WO2022171156A1 - 配置演进分组系统非接入层安全算法的方法及相关装置 - Google Patents
配置演进分组系统非接入层安全算法的方法及相关装置 Download PDFInfo
- Publication number
- WO2022171156A1 WO2022171156A1 PCT/CN2022/075767 CN2022075767W WO2022171156A1 WO 2022171156 A1 WO2022171156 A1 WO 2022171156A1 CN 2022075767 W CN2022075767 W CN 2022075767W WO 2022171156 A1 WO2022171156 A1 WO 2022171156A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- nas security
- terminal device
- access
- security algorithm
- message
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 159
- 238000004891 communication Methods 0.000 claims abstract description 26
- 230000006870 function Effects 0.000 claims description 117
- 238000004590 computer program Methods 0.000 claims description 13
- 238000010295 mobile communication Methods 0.000 claims description 5
- 230000007774 longterm Effects 0.000 claims description 4
- 238000007726 management method Methods 0.000 description 137
- 230000008569 process Effects 0.000 description 43
- 230000004044 response Effects 0.000 description 18
- 238000012545 processing Methods 0.000 description 14
- 238000010586 diagram Methods 0.000 description 12
- 230000005540 biological transmission Effects 0.000 description 6
- 230000001360 synchronised effect Effects 0.000 description 5
- 230000002159 abnormal effect Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 101150119040 Nsmf gene Proteins 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000037361 pathway Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/37—Managing security policies for mobile devices or for controlling mobile applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0011—Control or signalling for completing the hand-off for data sessions of end-to-end connection
- H04W36/0033—Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
- H04W36/0038—Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W60/00—Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
Definitions
- the present application relates to the field of communication technologies, and in particular, to a method and related apparatus for configuring an evolved packet system (EPS) non-access stratum (non-access stratum, NAS) security algorithm.
- EPS evolved packet system
- NAS non-access stratum
- the registration process of the UE includes two security mode commands (security mode commands, SMC) process.
- the first SMC process is normal and the second SMC is abnormal, which will result in no EPS NAS security algorithm in the UE after successful registration. Therefore, how to ensure that EPS NAS security is successfully configured for the UE Algorithms have become an urgent problem to be solved.
- the present application provides a method and related apparatus for configuring an EPS NAS security algorithm, which ensures that the access and mobility management functional entity can successfully configure the EPS NAS security algorithm for a terminal device.
- the present application provides a method for configuring an EPS NAS security algorithm, the method comprising: an access and mobility management function entity determines that the selected EPS NAS security algorithm is not successfully provided for a terminal device; The management function entity provides the selected EPS NAS security algorithm to the terminal device.
- the access and mobility management function entity fails to provide the selected EPS NAS security algorithm for the terminal device, it re-provides the selected EPS NAS security algorithm to the terminal device, which can ensure the access and mobility management functions.
- the entity is able to successfully configure the selected EPS NAS security algorithm for the end device.
- the method further includes: the access and mobility management function entity sends a message to the terminal device.
- the terminal device sends a first message, and the first message includes the information element of the selected EPS NAS security algorithm.
- the access and mobility management function entity determining that the selected EPS NAS security algorithm is not successfully provided for the terminal device includes: determining that the access and mobility management function entity has not received the first complete message, the first completion message is used to indicate that the terminal device has received the first message.
- the access and mobility management function entity determining that the first completion message has not been received includes: the access and mobility management function entity determining that the first completion message has not been received within a preset time. Done message.
- the access and mobility management functional entity determines that the selected EPS NAS security algorithm has not been successfully provided for the terminal device by not receiving the first completion message within the preset time, thereby improving the access and mobility management functional entity. Determines the accuracy with which the selected EPS NAS security algorithm has not been successfully provided to the end device.
- the first message is a security mode command SMC message
- the first completion message is an SMC completion message
- the method includes: the access and mobility management functional entity marking the selected EPS NAS security algorithm as invalid.
- the access and mobility management function entity marks the selected EPS NAS security algorithm as invalid after determining that the selected EPS NAS security algorithm is not successfully provided for the terminal device.
- the access and mobility management function entity can re-provide the selected EPS NAS security algorithm for the terminal device according to the marked information that the selected EPS NAS security algorithm is invalid, which ensures that the access and mobility management function entity can successfully provide the terminal device with the selected EPS NAS security algorithm.
- the selected EPS NAS security algorithm is re-provide the selected EPS NAS security algorithm for the terminal device according to the marked information that the selected EPS NAS security algorithm is invalid, which ensures that the access and mobility management function entity can successfully provide the terminal device with the selected EPS NAS security algorithm.
- the method further includes: the access and mobility management functional entity A registration request message from the terminal device is received.
- the method further includes: the access and mobility management function entity determines to update the selected EPS NAS security algorithm; the access and mobility management function entity provides the update to the terminal device After the selected EPS NAS security algorithm.
- the method further includes: determining that the access and mobility management functional entity fails to provide the terminal device with the updated selected EPS NAS security algorithm; The management function entity provides the updated selected EPS NAS security algorithm to the terminal device.
- the access and mobility management functional entity provides the terminal device with the updated selected EPS NAS security algorithm after determining that the updated selected EPS NAS security algorithm has not been successfully provided to the terminal device, thereby ensuring the access to the terminal device.
- the access and mobility management functional entity can successfully configure the updated selected EPS NAS security algorithm for the terminal device, so that the EPS NAS security algorithm in the terminal device is consistent with the updated selected EPS NAS security algorithm determined by the access and mobility management functional entity. Consistent.
- the access and mobility management functional entity supports the N26 interface, and the terminal device supports the S1 mode.
- a valid fifth-generation mobile communication 5G NAS security context indicated by the terminal device exists in the access and mobility management functional entity.
- the present application provides a method for configuring an EPS NAS security algorithm, the method comprising: determining by a terminal device that a selected EPS NAS security algorithm corresponding to a fifth-generation mobile communication 5G NAS security context does not exist; Delete the 5G NAS security context; the terminal device sends a second message to the access and mobility management function entity, where the second message is used to request the 5G NAS security context; the terminal device receives information from the access and mobility management function entity and the selected EPS NAS security algorithm information element of the mobility management function entity.
- the 5G NAS security context in the case where the 5G NAS security context already exists in the terminal device, first determine whether the corresponding selected EPS NAS security algorithm exists in the 5G NAS security context of the terminal device, if the terminal device determines that the 5G NAS security context does not exist If the corresponding selected EPS NAS security algorithm exists, the 5G NAS security context is deleted, and the 5G NAS security context is re-requested to the access and mobility management functional entity, and the access and mobility management functional entity sends the 5G NAS security context to the terminal device again. and the corresponding selected EPS NAS security algorithm information element, which ensures that the terminal device can successfully configure the EPS NAS security algorithm.
- the determining by the terminal device that the selected EPS NAS security algorithm corresponding to the 5G NAS security context does not exist includes: determining, by the terminal device, that it has not received all the information from the access and mobility management functional entity. The cell of the selected EPS NAS security algorithm.
- determining that the terminal device has not received the information element of the selected EPS NAS security algorithm from the access and mobility management functional entity includes: the terminal device has not received the information element within a preset time to the selected EPS NAS security algorithm information element from the access and mobility management functional entity.
- the selected EPS corresponding to the 5G NAS security context does not exist in the terminal device by not receiving the information element of the selected EPS NAS security algorithm from the access and mobility management functional entity within the preset time.
- the NAS security algorithm improves the accuracy of the selected EPS NAS security algorithm for the terminal device to determine that there is no 5G NAS security context corresponding to it.
- the method further includes: the terminal device receives the access and mobility management function The third message sent by the entity, the third message includes the 5G NAS security context; the terminal device sends a third completion message to the access and mobility management function entity, and the third completion message is used to indicate that the The terminal device has received the third message.
- the terminal device activates the 5G NAS security context by receiving the third message that is sent by the access and mobility management function entity and carries the 5G NAS security context, and sends the third completion message to the access and mobility management function entity, It is ensured that the terminal device successfully activates the 5G NAS security context.
- the terminal device determining that the selected EPS NAS security algorithm corresponding to the 5G NAS security context does not exist includes: determining that the next generation radio access network key set identifier ngKSI does not correspond to the selected EPS NAS security algorithm.
- the selected EPS NAS security algorithm corresponding to the 5G NAS security context does not exist in the terminal device by determining that the next-generation radio access network key set identifier ngKSI does not have a corresponding selected EPS NAS security algorithm, thereby improving the The accuracy of the selected EPS NAS security algorithm corresponding to the terminal device's determination that there is no 5G NAS security context.
- the method further includes: the terminal device sets the ngKSI to an invalid value.
- the terminal device when the terminal device determines that the selected EPS NAS security algorithm corresponding to the 5G NAS security context does not exist, the terminal device sets the ngKSI to an invalid value, so as to report to the access and mobility management function entity in the next registration request Re-request 5G NAS security context.
- the terminal device is disconnected from the Long Term Evolution LTE system, and the second message is used to request registration to the new wireless NR system.
- the terminal device determines that the access and mobility management functional entity supports the N26 interface.
- the access and mobility management functional entity supports the N26 interface, and the terminal device supports the S1 mode.
- the present application provides an apparatus for configuring an EPS NAS security algorithm.
- the apparatus may include various modules for implementing the method in the first aspect, and these modules may be implemented in software and/or hardware.
- the present application provides an apparatus for configuring an EPS NAS security algorithm
- the apparatus may include various modules for implementing the method in the second aspect, and these modules may be implemented in software and/or hardware.
- the present application provides an apparatus for configuring an EPS NAS security algorithm.
- the apparatus may include a processor coupled to the memory.
- the memory is used for storing program codes
- the processor is used for executing the program codes in the memory, so as to implement the method in the first aspect or the second aspect or any one of the implementation manners thereof.
- the apparatus may also include the memory.
- the present application provides a chip, comprising at least one processor and a communication interface, wherein the communication interface and the at least one processor are interconnected through a line, and the at least one processor is configured to run a computer program or instruction to execute The method according to the first aspect or the second aspect or any one of the possible implementations thereof.
- the present application provides a computer-readable medium, the computer-readable medium stores program code for device execution, and the program code includes a computer-readable medium for executing the first aspect or the second aspect or any one of them. implement the method described.
- the present application provides a computer program product comprising instructions, which, when the computer program product is run on a computer, causes the computer to execute the method described in the first aspect or the second aspect or any one of the possible implementations thereof. method.
- the present application provides an access and mobility management functional entity, comprising at least one processor and a communication interface, the communication interface and the at least one processor are interconnected through a line, and the communication interface communicates with a target system,
- the at least one processor is configured to run a computer program or instructions to perform the method according to the first aspect or any one of the possible implementations.
- the present application provides a terminal device, comprising at least one processor and a communication interface, the communication interface and the at least one processor are interconnected through a line, the communication interface communicates with a target system, and the at least one processor
- the computer is used to run a computer program or instructions to perform the method as described in the second aspect or any one of the possible implementations thereof.
- the present application provides a communication system, comprising at least one processor and a communication interface, the communication interface and the at least one processor are interconnected through a line, the communication interface communicates with a target system, the at least one The processor is used to run a computer program or instructions to perform the method as described in the first aspect or the second aspect or any of the possible implementations thereof.
- FIG. 1 is a schematic diagram of a 5G network architecture according to an embodiment of the present application.
- FIG. 2 is a schematic diagram of another 5G network architecture according to an embodiment of the present application.
- FIG. 3 is a schematic flowchart of a method for configuring an EPS NAS security algorithm according to an embodiment of the present application
- FIG. 4 is a schematic flowchart of a method for configuring an EPS NAS security algorithm according to an embodiment of the present application
- FIG. 5 is a schematic flowchart of a method for configuring an EPS NAS security algorithm according to another embodiment of the present application.
- FIG. 6 is a schematic flowchart of another method for configuring an EPS NAS security algorithm according to an embodiment of the present application
- FIG. 7 is a schematic flowchart of a method for configuring an EPS NAS security algorithm according to another embodiment of the present application.
- FIG. 8 is a schematic flowchart of a method for configuring an EPS NAS security algorithm according to another embodiment of the present application.
- FIG. 9 is a schematic structural diagram of an apparatus for configuring an EPS NAS security algorithm according to an embodiment of the present application.
- FIG. 10 is a schematic structural diagram of an apparatus for configuring an EPS NAS security algorithm according to another embodiment of the present application.
- FIG. 11 is a schematic structural diagram of an apparatus for configuring an EPS NAS security algorithm according to another embodiment of the present application.
- FIG. 1 is a schematic diagram of a 5G network architecture according to an embodiment of the present application, and a 5G system is also referred to as a new wireless communication system, a new access technology (new radio, NR) or a next-generation mobile communication system.
- a 5G system is also referred to as a new wireless communication system, a new access technology (new radio, NR) or a next-generation mobile communication system.
- new wireless communication system new access technology (new radio, NR) or a next-generation mobile communication system.
- NR new access technology
- the network architecture includes UE, access network (AN), core network and data network (DN).
- the access network is mainly used to implement functions such as wireless physical layer functions, resource scheduling and wireless resource management, wireless access control and mobility management;
- the core network may include management equipment and gateway equipment, and the management equipment is mainly used for terminal equipment. Device registration, security authentication, mobility management and location management, etc.
- the gateway device is mainly used to establish a channel with the terminal device, and forward the data packets between the terminal device and the external data network on the channel;
- the data network can include network devices ( Such as: servers, routers and other equipment), the data network is mainly used to provide a variety of data business services for terminal equipment.
- FIG. 1 is only an exemplary architecture diagram.
- the network architecture may further include other functional units, which are not limited in this embodiment of the present application.
- the access network in the 5G system can be a radio access network (R)AN, and the (R)AN device in the 5G system can be composed of multiple 5G-(R)AN nodes.
- the R)AN node may include: a non-3GPP access network such as an access point (AP) of a WiFi network, a next-generation base station (which may be collectively referred to as a new-generation radio access network node NG-RAN node), wherein the following
- the first-generation base station includes a new air interface base station (NR nodeB, gNB), a new generation of evolved base station (NG-eNB), a central unit (CU) and a distributed unit (distributed unit, DU) separate form gNB, etc.), transceiver point (transmission receive point, TRP), transmission point (transmission point, TP) or other nodes.
- NR nodeB new air interface base station
- NG-eNB new generation of evolved base station
- CU central unit
- DU distributed
- the core network may include access and mobility management function (AMF) network elements, session management function (session management function, SMF) network elements, user plane functions (user plane functions, UPF) network element, authentication server function (AUSF) network element, policy control function (PCF) network element, application function (AF) network element, unified data management function (unified data) management, UDM) network element, network slice selection function (network slice selection function, NSSF) network element and other functional units.
- AMF access and mobility management function
- SMF session management function
- UPF user plane functions
- AUSF authentication server function
- PCF policy control function
- AF application function
- UDM network slice selection function
- NSSF network slice selection function
- the AMF network element is mainly responsible for services such as mobility management and access management.
- the SMF network element is mainly responsible for session management, UE address management and allocation, dynamic host configuration protocol function, and user plane function selection and control.
- UPF is mainly responsible for external connection to the data network (DN) and data packet routing and forwarding on the user plane, packet filtering, and performing quality of service (QoS) control related functions.
- AUSF is mainly responsible for the authentication function of terminal equipment.
- the PCF network element is mainly responsible for providing a unified policy framework for network behavior management, providing policy rules for control plane functions, and acquiring registration information related to policy decisions. It should be noted that these functional units can work independently, or can be combined to implement certain control functions, such as access control and mobility management functions such as access authentication, security encryption, location registration, etc. Session management functions such as establishment, release, and modification of plane transmission paths.
- the functional units in the 5G network can communicate through the next generation network (NG) interface.
- the UE can transmit control plane messages with the AMF network element through the NG interface 1 (N1 for short).
- NG interface 3 (N3 for short) establishes a user plane data transmission channel with UPF
- AN/RAN equipment can establish a control plane signaling connection with AMF network elements through NG interface 2 (N2 for short)
- UPF can use NG interface 4 (N4 for short) Exchange information with SMF network elements.
- UPF can exchange user plane data with data network DN through NG interface 6 (N6 for short), AMF network elements can exchange information with SMF network elements through NG interface 11 (N11 for short), SMF network elements
- the NG interface 7 (N7 for short) can exchange information with the PCF network element, and the AMF network element can exchange information with the AUSF through the NG interface 12 (N12 for short).
- the network architecture shown in FIG. 1 is a reference point-based network architecture, and the network architecture is a network architecture in a non-roaming scenario.
- the method of the present application can also be applied in a roaming scenario, and the network architecture is not limited to a reference point-based network. architecture, or a network architecture based on service-oriented interfaces.
- FIG. 2 is a schematic diagram of a 5G network architecture according to another embodiment of the present application.
- the network architecture is mainly a network architecture based on service-oriented interfaces.
- the core network also includes NEF and NRF network elements.
- AUSF network elements In the scenario based on service-oriented interfaces, some network elements in the core network are connected through a bus.
- the SMF network element is connected to the bus through the Nsmf interface
- the AF network element is connected to the bus through the NAF network element interface
- the UDM network element is connected to the bus through the Nudm interface
- the PCF network element is connected to the bus through the NPCF network element interface
- the NRF network element is connected to the bus through the NPCF network element interface.
- the UE registration process may include two SMC processes.
- the first SMC process is normal and the second SMC is abnormal.
- the network may not re-execute the second SMC process.
- the configuration information of the EPS NAS security algorithm is issued by the network to the UE in the second SMC process, which will cause the UE to have no EPS NAS security algorithm after the registration is successful, which will cause the UE to switch to long-term evolution (long term evolution). evolution, LTE), problems such as handover failure, service interruption and/or service function discontinuity may occur.
- the present application proposes a new technical solution.
- the technical solution proposed in this application can ensure that the access and mobility management functional entity can successfully configure the EPS NAS security algorithm for the terminal device.
- FIG. 3 is a schematic flowchart of a method for configuring an EPS NAS security algorithm according to an embodiment of the present application. As shown in FIG. 3 , the method includes at least S301 to S302.
- the access and mobility management function entity determines that the selected EPS NAS security algorithm is not successfully provided for the terminal device.
- the EPS NAS security algorithm selected by the access and mobility management functional entity for the terminal device may be selected by the access and mobility management functional entity for the terminal device in a scenario where the terminal device does not have a valid EPS NAS security algorithm EPS NAS security algorithm; alternatively, the access and mobility management functional entity provides the selected EPS NAS security algorithm for the terminal device.
- the access and mobility management functional entity is the terminal device. Device-reselected EPS NAS security algorithm.
- An implementation manner for the access and mobility management functional entity to provide the selected EPS NAS security algorithm for the terminal device is: the access and mobility management functional entity sends a first message to the terminal device, and the first message includes the access and mobility management function
- the entity is the information element (IE) of the EPS NAS security algorithm selected by the terminal device.
- An example of the first message is an SMC message.
- the information element of the NAS security algorithm in this embodiment may indicate the algorithm used for encryption and integrity protection
- the information element of the EPS NAS security algorithm may indicate the algorithm used for encryption and integrity protection in EPS.
- the information element in this embodiment can also be replaced with information.
- the information element may be the selected EPS NAS security algorithm itself, or may be information used to indicate the selected EPS NAS security algorithm, for example, may be a valid value used to indicate the selected EPS NAS security algorithm.
- the specific form of the information element in this embodiment may be bits.
- an example where the access and mobility management function entity determines that the selected EPS NAS security algorithm is not successfully provided for the terminal device includes: the access and mobility management function entity determines that the first completion from the terminal device is not received.
- the first completion message is used to indicate that the terminal device has received the information element of the EPS NAS security algorithm selected by the access and mobility management function entity for it.
- the access and mobility management function entity does not receive the first completion message from the terminal device within a preset time period, it may be determined that the selected EPS NAS is not successfully provided for the terminal device.
- An example of the first completion message is an SMC completion message.
- Another example where the access and mobility management function entity determines that the selected EPS NAS security algorithm is not successfully provided to the terminal device includes: the terminal device does not receive the first message from the access and mobility management function entity within a preset time. , then send a first indication message to the access and mobility management function entity, where the first indication message is used to indicate that the terminal device has not successfully received the message of the information element of the EPS NAS security algorithm; the access and mobility management function entity receives the first indication After the message, it is determined that the selected EPS NAS security algorithm was not successfully provided to the terminal device.
- the access and mobility management functional entity supports the N26 interface
- the terminal device supports the S1 mode.
- the N26 interface is the interface between the 4th generation (4th generation, 4G) core network and the 5G core network, that is, the interface between the mobility management entity (MME) network element and the AMF network element, For 4G and 5G interoperability.
- MME mobility management entity
- the access and mobility management function entity may receive a Registration Request (Registration Request) message from the terminal device.
- Registration Request Registration Request
- the access and mobility management function entity After the access and mobility management function entity receives the registration request message from the terminal device, in response to the registration request message, it can determine whether there is a valid 5G NAS security context indicated by the terminal device on the access and mobility management function entity; if If it exists, it is further judged whether the access and mobility management functional entity has successfully provided the selected EPS NAS security algorithm to the terminal device; if it does not exist, the SMC process is issued to the terminal device to activate the effective 5G NAS security indicated by the terminal device. context.
- the access and mobility management function entity supports the N26 interface.
- the entity sends the first SMC process to the terminal device, it can also send the SMC process to the terminal device again and carry the EPS NAS security algorithm selected for the terminal device; there is no indication of the terminal device on the access and mobility management function entity.
- the access and mobility management functional entity will issue the first SMC process to the terminal device after the , it is not necessary to re-deliver the SMC process to the terminal device and carry the information element of the EPS NAS security algorithm selected for the terminal device.
- the access and mobility management function entity determines that the selected EPS NAS security algorithm has not been successfully provided for the terminal device, it can mark the marking information of the unsuccessful configuration of the selected EPS NAS security algorithm for the terminal device. .
- the access and mobility management function entity may be an AMF network element in a 5G network, or a network element with access and mobility management functions in a 6G network.
- the access and mobility management functional entity provides the selected EPS NAS security algorithm to the terminal device.
- the access and mobility management function entity determines that the selected EPS NAS security algorithm is not successfully provided for the terminal device, the selected EPS NAS security algorithm is re-provided to the terminal device.
- the access and mobility management function entity may determine that it is unsuccessful
- the selected EPS NAS security algorithm is provided to the end device, so the first message is resent to the end device.
- the access and mobility management function entity may determine that there is no The selected EPS NAS security algorithm is successfully provided for the terminal device, and the selected EPS NAS security algorithm is marked as an invalid value, and then after the access and mobility management function entity receives the registration request message from the terminal device, the access In the case where a valid 5G security context of the terminal device exists on the mobile management function entity, the first message is resent to the terminal device because the selected EPS NAS security algorithm is marked as an invalid value.
- the access and mobility management function entity updates the selected EPS NAS security algorithm to the terminal device, and when it is determined that the updated EPS NAS security algorithm is not successfully provided for the terminal device, it can generate the selected EPS NAS security algorithm update. indication information; and when receiving an initial access request message (such as a registration request message) from the terminal device, re-provide the updated EPS NAS security algorithm to the terminal device based on the indication information.
- an initial access request message such as a registration request message
- the access and mobility management function entity selects the encryption algorithm and the integrity algorithm used in the EPS, and indicates the selected algorithm to the terminal device through the information element of the selected EPS NAS security algorithm, such as by indicating to the terminal
- the device sends an SMC message, which indicates the selected algorithm to the terminal device by means of the information element of the selected EPS NAS security algorithm.
- the access and mobility management function entity re-provides the selected EPS NAS security algorithm to the terminal device under the condition that the selected EPS NAS security algorithm is not successfully provided for the terminal device, which can ensure the access and mobility management functional entities are able to successfully configure the selected EPS NAS security algorithm for the terminal device.
- what the access and mobility management functional entity re-sends is not limited to the EPS NAS security algorithm selected by the access and mobility management functional entity, but may also be the one that supports 5G and/or in the future.
- the 5G security algorithm obtained by the terminal device of the 6G network when it registers with the 6G network.
- the 5G security algorithm can be used by the terminal device to subsequently generate the 5G NAS security context.
- the access and mobility management function entity determines that the NAS security context for the terminal equipment to be subsequently generated by the terminal equipment is not successfully provided, the method for sending the NAS security context to the terminal equipment can be included in this application.
- the scope of protection of technical solutions can be included in this application.
- FIG. 4 is a schematic flowchart of a method for configuring an EPS NAS security algorithm according to an embodiment of the present application. As shown in FIG. 4 , the method includes at least S401 to S414. In this embodiment, the access and mobility management functional entity is an AMF network element.
- the UE sends a registration request message to the AMF network element, where the registration request message carries the value of ngKSI of 7.
- the registration request message may be referred to as a first registration request message.
- next generation radio access network key set identifier (key set identifier for next generation radio access network, ngKSI) carried in the first registration request information initiated by the UE to the AMF network element
- ngKSI next generation radio access network key set identifier for next generation radio access network
- the AMF network element sends an identity authentication request (identity request) message to the UE.
- the UE sends an identity authentication response (identity response) message to the AMF network element.
- the AMF network element sends an authentication request (authentication request) message to the UE.
- the UE may generate an inactive 5G NAS security context according to the authentication request (authentication request) message.
- the UE sends an authentication response (authentication response) message to the AMF network element.
- S402 to S405 are the process of performing identity authentication and authentication authentication between the UE and the AMF network element. After the UE has passed the identity authentication and authentication authentication of the AMF network element, the AMF network element will perform the following registration process with the UE.
- the AMF network element sends an SMC message to the UE, where the SMC message carries a valid value of ngKSI.
- This SMC message may be referred to as the first SMC message.
- the AMF network element After the UE passes the identity authentication and authentication authentication of the AMF network element, the AMF network element sends the first SMC message to the UE.
- the first SMC message carries the valid value of ngKSI, which is used to activate the 5G NAS security context in the UE.
- a current security context current security context
- the valid value of ngKSI can be any integer value from 0 to 6, and each integer value corresponds to a set of 5G NAS security contexts.
- the UE sends an SMC completion message to the AMF network element.
- This SMC complete message may be referred to as the first SMC complete message.
- the UE When the UE successfully receives the first SMC message sent by the AMF network element, and successfully activates the 5G NAS security context according to the valid value of ngKSI carried in the first SMC message, it sends the first SMC complete message to the AMF network element, indicating that the UE has The 5G NAS security context corresponding to the valid value of ngKSI is successfully configured.
- the AMF network element sends an SMC message to the UE, where the SMC message carries the information element of the selected EPS NAS security algorithm. This SMC message is called the second SMC message.
- the AMF network element When the AMF network element receives the first SMC complete message sent by the UE, it sends a second SMC message to the UE.
- the second SMC message carries the information element of the selected EPS NAS security algorithm, which is used to configure the selected EPS for the UE.
- the EPS NAS security algorithm corresponding to the cell of the NAS security algorithm.
- the information element of the EPS NAS security algorithm can be any integer value from 0 to 7, and each integer value corresponds to an EPS NAS security algorithm.
- the UE in this embodiment supports the S1 mode, and the AMF network element supports the N26 interface.
- the AMF network element does not receive the SMC complete message sent by the UE in response to the second SMC message, and marks the selected EPS NAS security algorithm as invalid.
- This SMC complete message is referred to as the second SMC complete message.
- the AMF network element After the AMF network element sends the second SMC message to the UE, the AMF network element does not receive the second SMC complete message sent by the UE, which means that the UE has not successfully configured the EPS NAS security algorithm selected by the AMF in the second SMC message.
- the selected EPS NAS security algorithm corresponding to the cell.
- the UE does not receive the second SMC message that is sent by the AMF network element and carries the information element of the selected EPS NAS security algorithm.
- the UE receives the second SMC message that is sent by the AMF network element and carries the information element of the selected EPS NAS security algorithm, but cannot be successfully configured according to the information element of the selected EPS NAS security algorithm The corresponding selected EPS NAS security algorithm.
- the above S401 to S409 may be referred to as the first registration process; the registration process described below may be referred to as the second registration process.
- the UE sends a registration request message to the AMF network element, where the registration request message carries a valid value of ngKSI.
- the registration request message may be referred to as a second registration request message.
- the UE After the first registration process, the UE has successfully activated the corresponding 5G NAS security context according to the valid value of ngKSI carried by the AMF network element in the first SMC message.
- the value of the ngKSI carried in the second registration request message is the valid value of the ngKSI corresponding to the 5G NAS security context in the UE. That is to say, the valid value of ngKSI carried by the UE in the second registration request message is the same as the valid value of ngKSI carried by the AMF network element in the first SMC message in the first registration process.
- the AMF network element checks the second registration request message.
- the checking of the second registration request message by the AMF network element includes performing an integrity check on the second registration request message and judging whether the AMF network element can successfully decrypt the NAS message container (NAS message container) in the second registration request message.
- the AMF network element sends an SMC message to the UE, where the SMC message carries the valid value of ngKSI and the information element of the selected EPS NAS security algorithm.
- This SMC message may be referred to as a third SMC message.
- the AMF network element checks whether there is a valid EPS NAS security algorithm in the security context corresponding to the ngKSI of the terminal device, and if not, provides the selected EPS NAS security algorithm through the SMC process.
- the AMF network element because in S409, the AMF network element marks the selected EPS NAS security algorithm corresponding to the ngKSI in the current security context as invalid, the AMF network element sends the third SMC message to the UE.
- the third SMC message carries the valid value of ngKSI, the valid value of ngKSI carried by the UE in the second registration request information, and the difference between the valid value of ngKSI carried by the AMF network element in the first SMC message in the first registration request process.
- the valid values are the same; the information element of the selected EPS NAS security algorithm carried in the third SMC message is the same as the information element of the EPS NAS security algorithm carried by the AMF network element in the second SMC message.
- the information element that carries the selected EPS NAS security algorithm configures the selected EPS NAS security algorithm.
- the UE sends an SMC completion message to the AMF network element.
- This SMC complete message may be referred to as a third SMC complete message.
- the UE After the UE successfully configures the selected EPS NAS security algorithm corresponding to the information element of the selected EPS NAS security algorithm carried by the AMF network element in the third SMC message, the UE sends a third SMC complete message to the AMF network element.
- the AMF network element sends a registration success message to the UE.
- the AMF network element After the UE is successfully registered according to the second registration request message, the AMF network element sends a registration success message to the UE.
- the UE initiates a registration request message to the AMF network element when there is no 5G NAS security context.
- the UE supports the S1 mode and the network supports the N26 interface, the UE only successfully receives the first registration request during the first registration process.
- the AMF network element when the AMF network element does not receive the second SMC complete message from the UE, the AMF network marks that the selected EPS NAS security algorithm has not been configured successfully, and initiates a second registration request at the UE
- the AMF network element provides the UE with the selected EPS NAS security algorithm again according to the information that the selected EPS NAS security algorithm is not configured successfully, which ensures that the AMF network element can successfully configure the selected EPS NAS security algorithm for the UE. algorithm.
- FIG. 5 is a schematic flowchart of a method for configuring an EPS NAS security algorithm according to another embodiment of the present application. As shown in FIG. 5 , the method includes at least S501 to S507.
- the access and mobility management functional entity is an AMF network element.
- the UE sends a service request message or a registration request message to an AMF network element.
- the service request message may be referred to as a first service request message
- the registration request message may be referred to as a first registration request message.
- the UE enters the connected state after triggering the link establishment by sending an initial access procedure message such as a first service request message or a first registration request message to the AMF.
- the UE has an effective EPS NAS security algorithm.
- the AMF network element sends an SMC message to the UE, where the SMC message carries the updated information element of the selected EPS NAS security algorithm.
- This SMC message may be referred to as the first SMC message.
- the AMF network element will modify the existing EPS NAS security algorithm in the UE, so the AMF network element carries the information element of the updated selected EPS NAS security algorithm to be configured for the UE in the first SMC message sent to the UE. .
- the AMF network element does not receive the SMC complete message sent by the UE, marks the updated selected EPS NAS security algorithm configuration failure, and releases the link.
- This SMC complete message may be referred to as the first SMC complete message.
- the AMF network element does not receive the first SMC complete message, the initial access process such as the service request or registration request will be terminated. At this time, the AMF network element needs to mark the selected EPS NAS security algorithm configuration failure for updating tag information and release link resources.
- the UE sends a service request message or a registration request message to the AMF network element again.
- the service request message may be referred to as a second service request message
- the registration request message may be referred to as a second registration request message.
- the UE enters the connected state after triggering the link establishment again by sending an initial access procedure message such as a second service request message or a second registration request message to the AMF network element.
- the AMF network element confirms that the updated selected EPS NAS security algorithm configuration failure identification information exists.
- the AMF network element When the AMF network element receives the initial access process message such as the second service request message or the second registration request message sent by the UE, it needs to confirm whether there is identification information indicating that the updated selected EPS NAS security algorithm configuration fails. If the updated selected EPS NAS security algorithm configuration failure identification information exists in the AMF network element, the SMC message carrying the updated selected EPS NAS security algorithm information element needs to be sent to the UE again.
- the AMF network element sends an SMC message to the UE, where the SMC message carries the updated information element of the selected EPS NAS security algorithm.
- This SMC message may be referred to as a second SMC message.
- the AMF network element sends a second SMC message to the UE, where the second SMC message carries the information element of the updated selected EPS NAS security algorithm to be configured for the UE.
- the updated selected EPS NAS security algorithm information element carried in the second SMC message may be the same as the updated selected EPS NAS security algorithm information element carried in the first SMC message, or may be the same as the updated selected EPS NAS security algorithm information element carried in the first SMC message.
- the information elements of the updated selected EPS NAS security algorithm carried in an SMC message are different.
- the UE sends an SMC completion message to the AMF network element.
- This SMC complete message may be referred to as a second SMC complete message.
- the UE After the UE successfully configures the updated selected EPS NAS security algorithm corresponding to the information element of the updated selected EPS NAS security algorithm carried by the AMF network element in the second SMC message, the UE sends the second SMC complete to the AMF network element. message, the EPS NAS security algorithm in the UE is consistent with the updated selected EPS NAS security algorithm in the AMF network element.
- the AMF network element wishes to change the EPS NAS security algorithm in the UE.
- the AMF network element sends the selected EPS NAS carrying the update to the UE.
- the SMC message of the information element of the security algorithm but when the AMF network element does not receive the reply of the SMC complete message sent by the UE, the AMF network element marks the updated information that the selected EPS NAS security algorithm has not been successfully modified.
- the AMF network element re-issues the updated SMC message of the information element of the selected EPS NAS security algorithm to the UE according to the marked information indicating that the updated selected EPS NAS security algorithm has not been successfully modified, ensuring that the AMF network
- the element can successfully configure the updated selected EPS NAS security algorithm for the UE, so that the EPS NAS security algorithm in the UE is consistent with that in the AMF network element.
- FIG. 6 is a schematic flowchart of another method for configuring an EPS NAS security algorithm according to an embodiment of the present application. As shown in FIG. 6 , the method includes at least S601 to S604.
- the terminal device determines that the selected EPS NAS security algorithm corresponding to the 5G NAS security context does not exist.
- the 5G NAS security context already exists in the terminal device, but the selected EPS NAS security algorithm corresponding to the 5G NAS security context does not exist.
- An implementation method for the terminal device to activate the 5G NAS security context is: after the terminal device sends a registration request message to the access and mobility management function entity; the access and mobility management function entity sends a third message to the terminal device, and the third message includes: 5G NAS security context; after the terminal device receives the third message and successfully activates the 5G NAS security context according to the third message, it sends a third completion message to the access and mobility management function entity.
- the third completion message is used to indicate that the terminal device has received The third message; after receiving the third completion message from the terminal device, the access and mobility management function entity provides the selected EPS NAS security algorithm to the terminal device.
- An example of the third message is an SMC message
- an example of the third completion message is an SMC completion message.
- an example where the terminal device determines that the selected EPS NAS security algorithm corresponding to the 5G NAS security context does not exist includes: the terminal device determines that the selected EPS NAS security algorithm from the access and mobility management function entity is not received. cell. For example, if the terminal device does not receive the information element of the selected EPS NAS security algorithm from the access and mobility management functional entity within the preset time, it can be determined that the selected EPS NAS security algorithm corresponding to the 5G NAS security context does not exist.
- the access and mobility management functional entity supports the N26 interface
- the terminal device supports the S1 mode.
- Another way for the terminal device to activate the 5G NAS security context is: when the terminal device is connected to the LTE network, it requests registration from the AMF network element in the NR system and completes the registration process. The terminal device activates the 5G NAS security context in the registration process. . After completing the registration process, the terminal device is disconnected from the LTE network, and requests registration from the AMF network element in the NR system again.
- an example where the terminal device determines that the selected EPS NAS security algorithm corresponding to the 5G NAS security context does not exist includes: there is no corresponding selected EPS NAS security algorithm in the ngKSI of the terminal device, and it can be determined that there is no 5G NAS security algorithm.
- the selected EPS NAS security algorithm corresponding to the NAS security context includes: there is no corresponding selected EPS NAS security algorithm in the ngKSI of the terminal device, and it can be determined that there is no 5G NAS security algorithm.
- the selected EPS NAS security algorithm corresponding to the NAS security context includes: there is no corresponding selected EPS NAS security algorithm in the ngKSI of the terminal device, and it can be determined that there is no 5G NAS security algorithm.
- the terminal device supports the S1 mode, and the terminal device may determine that the AMF network element supports the N26 interface.
- the terminal device deletes the 5G NAS security context.
- the terminal device determines that the selected EPS NAS security algorithm corresponding to the 5G NAS security context does not exist, it deletes the activated 5G NAS security context.
- ngKSI an invalid value, that is, set the value of ngKSI to 7.
- the terminal device sends a second message to the access and mobility management function entity, where the second message is used to request a 5G NAS security context.
- the value of ngKSI carried in the second message is 7, and 7 indicates that there is no 5G NAS security context in the terminal device.
- the access and mobility management function entity after the access and mobility management function entity receives the second message from the terminal device that carries an ngKSI value of 7, the access and mobility management function entity sends a fourth message to the terminal device, in which the fourth message Including a valid value of ngKSI, the valid value of ngKSI can be any integer value from 0 to 6, and each integer value corresponds to a set of 5G NAS security context.
- the fourth message is an SMC message.
- the terminal device If the terminal device successfully activates the 5G NAS security context according to the fourth message carrying the valid value of ngKSI sent by the access and mobility management function entity, the terminal device sends a fourth completion message to the access and mobility management function entity, and the fourth The completion message is used to indicate that the terminal device has received the valid value of the ngKSI sent by the access and mobility management function entity, and successfully activated the 5G NAS security context corresponding to the valid value of the ngKSI according to the valid value of the ngKSI.
- An example of the fourth completion message is an SMC completion message.
- the message that enables the access and mobility management function entities to know that the 5G NAS security context is provided to the terminal device may be referred to as the second message in this embodiment of the present application.
- the second message may be a registration request message
- the access and mobility management function entity may determine whether there is a 5G NAS security context in the terminal device according to the value of ngKSI carried in the registration request message.
- a value of 7 indicates that there is no 5G NAS security context in the terminal device, and the access and mobility management functional entity needs to provide the terminal device with a 5G NAS security context.
- the terminal device receives the information element of the selected EPS NAS security algorithm from the access and mobility management functional entity.
- the terminal device can receive the fifth message sent by the 5G NAS security context, where the fifth message includes the information element of the selected EPS NAS security algorithm determined by the 5G NAS security context,
- the information element of the selected EPS NAS security algorithm can be any integer value from 0 to 7, and each integer value corresponds to a selected EPS NAS security algorithm.
- An example of the fifth message is an SMC message.
- the 5G NAS security context in the case where the 5G NAS security context already exists in the terminal device, it is first determined whether the corresponding selected EPS NAS security algorithm exists in the 5G NAS security context of the terminal device. If the corresponding selected EPS NAS security algorithm does not exist in the security context, delete the 5G NAS security context, re-request the 5G NAS security context from the access and mobility management function entity, and the access and mobility management function entity sends the terminal device again.
- the 5G NAS security context and the corresponding cells of the selected EPS NAS security algorithm ensure that the terminal device can successfully configure the EPS NAS security algorithm.
- FIG. 7 is a schematic flowchart of a method for configuring an EPS NAS security algorithm according to another embodiment of the present application. As shown in FIG. 7 , the method includes at least S701 to S719. In this embodiment, the access and mobility management functional entity is an AMF network element.
- the UE sends a registration request message to the AMF network element, where the registration request message carries the value of ngKSI of 7.
- the registration request message may be referred to as a first registration request message.
- the AMF network element sends an application for authentication request (identity request) message to the UE.
- the UE sends an identity authentication response (identity response) message to the AMF network element.
- the AMF network element sends an authentication request (authentication request) message to the UE.
- the UE sends an authentication response (authentication response) message to the AMF network element.
- the AMF network element sends an SMC message to the UE, where the SMC message carries a valid value of ngKSI.
- This SMC message may be referred to as the first SMC message.
- the UE sends the SMC completion information to the AMF network element.
- This SMC complete message may be referred to as the first SMC complete message.
- the AMF network element sends an SMC message to the UE, where the SMC message carries the information element of the selected EPS NAS security algorithm. This SMC message is called the second SMC message.
- the UE does not receive the second SMC message sent by the AMF network element, and deletes the 5G NAS security context.
- one possible reason why the UE does not receive the second SMC message sent by the AMF network element is that the first registration process is interrupted and the second SMC message does not reach the UE successfully; another possible reason is that the AMF network
- the element does not perform S708, that is, the AMF network element does not send the information element of the selected EPS NAS security algorithm to the UE. It can be seen from this that S708 in this embodiment is optional, that is, it is not a step that must be performed.
- the UE sends a first SMC completion message to the AMF network element, indicating that the UE has successfully activated the 5G NAS security context corresponding to the valid value of ngKSI carried in the first SMC message.
- the UE does not receive the second SMC message sent by the AMF network element, indicating that the selected EPS NAS security algorithm corresponding to the information element of the selected EPS NAS security algorithm carried in the second SMC message does not exist in the UE.
- the activated 5G NAS security context needs to be deleted, and a registration request is sent to the AMF network element again to request the 5G NAS security context.
- the above S701 to S709 may be referred to as the first registration process; the registration process described below may be referred to as the second registration process.
- the UE sends a registration request message to the AMF network element, where the registration request message carries the value of ngKSI of 7.
- the registration request message may be referred to as a second registration request message.
- the UE Since in S709, the UE deletes the 5G NAS security context, the value of ngKSI carried in the second registration request message sent by the UE to the AMF network element is 7, and 7 indicates that there is no 5G NAS security context in the UE.
- the AMF network element sends an identity authentication request (identity request) message to the UE.
- the UE sends an identity authentication response (identity response) message to the AMF network element.
- the AMF network element sends an authentication request (authentication request) message to the UE.
- the UE sends an authentication response (authentication response) message to the AMF network element.
- the AMF network element sends an SMC message to the UE, where the SMC message carries a valid value of ngKSI.
- This SMC message may be referred to as a third SMC message.
- the AMF network element After the UE passes the identity authentication and authentication authentication of the AMF network element, the AMF network element sends a third SMC message to the UE, and the third SMC message carries the valid value of ngKSI, which is used to activate the 5G NAS security context in the UE.
- the valid value of ngKSI carried in the third SMC message is the same as the valid value of ngKSI carried in the first SMC flow information.
- the UE sends an SMC completion message to the AMF network element.
- This SMC complete message may be referred to as a third SMC message.
- the UE When the UE successfully receives the third SMC message sent by the AMF, and successfully activates the 5G NAS security context according to the valid value of ngKSI carried in the third SMC message, it sends the third SMC complete message to the AMF network element, indicating that the UE has been successfully configured
- the 5G NAS security context corresponding to the valid value of ngKSI is displayed.
- the valid value of ngKSI can be any integer value from 0 to 6, and each integer value corresponds to a 5G NAS security context.
- the AMF network element sends an SMC message to the UE, where the SMC message carries the information element of the selected EPS NAS security algorithm.
- This SMC message may be referred to as a fourth SMC message.
- the AMF network element When the AMF network element receives the third SMC complete message sent by the UE, it sends a fourth SMC message to the UE.
- the fourth SMC message carries the information element of the selected EPS NAS security algorithm, which is used to configure the selected EPS for the UE.
- the selected EPS NAS security algorithm corresponding to the cell of the NAS security algorithm.
- the information element of the selected EPS NAS security algorithm carried in the fourth SMC message is the same as the information element of the selected EPS NAS security algorithm carried in the second SMC message.
- This SMC complete message may be referred to as a fourth SMC message.
- the UE After the UE successfully configures the selected EPS NAS security algorithm corresponding to the information element of the selected EPS NAS security algorithm carried by the AMF network element in the fourth SMC message, the UE sends a fourth SMC complete message to the AMF network element.
- the AMF network element sends a registration success message to the UE.
- the AMF network element After the UE is successfully registered according to the second registration request message, the AMF network element sends a registration success message to the UE. At this time, the UE successfully activates the 5G NAS security context through the second registration request message, and successfully configures the selected EPS NAS security algorithm.
- the UE sends a registration request message to the AMF when there is no 5G NAS security context.
- the UE only receives the first SMC message and does not receive the second SMC message configured with the EPS NAS security algorithm
- the UE actively Delete the activated 5G NAS security context, and in the registration request message initiated to the AMF network element again, request the 5G NAS security context from the AMF network element, and the AMF network element sends the 5G NAS security context and the selected EPS to the terminal device again.
- the information element of the NAS security algorithm ensures that the terminal device can successfully configure the EPS NAS security algorithm.
- FIG. 8 is a schematic flowchart of a method for configuring an EPS NAS security algorithm according to another embodiment of the present application. This embodiment is applicable to the scenario in which the terminal device has completed the registration process with the NR system in the LTE system and successfully activated the 5G NAS security context, and then disconnects from the LTE system and requests registration from the NR system again. As shown in FIG. 8 , the method includes at least S801 to S811. In this embodiment, the access and mobility management functional entity is an AMF network element.
- the UE determines that there is no EPS NAS security algorithm in the current security context, and deletes the current security context.
- the UE Before the UE initiates a registration request to the NR system, it needs to determine whether there is a valid EPS NAS security algorithm corresponding to ngKSI in the current security context in the UE. If there is no valid EPS NAS security algorithm corresponding to ngKSI in the current security context in the UE, delete the current security context in the UE, that is, change the value of the NAS key set identifier in ngKSI to 7, and 7 indicates that the There is no 5G NAS security context.
- the UE sends a registration request message to the AMF network element, where the registration request message carries a value of ngKSI of 7.
- the AMF network element sends an authentication request (identity request) message to the UE.
- the UE sends an identity authentication response (identity response) message to the AMF network element.
- the AMF network element sends an authentication request (authentication request) message to the UE.
- the UE sends an authentication response (authentication response) message to the AMF network element.
- the AMF network element sends an SMC message to the UE, where the SMC message carries a valid value of ngKSI.
- This SMC message may be referred to as the first SMC message.
- the UE sends an SMC completion message to the AMF network element.
- This SMC complete message may be referred to as the first SMC complete message.
- the AMF network element sends an SMC message to the UE, where the SMC message carries the information element of the selected EPS NAS security algorithm. This SMC message is called the second SMC message.
- the UE sends an SMC completion message to the AMF network element.
- the AMF network element sends registration completion information to the UE.
- This SMC complete message is referred to as the second SMC complete message.
- the UE completes the registration process with the NR system when connecting to the LTE system, and has successfully activated the 5G NAS security context.
- the element re-requests the 5G NAS security context, and the AMF network element sends the information element of the 5G NAS security context and the selected EPS NAS security algorithm to the UE again, ensuring that the UE can successfully configure the EPS NAS security algorithm.
- FIG. 9 is a schematic structural diagram of an apparatus for configuring an EPS NAS security algorithm according to an embodiment of the present application.
- the apparatus 900 may include a processing module 901 and a sending module 902 .
- the apparatus 900 may be used to implement the operations implemented by the access and mobility management functional entity or the AMF network element in the embodiments shown in any one of FIG. 3 to FIG. 5 .
- the apparatus 900 may be used to implement the method shown in FIG. 3 above.
- the processing module 901 is used to implement S301
- the sending module 902 is used to implement S302.
- the apparatus 900 may further include a receiving module.
- the apparatus 900 in this implementation manner can be used to implement the method shown in FIG. 4 above.
- the processing module 901 is used to implement S409 and S411
- the sending module 902 is used to implement S402, S404, S406, S408, S412 and S414, and the receiving module is used to implement S401, S403, S405, S407, S410 and S413.
- the apparatus 900 may further include a receiving module.
- the apparatus 900 in this implementation manner can be used to implement the method shown in FIG. 5 above.
- the processing module 901 is used to implement S503 and S505
- the sending module 902 is used to implement S502 and S506
- the receiving module is used to implement S501, S504 and S507.
- FIG. 10 is a schematic structural diagram of an apparatus for configuring an EPS NAS security algorithm according to another embodiment of the present application.
- the apparatus 1000 may include a processing module 1001 , a sending module 1002 and a receiving module 1003 .
- the apparatus 1000 may be used to implement the operations implemented by the terminal device in any of the embodiments shown in FIG. 6 to FIG. 8 .
- the apparatus 1000 may be used to implement the method shown in FIG. 6 above.
- the processing module 1001 is used to implement S601 and S602
- the sending module 1002 is used to implement S603
- the receiving module 1003 is used to implement S604.
- the apparatus 1000 may be used to implement the method shown in FIG. 7 above.
- the processing module 1001 is used to implement S709
- the sending module 1002 is used to implement S701, S703, S705, S707, S710, S712, S714, S716 and S718, and the receiving module 1003 is used to implement S702, S704, S706, S708, S711, S713, S715, S717 and S719.
- the apparatus 1000 may be used to implement the method shown in FIG. 8 above.
- the processing module 1001 is used to implement S801
- the sending module 1002 is used to implement S802, S804, S806, S808 and S810
- the receiving module 1003 is used to implement S803, S805, S807, S809 and S811.
- FIG. 11 is a schematic structural diagram of an apparatus for configuring an EPS NAS security algorithm according to another embodiment of the present application.
- the apparatus 1100 shown in FIG. 11 may be used to execute the method implemented by the access and mobility management functional entity or the AMF network element in any one of the embodiments shown in FIGS. 3 to 5 or may be used to execute the method shown in FIGS. 6 to 8 A method implemented by a terminal device in any one of the embodiments shown in the above.
- the apparatus 1100 in this embodiment includes: a memory 1101 , a processor 1102 , a communication interface 1103 , and a bus 1104 .
- the memory 1101 , the processor 1102 , and the communication interface 1103 are connected to each other through the bus 1104 for communication.
- the memory 1101 may be a read only memory (ROM), a static storage device, a dynamic storage device, or a random access memory (RAM).
- the memory 1101 may store programs, and when the programs stored in the memory 1101 are executed by the processor 1102 , the processor 1102 may be used to execute various steps of the methods shown in FIGS. 3 to 8 .
- the processor 1102 can use a general-purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more integrated circuits for executing related programs to The method for configuring the EPS NAS security algorithm according to the method embodiment of the present application is implemented.
- CPU central processing unit
- ASIC application-specific integrated circuit
- the processor 1102 may also be an integrated circuit chip with signal processing capability.
- each step of the method of each embodiment of the present application may be completed by an integrated logic circuit of hardware in the processor 1102 or an instruction in the form of software.
- the above-mentioned processor 1102 may also be a general-purpose processor, a digital signal processor (digital signal processing, DSP), an application-specific integrated circuit (ASIC), an off-the-shelf programmable gate array (field programmable gate array, FPGA) or other programmable logic devices, Discrete gate or transistor logic devices, discrete hardware components.
- DSP digital signal processor
- ASIC application-specific integrated circuit
- FPGA field programmable gate array
- a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
- the steps of the method disclosed in conjunction with the embodiments of the present application may be directly embodied as executed by a hardware decoding processor, or executed by a combination of hardware and software modules in the decoding processor.
- the software modules may be located in random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers and other storage media mature in the art.
- the storage medium is located in the memory 1101, and the processor 1102 reads the information in the memory 1101, and completes the functions required to be performed by each method in the embodiments of the present application in combination with its hardware. For example, each of the embodiments shown in FIG. 3 to FIG. 8 can be executed. steps/functions.
- the communication interface 1103 can use, but is not limited to, a transceiver such as a transceiver to implement communication between the device 1100 and other devices or a communication network.
- a transceiver such as a transceiver to implement communication between the device 1100 and other devices or a communication network.
- the bus 1104 may include a pathway for communicating information between the various components of the apparatus 1100 (eg, the memory 1101, the processor 1102, the communication interface 1103).
- the apparatus 1100 shown in this embodiment of the present application may be an electronic device, or may also be a chip configured in the electronic device.
- the processor in the embodiment of the present application may be a central processing unit (central processing unit, CPU), and the processor may also be other general-purpose processors, digital signal processors (digital signal processors, DSP), application-specific integrated circuits (application specific integrated circuit, ASIC), off-the-shelf programmable gate array (field programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
- a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
- the memory in the embodiments of the present application may be volatile memory or non-volatile memory, or may include both volatile and non-volatile memory.
- the non-volatile memory may be read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically programmable Erase programmable read-only memory (electrically EPROM, EEPROM) or flash memory.
- Volatile memory may be random access memory (RAM), which acts as an external cache.
- RAM random access memory
- SRAM static random access memory
- DRAM dynamic random access memory
- DRAM synchronous dynamic random access memory
- SDRAM synchronous dynamic random access memory
- DDR SDRAM double data rate synchronous dynamic random access memory
- enhanced SDRAM enhanced synchronous dynamic random access memory
- SLDRAM synchronous connection dynamic random access memory Fetch memory
- direct memory bus random access memory direct rambus RAM, DR RAM
- the above embodiments may be implemented in whole or in part by software, hardware, firmware or any other combination.
- the above-described embodiments may be implemented in whole or in part in the form of a computer program product.
- the computer program product includes one or more computer instructions or computer programs. When the computer instructions or computer programs are loaded or executed on a computer, all or part of the processes or functions described in the embodiments of the present application are generated.
- the computer may be a general purpose computer, special purpose computer, computer network, or other programmable device.
- the computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be downloaded from a website site, computer, server, or data center Transmission to another website site, computer, server or data center by wire (eg, infrared, wireless, microwave, etc.).
- the computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, a data center, or the like that contains one or more sets of available media.
- the usable media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVDs), or semiconductor media.
- the semiconductor medium may be a solid state drive.
- At least one means one or more, and “plurality” means two or more.
- At least one item(s) below” or similar expressions thereof refer to any combination of these items, including any combination of single item(s) or plural items(s).
- at least one item (a) of a, b, or c can represent: a, b, c, a-b, a-c, b-c, or a-b-c, where a, b, c may be single or multiple .
- the size of the sequence numbers of the above-mentioned processes does not mean the sequence of execution, and the execution sequence of each process should be determined by its functions and internal logic, and should not be dealt with in the embodiments of the present application. implementation constitutes any limitation.
- the disclosed system, apparatus and method may be implemented in other manners.
- the apparatus embodiments described above are only illustrative.
- the division of the units is only a logical function division. In actual implementation, there may be other division methods.
- multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented.
- the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.
- the units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.
- each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
- the functions, if implemented in the form of software functional units and sold or used as independent products, may be stored in a computer-readable storage medium.
- the technical solution of the present application can be embodied in the form of a software product in essence, or the part that contributes to the prior art or the part of the technical solution, and the computer software product is stored in a storage medium, including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present application.
- the aforementioned storage medium includes: a U disk, a removable hard disk, a read-only memory, a random access memory, a magnetic disk or an optical disk and other media that can store program codes.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims (27)
- 一种配置演进分组系统EPS非接入层NAS安全算法的方法,其特征在于,所述方法包括:接入和移动管理功能实体确定没有成功为终端设备提供所选的EPS NAS安全算法;所述接入和移动管理功能实体向所述终端设备提供所述所选的EPS NAS安全算法。
- 根据权利要求1所述的方法,其特征在于,所述接入和移动管理功能实体确定没有成功为终端设备提供所选的EPS NAS安全算法之前,所述方法还包括:所述接入和移动管理功能实体向所述终端设备发送第一消息,所述第一消息包括所述所选的EPS NAS安全算法的信元。
- 根据权利要求1或2所述的方法,其特征在于,所述接入和移动管理功能实体确定没有成功为终端设备提供所选的EPS NAS安全算法包括:所述接入和移动管理功能实体确定未收到第一完成消息,所述第一完成消息用于表示所述终端设备已接收到所述第一消息。
- 根据权利要求3所述的方法,其特征在于,所述接入和移动管理功能实体确定未收到第一完成消息包括:所述接入和移动管理功能实体确定在预设时间内未收到所述第一完成消息。
- 根据权利要求3或4所述的方法,其特征在于,所述第一消息为安全模式命令SMC消息,所述第一完成消息为SMC完成消息。
- 根据权利要求1至5任一项所述的方法,其特征在于,所述接入和移动管理功能实体向所述终端设备提供所述所选的EPS NAS安全算法包括:所述接入和移动管理功能实体向所述终端设备发送所述所选的EPS NAS安全算法的信元。
- 根据权利要求1至6中任一项所述的方法,其特征在于,所述方法还包括:所述接入和移动管理功能实体将所述所选的EPS NAS安全算法标记为无效。
- 根据权利要求1至7中任一项所述的方法,其特征在于,所述接入和移动管理功能实体向所述终端设备提供所述所选的EPS NAS安全算法之前,所述方法还包括:所述接入和移动管理功能实体接收来自所述终端设备的注册请求消息。
- 根据权利要求1所述的方法,其特征在于,所述方法还包括:所述接入和移动管理功能实体确定更新所选的EPS NAS安全算法;所述接入和移动管理功能实体向所述终端设备提供更新后的所选的EPS NAS安全算法。
- 根据权利要求9所述的方法,其特征在于,所述方法还包括:所述接入和移动管理功能实体确定没有成功为所述终端设备提供更新后的所选的EPS NAS安全算法;所述接入和移动管理功能实体向所述终端设备提供所述更新后的所选的EPS NAS安全算法。
- 根据权利要求1至10中任一项所述的方法,其特征在于,所述接入和移动管 理功能实体支持N27接口,所述终端设备支持S1模式。
- 根据权利要求1至11中任一项所述的方法,其特征在于,所述接入和移动管理功能实体中存在所述终端设备指示的有效第五代移动通信5G NAS安全上下文。
- 一种配置演进分组系统EPS非接入层NAS安全算法的方法,其特征在于,所述方法包括:终端设备确定不存在第五代移动通信5G NAS安全上下文对应的所选的EPS NAS安全算法;所述终端设备删除所述5G NAS安全上下文;所述终端设备向接入和移动管理功能实体发送第二消息,所述第二消息用于请求所述5G安全上下文;所述终端设备接收来自所述接入和移动管理功能实体的所述所选的EPS NAS安全算法的信元。
- 根据权利要求13所述的方法,其特征在于,所述终端设备确定不存在5G NAS安全上下文对应的所选的EPS NAS安全算法包括:所述终端设备确定没有接收来自所述接入和移动管理功能实体的所选的EPS NAS安全算法的信元。
- 根据权利要求14所述的方法,其特征在于,所述终端设备确定没有接收来自所述接入和移动管理功能实体的所选的EPS NAS安全算法的信元包括:所述终端设备在预设时间内没有接收到来自所述接入和移动管理功能实体的所选的EPS NAS安全算法的信元。
- 根据权利要求13至15中任一项所述的方法,其特征在于,所述终端设备确定不存在5G NAS安全上下文对应的所选的EPS NAS安全算法之前,所述方法还包括:所述终端设备接收所述接入和移动管理功能实体发送的第三消息,所述第三消息包括所述5G NAS安全上下文;所述终端设备向所述接入和移动管理功能实体发送第三完成消息,所述第三完成消息用于表示所述终端设备已接收到所述第三消息。
- 根据权利要求13至16中任一项所述的方法,其特征在于,所述终端设备确定不存在5G NAS安全上下文对应的所选的EPS NAS安全算法包括:确定下一代无线接入网密钥集标识ngKSI没有对应的所选的EPS NAS安全算法。
- 根据权利要求17所述的方法,其特征在于,所述方法还包括:所述终端设备将所述ngKSI设为无效值。
- 根据权利要求17或18所述的方法,其特征在于,所述终端设备与长期演进LTE系统断开连接,所述第二消息用于请求注册至新无线NR系统。
- 根据权利要求19所述的方法,其特征在于,所述终端设备确定所述接入和移动管理功能实体支持N27接口。
- 根据权利要求13至20中任一项所述的方法,其特征在于,所述接入和移动管理功能实体支持N27接口,所述终端设备支持S1模式。
- 一种配置演进分组系统EPS非接入层NAS安全算法的装置,其特征在于,包括用于实现权利要求1至12中任一项所述的方法的各个功能模块。
- 一种配置演进分组系统EPS非接入层NAS安全算法的装置,其特征在于,包括用于实现权利要求13至21中任一项所述的方法的各个功能模块。
- 一种配置演进分组系统EPS非接入层NAS安全算法的装置,其特征在于,包括:存储器和处理器;所述存储器用于存储程序指令;所述处理器用于调用所述存储器中的程序指令执行如权利要求1至12中任一项所述的方法或权利要求13至21中任一项所述的方法。
- 一种芯片,其特征在于,包括至少一个处理器和通信接口,所述通信接口和所述至少一个处理器通过线路互联,所述至少一个处理器用于运行计算机程序或指令,以执行如权利要求1至12中任一项所述的方法或权利要求13至21中任一项所述的方法。
- 一种计算机可读介质,其特征在于,所述计算机可读介质存储用于计算机执行的程序代码,该程序代码包括用于执行如权利要求1至12中任一项所述的方法或权利要求13至21中任一项所述的方法的指令。
- 一种计算机程序产品,其特征在于,所述计算机程序产品包括指令,当所述指令被执行时,使得计算机执行权利要求1至12中任一项所述的方法或权利要求13至21中任一项所述的方法。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP22752316.4A EP4290903A1 (en) | 2021-02-10 | 2022-02-10 | Method for configuring evolved packet system non-access stratum security algorithm, and related apparatus |
JP2023548586A JP2024506102A (ja) | 2021-02-10 | 2022-02-10 | 進化型パケットシステム非アクセス層セキュリティアルゴリズムを構成する方法、および関連装置 |
US18/232,227 US20230388802A1 (en) | 2021-02-10 | 2023-08-09 | Method for configuring evolved packet system non-access stratum security algorithm and related apparatus |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110183922.0 | 2021-02-10 | ||
CN202110183922.0A CN114915966A (zh) | 2021-02-10 | 2021-02-10 | 配置演进分组系统非接入层安全算法的方法及相关装置 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US18/232,227 Continuation US20230388802A1 (en) | 2021-02-10 | 2023-08-09 | Method for configuring evolved packet system non-access stratum security algorithm and related apparatus |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022171156A1 true WO2022171156A1 (zh) | 2022-08-18 |
Family
ID=82761984
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2022/075767 WO2022171156A1 (zh) | 2021-02-10 | 2022-02-10 | 配置演进分组系统非接入层安全算法的方法及相关装置 |
Country Status (6)
Country | Link |
---|---|
US (1) | US20230388802A1 (zh) |
EP (1) | EP4290903A1 (zh) |
JP (1) | JP2024506102A (zh) |
CN (1) | CN114915966A (zh) |
TW (1) | TWI816295B (zh) |
WO (1) | WO2022171156A1 (zh) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021027439A1 (en) * | 2019-08-14 | 2021-02-18 | Mediatek Singapore Pte. Ltd. | Apparatuses and methods for delivery of inter-system non-access stratum (nas) security algorithms |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101835156A (zh) * | 2010-05-21 | 2010-09-15 | 中兴通讯股份有限公司 | 一种用户接入安全保护的方法及系统 |
CN102595369A (zh) * | 2012-02-29 | 2012-07-18 | 大唐移动通信设备有限公司 | 一种nas算法的传输方法及装置 |
CN107786511A (zh) * | 2016-08-27 | 2018-03-09 | 北京信威通信技术股份有限公司 | 集群系统中实现群组通信安全的方法 |
CN109644339A (zh) * | 2017-01-30 | 2019-04-16 | 瑞典爱立信有限公司 | 连接模式期间5g中的安全性上下文处理 |
CN109819439A (zh) * | 2017-11-19 | 2019-05-28 | 华为技术有限公司 | 密钥更新的方法及相关实体 |
CN112055984A (zh) * | 2019-04-08 | 2020-12-08 | 联发科技(新加坡)私人有限公司 | 从非接入层透明容器失败恢复5g非接入层 |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI783184B (zh) * | 2018-10-17 | 2022-11-11 | 新加坡商聯發科技(新加坡)私人有限公司 | 行動性更新時的使用者設備金鑰推導方法及相關使用者設備 |
-
2021
- 2021-02-10 CN CN202110183922.0A patent/CN114915966A/zh active Pending
-
2022
- 2022-02-07 TW TW111104243A patent/TWI816295B/zh active
- 2022-02-10 EP EP22752316.4A patent/EP4290903A1/en active Pending
- 2022-02-10 JP JP2023548586A patent/JP2024506102A/ja active Pending
- 2022-02-10 WO PCT/CN2022/075767 patent/WO2022171156A1/zh active Application Filing
-
2023
- 2023-08-09 US US18/232,227 patent/US20230388802A1/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101835156A (zh) * | 2010-05-21 | 2010-09-15 | 中兴通讯股份有限公司 | 一种用户接入安全保护的方法及系统 |
CN102595369A (zh) * | 2012-02-29 | 2012-07-18 | 大唐移动通信设备有限公司 | 一种nas算法的传输方法及装置 |
CN107786511A (zh) * | 2016-08-27 | 2018-03-09 | 北京信威通信技术股份有限公司 | 集群系统中实现群组通信安全的方法 |
CN109644339A (zh) * | 2017-01-30 | 2019-04-16 | 瑞典爱立信有限公司 | 连接模式期间5g中的安全性上下文处理 |
CN109819439A (zh) * | 2017-11-19 | 2019-05-28 | 华为技术有限公司 | 密钥更新的方法及相关实体 |
CN112055984A (zh) * | 2019-04-08 | 2020-12-08 | 联发科技(新加坡)私人有限公司 | 从非接入层透明容器失败恢复5g非接入层 |
Non-Patent Citations (1)
Title |
---|
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3GPP System Architecture Evolution (SAE); Security architecture (Release 15)", 3GPP STANDARD; TECHNICAL SPECIFICATION; 3GPP TS 33.401, vol. SA WG3, no. V15.11.0, 27 March 2020 (2020-03-27), pages 1 - 163, XP051861198 * |
Also Published As
Publication number | Publication date |
---|---|
TW202239245A (zh) | 2022-10-01 |
JP2024506102A (ja) | 2024-02-08 |
CN114915966A (zh) | 2022-08-16 |
EP4290903A1 (en) | 2023-12-13 |
US20230388802A1 (en) | 2023-11-30 |
TWI816295B (zh) | 2023-09-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11812496B2 (en) | User group session management method and apparatus | |
US11259344B2 (en) | Network architecture and information exchange method and apparatus | |
JP7317139B2 (ja) | ワイヤレス通信システムにおける制御プレーン上でのセルラー版モノのインターネット(ciot)データ転送のための方法および装置 | |
WO2019185062A1 (zh) | 一种通信方法及装置 | |
EP3461071A1 (en) | Communication control method, and related network element | |
BR112020019997A2 (pt) | método e aparelho de transmissão de pacote | |
EP3965446B1 (en) | Communication method and device thereof | |
TW202040978A (zh) | 處理流關聯丟失錯誤的方法及裝置 | |
EP3860176B1 (en) | Method, apparatus, and system for obtaining capability information of terminal | |
US20220272607A1 (en) | Network Access Method and Communication Apparatus | |
US11602010B2 (en) | Open control plane for mobile networks | |
US11463921B2 (en) | Policy control method, apparatus, and system | |
EP3735092B1 (en) | Transmission methods, transmission apparatus, computer readable storage medium and system | |
WO2019174582A1 (zh) | 一种消息传输方法和装置 | |
WO2020042848A1 (zh) | 一种网络切片管理方法及装置 | |
US11323931B2 (en) | Communication method and apparatus for a terminal device moving from a first access node to a second access node | |
US20230388802A1 (en) | Method for configuring evolved packet system non-access stratum security algorithm and related apparatus | |
JP2020504521A (ja) | 無線リソース制御接続の再確立 | |
WO2019137169A1 (zh) | 数据传输方法、装置、设备及计算机可读存储介质 | |
CN114884612A (zh) | 用于传输业务报文的方法和装置 | |
WO2021254116A1 (zh) | 通信方法和装置 | |
US11991516B2 (en) | Session migration method and apparatus | |
WO2023185960A1 (zh) | 通信方法及装置 | |
WO2021238280A1 (zh) | 一种通信方法、装置及系统 | |
WO2023072271A1 (zh) | 管理安全上下文的方法和装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22752316 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2023548586 Country of ref document: JP |
|
ENP | Entry into the national phase |
Ref document number: 2022752316 Country of ref document: EP Effective date: 20230906 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11202306026U Country of ref document: SG |