WO2020024764A1 - Procédé et appareil permettant de vérifier un identifiant d'équipement utilisateur dans un processus d'authentification - Google Patents

Procédé et appareil permettant de vérifier un identifiant d'équipement utilisateur dans un processus d'authentification Download PDF

Info

Publication number
WO2020024764A1
WO2020024764A1 PCT/CN2019/094727 CN2019094727W WO2020024764A1 WO 2020024764 A1 WO2020024764 A1 WO 2020024764A1 CN 2019094727 W CN2019094727 W CN 2019094727W WO 2020024764 A1 WO2020024764 A1 WO 2020024764A1
Authority
WO
WIPO (PCT)
Prior art keywords
user equipment
identifier
user
network element
equipment identifier
Prior art date
Application number
PCT/CN2019/094727
Other languages
English (en)
Chinese (zh)
Inventor
李华
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2020024764A1 publication Critical patent/WO2020024764A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • This application relates to the field of communications, and more specifically, to a method and apparatus for verifying a user equipment identity during an authentication process.
  • the binding relationship between the user and the user equipment is stored in the unified data management network element.
  • the network side will verify The binding relationship between the user's card and the user equipment (that is, the binding relationship between the user identity and the user equipment identity).
  • AMF Access and Mobility Management
  • AMF Access and Mobility Management
  • AMF Access and Mobility Management
  • the UE uses the communication key to encrypt the user equipment identity, and sends the encrypted user equipment identity to the base station.
  • the base station decrypts the received user equipment identity, and sends the decrypted user equipment identity to UDM (Unified Data Management (Unified Data Management Network Element), after receiving the decrypted user equipment identity, the UDM will verify the binding relationship between the user identity and the user equipment identity, and if the verification fails, it will refuse the registration of the user equipment.
  • UDM Unified Data Management (Unified Data Management Network Element
  • the present application provides a method and device for verifying a user equipment identity in an authentication process.
  • the user identity and the user equipment identity are sent to a unified data management network element through a registration request message; wherein the user equipment The identity is obtained by encryption based on the public key of the home network; the unified data management network element obtains a target user equipment identity that matches the user identity; and determines whether the received user equipment identity and the obtained target user equipment identity match.
  • the binding relationship between the user identifier and the user equipment identifier can be verified during the process of registering the network with the user equipment, thereby completing the binding relationship between the user identifier and the user equipment identifier with minimal signaling interaction. verification.
  • the present application provides a method for verifying a user equipment identity during an authentication process.
  • the method includes: the unified data management network element receives an authentication vector message obtained by an authentication server, and the user equipment authentication request message includes A user identifier and a user equipment identifier; the unified data management network element obtains a target user equipment identifier that matches the user identifier; the unified data management network element determines whether the received user equipment identifier and the obtained target user equipment identifier are match.
  • the above-mentioned authentication vector obtaining message may also be replaced with an authentication result confirmation message.
  • the registration request message includes a user identifier and a user equipment identifier;
  • the user identifier may be a SUCI (subscription, concealed identity, user hidden identifier) or 5G-GUTI (5G -global unique identity (5G global unique temporary identity), the user equipment identity is PEI (permanent equipment identity), IMEI (international mobile equipment identity), or IMEISV (international mobile equipment identity) and software version, International Mobile Station Equipment Identification and Software Version).
  • the method further includes: the unified data management network element UDM determines whether to check based on user subscription data A binding relationship between the user identifier and the user equipment identifier, wherein the user contract data is obtained according to the user identifier; it can be understood that when it is determined that the user identifier and the user equipment identifier need to be checked In the binding relationship, the unified data management network element obtains a target user equipment identifier that matches the user identifier.
  • the user identification and the user equipment identification in the user equipment authentication request message are encrypted.
  • the user equipment encrypts the foregoing two parameters, for example, encrypts the foregoing two parameters by using a public key of a home network, and then carries the foregoing two parameters in a registration request message.
  • the access and mobility management network element AMF After receiving the registration request message from the user equipment, the access and mobility management network element AMF sends the last parameter in it to the authentication server AUSF, and then the AUSF sends the above two parameters to the UDM.
  • the method further includes: The data management network element uses a preset home network public key to decrypt the user equipment identifier; the unified data management network element judges the received user equipment identifier and the obtained target user equipment identifier include: the unified data management The network element determines whether the decrypted user equipment identifier and the obtained target user equipment identifier match.
  • the unified data management network element determines whether the decrypted user equipment identifier and the obtained target user equipment identifier match, it will perform feedback according to the matching result. Specifically, if the decrypted user equipment identifier and the obtained target user equipment identifier match, the unified data management network element sends a first authentication result response message to the authentication server; if the decrypted user equipment identifier and the obtained The target user equipment identifier does not match, the unified data management network element sends a second authentication result response message to the authentication server, and the second result response message is used to indicate a binding relationship between the user equipment identifier and the user identifier verification failed.
  • the UDM needs to determine whether the binding relationship between the user identifier and the user equipment identifier needs to be verified according to the user identifier. The binding relationship between the user identity and the user equipment identity needs to be verified.
  • the UDM sends a user equipment identity acquisition request to the AUSF.
  • the AUSF will feedback the request to the AMF, and the AMF instructs the user equipment to upload the user equipment identity according to the request, and the AMF receives
  • the user equipment identity is sent to the UDM through AUSF.
  • the UDM After the UDM receives the user equipment identity sent by the AUSF, it verifies the binding relationship between the user identity and the user equipment identity. Of course, if the user equipment identity is in an encrypted state, it needs to be decrypted first, and then the binding relationship is verified.
  • the UDM needs to determine whether the binding relationship between the user identifier and the user equipment identifier needs to be verified according to the user identifier.
  • the binding relationship between the user identity and the user equipment identity needs to be verified, and the UDM sends a user equipment identity acquisition request to the AUSF.
  • the user equipment identity acquisition request includes the target user equipment in addition to the indication identity. logo.
  • the indication identifier is used to instruct AUSF to obtain the user equipment identifier, and the target user equipment identifier is obtained by the UDM according to the user identifier.
  • the AUSF After the AUSF obtains the user equipment identifier uploaded by the user equipment UE according to the user equipment identifier acquisition request, the AUSF compares whether the user equipment identifier uploaded by the UE matches the target user equipment identifier. It should be noted that the process of comparing whether the user equipment identifier uploaded by the UE matches the target user equipment identifier is a process of verifying the binding relationship between the user identifier and the user equipment identifier. In addition, the process in which the AUSF obtains the user equipment identity uploaded by the user equipment has been described previously, and is not repeated here.
  • the second aspect of the present invention discloses a method for verifying a user equipment identity during an authentication process, the method includes: the user equipment encrypts the user identity and the user equipment identity; and the user equipment sends the access and mobility management network element A registration request message, the registration request message includes an encrypted user identifier and an encrypted user equipment identifier.
  • the user identifier is a user hidden identifier SUCI or a 5G global unique temporary identifier 5G-GUTI
  • the user equipment identifier is a permanent device identifier PEI or an international mobile device identifier IMEI or an international mobile station device identifier and a software version IMEISV.
  • the user equipment uses a preset home network public key to encrypt the user equipment identity.
  • the user equipment may also use a preset home network public key to encrypt the user identity. It can be understood that the preset public key of the home network is pre-stored on the user equipment.
  • the AMF sends the above two parameters to the AUSF
  • the AUSF sends the above two parameters to the UDM
  • the UDM sends an instruction message to the user equipment according to the verification result.
  • the user equipment receives a registration rejection message sent by the mobile and management network element, where the registration rejection message is used to indicate that the binding relationship verification between the user equipment identifier and the user equipment identifier fails.
  • the above method may be replaced by: the user equipment encrypts the user identity; a registration request message sent by the user equipment to the access and mobility management network element AMF, and the registration request message includes the encrypted user Identification; the user equipment receives an authentication request message or a user equipment identification acquisition message sent by the AMF; the user equipment sends an encrypted user equipment identification to the AMF.
  • the third aspect of the present invention discloses a device or a network element (the device is a unified data network element UDM), and the device or network element may be used to execute the method described in the first aspect.
  • the device includes:
  • a receiving unit configured to receive a user equipment authentication request message sent by an authentication server, where the user equipment authentication request message includes a user identifier and a user equipment identifier;
  • An obtaining unit configured to obtain a target user equipment identifier that matches the user identifier
  • the judging unit is configured to judge whether the received user equipment identifier and the obtained target user equipment identifier match.
  • the user identifier is a user hidden identifier SUCI or a 5G global unique temporary identifier 5G-GUTI
  • the user equipment identifier is a permanent device identifier PEI or an international mobile device identifier IMEI or an international mobile station device identifier and software. Version IMEISV.
  • the user equipment request message may be an authentication vector obtaining message or an authentication result confirmation message.
  • the unified data management network element further includes a determining unit
  • the determining unit is configured to determine whether to check a binding relationship between the user identifier and the user equipment identifier according to user subscription data, where the user subscription data is obtained according to the user identifier;
  • the obtaining unit is configured to, when it is determined that the binding relationship between the user identifier and the user equipment identifier needs to be checked, the unified data management network element obtains a target user equipment identifier that matches the user identifier.
  • the user equipment identifier in the authentication request message is in an encrypted state;
  • the network element further includes a decryption unit;
  • the decryption unit is configured to decrypt the user equipment identity by using a preset home network public key
  • the determining unit is configured to determine whether the decrypted user equipment identifier and the obtained target user equipment identifier match.
  • the network element further includes a first sending unit
  • the first sending unit is configured to send a first authentication result response message to the authentication server if the decrypted user equipment identifier and the obtained target user equipment identifier match.
  • the network element further includes a second sending unit
  • the second sending unit is configured to send a second authentication result response message to the authentication server if the decrypted user equipment identifier and the obtained target user equipment identifier do not match, and the second result response message is used to indicate The verification of the binding relationship between the user equipment identifier and the user identifier failed.
  • a fourth aspect of the present invention discloses an apparatus (the apparatus is user equipment UE), and the apparatus may be configured to execute the method described in the second aspect.
  • the device includes: an encryption unit for encrypting a user identity and a user equipment identity; and a sending unit for a registration request message sent to an access and mobility management network element, where the registration request message includes encryption User ID and encrypted user device ID.
  • the user equipment further includes a receiving unit; the receiving unit is configured to receive a registration rejection message sent by the mobile and management network element, and the registration rejection message is used to indicate the user equipment identifier and the User device identity binding relationship verification failed.
  • the encryption unit is configured to encrypt the user equipment identity by using a preset home network public key.
  • the user identifier is the user hidden identifier SUCI or the 5G global unique temporary identifier 5G-GUTI
  • the user equipment identifier is a permanent device identifier PEI or an international mobile device identifier IMEI or an international mobile station device identifier and software version. IMEISV.
  • the present application provides a network element including a memory, a processor, a transceiver, and a computer program stored on the memory and executable on the processor.
  • a network element including a memory, a processor, a transceiver, and a computer program stored on the memory and executable on the processor.
  • the present application provides a user equipment.
  • the network element includes a memory, a processor, a transceiver, and a computer program stored on the memory and executable on the processor.
  • the computer program in the memory is executed,
  • the transceiver and the processor execute the method in the second aspect or any possible implementation manner of the second aspect.
  • the present application provides a computer-readable medium for storing a computer program, the computer program including instructions for performing the first aspect or a method in any possible implementation manner of the first aspect.
  • the present application provides a computer-readable medium for storing a computer program, the computer program including instructions for performing the second aspect or a method in any possible implementation manner of the second aspect.
  • the present application provides a computer program product containing instructions that, when run on a computer, causes the computer to perform the above-mentioned first aspect or the method in any possible implementation manner of the first aspect.
  • the present application provides a computer program product containing instructions that, when run on a computer, causes the computer to execute the method of the second aspect or any possible implementation manner of the second aspect.
  • the present application provides a chip, including: an input interface, an output interface, at least one processor, and a memory, and the input interface, the output interface, the processor, and the memory are connected by a bus,
  • the processor is configured to execute code in the memory, and when the code is executed, the processor is configured to execute the foregoing first aspect or a method in any possible implementation manner of the first aspect.
  • the present application provides a chip including: an input interface, an output interface, at least one processor, and a memory, and the input interface, the output interface, the processor, and the memory are connected by a bus,
  • the processor is configured to execute code in the memory, and when the code is executed, the processor is configured to execute the foregoing second aspect or a method in any possible implementation manner of the second aspect.
  • the UE carries a user identifier and a user equipment identifier when sending a registration request message, wherein the user equipment identifier is encrypted by a public key of a home network; a unified data management network element Acquiring a target user equipment identifier that matches the user identifier; and determining whether the received user equipment identifier and the acquired target user equipment identifier match.
  • the binding relationship between the user identifier and the user equipment identifier can be verified during the process of registering the network with the user equipment, thereby completing the binding relationship between the user identifier and the user equipment identifier with minimal signaling interaction. verification.
  • FIG. 1 is a 5G roaming architecture diagram provided by an embodiment of the present application.
  • FIG. 2 is a schematic flowchart of a method for verifying a user equipment identity during an authentication process according to an embodiment of the present application
  • 2a is a schematic flowchart of another method for verifying a user equipment identity in an authentication process according to an embodiment of the present application
  • FIG. 3 is a schematic flowchart of another method for verifying a user equipment identity in an authentication process according to an embodiment of the present application
  • 3a is a schematic flowchart of another method for verifying a user equipment identity in an authentication process according to an embodiment of the present application
  • 3b is a schematic flowchart of another method for verifying a user equipment identity in an authentication process according to an embodiment of the present application
  • FIG. 4 is a logical structural diagram of a network element for unified data management according to an embodiment of the present application.
  • FIG. 5 is a logical structural diagram of a network element of a user equipment according to an embodiment of the present application.
  • FIG. 6 is a physical structure diagram of a device according to an embodiment of the present application.
  • FIG. 1 shows a schematic block diagram of a 5G architecture provided by an embodiment of the present application.
  • the network architecture is based on services, and a variety of different types of network function modules are obtained.
  • the network function modules interact with each other in the form of network function service calls through service-oriented interfaces.
  • the network function module in the embodiment of the present application has specific functions and network interfaces, and may be a network element on dedicated hardware, a software instance running on dedicated hardware, or a related platform (such as a cloud infrastructure Examples of virtual functions on) are not limited in this embodiment of the present application.
  • Radio access network responsible for user equipment (UE) access. It can be understood that, in the actual description process, RAN can also be abbreviated as AN.
  • the UE in this embodiment of the present application may be mobile or fixed.
  • the UE may refer to an access terminal, terminal device, mobile terminal, user unit, user station, mobile station, mobile station, remote station, remote terminal.
  • the access terminal can be a cellular phone, a cordless phone, a session initiation protocol (SIP) phone, a wireless local loop (WLL) station, a personal digital processing (PDA), and wireless communication.
  • 5G 5th generation
  • NR new wireless
  • Access and mobility management function (AMF) module responsible for functions similar to mobility management in existing mobile management entities (MME), for controlling UE access to network resources And manage the movement of the UE.
  • MME mobile management entities
  • the AMF module and the RAN module communicate with each other to process the access network control plane, where N2 is not a service-oriented interface.
  • AUSF Authentication server function
  • Session management function session management function, SMF
  • SMF session management function
  • Network open function (NEF) module responsible for providing network function services in the core network to external network entity services securely, as well as internal and external network information conversion.
  • Network function module refers to a network element that can provide network services, such as AUSF, AMF, or UDM.
  • Network function database function (NRF) module responsible for service discovery and other functions.
  • NRF Network function database function
  • the full English name of the network function database can also be NF repository function.
  • PCF Policy control function
  • Unified data management (UDM) module including front end (FE) and user database (user data repository).
  • FE front end
  • UDR user subscription data storage server
  • Application function (AF) module provides application services.
  • UPF User Plane Function
  • SEPP Security Edge Protection Proxy
  • UDM can be understood as UDM network element or UDM function network element
  • NRF can be understood as NRF network element or NRF function network element.
  • the AMF module has a service interface NAMF
  • the SMF module has a service interface NSMF
  • the AUSF module has a service interface NAUSF
  • the NEF module has a service interface NNEF
  • the NRF module has a service interface NNRF
  • the PCF module has Service-oriented interface NPCF
  • UDM module has service-oriented interface NUDM
  • AF module has service-oriented interface NAF.
  • the present invention provides a solution. While performing identity authentication on the user equipment, the binding relationship between the user identifier and the user-identified device identifier is also verified, thereby It avoids a situation in which signaling resources are wasted when the binding relationship between the user identifier and the user-identified device identifier is verified in the prior art.
  • the user equipment encrypts the user equipment identity, and sends the encrypted user equipment identity through a registration request message.
  • FIG. 2 shows a schematic flowchart of a method for verifying a user equipment identity during an authentication process according to an embodiment of the present application.
  • the method may be applied to a network architecture as shown in FIG. 1.
  • the method includes:
  • the user equipment sends a Registration Request message to the AMF.
  • the registration request message includes a user identifier and a user equipment identifier;
  • the user identifier may be a SUCI (subscription, concealed identity, user hidden identifier) or 5G-GUTI (5G-global unique unique temperament) identity, 5G global unique temporary identity), the user equipment identity is PEI (permanent equipment identity) or IMEI (international mobile equipment identity), or IMEISV (international mobile equipment identity and software software version), International Mobile Station Equipment Identification and Software Version).
  • the user equipment determines whether to report the user equipment identity according to a pre-configuration or a situation where it needs to access a specific slice. If it is determined that the user equipment identity needs to be reported, the user equipment identity is encrypted, and the encrypted user equipment identity is carried in the registration request message. For example, the user equipment may use a preset home network public key to encrypt the user equipment identity.
  • the user identifier in the registration request message is also in an encrypted state.
  • the user equipment uses a preset home network public key to encrypt the user identifier.
  • the registration request message will trigger the network side to authenticate the user equipment.
  • the user identity is instantiated as SUCI or SUPI
  • the user equipment identity is instantiated as PEI.
  • the AMF sends a first authentication request message to the AUSF.
  • the AMF after receiving the registration request message sent by the user equipment, in response to the registration request message, the AMF sends a first authentication request message to the AUSF, where the authentication request message carries the user identifier and The user equipment identity.
  • the AMF can call the Nausf_UEAuthentication_AuthenticateRequest service of the AUSF, and send the user identifier and the user equipment identifier to the AUSF through the service;
  • the AUSF sends a second authentication request message to the UDM.
  • the AUSF after the AUSF receives the authentication request message sent by the AMF, in response to the first authentication request message, the AUSF sends a second authentication request message to the UDM, where the authentication request message carries the user identifier. And the user equipment identification.
  • the second authentication request message may be an authentication vector obtaining message or an authentication result confirmation message.
  • the AUSF invokes the Nudm_UEAuthentication_GetRequest service of the UDM, and passes the user identity and the user equipment identity through the service.
  • the UDM obtains a target user equipment identifier that matches the user identifier.
  • the UDM in response to the authentication request message sent by the AUSF, processes the parameters in the second authentication request message.
  • the UDM parses the second authentication request message, if a user equipment identifier exists, the UDM obtains a target user equipment identifier that matches the user identifier.
  • the UDM parses the authentication request message, if a user identifier and a user equipment identifier exist, the UDM obtains a target user equipment identifier that matches the user identifier.
  • the UDM obtains the user's subscription information according to the user identifier, and determines whether to check the binding relationship between the user identifier and the user equipment identifier according to the user's contract information.
  • the UDM obtains a target user equipment identifier that matches the user identifier. For example, if the authentication request message sent by the AUSF carries SUCI, the UDM will decrypt the SUCI according to the pre-stored private key to obtain SUPI, and obtain the user's subscription information according to SUPI.
  • the received user equipment identity is in an encrypted state.
  • UDM will use the pre-stored private key pair to receive the received The user equipment identity is decrypted to obtain the decrypted user equipment identity. After that, the UDM judges whether the decrypted user equipment identity matches the obtained user equipment identity.
  • the UDM sends a first authentication result response message to the AUSF.
  • the UDM sends a second authentication result response message to the AUSF, and the second result response message is used to indicate the user The verification of the binding relationship between the device ID and the user ID failed.
  • the UDM if the comparison fails, the UDM returns a specific reason value to the AUSF (the reason value is used to indicate that the binding relationship verification fails or the user equipment identifier does not match), and the AUSF returns the reason value to the AMF
  • the AMF returns a registration rejection message to the user equipment, and carries the specific cause value.
  • the user equipment receives a registration rejection message sent by the mobile and management network element, where the registration rejection message is used to indicate that the binding relationship verification between the user equipment identifier and the user equipment identifier fails.
  • the UDM feedbacks the result to the AUSF through a response message of Nudm_UEAuthentication_Get; the AUSF returns the result to the AMF through a response message of Nausf_UEAuthentication_Authenticate
  • the AMF feeds back the result to the UE through a Registration / Reject message.
  • the UE carries a user identifier and a user equipment identifier when sending a registration request message, so that the network side authenticates the UE and simultaneously performs the user identifier and the user equipment of the UE.
  • the identified binding relationship is verified, thereby avoiding a situation where signalling may be wasted during the subsequent verification of the binding relationship between the user identity of the UE and the user equipment identity.
  • step S105 may be replaced with the following steps S106-S107;
  • the UDM sends the obtained target user equipment identifier to the AUSF.
  • the UDM sends a target user equipment identifier to the AUSF through a Nudm_UEAuthentication_GetResponse message.
  • the AUSF compares whether the received user equipment identifier and the target user equipment identifier match.
  • the AUSF when the AUSF detects that the Nudm_UEAuthentication_GetResponse message carries the target user equipment identity, it will trigger S107.
  • the user equipment identity received by AUSF refers to the user equipment identity sent by AMF to AUSF. Before comparing whether the received user equipment identity matches the target user equipment identity, AUSF needs to perform the user equipment identity sent by AMF. Decrypt. The decrypted user equipment identity is then matched with the target user equipment identity.
  • FIG. 3 shows a schematic flowchart of a method for verifying a user equipment identity during an authentication process according to an embodiment of the present application.
  • the method can be applied to the network architecture shown in FIG.
  • the method includes:
  • the user equipment sends a registration request message to the AMF.
  • the user equipment UE initiates a Registration Request message to the AMF, and the message carries a user identifier, where the user identifier may be SUCI or 5G-GUTI.
  • the user equipment may decide whether to report the user equipment identifier according to the pre-configuration or the situation where the slice needs to be accessed (such as the slice for the car networking). If it is determined that the user equipment identifier needs to be reported, the user equipment identifier is Encrypt, and include the encrypted user equipment identity in the registration request message. It can be understood that if the user equipment identity is included in the registration request message, the UDM does not need to send a user equipment identity acquisition request in the future, and the UDM can directly authenticate the user based on the user identity and the user equipment identity transmitted through the AUSF. And a binding relationship indicated by the identifier and the user equipment.
  • the AMF sends a first authentication request message to the AUSF.
  • the AMF in response to the registration request message sent by the user equipment, invokes the Nausf_UEAuthentication_AuthenticateRequest service of the AUSF, and passes the user identity to the AUSF through the service. It can be understood that the AMF also transmits the operator network name to the AUSF through the service message.
  • the AMF obtains the SUPI corresponding to the 5G-GUTI according to the correspondence between the 5G-GUTI and the SUPI, and sends the SUPI to the AUSF.
  • the AUSF sends a second authentication request message to the UDM.
  • the second authentication request message may be an authentication vector message or an authentication result confirmation message.
  • the AUSF in response to the authentication request message sent by the AMF, invokes the Nudm_UEAuthentication_GetRequest service of the UDM to pass the user identity to the UDM through the service;
  • the UDM decrypts the SUCI according to a pre-made private key to obtain SUPI.
  • the UDM determines the user's user subscription information according to the SUPI; and determines whether to check the correspondence between the user equipment identifier and the user identifier according to the user's subscription information. Does not carry the user equipment identity in the authentication request message, the UDM needs to instruct the UE to upload the user equipment identity.
  • the UDM sends a user equipment identity acquisition request message to the AUSF.
  • the UDM may send the request message separately, or the identifier (for example, the indication identifier) of the acquisition request may be placed in other messages.
  • the UDM returns a Nudm_UEAuthentication_GetResponse message to the AUSF.
  • An indication identifier is carried in the message, and the indication identifier is used to instruct the UE to upload a user equipment identifier.
  • the UDM returns a Nudm_UEAuthentication_GetResponse message to the AUSF;
  • the Nudm_UEAuthentication_GetResponse message includes an indication identifier PEI-ind, which is used to instruct the UE to upload a user equipment identifier.
  • the Nudm_UEAuthentication_GetResponse message also includes an authentication vector AV, which is used to authenticate the user equipment.
  • the UDM returns a Nudm_UEAuthentication_GetResponse message to the AUSF; the Nudm_UEAuthentication_GetResponse message includes an authentication vector.
  • the UDM adds an indication identifier to the authentication vector, and the indication identifier is used to instruct the user equipment to upload the user equipment identifier.
  • the UDM may use a bit of the AMF (authentication management field) in the authentication token (AUTN) to request user equipment identification, where the AMF is included in the authentication vector. If the UE passes the network authentication and determines that the bit ratio of the AMF is set to a preset value, the UE sends a user equipment identity to the AMF.
  • AMF authentication management field
  • the AUSF sends a user equipment identity acquisition request message to the AMF.
  • this indication identifier is transparently transmitted, and the indication identifier is used to request the user equipment identifier.
  • the user equipment identifier previously obtained on the AMF, the user equipment identifier is directly sent to the AUSF, and then the AUSF forwards the user equipment identifier to the UDM; if the user equipment is not previously obtained on the AMF Identification, the AMF initiates an Identity Request (Identity Request) message to the user equipment according to the user equipment identification request message.
  • Identity Request Identity Request
  • the user equipment sends the user equipment identifier to the UDM, and the UDM verifies the binding relationship between the user identifier and the user equipment identifier.
  • the UE sends the user equipment identity to the UDM through the AMF and the AUSF.
  • the user equipment in response to the identity request message, the user equipment sends an identity response (Identity Response) message to the AMF.
  • the identity response message carries a user equipment identifier.
  • the UE in order to prevent the leakage of the user equipment identity, the UE encrypts the user equipment identity.
  • the user equipment identity is encrypted by using the public key of the home network.
  • the user equipment identity can also be encrypted by other mechanisms, which is not limited here.
  • the AMF sends the user equipment identity to the AUSF; it should be noted that, as shown in FIG. 3a, the AMF can call the Nausf_UEAuthentication_AuthenticateRequest service of the AUSF, and send the user equipment identity to the AUSF through the service.
  • the AUSF sends the user equipment identity to the UDM.
  • the AUSF calls the Nudm_UEAuthentication_ResultConfirmation service of the UDM, and sends the user equipment identity to the UDM through the service message.
  • the UDM receives the user equipment identifier sent by AUSF in an encrypted state. Therefore, the user equipment identifier needs to be decrypted to obtain the decrypted user equipment identifier. Furthermore, the UDM obtains the target corresponding to the user identifier. User equipment identity. If the decrypted user equipment identity matches the target user equipment identity, the verification is successful. For steps after successful verification, refer to the embodiment described in FIG. 2.
  • the UE carries a user identifier when sending a registration request message, and the network side obtains user subscription information according to the user identifier. Relationship, a user equipment identity acquisition request is sent to the UE. After the user equipment identity is obtained, the binding relationship between the user identity of the UE and the user equipment identity is verified, thereby avoiding subsequent user identity and user equipment identity of the UE. Signaling waste may occur during the binding relationship verification process.
  • a derivative embodiment may be generated, as shown in FIG. 3b.
  • the UDM may instruct the AUSF to verify the binding relationship between the user identity and the user equipment identity.
  • the UDM may carry the target user equipment identity in the user equipment identity request message; so that the AUSF verifies the binding relationship between the user identity and the user equipment identity after receiving the user equipment identity sent by the user;
  • the verification process refer to S209.
  • FIG. 2 describes in detail the method for verifying the user equipment identity during the authentication process provided by the embodiment of the present application.
  • the following describes the method for verifying the user equipment identity during the authentication process provided by the embodiment of the present application with reference to FIGS.
  • Device the device shown in FIG. 4 to FIG. 5 may execute the method described in the foregoing method embodiment.
  • FIG. 4 shows a unified data management network element (which has been exemplified in the above embodiment), and FIG. 5 shows user equipment.
  • the device (uniform data management network element UDM) 300 includes:
  • the receiving unit 301 is configured to receive a user equipment authentication request message sent by an authentication server, where the user equipment authentication request message includes a user identifier and a user equipment identifier;
  • the user equipment authentication request message may be an authentication vector obtaining message or an authentication result confirmation message.
  • An obtaining unit 302 configured to obtain a target user equipment identifier that matches the user identifier
  • the determining unit 303 is configured to determine whether the received user equipment identifier and the obtained target user equipment identifier match.
  • the user identifier is a user hidden identifier SUCI or a 5G global unique temporary identifier 5G-GUTI
  • the user equipment identifier is a permanent device identifier PEI or an international mobile device identifier IMEI or an international mobile station device identifier and software. Version IMEISV.
  • the unified data management network element 300 further includes a determining unit 304.
  • a determining unit 304 configured to determine whether to check a binding relationship between the user identifier and the user equipment identifier according to user subscription data, where the user subscription data is obtained according to the user identifier;
  • the obtaining unit 302 is configured to, when it is determined that the binding relationship between the user identifier and the user equipment identifier needs to be checked, the unified data management network element obtains a target user equipment identifier that matches the user identifier.
  • the user equipment identifier in the authentication request message is in an encrypted state;
  • the UDM300 further includes a decryption unit 305;
  • the decryption unit 305 is configured to decrypt the user equipment identifier by using a preset home network public key;
  • the judging unit 303 is configured to judge whether the decrypted user equipment identifier and the obtained target user equipment identifier match.
  • the UDM 300 further includes a first sending unit 306.
  • the first sending unit 306 is configured to send a first authentication result response message to the authentication server if the decrypted user equipment identifier matches the obtained target user equipment identifier.
  • the UDM300 further includes a second sending unit 307.
  • a second sending unit 307 configured to send a second authentication result response message to the authentication server if the decrypted user equipment identifier and the obtained target user equipment identifier do not match, and the second result response message is used to indicate The verification of the binding relationship between the user equipment identifier and the user identifier fails.
  • the user equipment 400 includes:
  • An encryption unit 401 configured to encrypt a user identifier and a user equipment identifier
  • the sending unit 402 is configured to send a registration request message to the access and mobility management network element, where the registration request message includes an encrypted user identifier and an encrypted user equipment identifier.
  • the user equipment 400 further includes a receiving unit 403;
  • the receiving unit 403 is configured to receive a registration rejection message sent by the mobile and management network element, where the registration rejection message is used to indicate that the binding relationship verification between the user equipment identifier and the user equipment identifier fails.
  • the encryption unit 401 is configured to encrypt the user equipment identity by using a preset home network public key.
  • the user identifier is a user hidden identifier SUCI or a 5G global unique temporary identifier 5G-GUTI
  • the user equipment identifier is a permanent device identifier PEI or an international mobile device identifier IMEI or an international mobile station device identifier and a software version IMEISV.
  • the devices 300 and 400 here are embodied in the form of functional units.
  • the term "unit” herein may refer to an application-specific integrated circuit (ASIC), an electronic circuit, a processor (such as a shared processor, a proprietary processor, or a group of processors) for executing one or more software or firmware programs. Processors, etc.) and memory, merge logic, and / or other suitable components that support the functions described.
  • ASIC application-specific integrated circuit
  • processor such as a shared processor, a proprietary processor, or a group of processors
  • memory merge logic, and / or other suitable components that support the functions described.
  • the device 300 may specifically be the UDM shown in FIG. 2 described above, and the device 300 may be used to execute the processes and / or steps performed by the UDM in FIG. 2 as the main body, in order to avoid Repeat, not repeat them here.
  • the apparatus 400 may specifically be the user equipment UE shown in FIG. 2 described above, and the apparatus 400 may be used to execute the processes and / or steps performed by the UE in FIG. 2 as the main body, To avoid repetition, we will not repeat them here.
  • the logic units shown in FIGS. 4 to 5 can be implemented according to the hardware architecture shown in FIG. 6.
  • the hardware device shown in FIG. 6 may include a processor 610, a transceiver 620, and a memory 630.
  • the processor 610, the transceiver 620, and the memory 630 communicate with each other through an internal connection path.
  • the related functions implemented by the processing unit, the obtaining unit, and the determining unit in FIG. 4 may be implemented by the processor 610, and the related functions implemented by the receiving unit and the sending unit may be implemented by the processor 610 controlling the transceiver 620.
  • the related functions implemented by the processing unit and the acquisition unit in FIG. 5 may be implemented by the processor 610, and the related functions implemented by the receiving unit and the transmitting unit may be implemented by the processor 610 controlling the transceiver 620.
  • the processor 610 may include one or more processors, for example, one or more central processing units (CPUs).
  • CPUs central processing units
  • the processor may be a single-core CPU, or Can be a multi-core CPU.
  • the transceiver 620 is used to send and receive data and / or signals, and to receive data and / or signals.
  • the transceiver may include a transmitter and a receiver, the transmitter is used to send data and / or signals, and the receiver is used to receive data and / or signals.
  • the memory 630 includes, but is not limited to, random access memory (RAM), read-only memory (ROM), erasable programmable memory (EPROM), read-only memory A compact disc (compact disc-read-only memory, CD-ROM).
  • RAM random access memory
  • ROM read-only memory
  • EPROM erasable programmable memory
  • read-only memory A compact disc (compact disc-read-only memory, CD-ROM).
  • CD-ROM compact disc-read-only memory
  • the memory 630 is configured to store the program code and data of the authorization module, and may be a separate device or integrated in the processor 610.
  • the device 600 may be a chip, which may be a field programmable gate array that implements related functions, a dedicated integrated chip, a system chip, a central processing unit, a network processor, a digital signal processing circuit, and a micro-controller. Controller, you can also use a programmable controller or other integrated chips.
  • the chip may optionally include one or more memories for storing program code, and when the code is executed, the processor implements a corresponding function.
  • FIG. 6 the structures of the devices involved in FIGS. 4 to 5 can all be shown in FIG. 6 and include components such as a processor, a transceiver, and a memory.
  • the memory stores program code. When executed, each network element performs the function shown in FIG. 2.
  • the physical architecture of the user equipment, the mobile and management access network element, the authentication server, and the unified data management network element involved in FIG. 2 or FIG. 3 can refer to the architecture shown in FIG. 6.
  • the computer program product includes one or more computer instructions.
  • the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices.
  • the computer instructions may be stored in a computer-readable storage medium or transmitted through the computer-readable storage medium.
  • the computer instructions may be transmitted from a website site, computer, server, or data center through wired (for example, coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (for example, infrared, wireless, microwave, etc.) Another website site, computer, server, or data center for transmission.
  • the computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, a data center, and the like that includes one or more available medium integration.
  • the available medium may be a magnetic medium (for example, a floppy disk, a hard disk, a magnetic tape), an optical medium (for example, a digital versatile disc (DVD)), or a semiconductor medium (for example, an SSD).
  • the processes may be completed by a computer program instructing related hardware.
  • the program may be stored in a computer-readable storage medium.
  • When the program is executed, Can include the processes of the method embodiments described above.
  • the foregoing storage medium includes various media that can store program codes, such as a ROM or a RAM, a magnetic disk, or an optical disc.
  • the disclosed systems, devices, and methods may be implemented in other ways.
  • the device embodiments described above are only schematic.
  • the division of the unit is only a logical function division.
  • multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, which may be electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objective of the solution of this embodiment.
  • the functional units in the embodiments of the present application may be integrated into one processing unit, or each of the units may exist separately physically, or two or more units may be integrated into one unit.
  • the functions are implemented in the form of software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium.
  • the technical solution of this application is essentially a part that contributes to the existing technology or a part of the technical solution can be embodied in the form of a software product.
  • the computer software product is stored in a storage medium, including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method described in the embodiments of the present application.
  • the foregoing storage medium includes various media that can store program codes, such as a U disk, a mobile hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé et un appareil permettant de vérifier un identifiant d'équipement utilisateur dans un processus d'authentification. Le procédé consiste : dans un processus d'enregistrement de réseau d'un équipement utilisateur, à envoyer un identifiant d'utilisateur et un identifiant d'équipement utilisateur à un élément de réseau de gestion de données unifiée au moyen d'un message de demande d'enregistrement, l'identifiant d'équipement utilisateur étant chiffré au moyen d'une clé publique d'un réseau domestique ; l'élément de réseau de gestion de données unifiée obtient un identifiant d'équipement utilisateur cible correspondant à l'identifiant d'utilisateur ; et à déterminer si l'identifiant d'équipement utilisateur reçu correspond à l'identifiant d'équipement utilisateur cible obtenu. Selon la solution technique fournie par la présente invention, une relation de liaison entre un identifiant d'utilisateur et un identifiant d'équipement utilisateur est vérifiée dans un processus d'enregistrement de réseau de l'équipement utilisateur, de sorte que la vérification de la relation de liaison entre l'identifiant d'utilisateur et l'identifiant d'équipement utilisateur est obtenue au moyen d'une interaction de signalisation minimale.
PCT/CN2019/094727 2018-08-03 2019-07-04 Procédé et appareil permettant de vérifier un identifiant d'équipement utilisateur dans un processus d'authentification WO2020024764A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810877868.8A CN110798833B (zh) 2018-08-03 2018-08-03 一种鉴权过程中验证用户设备标识的方法及装置
CN201810877868.8 2018-08-03

Publications (1)

Publication Number Publication Date
WO2020024764A1 true WO2020024764A1 (fr) 2020-02-06

Family

ID=69230573

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/094727 WO2020024764A1 (fr) 2018-08-03 2019-07-04 Procédé et appareil permettant de vérifier un identifiant d'équipement utilisateur dans un processus d'authentification

Country Status (2)

Country Link
CN (1) CN110798833B (fr)
WO (1) WO2020024764A1 (fr)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112866979A (zh) * 2020-12-31 2021-05-28 恒安嘉新(北京)科技股份公司 基于5g服务化接口的用户信息关联方法、装置、设备和介质
CN113556743A (zh) * 2020-04-26 2021-10-26 中国电信股份有限公司 用户授权管理方法和系统、统一数据管理装置和用户终端
CN114205072A (zh) * 2020-08-27 2022-03-18 华为技术有限公司 认证方法、装置及系统
CN114553592A (zh) * 2022-03-23 2022-05-27 深圳市美科星通信技术有限公司 一种设备身份验证的方法、设备及存储介质
CN114630312A (zh) * 2021-04-23 2022-06-14 亚信科技(中国)有限公司 用户组信息确定方法、装置及电子设备
CN114640992A (zh) * 2020-11-30 2022-06-17 华为技术有限公司 更新用户身份标识的方法和装置
US20220295272A1 (en) * 2020-04-28 2022-09-15 Zte Corporation Authentication server function selection in an authentication and key agreement
WO2023246942A1 (fr) * 2022-06-25 2023-12-28 华为技术有限公司 Procédé et appareil de communication

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021168829A1 (fr) * 2020-02-28 2021-09-02 华为技术有限公司 Procédé de vérification d'identifiant d'utilisateur et dispositif associé
CN113411284B (zh) * 2020-03-16 2023-10-10 腾讯科技(深圳)有限公司 账号绑定方法、装置、计算机设备和存储介质
CN111638997A (zh) * 2020-05-28 2020-09-08 中国联合网络通信集团有限公司 数据恢复方法、装置及网络设备
CN111741467B (zh) * 2020-06-19 2023-04-18 中国联合网络通信集团有限公司 一种鉴权方法及装置
CN114727285B (zh) * 2021-01-04 2024-05-14 中国移动通信有限公司研究院 一种鉴权方法、鉴权网元及安全锚点实体
CN117178573A (zh) * 2021-04-19 2023-12-05 华为技术有限公司 服务访问方法及装置
CN113449286B (zh) * 2021-07-08 2024-03-26 深圳职业技术学院 安全校验ue发送的s-nssai的方法及系统、设备
CN114189929B (zh) * 2021-12-15 2023-07-18 Tcl通讯科技(成都)有限公司 网络注册方法、装置、设备及计算机可读存储介质
CN114374942B (zh) * 2021-12-29 2024-05-28 天翼物联科技有限公司 基于机卡绑定的业务处理方法、系统、装置和存储介质
CN114339755A (zh) * 2021-12-31 2022-04-12 中国电信股份有限公司 注册验证方法及装置、电子设备和计算机可读存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685739A (zh) * 2011-12-08 2012-09-19 北京高森明晨信息科技有限公司 安卓企业应用的鉴权方法及系统
CN102984689A (zh) * 2012-11-21 2013-03-20 东莞宇龙通信科技有限公司 移动终端的验证系统和方法
CN104468464A (zh) * 2013-09-12 2015-03-25 深圳市腾讯计算机系统有限公司 验证方法、装置和系统
CN107666498A (zh) * 2016-07-27 2018-02-06 比亚迪股份有限公司 车载模块的更新方法、装置、云端服务器、系统和车辆
CN108323245A (zh) * 2017-06-19 2018-07-24 华为技术有限公司 一种注册及会话建立的方法、终端和amf实体

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102638797B (zh) * 2012-04-24 2016-08-03 华为技术有限公司 接入无线网络的方法、终端、接入网节点和鉴权服务器
CN104641590A (zh) * 2012-09-13 2015-05-20 诺基亚公司 用户感兴趣数据的发现和安全传输
CN107770770A (zh) * 2016-08-16 2018-03-06 电信科学技术研究院 一种接入认证方法、ue和接入设备
CN108243416B (zh) * 2016-12-27 2020-11-03 中国移动通信集团公司 用户设备鉴权方法、移动管理实体及用户设备
US10531420B2 (en) * 2017-01-05 2020-01-07 Huawei Technologies Co., Ltd. Systems and methods for application-friendly protocol data unit (PDU) session management
RU2734873C1 (ru) * 2017-01-30 2020-10-23 Телефонактиеболагет Лм Эрикссон (Пабл) Функция привязки безопасности в 5g-системах
CN107580324B (zh) * 2017-09-22 2020-05-08 中国电子科技集团公司第三十研究所 一种用于移动通信系统imsi隐私保护的方法

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685739A (zh) * 2011-12-08 2012-09-19 北京高森明晨信息科技有限公司 安卓企业应用的鉴权方法及系统
CN102984689A (zh) * 2012-11-21 2013-03-20 东莞宇龙通信科技有限公司 移动终端的验证系统和方法
CN104468464A (zh) * 2013-09-12 2015-03-25 深圳市腾讯计算机系统有限公司 验证方法、装置和系统
CN107666498A (zh) * 2016-07-27 2018-02-06 比亚迪股份有限公司 车载模块的更新方法、装置、云端服务器、系统和车辆
CN108323245A (zh) * 2017-06-19 2018-07-24 华为技术有限公司 一种注册及会话建立的方法、终端和amf实体

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CATT: "Annex B-wording Correction-based on Living CR S3-181470", 3GPP TSG-SA WG3 MEETING #91-BIS, S3-181718, 14 May 2018 (2018-05-14), pages S 3 - 181718, XP051456992 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113556743A (zh) * 2020-04-26 2021-10-26 中国电信股份有限公司 用户授权管理方法和系统、统一数据管理装置和用户终端
CN113556743B (zh) * 2020-04-26 2022-09-16 中国电信股份有限公司 用户授权管理方法和系统、统一数据管理装置和用户终端
US20220295272A1 (en) * 2020-04-28 2022-09-15 Zte Corporation Authentication server function selection in an authentication and key agreement
CN114205072A (zh) * 2020-08-27 2022-03-18 华为技术有限公司 认证方法、装置及系统
CN114640992A (zh) * 2020-11-30 2022-06-17 华为技术有限公司 更新用户身份标识的方法和装置
CN114640992B (zh) * 2020-11-30 2024-06-11 华为技术有限公司 更新用户身份标识的方法和装置
CN112866979A (zh) * 2020-12-31 2021-05-28 恒安嘉新(北京)科技股份公司 基于5g服务化接口的用户信息关联方法、装置、设备和介质
CN112866979B (zh) * 2020-12-31 2022-09-09 恒安嘉新(北京)科技股份公司 基于5g服务化接口的用户信息关联方法、装置、设备和介质
CN114630312A (zh) * 2021-04-23 2022-06-14 亚信科技(中国)有限公司 用户组信息确定方法、装置及电子设备
CN114553592A (zh) * 2022-03-23 2022-05-27 深圳市美科星通信技术有限公司 一种设备身份验证的方法、设备及存储介质
CN114553592B (zh) * 2022-03-23 2024-03-22 深圳市美科星通信技术有限公司 一种设备身份验证的方法、设备及存储介质
WO2023246942A1 (fr) * 2022-06-25 2023-12-28 华为技术有限公司 Procédé et appareil de communication

Also Published As

Publication number Publication date
CN110798833B (zh) 2023-10-24
CN110798833A (zh) 2020-02-14

Similar Documents

Publication Publication Date Title
WO2020024764A1 (fr) Procédé et appareil permettant de vérifier un identifiant d'équipement utilisateur dans un processus d'authentification
WO2019019736A1 (fr) Procédé de mise en œuvre de sécurité, et appareil et système associés
JP6936393B2 (ja) パラメータ保護方法及びデバイス、並びに、システム
CN112449315B (zh) 一种网络切片的管理方法及相关装置
US10798082B2 (en) Network authentication triggering method and related device
WO2022057736A1 (fr) Procédé et dispositif d'autorisation
JP4687788B2 (ja) 無線アクセスシステムおよび無線アクセス方法
KR101002799B1 (ko) 이동통신 네트워크 및 상기 이동통신 네트워크에서 이동 노드의 인증을 수행하는 방법 및 장치
US20090028101A1 (en) Authentication method in a radio communication system, a radio terminal device and radio base station using the method, a radio communication system using them, and a program thereof
WO2017147772A1 (fr) Procédé de transmission d'informations et appareil d'accès à un réseau central
US20210045050A1 (en) Communications method and apparatus
US20190274039A1 (en) Communication system, network apparatus, authentication method, communication terminal, and security apparatus
US20220255734A1 (en) Communication Authentication Method and Related Device
US12015707B2 (en) Communication method and related product
US11523332B2 (en) Cellular network onboarding through wireless local area network
WO2020029754A1 (fr) Procédé de configuration d'informations de signature et dispositif de communication
KR20230008824A (ko) 보안 통신 방법 및 관련 장치 그리고 시스템
US20230035970A1 (en) Method for Protecting Terminal Parameter Update and Communication Apparatus
CN116193431A (zh) 切片认证方法及装置
WO2022134089A1 (fr) Procédé et appareil de génération de contexte de sécurite, et support de stockage lisible par ordinateur
US20220030428A1 (en) Communication Method and Communications Device
JP2024517897A (ja) Nswoサービスの認証のための方法、デバイス、および記憶媒体
CN110226319A (zh) 用于紧急接入期间的参数交换的方法和设备
WO2017132906A1 (fr) Procédé et dispositif pour acquérir et envoyer un identifiant d'équipement utilisateur
WO2021249325A1 (fr) Procédé et appareil de vérification de service de tranche

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19844714

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19844714

Country of ref document: EP

Kind code of ref document: A1