WO2021212491A1 - Procédé et appareil d'authentification de service de diffusion/multidiffusion multimédia, dispositif et support de stockage - Google Patents

Procédé et appareil d'authentification de service de diffusion/multidiffusion multimédia, dispositif et support de stockage Download PDF

Info

Publication number
WO2021212491A1
WO2021212491A1 PCT/CN2020/086771 CN2020086771W WO2021212491A1 WO 2021212491 A1 WO2021212491 A1 WO 2021212491A1 CN 2020086771 W CN2020086771 W CN 2020086771W WO 2021212491 A1 WO2021212491 A1 WO 2021212491A1
Authority
WO
WIPO (PCT)
Prior art keywords
network element
control plane
key
terminal device
key information
Prior art date
Application number
PCT/CN2020/086771
Other languages
English (en)
Chinese (zh)
Inventor
许阳
曹进
卜绪萌
于璞
李晖
Original Assignee
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oppo广东移动通信有限公司 filed Critical Oppo广东移动通信有限公司
Priority to CN202080099194.9A priority Critical patent/CN115336377A/zh
Priority to PCT/CN2020/086771 priority patent/WO2021212491A1/fr
Publication of WO2021212491A1 publication Critical patent/WO2021212491A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Definitions

  • This application relates to the field of wireless communication, and in particular to a method, device, equipment, and storage medium for authenticating multimedia broadcast and multicast services.
  • the Broadcast Multicast Service Center (BM-SC) network element serves as the Multimedia Broadcast/Multicast Service (MBMS)
  • BM-SC Broadcast Multicast Service Center
  • MBMS Multimedia Broadcast/Multicast Service
  • the embodiments of the present application provide a method, device, equipment, and storage medium for authenticating a multimedia broadcast multicast service.
  • the technical solution is as follows.
  • a method for authentication of multimedia broadcast and multicast services is provided, which is applied to terminal equipment;
  • the terminal device interacts via NAS messages between the mobile network control plane and the first network element control plane, and the interaction is used to complete at least one of the following processes: a service registration process, a request authentication process, and a key distribution process;
  • At least one of the service registration process, the request authentication process, and the key distribution process is used for the MBMS service.
  • a multimedia broadcast multicast service authentication method which is applied to a communication system, the communication system including a mobile network control plane, a first network element control plane, and a first network element user plane;
  • the first network element control plane interacts with the terminal device through NAS messages through the mobile network control plane, and the interaction is used to complete at least one of the following processes: a service registration process, a request authentication process, and a key distribution process;
  • At least one of the service registration process, the request authentication process, and the key distribution process is used for the MBMS service.
  • a multimedia broadcast multicast service authentication device comprising: a transceiver module;
  • the transceiver module is configured to interact with the control plane of the first network element through the mobile network control plane through NAS messages, and the interaction is used to complete at least one of the following processes: service registration process, request authentication process, key distribution Process;
  • At least one of the service registration process, the request authentication process, and the key distribution process is used for the MBMS service.
  • a multimedia broadcast multicast service authentication device includes a mobile network control plane module, a first network element control plane module, and a first network element user plane module;
  • the first network element control plane module interacts with the terminal device through NAS messages through the mobile network control plane module, and the interaction is used to complete at least one of the following processes: service registration process, request authentication process, key distribution Process;
  • At least one of the service registration process, the request authentication process, and the key distribution process is used for the MBMS service.
  • a terminal device comprising: a processor; a transceiver connected to the processor; a memory for storing executable instructions of the processor; The processor is configured to load and execute the executable instructions to implement the multimedia broadcast multicast service authentication method as described in the above aspect.
  • a communication system including:
  • the code in the memory run by the processor is provided to at least one network element in network function virtualization, and the at least one network element is used to execute the multimedia broadcast multicast service authentication method as described in the foregoing aspect.
  • a computer-readable storage medium is provided, and executable instructions are stored in the readable storage medium, and the executable instructions are loaded and executed by the processor to implement the aforementioned aspects.
  • Multimedia broadcast multicast service authentication method is provided.
  • the terminal device interacts with the control plane of the first network element through NAS messages through the mobile network control plane, that is, the function of BM-SC is realized by separating the user plane and the control plane, and MBMS can be realized without changing the communication equipment in the 3GPP standard. Services can be applied to networks in all 5G scenarios.
  • Fig. 1 is a block diagram of a communication system provided by an exemplary embodiment of the present application
  • Fig. 2 is a schematic diagram of a multimedia broadcast multicast service authentication method provided by an exemplary embodiment of the present application
  • Fig. 3 is a flowchart of a method for authenticating a multimedia broadcast multicast service provided by an exemplary embodiment of the present application
  • Fig. 4 is a method flowchart of a service registration process provided by an exemplary embodiment of the present application.
  • Fig. 5 is a method flowchart of a service registration process provided by an exemplary embodiment of the present application.
  • Fig. 6 is a method flowchart of a service registration process provided by an exemplary embodiment of the present application.
  • Fig. 7 is a flowchart of a method for requesting an authentication process provided by an exemplary embodiment of the present application.
  • Fig. 8 is a flowchart of a method for requesting an authentication process provided by an exemplary embodiment of the present application.
  • Fig. 9 is a flowchart of a method for requesting an authentication process provided by an exemplary embodiment of the present application.
  • FIG. 10 is a method flowchart of a key distribution process provided by an exemplary embodiment of the present application.
  • Fig. 11 is a method flowchart of a key distribution process provided by an exemplary embodiment of the present application.
  • FIG. 12 is a network deployment diagram with a multicast service function provided by an exemplary embodiment of the present application.
  • FIG. 13 is a system architecture diagram with a multicast service function provided by an exemplary embodiment of the present application.
  • FIG. 14 is a structural block diagram of a multimedia broadcast multicast service authentication device provided by an exemplary embodiment of the present application.
  • FIG. 15 is a structural block diagram of a multimedia broadcast multicast service authentication device provided by an exemplary embodiment of the present application.
  • FIG. 16 is a schematic structural diagram of a terminal device provided by an exemplary embodiment of the present application.
  • GBA General Bootstrapping Architecture, general authentication mechanism
  • MBS (Multicast Broadcast Service, Multicast Broadcast Service);
  • MRK (MBMS Request Key, MBMS request key);
  • MSK (MBMS Service Key, MBMS service key);
  • MTK (MBMS Traffic Key, MBMS traffic key);
  • MUK (MBMS User Key, MBMS user key);
  • MBSF Multimedia Broadcast Service Function, Multimedia Broadcast Service Function
  • MBSU Multimedia Broadcast Service User plane, Multimedia Broadcast Service User plane
  • SUPI Subscriber Permanent Identifier, the user's real identity
  • Fig. 1 shows a block diagram of a communication system provided by an exemplary embodiment of the present application.
  • the communication system includes: an access network 12, a terminal device 14, a core network 16, and a non-core network 18.
  • the access network 12 includes several network devices 120.
  • the network device 120 may be a base station, which is a device deployed in an access network to provide a wireless communication function for a terminal.
  • the base station may include various forms of macro base stations, micro base stations, relay stations, access points, and so on.
  • the names of devices with base station functions may be different. For example, in LTE systems, they are called eNodeB or eNB; in 5G NR-U systems, they are called gNodeB or gNB. .
  • the terminal device 14 may include various handheld devices with wireless communication functions, vehicle-mounted devices, wearable devices, computing devices or other processing devices connected to a wireless modem, as well as various forms of user equipment, and mobile stations (Mobile Station, MS). , Terminal (terminal device) and so on.
  • Terminal terminal device
  • the network device 120 and the terminal device 14 communicate with each other through a certain air interface technology, such as a Uu interface.
  • the terminal device 14 accesses the core network 16 and the non-core network 18 through the access network 12.
  • the core network 16 includes: User Plane Function (UPF), Authentication Server Function (Authentication Server Function, AUSF), Unified Data Management (UDM) function, and Network Exposure Function (Network Exposure Function) , NEF), access and mobility management function (Access and Mobility Management Function, AMF), security anchor function (SEcurity Anchor Function, SEAF), session management function (Session Management Function, SMF), and policy control function (Policy Control Function) , PCF) at least one of.
  • UPF User Plane Function
  • AUSF Authentication Server Function
  • UDM Unified Data Management
  • NEF Network Exposure Function
  • Access and Mobility Management Function Access and Mobility Management Function
  • SEAF Security Anchor Function
  • SMF Session Management Function
  • Policy Control Function Policy Control Function
  • the non-core network 18 is divided into a control plane and a user plane for carrying MBS services.
  • the non-core network 18 includes MBSU and MBSF.
  • GSM Global System of Mobile Communication
  • CDMA Code Division Multiple Access
  • WCDMA broadband code division multiple access
  • GSM Global System of Mobile Communication
  • GPRS General Packet Radio Service
  • LTE Long Term Evolution
  • FDD Frequency Division Duplex
  • TDD Time Division Duplex
  • LTE-A Advanced Long Term Evolution
  • NR New Radio
  • UMTS Universal Mobile Telecommunication System
  • WiMAX Worldwide Interoperability for Microwave Access
  • WiMAX Wireless Local Area Networks
  • WLAN Wireless Fidelity
  • D2D Device to Device
  • M2M Machine to Machine
  • MTC machine type communication
  • V2V vehicle to vehicle
  • V2X vehicle networking
  • Fig. 2 shows a schematic diagram of a multimedia broadcast multicast service authentication method provided by an exemplary embodiment of the present application.
  • the terminal device interacts with the first network element control plane through the mobile network control plane through NAS messages, and the interaction is used to complete at least one of the following processes: service registration process, request authentication process, and key distribution process;
  • At least one of the service registration process, the request authentication process, and the key distribution process is used for the MBMS service.
  • the registration authentication process is used to register the terminal device on the control plane of the mobile network, so that the subsequent terminal device and the control plane of the first network element execute the MBMS service.
  • the request authentication process is used for the terminal device to request the first network element control plane to issue a key, so that the terminal device communicates through the key in the subsequent process.
  • the key distribution process is used to distribute the key to the terminal device after the first network element control plane verification request is passed, so that the terminal device communicates with the received key.
  • Multimedia Broadcast/Multicast Service is a service type proposed by the 3rd Generation Partnership Project (3rd Generation Partnership Project, 3GPP), which mainly provides two transmission methods: broadcast and multicast . Broadcasting and multicasting are transmitted from one point to many points. SMS, pictures, audio, video, applications, etc. can all be transmitted in this way to achieve the effect of saving mobile bandwidth resources.
  • 3rd Generation Partnership Project 3rd Generation Partnership Project
  • the mobile network control plane is a network element in the core network.
  • the first network element is a network element in a non-core network.
  • the control plane of the first network element is used to process the signaling part of the control plane, and carries functions such as key request, key distribution, and member management.
  • the Non-Access Stratum exists in the wireless communication protocol stack of the Universal Mobile Telecommunications System (UMTS) as a functional layer between the core network and the terminal equipment.
  • the NAS message is a message transmitted in the non-access layer, and the signaling and data transmission between the terminal device and the control plane of the first network element is realized through the NAS message.
  • the above-mentioned terminal device interacts with the control plane of the first network element through a non-access stratum NAS message through the mobile network control plane, including: the terminal device interacts with the control plane of the first network element The interactive content is added to the container, and the container is transmitted through the mobile network control plane.
  • the information interaction between the terminal device and the control plane of the first network element can be transparently transmitted: that is, the relevant information is placed in the container, and the container is placed in the NAS message, and the mobile network control plane transparently transmits it to Peer.
  • Transparent transmission refers to transparent transmission.
  • the terminal device or the first network element control plane
  • the terminal device or the first network element control plane
  • the terminal device interacts with the control plane of the first network element through the mobile network control plane through NAS messages, that is, the function of the BM-SC is realized by separating the user plane and the control plane without changing
  • the communication equipment in the 3GPP standard can implement MBMS services and can be applied to networks in all 5G scenarios.
  • Fig. 3 shows a flowchart of a method for authenticating a multimedia broadcast multicast service provided by an exemplary embodiment of the present application. The method includes the following steps:
  • Step 310 The terminal device sends a service registration request to the mobile network control plane.
  • the service registration request is used to register the terminal device.
  • Step 320 The mobile network control sends a service registration request to the control plane of the first network element.
  • the mobile network control plane After receiving the service registration request sent by the terminal device, the mobile network control plane forwards the service registration request to the first network element control plane.
  • the terminal device needs to perform the MBMS service, the terminal device needs to register first, and the MBMS service can be activated only after the registration is successful.
  • the service registration request includes (or does not include) fifth key information.
  • the fifth key information is a shared key formed between the terminal device and the network side based on the GBA mechanism.
  • Step 330 The first network element controls the terminal device to feed back a first verification success message.
  • the first verification success message is used to indicate that the service registration process corresponding to the service registration request is successful.
  • the terminal device can determine that the service registration process corresponding to the service registration request is successful according to the received first verification success message.
  • the terminal device does not receive the first verification success message, it can be determined that the service registration process corresponding to the service registration request has failed, and the service registration request needs to be re-sent for service registration.
  • Step 340 The terminal device sends a first verification request to the mobile network control plane.
  • the first verification request is used to request to obtain the first key.
  • the first key is used to encrypt the second key in the process of requesting the key by the terminal device.
  • Step 350 The mobile network control sends a first verification request to the control plane of the first network element.
  • the mobile network control plane After receiving the first verification request sent by the terminal device, the mobile network control plane forwards the first verification request to the first network element control plane.
  • the first verification request includes (or does not include) eighth key information.
  • the first verification request may be an MSK request, which is used to request to obtain an MSK key.
  • Step 360 The first network element controls the terminal device to feed back a second verification success message.
  • the second verification success message is used to indicate that the verification of the first verification request is successful.
  • the terminal device can determine that the request authentication process corresponding to the first verification request is successful.
  • the terminal device does not receive the second verification success message, it can be determined that the request authentication process corresponding to the service registration request has failed, and the request authentication needs to be performed again.
  • Step 370 The first network element controls to send the first key and the second key to the terminal device.
  • the first key is used to protect the second key
  • the second key is used for data transmission between the terminal device and the user plane of the first network element.
  • the control plane of the first network element may issue multiple second keys.
  • Step 380 The first network element controls to send the first key and the second key to the user plane of the first network element.
  • the control plane of the first network element after successfully sending the first key (or second key) to the terminal device, the control plane of the first network element sends the first key (or the second key) to the user plane of the first network element ( Or the second key).
  • the control plane of the first network element may issue multiple second keys.
  • the mobile network control plane includes but is not limited to: at least one of AMF network elements, SMF network elements, AUSF network elements, and SEAF network elements;
  • the first network element control plane includes but is not limited to: MBSF network elements;
  • the user plane of a network element includes but is not limited to: MBSU network element.
  • step 310 to step 330 correspond to the service registration process
  • step 340 to step 360 correspond to the request authentication process
  • step 370 to step 380 correspond to the key distribution process.
  • the terminal device interacts with the control plane of the first network element through NAS to complete at least one of the following registration authentication process, request authentication process, and key distribution process, and Each of the registration authentication process, request authentication process, and key distribution process is used for the MBMS service, and provides a method of MBMS service.
  • the service registration process, the MSK request verification process, and the key distribution process are set in In the control plane of the first network element, the normal operation of the MBMS service is ensured.
  • FIG. 4 shows a flowchart of a method of a service registration process provided by an exemplary embodiment of the present application, and the method includes:
  • Step 410 The terminal device sends a service registration request to the mobile network control plane.
  • the service registration request is used to register the terminal device.
  • Step 420 The mobile network control sends a service registration request to the control plane of the first network element.
  • the mobile network control plane After receiving the service registration request sent by the terminal device, the mobile network control plane forwards the service registration request to the first network element control plane.
  • the service registration request forwarded by the mobile network control plane received by the control plane of the first network element does not include fifth key information, and the fifth key information is used to derive third key information; or, the first network element
  • the service registration request forwarded by the mobile network control plane received by the control plane includes the fifth key information.
  • Step 430 The first network element controls the mobile network control plane to send the first network element identifier and the first random number.
  • the first network element identifier is used to uniquely identify the first network element.
  • the first random number is a 16-octet random number generated at the control plane of the first network element.
  • Step 440 The mobile network control sends the first network element identifier and the first random number to the terminal device.
  • the mobile network control plane After receiving the first network element identifier and the first random number sent by the first network element control plane, the mobile network control plane forwards the first network element identifier and the first random number to the terminal device.
  • Step 450 The terminal device determines the first summary information.
  • the first summary information is verification information generated by the terminal device according to the received first random number.
  • the terminal device after receiving the first network element identifier and the first random number, the terminal device first confirms the identity information of the first network element according to the first network element identifier, and determines that the first network element is a server that requires the MBS service.
  • the process for the terminal to determine the first digest information includes: determining third key information according to the first network element identifier and the first random number, determining fourth key information according to the third key information, and determining the fourth key information according to the fourth key information.
  • the key information and the first random number determine the first digest information.
  • Step 460 The terminal device sends the first summary information and the second random number to the control plane of the first network element.
  • the second random number is a 16-octet random number generated at the terminal device.
  • Step 470 The control plane of the first network element verifies the first summary information.
  • the control plane of the first network element verifies the first digest information according to the fourth key information.
  • the process of verifying the first summary information by the control plane of the first network element includes: the control plane of the first network element calculates the fourth key information according to the third key information; the control plane of the first network element calculates the fourth key information according to the first random number And the fourth key information to verify the first digest information.
  • the above-mentioned third key information is a shared key between the terminal device and the control plane of the first network element, the third key information needs to be derived from the fifth key information, and the third key information is used to derive the third key information.
  • Four key information is a shared key between the terminal device and the control plane of the first network element, the third key information needs to be derived from the fifth key information, and the third key information is used to derive the third key information.
  • the mobile network control plane calculates the third key information; the mobile network control faces the first network element.
  • the control plane of a network element sends the third key information; the control plane of the first network element receives the third key information.
  • the service registration request forwarded by the mobile network control plane received by the control plane of the first network element includes the fifth key information, and the control plane of the first network element calculates the third key information according to the fifth key information. Key information.
  • Step 480 The control plane of the first network element sends the second summary information and the first verification success message.
  • the second summary information is generated by the control plane of the first network element according to the second random number.
  • the first network element control plane successfully verifies the first summary information
  • the first network element controls to send the second summary information and the first verification success message to the terminal device.
  • Step 490 The terminal device verifies the second summary information.
  • the terminal device receives the second summary information fed back by the control plane of the first network element.
  • the terminal device verifies the second summary information according to the second random number, and if the verification is successful, the service registration process of the terminal device is completed.
  • the mobile network control plane includes AMF and the first network element control plane includes MBSF to exemplify the service registration process.
  • MBSF After the terminal device initiates a service registration request and transmits it through the network, if the service registration request received by MBSF does not contain the key Ks, MBSF first initiates a request containing MBSF_ID and the random number nonce1 to the GBA server AMF, as shown in Figure 5. At this time, the important parameter Ks holder in Ks_xx_NAF is the terminal device and the AMF, so the terminal device and the AMF negotiate the Ks_xx_NAF during the service registration and key request process. To ensure the smooth progress of the service registration process, AMF needs to send Ks_xx_NAF to the MBMS server. The service registration process is completed by the coordination of the terminal device, the GBA server AMF and the MBS server MBSF. After the authentication is successful, the terminal device and the MBSF negotiate to obtain the MRK and MUK.
  • Fig. 5 shows a method flowchart of a service registration process provided by an exemplary embodiment of the present application.
  • the service registration request does not include Ks (that is, the fifth key information), and the method includes:
  • Step 510 The terminal device sends a service registration request to the AMF.
  • the service registration request includes B-TID and MBS Service ID, where B-TID represents the identity information generated by the terminal device through the GBA mechanism, and MBS Service ID is the MBS service ID.
  • Step 520 AMF sends a service registration request to MBSF.
  • AMF After AMF receives the service registration request from the terminal device, it first checks the validity period of the B-TID. When it is determined that the B-TID is within the validity period and the key corresponding to the B-TID is also within the validity period, it forwards to MBSF Service registration request.
  • the forwarded service registration request includes B-TID and MBS Service ID.
  • B-TID represents the identity information generated by the terminal device after the GBA mechanism
  • the MBS Service ID is the MBS service ID.
  • Step 530 MBSF sends MBSF_ID and nonce1 to AMF.
  • MBSF After receiving the service registration request forwarded by AMF, MBSF sends MBSF_ID (that is, the first network element identifier) and nonce1 (that is, the first random number) to AMF, where MBSF_ID is the identity information of MBSF, and nonce1 is a random number.
  • MBSF_ID is the identity information of MBSF
  • nonce1 is a random number.
  • Step 540 AMF calculates Ks_xx_NAF.
  • the AMF calculates the key Ks_xx_NAF (that is, the third key information) according to the random number nonce1.
  • Ks_xx_NAF KDF(KAMF, "gba_xx_NAF", nonce1, SUPI, MBSF_ID).
  • KAMF is the shared key between the terminal device and AMF
  • "gba_xx_NAF” is the GBA process parameter
  • SUPI is the user's real identity
  • nonce1 is a random number
  • MBSF_ID is the identity information of MBSF.
  • the AMF also calculates the user key file, the bootstrap time and the key period.
  • step 550 the AMF forwards the received MBSF_ID and nonce1 to the terminal device.
  • MBSF_ID is the identity information of MBSF
  • nonce1 is a random number.
  • Step 560 the terminal device calculates MRK and MUK.
  • the terminal device After receiving the message forwarded by the AMF, the terminal device first checks the MBSF_ID to verify whether the MBSF is the server that needs to receive the multicast message. If the verification is successful, it calculates the MRK (that is, the fourth key information) and MUK according to Ks_xx_NAF.
  • step 570 the AMF sends the calculated Ks_xx_NAF to the MBSF.
  • AMF also sends the calculated user key file, bootstrap time and key period to MBSF.
  • Step 580 The terminal device calculates and sends the digest RES and the random number nonce2.
  • RES f2 (MRK, nonce1, B-TID) (that is, the first summary information), and nonce2 is the second random number.
  • Step 590 MBSF calculates MRK, MUK and verifies the digest.
  • MBSF calculates MRK and MUK according to the Ks_xx_NAF received from AMF, and then verifies whether the digest RES of the terminal device is legal through the calculated MRK and MUK.
  • Step 5100 MBSF calculates and sends the digest RES*.
  • RES* that is, the second digest information
  • Fig. 6 shows a method flowchart of a service registration process provided by an exemplary embodiment of the present application.
  • the service registration request includes Ks (that is, the fifth key information), and the method includes:
  • Step 610 The terminal device sends a service registration request to the AMF.
  • the service registration request includes the B-TID and the MBS Service ID, where the B-TID represents the identity information generated by the terminal device through the GBA mechanism, and the MBS Service ID is the MBS service ID.
  • Step 620 AMF sends a service registration request to MBSF.
  • AMF After AMF receives the service registration request from the terminal device, it first checks the validity period of the B-TID. When it is determined that the B-TID is within the validity period and the key corresponding to the B-TID is also within the validity period, it forwards to MBSF Service registration request.
  • the forwarded service registration request includes B-TID, MBS Service ID, and Ks.
  • B-TID represents the identity information generated by the terminal device after the GBA mechanism
  • MBS Service ID is the MBS service ID
  • Ks is the shared key formed between the terminal device and the network side based on the GBA mechanism.
  • Step 630 MBSF sends MBSF_ID and nonce1 to AMF.
  • MBSF After receiving the service registration request forwarded by AMF, MBSF sends MBSF_ID (that is, the first network element identifier) and nonce1 (that is, the first random number) to AMF, where MBSF_ID is the identity information of MBSF, and nonce1 is a random number.
  • MBSF_ID is the identity information of MBSF
  • nonce1 is a random number.
  • step 640 the AMF forwards the received MBSF_ID and nonce1 to the terminal device.
  • MBSF_ID is the identity information of MBSF
  • nonce1 is a random number.
  • step 650 the terminal device calculates MRK and MUK.
  • the terminal device After the terminal device receives the message forwarded by AMF, it first checks the MBSF_ID to verify whether the MBSF is the server that needs to receive the multicast message. If the verification is successful, it will calculate the MRK (that is, the fourth key information) according to Ks_xx_NAF (that is, the third key information). Key information) and MUK.
  • Ks_xx_NAF includes one of Ks_ext_NAF and Ks_int_NAF.
  • Ks_ext_NAF KDF(Ks, "gba-me”, nonce1, SUPI, MBSF_ID)
  • Ks_int_NAF KDF(Ks, "gba-u”, nonce1, SUPI, MBSF_ID).
  • Ks is the shared key formed based on the GBA mechanism between the terminal device and the network side
  • "gba-me” and “gba-u” are GBA process parameters
  • nonce1 is a random number
  • SUPI is the user's real identity
  • MBSF_ID It is the identity information of MBSF.
  • Step 660 The terminal device calculates and sends the digest RES and the random number nonce2.
  • RES f2 (MRK, nonce1, B-TID) (that is, the first summary information), and nonce2 is the second random number.
  • Step 670 MBSF calculates MRK, MUK and verifies the digest.
  • MBSF first calculates Ks_xx_NAF, then calculates MRK and MUK according to Ks_xx_NAF, and then verifies whether the digest RES of the terminal device is legal through the calculated MRK and MUK.
  • step 680 the MBSF calculates and sends the digest RES*.
  • RES* that is, the second digest information
  • FIG. 7 shows a flowchart of a method for requesting an authentication process provided by an exemplary embodiment of the present application, and the method includes:
  • Step 710 The terminal device sends a first verification request to the mobile network control plane.
  • the first verification request is used to request to obtain the first key.
  • Step 720 The mobile network control sends a first verification request to the control plane of the first network element.
  • the mobile network control plane After receiving the first verification request sent by the terminal device, the mobile network control plane forwards the first verification request to the first network element control plane.
  • the first verification request forwarded by the mobile network control plane received by the control plane of the first network element does not include the eighth key information, and the eighth key information is used to derive the sixth key information; or, the first network The first verification request forwarded by the mobile network control plane received by the meta control plane includes the eighth key information.
  • the first network element control plane After receiving the first verification request, the first network element control plane verifies the first verification request. If the first verification request is successfully verified, skip to step 7100; if the first verification request fails to verify, then skip to step 730, perform step 730 to step 790.
  • Step 730 The first network element controls to send the first network element identifier and the third random number to the mobile network control plane.
  • the first network element identifier is used to uniquely identify the first network element.
  • the third random number is a 16-octet random number generated at the control plane of the first network element.
  • step 740 the mobile network control sends the first network element identifier and the third random number to the terminal device.
  • the mobile network control plane After receiving the first network element identification and the third random number sent by the first network element control plane, the mobile network control plane forwards the first network element identification and the third random number to the terminal device.
  • Step 750 The terminal device determines the third summary information.
  • the third summary information is verification information generated by the terminal device according to the received third random number.
  • the terminal device after receiving the first network element identifier and the third random number, the terminal device first confirms the identity information of the first network element according to the first network element identifier, and determines that the first network element is a server that requires the MBS service.
  • the process for the terminal to determine the third summary information includes: determining the sixth key information according to the first network element identifier and the third random number, determining the seventh key information according to the sixth key information, and determining the seventh key information according to the seventh key information.
  • the key information and the third random number determine the third digest information.
  • Step 760 The terminal device sends the third summary information and the fourth random number to the control plane of the first network element.
  • the fourth random number is a 16-octet random number generated at the terminal device.
  • Step 770 The control plane of the first network element verifies the third summary information.
  • the control plane of the first network element verifies the third digest information according to the seventh key information.
  • the process of verifying the third summary information by the control plane of the first network element includes: the control plane of the first network element calculates the seventh key information according to the sixth key information; the control plane of the first network element calculates the seventh key information according to the third random number And the seventh key information to verify the third digest information.
  • the above-mentioned sixth key information is a shared key between the terminal device and the control plane of the first network element, the sixth key information needs to be derived from the eighth key information, and the sixth key information is used to derive the first network element. Seven key information.
  • the mobile network control plane calculates the sixth key information; the mobile network control faces the first network element.
  • the control plane of a network element sends the sixth key information; the control plane of the first network element receives the sixth key information.
  • the service registration request forwarded by the mobile network control plane received by the control plane of the first network element includes the eighth key information, and the control plane of the first network element calculates the sixth key according to the eighth key information. Key information.
  • Step 780 The control plane of the first network element sends fourth summary information.
  • the fourth summary information is generated by the control plane of the first network element according to the fourth random number.
  • the first network element controls to send the fourth summary information to the terminal device.
  • the control plane of the first network element also sends a second verification success message.
  • Step 790 The terminal device verifies the fourth summary information.
  • the terminal device receives the fourth summary information fed back from the control plane of the first network element.
  • the terminal device verifies the fourth summary information according to the fourth random number, and if the verification is successful, the service registration process of the terminal device is completed.
  • Step 7100 The control plane of the first network element sends a second verification success message.
  • the second verification success message is used to indicate that the first verification request is successfully verified.
  • the mobile network control plane includes AMF
  • the first network element control plane includes MBSF to exemplify the above request authentication process.
  • the terminal device After the service registration is completed, if the terminal device wants to join a certain MBS session, the terminal device sends an MSK request to MBSF. Specifically, according to two different situations of whether Ks is included in the request message received by the MBSF, the request authentication process for the service key MSK can be triggered respectively.
  • Fig. 8 shows a flowchart of a method for requesting an authentication process provided by an exemplary embodiment of the present application.
  • the first verification request does not include Ks (that is, eighth key information), and the method includes:
  • Step 810 The terminal device sends a first verification request to the AMF.
  • the first verification request includes B-TID and MSK ID, where B-TID represents the identity information generated by the terminal device through the GBA mechanism, and MSK ID is the MSK key ID.
  • Step 820 AMF sends a first verification request to MBSF.
  • the AMF After the AMF receives the first verification request from the terminal device, it first checks the validity period of the B-TID, and when it is determined that the B-TID is within the validity period and the key corresponding to the B-TID is also within the validity period, it then sends a request to MBSF Forward the first verification request.
  • the forwarded first verification request includes B-TID and MSK ID.
  • B-TID represents the identity information generated by the terminal equipment through the GBA mechanism
  • MSK ID is the MSK key ID.
  • the MBSF After receiving the first verification request, the MBSF checks whether the Ks_xx_NAF has expired, if it has not expired, skip to step 8110; if it expires, skip to step 830, and execute step 830 to step 8100.
  • Step 830 MBSF sends MBSF_ID and nonce1 to AMF.
  • MBSF After receiving the service authentication request forwarded by AMF, MBSF sends MBSF_ID (that is, the first network element identifier) and nonce1 (that is, the third random number) to AMF, where MBSF_ID is the identity information of MBSF, and nonce1 is a random number.
  • MBSF_ID is the identity information of MBSF
  • nonce1 is a random number.
  • Step 840 AMF calculates Ks_xx_NAF.
  • the AMF calculates the key Ks_xx_NAF (that is, the sixth key information) according to the random number nonce1.
  • Ks_xx_NAF KDF(KAMF, "gba_xx_NAF", nonce1, SUPI, MBSF_ID).
  • KAMF is the shared key between the terminal device and AMF
  • "gba_xx_NAF” is the GBA process parameter
  • SUPI is the user's real identity
  • nonce1 is a random number
  • MBSF_ID is the identity information of MBSF.
  • the AMF also calculates the user key file, the bootstrap time and the key period.
  • step 850 the AMF forwards the received MBSF_ID and nonce1 to the terminal device.
  • MBSF_ID is the identity information of MBSF
  • nonce1 is a random number.
  • Step 860 the terminal device calculates MRK and MUK.
  • the terminal device After the terminal device receives the message forwarded by the AMF, it first checks the MBSF_ID to verify whether the MBSF is the server that needs to receive the multicast message. If the verification is successful, calculate the MRK (that is, the seventh key information) and MUK according to Ks_xx_NAF.
  • step 870 the AMF sends the calculated Ks_xx_NAF to the MBSF.
  • AMF also sends the calculated user key file, bootstrap time and key period to MBSF.
  • step 880 the terminal device calculates and sends the digest RES and the random number nonce2.
  • RES f2 (MRK, nonce1, B-TID) (that is, the third summary information), and nonce2 is the fourth random number.
  • step 890 MBSF calculates MRK, MUK and verifies the digest.
  • MBSF calculates MRK and MUK according to the Ks_xx_NAF received from AMF, and then verifies whether the digest RES of the terminal device is legal through the calculated MRK and MUK.
  • Step 8100 MBSF calculates and sends the digest RES*.
  • Step 8110 The MBSF sends a verification success identifier to the terminal device.
  • Fig. 9 shows a flowchart of a method for requesting an authentication process provided by an exemplary embodiment of the present application.
  • the first verification request includes Ks (that is, eighth key information), and the method includes:
  • Step 910 The terminal device sends a first verification request to the AMF.
  • the first verification request includes B-TID and MSK ID, where B-TID represents the identity information generated by the terminal device through the GBA mechanism, and MSK ID is the MSK key ID.
  • Step 920 AMF sends a first verification request to MBSF.
  • the AMF After the AMF receives the first verification request from the terminal device, it first checks the validity period of the B-TID, and when it is determined that the B-TID is within the validity period and the key corresponding to the B-TID is also within the validity period, it then sends a request to MBSF Forward the first verification request.
  • the forwarded first verification request includes B-TID, MSK ID, and Ks.
  • B-TID represents the identity information generated by the terminal device after the GBA mechanism
  • MSK ID is the MSK key ID
  • Ks is the shared key formed between the terminal device and the network side based on the GBA mechanism.
  • the MBSF After receiving the first verification request, the MBSF checks whether the Ks_xx_NAF has expired, and if it has not expired, skip to step 990; if it expires, skip to step 930, and execute step 930 to step 980.
  • Step 930 MBSF sends MBSF_ID and nonce1 to AMF.
  • MBSF After receiving the first verification request forwarded by AMF, MBSF sends MBSF_ID (that is, the first network element identifier) and nonce1 (that is, the third random number) to AMF, where MBSF_ID is the identity information of MBSF, and nonce1 is a random number.
  • MBSF_ID is the identity information of MBSF
  • nonce1 is a random number.
  • step 940 the AMF forwards the received MBSF_ID and nonce1 to the terminal device.
  • MBSF_ID is the identity information of MBSF, and nonce1 is a random number;
  • Step 950 the terminal device calculates MRK and MUK.
  • the terminal device After the terminal device receives the message forwarded by AMF, it first checks the MBSF_ID to verify whether the MBSF is the server that needs to receive the multicast message. If the verification is successful, it will calculate the MRK (that is, the seventh key information) according to Ks_xx_NAF (that is, the sixth key information). Key information) and MUK.
  • Ks_xx_NAF includes one of Ks_ext_NAF and Ks_int_NAF.
  • Ks_ext_NAF KDF(Ks, "gba-me”, nonce1, SUPI, MBSF_ID)
  • Ks_int_NAF KDF(Ks, "gba-u”, nonce1, SUPI, MBSF_ID).
  • Ks is a shared key formed based on the GBA mechanism between the terminal device and the network side
  • "gba-me” and “gba-u” are GBA process parameters
  • nonce1 is a random number
  • SUPI is the user's real identity
  • MBSF_ID It is the identity information of MBSF.
  • step 960 the terminal device calculates and sends the digest RES and the random number nonce2.
  • RES f2 (MRK, nonce1, B-TID) (that is, the third summary information), and nonce2 is the fourth random number.
  • step 970 MBSF calculates MRK, MUK and verifies the digest.
  • MBSF first calculates Ks_xx_NAF, then calculates MRK and MUK according to Ks_xx_NAF, and then verifies whether the digest RES of the terminal device is legal through the calculated MRK and MUK.
  • step 980 the MBSF calculates and sends the digest RES*.
  • step 990 the MBSF sends a verification success identifier to the terminal device.
  • Fig. 10 shows a method flowchart of a key distribution process provided by an exemplary embodiment of the present application, and the method includes:
  • Step 1010 The first network element controls to send the first key to the terminal device.
  • the first key is used to encrypt the second key.
  • Step 1020 The terminal device sends a first confirmation message to the control plane of the first network element.
  • the first confirmation message is used to indicate that the terminal device successfully receives the first key.
  • Step 1030 The first network element controls to send the first key to the user plane of the first network element.
  • Step 1040 The first network element controls to send the second key to the terminal device.
  • the second key is used to encrypt MBS service data transmission.
  • Step 1050 The terminal device sends a second confirmation message to the control plane of the first network element.
  • the second confirmation message is used to indicate that the terminal device successfully receives the second key.
  • Step 1060 The first network element controls to send the second key to the user plane of the first network element.
  • the user plane of the first network element uses the second key to encrypt data and sends the data to the terminal device.
  • the process of issuing the upper key is exemplified by assuming that the control plane of the first network element includes MBSF and the user plane of the first network element includes MBSU.
  • the MBSF After the MBSF and the terminal device are successfully authenticated, the MBSF stores the terminal device information to indicate that the terminal device is successfully authenticated. Then execute the MSK, MTK distribution process in turn, as shown in Figure 11. After the issuance is complete, MBSU uses the traffic key MTK to encrypt the multicast data and forwards it by the multimedia multicast user plane function MB-UPF.
  • FIG. 11 shows a flowchart of a method for key distribution process provided by an exemplary embodiment of the present application.
  • Step 1110 MBSF generates MSK for the MSK_ID requested by the successful MSK.
  • the MBSF After the MBSF successfully authenticates the MSK request (that is, the first verification request) of the terminal device, the MBSF generates the service key MSK for the MSK_ID of the successful MSK request.
  • Step 1120 MBSF issues MSK to the terminal device.
  • MSK is encrypted and protected by MUK.
  • Step 1130 When the terminal device successfully receives the MSK, the terminal device returns an ACK to the MBSF.
  • the terminal device when the terminal device does not successfully receive the MSK, the terminal device returns a NACK to the MBSF, and the MBSF needs to re-issue the MSK to the terminal device.
  • Step 1140 MBSF issues MSK to MBSU.
  • the issued MSK includes MSK and the corresponding MSK_ID.
  • Step 1150 MBSF generates MTK_ID and the corresponding MTK.
  • MTK is used to encrypt multicast data.
  • Step 1160 MBSF issues MTK to the terminal device.
  • MTK is protected by MSK.
  • Step 1170 When the terminal device successfully receives the MTK, the terminal device returns an ACK to the MBSF.
  • the terminal device when the terminal device does not successfully receive the MTK, the terminal device returns a NACK to the MBSF, and the MBSF needs to re-issue the MTK to the terminal device.
  • Step 1180 MBSF issues MTK to MBSU.
  • MBSF instructs MBSU to use the delivered traffic key MTK to encrypt the multicast data, and complete the delivery process of MSK and MTK.
  • Fig. 12 shows a network deployment diagram with a multicast service function provided by an exemplary embodiment of the present application.
  • Terminal equipment is connected to 5G-RAN through Uu interface; 5G-RAN and UPF are connected through N3 interface; 5G-RAN and AMF are connected through N2 interface; UPF and MBSU are connected through N6 interface; AMF and MBSF are connected through N6mb-c interface; MBSU Connect with MBSF through Ny interface.
  • FIG. 13 shows a system architecture diagram with a multicast service function provided by an exemplary embodiment of the present application.
  • the UE applies for registration of MBS service in the 5G network, MSK request, and the object of key distribution.
  • 5G-RAN serves as a 5G access network, connecting terminal equipment with the network side.
  • AMF is the access and mobility management function in the 5G core network, and is deployed in a unified manner with SEAF. It is mainly responsible for the GBA server function and initiates the authentication of the MBS server or forwards the authentication request during the MBS service process.
  • MBSF is a multicast broadcast service function.
  • MBS server in this architecture, it is a new network function used to process the control plane signaling part to meet the service layer functions in only transmission mode and full service mode. It is mainly responsible for The MBS service registration process and the MSK request authentication process perform mutual authentication with the UE. In the key distribution process, it is responsible for generating the service key MSK and the traffic key MTK for the UE that successfully applies for the service key MSK.
  • MBSU is the user plane of the multicast broadcast service. It is a new entity that handles the load part to cater to the service layer functions. It is a new network function. It is mainly responsible for using the traffic key MTK to encrypt the multicast data and the multimedia multicast user plane function MB -UPF forwarding.
  • MSK ID MSK key ID used to identify MSK.
  • MRK Request key is mainly used to authenticate the UE during the process of UE requesting key.
  • MUK The user key is mainly used to encrypt MSK.
  • MTK The flow key is mainly used to encrypt MBS service data transmission.
  • MTK ID MTK key ID used to identify MTK.
  • FIG. 14 shows a structural block diagram of a multimedia broadcast multicast service authentication device provided by an exemplary embodiment of the present application.
  • the device includes: a transceiver module 1410;
  • the transceiver module 1410 is configured to interact with the control plane of the first network element through the mobile network control plane through NAS messages, and the interaction is used to complete at least one of the following processes: service registration process, request authentication process, and key distribution process;
  • At least one of the service registration process, the request authentication process, and the key distribution process is used for the MBMS service.
  • the transceiver module 1410 includes a sending sub-module 1411, a receiving sub-module 1412, a determining sub-module 1413, and a verification sub-module 1414.
  • the sending submodule 1411 is configured to add content interacted with the control plane of the first network element to the container, and transmit the container through the mobile network control plane.
  • the sending submodule 1411 is configured to send a service registration request to the mobile network control plane, and the service registration request is used to register the terminal device;
  • the receiving submodule 1412 is configured to be on the first network After receiving the service registration request forwarded by the mobile network control plane, the meta control plane receives the first verification success message sent by the first network element control plane, where the first verification success message is used to indicate that the service registration process corresponding to the service registration request is successful.
  • the sending submodule 1411 is configured to send a first verification request to the mobile network control plane, the first verification request is used to request to obtain the first key; the receiving submodule 1412 is configured to After receiving the first verification request forwarded by the mobile network control plane, the first network element control plane receives a second verification success message sent by the first network element control plane, where the second verification success message is used to indicate that the first verification request is successfully verified.
  • the receiving submodule 1412 is configured to receive the first key and the second key sent by the control plane of the first network element; the first key is used to protect the second key, and the second key is used to protect the second key.
  • the key is used for data transmission between the terminal device and the user plane of the first network element.
  • the receiving submodule 1412 is configured to receive the first network element identifier and the first random number forwarded by the mobile network control plane from the first network element control plane; the determining submodule 1413 is configured In order to determine that the first network element is a server requiring MBS services based on the first network element identifier; the determining submodule 1413 is configured to determine the third key information according to the first network element identifier and the first random number, and according to the third The key information determines the fourth key information, and the first digest information is determined according to the fourth key information and the first random number; the sending submodule 1411 is configured to send the first digest information and the second digest information to the control plane of the first network element. random number.
  • the receiving submodule 1412 is configured to receive second summary information fed back by the control plane of the first network element, where the second summary information is generated by the control plane of the first network element according to the second random number;
  • the verification submodule 1414 is configured to verify the second summary information and complete the service registration process of the terminal device.
  • the service registration request forwarded by the mobile network control plane received by the first network element control plane does not include the fifth key information, and the fifth key information is used to derive the third key information; or , The service registration request forwarded by the mobile network control plane received by the control plane of the first network element includes the fifth key information.
  • the receiving sub-module 1412 is configured to receive a second verification success message sent by the control plane of the first network element when the first verification request is successfully verified.
  • the receiving submodule 1412 is configured to receive the first network element identifier and the first network element identifier and the first network element forwarded by the mobile network control plane from the first network element control plane in the case that the first verification request fails to be verified.
  • the determining sub-module 1413 is configured to determine that the first network element is a server that needs MBS service according to the first network element identifier; the determining sub-module 1413 is configured to determine according to the first network element identifier and the third random number , Determine the sixth key information, determine the seventh key information according to the sixth key information, and determine the third digest information according to the seventh key information and the third random number; the sending submodule 1411 is configured to send to the first network The meta control plane sends the third summary information and the fourth random number.
  • the receiving submodule 1412 is configured to receive fourth summary information fed back by the control plane of the first network element, where the fourth summary information is generated by the control plane of the first network element according to a fourth random number;
  • the verification submodule 1414 is configured to verify the fourth summary information successfully, and complete the verification process of the first verification request of the terminal device.
  • the first verification request forwarded by the mobile network control plane received by the first network element control plane does not include the eighth key information, and the eighth key information is used to derive the sixth key information; Or, the first verification request forwarded by the mobile network control plane received by the control plane of the first network element includes eighth key information.
  • the sending submodule 1411 is configured to feed back a first confirmation message to the control plane of the first network element, where the first confirmation message is used to indicate that the terminal device successfully receives the first key; the sending submodule 1411 , Configured to feed back a second confirmation message to the control plane of the first network element, where the second confirmation message is used to indicate that the terminal device successfully receives the second key.
  • the mobile network control plane includes at least one of AMF network elements, SMF network elements, AUSF network elements, and SEAF network elements; the first network element control plane includes MBSF network elements.
  • the device includes a mobile network control plane module 1501, a first network element control plane module 1502, and a first network element user plane module 1503;
  • the first network element control plane module 1502 interacts with the terminal device through NAS messages through the mobile network control plane module 1501, and the interaction is used to complete at least one of the following processes: service registration process, request authentication process, and key distribution process;
  • At least one of the service registration process, the request authentication process, and the key distribution process is used for the MBMS service.
  • the first network element control plane module 1502 adds the content of interaction with the terminal device to the container, and transmits the container through the mobile network control plane module 1501.
  • the mobile network control plane module 1501 is configured to receive a service registration request sent by a terminal device, and the service registration request is used to register the terminal device; the mobile network control plane module 1501 is configured to The first network element control plane module 1502 forwards the service registration request; the first network element control plane module 1502 is configured to send a first verification success message to the terminal device, and the first verification success message is used to indicate the registration process corresponding to the service registration request success.
  • the mobile network control plane module 1501 is configured to receive a first verification request sent by a terminal device, the first verification request is used to request to obtain the first key; the mobile network control plane module 1501 is configured to The first network element control plane module 1502 is configured to forward the first verification request to the first network element control plane module 1502, and the first network element control plane module 1502 is configured to send a second verification success message to the terminal device, and the second verification success message is used to indicate the first verification. The request is verified successfully.
  • the first network element control plane module 1502 is configured to send the first key and the second key to the terminal device and the first network element user plane module 1503, and the first key is used for The second key is protected, and the second key is used for data transmission between the terminal device and the user plane module 1503 of the first network element.
  • the first network element control plane module 1502 is configured to send the first network element identifier and the first random number to the mobile network control plane module 1501; the mobile network control plane module 1501 is configured to The first network element identification and the first random number are forwarded to the terminal device; the first network element control plane module 1502 is configured to receive the first summary information and the second random number sent by the terminal device, the first summary information is based on the terminal device The first random number is generated; the first network element control plane module 1502 is configured to verify the first digest information according to the fourth key information.
  • the first network element control plane module 1502 when the first summary verification succeeds, is configured to feed back the first verification success message and the second summary information to the terminal device, and the second summary information It is generated by the first network element control plane module 1502 according to the second random number.
  • the first network element control plane module 1502 is configured to calculate the fourth key information according to the third key information; the first network element control plane module 1502 is configured to calculate the fourth key information according to the first network element The random number and the fourth key information verify the first digest information.
  • the service registration request forwarded by the mobile network control plane module 1501 received by the first network element control plane module 1502 does not include the fifth key information, and the fifth key information is used to derive the third key.
  • the service registration request forwarded by the mobile network control plane module 1501 received by the first network element control plane module 1502 includes fifth key information; the first network element control plane module 1502 is configured to Calculate the third key information according to the fifth key information.
  • the first network element control plane module 1502 is configured to verify the first verification request, and if the first verification request is successfully verified, feed back a second verification success message to the terminal device.
  • the first network element control plane module 1502 is configured to verify the first verification request, and if the verification of the first verification request fails, it sends the first verification request to the mobile network control plane module 1501.
  • the mobile network control plane module 1501 is configured to forward the first network element identification and the third random number to the terminal device;
  • the first network element control plane module 1502 is configured to receive the terminal device sending
  • the third summary information and the fourth random number are generated by the terminal device according to the third random number;
  • the first network element control plane module 1502 is configured to compare the third summary information according to the seventh key information Perform verification; if the third summary information is successfully verified, the first network element control plane module 1502 is configured to feed back the fourth summary information to the terminal device, and the fourth summary information is generated according to the fourth random number.
  • the first network element control plane module 1502 is configured to calculate the seventh key information according to the sixth key information; the first network element control plane module 1502 is configured to calculate the seventh key information according to the third The random number and the seventh key information verify the third digest information.
  • the first verification request forwarded by the mobile network control plane received by the first network element control plane does not include the eighth key information, and the eighth key information is used to derive the sixth key information;
  • the mobile network control plane module 1501 is configured to calculate the sixth key information; the mobile network control plane module 1501 is configured to send the sixth key information to the first network element control plane; the first network element control plane module 1502, Is configured to receive sixth key information.
  • the first verification request forwarded by the mobile network control plane received by the first network element control plane includes eighth key information, and the eighth key information is used to derive sixth key information;
  • a network element control plane module 1502 is configured to calculate sixth key information according to the eighth key information.
  • the first network element control plane module 1502 is configured to generate a first key and deliver the first key to the terminal device; the first network element control plane module 1502 is configured to receive The first confirmation message fed back by the terminal device, the first confirmation message is used to indicate that the terminal device successfully receives the first key; the first network element control plane module 1502 is configured to deliver the first network element user plane module 1503 Key; the first network element control plane generates the second key; the first network element control plane module 1502 is configured to issue the second key to the terminal device; the first network element control plane module 1502 is configured to receive The second confirmation message fed back by the terminal device, the second confirmation message is used to indicate that the terminal device successfully receives the second key; the first network element control plane module 1502 is configured to deliver the second network element user plane module 1503 Key.
  • the first network element user plane module 1503 is configured to use the second key to encrypt data and send the data to the terminal device.
  • the mobile network control plane module 1501 includes at least one of an AMF network element module, an SMF network element module, an AUSF network element module, and a SEAF network element module;
  • the first network element control plane module 1502 includes MBSF network element module;
  • the first network element user plane module 1503 includes the MBSU network element module.
  • FIG. 16 shows a schematic structural diagram of a terminal device provided by an exemplary embodiment of the present application.
  • the terminal device includes: a processor 101, a receiver 102, a transmitter 103, a memory 104, and a bus 105.
  • the processor 101 includes one or more processing cores, and the processor 101 executes various functional applications and information processing by running software programs and modules.
  • the receiver 102 and the transmitter 103 may be implemented as a communication component, and the communication component may be a communication chip.
  • the memory 104 is connected to the processor 101 through a bus 105.
  • the memory 104 may be used to store at least one instruction, and the processor 101 is used to execute the at least one instruction to implement each step in the foregoing method embodiment.
  • the memory 104 can be implemented by any type of volatile or non-volatile storage device or a combination thereof.
  • the volatile or non-volatile storage device includes, but is not limited to: magnetic disks or optical disks, electrically erasable and programmable Read Only Memory (Erasable Programmable Read Only Memory, EEPROM), Erasable Programmable Read Only Memory (EPROM), Static Random Access Memory (SRAM), Read Only Memory (Read -Only Memory, ROM), magnetic memory, flash memory, Programmable Read-Only Memory (PROM).
  • a computer-readable storage medium stores at least one instruction, at least one program, code set, or instruction set, and the at least one instruction, the At least one program, the code set or the instruction set is loaded and executed by the processor to implement the multimedia broadcast multicast service authentication method executed by the terminal device provided by the foregoing method embodiments.
  • the program can be stored in a computer-readable storage medium.
  • the storage medium mentioned can be a read-only memory, a magnetic disk or an optical disk, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention se rapporte au domaine des communications sans fil. L'invention concerne un procédé et un appareil d'authentification de service de diffusion/multidiffusion multimédia, ainsi qu'un dispositif et un support de stockage. Le procédé comprend les étapes suivantes : un dispositif terminal interagit avec un premier plan de commande d'élément réseau par le biais d'un plan de commande de réseau mobile au moyen d'un message NAS, l'interaction étant utilisée pour réaliser au moins l'un des processus suivants : un processus d'enregistrement de service, un processus d'authentification de demande et un processus de distribution de clé, au moins l'un des processus parmi le processus d'enregistrement de service, le processus d'authentification de demande et le processus de distribution de clé étant utilisé pour un service MBMS.
PCT/CN2020/086771 2020-04-24 2020-04-24 Procédé et appareil d'authentification de service de diffusion/multidiffusion multimédia, dispositif et support de stockage WO2021212491A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202080099194.9A CN115336377A (zh) 2020-04-24 2020-04-24 多媒体广播组播服务认证方法、装置、设备及存储介质
PCT/CN2020/086771 WO2021212491A1 (fr) 2020-04-24 2020-04-24 Procédé et appareil d'authentification de service de diffusion/multidiffusion multimédia, dispositif et support de stockage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/086771 WO2021212491A1 (fr) 2020-04-24 2020-04-24 Procédé et appareil d'authentification de service de diffusion/multidiffusion multimédia, dispositif et support de stockage

Publications (1)

Publication Number Publication Date
WO2021212491A1 true WO2021212491A1 (fr) 2021-10-28

Family

ID=78270848

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/086771 WO2021212491A1 (fr) 2020-04-24 2020-04-24 Procédé et appareil d'authentification de service de diffusion/multidiffusion multimédia, dispositif et support de stockage

Country Status (2)

Country Link
CN (1) CN115336377A (fr)
WO (1) WO2021212491A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101355720A (zh) * 2007-07-26 2009-01-28 华为技术有限公司 实现广播/组播业务的网络承载架构、方法及适配器
CN109699013A (zh) * 2017-10-24 2019-04-30 华为技术有限公司 一种通信系统、通信方法及其装置
CN109769150A (zh) * 2017-11-09 2019-05-17 华为技术有限公司 一种传输组播业务的方法和设备
CN110167190A (zh) * 2018-02-14 2019-08-23 华为技术有限公司 会话建立方法和设备
CN110663284A (zh) * 2017-06-21 2020-01-07 Lg电子株式会社 在无线通信系统中执行服务请求过程的方法和设备

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101355720A (zh) * 2007-07-26 2009-01-28 华为技术有限公司 实现广播/组播业务的网络承载架构、方法及适配器
CN110663284A (zh) * 2017-06-21 2020-01-07 Lg电子株式会社 在无线通信系统中执行服务请求过程的方法和设备
CN109699013A (zh) * 2017-10-24 2019-04-30 华为技术有限公司 一种通信系统、通信方法及其装置
CN109769150A (zh) * 2017-11-09 2019-05-17 华为技术有限公司 一种传输组播业务的方法和设备
CN110167190A (zh) * 2018-02-14 2019-08-23 华为技术有限公司 会话建立方法和设备

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on architectural enhancements for 5G multicast-broadcast services (Release 17)", 3GPP STANDARD; TECHNICAL REPORT; 3GPP TR 23.757, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG2, no. V0.3.0, 29 January 2020 (2020-01-29), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , pages 1 - 37, XP051860857 *
ERICSSON, LG ELECTRONICS, ZTE, SAMSUNG: "5MBS Architecture", 3GPP DRAFT; S2-2001381, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG2, no. Incheon, KR; 20200113 - 20200117, 16 January 2020 (2020-01-16), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , XP051844123 *
OPPO: "Solution for Broadcast Session Start", 3GPP DRAFT; S2-2001707, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG2, no. Incheon, Korea; 20200113 - 20200117, 27 January 2020 (2020-01-27), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , XP051845605 *
VIVO: "Solution for multicast session management", 3GPP DRAFT; S2-2001706, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG2, no. Seoul, Korea; 20200113 - 20200117, 27 January 2020 (2020-01-27), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , XP051845604 *

Also Published As

Publication number Publication date
CN115336377A (zh) 2022-11-11

Similar Documents

Publication Publication Date Title
US8441974B2 (en) Method of providing multicast broadcast service
US8595485B2 (en) Security management method and system for WAPI terminal accessing IMS network
US9030989B2 (en) Method and apparatus for broadcasting/multicasting content from mobile user equipment over an MBMS network
WO2012174959A1 (fr) Procédé, système et passerelle d'authentification de groupe dans une communication entre machines
WO2013185735A2 (fr) Procédé et système de cryptage
WO2020253736A1 (fr) Procédé, appareil et système d'authentification
AU2020395266B2 (en) Methods and systems for multicast and broadcast service establishment in wireless communication networks
JP2019508984A (ja) 通信ネットワークを介してデータを中継するシステム及び方法
JP2016501488A (ja) Ueのmtcグループに対するブロードキャストにおけるグループ認証
WO2013166908A1 (fr) Procédé, système, équipement terminal et appareil de réseau d'accès de génération d'informations de clé
WO2022175538A1 (fr) Procédé de fonctionnement d'un réseau cellulaire
WO2018170703A1 (fr) Procédé et dispositif d'établissement de connexion
CN113423103B (zh) 一种d2d辅助通信的统一轻量级可溯源安全数据传输方法
JP2023550280A (ja) マルチキャスト暗号化鍵を分配するための方法及びデバイス
WO2021212497A1 (fr) Procédé et appareil d'authentification de sécurité, et dispositif et support de stockage
WO2021212495A1 (fr) Procédé et appareil d'authentification de service de diffusion/multidiffusion multimédia, dispositif et support
WO2021212491A1 (fr) Procédé et appareil d'authentification de service de diffusion/multidiffusion multimédia, dispositif et support de stockage
WO2022027686A1 (fr) Procédé et appareil d'enregistrement
WO2021138801A1 (fr) Procédé et appareil de transmission de service sécurisée, dispositif terminal, et dispositif réseau
WO2023138349A1 (fr) Procédé de vérification, appareil de communication et système de communication
WO2023231032A1 (fr) Procédé et appareil pour déterminer une zone de service de multidiffusion inactive, et procédé et appareil pour configurer une zone de service de multidiffusion inactive
WO2022237741A1 (fr) Procédé et appareil de communication
WO2024001889A1 (fr) Procédé et dispositif de demande de politique v2x
WO2023212903A1 (fr) Procédé de communication par relais, et dispositif
WO2022217571A1 (fr) Procédé et appareil d'authentification pour tranche de réseau, et dispositif et support de stockage

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20931906

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20931906

Country of ref document: EP

Kind code of ref document: A1