counter value associated with K _AUSF ' is used.

S412, UE sends a confirmation message #1 (i.e., an example of a confirmation message) to AMF;

Correspondingly, AMF receives confirmation message #1 from UE.

The confirmation message #1 may be a NAS uplink message, including confirmation information ACK of the transmission result (ie, the NAS downlink message received in step S410), and the key update result on the UE side.

S413, AMF sends confirmation message #1 to UDM;

Correspondingly, UDM receives confirmation message #1 from AMF.

The confirmation message #1 includes ACK and Key Refresh RES.

Optionally, if the AMF cannot establish a NAS security connection with the UE, the AMF sets the RES to failure and marks the failure cause to notify the UDM.

Exemplarily, the confirmation message #1 may be a Nudm_SDM_information message.

S414, UDM sends a response message #1 to AUSF;

Correspondingly, UDM receives response message #1 from AUSF.

The response message #1 includes the key update result on the UE side.

S415, AUSF determines to use K _AUSF ' and the initialized counter value associated with K _AUSF ' according to the key update result on the UE side.

Optionally, if the key update result indicates that the key update on the UE side is successful, the AUSF may determine to use the newly derived K _AUSF ' in step S405 for subsequent SoR services or UPU services.

Optionally, if the key update result indicates that the key update on the UE side is unsuccessful, the AUSF may determine to continue using the old key K _AUSF in step S401 for subsequent SoR services or UPU services.

The method disclosed in the present application triggers the key update process of K _AUSF through the AUSF of the home network, without waiting for the service network AMF to trigger the key update of K _AUSF . In addition, by using the UPU mechanism to pass the key update parameter AUSF _KRP of K _AUSF to the UE, the key synchronization update of K _AUSF on the user side and the network side can be achieved. In addition, the technical solution of the present application can update K _AUSF separately, and other network elements such as SEAF and AMF do not need to synchronize and update their own keys. This method can enable the network to provide SoR services or UPU services to the UE while ensuring secure network communications.

FIG5 is a flow chart of a communication method 500 provided in an embodiment of the present application. The method triggers the key K _AUSF update process by AUSF, and uses the UPU mechanism to transmit the key update parameters of K _AUSF to the UE, so as to realize the key synchronization update of K _AUSF on the user side and the network side. Compared with method 400, method 500 can further save signaling overhead and reduce execution steps. As shown in FIG5, the method includes the following steps.

S501, UE registers, executes the main authentication process, and generates K _AUSF (ie, an example of the first key).

S502, AUSF triggers the key update process of K _AUSF .

The specific implementation of steps S501 and S502 may refer to the related description of steps S401 and S402 of the above method 400, which will not be described again for the sake of brevity.

S503, AUSF locally generates key update parameters AUSF _KRP .

Exemplarily, the AUSF generates a random number (Nonce) locally, and uses the number as the key update parameter AUSF _KRP of _{the AUSF} .

Exemplarily, the AUSF generates and maintains a counter locally, and uses the value of the counter as the update parameter AUSF _KRP of the KAUSF key.

S504: AUSF generates K _AUSF ′ (ie, an example of the second key) according to the first key K _AUSF and the key update parameter AUSF _KRP .

The _KAUSF ′ deduction process may refer to the related description of step S405 of the above method 400, which will not be described again for brevity.

Further, after AUSF generates K _AUSF ', a counter associated with K _AUSF ' is generated, and the counter is initialized to obtain the initialized counter value. For example, the value of the UPU counter associated with K _AUSF ' is reset to 1. Exemplarily, the counter value associated with K _AUSF continues to be used in subsequent steps S506 to S508 until AUSF receives the key update result of the UE in step S512, and determines that the UE has successfully updated K _AUSF according to the key update result, then deletes the counter associated with K _AUSF , and determines to use K _AUSF ' and the counter value associated with K _AUSF ' in the future.

S505, AUSF sends a request message #a (i.e., an example of a second request message) to UDM;

Correspondingly, UDM receives request message #a from AUSF.

The request message #a includes a key update parameter AUSF _KRP , a key update indication (Key RefreshInd), a message authentication code and a freshness parameter. The request message #a is used to request the UDM to send the key update parameter AUSF _KRP and the key update indication to the UE.

It should be noted that before executing step S505, AUSF generates a message authentication code MAC and a counter value associated with K _AUSF . Among them, the UPU counter Counter _UPU is created and initialized when K _AUSF is derived (i.e., step S501). Further, AUSF determines the key K _AUSF according to the SUPI of the UE, and generates a message authentication code UPU-MAC-I _AUSF according to the key K _AUSF and the UPU counter Counter _UPU .

S506, UDM sends a notification message #a (i.e., an example of a notification message) to AMF through the UPU mechanism;

Correspondingly, AMF receives notification message #a from UDM.

S507, AMF sends a notification message #a to the UE;

Correspondingly, the UE receives notification message #a from the AMF.

Among them, the notification message #a can be a NAS downlink message.

S508: The UE generates K _AUSF ′ (ie, an example of the second key) according to the first key K _AUSF and the key update parameter AUSF _KRP .

Among them, after receiving the notification message #1, the UE needs to verify the message authentication code UPU-MAC-I _AUSF and the UPU counter Counter _UPU . Only if the verification is passed, the UE will update K _AUSF using AUSF _KRP to obtain K _AUSF '. The specific implementation method can refer to step S411 of the above method 400, which will not be repeated here for the sake of brevity.

It should be noted that, when the key update result indicates that the terminal device successfully updates K _AUSF , the UE generates a counter associated with K _AUSF ', initializes the counter associated with K _AUSF ', and obtains the initialized counter value, that is, sets the value of the counter to 1. In addition, K _AUSF ' is started to be used in subsequent UPU or SoR services, and the initialized counter value associated with K _AUSF ' is used.

S509, UE sends a confirmation message #a (i.e., an example of a confirmation message) to AMF;

Correspondingly, the AMF receives a confirmation message #a from the UE, which may be a NAS uplink message.

The NAS uplink message includes confirmation information ACK of the transmission result and the key update result on the UE side.

S510, AMF sends a confirmation message #a to UDM;

Correspondingly, UDM receives confirmation message #a from AMF.

The confirmation message #a includes ACK and Key Refresh RES.

S511, UDM sends a response message #a to AUSF;

Correspondingly, UDM receives the response message #a from AUSF.

The response message #a includes the key update result on the UE side.

S512, AUSF determines to use KAUSF' and the initialized counter value associated with _KAUSF ' according to the key update result on the UE side.

The specific implementation of steps S506 to S512 may refer to steps S409 to S415 of the above method 400, and for the sake of brevity, they will not be described in detail here.

The method disclosed in the present application triggers the key update process of K _AUSF through the AUSF of the home network, without waiting for the service network AMF to trigger the key update of K _AUSF . In addition, by using the UPU mechanism to pass the key update parameter AUSF _KRP of K _AUSF to the UE, the key synchronization update of K _AUSF on the user side and the network side can be achieved. In addition, the technical solution of the present application can update K _AUSF separately, and other network elements such as SEAF and AMF do not need to synchronize and update their own keys. This method can enable the network to provide SoR services or UPU services to the UE while ensuring secure network communications.

The above describes in detail the communication method side embodiment of the present application in conjunction with Figures 1 to 5, and the following describes in detail the communication device side embodiment of the present application in conjunction with Figures 6 and 7. It should be understood that the description of the device embodiment corresponds to the description of the method embodiment, and therefore, the part not described in detail can refer to the previous method embodiment.

FIG6 is a schematic block diagram of a communication device 1000 provided in an embodiment of the present application. As shown in FIG6, the device 1000 may include a transceiver unit 1010 and a processing unit 1020. The transceiver unit 1010 may communicate with the outside, and the processing unit 1020 is used for data processing. The transceiver unit 1010 may also be referred to as a communication interface or a transceiver unit.

In one possible design, the device 1000 may implement steps or processes corresponding to those performed by the authentication server function network element (e.g., AUSF) in the above method embodiment, wherein the transceiver unit 1010 is used to perform operations related to the transmission and reception of the AUSF in the above method embodiment, and the processing unit 1020 is used to perform operations related to the processing of the AUSF in the above method embodiment.

Exemplarily, the processing unit 1020 is used to determine whether it is necessary to update the first key, and the first key is used to protect the secure communication between the terminal device and the unified data management function network element; when the processing unit 1020 determines that the first key needs to be updated, the transceiver unit 1010 is used to obtain the key update parameter; the processing unit 1020 is also used to use the key update parameter to update the first key to obtain the second key; the processing unit 1020 is also used to use the first key, the counter value associated with the first key, and the key update parameter as input parameters to generate a message authentication code; the transceiver unit 1010 is also used to send the key update parameter, the key update indication, the message authentication code, and the counter value associated with the first key to the terminal device through the unified data management function network element, and the key update indication is used to instruct the terminal device to update the first key according to the key update parameter.

In another possible design, the device 1000 may implement steps or processes corresponding to those executed by the unified data management function network element (e.g., UDM) in the above method embodiment, wherein the transceiver unit 1010 is used to execute the UDM's transceiver-related operations in the above method embodiment, and the processing unit 1020 is used to execute the UDM's processing-related operations in the above method embodiment.

Exemplarily, the transceiver unit 1010 is used to receive key update parameters, key update indications, message authentication codes, and counter values associated with the first key from the authentication server functional network element, the key update indication being used to instruct the terminal device to update the first key according to the key update parameters, the first key being used to protect secure communications between the terminal device and the unified data management functional network element; the transceiver unit 1010 is also used to send a notification message to the terminal device through the access and mobility management functional network element, the notification message including the key update parameters, the key update indication, the message authentication code, and the counter value associated with the first key.

In another possible design, the device 1000 may implement steps or processes corresponding to those performed by a communication device (e.g., a UE) in the above method embodiments, wherein the processing unit 1020 is used to perform processing-related operations of the UE in the above method embodiments, and the transceiver unit 1010 is used to perform transceiver-related operations of the UE in the above method embodiments.

Exemplarily, the transceiver unit 1010 is used to receive a notification message from a unified data management function network element through an access and mobility management function network element, where the notification message includes a key update parameter, a key update indication, a message authentication code, and a counter value associated with a first key, where the key update indication is used to instruct the communication device to update the first key according to the key update parameter, and the first key is used to protect the secure communication between the communication device and the unified data management function network element; when the message authentication code and the counter value associated with the first key are verified, the processing unit 1020 is also used to update the first key using the key update parameter to obtain a second key; in response to the notification message, the transceiver unit 1010 is also used to send a confirmation message to the unified data management function network element through the access and mobility management function network element, where the confirmation message includes a key update result, and the key update result indicates whether the terminal device successfully updates the first key.

It should be understood that the device 1000 here is embodied in the form of a functional unit. The term "unit" here may refer to an application specific integrated circuit (ASIC), an electronic circuit, a processor (such as a shared processor, a proprietary processor or a group processor, etc.) and a memory for executing one or more software or firmware programs, a merged logic circuit and/or other suitable components that support the described functions. In an optional example, those skilled in the art can understand that the device 1000 can be specifically the transmitting end in the above-mentioned embodiment, and can be used to execute the various processes and/or steps corresponding to the transmitting end in the above-mentioned method embodiment, or the device 1000 can be specifically the receiving end in the above-mentioned embodiment, and can be used to execute the various processes and/or steps corresponding to the receiving end in the above-mentioned method embodiment. To avoid repetition, it will not be repeated here.

The device 1000 of each of the above-mentioned solutions has the function of implementing the corresponding steps performed by the sending end in the above-mentioned method, or the device 1000 of each of the above-mentioned solutions has the function of implementing the corresponding steps performed by the receiving end in the above-mentioned method. The functions can be implemented by hardware, or by hardware executing corresponding software implementations. The hardware or software includes one or more modules corresponding to the above-mentioned functions; for example, the transceiver unit can be replaced by a transceiver (for example, the sending unit in the transceiver unit can be replaced by a transmitter, and the receiving unit in the transceiver unit can be replaced by a receiver), and other units, such as the processing unit, can be replaced by a processor, respectively performing the transceiver operations and related processing operations in each method embodiment.

In addition, the above-mentioned transceiver unit can also be a transceiver circuit (for example, it can include a receiving circuit and a transmitting circuit), and the processing unit can be a processing circuit. In an embodiment of the present application, the device in Figure 6 can be a receiving end or a transmitting end in the aforementioned embodiment, or it can be a chip or a chip system, for example: a system on chip (SoC). Among them, the transceiver unit can be an input and output circuit, a communication interface. The processing unit is a processor or a microprocessor or an integrated circuit integrated on the chip. This is not limited here.

FIG7 is a schematic block diagram of a communication device 2000 provided in an embodiment of the present application. As shown in FIG7, the device 2000 includes a processor 2010 and a transceiver 2020. The processor 2010 and the transceiver 2020 communicate with each other through an internal connection path, and the processor 2010 is used to execute instructions to control the transceiver 2020 to send signals and/or receive signals.

Optionally, the device 2000 may further include a memory 2030, and the memory 2030 communicates with the processor 2010 and the transceiver 2020 through an internal connection path. The memory 2030 is used to store instructions, and the processor 2010 may execute the instructions stored in the memory 2030.

In a possible implementation, the device 2000 is used to implement various processes and steps corresponding to the UE in the above method embodiment.

In another possible implementation, the device 2000 is used to implement the various processes and steps corresponding to the AUSF in the above method embodiment.

In yet another possible implementation, the device 2000 is used to implement each process and step corresponding to the UDM in the above method embodiment.

It should be understood that the device 2000 can be specifically the transmitting end or receiving end in the above embodiment, or a chip or a chip system. Correspondingly, the transceiver 2020 can be a transceiver circuit of the chip, which is not limited here. Specifically, the device 2000 can be used to execute each step and/or process corresponding to the transmitting end or receiving end in the above method embodiment.

Optionally, the memory 2030 may include a read-only memory and a random access memory, and provide instructions and data to the processor. A portion of the memory may also include a non-volatile random access memory. For example, the memory may also store information about the device type. The processor 2010 may be used to execute instructions stored in the memory, and when the processor 2010 executes instructions stored in the memory, the processor 2010 is used to execute the various steps and/or processes of the above-mentioned method embodiment corresponding to the transmitting end or the receiving end.

In the implementation process, each step of the above method can be completed by an integrated logic circuit of hardware in a processor or an instruction in the form of software. The steps of the method disclosed in conjunction with the embodiment of the present application can be directly embodied as a hardware processor for execution, or a combination of hardware and software modules in a processor for execution. The software module can be located in a storage medium mature in the art such as a random access memory, a flash memory, a read-only memory, a programmable read-only memory or an electrically erasable programmable memory, a register, etc. The storage medium is located in a memory, and the processor reads the information in the memory and completes the steps of the above method in conjunction with its hardware. To avoid repetition, it is not described in detail here.

It should be noted that the processor in the embodiment of the present application can be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the above method embodiment can be completed by an integrated logic circuit of hardware in the processor or an instruction in the form of software. The above processor can be a general-purpose processor, a digital signal processor, an application-specific integrated circuit, a field programmable gate array or other programmable logic device, a discrete gate or transistor logic device, a discrete hardware component. The processor in the embodiment of the present application can implement or execute the methods, steps and logic block diagrams disclosed in the embodiment of the present application. The general-purpose processor can be a microprocessor or the processor can also be any conventional processor, etc. The steps of the method disclosed in the embodiment of the present application can be directly embodied as a hardware decoding processor to execute, or the hardware and software modules in the decoding processor can be combined and executed. The software module can be located in a mature storage medium in the field such as a random access memory, a flash memory, a read-only memory, a programmable read-only memory or an electrically erasable programmable memory, a register, etc. The storage medium is located in a memory, and the processor reads the information in the memory and completes the steps of the above method in combination with its hardware.

It is understood that the memory in the embodiments of the present application may be a volatile memory or a non-volatile memory, or may include both volatile and non-volatile memories. Among them, the non-volatile memory may be a read-only memory (ROM), a programmable read-only memory (PROM), an erasable programmable read-only memory (EPROM), an electrically erasable programmable read-only memory (EEPROM), or a flash memory. The volatile memory may be a random access memory (RAM), which is used as an external cache. By way of example but not limitation, many forms of RAM are available, such as static random access memory, dynamic random access memory, synchronous dynamic random access memory, double data rate synchronous dynamic random access memory, enhanced synchronous dynamic random access memory, synchronous connection dynamic random access memory, and direct memory bus random access memory. It should be noted that the memory of the system and method described herein is intended to include, but is not limited to, these and any other suitable types of memory.

8 is a schematic block diagram of a chip system 3000 provided in an embodiment of the present application. The chip system 3000 (or also referred to as a processing system) includes a logic circuit 3010 and an input/output interface 3020 .

Among them, the logic circuit 3010 can be a processing circuit in the chip system 3000. The logic circuit 3010 can be coupled to the storage unit and call the instructions in the storage unit so that the chip system 3000 can implement the methods and functions of each embodiment of the present application. The input/output interface 3020 can be an input/output circuit in the chip system 3000, outputting information processed by the chip system 3000, or inputting data or signaling information to be processed into the chip system 3000 for processing.

As a solution, the chip system 3000 is used to implement the operations performed by the communication device (such as the UE in Figures 2 to 5) in the above various method embodiments.

For example, the logic circuit 3010 is used to implement the processing-related operations performed by the UE in the above method embodiments, such as the processing-related operations performed by the UE in the embodiment shown in Figure 2, or the processing-related operations performed by the UE in any one of the embodiments shown in Figures 3 to 5; the input/output interface 3020 is used to implement the sending and/or receiving-related operations performed by the UE in the above method embodiments, such as the sending and/or receiving-related operations performed by the UE in the embodiment shown in Figure 2, or the sending and/or receiving-related operations performed by the UE in any one of the embodiments shown in Figures 3 to 5.

As another solution, the chip system 3000 is used to implement the operations performed by the AUSF (such as the AUSF in Figures 2 to 5) in the above method embodiments.

For example, the logic circuit 3010 is used to implement the processing-related operations performed by the AUSF in the above method embodiments, such as the processing-related operations performed by the AUSF in the embodiment shown in Figure 2, or the processing-related operations performed by the AUSF in any one of the embodiments shown in Figures 3 to 5; the input/output interface 3020 is used to implement the sending and/or receiving-related operations performed by the AUSF in the above method embodiments, such as the sending and/or receiving-related operations performed by the AUSF in the embodiment shown in Figure 2, or the sending and/or receiving-related operations performed by the AUSF in any one of the embodiments shown in Figures 3 to 5.

An embodiment of the present application also provides a computer-readable storage medium on which computer instructions are stored for implementing the methods executed by a device (e.g., a communication device (e.g., a terminal device), or AUSF, or UDM, or AMF) in the above-mentioned method embodiments.

An embodiment of the present application also provides a computer program product, comprising instructions, which, when executed by a computer, implement the methods performed by a device (e.g., a communication device (e.g., a terminal device), or AUSF, or UDM, or AMF) in the above-mentioned method embodiments.

An embodiment of the present application also provides a communication system, including the aforementioned communication device (e.g., terminal equipment), or one or more of AUSF, or UDM, or AMF.

The explanation of the relevant contents and beneficial effects of any of the above-mentioned devices can be referred to the corresponding method embodiments provided above, which will not be repeated here.

Those of ordinary skill in the art will appreciate that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Professional and technical personnel can use different methods to implement the described functions for each specific application, but such implementation should not be considered to be beyond the scope of this application.

Those skilled in the art can clearly understand that, for the convenience and brevity of description, the specific working processes of the systems, devices and units described above can refer to the corresponding processes in the aforementioned method embodiments and will not be repeated here.

In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices and methods can be implemented in other ways. For example, the device embodiments described above are only schematic. For example, the division of the units is only a logical function division. There may be other division methods in actual implementation, such as multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be through some interfaces, indirect coupling or communication connection of devices or units, which can be electrical, mechanical or other forms.

The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place or distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.

If the functions are implemented in the form of software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application can be essentially or partly embodied in the form of a software product that contributes to the prior art. The computer software product is stored in a storage medium and includes several instructions for a computer device (which can be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage medium includes: various media that can store program codes, such as a USB flash drive, a mobile hard disk, a read-only memory, a random access memory, a magnetic disk, or an optical disk.

The above is only a specific implementation of the present application, but the protection scope of the present application is not limited thereto. Any person skilled in the art who is familiar with the present technical field can easily think of changes or substitutions within the technical scope disclosed in the present application, which should be included in the protection scope of the present application. Therefore, the protection scope of the present application should be based on the protection scope of the claims.

Claims (24)

1. A communication method, comprising: The authentication server function network element determines whether a first key needs to be updated, where the first key is used to protect secure communication between the terminal device and the unified data management function network element; In the case where it is determined that the first key needs to be updated, the authentication server function network element obtains a key update parameter; The authentication server function network element updates the first key using the key update parameter to obtain a second key; The authentication server function network element generates a message authentication code using the first key, the counter value associated with the first key, and the key update parameter as input parameters; The authentication server function network element sends the key update parameters, the key update indication, the message authentication code, and the counter value associated with the first key to the terminal device through the unified data management function network element, and the key update indication is used to instruct the terminal device to update the first key according to the key update parameters. 2. The method according to claim 1, characterized in that after the authentication server function network element updates the first key using the key update parameter to obtain the second key, the method further comprises: The authentication server function network element generates a counter associated with the second key, initializes the counter associated with the second key, and obtains an initialized counter value. 3. The method according to claim 1 or 2, characterized in that the authentication server function network element determines whether the first key needs to be updated, comprising: The authentication server function network element receives first indication information from the network management device; The authentication server function network element determines, based on the first indication information, that the first key needs to be updated. 4. The method according to any one of claims 1 to 3, characterized in that the authentication server function network element determines whether the first key needs to be updated, comprising: In case that the counter value associated with the first key is about to roll over, the authentication server function network element determines that the first key needs to be updated. 5. The method according to any one of claims 1 to 4, characterized in that The key update parameter is a random number; or, The key update parameter is the value of other counters maintained locally; The key update parameter makes the second key different from the first key. 6. The method according to any one of claims 1 to 5, characterized in that the authentication server function network element sends the key update parameter, the key update indication, the message authentication code, and the counter value associated with the first key to the terminal device through the unified data management function network element, comprising: The authentication server function network element sends the key update parameter and the key update indication to the unified data management function network element; The authentication server function network element receives a first request message from the unified data management function network element, where the first request message is used to request to obtain the message authentication code and the counter value associated with the first key, and the first request message includes the key update parameter and the user permanent identifier of the terminal device; In response to the first request message, the authentication server function network element sends the message authentication code and the counter value associated with the first key to the unified data management function network element. 7. The method according to any one of claims 1 to 5, characterized in that the key update parameter, the key update indication, the message authentication code and the counter value associated with the first key are sent through the same message. 8. The method according to any one of claims 1 to 7, characterized in that the method further comprises: The authentication server function network element sends a second request message to the unified data management function network element, and the second request message is used to request the unified data management function network element to send the key update parameters, the key update indication, the message authentication code and the counter value associated with the first key to the terminal device. 9. The method according to claim 8 is characterized in that the second request message includes second indication information, and the second indication information is used to instruct the unified data management function network element to send the key update parameters, the key update indication, the message authentication code and the counter value associated with the first key to the terminal device. 10. The method according to any one of claims 2 to 9, characterized in that the method further comprises: The authentication server function network element receives a confirmation message from the terminal device through the unified data management function network element, where the confirmation message includes a key update result, and the key update result indicates whether the terminal device successfully updates the first key. 11. The method according to claim 10, characterized in that the method further comprises: In a case where the key update result indicates that the terminal device successfully updates the first key, the authentication server function network element determines to use the second key and the initialized counter value. 12. A communication method, comprising: The unified data management function network element receives a key update parameter, a key update indication, a message authentication code, and a counter value associated with a first key from the authentication server function network element, wherein the key update indication is used to instruct the terminal device to update the first key according to the key update parameter, and the first key is used to protect secure communication between the terminal device and the unified data management function network element; The unified data management function network element sends a notification message to the terminal device through the access and mobility management function network element, and the notification message includes the key update parameter, the key update indication, the message authentication code, and a counter value associated with the first key. 13. The method according to claim 12, characterized in that the method further comprises: In response to the notification message, the unified data management function network element receives a confirmation message from the terminal device through the access and mobility management function network element, the confirmation message including a key update result, and the key update result indicates whether the terminal device successfully updates the first key; The unified data management function network element sends the key update result to the authentication server function network element. 14. The method according to claim 12 or 13, wherein the unified data management function network element receives the key update parameter, the key update indication, the message authentication code, and the counter value associated with the first key from the authentication server function network element, comprising: The unified data management function network element receives the key update parameter and the key update indication from the authentication server function network element; The unified data management function network element sends a first request message to the authentication server function network element, where the first request message is used to request to obtain the message authentication code and the counter value associated with the first key, and the first request message includes the key update parameter and the user permanent identifier of the terminal device; In response to the first request message, the unified data management function network element receives the message authentication code and the counter value associated with the first key from the authentication server function network element. 15. The method according to claim 12 or 13, characterized in that the key update parameter, the key update indication, the message authentication code, and the counter value associated with the first key are sent through the same message. 16. The method according to any one of claims 12 to 15, characterized in that before the unified data management function network element sends a notification message to the terminal device through the access and mobility management function network element, the method further comprises: The unified data management function network element receives a second request message from the authentication server function network element, where the second request message is used to request the unified data management function network element to send the key update parameter, the key update indication, the message authentication code, and the counter value associated with the first key to the terminal device; The unified data management function network element sends a notification message to the terminal device through the access and mobility management function network element, including: In response to the second request message, the unified data management function network element sends the notification message to the terminal device through the access and mobility management function network element. 17. The method according to claim 16 is characterized in that the second request message includes second indication information, and the second indication information is used to instruct the unified data management function network element to send the key update parameters, the key update indication, the message authentication code and the value of the counter to the terminal device. 18. A communication method, comprising: The communication device receives a notification message from a unified data management function network element through an access and mobility management function network element, wherein the notification message includes a key update parameter, a key update indication, a message authentication code, and a counter value associated with a first key, wherein the key update indication is used to instruct the communication device to update the first key according to the key update parameter, and the first key is used to protect secure communication between the communication device and the unified data management function network element; When the message authentication code and the counter value associated with the first key are verified, the communication device updates the first key using the key update parameter to obtain a second key; In response to the notification message, the communication device sends a confirmation message to the unified data management function network element through the access and mobility management function network element, and the confirmation message includes a key update result, and the key update result indicates whether the terminal device successfully updates the first key. 19. The method according to claim 18, characterized in that after the communication device updates the first key using the key update parameter to obtain the second key, the method further comprises: The communication device generates a counter associated with the second key, initializes the counter associated with the second key, and obtains an initialized counter value. 20. The method according to claim 19, characterized in that the method further comprises: In a case where the key update result indicates that the terminal device successfully updates the first key, the terminal device determines to use the second key and the initialized counter value. 21. A communication device, characterized by comprising: one or more functional modules, wherein the one or more functional modules or network elements are used to execute the method according to any one of claims 1 to 20. 22. A communication device, comprising: a processor, the processor being coupled to a memory; the processor being configured to execute a computer program stored in the memory, so that the device executes the method according to any one of claims 1 to 20. 23. A computer-readable storage medium, characterized in that it comprises: a computer program is stored on the computer-readable storage medium, and when the computer program is executed, the computer executes the method according to any one of claims 1 to 20. 24. A computer program product, characterized in that when the computer program product is executed by a communication device, it implements the method according to any one of claims 1 to 20.