WO2021036627A1 - Système, procédé et appareil de communication - Google Patents

Système, procédé et appareil de communication Download PDF

Info

Publication number
WO2021036627A1
WO2021036627A1 PCT/CN2020/104598 CN2020104598W WO2021036627A1 WO 2021036627 A1 WO2021036627 A1 WO 2021036627A1 CN 2020104598 W CN2020104598 W CN 2020104598W WO 2021036627 A1 WO2021036627 A1 WO 2021036627A1
Authority
WO
WIPO (PCT)
Prior art keywords
network element
user
key
response
management network
Prior art date
Application number
PCT/CN2020/104598
Other languages
English (en)
Chinese (zh)
Inventor
李飞
张博
何承东
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN202010256020.0A external-priority patent/CN112512045B/zh
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2021036627A1 publication Critical patent/WO2021036627A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Definitions

  • the user's subscription permanent identifier (SUPI) is usually applied to the calculation of the key KAMF, so SUPI is sensitive information.
  • the communication between the network elements in the core network uses the subscription permanent identifier (SUPI) to identify the terminal equipment. If the network element in the core network is attacked or the data in the network element is stolen, it is easy to cause SUPI Leakage affects user communication privacy.
  • the mobility management network element is further configured to obtain the second user identifier from the authentication service network element in response to the first user authentication response. It is convenient for the mobile management network element to obtain the second user ID.
  • the mobile management network element supports user identity anonymization processing, which can also be understood as: the network where the mobile management network element is located supports user identity anonymization processing, where the network where the mobile management network is located is The network that the terminal device requests to access is used to provide services for the terminal device.
  • the network can be called a service network.
  • the authentication service network element receives the first parameter sent by the mobility management network element, and sends the first parameter to the first network element, and the first parameter is used for Generate the key K AMF .
  • another communication method provided by an embodiment of the present application, the method includes:
  • the first network element obtains the second user ID according to the SUPI, and the SUPI is obtained from the anonymized user ID obtaining request, or for the first network element.
  • the user ID is decrypted.
  • the terminal device is used to send an access request to the mobility management network element;
  • the access request includes a first user identity, the first user identity is obtained by encrypting SUPI, and the SUPI is the terminal device ’S identity;
  • the authentication service network element is further configured to receive the second user authentication response, and return a first user authentication response to the mobility management network element; for example, the first user authentication response includes a second user identifier.
  • the mobility management network element is further configured to send a third user authentication request to the terminal device in response to the first user authentication response, where the third user authentication request includes the first user identifier;
  • the terminal device is further configured to respond to the third user authentication request, obtain the second user ID according to SUPI, and generate the key K AMF according to the second user ID; and then send it to the mobility management network element Return a third user authentication response;
  • the key K AMF is the key between the terminal device and the mobility management network element;
  • the device includes a processing unit and a communication unit.
  • the processing unit may be, for example, a processor
  • the communication unit may be, for example, a transceiver
  • the transceiver may include a radio frequency circuit.
  • the processing unit is used to trigger the communication unit to send the first user authentication request to the authentication service unit in response to the access request; for another example, the processing unit is used to trigger the communication unit to send the second user authentication request to the data management unit in response to the first user authentication request.
  • User authentication request etc.
  • FIG. 3 is a schematic flowchart of a communication method according to an embodiment of the application.
  • FIG. 7 is a schematic flowchart of another communication method according to an embodiment of the application.
  • FIG. 10 is a schematic structural diagram of a communication device according to an embodiment of the application.
  • FIG. 11 is a schematic structural diagram of another communication device according to an embodiment of the application.
  • transmission can include sending and/or receiving, and can be a noun or a verb.
  • the communication system includes a mobility management network element, an authentication service network element, and a data management network element.
  • the communication system further includes a first network element.
  • the first network element may also be named as a user identification anonymization network element, etc., and the name of the first network element is not limited.
  • the authentication service network element is configured to send a second user authentication request to the data management network element in response to the first user authentication request, where the second user authentication request includes the first user identifier;
  • the mobility management network element may also be used to indicate to the data management network element through the authentication service network element that the mobility management network element supports user identity anonymization processing.
  • the mobility management network element sends a first user authentication request to the authentication service network element, the first user authentication request includes a first user ID and first indication information, and the first indication information is used to instruct the mobility management network element to support user identity anonymity ⁇ Treatment.
  • the mobile management network element supports user identity anonymization processing, which can also be understood as: the network where the mobile management network element is located supports user identity anonymization processing, where the network where the mobile management network is located is the terminal device requesting access.
  • the connected network is used to provide services for terminal devices.
  • the network can be called a service network.
  • the authentication service network element is used to send a key acquisition request to the first network element, the key acquisition request includes the second user identifier, and the first network element is used to respond to the key acquisition request, according to The second user ID obtains SUPI, and obtains the key K AMF according to SUPI, and then returns the key K AMF to the authentication service network element, and the authentication service network element sends the key K AMF to the mobility management network element.
  • the terminal device may be a mobile phone (mobile phone), a tablet computer (pad), a computer with wireless transceiver function, a virtual reality (VR) terminal, an augmented reality (AR) terminal, an industrial control (industrial control) Wireless terminals in ), wireless terminals in self-driving, wireless terminals in remote medical, wireless terminals in smart grid, and wireless terminals in transportation safety , Wireless terminals in smart cities, wireless terminals in smart homes, etc.
  • the terminal equipment is referred to as UE for introduction.
  • the aforementioned network elements or functions may be network elements in hardware devices, software functions running on dedicated hardware, or virtualization functions instantiated on a platform (for example, a cloud platform).
  • a platform for example, a cloud platform.
  • the foregoing network element or function may be implemented by one device, or jointly implemented by multiple devices, or may be a functional module in one device, which is not specifically limited in the embodiment of the present application.
  • FIG. 3 it is a schematic flowchart of a communication method according to an embodiment of this application, which specifically includes the following steps.
  • the first user authentication request further includes first indication information
  • the first indication information is used to instruct the AMF network element to support user identity anonymization processing.
  • the AMF network element can also notify the UDM network element that the AMF network element supports the anonymization of user identity processing in other ways.
  • the AMF network element can carry the first indication information in a custom message and send it to the AUSF network element.
  • the AUSF network element notifies the UDM network element.
  • the AMF network element may send a customized message carrying the first indication information before or after sending the first user authentication request, and may also send the first user authentication request and a customized message carrying the first indication information at the same time, There is no restriction on this.
  • the user authentication request between the AMF network element and the AUSF network element in the above embodiment can also be referred to as Nausf_UE Authentication_Authenticate Request.
  • the first user authentication request and the fourth user authentication request can also be referred to as Nausf_UE Authentication_Authenticate. Request;
  • the user authentication response between the AMF network element and the AUSF network element can also be referred to as Nausf_UEAuthentication_AuthenticateResponse, for example, the first user authentication response and the fourth user authentication response.
  • the SEAF network element may also perform the steps performed by the AMF network element, and/or the ARPF network element may perform the steps performed by the UDM network element.
  • the UE receives the Authentication-Request, generates RES*, and returns Authentication-Response to the AMF network element, and the Authentication-Response includes RES*.
  • the UDM network element When the UDM network element supports user identity anonymization, Decrypt SUCI to obtain SUPI, according to SUPI, from the pre-configured SUPI and SUPI* correspondence, obtain the SUPI* corresponding to the SUPI, and according to SUPI, from the pre-configured SUPI and user subscription data correspondence, Determine the user subscription data of the UE, obtain XRES* according to the user subscription data, and return Nudm_UE Authentication_Get Response to the AUSF network element.
  • the Nudm_UE Authentication_Get Response includes indication information 2, SUPI*, and XRES*.
  • the AUSF network element receives the Nausf_UEAuthentication_Authenticate Request2, generates a first HXRES* according to the RES*, determines that the first HXRES* is the same as the second HXRES*, and returns Nausf_UEAuthentication_AuthenticationResponse2 to the AMF network element, and Nausf_UEAuthentication_AuthenticationResponse2 includes SUPponseResponse2.
  • the AMF network element sends a session connection establishment request to the SMF network element, and the session connection establishment request includes the second user identifier.
  • the AMF network element, the SMF network element and the UDM network element in the above process identify the UE through the second user identifier when querying the user subscription data during the session connection establishment process, the risk of privacy leakage in the communication process is greatly reduced.
  • the parameter used when the UE calculates the key K AMF can also be changed, and the parameter used when the UE calculates the key K AMF is the second user ID as an example.
  • the embodiment of the present application provides Another communication method of, as shown in Figure 8, specifically includes the following steps.
  • the first user identifier is SUCI.
  • a first user identity conversion module configured on network element 1 receives a first service request from network element 2, where the first service request includes user identity 1, and user identity 1 is the identity of terminal device A.
  • the user identity 1 can be SUPI, SUCI, or temporary user identity.
  • the first user ID conversion module may replace the user ID 1 in the first service request with the corresponding user ID 2 according to the preset correspondence between the user ID 1 and the user ID 2.
  • the first user identification conversion module may also perform a corresponding operation on the user identification 1 in the first service request based on the first algorithm to obtain the user identification 2, and replace the user identification 1 in the first service request with the obtained User ID 2.
  • the first user identity conversion module sends the first service request for replacing the user identity 1 with the user identity 2 to the network element 1.
  • the network element 1 sends a first service response to the second user identity conversion module configured on the network element 1.
  • the first service response includes the user identity 2, and the user identity 2 is the anonymity of the terminal device A ⁇ identification.
  • first algorithm and key 1 can be pre-configured in the first user identity conversion module, or the first user identity conversion module can be obtained from other network elements (such as UDM network elements, first network elements, etc.). This is not limited.
  • the second algorithm and key 2 can be pre-configured in the second user identity conversion module, or the second user identity conversion module can be obtained from other network elements (such as UDM network elements, first network elements, etc.), which is not limited .
  • the processing unit 1002 may be a processor or a controller, for example, a general-purpose central processing unit (central processing unit, CPU), a general-purpose processor, a digital signal processing (digital signal processing, DSP), and an application specific integrated circuit (application specific integrated circuit). circuits, ASIC), field programmable gate array (FPGA) or other programmable logic devices, transistor logic devices, hardware components, or any combination thereof. It can implement or execute various exemplary logical blocks, modules, and circuits described in conjunction with the disclosure of this application.
  • the processor may also be a combination for realizing computing functions, for example, including a combination of one or more microprocessors, a combination of a DSP and a microprocessor, and so on.
  • the device 1000 is the authentication service network element in the foregoing embodiment.
  • the processing unit 1002 is configured to send a second user authentication request to the data management network element in response to the first user authentication request when the communication unit 1001 receives the first user authentication request sent by the mobility management network element.
  • the first user authentication request includes the first user identification
  • the communication unit 1001 is further configured to receive a second user authentication response returned by the data management network element in response to the second user authentication request, and the second user authentication response includes the second user identification.
  • the processing unit 1002 is further configured to return a first user authentication response to the mobility management network element in response to the second user authentication response.
  • the device is a mobility management network element, an authentication service network element, a data management network element, or the first network element
  • the mobility management network element authentication service network element, data management network element, or first network element is divided in an integrated manner
  • the form of each functional module is presented.
  • the "module” here may refer to a specific ASIC, a circuit, a processor and memory that executes one or more software or firmware programs, an integrated logic circuit, and/or other devices that can provide the above-mentioned functions.
  • the mobility management network element, the authentication service network element, the data management network element, or the first network element may adopt the form shown in FIG. 11.
  • the processor 1102 in FIG. 11 may invoke the program instructions stored in the memory 1101 to cause the mobility management network element, the authentication service network element, the data management network element, or the first network element to execute the method in the foregoing method embodiment.
  • the function/implementation process of the communication unit 1001 and the processing unit 1002 in FIG. 10 may be implemented by the processor 1102 in FIG. 11 calling a computer execution instruction stored in the memory 1101.
  • the function/implementation process of the processing unit 1002 in FIG. 10 may be implemented by the processor 1102 in FIG. 11 calling computer execution instructions stored in the memory 1101, and the function/implementation process of the communication unit 1001 in FIG. 11 in the communication interface 1103 to achieve.
  • the apparatus may be the mobility management network element, the authentication service network element, the data management network element, or the first network element in the above-mentioned embodiment.
  • the device 1100 includes a processor 1102 and a communication interface 1103.
  • the device 1100 may further include a memory 1101.
  • the apparatus 1100 may further include a communication line 1104.
  • the communication interface 1103, the processor 1102, and the memory 1101 may be connected to each other through a communication line 1104;
  • the communication line 1104 may be a peripheral component interconnect (PCI) bus or an extended industry standard architecture (extended industry standard architecture). , Referred to as EISA) bus and so on.
  • the communication line 1104 can be divided into an address bus, a data bus, a control bus, and so on. For ease of representation, only one thick line is used to represent in FIG. 11, but it does not mean that there is only one bus or one type of bus.
  • the memory 1101 is used to store computer-executable instructions for executing the solutions of the present application, and the processor 1102 controls the execution.
  • the processor 1102 is configured to execute computer-executable instructions stored in the memory 1101, so as to implement the method for selecting a session management network element provided in the foregoing embodiment of the present application.
  • program instructions in the embodiments of the present application may also be referred to as application program codes, computer programs, computer instructions, etc., which are not specifically limited in the embodiments of the present application.
  • the computer may be implemented in whole or in part by software, hardware, firmware, or any combination thereof.
  • software it can be implemented in the form of a computer program product in whole or in part.
  • the computer program product includes one or more computer instructions.
  • the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices.
  • the computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium.
  • the computer instructions may be transmitted from a website, computer, server, or data center.
  • the various illustrative logic units and circuits described in the embodiments of this application can be implemented by general-purpose processors, digital signal processors, application-specific integrated circuits (ASIC), field programmable gate arrays (FPGA) or other programmable logic devices, Discrete gates or transistor logic, discrete hardware components, or any combination of the above are designed to implement or operate the described functions.
  • the general-purpose processor may be a microprocessor.
  • the general-purpose processor may also be any traditional processor, controller, microcontroller, or state machine.
  • the processor can also be implemented by a combination of computing devices, such as a digital signal processor and a microprocessor, multiple microprocessors, one or more microprocessors combined with a digital signal processor core, or any other similar configuration. achieve.
  • the UE sends an access request to an AMF network element; the access request includes a first user identifier.
  • the first user identity is obtained by encrypting SUPI, and SUPI is the identity of the UE.
  • the AMF network element In response to the access request, the AMF network element sends a first user authentication request to the AUSF network element; the first user authentication request includes the first user identifier and the service network name.
  • the service network name includes PLMN ID and/or network identifier (NID).
  • PLMN ID and NID are jointly used to identify non-public networks (for example, standalone non-public network (SNPN)).
  • SNPN standalone non-public network
  • the user authentication request when the first user authentication request includes indication information 1, the user authentication request may also include indication information 1.
  • the UDM network element In response to the second user authentication request, the UDM network element returns a second user authentication response to the AUSF network element, and the second user authentication response includes the second user identifier.
  • the second user identifier is the anonymized identity identifier of the UE.
  • the UDM network element also records the corresponding relationship between SUPI and SPUI*.
  • the second user identity is the anonymized identity identity of the UE.
  • the UDM network element also records the corresponding relationship between SUPI and SPUI*.
  • the anonymized identity of the UE (such as SUPI*) is generated by the UDM network element according to one or more of the following parameters, based on a certain algorithm or strategy:
  • the identification of the UE includes but is not limited to: SUPI, 5G globally unique temporary identifier (5G-GUTI), SUCI, generic public subscription identifier (GPSI), etc.;
  • KAUSF The shared key between the UE and the network side, including but not limited to: KAUSF, encryption key CK, integrity key IK, anonymous key AK, long-term key K, and KAUSF, KAKMA, CK, IK, AK A key generated by any one or more of K, such as SEAF key KSEAF, etc. Specifically, KSEAF is generated by KAUSF.
  • the second user authentication response may further include indication information 3, which is used to indicate that the UDM network element supports user identity anonymization processing, where the UDM network element supports user identity anonymization processing and can be expressed as UDM The network element has performed user identity anonymization processing, and/or the home network where the UDM network element is located supports user identity anonymization processing.
  • the AMF network element sends a third user authentication request to the UE, and the third user authentication request is used to initiate authentication to the UE.
  • the third user authentication request may further include indication information 3.
  • only SUPI* is used to remove the part of the PLMN ID and/or routing information when generating the key KAMF.
  • the AUSF network element In response to the first user authentication request, the AUSF network element sends a second user authentication request to the UDM network element, where the second user authentication request includes SUPI*1 and the service network name.
  • the user authentication request when the first user authentication request includes indication information 2, the user authentication request may also include indication information 2.
  • the UDM network element In response to the second user authentication request, the UDM network element returns a second user authentication response to the AUSF network element, and the second user authentication response includes SUPI*1 and SUPI*2;
  • the second user authentication response includes indication information 2 and/or when the UDM network element supports user identity anonymization, if the UDM network element is based on SUPI*1, from the recorded correspondence between SUPI and SUPI* If the SUPI corresponding to SUPI*1 is found, it is judged that the UE supports the anonymization of user identity, SUPI*2 is generated, and the corresponding relationship between SUPI and SUPI*2 is recorded.
  • SUPI*2 for the manner of generating SUPI*2, please refer to the related introduction of generating the second user identifier in step 1204 above, which will not be repeated here.
  • the second user authentication response may further include indication information 1 for indicating that the UE supports the user identity anonymization processing.
  • indication information 1 for indicating that the UE supports the user identity anonymization processing.
  • the UDM network element if the UDM network element does not find the SUPI corresponding to SUPI*1 from the recorded correspondence between SUPI*1 according to SUPI*1, it will treat SUPI*1 as SUPI.
  • the UDM network element when the AMF network element does not support user identity anonymization processing, responds to the second user authentication request and returns the second user authentication response to the AUSF network element including SUPI but not the indication information 3. Indication information 3 is used to instruct the UDM network element to support the anonymization of user identity.
  • the second user authentication response includes indication information 2 and/or when the UDM network element supports user identity anonymization, the second user authentication response may also include indication information 3, where the UDM network element supports user identity
  • the anonymization processing can also be expressed as that the UDM network element has performed the user identity anonymization processing, and/or the home network where the UDM network element is located supports the user identity anonymization processing.
  • the AUSF network element In response to the second user authentication response, the AUSF network element returns a first user authentication response to the AMF network element.
  • the first user authentication response includes indication information 3.
  • the AMF network element sends a third user authentication request to the UE, where the third user authentication request is used to initiate authentication to the UE.
  • the third user authentication request may further include indication information 3.
  • the indication information 3 may be carried in the authentication token AUTN.
  • the way that the UE generates SUPI*2 according to SUPI is the same as the way the UDM generates SUPI*.
  • the UE generating the key KAMF according to SUPI*2 refer to the relevant introduction in the foregoing embodiments.
  • the UE may generate SUPI*2 and the key KAMF after returning the third user authentication response to the AMF, or may generate SUPI*2 and the key KAMF before returning the third user authentication response, which is not limited.
  • the manner in which the UE generates SUPI*2 and the key KAMF can refer to the above related introduction, which will not be repeated here.
  • the AUSF network element In response to the fourth user authentication request, the AUSF network element returns a fourth user authentication response to the AMF network element.
  • the fourth user authentication response may include the third user ID and SUPI*2. In some embodiments, the fourth user authentication response may also include SUPI*1.
  • step 1209 For the related introduction of the third user identifier, refer to the description in step 1209, which will not be repeated here.
  • the AMF network element can also compare SUPI*2 with SUPI*1, and when SUPI*2 is different from SUPI*1, determine that the UE supports the anonymization of user identity. In this way, it is realized that the UE supports the anonymization processing of the user identity implicitly.
  • the AMF network element further includes:
  • the AMF network element sends a session connection establishment request to the SMF network element, where the session connection establishment request includes SUPI*1 and SUPI*2.
  • the SMF network element After receiving the session establishment connection request, the SMF network element replaces SUPI*1 with SUPI*2, so that subsequent SMF network elements can identify the UE through SUPI*2.
  • the session connection establishment request may be Nsmf_PDUSession_CreateSMContext Request.
  • the access request involved in each embodiment of this application can be understood as a registration request, that is, the access request involved in the embodiment of this application can be replaced with a registration request.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention se rapporte au domaine technique des communications et concerne un système, un procédé et un appareil de communication. Le système de communication comprend un élément de réseau de gestion mobile, un élément de réseau de service d'authentification et un élément de réseau de gestion de données. Un dispositif terminal est utilisé pour envoyer une demande d'accès à l'élément de réseau de gestion mobile et la demande d'accès comprend un premier identifiant d'utilisateur ; l'élément de réseau de gestion mobile est utilisé pour envoyer une première demande d'authentification d'utilisateur à l'élément de réseau de service d'authentification en réponse à la demande d'accès et la première demande d'authentification d'utilisateur comprend le premier identifiant d'utilisateur ; l'élément de réseau de service d'authentification est utilisé pour envoyer une seconde demande d'authentification d'utilisateur à l'élément de réseau de gestion de données en réponse à la première demande d'authentification d'utilisateur et la seconde demande d'authentification d'utilisateur comprend le premier identifiant d'utilisateur ; l'élément de réseau de gestion de données est utilisé pour renvoyer une seconde réponse d'authentification d'utilisateur à l'élément de réseau de service d'authentification en réponse à la seconde demande d'authentification d'utilisateur, la seconde réponse d'authentification d'utilisateur comprend un second identifiant d'utilisateur et le second identifiant d'utilisateur est un identifiant d'identité d'anonymisation du dispositif terminal. Selon la solution technique, le second identifiant d'utilisateur est introduit, ce qui facilite l'amélioration de la sécurité et de la fiabilité de la communication.
PCT/CN2020/104598 2019-08-27 2020-07-24 Système, procédé et appareil de communication WO2021036627A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201910795258 2019-08-27
CN201910795258.8 2019-08-27
CN202010256020.0 2020-04-02
CN202010256020.0A CN112512045B (zh) 2019-08-27 2020-04-02 一种通信系统、方法及装置

Publications (1)

Publication Number Publication Date
WO2021036627A1 true WO2021036627A1 (fr) 2021-03-04

Family

ID=74683283

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/104598 WO2021036627A1 (fr) 2019-08-27 2020-07-24 Système, procédé et appareil de communication

Country Status (1)

Country Link
WO (1) WO2021036627A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108683510A (zh) * 2018-05-18 2018-10-19 兴唐通信科技有限公司 一种加密传输的用户身份更新方法
CN108848495A (zh) * 2018-05-18 2018-11-20 兴唐通信科技有限公司 一种使用预置密钥的用户身份更新方法
CN108848502A (zh) * 2018-05-18 2018-11-20 兴唐通信科技有限公司 一种利用5g-aka对supi进行保护的方法
US10299128B1 (en) * 2018-06-08 2019-05-21 Cisco Technology, Inc. Securing communications for roaming user equipment (UE) using a native blockchain platform

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108683510A (zh) * 2018-05-18 2018-10-19 兴唐通信科技有限公司 一种加密传输的用户身份更新方法
CN108848495A (zh) * 2018-05-18 2018-11-20 兴唐通信科技有限公司 一种使用预置密钥的用户身份更新方法
CN108848502A (zh) * 2018-05-18 2018-11-20 兴唐通信科技有限公司 一种利用5g-aka对supi进行保护的方法
US10299128B1 (en) * 2018-06-08 2019-05-21 Cisco Technology, Inc. Securing communications for roaming user equipment (UE) using a native blockchain platform

Similar Documents

Publication Publication Date Title
CN112512045B (zh) 一种通信系统、方法及装置
CN113225176B (zh) 密钥获取方法及装置
US11451950B2 (en) Indirect registration method and apparatus
US11218314B2 (en) Network function service invocation method, apparatus, and system
US11974132B2 (en) Routing method, apparatus, and system
US11510052B2 (en) Identity information processing method, device, and system
WO2020207156A1 (fr) Procédé de vérification, appareil, et dispositif
JP2021532627A (ja) 通信方法および通信装置
WO2021218978A1 (fr) Procédé, dispositif, et système de gestion de clé
WO2019169679A1 (fr) Procédé de transmission d'informations de terminal et produits associés
WO2018076740A1 (fr) Procédé de transmission de données et dispositif associé
CN113132355A (zh) 服务授权方法及通信装置
JP7681725B2 (ja) Nswoサービスの認証のための方法、デバイス、および記憶媒体
US12355884B2 (en) Network slice authentication method and communications apparatus
CN113395697B (zh) 传输寻呼信息的方法和通信装置
WO2021063298A1 (fr) Procédé de mise en œuvre d'authentification, dispositif de communication, et système de communication
WO2020215331A1 (fr) Procédé et appareil de communication
CN110086839A (zh) 一种远端设备的动态接入方法及装置
WO2021254172A1 (fr) Procédé de communication et appareil associé
JP2023527193A (ja) サービス取得方法、装置、通信機器及び可読記憶媒体
CN111865569B (zh) 一种密钥协商方法及装置
CN113285805B (zh) 一种通信方法及装置
WO2020215272A1 (fr) Procédé de communication, appareil de communication et système de communication
EP4478763A1 (fr) Procédé et appareil de communication
WO2021036627A1 (fr) Système, procédé et appareil de communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20857352

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20857352

Country of ref document: EP

Kind code of ref document: A1