CN118432807A

CN118432807A - Communication method and communication device

Info

Publication number: CN118432807A
Application number: CN202310110475.5A
Authority: CN
Inventors: 刘文峰; 李�赫; 孙陶然; 李论
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2023-01-31
Filing date: 2023-01-31
Publication date: 2024-08-02
Also published as: WO2024160131A1

Abstract

The embodiment of the application provides a communication method and a communication device. The method comprises the following steps: the authentication server functional network element obtains a key updating parameter under the condition that the first key needs to be updated, updates the first key by using the key updating parameter to obtain a second key, and sends the key updating parameter, the key updating instruction and the message authentication code to the terminal equipment through the unified data management functional network element, and a counter value associated with the first key to enable the terminal equipment to synchronously update the first key. According to the technical scheme, the synchronous updating of the first key of the terminal side and the network side is realized through a SoR or UPU mechanism, and the subsequent use of the second key and the initialized counter value associated with the second key are determined, so that service suspension caused by the overturn of the SoR or UPU counter is prevented, and user experience is better improved.

Description

Communication method and communication device

Technical Field

The present application relates to the field of communications, and more particularly, to a communication method and a communication apparatus.

Background

In communication systems, the widespread use of data services has increased the demand for bandwidth by users. In order to guarantee network security, identity authentication and authorization are required for a User Equipment (UE) accessing a network, the UE can access the network only after passing the authentication and authorization, and further requests to establish a protocol data unit (protocol data unit, PDU) session to access various services on a Data Network (DN).

Illustratively, the roaming guidance (steering of roaming, soR) mechanism supports roaming management by the home network for the visited network to which the terminal device has access, and the UE parameter update (UE parameters update, UPU) mechanism supports unified data management (unified DATA MANAGEMENT, UDM) network elements to update user parameters through control plane procedures. However, during actual use, the service may be suspended due to the counter flipping, degrading the user experience.

Disclosure of Invention

The application provides a communication method and a communication device, which can ensure that a user can effectively acquire SoR service or UPU service and improve user experience.

In a first aspect, a communication method is provided, which may be performed by an authentication server function network element, or may also be performed by a chip or a circuit for an authentication server function network element, which is not limited by the present application. For convenience of description, an example will be described below as being performed by the authentication server function network element.

The method comprises the following steps: the authentication server function network element determines whether a first key is required to be updated, wherein the first key is used for protecting the safety communication between the terminal equipment and the unified data management function network element; under the condition that the first secret key is determined to need to be updated, the authentication server function network element acquires secret key updating parameters; the authentication server functional network element updates the first key by using the key updating parameter to obtain a second key; the authentication server function network element uses the first key, a counter value associated with the first key, and a key update parameter as input parameters to generate a message authentication code; the authentication server function network element sends a key update parameter, a key update instruction, a message authentication code and a counter value associated with the first key to the terminal device through the unified data management function network element, wherein the key update instruction is used for instructing the terminal device to update the first key according to the key update parameter.

Wherein the counter value associated with the first key refers to a parameter newly added to the input parameters in order to prevent replay attacks (REPLAY ATTACK), and it is also possible to ensure that the generated message authentication code is newly generated (fresh).

According to the scheme provided by the application, based on a SoR or UPU mechanism, the authentication server function network element obtains the key updating parameter under the condition that the first key is required to be updated, updates the first key by using the key updating parameter to obtain the second key, and sends the key updating parameter, the key updating instruction and the message authentication code to the terminal equipment through the unified data management function network element, so that the terminal equipment synchronously updates the first key by the counter value associated with the first key. The technical scheme of the application can ensure the synchronous updating of the first key of the terminal side and the network side, and determine the subsequent use of the second key and the initialized counter value associated with the second key, thereby avoiding the service suspension caused by the overturn of the SoR or UPU counter and improving the user experience better. Compared with the prior art that the value of the SoR or UPU counter is reset by updating a plurality of keys through the master authentication to acquire the SoR or UPU service, the implementation mode can be simplified, and the signaling overhead can be reduced.

With reference to the first aspect, in some implementations of the first aspect, after updating the first key by the authentication server function network element using the key update parameter, the method further includes: the authentication server function network element generates a counter associated with the second key and initializes the counter associated with the second key to obtain an initialized counter value.

Based on the implementation manner, by generating the timer associated with the second key and initializing the value of the counter, for example, resetting the value of the UPU counter associated with the second key to 1, when the authentication server function network element receives the key update result sent by the terminal device, and then determines that the terminal side has successfully updated the first key, the terminal side and the network side can synchronously use the second key, and the value of the counter associated with the second key, the orderly progress of the subsequent SoR service or the UPU service can be ensured, and the user experience is ensured.

With reference to the first aspect, in certain implementations of the first aspect, the authentication server function network element determining whether updating the first key is required includes: the authentication server function network element receives first indication information from network management equipment; the authentication server function network element determines that the first key needs to be updated according to the first indication information.

For example, in the case that the network manager determines that the first key is out of date, or the network system needs to be maintained, the authentication server function network element determines that the first key needs to be updated according to the indication information from the network manager device.

With reference to the first aspect, in certain implementations of the first aspect, the authentication server function network element determining whether updating the first key is required includes: in the event that the counter value associated with the first key is about to be flipped, the authentication server function network element determines that the first key needs to be updated.

In one example, the about to flip is understood as that the counter value of SoR/UPU is about to reach the upper limit of the number of bits that the counter can express. Assuming that the value of the SoR/UPU counter is stored with a variable of 16bit length, the upper limit is 65535, and if the upper limit is exceeded, the flip is considered to be imminent. For example, if the current value of the SoR/UPU counter corresponds to the upper limit 65535, the SoR/UPU counter is flipped; for another example, the predefined counter value of SoR/UPU will be flipped corresponding 65530, indicating that flipping will occur when the counter value of SoR/UPU reaches 65530, meaning that the first key will be updated.

In another example, the impending rollover may be understood as the counter value of SoR/UPU impending reaching a logic threshold set by the authentication server function (authentication server function, AUSF). For example AUSF sets a threshold for the counter value of the SoR/UPU that needs to be less than the maximum value indicated by the counter. Assuming that the SoR/UPU counter value is stored with a variable of 16bit length, AUSF may set the threshold value of the SoR/UPU counter to 60000 beyond which it is considered to be about to flip.

With reference to the first aspect, in certain implementations of the first aspect, the key update parameter is a random number; or the key update parameter is the value of other counters maintained locally; wherein the key update parameter is such that the second key is different from the first key.

With reference to the first aspect, in certain implementation manners of the first aspect, the sending, by the authentication server function network element, the key update parameter, the key update indication, the message authentication code, and a counter value associated with the first key to the terminal device through the unified data management function network element includes: the authentication server functional network element sends a key update parameter and a key update instruction to the unified data management functional network element; the authentication server function network element receives a first request message from the unified data management function network element, wherein the first request message is used for requesting to acquire a message authentication code and a counter value associated with a first key, and the first request message comprises a key updating parameter and a user permanent identifier of the terminal equipment; in response to the first request message, the authentication server function network element sends a message authentication code and a counter value associated with the first key to the unified data management function network element.

Based on the implementation mode, the authentication server functional network element sends the message authentication code and the counter value associated with the first key to the unified data management functional network element according to the received request message, ensures that a UPU mechanism is used for sending the key update parameter and the key update instruction to the terminal equipment, and indicates the terminal equipment to update the first key, so that the terminal side and the network side synchronously update the key, ensure that a second key is used in subsequent synchronization, and the counter value associated with the second key effectively provides SoR or UPU service, and improves user experience.

With reference to the first aspect, in certain implementations of the first aspect, the key update parameter, the key update indication, the message authentication code, and the counter value associated with the first key are sent via the same message.

Based on the implementation, the signaling overhead and the time delay can be reduced by sending the key update parameter, the key update instruction, the message authentication code and the counter value associated with the first key through the same message.

With reference to the first aspect, in certain implementation manners of the first aspect, the authentication server function network element sends a second request message to the unified data management function network element, where the second request message is used to request the unified data management function network element to send the key update parameter, the key update indication, the message authentication code, and a counter value associated with the first key to the terminal device.

With reference to the first aspect, in certain implementation manners of the first aspect, the second request message includes second indication information, where the second indication information is used to instruct the unified data management function network element to send the key update parameter, the key update indication, the message authentication code, and a counter value associated with the first key to the terminal device.

Based on the implementation mode, the unified data management function network element determines to send key updating parameters, key updating instructions, message authentication codes and counter values associated with the first key to the terminal equipment according to the request message from the authentication server function network element, instructs the terminal equipment to update the first key, ensures that the terminal side and the network side synchronously update the first key, and subsequently synchronously uses the counter values associated with the second key, avoids suspension of SoR or UPU service due to counter overturning, ensures orderly provision and acquisition of SoR or UPU service, and improves user experience and system transmission performance.

With reference to the first aspect, in certain implementations of the first aspect, the authentication server function network element receives, through the unified data management function network element, a confirmation message from the terminal device, the confirmation message including a key update result, the key update result indicating whether the terminal device successfully updates the first key.

Based on the implementation manner, the terminal equipment sends the confirmation message, so that the authentication server function network element can determine whether the terminal equipment successfully updates the first key according to the key updating result, and further under the condition that the synchronous updating of the keys of the terminal side and the network side is determined, the follow-up terminal equipment can be ensured to effectively acquire SoR or UPU service, and further user experience is improved.

With reference to the first aspect, in certain implementations of the first aspect, in a case where the key update result indicates that the terminal device successfully updates the first key, the authentication server function network element determines to use the second key and the initialized counter value.

Based on the implementation mode, under the condition that the terminal side has successfully updated the first key, the authentication server function network element determines to use the second key and the initialized counter value, so that the orderly proceeding of the follow-up SoR or UPU service can be ensured under the condition that the terminal side and the network side are safely connected, and the user experience is ensured.

In a second aspect, a communication method is provided, which may be performed by a unified data management function network element, or may also be performed by a chip or a circuit for a unified data management function network element, which is not limited by the present application. For convenience of description, an example will be described below as being performed by a unified data management function network element.

The method comprises the following steps: the unified data management function network element receives a key update parameter, a key update instruction, a message authentication code and a counter value associated with a first key from the authentication server function network element, wherein the key update instruction is used for instructing the terminal equipment to update the first key according to the key update parameter, and the first key is used for protecting the safety communication between the terminal equipment and the unified data management function network element; the unified data management function network element sends a notification message to the terminal device through the access and mobility management function network element, the notification message including a key update parameter, a key update indication, a message authentication code, and a counter value associated with the first key.

According to the scheme provided by the application, based on the SoR or UPU mechanism, the unified data management function network element sends the key update parameter, the key update indication, the message authentication code and the counter value associated with the first key from the authentication server function network element to the terminal equipment, and sends the key update result from the terminal equipment to the authentication server function network element, so that the terminal equipment and the authentication server function network element realize synchronous update of the key, and the second key and the counter value associated with the second key are used in subsequent synchronization, thereby ensuring that a user effectively acquires SoR or UPU service and further improving user experience.

With reference to the second aspect, in some implementations of the second aspect, in response to the notification message, the unified data management function network element receives a confirmation message from the terminal device through the access and mobility management function network element, the confirmation message including a key update result, the key update result indicating whether the terminal device successfully updates the first key; the unified data management function network element sends a key update result to the authentication server function network element.

With reference to the second aspect, in certain implementations of the second aspect, the unified data management function network element receives a key update parameter, a key update indication, a message authentication code, and a counter value associated with the first key from the authentication server function network element, including: the unified data management function network element receives a key update parameter and a key update instruction from the authentication server function network element; the unified data management function network element sends a first request message to the authentication server function network element, wherein the first request message is used for requesting to acquire a message authentication code and a counter value associated with a first key, and the first request message comprises a key updating parameter and a user permanent identifier of the terminal equipment; in response to the first request message, the unified data management function network element receives a message authentication code and a counter value associated with the first key from the authentication server function network element.

With reference to the second aspect, in certain implementations of the second aspect, the key update parameter, the key update indication, the message authentication code, and the counter value associated with the first key are sent via the same message.

With reference to the second aspect, in some implementations of the second aspect, before the unified data management function network element sends the notification message to the terminal device through the access and mobility management function network element, the method further includes: the unified data management function network element receives a second request message from the authentication server function network element, wherein the second request message is used for requesting the unified data management function network element to send a key update parameter, a key update indication, a message authentication code and a counter value associated with the first key to the terminal equipment; the unified data management function network element sends a notification message to the terminal device through the access and mobile management function network element, and the method comprises the following steps: and responding to the second request message, and sending a notification message to the terminal equipment by the unified data management function network element through the access and mobile management function network element.

With reference to the second aspect, in certain implementations of the second aspect, the second request message includes second indication information, where the second indication information is used to instruct the unified data management function network element to send the key update parameter, the key update indication, the message authentication code, and the counter value to the terminal device.

In a third aspect, a communication method is provided, which may be performed by a communication device, or may also be performed by a chip or circuit for a communication device, as the application is not limited in this respect. For convenience of description, an example will be described below as being executed by the communication apparatus.

Alternatively, the communication device may be a terminal device, such as a mobile phone, an automobile, a drone, a wearable device, or the like, and may also be a chip in the terminal device. In addition, the terminal device may also be referred to as a user device, and thus the communication apparatus may also be a user device, or a chip in a user device. The present application is not particularly limited thereto.

The method comprises the following steps: the communication device receives a notification message from the unified data management function network element through the access and mobile management function network element, wherein the notification message comprises a key update parameter, a key update instruction, a message authentication code and a counter value associated with a first key, the key update instruction is used for instructing the communication device to update the first key according to the key update parameter, and the first key is used for protecting the safety communication between the communication device and the unified data management function network element; under the condition that the message authentication code and the counter value associated with the first key pass verification, the communication device updates the first key by using the key updating parameter to obtain a second key; in response to the notification message, the communication device sends a confirmation message to the unified data management function network element via the access and mobility management function network element, the confirmation message including a key update result, the key update result indicating whether the terminal device successfully updated the first key.

According to the scheme provided by the application, based on a SoR or UPU mechanism, after receiving a key update parameter, a key update instruction, a message authentication code and a counter value associated with a first key, the terminal equipment successfully verifies the message authentication code and the counter value associated with the first key, and then needs to update the first key to ensure that the terminal side and the network side synchronously update the first key. The technical scheme of the application can ensure the synchronous updating of the first key of the terminal side and the network side, and determine the subsequent synchronous use of the second key and the initialized counter value associated with the second key, thereby avoiding the service suspension caused by the overturn of the SoR or UPU counter and better improving the user experience.

With reference to the third aspect, in some implementations of the third aspect, after updating the first key by the communication device using the key update parameter, the method further includes: the communication device generates a counter associated with the second key and initializes the counter associated with the second key to obtain an initialized counter value.

With reference to the third aspect, in some implementations of the third aspect, in a case where the key update result indicates that the terminal device successfully updates the first key, the terminal device determines to use the second key and the initialized counter value.

Based on the implementation manner, by generating the timer associated with the second key and initializing the value of the counter, for example, resetting the value of the UPU counter associated with the second key to 1, the key updating result is sent to the authentication server function network element in the case that the terminal device has successfully updated the first key, so that the terminal side and the network side can use the second key in a subsequent synchronization mode, and the value of the counter associated with the second key, orderly progress of subsequent SoR services or UPU services can be ensured, and user experience is ensured. By limiting the use of the second key and the initialized counter value by the terminal device when the terminal side has successfully updated the first key, the terminal device can ensure orderly performance of subsequent SoR services or UPU services and ensure user experience under the condition of ensuring the secure connection between the terminal side and the network side.

In a fourth aspect, an authentication server function network element is provided. The network element comprises: the processing unit is used for determining whether the first key needs to be updated or not, and the first key is used for protecting the safety communication between the terminal equipment and the unified data management function network element; the receiving and transmitting unit is used for acquiring a key updating parameter under the condition that the first key is determined to need to be updated; the processing unit is also used for updating the first key by using the key updating parameter to obtain a second key; the processing unit is further used for generating a message authentication code by using the first key, the counter value associated with the first key and the key updating parameter as input parameters; the receiving and transmitting unit is further configured to send, to the terminal device through the unified data management function network element, a key update parameter, a key update indication, a message authentication code, and a counter value associated with the first key, where the key update indication is used to instruct the terminal device to update the first key according to the key update parameter.

The transceiver unit may perform the processing of the reception and transmission in the foregoing first aspect, and the processing unit may perform other processing than the reception and transmission in the foregoing first aspect.

In a fifth aspect, a unified data management function network element is provided. The network element comprises: the receiving and transmitting unit is used for receiving a key update parameter, a key update instruction, a message authentication code and a counter value associated with a first key from the authentication server functional network element, wherein the key update instruction is used for instructing the terminal equipment to update the first key according to the key update parameter, and the first key is used for protecting the safety communication between the terminal equipment and the unified data management functional network element; and the receiving and transmitting unit is further used for sending a notification message to the terminal equipment through the access and mobile management function network element, wherein the notification message comprises a key update parameter, a key update indication, a message authentication code and a counter value associated with the first key.

The transceiver unit may perform the processing of the reception and transmission in the foregoing second aspect, and the processing unit may perform other processing than the reception and transmission in the foregoing second aspect.

In a sixth aspect, a communication device is provided. The device comprises: the receiving and transmitting unit is further used for receiving a notification message from the unified data management function network element through the access and mobile management function network element, wherein the notification message comprises a key update parameter, a key update indication, a message authentication code and a counter value associated with a first key, the key update indication is used for indicating the communication device to update the first key according to the key update parameter, and the first key is used for protecting the safety communication between the communication device and the unified data management function network element; the processing unit is further configured to update the first key using a key update parameter to obtain a second key if the message authentication code and the counter value associated with the first key pass verification; and the receiving and transmitting unit is also used for transmitting a confirmation message to the unified data management function network element through the access and mobile management function network element in response to the notification message, wherein the confirmation message comprises a key updating result which indicates whether the terminal equipment successfully updates the first key.

The transceiving unit may perform the processing of reception and transmission in the aforementioned third aspect, and the processing unit may perform other processing than reception and transmission in the aforementioned third aspect.

In a seventh aspect, a communication device is provided, comprising a transceiver, a processor for controlling the transceiver to transceive signals, and a memory for storing a computer program, the processor for calling and running the computer program from the memory, such that the communication device performs the method of any one of the above first to third aspects and any one of the possible implementations thereof.

Optionally, the processor is one or more, and the memory is one or more.

Alternatively, the memory may be integrated with the processor or the memory may be separate from the processor.

Optionally, the communication device further comprises a transmitter (transmitter) and a receiver (receiver).

In an eighth aspect, a communication system is provided, comprising one or more of the aforementioned communication device, authentication server function network element, or unified data management function network element.

In a ninth aspect, a computer readable storage medium is provided, the computer readable storage medium storing a computer program or code which, when run on a computer, causes the computer to perform the method of the first to third aspects and any one of the possible implementations thereof.

In a tenth aspect, a chip is provided comprising at least one processor coupled to a memory for storing a computer program, the processor being adapted to invoke and run the computer program from the memory, such that a communication device in which the chip system is installed performs the method of any of the above first to third aspects and any possible implementation thereof.

The chip may include an input circuit or interface for transmitting information or data, and an output circuit or interface for receiving information or data, among other things.

In an eleventh aspect, there is provided a computer program product comprising: computer program code which, when run by a communication device, causes the communication device to perform the method of the first to third aspects and any one of the possible implementations thereof.

Drawings

Fig. 1 shows a schematic diagram of a network architecture 100 to which embodiments of the present application are applicable.

Fig. 2 shows a flow diagram of a method 200 of 5G authentication and key agreement.

Fig. 3 is a flowchart illustrating a communication method 300 according to an embodiment of the present application.

Fig. 4 is a flowchart illustrating a communication method 400 according to an embodiment of the present application.

Fig. 5 is a flowchart illustrating a communication method 500 according to an embodiment of the present application.

Fig. 6 is a schematic structural diagram of a communication device 1000 according to an embodiment of the present application.

Fig. 7 is a schematic structural diagram of a communication device 2000 according to an embodiment of the present application.

Fig. 8 is a schematic structural diagram of a chip system 3000 according to an embodiment of the present application.

Detailed Description

The technical scheme of the application will be described below with reference to the accompanying drawings.

The technical scheme provided by the application can be applied to various communication systems, such as: a New Radio (NR) system, a long term evolution (long term evolution, LTE) system, an LTE frequency division duplex (frequency division duplex, FDD) system, an LTE time division duplex (time division duplex, TDD) system, and the like. The technical solution provided by the present application may also be applied to device-to-device (D2D) communication, vehicle-to-everything (V2X) communication, machine-to-machine (machine to machine, M2M) communication, machine type communication (MACHINE TYPE communication, MTC), and internet of things (internet of things, ioT) communication systems or other communication systems.

In a communication system, the part operated by an operator may be referred to as a public land mobile network (public land mobile network, PLMN), also may be referred to as an operator network, etc. PLMNs are networks established and operated by governments or operators licensed thereto for the purpose of providing land mobile services to the public, and are mainly public networks in which mobile network operators (mobile network operator, MNOs) provide mobile broadband access services to subscribers. The PLMN described in the embodiments of the present application may specifically be a network meeting the requirements of the third generation partnership project (3rd generation partnership project,3GPP) standard, abbreviated as 3GPP network. The 3GPP network generally includes, but is not limited to, a fifth generation mobile communication (5th generation,5G) network, a fourth generation mobile communication (4 th-generation, 4G) network, and other communication systems in the future, such as a (6 th-generation, 6G) network, etc.

For convenience of description, the embodiment of the present application will be illustrated by taking a 5G network as an example.

Fig. 1 is a schematic diagram of a network architecture 100 to which embodiments of the present application are applicable. As shown in fig. 1, the network architecture may specifically include the following network elements:

1. User Equipment (UE): may be referred to as a terminal device, terminal, access terminal, subscriber unit, subscriber station, mobile station, remote terminal, mobile device, user terminal, wireless communication device, user agent, or user equipment. The terminal device may also be a cellular phone, a cordless phone, a session initiation protocol (session initiation protocol, SIP) phone, a wireless local loop (wireless local loop, WLL) station, a Personal Digital Assistant (PDA), a handheld device with wireless communication capabilities, a computing device or other processing device connected to a wireless modem, an in-vehicle device, an unmanned aerial vehicle, a wearable device, a terminal device in a 5G network or a terminal device in an evolved PLMN, etc., as the embodiment of the application is not limited in this respect. The UE may be connected to next generation radio access network (next generation radio access network, NG-RAN) devices via a Uu interface, e.g., ue#a and ue#d shown in fig. 1 may be connected to NG-RAN via a Uu interface.

2. Access Network (AN): the network access function is provided for authorized users in a specific area, and transmission tunnels with different qualities can be used according to the level of the users, the requirements of services and the like. The access network may be an access network employing different access technologies. Current access network technologies include: radio access network technology employed in third generation (3rd generation,3G) systems, radio access network technology employed in 4G systems, or NG-RAN technology as shown in fig. 1 (e.g., radio access technology employed in 5G systems), etc.

An access network implementing access network functions based on wireless communication technology may be referred to as a radio access network (radio access network, RAN). The radio access network can manage radio resources, provide access service for the terminal, and further complete the forwarding of control signals and user data between the terminal and the core network.

The radio access network device may be, for example, a base station (NodeB), an evolved NodeB (eNB or eNodeB), a next generation base station node (next generation Node Base station, gNB) in a 5G mobile communication system, a base station in an example mobile communication system or an Access Point (AP) in a WiFi wireless hotspot (WiFi) system, or the like, or may be a radio controller in a cloud radio access network (cloud radio access network, CRAN) scenario, or may be a relay station, an access point, a vehicle-mounted device, a drone, a wearable device, and a network device in a 5G network or a network device in an evolved PLMN, or the like. The embodiment of the application does not limit the specific technology and the specific equipment form adopted by the wireless access network equipment.

3. Access management network element: the method is mainly used for mobility management and access management, is responsible for transferring user policies between user equipment and policy control function (policy control function, PCF) network elements, and the like, and can be used for realizing other functions except session management in Mobility MANAGEMENT ENTITY (MME) functions. Access authorization (or authentication) function.

An access and mobility management function (ACCESS AND mobility management function, AMF) network element makes NAS connection with the UE. Possessing the same 5G NAS security context as the UE. The 5G NAS security context comprises the same key identification information as the NAS level key, the UE security capability and the uplink NAS COUNT value. The NAS level keys include a NAS encryption key and a NAS integrity protection key. Respectively for confidentiality protection and integrity protection of NAS messages.

In a 5G communication system, the access management network element may be an AMF network element. In future communication systems, the access management network element may still be an AMF network element, or may have other names, which is not limited by the present application.

4. Session management network element: the method is mainly used for session management, network interconnection protocol (internet protocol, IP) address allocation and management of user equipment, terminal node of selecting manageable user plane function, strategy control and charging function interface, downlink data notification and the like.

In a 5G communication system, a session management network element may be a session management function (session management function, SMF) network element. In future communication systems, the session management network element may still be an SMF network element, or may have other names, which is not limited by the present application.

5. User plane network element: the method is used for packet routing and forwarding, quality of service (quality of services, qoS) processing of user plane data, completion of user plane data forwarding, accounting statistics based on session/flow level, bandwidth limitation and other functions.

In a 5G communication system, the user plane network element may be a user plane function (user plane function, UPF) network element. In future communication systems, the user plane network element may still be a UPF network element, or may have other names, which is not limited by the present application.

6. Data network element: for providing a network for transmitting data.

In a 5G communication system, the data network element may be a Data Network (DN) element. In future communication systems, the data network element may still be a DN network element, or may have other names, which is not limited by the present application.

7. Policy control network element: a unified policy framework for guiding network behavior, providing policy rule information for control plane function network elements (e.g., AMF, SMF network elements, etc.), and the like.

In the 4G communication system, the policy control network element may be a Policy and Charging Rules Function (PCRF) network element. In a 5G communication system, the policy control element may be a policy control function (policy control function, PCF) element. In future communication systems, the policy control network element may still be a PCF network element, or may have other names, which is not limited by the present application.

8. Data management network element: for handling user equipment identities, access authentication, registration, mobility management etc.

In a 5G communication system, the data management network element may be a unified data management (unified DATA MANAGEMENT, UDM) network element; in a 4G communication system, the data management network element may be a home subscriber server (home subscriber serve, HSS) network element. In future communication systems, the data management network element may still be a UDM network element, or may have other names, which is not limited by the present application.

9. Data repository network element: and the access function is used for being responsible for subscription data, policy data, application data and other types of data.

In a 5G communication system, the data repository network element may be a unified data repository (unified data repository, UDR) network element. In future communication systems, the data repository network element may still be a UDR network element, or may have other names, and the present application is not limited thereto.

10. Network open function (network exposure function, NEF) entity: for securely opening services and capabilities provided by 3GPP network functions, etc., to the outside.

11. Authentication server function AUSF: AUSF after receiving an authentication request initiated by a subscriber, the subscriber may be authenticated and/or authorized by the authentication information and/or authorization information stored in the UDM, or the authentication and/or authorization information of the subscriber may be generated by the UDM. AUSF may feed authentication information and/or authorization information back to the subscriber.

It will be appreciated that the network elements or functions described above may be either network elements in a hardware device, software functions running on dedicated hardware, or virtualized functions instantiated on a platform (e.g., a cloud platform). The network element or the function may be implemented by one device, or may be implemented by a plurality of devices together, or may be a functional module in one device, which is not specifically limited in the embodiment of the present application.

It should be further understood that the network architecture shown in fig. 1 and applicable to the embodiment of the present application is merely illustrative, and the network architecture applicable to the embodiment of the present application is not limited thereto, and any network architecture capable of implementing the functions of the respective network elements is applicable to the embodiment of the present application.

For example, in some network architectures, network function network element entities such as AMF, SMF, PCF, and UDM are all referred to as network function NF network elements; or in other network architectures, the set of network elements such as AMF, SMF, PCF, UDM, etc. may be referred to as control plane function network elements, etc.

In the key architecture of the 5G system, the upper layer keys of the key architecture include the root key K and CK, IK. When adopting the EAP-AKA ' authentication mechanism, the method can be used for deducing K _AUSF according to CK ' and IK ' in the follow-up process; if a 5G-AKA authentication mechanism is adopted, K _AUSF is directly deduced from CK and IK. Considering that the connection between the home public land mobile network (home public land mobile network, HPLMN) and the visited public land mobile network (visited public land mobile network, VPLMV) may also be risky, the 5G system introduces the risk of intermediate keys K _AUSF and K _SEAF for isolating the different networks. In addition to the root keys K and IK/CK, the 5G key system contains the following keys, which function as:

AUSF keys in the home network. K _AUSF is derived by the following way: for EAP-AKA ' authentication, it is deduced from CK ' and IK ' by Mobile Equipment (ME) and AUSF. CK 'and IK' are part of the authentication vector sent to AUSF; for 5G-AKA authentication, the network element (authentication credential repository and processing function, ARPF) is deduced from CK and IK by ME and authentication credential storage and processing functions, K _AUSF being part of the 5G home network authentication vector ARPF sent to AUSF.

A security anchor function network element (security anchor function, SEAF) in the home network. K _SEAF is the anchor key that was derived by ME and AUSF from K _AUSF. K _SEAF is provided by AUSF to SEAF in the services network.

AMF keys in a services network. K _AMF is the key that ME and SEAF derive from K _SEAF. As the UE moves, the K _AMF of the target AMF may also be derived by the UE pushing from the source AMF.

NAS signaling key. K _NASint is the key that ME and AMF derive from K _AMF for protecting NAS signaling through integrity algorithms. K _NASenc is the key that ME and AMF derive from K _AMF for protecting NAS signaling through encryption algorithms.

Ng-RAN key. K _gNB is the key that ME and AMF derive from K _AMF. At the time of handover, K _gNB of the target gNB can also be derived by horizontal and vertical derivation by the UE and the source K _gNB.

UP data key. K _UPenc is a key derived from K _gNB by ME and gNB, and is used for protecting user plane data by an encryption algorithm; k _UPint is the key that ME and gNB derive from K _gNB, used only to protect user plane data through the integrity algorithm.

RRC signaling key. K _RRCint is a key derived from K _gNB by ME and gNB for protecting RRC signaling through integrity algorithms. K _RRCenc is a key derived from K _gNB for ME and gNB to protect RRC signaling by a tariff algorithm.

Non-3 GPP access keys. K _N3IWF is the key for non-3 GPP access that ME and AMF use to estimate from K _AMF, and K _N3IWF is not forwarded between N3 IWFs.

On the network side, the 5G system generates multi-level and multi-purpose session keys based on root key derivation and distributes the multi-level and multi-purpose session keys to corresponding network elements, so that a key architecture in the system is formed. And generating a key set corresponding to the network side by adopting the same key deduction mechanism at the terminal side. In a 5G system, the network elements holding the keys and the keys function as follows:

ARPF. ARPF store a long-term key K, the length of which is 128 bits or 256 bits. In the authentication and key agreement process, ARPF derives CK ' and IK ' from K if EAP-AKA ' authentication is used. If 5G-AKA authentication is used, ARPF derives K _AUSF from K. ARPF sends the derived key to AUSF. ARPF retain a private key of the home network that is used by the user hidden identity decryption function (subscription IDENTIFIER DE-concealing function, SIDF) to disarm the user hidden identity (subscription concealed identifier, SUCI) and reconstruct the user permanent identity (subscription PERMANENT IDENTIFIER, SUPI).

AUSF. If EAP-AKA ' authentication is used, AUSF derives K _AUSF from CK ' and IK ', KAUSF can be saved at AUSF during two consecutive authentication and key agreement procedures.

SEAF. After each serving network passes the primary authentication SEAF receives the anchor key K _SEAF from AUSF. SEAF do not allow the storage of K _SEAF to entities other than SEAF. Once K _AMF is derived, K _SEAF is deleted. SEAF should derive K _AMF from K _SEAF immediately after authentication and key agreement procedure and send to AMF. This means that each authentication and key agreement procedure derives new K _SEAF and K _AMF.

Keys in the AMF. The AMF receives K _AMF from SEAF or another AMF. For movement between AMFs, the AMF derives the key K _AMF' from K _AMF according to the policy and transmits it to another AMF. The receiving AMF has K _AMF' as its K _AMF. The AMF derives keys KNASint and KNASenc that protect the NAS layer. The AMF derives the access network key K _gNB and sends it to the gNB.

Keys in the RAN. The NG-RAN (gNB or NG-eNB) receives K _gNB and HN from the AMF. ng-eNB takes K _gNB as K _eNB.

In the following, the roaming guide SoR mechanism and the UPU mechanism are briefly described.

The SoR mechanism is used for roaming management, and the flow of SoR may occur during or after registration to support HPLMN roaming steering for VPLMN accessed by UE. Through the SoR function, the HPLMN can dynamically manage which VPLMN the UE registers with. The SoR list includes a list of "preferred PLMN/access technology combinations"; or the SoR list includes PLHMN an indication that no change is required to the "preferred PLMN/access technology" list controlled by the operator and stored in the UE. It should be noted that the SoR message is integrity protected by computing a message authentication code from the SoR Header, the list of "preferred PLMN ID/access technology" and the SoR counter in the message. Wherein the message authentication code depends on the K _AUSF key. The SoR counter is created and initialized when deriving K _AUSF. When the Counter value of the SoR Counter reaches the set highest value, the SoR service is suspended until the primary authentication is restarted, and after the Counter value of the SoR Counter is reset, the SoR service is not restored. That is, reset of the SoR counter requires an update of K _AUSF.

The UPU mechanism may enable the UDM to update the parameters of the UE through the control plane flow. After the UE successfully registers with the 5G network, the UE is supported to issue update parameters of the UE from the UDM to the UE. It should be noted that the UPU message is integrity protected by calculating a message authentication code with respect to the update parameters of the UE and the UPU counter. Wherein the message authentication code depends on the K _AUSF key. The UPU counter is created and initialized when the K _AUSF is derived. When the Counter value of the UPU Counter reaches the set highest value, the UPU service is suspended until the primary authentication is restarted, and the UPU service is restored after the Counter value of the UPU Counter is reset. That is, reset of the UPU counter requires an update of K _AUSF.

Currently, according to the standard definition, the update of K _AUSF must be achieved by triggering a master authentication. For example, 5G AKA authentication, or EAP-AKA' authentication. In the following, how to update K _AUSF will be described by taking triggering the 5G AKA master authentication procedure as an example.

Fig. 2 is a flow chart of a method 200 for 5G Authentication and Key Agreement (AKA) according to an embodiment of the present application. As shown in fig. 2, the steps specifically include the following steps, and reference is made to the existing protocol for a part that is not described in detail.

It should be noted that, in the method, the global subscriber identity module may be a USIM, the mobile terminal may be an ME, the security anchor function network element may be SEAF, the authentication server function network element may be AUSF, the unified data management may be UDM, or the authentication credential storage and processing function network element may be ARPF.

S201, the UDM or ARPF generates a 5G home environment authentication vector 5G HE AV.

Wherein 5G HE AV contains RAND, AUTN, XRES x and K _AUSF variables.

Illustratively, AUSF sends SUCI/SUPI and a sequence number (SN-name) to the UDM, which uses SUCI/SUPI and a service network name SN-name as input parameters to generate a 5G HEAV.

S202, the UDM sends a notification message to AUSF;

Correspondingly AUSF receives notification messages from the UDM.

The notification message may be, for example, a Nudm _ UEAuthentication _get Response message.

Wherein the notification message includes a 5G HE AV, the notification message indicating that the 5G HE AV is for 5G AKA.

Note that if the input parameters for generating the 5G HE AV in step S201 include SUCI, the UDM needs to decrypt SUCI into SUPI and send the SUPI to AUSF with the notification message.

Optionally, the notification message may further include one or more of the following: SUPI, AKAM indication, or Routing indicaticator.

S203, AUSF stores the XRES variable in the 5G HE AV, and calculates HXRES by XRES and K _SEAF by K _AUSF.

Illustratively, HXRES is calculated by XRES, specifically: AUSF takes XRES and RAND as input parameters, and outputs HXRES through a hash function, where the hash function may be SHA-256.

Illustratively, K _SEAF is calculated by K _AUSF, specifically: AUSF takes K _AUSF and a service network name SN-name as input parameters, and outputs K _SEAF.

Alternatively, if the notification message carries SUPI or SUCI in step S202, AUSF may also store the SUPI or SUCI amount.

S204, AUSF sends a 5G service environment authentication vector 5G SE AV to SEAF;

correspondingly SEAF receives the 5G service context authentication vector 5G SE AV from AUSF.

Wherein the 5G SE AV includes RAND, AUTH, and HXRES.

Illustratively, AUSF sends a 5G service context authentication vector 5G SE AV to SEAF via a Nausf _ UEAuthentication _ Authenticate Response message.

S205, SEAF sends an authentication request message #1 to the ME;

Correspondingly, the ME receives authentication request message #1 from SEAF.

Illustratively, the authentication request message #1 may be Authentication Request messages, and the authentication request message #1 is a NAS message.

Wherein the authentication request message #1 includes RAND and AUTH in the 5G SE AV. In addition, the authentication request message #1 further includes a next generation key set identifier (next generation KEY SET IDENTIFIER, ngKSI), wherein ngKSI is a key identification of K _AMF for uniquely identifying one K _AMF. ngKSI an AMF identification K _AMF for ME and after the AMF identification authentication passes, a native security context is created.

S206, the ME sends the RAND and AUTH in the 5G SE AV to the USIM;

correspondingly, the USIM receives RAND and AUTH from the ME.

S207, the USIM verifies the freshness of the AUTH, and if the verification is passed, RES is calculated.

Illustratively, the USIM first needs to verify the freshness of AUTH after receiving RAND and AUTH. For example, the UE extracts the SQN from the AUTH, compares the SQN value locally maintained by the UE with the SQN value received from the network side, to verify whether the SQN of the network side is in the correct range, so as to determine the freshness of the AUTH.

Further, in the case where the freshness verification of AUTH passes, the USIM calculates RES. For example, the USIM uses the root key K and the random number RAND as input parameters, and calculates RES.

S208, the USIM sends RES, the encryption key CK derived from the root key, and the integrity protection key IK derived from the root key to the ME;

correspondingly, the ME receives RES, CK and IK from the USIM.

S209, ME calculates RES, K _AUSF, and K _SEAF, respectively, by RES, IK, and K _AUSF.

Exemplary, RES is calculated by RES, specifically: using SN-name, RAND, RES, and CK IK as input parameters, RES is output.

Illustratively, K _AUSF is obtained by CK||IK calculation, specifically: using SN-name, SQNx or AK, CK IK as input parameters, K _AUSF is output.

Illustratively, K _SEAF is calculated by K _AUSF, specifically: using SN-name and K _AUSF as input parameters, K _SEAF is output.

The deduction process of K _AUSF in the 5G AKA is briefly described below, and the details of the deduction process are not related to the description in the existing protocol, and specifically include:

When deriving K _AUSF from CK, IK and serving network names when generating the authentication vector, and when the UE calculates K _AUSF in the 5G AKA procedure, the following parameters should be used to construct the input S of the key derivation function (key derivation function, KDF):

FC＝0x6A；

p0=service network name;

L0=length of service network name (variable length specified in 24.501[35 ]);

P1＝SQN AK，

l1=sqn AK length (i.e. 0x00 x 06).

Wherein the exclusive or of the sequence number (SQN) and the Anonymity Key (AK) is sent to the UE as part of the authentication token, see in particular TS 33.102. If AK is not used, AK should be treated in accordance with TS 33.102, i.e., 000.

S210, the ME sends an authentication response message #1 to SEAF;

Correspondingly SEAF receives the authentication response message #1 from the ME.

Illustratively, the authentication response message #1 may be Authentication Responset messages, and the authentication response message #1 is a NAS message.

Wherein the authentication response message #1 includes RES.

S211, SEAF, calculating by RES to obtain HRES, and determining whether authentication is successful according to HRES and HXRES.

By way of example, HRES is calculated by RES, specifically: SEAF uses RES and RAND as input parameters, and outputs HRES through a hash function, where the hash function may be SHA-256.

Further, SEAF compares HRES with HXRES, and if the two are consistent, SEAF considers that the identity authentication of ME is successful from the perspective of service network.

Alternatively, if SEAF does not receive RES for a long time, the ME may be considered unreachable, SEAF determines that the authentication failed.

S212, SEAF sends an authentication request message #2 to AUSF;

correspondingly, AUSF receives authentication request message #2 from SEAF.

Wherein the authentication request message #2 includes RES.

Illustratively, the authentication request message #2 may be a Nausf _ UEAuthentication _ Authenticate Resquest message.

S213, AUSF determines whether authentication is successful or not according to RES and XRES.

Illustratively, AUSF first verifies whether the 5G HE AV has expired, e.g., AUSF may set a timer (countdown) locally, e.g., 10min, when step S203 is performed. If AUSF receives the authentication request message #2 sent in step S212 before the timer expires, it is considered that the authentication vector has not expired; otherwise, if AUSF receives the authentication request message #2 sent in step S212 after the timer expires, the authentication vector is considered to have expired.

In particular, AUSF may consider the identity verification of the ME unsuccessful from the home network perspective if the 5G HE AV has expired. If the 5G HE AV has not expired AUSF compares the received RES with the stored XRES, and if the two match AUSF considers the identity authentication of the ME successful from the home network perspective.

S214, AUSF sends an authentication response message #2 to SEAF;

correspondingly, SEAF receives authentication response message #2 from AUSF.

Illustratively, the authentication response message #2 may be a Nausf _ UEAuthentication _ Authenticate Response message.

Wherein the authentication response message #2 comprises an authentication result indicating whether the identity of the ME is successfully authenticated from the home network perspective. If authentication is successful, authentication response message #2 includes K _SEAF. It should be appreciated that in the event that authentication is successful, K _SEAF will act as the anchor key.

Alternatively, if SUCI is received by AUSF in step S202 at the time of authentication initialization, AUSF needs to decrypt SUCI into SUPI while returning SEAF the SUPI carried in authentication response message # 2.

S215, SEAF derives K _AMF from K _SEAF, ABBA (anti-bidding down between architectures) and SUPI. ABBA, among other things, can be understood as a parameter for preventing degradation attacks.

Further SEAF sends ngKSI and K _AMF to the AMF. Where ngKSI is the unique key identification of K _AMF, the AMF for the ME identifies K _AMF and creates a native security context after the identification authentication passes.

Note that SEAF will only provide ngKSI and K _AMF to the AMF after receiving a message containing SUPI. That is, SEAF does not provide communication services to the ME until the SUPI is acquired by the serving network (visited network).

In summary, the update of K _AUSF must be achieved by triggering the master authentication, which is triggered by the AMF network element of the service network, and the home network cannot autonomously trigger the update of K _AUSF, which will cause that after the UPU service or SoR service is suspended, the UPU service or SoR service can be resumed only by waiting for the AMF of the service network to re-trigger the master authentication to update the K _AUSF key. In addition, triggering the master authentication update K _AUSF results in all keys in the 5G system key infrastructure being updated, which is also somewhat unnecessary.

In view of this, the present application provides a communication method and apparatus, in which the update of K _AUSF is actively triggered by the authentication server function network element AUSF of the home network, and the key update parameter of K _AUSF is transferred to the communication apparatus (e.g. UE) by using the UPU mechanism, so as to implement the key synchronization update of K _AUSF on the user side and the network side, thereby ensuring user experience. In addition, the method can purposefully update the K _AUSF key without affecting the generation and update of other keys in the key framework, and can save signaling overhead.

In order to facilitate understanding of the embodiments of the present application, the following description is made:

First, in the present application, terms and/or descriptions between different embodiments have consistency and may refer to each other if not specifically stated and logically conflicting, and technical features in different embodiments may be combined to form new embodiments according to their inherent logical relationship.

Second, in the present application, "at least one" means one or more, and "a plurality" means two or more. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a alone, a and B together, and B alone, wherein a, B may be singular or plural. In the text description of the present application, the character "/" generally indicates that the front-rear associated object is an or relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, and c may represent: a, or b, or c, or a and b, or a and c, or b and c, or a, b and c. Wherein a, b and c can be single or multiple respectively.

Third, in the present application, "first", "second", and various numerical numbers (e.g., #1, #2, etc.) indicate distinction for convenience of description, and are not intended to limit the scope of the embodiments of the present application. For example, distinguishing between different messages, etc. does not require a particular order or sequence of parts. It is to be understood that the objects so described may be interchanged where appropriate to enable description of aspects other than those of the embodiments of the application.

Fourth, in the present application, the descriptions of "when … …", "in … …", and "if" etc. all refer to that the device will make a corresponding process under some objective condition, and are not limited in time, nor do the device require a judgment in terms of implementation, nor are other limitations meant to be implied.

Fifth, in the present disclosure, the terms "comprises" and "comprising," along with any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

Sixth, in the present application, "for indication" may include both for direct indication and for indirect indication. When describing that certain indication information is used for indicating A, the indication information may be included to directly indicate A or indirectly indicate A, and does not represent that the indication information is necessarily carried with A.

The indication manner related to the embodiment of the application is understood to cover various methods which can enable the party to be indicated to know the information to be indicated. The information to be indicated can be sent together as a whole or can be divided into a plurality of pieces of sub-information to be sent separately, and the sending periods and/or sending time of the sub-information can be the same or different.

The "indication information" in the embodiments of the present application may be an explicit indication, that is, directly indicated by signaling, or obtained according to parameters indicated by signaling, in combination with other rules or in combination with other parameters, or by deduction. Or may be implicitly indicated, i.e. obtained according to rules or relationships, or according to other parameters, or derived. The present application is not particularly limited thereto.

Seventh, in the present application, the "protocol" may refer to a standard protocol in the field of communication, and may include, for example, a 5G protocol, an NR protocol, and related protocols applied to a future communication system, which is not limited by the present application. "predefined" may include predefined. For example, a protocol definition. The "pre-configuration" may be implemented by pre-storing corresponding codes, tables, or other means for indicating relevant information in the device, and the present application is not limited to the specific implementation manner.

Eighth, in the present application, "storing" may mean saving in one or more memories. The one or more memories may be provided separately or may be integrated in an encoder or decoder, processor, or communication device. The one or more memories may also be provided separately in part, and integrated in the decoder, processor, or communication device. The type of memory may be any form of storage medium, and the application is not limited in this regard.

Ninth, in the present application, "communication" may also be described as "data transmission", "information transmission", "data processing", and the like. "transmission" includes "sending" and "receiving".

The communication method provided by the embodiment of the application will be described in detail below with reference to the accompanying drawings. The embodiment provided by the application can be suitable for communication scenes such as SoR service or UPU service, for example, can be applied to the communication system shown in the figure 1.

Fig. 3 is a flowchart illustrating a communication method 300 according to an embodiment of the present application. The method 300 is applicable to the given network architecture of fig. 1. As shown in fig. 3, the method comprises the following steps, and reference is made to existing protocols for parts that are not described in detail.

S301, optionally, executing a primary authentication procedure, generating a first key (e.g. K _AUSF).

For the specific implementation of generating the first key, reference may be made to the above-mentioned 5G AKA main authentication procedure of the method 200, and for brevity, details are not repeated here.

Optionally, the first key may also be implemented through an EAP-AKA' master authentication procedure, which may refer to the related description in the existing protocol, and will not be described herein for brevity.

S302, the authentication server function network element (e.g. AUSF) determines if the first key K _AUSF needs to be updated.

In one possible implementation, the network manager instructs the authentication server function network element to update the first key according to the management requirements. For example, in the case where the network manager determines that the K _AUSF key expires or the network system needs maintenance, the network manager instructs the authentication server function network element to update K _AUSF by issuing the instruction information (i.e., an example of the first instruction information). Further, AUSF triggers the update procedure of the key K _AUSF according to the indication of the network manager.

In another possible implementation, the authentication server function network element triggers an update of the first key. For example, AUSF triggers the key K _AUSF update procedure autonomously upon determining that the K _AUSF key expires, or upon determining that the network system requires maintenance.

In yet another possible implementation, when the authentication server function network element detects that the counter value of the SoR or UPU service associated with the first key is about to be flipped, the key K _AUSF update procedure is triggered, i.e. it is determined that the first key needs to be updated.

In embodiments of the present application, flipping may be understood as a reset of the value of a counter. For example, the counter value of SoR/UPU is represented by 2 bits, i.e., 00, 01, 10, and 11, corresponding to 0, 1,2, and 3, respectively, and is incremented by 1 each time the SoR service or the UPU service is acquired or provided. Assuming that the current counter value is 11, this means that the counter needs to be flipped to 00.

In another example, the impending flip may be understood as the counter value of SoR/UPU impending reaching the logic threshold set by AUSF. For example AUSF sets a threshold for the counter value of the SoR/UPU that needs to be less than the maximum value indicated by the counter. Assuming that the SoR/UPU counter value is stored with a variable of 16bit length, AUSF may set the threshold value of the SoR/UPU counter to 60000 beyond which it is considered to be about to flip.

Alternatively, the flipping of the timer is imminent when the value of the counter in the above example is 10, and may be predefined. The values of the above counters are also examples given for ease of understanding, as the application is not particularly limited in this regard.

Based on the above step S302, the authentication server function network element performs the following step S303 in case it determines that the first key K _AUSF needs to be updated.

S303, the authentication server function network element obtains the key update parameter (e.g. AUSF _KRP).

It should be noted that the key update parameter may make the first key different from the second key.

In one possible implementation, the authentication server function network element generates a random number (Nonce) locally and uses the random number as the key update parameter AUSF _KRP.

In another possible implementation, the authentication server function network element maintains a counter locally and takes the value of the counter as the key update parameter AUSF _KRP. It should be noted that this counter is different from the counter associated with the first key and the counter associated with the second key.

In yet another possible implementation, the authentication server function network element sends a request message #a to the access and mobility management function network element for requesting acquisition of the NAS Counter value as the key update parameter AUSF _KRP.

The NAS Counter value may be a NAS UL Counter value (e.g., a NAS Counter value locally maintained by the terminal device and sent to the authentication server function network element) or a NAS DL Counter value (e.g., a NAS Counter value locally maintained by the authentication server function network element and sent to the terminal device).

Illustratively, the authentication server function network element sends a query message to the unified data management function network element (e.g., UDM) for querying the access and mobility management function network element (e.g., AMF) serving the current terminal device (e.g., UE); in response to the query message, the UDM sends identification information of the AMF, such as an AMF ID, to the AMF. Further, AUSF determines a corresponding AMF according to the AMF ID, and sends a request message #a to the AMF for requesting acquisition of the NAS Counter value. In response to the request message #a, the AMF transmits the NAS Counter value to AUSF. Alternatively, AUSF may obtain the NAS UL Counter value from the AMF, or may obtain the NAS DL Counter value from the AMF, which is not particularly limited in the present application.

S304, the authentication server functional network element updates the first key K _AUSF to obtain a second key (e.g. K _AUSF') using the key update parameter AUSF _KRP.

The deduction process of K _AUSF' is as follows: k _AUSF'＝KDF(K_AUSF,AUSF_KRP). That is, the authentication server function network element uses K _AUSF and AUSF _KRP as input parameters, and calculates K _AUSF' through the key derivation function KDF.

In one possible implementation, after the authentication server function network element generates the second key K _AUSF', a counter associated with the second key is generated and initialized, resulting in an initialized counter value. For example, the value of the UPU counter associated with the second key is reset to 1.

Further, in one example, the reset Counter value associated with the second key is used as a freshness parameter in subsequent steps 306 to S309 (e.g., UPU Counter _UPU); or in another example, the Counter value associated with the first key is continued to be used as the freshness parameter (e.g., UPU Counter _UPU) in subsequent steps S306 to S309 until the authentication server function network element, after receiving the key update result of the terminal device in step S312, determines that the terminal device has successfully updated the first key according to the key update result, deletes the Counter associated with the first key, and determines that the second key is subsequently used, and the Counter value associated with the second key.

S305, the authentication server function network element generates a message authentication code (message authentication code, MAC) using the second key, the counter value associated with the first key, and the key update parameter as input parameters.

Optionally, a counter value (count) associated with the first key is a parameter newly added in the input parameters in order to prevent replay attacks. The input parameter is incremented by the counter value associated with the first key to ensure that the output parameter is newly generated (fresh). For example, the counter value associated with the first key may be referred to as a freshness parameter, and commonly used freshness parameters may also include, but are not limited to: a Nonce (Nonce), a timestamp (timestamp), etc. used once.

For ease of description, the following description will take a message authentication code as UPU-MAC-I _AUSF, and a Counter value associated with the first key as UPU Counter _UPU as an example. It should be appreciated that the UPU Counter _UPU is created and initialized when K _AUSF is derived (i.e., step S301).

In one example, the authentication server function network element may retrieve the first key K _AUSF of the terminal device from the SUPI of the terminal device and then generate the message authentication code UPU-MAC-I _AUSF using the first key K _AUSF, a counter value associated with the first key, and a key update parameter AUSF _KRP as input parameters.

In another example, the authentication server function network element may retrieve the first key K _AUSF of the terminal device from the SUPI of the terminal device and then generate the message authentication code UPU-MAC-I _AUSF using the first key K _AUSF, the counter value associated with the first key, the key update parameter AUSF _KRP and the key update indication as input parameters.

Optionally, the information is digitally signed using a private key (PRIVATE KEY) of the asymmetric key, or using a one-way function (e.g., hash function Hash), with the symmetric key (shared key) and the information as input parameters, to generate the message authentication code MAC, or using a one-way function (e.g., hash function Hash) alone without the key, with the information as input parameters, to generate the Hash value.

Next, based on the UPU mechanism, the authentication server function network element instructs the terminal device to update the first key through the unified data management function network element. Specifically, the authentication server functional network element requests the unified data management functional network element to send the key update parameter and the key update instruction to the terminal equipment, so that the key update synchronization of the terminal equipment side and the network side is realized.

S306, the authentication server functional network element sends key update parameters AUSF _KRP, a counter value associated with the first key, a key update instruction and a message authentication code to the unified data management functional network element;

Correspondingly, the unified data management function network element receives a key update parameter AUSF _KRP from the authentication server function network element, a counter value associated with the first key, a key update indication, and a message authentication code.

Optionally, the key update parameter AUSF _KRP and the key update indication (REFRESH IND) may be sent in a binding.

In one possible implementation, the unified data management function element receives data (e.g., the key update parameter AUSF _KRP) from the authentication server function element that it desires to send to the terminal device through a certain message, which may be understood as indicating that the unified data management function element invokes the UPU mechanism to send the UPU message; correspondingly, after receiving the data, the unified data management function network element sends the data to the terminal equipment by executing a UPU flow or a SoR flow.

In another possible implementation, the authentication server function network element sends a request message (i.e. an example of a second request message) to the unified data management function network element, which request message itself may be used to request the unified data management function network element to send the key update parameter, the key update indication, the message authentication code, the counter value associated with the first key to the terminal device; correspondingly, after receiving the request message, the unified data management function network element sends a key update parameter, a key update instruction, a message authentication code and a counter value associated with the first key to the terminal equipment through the access and mobile management function network element.

In yet another possible implementation, when the authentication server function network element sends data (e.g., the key update parameter AUSF _KRP) to the unified data management function network element, indication information or other parameters with indication effect, which may be a key update indication, is sent at the same time; correspondingly, after receiving the data, the unified data management function network element determines to execute the UPU flow or the SoR flow through the indication information or other parameters with indication function, and sends the data to the terminal equipment.

It should be noted that, in executing the UPU flow or the SoR flow, the unified data management function network element needs to send the above data, and at the same time, send the counter value and the message authentication code associated with the first key to the terminal device.

In one example, the authentication server function network element autonomously generates the message authentication code and sends the message authentication code, the counter value associated with the first key, the key update indication and the key update parameter together to the unified data management function network element, which may be the parameters described above sent by the same message.

In another example, the message authentication code, the counter value associated with the first key, the key update indication and the key update parameter are not sent to the unified data management function network element at the same time. For example, the authentication server functional network element sends the key update parameter and the key update indication to the unified data management functional network element, so as to instruct the unified data management functional network element to forward the key update parameter to the terminal device through the UPU mechanism. Further, the unified data management function network element sends a request message (i.e., an example of the first request message) to the authentication server function network element for requesting acquisition of the message authentication code, the counter value associated with the first key, the request message including the SUPI of the terminal device and the key update parameter.

S307, the unified data management function network element sends notification information to the access and mobile management function network element;

Correspondingly, the access and mobility management function network element receives notification messages from the unified data management function network element.

Wherein the notification message includes a key update parameter, a message authentication code, a counter value associated with the first key, and a key update indication.

Alternatively, if the notification message itself may be the key update indication message, the notification message may not carry the key update indication.

S308, the access and mobile management function network element sends a notification message to the terminal equipment;

correspondingly, the terminal device receives notification messages from the access and mobility management function network elements.

The notification message is a NAS downlink message, including a key update parameter, a message authentication code, a counter value associated with a first key, and a key update indication.

S309, when the message authentication code and the counter value associated with the first key pass verification, the terminal device updates the first key K _AUSF using the key update parameter AUSF _KRP to obtain a second key K _AUSF'.

The specific verification manner of the message authentication code and the counter value associated with the first key may refer to the existing protocol, and for brevity, will not be described herein. It will be appreciated that the terminal device updates the first key using the key update parameter only if the message authentication code, the counter value associated with the first key, are verified, and thus the second key is derived. The specific deduction process may refer to the above step S304, and for brevity, the description is omitted here.

It should be noted that, in the steps S306 to S309, the counter value associated with the first key is used as the input parameter of the message authentication code, so that modification to the existing protocol can be reduced, and less signaling overhead is required.

Alternatively, the counter value carried in steps S306 to S309 may also be the counter value associated with the second key generated in step S304, with the difference that, in performing the UPU procedure, the unified data management function network element additionally sends, to the terminal device, indication information for instructing the terminal device to verify the message authentication code using the counter value associated with the second key, instead of verifying using the counter value associated with the first key.

Based on the implementation, replay attacks can be prevented by verifying the message authentication code and the counter value associated with the first key, authentication of security and reliability in network communication can be improved, and potential security risks are reduced.

Further, in response to the notification messages of steps S307 and S308, the terminal device may send an acknowledgement message to the unified data management function network element through the access and mobility management function network element, i.e. perform steps S310 and S311.

S310, the terminal equipment sends a confirmation message to the access and mobile management function network element;

Correspondingly, the access and mobility management function network element receives the acknowledgement message from the terminal device.

Illustratively, the acknowledgment message is a NAS uplink message.

S311, the access and mobile management function network element sends a confirmation message to the unified data management function network element;

correspondingly, the unified data management function network element receives acknowledgement messages from the access and mobility management function network elements.

In one possible implementation, the acknowledgement message sent by the terminal device includes acknowledgement information in response to the notification message, and a key update result (KEY REFRESH RES) at the terminal device side. The acknowledgement information is an Acknowledgement (ACK) or a Negative Acknowledgement (NACK), and is used for informing the unified data management function network element through the access and mobility management function network element that the terminal device has successfully received the notification message, and the key update result information is used for indicating a local key update result of the terminal device, which indicates that the update is successful or fails.

In another possible implementation, the terminal device may send the confirmation message only if the terminal device successfully receives the notification message and the terminal device local key update is successful. That is, the confirmation message indicates that the first key on the terminal device side has been updated successfully.

It should be noted that, in the case where the key update result indicates that the terminal device successfully updates the first key, the terminal device generates a counter associated with the second key, and initializes the counter associated with the second key, to obtain an initialized counter value, that is, the value of the counter is set to 1. And starting to use the second key in the subsequent UPU or SoR service, and using the initialized counter value associated with the second key.

Alternatively, if the access and mobility management function network element cannot establish a NAS secure connection with the terminal device, the access and mobility management function network element may set the key update result KEY REFRESH RES to fail and notify the unified data management function network element.

S312, the unified data management function network element sends a response message to the authentication server function network element;

correspondingly, the authentication server function network element receives a response message from the unified data management function network element.

Wherein the response message includes a key update result of the terminal device side.

In one possible implementation, the acknowledgement message received by the unified data management function network element contains the key update result information KEY REFRESH RES, and the unified data management function network element only needs to forward the key update result information to AUSF.

In another possible implementation manner, only the acknowledgement information ACK of the transmission result is received in the acknowledgement message received by the unified data management function network element, and the unified data management function network element sends a message that the key update is successful to the authentication server function network element.

S313, the authentication server functional network element determines to use the second key and uses the initialized counter value associated with the second key according to the key updating result of the terminal equipment side.

For example, if the key update result indicates that the key update at the terminal device side is successful, the authentication server function network element may determine that the second key K _AUSF' newly derived in step S304 is used for the subsequent SoR service or UPU service. If the counter value associated with the first key is also stored locally, the authentication server function network element may delete the counter associated with the first key and begin using the counter associated with the second key.

Optionally, if the key update result indicates that the key update at the terminal device side is unsuccessful, the authentication server function network element may determine to continue to use the first key K _AUSF in step S301 for the subsequent SoR service or UPU service; or repeatedly performs the above steps S303 to S313 and the like.

According to the scheme provided by the application, the key update flow of the first key K _AUSF is triggered by the authentication server functional network element of the home network, and the key update of K _AUSF is not required to be triggered by the access of the service network and the mobile management functional network element. And, the key update parameter AUSF _KRP of K _AUSF is transmitted to the terminal equipment by using the UPU mechanism, so that the key synchronization update of K _AUSF of the user side and the network side can be realized. In addition, the technical scheme of the application can independently update the first key K _AUSF, and other network elements SEAF, AMF and the like do not need to synchronously update own keys. The method can realize that the network provides SoR service or UPU service for the terminal equipment while guaranteeing the network security communication.

Next, by taking the terminal device as the UE, the authentication server function network element as AUSF, the unified data management network element as UDM, and the mobility and access management function network element as AMF as an example, the key update scheme of the home network trigger K _AUSF will be described with reference to fig. 4 and 5, respectively. In the technical scheme of the application, the home network triggers and updates K _AUSF in other modes except the main authentication, and the newly generated second key K _AUSF' is horizontally deduced from the old key K _AUSF.

Fig. 4 is a flowchart illustrating a communication method 400 according to an embodiment of the present application. The key updating process of K _AUSF is triggered by AUSF, and key updating parameters of K _AUSF are transferred to the UE by using a UPU mechanism, so that the key synchronous updating of K _AUSF at the user side and the network side is realized. As shown in fig. 4, the method includes the following steps.

S401, the UE registers, executes the master authentication procedure, and generates K _AUSF (i.e., an example of the first key).

For the specific implementation, reference may be made to the 5G AKA primary authentication procedure of the method 200, which is not described herein for brevity. Alternatively, K _AUSF may also be generated by EAP-AKA' authentication, which is not particularly limited by the present application.

S402, AUSF triggers the key update procedure of K _AUSF.

In one possible implementation, the network manager instructs AUSF to update K _AUSF, i.e., AUSF triggers a key update of K _AUSF, according to the management requirements. Illustratively, the network manager instructs AUSF to update K _AUSF if it determines that the K _AUSF key expires, or if the network system is maintained, etc.

In another possible implementation, AUSF actively triggers a key update of K _AUSF upon detecting a loss of service associated with the K _AUSF key or a cessation of service associated with the K _AUSF key.

S403, AUSF queries UDM for AMF ID serving UE.

Illustratively, AUSF sends a query message to the UDM for querying the AMF serving the current UE; correspondingly, the UDM returns to AUSF the identification information AMF ID of the AMF.

S404, AUSF requests to the AMF to obtain the NAS Counter value as the key update parameter (KEY REFRESH PARAMETER, KRP) of K _AUSF. For ease of description, the key update parameter of K _AUSF is denoted by AUSF _KRP below.

Illustratively, AUSF sends a request message #A to the corresponding AMF according to the AMF ID, the request message #A being used to request acquisition of the NAS Counter value. Correspondingly, the AMF returns a NAS Counter value to AUSF.

Alternatively, AUSF may obtain the NAS UL Counter value from the AMF as AUSF _KRP, or may obtain the NAS DL Counter value from the AMF as AUSF _KRP, which is not particularly limited in the present application.

S405, AUSF generates K _AUSF' (i.e., an example of the second key) from the first key K _AUSF and the key update parameter AUSF _KRP.

For the specific implementation manner, reference may be made to step S304 of the method 300, which is not repeated herein for brevity.

Further, after generating K _AUSF 'at AUSF, a counter associated with K _AUSF' is generated and initialized, resulting in an initialized counter value. For example, the value of the UPU counter associated with K _AUSF' is reset to 1. Illustratively, the counter value associated with K _AUSF is continuously used in subsequent steps S409 to S411, and the counter associated with K _AUSF is not deleted until AUSF determines that the UE has successfully updated K _AUSF based on the key update result after receiving the key update result of the UE in step S414, and the subsequent use of K _AUSF 'and the counter value associated with K _AUSF' are determined.

S406, AUSF sends a request message #1 (i.e., an example of a second request message) to the UDM;

Correspondingly, the UDM receives the request message #1 from AUSF.

In one example, the request message #1 includes a key update parameter AUSF _KRP and a key update indication (KEY REFRESH IND), the request message #1 for requesting the UDM to send the key update parameter AUSF _KRP and the key update indication to the UE. I.e. the UDM sends key update parameters AUSF _KRP and a key update indication to the UE via the UPU mechanism.

In another example, the request message #1 includes a key update parameter AUSF _KRP, and the request message #1 is used to request the UDM to send the key update parameter AUSF _KRP to the UE. Further, the UDM determines the key update indication according to a specific function (the specific function is used for receiving a key update request and triggering a key update) and the key update parameter AUSF _KRP, and then the UDM sends the key update parameter AUSF _KRP and the key update indication to the UE through the UPU mechanism.

S407, the UDM sends a request message #2 (i.e., an example of the first request message) to AUSF;

correspondingly AUSF receives the request message #2 from the UDM.

The request message #2 includes a SUPI of the UE, where the request message #2 is used to request to obtain a counter value of the message authentication code MAC and the association K _AUSF, and is used for verifying the integrity protection and freshness of the NAS downlink message by the UE in the subsequent step S411.

In one example, when step 406 includes a key update parameter AUSF _KRP and a key update indication, the request message #2 also includes a key update parameter AUSF _KRP and a key update indication. That is, the UDM regards the key update parameter AUSF _KRP and the key update instruction as a whole, and sends AUSF the same as an input parameter for generating the message authentication code MAC in the subsequent step S405, AUSF.

In another example, when step 406 includes the key update parameter AUSF _KRP and the key update indication, the request message #2 also includes the key update parameter AUSF _KRP, i.e., the key update parameter AUSF _KRP is used as an input parameter for AUSF generation of the message authentication code MAC in the subsequent step S405.

The request message #2 may be, for example, nausf _ UPUProtection Request message.

Illustratively, the message authentication code UPU-MAC-I _AUSF, the Counter value associated with K _AUSF is UPU Counter _UPU,

Illustratively, AUSF determines the key K _AUSF from the SUPI of the UE and generates the message authentication code UPU-MAC-I _AUSF from the key K _AUSF, the UPU Counter _UPU, the key update parameter AUSF _KRP, and the key update indication. Or AUSF generates a message authentication code UPU-MAC-I _AUSF based on the key K _AUSF, the UPU Counter _UPU, and the key update parameter AUSF _KRP.

S408, AUSF sends a response message #2 to the UDM;

correspondingly, the UDM receives a response message #2 from AUSF.

Wherein the response message #2 includes a message authentication code UPU-MAC-I _AUSF and a UPU Counter _UPU.

The response message #2 may be, for example, nausf _ UPUProtection Response message.

S409, the UDM transmits a notification message #1 (i.e., an example of a notification message) to the AMF through the UPU mechanism;

Correspondingly, the AMF receives notification message #1 from the UDM.

In one example, if the key update parameter AUSF _KRP and the key update indication are carried in step 406 and the key update parameter AUSF _KRP and the key update indication are sent to AUSF as a whole in step 407, the notification message #1 may include the UPU data to be sent (i.e., the key update parameter AUSF _KRP and the key update indication are considered as a whole), the message authentication code UPU-MAC-I _AUSF, and the UPU Counter _UPU. Wherein the key update parameter AUSF _KRP and the key update indication are integrity protected.

In another example, if key update parameter AUSF _KRP and a key update indication are carried in step 406 and key update parameter AUSF _KRP is sent to AUSF in step 407, the notification message #1 may include the UPU data to be sent (i.e., key update parameter AUSF _KRP), message authentication code UPU-MAC-I _AUSF, UPU Counter _UPU, and key update indication. Wherein the key update parameter AUSF _KRP is integrity protected, the key update indicates not to be integrity protected.

In yet another example, if the key update parameter AUSF _KRP and the key update indication are carried in step 406 and the key update parameter AUSF _KRP is sent to AUSF in step 407, the notification message #1 may include the UPU data to be sent (i.e., the key update parameter AUSF _KRP), the message authentication code UPU-MAC-I _AUSF, and the UPU Counter _UPU. The notification message #1 may be key update indication information, and the notification message #1 may not carry a key update indication, so that signaling overhead may be reduced. Wherein the key update parameter AUSF _KRP is integrity protected.

The Notification message #1 may be a Nudm _sdm_notification message, for example.

S410, AMF sends notification message #1 to UE;

Correspondingly, the UE receives a notification message #1 from the AMF, and the notification message #1 may be a NAS downlink message.

In one example, the NAS downlink message includes a key update parameter AUSF _KRP, a message authentication code UPU-MAC-I _AUSF, a UPU Counter _UPU, and a key update indication.

In another example, the NAS downlink message is key update indication information, and the NAS downlink message includes key update parameters AUSF _KRP, a message authentication code UPU-MAC-I _AUSF, and a UPU Counter _UPU.

S411, the UE generates K _AUSF' (i.e., an example of the second key) from the first key K _AUSF and the key update parameter AUSF _KRP.

After receiving the notification message #1, the UE needs to verify the message authentication code UPU-MAC-I _AUSF and the UPU Counter _UPU, and if the verification is passed, the UE updates K _AUSF according to use AUSF _KRP to obtain K _AUSF'. The specific generating K _AUSF' deduction process is similar to step S405, and for brevity, the description is omitted here.

It should be noted that, in the case that the key update result indicates that the terminal device successfully updates K _AUSF, the UE generates a counter associated with K _AUSF 'and initializes a counter associated with K _AUSF', resulting in an initialized counter value, i.e., the value of the counter is set to 1. And, K _AUSF 'is started to be used in the subsequent UPU or SoR service, and the initialized counter value associated with K _AUSF' is used.

S412, the UE sends an acknowledgement message #1 (i.e., an example of an acknowledgement message) to the AMF;

correspondingly, the AMF receives an acknowledgement message #1 from the UE.

The acknowledgement message #1 may be a NAS uplink message, including acknowledgement information ACK of the transmission result (i.e., the NAS downlink message received in step S410), and a key update result at the UE side.

S413, the AMF sends an acknowledgement message #1 to the UDM;

correspondingly, the UDM receives an acknowledgement message #1 from the AMF.

Wherein the acknowledgement message #1 includes ACKs and KEY REFRESH RES.

Alternatively, if the AMF cannot establish a NAS secure connection with the UE, the AMF sets RES as failed and marks the failure cause to notify the UDM.

The acknowledgement message #1 may be a Nudm _sdm_information message, for example.

S414, the UDM sends a response message #1 to AUSF;

correspondingly, the UDM receives a response message #1 from AUSF.

The response message #1 includes a key update result of the UE side.

S415, AUSF determines to use K _AUSF 'and the initialized counter value associated with K _AUSF' according to the key update result at the UE side.

Alternatively, if the key update result indicates that the key update on the UE side is successful, AUSF may determine to use the newly derived K _AUSF' in step S405 for the subsequent SoR service or UPU service.

Alternatively, if the key update result indicates that the key update on the UE side is unsuccessful, AUSF may determine to continue using the old key K _AUSF in step S401 for the subsequent SoR service or UPU service.

The method disclosed by the application triggers the key update flow of K _AUSF through AUSF of the home network, and does not need to wait for the service network AMF to trigger the key update of K _AUSF. And, the key update parameter AUSF _KRP of K _AUSF is transmitted to the UE by using the UPU mechanism, so that the key synchronization update of K _AUSF of the user side and the network side can be realized. In addition, the technical scheme of the application can independently update K _AUSF, and other network elements SEAF, AMF and the like do not need to synchronously update own keys. The method can realize that the network provides SoR service or UPU service for the UE while ensuring the network security communication.

Fig. 5 is a flowchart illustrating a communication method 500 according to an embodiment of the present application. According to the method, AUSF triggers a key K _AUSF updating process, a UPU mechanism is utilized to transmit a key updating parameter of K _AUSF to the UE, and the key synchronization updating of K _AUSF of the user side and the network side is realized. Method 500 may further save signaling overhead and reduce execution steps compared to method 400. As shown in fig. 5, the method includes the following steps.

S501, the UE registers, executes the master authentication procedure, and generates K _AUSF (i.e., an example of the first key).

S502, AUSF triggers the key update procedure of K _AUSF.

For the specific implementation of steps S501 and S502, reference may be made to the descriptions related to steps S401 and S402 of the method 400, and for brevity, the description is omitted here.

S503, AUSF locally generates the key update parameter AUSF _KRP.

Illustratively, AUSF generates a random number (Nonce) locally and uses this value as the key update parameter AUSF _KRP for K _AUSF.

Illustratively, AUSF generates and maintains a Counter locally and takes the value of this Counter as the update parameter AUSF _KRP for the key of KAUSF.

S504, AUSF generates K _AUSF' (i.e., an example of the second key) from the first key K _AUSF and the key update parameter AUSF _KRP.

The K _AUSF' deduction process may refer to the description related to step S405 of the method 400, and is not repeated here for brevity.

Further, after generating K _AUSF 'at AUSF, a counter associated with K _AUSF' is generated and initialized, resulting in an initialized counter value. For example, the value of the UPU counter associated with K _AUSF' is reset to 1. Illustratively, the counter value associated with K _AUSF continues to be used in subsequent steps S506 to S508, and the counter associated with K _AUSF is not deleted until AUSF determines that the UE has successfully updated K _AUSF based on the key update result after receiving the key update result of the UE in step S512, and determines the subsequent use of K _AUSF 'and the counter value associated with K _AUSF'.

S505, AUSF sends a request message #a (i.e., an example of a second request message) to the UDM;

Correspondingly, the UDM receives a request message #a from AUSF.

Wherein the request message #a includes a key update parameter AUSF _KRP, a key update indication (KEY REFRESH IND), a message authentication code and a freshness parameter, and the request message #a is used for requesting the UDM to send the key update parameter AUSF _KRP and the key update indication to the UE.

Note that, prior to performing step S505, AUSF generates the message authentication code MAC and the counter value of association K _AUSF. Wherein the UPU Counter _UPU is created and initialized when K _AUSF is derived (i.e., step S501). Further, AUSF determines the key K _AUSF from the SUPI of the UE and generates a message authentication code UPU-MAC-I _AUSF from the key K _AUSF and UPU Counter _UPU.

S506, the UDM sends a notification message #a (namely, one example of the notification message) to the AMF through a UPU mechanism;

Correspondingly, the AMF receives a notification message #a from the UDM.

S507, AMF sends notification message #a to UE;

Correspondingly, the UE receives a notification message #a from the AMF.

The notification message #a may be a NAS downlink message.

S508, the UE generates K _AUSF' (i.e., an example of the second key) from the first key K _AUSF and the key update parameter AUSF _KRP.

After receiving the notification message #1, the UE needs to verify the message authentication code UPU-MAC-I _AUSF and the UPU Counter _UPU, and if the verification is passed, the UE updates K _AUSF according to use AUSF _KRP to obtain K _AUSF'. For specific implementation, reference may be made to step S411 of the method 400, which is not repeated herein for brevity.

S509, the UE transmits an acknowledgement message #a (i.e., an example of an acknowledgement message) to the AMF;

Correspondingly, the AMF receives an acknowledgement message #a from the UE, which may be a NAS uplink message.

The NAS uplink message comprises acknowledgement information ACK of a transmission result and a key updating result of the UE side.

S510, the AMF sends an acknowledgement message #a to the UDM;

correspondingly, the UDM receives an acknowledgement message #a from the AMF.

Wherein the acknowledgement message #a includes ACK and KEY REFRESH RES.

S511, the UDM sends a response message #a to AUSF;

Correspondingly, the UDM receives a response message #a from AUSF.

The response message #a includes a key update result of the UE side.

S512, AUSF determines the usage KAUSF 'and the initialized counter value associated with K _AUSF' according to the key update result at the UE side.

For the specific implementation of steps S506 to S512, reference may be made to steps S409 to S415 of the above-mentioned method 400, and for brevity, the details are not repeated here.

The communication method side embodiment of the present application is described in detail above with reference to fig. 1 to 5, and the communication apparatus side embodiment of the present application will be described in detail below with reference to fig. 6 and 7. It is to be understood that the description of the device embodiments corresponds to the description of the method embodiments, and that parts not described in detail can therefore be seen in the preceding method embodiments.

Fig. 6 is a schematic block diagram of a communication device 1000 provided by an embodiment of the present application. As shown in fig. 6, the device 1000 may include a transceiver unit 1010 and a processing unit 1020. The transceiver unit 1010 may communicate with the outside, and the processing unit 1020 is used for data processing. The transceiver unit 1010 may also be referred to as a communication interface or transceiver unit.

In one possible design, the device 1000 may implement steps or flows performed by an authentication server function network element (e.g., AUSF) corresponding to the above method embodiment, where the transceiver unit 1010 is configured to perform the transceiver-related operations of AUSF in the above method embodiment, and the processing unit 1020 is configured to perform the processing-related operations of AUSF in the above method embodiment.

Illustratively, the processing unit 1020 is configured to determine whether a first key is required to be updated, where the first key is used to secure a secure communication between the terminal device and the network element of the unified data management function; in the case that the processing unit 1020 determines that the first key needs to be updated, the transceiver unit 1010 is configured to obtain a key update parameter; the processing unit 1020 is further configured to update the first key with a key update parameter to obtain a second key; the processing unit 1020 is further configured to generate a message authentication code using the first key, the counter value associated with the first key, and the key update parameter as input parameters; the transceiver 1010 is further configured to send, to the terminal device through the unified data management function network element, a key update parameter, a key update indication, a message authentication code, and a counter value associated with the first key, where the key update indication is used to instruct the terminal device to update the first key according to the key update parameter.

In another possible design, the device 1000 may implement steps or procedures performed by a network element (e.g., UDM) corresponding to the unified data management function in the above method embodiment, where the transceiver unit 1010 is configured to perform operations related to the transceiver of the UDM in the above method embodiment, and the processing unit 1020 is configured to perform operations related to the processing of the UDM in the above method embodiment.

Illustratively, the transceiver 1010 is configured to receive a key update parameter, a key update indication, a message authentication code, and a counter value associated with a first key from an authentication server function network element, where the key update indication is configured to instruct a terminal device to update the first key according to the key update parameter, and the first key is configured to protect secure communications between the terminal device and a unified data management function network element; the transceiver unit 1010 is further configured to send a notification message to the terminal device via the access and mobility management function network element, the notification message comprising a key update parameter, a key update indication, a message authentication code, and a counter value associated with the first key.

In yet another possible design, the apparatus 1000 may implement steps or processes performed by a communication device (e.g., UE) corresponding to the above method embodiments, where the processing unit 1020 is configured to perform the processing related operations of the UE in the above method embodiments, and the transceiver unit 1010 is configured to perform the transceiver related operations of the UE in the above method embodiments.

Illustratively, the transceiver 1010 is configured to receive, by the access and mobility management function network element, a notification message from the unified data management function network element, the notification message including a key update parameter, a key update indication, a message authentication code, and a counter value associated with a first key, the key update indication being configured to instruct the communication device to update the first key according to the key update parameter, the first key being configured to secure communications between the communication device and the unified data management function network element; the processing unit 1020 is further configured to update the first key with a key update parameter to obtain a second key if the message authentication code and the counter value associated with the first key are verified; in response to the notification message, the transceiver unit 1010 is further configured to send a confirmation message to the unified data management function network element through the access and mobility management function network element, where the confirmation message includes a key update result, and the key update result indicates whether the terminal device successfully updates the first key.

It should be understood that the device 1000 herein is embodied in the form of functional units. The term "unit" herein may refer to an Application Specific Integrated Circuit (ASIC), an electronic circuit, a processor (e.g., a shared, dedicated, or group processor, etc.) and memory that execute one or more software or firmware programs, a combinational logic circuit, and/or other suitable components that support the described functionality. In an alternative example, it will be understood by those skilled in the art that the apparatus 1000 may be specifically configured to perform the respective processes and/or steps corresponding to the transmitting end in the foregoing method embodiment, or the apparatus 1000 may be specifically configured to be configured to perform the respective processes and/or steps corresponding to the receiving end in the foregoing method embodiment, which are not repeated herein.

The apparatus 1000 of each of the above-described aspects has a function of implementing the corresponding step performed by the transmitting end in the above-described method, or the apparatus 1000 of each of the above-described aspects has a function of implementing the corresponding step performed by the receiving end in the above-described method. The functions may be implemented by hardware, or may be implemented by hardware executing corresponding software. The hardware or software comprises one or more modules corresponding to the functions; for example, the transceiver unit may be replaced by a transceiver (e.g., a transmitting unit in the transceiver unit may be replaced by a transmitter, a receiving unit in the transceiver unit may be replaced by a receiver), and other units, such as a processing unit, etc., may be replaced by a processor, to perform the transceiver operations and related processing operations in the various method embodiments, respectively.

The transceiver unit may be a transceiver circuit (for example, may include a receiving circuit and a transmitting circuit), and the processing unit may be a processing circuit. In the embodiment of the present application, the apparatus in fig. 6 may be the receiving end or the transmitting end in the foregoing embodiment, or may be a chip or a chip system, for example: system on chip (SoC). The transceiver unit may be an input/output circuit or a communication interface. The processing unit is an integrated processor or microprocessor or integrated circuit on the chip. And are not limited herein.

Fig. 7 is a schematic block diagram of a communication device 2000 provided by an embodiment of the present application. As shown in fig. 7, the device 2000 includes a processor 2010 and a transceiver 2020. Wherein the processor 2010 and the transceiver 2020 are in communication with each other via an internal connection, the processor 2010 is configured to execute instructions to control the transceiver 2020 to transmit signals and/or receive signals.

Optionally, the device 2000 may further include a memory 2030, where the memory 2030 communicates with the processor 2010 and the transceiver 2020 through an internal connection. The memory 2030 is for storing instructions and the processor 2010 may execute the instructions stored in the memory 2030.

In a possible implementation manner, the device 2000 is configured to implement the respective flows and steps corresponding to the UE in the above method embodiment.

In another possible implementation manner, the apparatus 2000 is configured to implement the respective flows and steps corresponding to AUSF in the above-described method embodiment.

In yet another possible implementation manner, the device 2000 is configured to implement the respective flows and steps corresponding to the UDM in the above method embodiment.

It should be understood that the device 2000 may be specifically a transmitting end or a receiving end in the foregoing embodiments, and may also be a chip or a chip system. Correspondingly, the transceiver 2020 may be a transceiver circuit of the chip, which is not limited herein. Specifically, the apparatus 2000 may be configured to perform each step and/or flow corresponding to the sending end or the receiving end in the above method embodiments.

Alternatively, the memory 2030 may include read only memory and random access memory and provide instructions and data to the processor. A portion of the memory may also include non-volatile random access memory. For example, the memory may also store information of the device type. The processor 2010 may be configured to execute instructions stored in a memory, and when the processor 2010 executes the instructions stored in the memory, the processor 2010 is configured to perform the steps and/or processes of the method embodiments corresponding to the transmitting side or the receiving side described above.

In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or by instructions in the form of software. The steps of a method disclosed in connection with the embodiments of the present application may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in the processor for execution. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method. To avoid repetition, a detailed description is not provided herein.

It should be noted that the processor in the embodiments of the present application may be an integrated circuit chip with signal processing capability. In implementation, the steps of the above method embodiments may be implemented by integrated logic circuits of hardware in a processor or instructions in software form. The processor may be a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a discrete gate or transistor logic device, a discrete hardware component. The processor in the embodiments of the present application may implement or execute the methods, steps and logic blocks disclosed in the embodiments of the present application. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be embodied directly in the execution of a hardware decoding processor, or in the execution of a combination of hardware and software modules in a decoding processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method.

It will be appreciated that the memory in embodiments of the application may be volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an erasable programmable ROM (erasable PROM), an electrically erasable programmable EPROM (EEPROM), or a flash memory. The volatile memory may be random access memory (random access memory, RAM) which acts as external cache memory. By way of example, and not limitation, many forms of RAM are available, such as static random access memory, dynamic random access memory, synchronous dynamic random access memory, double data rate synchronous dynamic random access memory, enhanced synchronous dynamic random access memory, synchronous link dynamic random access memory, and direct memory bus random access memory. It should be noted that the memory of the systems and methods described herein is intended to comprise, without being limited to, these and any other suitable types of memory.

Fig. 8 is a schematic block diagram of a chip system 3000 provided in accordance with an embodiment of the present application. The system-on-chip 3000 (or may also be referred to as a processing system) includes logic 3010 and input/output interface 3020.

Logic 3010 may be a processing circuit in system-on-chip 3000. Logic 3010 may be coupled to the memory unit to invoke instructions in the memory unit so that system-on-a-chip 3000 can implement the methods and functions of embodiments of the present application. The input/output interface 3020 may be an input/output circuit in the chip system 3000, outputting information processed by the chip system 3000, or inputting data or signaling information to be processed into the chip system 3000 for processing.

As an option, the chip system 3000 is configured to implement the operations performed by a communication device (e.g., UE in fig. 2-5) in the various method embodiments above.

For example, the logic 3010 is configured to implement the processing-related operations performed by the UE in the above method embodiments, such as the processing-related operations performed by the UE in the embodiment shown in fig. 2, or the processing-related operations performed by the UE in any of the embodiments shown in fig. 3 to 5; the input/output interface 3020 is used to implement the above operations related to transmission and/or reception performed by the UE in the method embodiment, for example, the operations related to transmission and/or reception performed by the UE in the embodiment shown in fig. 2, or the operations related to transmission and/or reception performed by the UE in any one of the embodiments shown in fig. 3 to 5.

Alternatively, the chip system 3000 is configured to implement the operations performed by AUSF (e.g., AUSF in fig. 2-5) in the various method embodiments described above.

For example, the logic 3010 is configured to implement the process-related operations performed by AUSF in the above method embodiment, such as the process-related operations performed by AUSF in the embodiment shown in fig. 2, or the process-related operations performed by AUSF in the embodiment shown in any one of fig. 3-5; the input/output interface 3020 is used to implement the transmission and/or reception related operations performed by AUSF in the above method embodiments, such as the transmission and/or reception related operations performed by AUSF in the embodiment shown in fig. 2, or the transmission and/or reception related operations performed by AUSF in any of the embodiments shown in fig. 3-5.

The embodiments of the present application also provide a computer readable storage medium having stored thereon computer instructions for implementing the methods performed by the apparatus (e.g., a communication device (e.g., a terminal device), or AUSF, or UDM, or AMF) in the above-described method embodiments.

Embodiments of the present application also provide a computer program product comprising instructions which, when executed by a computer, implement the method performed by an apparatus (e.g. a communication device (e.g. a terminal device), or AUSF, or UDM, or AMF) in the above method embodiments.

The embodiment of the application also provides a communication system which comprises one or more of the communication devices (such as terminal equipment), or AUSF, or UDM, or AMF.

The explanation and beneficial effects of the related content in any of the above-mentioned devices can refer to the corresponding method embodiments provided above, and are not repeated here.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.

In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a mobile hard disk, a read-only memory, a random access memory, a magnetic disk or an optical disk.

The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A method of communication, comprising:

The authentication server function network element determines whether a first key is required to be updated, wherein the first key is used for protecting the safety communication between the terminal equipment and the unified data management function network element;

Under the condition that the first secret key needs to be updated, the authentication server function network element acquires secret key updating parameters;

the authentication server functional network element updates the first key by using the key updating parameter to obtain a second key;

The authentication server function network element generates a message authentication code by using the first key, a counter value associated with the first key, and the key update parameter as input parameters;

The authentication server function network element sends the key update parameter, a key update instruction, the message authentication code and a counter value associated with the first key to the terminal device through the unified data management function network element, wherein the key update instruction is used for instructing the terminal device to update the first key according to the key update parameter.

2. The method according to claim 1, wherein after the authentication server function network element updates the first key with the key update parameter to obtain a second key, the method further comprises:

The authentication server function network element generates a counter associated with the second key, initializes the counter associated with the second key and obtains an initialized counter value.

3. The method according to claim 1 or2, wherein the authentication server function network element determining whether the first key needs to be updated comprises:

The authentication server functional network element receives first indication information from network management equipment;

and the authentication server function network element determines that the first key needs to be updated according to the first indication information.

4. A method according to any of claims 1 to 3, wherein the authentication server function network element determining whether the first key needs to be updated comprises:

in the event that a counter value associated with the first key is about to be flipped, the authentication server function network element determines that the first key needs to be updated.

5. The method according to any one of claim 1 to 4, wherein,

The key updating parameter is a random number; or alternatively

The key updating parameter is the value of other counters maintained locally;

wherein the key update parameter is such that the second key is different from the first key.

6. The method according to any of claims 1 to 5, wherein the authentication server function network element sending the key update parameter, a key update indication, the message authentication code, and a counter value associated with the first key to the terminal device via the unified data management function network element, comprises:

The authentication server functional network element sends the key update parameter and the key update indication to the unified data management functional network element;

The authentication server function network element receives a first request message from the unified data management function network element, wherein the first request message is used for requesting to acquire the message authentication code and the counter value associated with the first key, and the first request message comprises the key updating parameter and a user permanent identifier of the terminal equipment;

In response to the first request message, the authentication server function network element sends the message authentication code and the counter value associated with the first key to the unified data management function network element.

7. The method of any of claims 1-5, wherein the key update parameter, the key update indication, the message authentication code, and the counter value associated with the first key are sent by a same message.

8. The method according to any one of claims 1 to 7, further comprising:

The authentication server function network element sends a second request message to the unified data management function network element, where the second request message is used to request the unified data management function network element to send the key update parameter, the key update indication, the message authentication code and the counter value associated with the first key to the terminal device.

9. The method of claim 8, wherein the second request message includes second indication information for instructing the unified data management function network element to send the key update parameter, the key update indication, the message authentication code, and the counter value associated with the first key to the terminal device.

10. The method according to any one of claims 2 to 9, further comprising:

The authentication server function network element receives a confirmation message from the terminal device through the unified data management function network element, wherein the confirmation message comprises a key updating result, and the key updating result indicates whether the terminal device successfully updates the first key.

11. The method according to claim 10, wherein the method further comprises:

And under the condition that the key updating result indicates that the terminal equipment successfully updates the first key, the authentication server function network element determines to use the second key and the initialized counter value.

12. A method of communication, comprising:

The unified data management function network element receives a key update parameter, a key update instruction, a message authentication code and a counter value associated with a first key from an authentication server function network element, wherein the key update instruction is used for instructing a terminal device to update the first key according to the key update parameter, and the first key is used for protecting safe communication between the terminal device and the unified data management function network element;

The unified data management function network element sends a notification message to the terminal device through an access and mobility management function network element, the notification message including the key update parameter, the key update indication, the message authentication code, and a counter value associated with the first key.

13. The method according to claim 12, wherein the method further comprises:

in response to the notification message, the unified data management function network element receives a confirmation message from the terminal device through the access and mobility management function network element, wherein the confirmation message comprises a key update result, and the key update result indicates whether the terminal device successfully updates the first key;

and the unified data management function network element sends the key updating result to the authentication server function network element.

14. The method according to claim 12 or 13, wherein the unified data management function network element receives a key update parameter, a key update indication, a message authentication code, and a counter value associated with a first key from an authentication server function network element, comprising:

The unified data management function network element receives the key update parameter and the key update indication from the authentication server function network element;

the unified data management function network element sends a first request message to the authentication server function network element, wherein the first request message is used for requesting to acquire the message authentication code and the counter value associated with the first key, and the first request message comprises the key updating parameter and the user permanent identification of the terminal equipment;

in response to the first request message, the unified data management function network element receives the message authentication code and the counter value associated with the first key from the authentication server function network element.

15. The method according to claim 12 or 13, wherein the key update parameter, the key update indication, the message authentication code, and the counter value associated with the first key are sent by the same message.

16. The method according to any of the claims 12 to 15, characterized in that before the unified data management function network element sends a notification message to the terminal device via an access and mobility management function network element, the method further comprises:

The unified data management function network element receives a second request message from the authentication server function network element, wherein the second request message is used for requesting the unified data management function network element to send the key update parameter, the key update indication, the message authentication code and the counter value associated with the first key to the terminal equipment;

The unified data management function network element sends a notification message to the terminal device through the access and mobile management function network element, and the method comprises the following steps:

and responding to the second request message, and sending the notification message to the terminal equipment by the unified data management function network element through the access and mobile management function network element.

17. The method according to claim 16, wherein the second request message comprises second indication information for instructing the unified data management function network element to send the key update parameter, the key update indication, the message authentication code and the counter value to the terminal device.

18. A method of communication, comprising:

The communication device receives a notification message from a unified data management function network element through an access and mobile management function network element, wherein the notification message comprises a key update parameter, a key update indication, a message authentication code and a counter value associated with a first key, the key update indication is used for indicating the communication device to update the first key according to the key update parameter, and the first key is used for protecting the secure communication between the communication device and the unified data management function network element;

Updating the first key by the communication device by using the key updating parameter under the condition that the message authentication code and the counter value associated with the first key pass verification, so as to obtain a second key;

In response to the notification message, the communication device sends a confirmation message to the unified data management function network element through the access and mobility management function network element, the confirmation message including a key update result indicating whether the terminal device successfully updates the first key.

19. The method of claim 18, wherein after the communication device updates the first key using the key update parameter to obtain a second key, the method further comprises:

The communication device generates a counter associated with the second key and initializes the counter associated with the second key to obtain an initialized counter value.

20. The method of claim 19, wherein the method further comprises:

And under the condition that the key updating result indicates that the terminal equipment successfully updates the first key, the terminal equipment determines to use the second key and the initialized counter value.

21. A communication device, comprising: one or more functional modules or network elements for performing the method of any one of claims 1 to 20.

22. A communication device, comprising: a processor coupled to the memory; the processor configured to execute a computer program stored in the memory, to cause the apparatus to perform the method of any one of claims 1 to 20.

23. A computer-readable storage medium, comprising: the computer readable storage medium having stored thereon a computer program which, when run, causes the computer to perform the method of any of claims 1 to 20.

24. A computer program product, which, when executed by a communication device, implements the method of any of claims 1 to 20.