WO2022237441A1 - Wireless communication method, communication device, and communication system - Google Patents

Wireless communication method, communication device, and communication system Download PDF

Info

Publication number
WO2022237441A1
WO2022237441A1 PCT/CN2022/086588 CN2022086588W WO2022237441A1 WO 2022237441 A1 WO2022237441 A1 WO 2022237441A1 CN 2022086588 W CN2022086588 W CN 2022086588W WO 2022237441 A1 WO2022237441 A1 WO 2022237441A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication code
message authentication
parameter update
update type
terminal
Prior art date
Application number
PCT/CN2022/086588
Other languages
French (fr)
Chinese (zh)
Inventor
李飞
舒林
邓娟
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2022237441A1 publication Critical patent/WO2022237441A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data

Definitions

  • the present application relates to the technical field of wireless communication, and in particular to a wireless communication method, communication device and communication system.
  • the protocol predefines the parameter update type supported by the terminal, so that the network side can know the parameter update type supported by the terminal according to the protocol definition. Subsequently, the network side may send parameters corresponding to the parameter update type to the terminal according to the parameter update type supported by the terminal.
  • the network side has parameters corresponding to a new parameter update type that need to be updated to the terminal, since the network side does not know whether the terminal supports the new parameter update type, the network side cannot judge whether it is necessary to update the parameters corresponding to the new parameter update type Parameters are updated to the terminal.
  • the network side directly updates the parameters corresponding to the new parameter update type to the terminal regardless of whether the terminal supports the new parameter update type, then when the terminal does not support the new parameter update type, the terminal needs to discard the received parameter. cause waste of resources.
  • the present application provides a wireless communication method, a communication device and a communication system, which are used to realize that the network side sends corresponding parameters to the terminal according to the parameter update type supported by the terminal, so as to reduce waste of resources.
  • the embodiment of the present application provides a wireless communication method, and the method may be executed by a terminal or a module (such as a chip) applied to the terminal.
  • the method includes: generating a first message authentication code according to a first parameter update type and Kausf, the first parameter update type is a parameter update type supported by the terminal, and the Kausf is a link between the terminal and an authentication network element An inter-key; sending the first parameter update type and the first message authentication code to a mobility management network element.
  • the terminal actively reports the parameter update type supported by the terminal to the network side, so that the network side can send corresponding parameters to the terminal according to the parameter update type reported by the terminal, that is, send to the terminal the parameter corresponding to the parameter update type supported by the terminal,
  • the network side is prevented from sending parameters corresponding to parameter update types not supported by the terminal to the terminal, thereby reducing waste of resources.
  • the parameter update type is also protected by generating a message authentication code to ensure that the network side can successfully receive the parameter update type supported by the terminal.
  • receiving a fifth message authentication code from the mobility management network element receiving a fifth message authentication code from the mobility management network element.
  • the fifth message authentication code is generated according to the first confirmation information and the Kausf, and the first confirmation information It is used to indicate that the data management network element has successfully received the first parameter update type; and the fifth message authentication code is verified according to the second confirmation information and the Kausf.
  • the terminal after sending the first parameter update type to the network side, the terminal further receives a message authentication code for the first parameter update type, that is, a fifth message authentication code from the network side. Then the terminal checks the fifth message authentication code. When the fifth MAC check is successful, it indicates that the network side has successfully received the first parameter update type. When the fifth MAC check fails, it indicates that the network side has not successfully received the first parameter update type. Parameter update type.
  • the terminal can know whether the network side has successfully received the first parameter update type, avoiding the terminal from blindly repeatedly sending the first parameter update type to the network side, and helping to reduce overhead.
  • the second confirmation information is saved; or, when the verification of the fifth message authentication code fails, the second confirmation information is discarded And/or reduce the priority of the public land mobile network PLMN where the terminal is located.
  • the verification of the fifth message authentication code succeeds, it indicates that the network side has successfully received the first parameter update type, and the terminal saves the second confirmation information, and the subsequent terminal confirms that the network side has successfully received the second confirmation information according to the stored second confirmation information.
  • the terminal saves the second confirmation information, and the subsequent terminal confirms that the network side has successfully received the second confirmation information according to the stored second confirmation information.
  • the terminal can no longer send the first parameter update type to the network side, which helps to reduce overhead.
  • the terminal discards the second confirmation information, and the subsequent terminal confirms that it has not saved the second confirmation information, then confirms that the network side has not successfully received the first parameter The update type, so that the terminal can send the first parameter update type again from the network side, which helps to improve the possibility that the network side successfully receives the first parameter update type.
  • the fifth MAC check fails, it indicates that the current network may not be secure enough, and there is a possibility of tampering with the transmitted information (such as the message authentication code sent by the network side to the terminal), so the terminal can reduce the priority of the PLMN where the terminal is located, thereby Risks posed by insecure networks can be reduced.
  • the mobility management network element after sending the first parameter update type and the first message authentication code to the mobility management network element, receiving the downlink non-access stratum transmission from the mobility management network element message; when the downlink non-access stratum transmission message contains parameters corresponding to the first parameter update type, it is determined that the data management network element has successfully received the first parameter update type; or, when the downlink non-access stratum The parameter corresponding to the first parameter update type is not included in the access layer transmission message, and the priority of the PLMN where the terminal is located is lowered.
  • the terminal after the terminal sends the first parameter update type to the network side, it can determine whether the network side has successfully received the first parameter update type by checking whether the network side subsequently sends the parameter corresponding to the first parameter update type to the terminal. .
  • This method does not require the network side to inform the terminal whether the network side has successfully received the first parameter update type through additional indication information (such as a message authentication code), but uses an implicit method to inform the terminal whether the network side has successfully received the first parameter update type.
  • the parameter update type can reduce the signaling interaction between the network side and the terminal, which helps to reduce overhead.
  • the first message authentication code according to the first parameter update type and Kausf before generating the first message authentication code according to the first parameter update type and Kausf, it further includes one or more of the following: determining that a new global user identity is inserted in the terminal Module USIM; determine that the first parameter update type includes other parameter update types except routing indication update data and default configuration NSSAI update data; determine that the terminal is powered on; determine that the first parameter update type has not been sent; Or determine that no response to the first parameter update type has been received.
  • the terminal reports the first parameter update type to the network only when a certain condition is met, which can avoid repeated reporting or invalid reporting, thereby reducing terminal overhead.
  • the update type of the first parameter can be reported to the network side through various messages, which is relatively flexible.
  • the first parameter update type includes one or more of the following:
  • the embodiment of the present application provides a wireless communication method, and the method may be executed by a data management network element or a module (such as a chip) applied to the data management network element.
  • the method includes: receiving a second parameter update type and a second message authentication code from the terminal; checking whether the second message authentication code matches a third message authentication code according to the second parameter update type, and the first message authentication code matches the third message authentication code.
  • the three-message authentication code is generated according to the second parameter update type and Kausf; wherein, the Kausf is a key between the terminal and the authentication network element.
  • the network side can receive the parameter update type supported by the terminal reported by the terminal, so that the network side can send corresponding parameters to the terminal according to the parameter update type supported by the terminal, that is, send the terminal supported parameter update type to the terminal.
  • the corresponding parameters prevent the network side from sending parameters corresponding to parameter update types that the terminal does not support to the terminal, thereby reducing blind sending on the network side and helping to reduce resource waste on the network side.
  • the network side also performs security verification on the received parameter update type supported by the terminal, so as to ensure that the network side can successfully receive the parameter update type supported by the terminal, which helps to achieve correct communication between the network side and the terminal. communication.
  • the authentication network element and the data management network element cooperate to verify whether the second message authentication code matches the third message authentication code, specifically, the authentication network element calculates the third message authentication code, and the The data management network element compares the second message authentication code with the third message authentication code, compared with the third message authentication code calculated by the authentication network element, and the second message authentication code and the third message authentication code calculated by the authentication network element The comparison of the three message authentication codes helps to reduce the load on the authentication network element.
  • the authentication network element checks whether the second message authentication code matches the third message authentication code, and sends the message authentication code check result to the data management network element.
  • the authentication network element performs the verification. verification function, while the data management network element only needs to obtain the verification result of the message authentication code from the authentication network element, which can realize the decoupling of functions between different network elements and help reduce the amount of information transmission between network elements.
  • a fourth message authentication code from the authentication network element is received, the fourth message authentication code is generated according to the first confirmation information and the Kausf, and the first confirmation information It is used to indicate that the parameter update type supported by the terminal is successfully received; and the fourth message authentication code is sent to the terminal.
  • the fourth message authentication code is sent to the terminal to inform the terminal that the network side has successfully received the parameter update type supported by the terminal, which can prevent the terminal from blindly repeatedly sending the network
  • the side sends the parameter update type supported by the terminal, which helps to reduce the overhead caused by the interaction between the network side and the terminal.
  • the second message authentication code matches the third message authentication code, save the second parameter update type; or, when the second message authentication code matches the third message authentication code If the message authentication codes do not match, the second parameter update type is discarded, and/or the priority of the PLMN where the terminal is located is lowered.
  • the network side can save the second parameter update type, so that the subsequent network side can send parameters corresponding to the second parameter update type to the terminal according to the second parameter update type, which helps to avoid The network side sends parameters corresponding to parameter update types that the terminal does not support to the terminal, thereby reducing waste of resources.
  • the network side can discard the second parameter update type, so that the subsequent network side will not send the parameters corresponding to the second parameter update type to the terminal, which helps to prevent the network side from sending the terminal to the terminal.
  • the parameters corresponding to the supported parameter update types can reduce resource waste.
  • the second message authentication code does not match the third message authentication code, it indicates that the current network may not be secure enough, and there is a possibility of tampering with the transmitted information (such as the first parameter update type sent by the terminal to the network side), so the network
  • the priority of the PLMN where the terminal is located can be reduced, thereby reducing the risk caused by an insecure network.
  • the embodiment of the present application provides a wireless communication method, which can be executed by an authentication network element or a module (such as a chip) applied to the authentication network element.
  • the method includes: receiving a second parameter update type and a second message authentication code from a data management network element; generating a third message authentication code according to the second parameter update type and Kausf, and the Kausf is the terminal and the authentication the secret key between right network elements; verify whether the second message authentication code matches the third message authentication code; send the message authentication code verification result to the data management network element, and the message authentication code verification The verification result is that the second message authentication code matches the third message authentication code or the second message authentication code does not match the third message authentication code.
  • the authentication network element can verify the second message authentication code received by the data management network element, and send the verification result of the message authentication code to the data management network element, so that the data management network element can know the received Whether the second parameter update type has been tampered with.
  • This solution can ensure that the data management network element can judge whether to use the second parameter update type, which helps to realize correct communication between the network side and the terminal.
  • a fourth message authentication code is generated according to the first confirmation information and the Kausf A message authentication code, where the first confirmation information is used to indicate that the data management network element has successfully received the parameter update type supported by the terminal; and sending the fourth message authentication code to the data management network element.
  • the authentication network element when the verification result of the message authentication code is that the second message authentication code matches the third message authentication code, the authentication network element generates a fourth message authentication code and sends the fourth message authentication code to the data management The network element, so that the data management network element can send the fourth message authentication code to the terminal to inform the terminal that the network side has successfully received the parameter update type supported by the terminal, which can prevent the terminal from repeatedly sending the parameter update type supported by the terminal to the network side, Helps reduce the overhead between the terminal and the network side.
  • the embodiment of the present application provides a wireless communication method, which can be executed by an authentication network element or a module (such as a chip) applied to the authentication network element.
  • the method includes: receiving a second parameter update type from a data management network element; generating a third message authentication code according to the second parameter update type and Kausf, and the Kausf is a link between the terminal and the authentication network element a key; sending the third message authentication code to the data management network element.
  • the authentication network element can verify the second message authentication code received by the data management network element, and send the third message authentication code to the data management network element, so that the data management network element can authenticate the second message according to the second message. code and the third message authentication code to determine whether the received second parameter update type has been tampered with.
  • This solution can ensure that the data management network element can judge whether to use the second parameter update type, which helps to realize correct communication between the network side and the terminal.
  • receiving indication information from the data management network element where the indication information is used to indicate that the second message authentication code matches the third message authentication code; according to the first confirmation information and the Kausf above, generating a fourth message authentication code; wherein, the first confirmation information is used to indicate that the data management network element has successfully received the parameter update type supported by the terminal; sending the first confirmation message to the data management network element Four Message Authentication Code.
  • the authentication network element when receiving the indication information from the data management network element indicating that the second message authentication code matches the third message authentication code, the authentication network element generates a fourth message authentication code, and sends the fourth message authentication code to The message authentication code is sent to the data management network element, so that the data management network element can send the fourth message authentication code to the terminal to inform the terminal that the network side has successfully received the parameter update type supported by the terminal, which can prevent the terminal from repeatedly sending messages to the network side. Send the parameter update type supported by the terminal, which helps to reduce the overhead between the terminal and the network side.
  • the embodiment of the present application provides a communication device, and the device may be a terminal, or may be a chip for the terminal.
  • the device has the function of realizing any realization method of the first aspect above. This function may be implemented by hardware, or may be implemented by executing corresponding software on the hardware.
  • the hardware or software includes one or more modules corresponding to the above functions.
  • the embodiment of the present application provides a communication device, and the device may be a data management network element, or may be a chip or a module for the data management network element.
  • the device has the function of implementing any implementation method of the second aspect above. This function may be implemented by hardware, or may be implemented by executing corresponding software on the hardware.
  • the hardware or software includes one or more modules corresponding to the above functions.
  • the embodiment of the present application provides a communication device, and the device may be an authentication network element, or may be a chip or a module used for the authentication network element.
  • the device has the function of realizing any realization method of the above-mentioned third aspect or fourth aspect. This function may be implemented by hardware, or may be implemented by executing corresponding software on the hardware.
  • the hardware or software includes one or more modules corresponding to the above functions.
  • the embodiment of the present application provides a communication device, including a processor and a memory; the memory is used to store computer instructions, and when the device is running, the processor executes the computer instructions stored in the memory so that the device executes Any implementation method in the first aspect to the fourth aspect above.
  • the embodiment of the present application provides a communication device, including a unit or means (means) for performing each step of any implementation method in the first aspect to the fourth aspect.
  • the embodiment of the present application provides a communication device, including a processor and an interface circuit, the processor is configured to communicate with other devices through the interface circuit, and execute any implementation method in the first aspect to the fourth aspect above.
  • the processor includes one or more.
  • the embodiment of the present application provides a communication device, including a processor coupled to the memory, and the processor is used to call the program stored in the memory to execute any implementation in the first aspect to the fourth aspect above method.
  • the memory may be located within the device or external to the device. And there may be one or more processors.
  • the embodiment of the present application also provides a computer-readable storage medium, the computer-readable storage medium stores instructions, and when it runs on the communication device, the above-mentioned first aspect to the fourth aspect Any implementation method of is executed.
  • the embodiment of the present application also provides a computer program product, the computer program product includes a computer program or instruction, when the computer program or instruction is run by a communication device, any of the above first to fifth aspects The implementation method is executed.
  • the embodiment of the present application further provides a chip system, including: a processor, configured to execute any implementation method in the first aspect to the fourth aspect above.
  • the embodiment of the present application provides a communication system, the communication system includes a data management network element for performing any implementation method of the above second aspect, and an authentication network element for performing any implementation method of the above third aspect. right network element.
  • the embodiment of the present application provides a communication system, the communication system includes a data management network element for performing any implementation method of the above second aspect, and an authentication network element for performing any implementation method of the above fourth aspect. right network element.
  • Figure 1 is a parameter configuration architecture diagram defined by 3GPP
  • FIG. 2 is a schematic diagram of a wireless communication method provided by an embodiment of the present application.
  • FIG. 3 is a schematic diagram of a wireless communication method provided by an embodiment of the present application.
  • FIG. 4 is a schematic diagram of a wireless communication method provided by an embodiment of the present application.
  • FIG. 5 is a schematic diagram of a wireless communication method provided by an embodiment of the present application.
  • FIG. 6 is a schematic diagram of a wireless communication method provided by an embodiment of the present application.
  • FIG. 7 is a schematic diagram of a wireless communication method provided by an embodiment of the present application.
  • FIG. 8 is a schematic diagram of a wireless communication method provided by an embodiment of the present application.
  • FIG. 9 is a schematic diagram of a communication device provided by an embodiment of the present application.
  • FIG. 10 is a schematic diagram of a communication device provided by an embodiment of the present application.
  • Fig. 1 is a parameter configuration architecture diagram defined by 3GPP.
  • the home network delivers the configuration information to the terminal through the service network.
  • the unified data management (unified data management, UDM) network element of the home network sends the configuration information to the terminal through the access and mobility management function (AMF) network element of the serving network.
  • AMF access and mobility management function
  • the serving network and the home network are the same public land mobile network (PLMN).
  • PLMN public land mobile network
  • the serving network is the visited network, and the serving network and the home network are different PLMNs.
  • the visited network may be a visited PLMN (visited PLMN, vPLMN)
  • the home network may be a home public land mobile network (home public land mobile network, hPLMN).
  • a terminal may also be called terminal equipment, user equipment (user equipment, UE), mobile station, mobile terminal, and so on.
  • Terminals can be widely used in various scenarios, such as device-to-device (D2D), vehicle-to-everything (V2X) communication, machine-type communication (MTC), Internet of Things ( internet of things, IOT), virtual reality, augmented reality, industrial control, autonomous driving, telemedicine, smart grid, smart furniture, smart office, smart wearables, smart transportation, smart city, etc.
  • Terminals can be mobile phones, tablet computers, computers with wireless transceiver functions, wearable devices, vehicles, drones, helicopters, airplanes, ships, robots, robotic arms, smart home devices, etc.
  • the embodiment of the present application does not limit the specific technology and specific device form adopted by the terminal.
  • the AMF network element performs functions such as mobility management and access authentication/authorization. In addition, it is also responsible for transmitting user policies between terminals and policy control function (policy control function, PCF) network elements.
  • policy control function policy control function
  • the UDM network element performs functions such as managing subscription data and user access authorization.
  • the authentication server function (authentication server function, AUSF) network element is responsible for authenticating users to determine whether users or devices are allowed to access the network.
  • the mobility management network element, data management network element, and authentication network element in the embodiment of the present application may be AMF, UDM, and AUSF in the fifth generation (5th generation, 5G) network, or they may be, or they may be in the future Network elements with the functions of the above-mentioned AMF, UDM, and AUSF in communication such as the sixth generation (6th generation, 6G) network, which are not limited in this application.
  • AMF, UDM, and AUSF are respectively used as examples of mobility management network elements, data management network elements, and authentication network elements for description.
  • the solution provided by the implementation of this application can refer to the wireless communication method shown in Figure 2, including the following steps:
  • Step 201 the terminal generates a first message authentication code (message authentication code, MAC) according to the first parameter update type and Kausf.
  • MAC message authentication code
  • the first parameter update type is a parameter update type supported by the terminal.
  • the first parameter update type may be other parameter update types supported by the terminal except "routing indicator update data" and "default configured NSSAI update data", such as the supported terminal parameter update data set type list (supported UE parameters update data set types list), for example including update of slice authentication credentials, and/or update of secondary authentication credentials.
  • the "credentials" here can be understood as parameters.
  • the update of the secondary authentication credential may also be referred to as the update of the protocol data unit session authentication credential.
  • the Chinese name of routing indicator update data is routing instruction update data
  • the Chinese name of default configured NSSAI update data is the default configuration of network slicing selection assistance information (network slicing selection assistance information, NSSAI) update data.
  • the first parameter update type may also include routing indication update data and default configuration NSSAI update data to be compatible with old features.
  • the Kausf is the key between the terminal and AUSF.
  • Kausf is used as a key (key)
  • the first parameter update type is used as an input parameter to calculate the first MAC.
  • Kausf is used as a key (key)
  • the first parameter update type and the first count value are used as input parameters to calculate the first MAC.
  • the first MAC is used to prevent the first parameter update type from being tampered with during sending. Among them, Kausf is the key between the terminal and AUSF.
  • the terminal may directly perform the above step 201, that is, send the first parameter update type to the network side.
  • the terminal determines to send the first parameter update type to the network side, that is, executes the above step 201:
  • USB universal subscriber identity module
  • the terminal may be triggered to send the first parameter update type to the UDM.
  • the terminal may be triggered to send the first parameter update type to the UDM.
  • the terminal when the terminal is turned on, the terminal may be triggered to send the first parameter update type to the UDM.
  • Condition 4 the first parameter update type has not been sent to the UDM.
  • the first parameter update type may be sent to the UDM.
  • the terminal when the terminal sends the first parameter update type to the UDM but does not receive a response from the UDM, the terminal may resend the first parameter update type to the UDM.
  • the response here may be a MAC, such as the fifth MAC as described below.
  • Step 202 the terminal sends the first parameter update type and the first MAC to the AMF.
  • the terminal carries the first parameter update type and the first MAC in the registration request message sent to the AMF.
  • the terminal carries the first parameter update type and the first MAC in an uplink non-access stratum (non access stratum, NAS) transmission message sent to the AMF.
  • NAS non access stratum
  • the terminal actively reports the parameter update type supported by the terminal to the network side, that is, the first parameter update type, so that the network side can send corresponding parameters to the terminal according to the first parameter update type, that is, send the terminal the same parameter as the first parameter update type.
  • the parameters corresponding to the update type avoid the network side from sending to the terminal the parameters corresponding to the parameter update type not supported by the terminal, thereby reducing waste of resources.
  • the parameter update type is also protected by generating a message authentication code, that is, the first MAC, so as to ensure that the network side can successfully receive the terminal support.
  • the parameter update type for .
  • what the terminal sends is the first parameter update type and the first MAC
  • what the AMF receives is the second parameter update type and the second MAC.
  • the type of the second parameter update received by the AMF is the same as the type of the first parameter update sent by the terminal
  • the second MAC received by the AMF is the same as the first MAC sent by the terminal.
  • the above information sent by the terminal may be tampered with, resulting in the second parameter update type received by the AMF may be different from the first parameter update type sent by the terminal, and the second MAC received by the AMF is the same as the one sent by the terminal.
  • the first MAC may be different.
  • the AMF After receiving the second parameter update type and the second MAC, the AMF sends the second parameter update type and the second MAC to the UDM. Subsequently, the UDM can verify the received second MAC according to the second parameter update type. If the second MAC verification is successful, the UDM confirms that the parameter update type supported by the terminal has been successfully received, that is, the UDM receives The second parameter update type is the same as the first parameter update type sent by the terminal.
  • the UDM checks the received second MAC, which may also be referred to as the UDM checking whether the second MAC matches the third MAC, and the third MAC is generated by the AUSF according to the second parameter update type and Kausf.
  • Implementation method 1 UDM sends the second parameter update type to AUSF, AUSF generates a third MAC according to the second parameter update type and Kausf, AUSF sends the third MAC to UDM, and UDM checks whether the second MAC matches the third MAC.
  • the verification of the second MAC is successful, or referred to as verifying that the second MAC matches the third MAC.
  • the verification of the second MAC fails, or it is called that the verification of the second MAC does not match the third MAC.
  • Implementation method 2 UDM sends the second parameter update type to AUSF, AUSF generates a third MAC according to the second parameter update type and Kausf, AUSF sends the third MAC to UDM, and AUSF checks whether the second MAC matches the third MAC. Then, the AUSF sends the MAC verification result to the UDM, and the MAC verification result is that the second MAC matches the third MAC or the second MAC does not match the third MAC.
  • the network side can save the second parameter update type, so that the subsequent network side can send the parameters corresponding to the second parameter update type to the terminal according to the second parameter update type, which helps to prevent the network side from sending the terminal Parameters corresponding to parameter update types not supported by the terminal are sent, thereby reducing waste of resources.
  • the network side can discard the second parameter update type, so that the subsequent network side will not send the parameters corresponding to the second parameter update type to the terminal, which helps to prevent the network side from sending the terminal to the terminal.
  • the parameters corresponding to the supported parameter update types can reduce resource waste.
  • the second message authentication code does not match the third message authentication code, it indicates that the current network may not be secure enough, and there is a possibility of tampering with the transmitted information (such as the first parameter update type sent by the terminal to the network side), so the network
  • the priority of the PLMN where the terminal is located can be reduced, thereby reducing the risk caused by an insecure network.
  • the UDM verification result shows that the second MAC matches the third MAC, it indicates that the UDM has successfully received the parameter update type supported by the terminal, and the UDM may also inform the terminal that the UDM has successfully received the parameter update type supported by the terminal.
  • the UDM sends a fourth MAC to the terminal.
  • the fourth MAC is generated by the AUSF according to the first confirmation information and Kausf.
  • the first confirmation information is used to indicate that the parameter update type supported by the terminal is successfully received.
  • the terminal After receiving the fifth MAC, the terminal verifies the fifth MAC according to the second confirmation information and Kausf.
  • the UDM sends is the fourth MAC
  • what the terminal receives is the fifth MAC.
  • the fifth MAC is the same as the fourth MAC. If there is a security risk in the network, the fourth MAC sent by the UDM may be tampered with, and the fifth MAC received by the terminal may be different from the fourth MAC.
  • the second confirmation information used when the terminal checks the fifth MAC is the same confirmation information as the first confirmation information used when the AUSF generates the fourth MAC, for example, it may be the same 1-bit information.
  • the method for the terminal to verify the fifth MAC may be, for example, using Kausf as a key and using the second confirmation information as an input parameter to calculate and obtain the sixth MAC. Then the terminal judges whether the sixth MAC is the same as the fifth MAC. When the sixth MAC is the same as the fifth MAC, the verification of the fifth MAC succeeds, and when the sixth MAC is different from the fifth MAC, the verification of the fifth MAC fails.
  • the successful verification of the fifth MAC also means that the fourth MAC sent by the UDM is the same as the fifth MAC received by the terminal.
  • the terminal can save the second confirmation information, and the subsequent terminal confirms that the network side has successfully received the second confirmation information according to the saved second confirmation information.
  • a parameter update type so that the terminal can no longer send the first parameter update type to the network side, which helps to reduce overhead.
  • the terminal can discard the second confirmation information, and the subsequent terminal confirms that it has not saved the second confirmation information, then confirms that the network side has not successfully received the second confirmation information.
  • a parameter update type so that the terminal can send the first parameter update type again from the network side, which helps to improve the possibility that the network side successfully receives the first parameter update type.
  • the fifth MAC check fails, it indicates that the current network may not be secure enough, and there is a possibility of tampering with the transmitted information (such as the message authentication code sent by the network side to the terminal), so the terminal can reduce the priority of the PLMN where the terminal is located, thereby Risks posed by insecure networks can be reduced.
  • the method for the UDM to obtain the fourth MAC may be: when the MAC check result generated by the AUSF is that the second MAC matches the third MAC , the AUSF generates a fourth MAC according to the first confirmation information and Kausf, and then the AUSF sends the fourth MAC to the UDM.
  • the method for the UDM to obtain the fourth MAC may be: when the UDM determines that the second MAC matches the second MAC, it sends indication information to the AUSF , the indication information is used to indicate that the second MAC matches the third MAC; then, according to the indication information, the AUSF triggers generation of a fourth MAC according to the first confirmation information and Kausf, and then the AUSF sends the fourth MAC to the UDM.
  • the terminal receives a downlink non-access stratum transmission message from the AMF, wherein, when the downlink non-access stratum transmission message contains parameters corresponding to the first parameter update type, it is determined that the UDM has successfully received the first parameter update type, and when The downlink non-access stratum transmission message does not include the parameters corresponding to the first parameter update type, and it is determined that the UDM has not successfully received the first parameter update type, and then the terminal may lower the priority of the PLMN where the terminal is located.
  • the UDM when the UDM sends parameters to the terminal, if the second MAC matches the third MAC, the UDM can send the parameter corresponding to the second parameter update type to the terminal, where the second parameter update type is the same as the first MAC address. A parameter update of the same type. If the second MAC does not match the third MAC, the UDM does not send the parameter corresponding to the second parameter update type to the terminal, where the second parameter update type may be the same as or different from the first parameter update type.
  • the terminal judges whether the UDM has successfully received the first parameter update type by judging whether the UDM has sent the parameter corresponding to the first parameter update type.
  • the terminal after the terminal sends the first parameter update type to the network side, it can determine whether the network side has successfully received the first parameter update type by checking whether the network side subsequently sends the parameter corresponding to the first parameter update type to the terminal. .
  • This method does not require the network side to inform the terminal whether the network side has successfully received the first parameter update type through additional indication information (such as a message authentication code), but uses an implicit method to inform the terminal whether the network side has successfully received the first parameter update type.
  • the parameter update type can reduce the signaling interaction between the network side and the terminal, which helps to reduce overhead.
  • Fig. 3 is a kind of wireless communication method provided by the embodiment of the present application, the method includes the following steps:
  • Step 301 the terminal sends a first request to the AMF.
  • the AMF receives the first request.
  • the first request may be a registration request or an uplink NAS transport (UL NAS transport) message.
  • UL NAS transport uplink NAS transport
  • the first request includes a first parameter update type and a first MAC, and optionally also includes a first count value (counter) and/or an acknowledgment indication (ACK indication).
  • the first count value When the first count value is used when calculating the first MAC, the first count value needs to be carried in the first request.
  • the acknowledgment indication is used to indicate to return a response after receiving the first parameter update type, and the response may include a MAC.
  • the first request carries the first parameter update type and the first MAC, and optionally, also carries A first count value and/or a confirmation indication.
  • the first parameter update type and the first MAC can be encapsulated into a container (container), which is transparent to AMF, that is, AMF does not need to read the content of the container, and AMF directly This container is passed to UDM.
  • the container further includes a first count value and/or a confirmation indication.
  • the first request may be a registration request
  • the registration request may be carried in a security mode complete (security mode complete) message
  • the security mode completion message may be the registration request For security protection.
  • step 302 the AMF sends a second request to the UDM.
  • the UDM receives the second request.
  • the terminal sends the first parameter update type, the first MAC and the first count value
  • the UDM receives the second parameter update type, the second MAC and the second count value.
  • the second parameter update type received by the UDM is the same as the first parameter update type sent by the terminal
  • the second MAC received by the UDM is the same as the first MAC sent by the terminal
  • the second count value received by the UDM is the same as The first count values sent by the terminal are the same.
  • the above information sent by the terminal may be tampered with, resulting in that the second parameter update type received by UDM may be different from the first parameter update type sent by the terminal, and the second MAC received by UDM is the same as that sent by the terminal.
  • the first MAC may be different
  • the second count value received by the UDM may be different from the first count value sent by the terminal.
  • the second request includes a second parameter update type and a second MAC.
  • the second request when the first request includes the first count value, the second request also includes the second count value.
  • the first request includes the confirmation indication
  • the second request also includes the confirmation indication.
  • the second request may be a UE context management registration request, a subscription data management acquisition request, or a subscription data management notification message.
  • step 303 the UDM sends a third request to the AUSF.
  • the AUSF receives the third request.
  • the third request includes a permanent subscription identifier (subscription permanent identifier, SUPI), a second parameter update type, and a second MAC.
  • a permanent subscription identifier subscription permanent identifier, SUPI
  • SUPI subscription permanent identifier
  • second parameter update type e.g., a second MAC
  • the third request when the second request includes the second count value, the third request also includes the second count value.
  • the second request when the second request includes an acknowledgment indication, the third request also includes an acknowledgment indication.
  • the second request may be a UE parameter update (UE parameter update, UPU) protection request or a UPU data type verification request.
  • UE parameter update UE parameter update, UPU
  • SUPI is used to uniquely identify a terminal.
  • AUSF can obtain the key (Kausf) corresponding to the SUPI according to the SUPI. That is, the AUSF stores Kausf corresponding to each terminal, and the AUSF needs to obtain the corresponding Kausf according to the SUPI, so as to ensure that the AUSF and the terminal use the same Kausf.
  • step 304 the AUSF checks the second MAC.
  • Checking the second MAC here may also be described as: checking the second parameter update type, or as: checking whether the second parameter update type matches the second MAC.
  • the AUSF generates the third MAC in the same way as the terminal generates the first MAC. If the third MAC is the same as the second MAC, the verification of the second MAC is successful, indicating that the first parameter update type has not been tampered with during transmission, that is, the second parameter update type is the same as the first parameter update type. If the second MAC is different from the first MAC, the verification of the second MAC fails, indicating that the first parameter update type may be tampered with during transmission, that is, the second parameter update type may be different from the first parameter update type.
  • the specific process for the AUSF to generate the third MAC is as follows: As an implementation method, the third MAC is calculated by using Kausf as a key and the second parameter update type received by the AUSF as an input parameter. As another implementation method, if the third request also carries the second count value, AUSF uses Kausf as the key, uses the second parameter update type and the second count value received by AUSF as input parameters, and calculates the third MAC.
  • the AUSF checks the second MAC, which may also be referred to as whether the AUSF checks whether the third MAC matches the second MAC.
  • step 305 the AUSF generates a fourth MAC.
  • the AUSF executes the step 305; If it fails, the AUSF does not execute step 305.
  • the method for AUSF to generate the fourth MAC is: AUSF generates the first acknowledgment information (ACK) according to the acknowledgment indication, then uses Kausf as the key, and uses the first acknowledgment information and the second count value as input parameters to calculate the fourth MAC .
  • the count value used when generating the fourth MAC is the same as the count value used when generating the third MAC, both being the second count value.
  • the first confirmation information used by the AUSF may also be sent to the AUSF by the UDM.
  • the first confirmation information is used to indicate that the UDM has successfully received the first parameter update type or the UDM has successfully verified the received parameter update type.
  • the generation of the first acknowledgment information (ACK) described in this application only means that the AUSF performs MAC calculation according to the first acknowledgment information, and does not necessarily require the generation of the first acknowledgment information, because the first acknowledgment information can be fixed 1-bit data, It can be directly used as the input to calculate the MAC, and does not need to be generated.
  • step 306 the AUSF sends a third response to the UDM.
  • the UDM receives the third response.
  • the third response is a response to the third request.
  • the third response includes the MAC check result.
  • the MAC verification result is success of the second MAC verification or failure of the second MAC verification.
  • the MAC verification result here may also be described as: the result of verifying the second parameter update type, or as: the result of verifying whether the second parameter update type matches the second MAC.
  • the third response further includes a fourth MAC.
  • the third response may also include the first confirmation information.
  • Step 307 when the MAC verification result is that the second MAC verification is successful, the UDM saves the second parameter update type; when the MAC verification result is the second MAC verification failure, the UDM discards the second parameter update type and/or reduces The priority of the PLMN where the terminal is located.
  • the result of the MAC verification is that the verification of the second MAC is successful, which can also be understood as that the second MAC matches the third MAC.
  • the result of the MAC verification is that the second MAC verification fails, which can also be understood as the fact that the second MAC does not match the third MAC.
  • the reason why the priority of the PLMN where the terminal is located is lowered is that there may be a problem of tampering with the transmitted information (such as the update type of the first parameter) in the network, so there may be a security risk.
  • Step 308 the UDM sends a second response to the AMF.
  • the AMF receives the second response.
  • the second response carries the fourth MAC.
  • the step 308 when the UDM receives the fourth MAC from the AUSF, the step 308 is performed; when the UDM does not receive the fourth MAC from the AUSF, the step 308 may not be performed.
  • Step 309 the AMF sends a first response to the terminal.
  • the terminal receives the first response.
  • the first response is a registration acceptance, or a downlink NAS transport (DL NAS transport) message.
  • DL NAS transport downlink NAS transport
  • the first response is a downlink NAS transport (DL NAS transport) message.
  • DL NAS transport downlink NAS transport
  • the first response includes the fifth MAC.
  • the UDM sends the fourth MAC, and the first response received by the terminal carries the fifth MAC.
  • the fifth MAC is the same as the fourth MAC. If there is a security risk in the network, the fourth MAC sent by the UDM may be tampered with, and the fifth MAC received by the terminal may be different from the fourth MAC. It should be noted that the fourth MAC sent by the UDM may be tampered before the AMF sends the first response, or may be tampered on the air interface after the AMF sends the first response.
  • Step 310 the terminal checks the fifth MAC.
  • the fifth MAC received by the terminal is the same as the fourth MAC sent by the UDM.
  • the fourth MAC sent by the UDM may be tampered with, so that the fifth MAC received by the terminal may be different from the fourth MAC sent by the UDM.
  • checking the fifth MAC here may also be described as: checking the second confirmation information, or as: checking whether the second confirmation information matches the fifth MAC.
  • the step 310 is performed; when the terminal does not receive the fifth MAC, the step 310 is not performed.
  • the fifth MAC is generated according to the first confirmation information and Kausf.
  • the terminal generates the sixth MAC in the same way as the AUSF generates the fourth MAC. If the sixth MAC is the same as the fifth MAC, the verification of the fifth MAC is successful, indicating that the UDM has successfully received the parameter update type (ie, the first parameter update type) supported by the terminal, and also indicates that the fourth MAC has not been blocked during transmission. tamper. If the sixth MAC is different from the fifth MAC, then the verification of the fifth MAC fails, indicating that the fourth MAC has been tampered with during transmission.
  • the parameter update type ie, the first parameter update type
  • the specific process for the terminal to generate the sixth MAC is: using Kausf as a key, and using the second confirmation information and the first count value as input parameters to obtain the sixth MAC through calculation.
  • the count value used to generate the sixth MAC is the same as the count value used to generate the first MAC, and both are the first count value.
  • the second confirmation information used when the terminal generates the sixth MAC is the same confirmation information as the first confirmation information used when the AUSF generates the fourth MAC, for example, it may be the same 1-bit information.
  • the second confirmation information may be generated by the terminal, or when the terminal needs to generate the sixth MAC, the terminal directly uses the second confirmation information as an input for calculating the sixth MAC, that is, the second confirmation information may not be generated, but It is to directly use the second confirmation information.
  • the terminal may trigger the terminal to calculate the sixth MAC, and use the sixth MAC to check the fifth MAC.
  • the terminal may trigger the terminal to calculate the sixth MAC, and use the sixth MAC to check the fifth MAC.
  • the terminal can calculate and save the sixth MAC before sending the first MAC, and after receiving the fifth MAC, The fifth MAC is verified using the sixth MAC.
  • the terminal when the fifth MAC verification succeeds, stores the second confirmation information.
  • the terminal discards the second confirmation information and/or reduces the priority of the PLMN where the terminal is located.
  • the terminal actively reports the parameter update type supported by the terminal to the network side, so that the network side can send corresponding parameters to the terminal according to the parameter update type reported by the terminal, that is, send to the terminal the parameter corresponding to the parameter update type supported by the terminal,
  • the network side is prevented from sending parameters corresponding to parameter update types not supported by the terminal to the terminal, thereby reducing waste of resources.
  • the parameter update type is also protected by generating a MAC to ensure that the network side can successfully receive the parameter update type supported by the terminal.
  • FIG. 4 is a wireless communication method provided by the embodiment of the present application. The difference between this method and the above-mentioned method in FIG. 3 is:
  • UDM checks whether the second MAC matches the third MAC according to the second parameter update type: UDM sends the second parameter update type and the second MAC to AUSF, and AUSF updates according to the second parameter Type and Kausf generate the third MAC, and then AUSF judges whether the third MAC is the same as the second MAC, and generates a MAC verification result, and the MAC verification result is that the second MAC matches the third MAC or the second MAC does not match the third MAC. match, and then the AUSF sends the MAC check result to the UDM. Therefore, the UDM acquires whether the second MAC matches the third MAC according to the MAC verification result.
  • UDM checks whether the second MAC matches the third MAC according to the second parameter update type: UDM sends the second parameter update type to AUSF, which is generated by AUSF according to the second parameter update type and Kausf The third MAC, the AUSF sends the third MAC to the UDM, and then the UDM checks whether the second MAC matches the third MAC, that is, determines whether the third MAC is the same as the second MAC. When the third MAC is the same as the second MAC, the second MAC matches the third MAC, and when the third MAC is different from the second MAC, the second MAC does not match the third MAC.
  • the method of Figure 4 includes the following steps:
  • Step 401 to step 402 same as step 301 to step 302, can refer to the foregoing description.
  • step 403 the UDM sends a third request to the AUSF.
  • the AUSF receives the third request.
  • the third request includes SUPI and the second parameter update type.
  • the third request when the second request includes the second count value, the third request also includes the second count value.
  • the second request includes the confirmation indication
  • the third request also includes the confirmation indication.
  • the second request may be a UPU protection request or a UPU data type verification request.
  • the function of SUPI can refer to the description in step 303 .
  • step 404 the AUSF generates a third MAC.
  • step 405 the AUSF sends a third response to the UDM.
  • the UDM receives the third response.
  • the third response is a response to the third request.
  • the third response includes the third MAC.
  • Step 406 is the same as step 307, and reference may be made to the foregoing description.
  • Step 407 when the result of the MAC verification is that the verification of the second MAC is successful, the UDM sends indication information to the AUSF, which is used to indicate that the second MAC matches the third MAC, or is used to indicate that the verification of the second MAC is successful.
  • step 408 the AUSF generates a fourth MAC.
  • the AUSF executes step 408, and when the AUSF does not receive the indication information from the UDM, or the above-mentioned third request does not contain an acknowledgment indication, then AUSF does not perform this step 408 .
  • step 409 the AUSF sends the fourth MAC to the UDM.
  • the UDM receives the fourth MAC.
  • step 408 is executed, then step 409 is executed.
  • Step 410 to step 412 same as step 308 to step 310, can refer to the foregoing description.
  • the terminal actively reports the parameter update type supported by the terminal to the network side, so that the network side can send corresponding parameters to the terminal according to the parameter update type reported by the terminal, that is, send to the terminal the parameter corresponding to the parameter update type supported by the terminal,
  • the network side is prevented from sending parameters corresponding to parameter update types not supported by the terminal to the terminal, thereby reducing waste of resources.
  • the parameter update type is also protected by generating a MAC to ensure that the network side can successfully receive the parameter update type supported by the terminal.
  • Figure 5 is a wireless communication method provided by the embodiment of the present application.
  • the main difference between this method and the method in Figure 3 is that in the method in Figure 3, the terminal can judge whether the UDM is successfully received by checking the received fifth MAC.
  • the first parameter update type that is, the UDM explicitly informs the terminal whether the first parameter update type is successfully received; in the method in Figure 5, when the UDM successfully receives the first parameter update type, it will not send the second Four MAC, but the terminal judges whether the UDM is successful by judging whether the parameter corresponding to the first parameter update type is received in the subsequent UE parameter update (UE parameter update, UPU) process or roaming processing (Steering of roaming, SoR) process
  • the first parameter update type is received, that is, the UDM implicitly informs the terminal whether the first parameter update type has been successfully received.
  • the method includes the following steps:
  • Step 501 to step 506, same as step 301 to step 304, step 306 to step 307, can refer to the foregoing description.
  • step 501 to step 506 none of the first request, second request, and third request carried an acknowledgment indication, AUSF did not calculate the fourth MAC, and the third response did not include the fourth MAC. MAC. That is, during the interaction process between the terminal and the UDM, the UDM does not need to send the fourth MAC to the terminal.
  • Step 507 the AMF sends a first response to the terminal.
  • the terminal receives the first response.
  • the first response is a registration acceptance.
  • the first request is an uplink NAS transport message
  • the first response is a downlink NAS transport (DL NAS transport) message.
  • Step 508 UDM decides to perform UPU or SoR.
  • step 509 the UDM sends a first notification message to the AMF.
  • the AMF receives the first notification message.
  • the first notification message may be a Nudm_SDM_Notification message.
  • the first notification message may include parameters corresponding to the second parameter update type. Since in this case, the second parameter update type is the same as the first parameter update type, it can also be understood that the first notification message includes parameters corresponding to the first parameter update type.
  • Step 510 the AMF sends a second notification message to the terminal.
  • the terminal receives the second notification message.
  • the second notification message may be a downlink NAS transport (DL NAS transport) message.
  • DL NAS transport downlink NAS transport
  • the second notification message carries the parameter corresponding to the first parameter update type.
  • the terminal may determine whether the UDM has received the first parameter update type according to whether the second notification message includes a parameter corresponding to the first parameter update type. Wherein, when the second notification message contains the parameters corresponding to the first parameter update type, it is determined that the UDM has successfully received the first parameter update type; when the second notification message does not contain the parameters corresponding to the first parameter update type, then it is determined that the UDM The first parameter update type was not successfully received.
  • the terminal may lower the priority of the PLMN where the terminal is located.
  • the terminal actively reports the parameter update type supported by the terminal to the network side, so that the network side can send corresponding parameters to the terminal according to the parameter update type reported by the terminal, that is, send to the terminal the parameter corresponding to the parameter update type supported by the terminal,
  • the network side is prevented from sending parameters corresponding to parameter update types not supported by the terminal to the terminal, thereby reducing waste of resources.
  • the parameter update type is also protected by generating a MAC to ensure that the network side can successfully receive the parameter update type supported by the terminal.
  • the terminal implicitly judges whether the previously sent first parameter update type has been safely transmitted to the UDM according to the subsequent UPU or SoR process, and then judges whether the service network has tampered with or discarded the first parameter update type, so that It saves extra MAC calculation and transmission, and reduces the signaling and calculation overhead of the terminal and the network.
  • Figure 6 is a wireless communication method provided by the embodiment of the present application.
  • the main difference between this method and the method in Figure 4 is that in the method in Figure 4, the terminal can judge whether the UDM is successfully received by checking the received fifth MAC.
  • the first parameter update type that is, the UDM explicitly informs the terminal whether the first parameter update type is successfully received; in the method in Figure 6, when the UDM successfully receives the first parameter update type, it will not send the second Four MAC, but the terminal judges whether the UDM has successfully received the first parameter update type by judging whether the parameter corresponding to the first parameter update type is received in the subsequent UPU process or SoR process, that is, the UDM informs the terminal implicitly Whether the first parameter update type was successfully received.
  • the method includes the following steps:
  • Step 601 to step 606, same as step 401 to step 406, can refer to the foregoing description.
  • step 606 none of the first request, the second request, and the third request carries an acknowledgment indication.
  • Step 607 to step 610 same as step 507 to step 510, can refer to the foregoing description.
  • the terminal actively reports the parameter update type supported by the terminal to the network side, so that the network side can send corresponding parameters to the terminal according to the parameter update type reported by the terminal, that is, send to the terminal the parameter corresponding to the parameter update type supported by the terminal,
  • the network side is prevented from sending parameters corresponding to parameter update types not supported by the terminal to the terminal, thereby reducing waste of resources.
  • the parameter update type is also protected by generating a MAC to ensure that the network side can successfully receive the parameter update type supported by the terminal.
  • the terminal implicitly judges whether the previously sent first parameter update type has been safely transmitted to the UDM according to the subsequent UPU or SoR process, and then judges whether the service network has tampered with or discarded the first parameter update type, so that It saves extra MAC calculation and transmission, and reduces the signaling and calculation overhead of the terminal and the network.
  • FIG. 7 it is a wireless communication method provided by the embodiment of this application. The method includes the following steps:
  • Step 701 the terminal sends a registration request to the AMF.
  • the AMF receives the registration request.
  • the registration request includes a subscription concealed identifier (SUCI).
  • SUCI subscription concealed identifier
  • the implementation methods of SUCI include but are not limited to the following methods 1 and 2:
  • Method 1 Encrypt the SUPI and the parameter update type supported by the terminal to obtain the SUCI.
  • the parameter update type supported by the terminal and SUPI are spliced first to obtain spliced information, and then the concatenated information is encrypted to obtain an output part (output) of SUCI.
  • the splicing information may be expressed as "SUPI
  • Method 2 splicing the parameter update type, MAC and SUPI ciphertext supported by the terminal to obtain the SUCI.
  • the MAC is calculated by using the UDM public key and the parameter update type supported by the terminal. This MAC is used to prevent the parameter update type supported by the terminal from being tampered with during transmission.
  • SUCI can contain any of the following information:
  • the SUCI is carried in the registration request.
  • the registration request can be carried in a security mode completion message, and the security mode completion message can provide security protection for the registration request.
  • step 702 the AMF sends an authentication request to the AUSF.
  • the AUSF receives the authentication request.
  • the SUCI is included in the authentication request.
  • the authentication request is used to authenticate the terminal indicated by the SUCI.
  • step 703 the AUSF sends an authentication request to the UDM.
  • UDM receives the authentication request.
  • the authentication request is used to request to acquire authentication parameters of the terminal indicated by the SUCI.
  • step 704 the UDM decrypts the SUCI to obtain the parameter update type supported by the terminal.
  • the UDM decrypts the SUCI to obtain the parameter update type supported by the terminal.
  • the UDM can obtain the plaintext information of the parameter update type supported by the terminal from the SUCI, and then verify the MAC according to the parameter update type supported by the terminal. If the verification is successful, it indicates the parameters supported by the terminal The update type has not been tampered with during transmission, so the UDM can successfully obtain the parameter update type supported by the terminal sent by the terminal.
  • step 705 the UDM saves the received parameter update type supported by the terminal.
  • the existing IE and process can be reused and the parameter update type supported by the terminal can be safely sent to UDM, avoiding the impact on the existing system process
  • the transformation reduces the signaling overhead of the terminal and the network.
  • FIG. 8 it is a wireless communication method provided by the embodiment of this application. This method is applied in the SOR process. The method is to notify the terminal to report the parameter update type supported by the terminal in the SOR process.
  • the method includes the following steps:
  • step 801 the UDM sends a first request to the AUSF, and the AUSF receives the first request accordingly.
  • the first request may be a Nausf_SoRProtection message.
  • the UDM supports a new parameter update type, and the UDM needs to obtain the new parameter update type supported by the terminal. If the UDM has no SoR parameters to be sent to the terminal, the UDM can also initiate a SoR process with an empty payload because it needs to obtain the parameter update type supported by the terminal. If the UDM needs to update SoR parameters, optionally, the payload part carries corresponding roaming parameters.
  • the new parameter update type here refers to other parameter update types except SoR parameter update.
  • the new parameter update type supported by UDM is SoR-CMCI.
  • the full name of CMCI is connected mode control information (connected mode control information).
  • the UDM supports other parameter update types besides the routing indication update data and the default configuration network slice selection auxiliary information update data.
  • the SoR parameter update here refers to that the UDM sends the updated SoR parameter to the terminal, and the SoR parameter may be a list of access technologies/PLMN IDs.
  • the list contains: 4G/PLMN ID 1, 4G/PLMN ID 2, 5G/PLMN ID 1, 5G/PLMN ID 2.
  • the first request includes SUPI, and the SUPI is used to identify a terminal.
  • the AUSF can obtain the Kausf corresponding to the SUPI according to the SUPI.
  • the first request also includes a new parameter update type supported by UDM.
  • step 802 the AUSF acquires first information.
  • the first information may be SoRheader.
  • the first information includes a first indication, and the first indication is used to indicate that the terminal needs to use newly added parameters to calculate the MAC returned by the terminal side, or indicate that UDM supports a new parameter update type, or indicate that the terminal sends a supported parameter update type.
  • New parameters refer to parameters other than ACK, such as the SoR header returned by the terminal and/or new parameter update types.
  • the first information is sent to the AUSF after the UDM is generated.
  • the first information is generated by the AUSF. For example, if the first request includes a new parameter update type supported by UDM, the AUSF generates a first indication according to the new parameter update type supported by UDM, and then generates first information according to the first indication.
  • Step 803 AUSF generates a first MAC according to Kausf, first information and a first count value.
  • the Kausf corresponds to SUPI.
  • This Kausf is the same Kausf used in the terminal.
  • step 804 the AUSF sends a first response to the UDM, and the UDM receives the first response accordingly.
  • the first response may be a Nausf_SoRProtection Response message.
  • the first response includes a first MAC, first information, and a first count value.
  • step 805 the UDM sends the first message to the AMF, and the AMF receives the first message accordingly.
  • the first message may be a Nudm_SDM_Notification message.
  • the first message may be a subscription data management acquisition response or a subscription data management notification.
  • the first message includes a first MAC, first information and a first count value.
  • Step 806 the AMF sends the second message to the terminal, and the terminal receives the second message accordingly.
  • the second message may be a registration accept message or a downlink NAS transmission message.
  • the second message includes the first MAC, the first information and the first count value.
  • the UDM sends is the first MAC, the first information and the first count value
  • what the terminal receives is the second MAC, the second information and the second count value.
  • the second MAC received by the terminal is the same as the first MAC sent by UDM
  • the second information received by the terminal is the same as the first message sent by UDM
  • the second count value received by the terminal is the same as the first MAC sent by UDM.
  • the above information sent by UDM may be tampered with, causing the second MAC received by the terminal to be different from the first MAC sent by UDM, and the second message received by the terminal is different from the first message sent by UDM. It may be different, and the second count value received by the terminal may be different from the first count value sent by the UDM.
  • Step 807 the terminal checks the second MAC according to the second count value, the second information and Kausf.
  • the terminal generates the third MAC according to the second count value, the second information and Kausf.
  • the third MAC is the same as the second MAC, indicating that the first information has not been tampered with during transmission
  • the second MAC is verified successfully, that is, it is determined that the second MAC received by the terminal is the same as the first MAC sent by the AMF, and the terminal
  • the received second information is the same as the first information sent by the AMF
  • the second count value received by the terminal is the same as the first count value sent by the AMF.
  • the third MAC is different from the second MAC, it indicates that the first information may be tampered with during transmission, that is, the second information may be different from the first information, and the verification of the second MAC fails.
  • Step 808 if the second MAC verification is successful, when the terminal supports a new parameter update type, trigger generation of a fourth MAC according to Kausf, the first parameter update type and the third count value according to the first indication.
  • the first parameter update type may be a supported UE parameters update data set types list (supported UE parameters update data set types list), or other than routing indication update data and default configuration network slice selection auxiliary information update data Updated list of supported terminal parameters for dataset types.
  • the trigger terminal uses Kausf as a key, takes the first parameter update type and the third count value as inputs, and generates a fourth MAC.
  • the third information is also used as input, and the third information may be the SoR header generated by the terminal.
  • the third count value is different from the aforementioned second count value.
  • the first parameter update type refers to a parameter update type supported by the terminal.
  • the third information includes a second indication
  • the second indication is used to indicate that new parameters need to be used to calculate the MAC on the AUSF side, or indicate that the terminal supports a new parameter update type, or indicate that the terminal sends a new The parameter update type for .
  • Step 809 the terminal sends the third message to the AMF, and the AMF receives the third message accordingly.
  • the third message may be a registration completion message or an uplink NAS transmission message.
  • the third message includes the first parameter update type, the fourth MAC, the third information and the third count value.
  • step 810 the AMF sends a fourth message to the UDM, and the UDM receives the fourth message accordingly.
  • the fourth message includes a second parameter update type, a fifth MAC, fourth information and a fourth count value.
  • the fourth message may be a Nudm_SDM_Info message.
  • the terminal sends the first parameter update type, the fourth MAC, the third information and the third count value, while the UDM receives the second parameter update type, the fifth MAC, the fourth information and the fourth count value.
  • the second parameter update type received by UDM is the same as the first parameter update type sent by the terminal
  • the fifth MAC received by UDM is the same as the fourth MAC sent by the terminal
  • the fourth message received by UDM is the same as the terminal
  • the third information sent is the same
  • the fourth count value received by the UDM is the same as the third count value sent by the terminal.
  • the above information sent by the terminal may be tampered with, causing the second parameter update type received by UDM to be different from the first parameter update type sent by the terminal, and the fifth MAC received by UDM is the same as that sent by the terminal.
  • the fourth MAC may be different, the fourth information received by the UDM may be different from the third information sent by the terminal, and the fourth count value received by the UDM may be different from the third count value sent by the terminal.
  • the UDM sends a fifth message to the AUSF, and the AUSF receives the fifth message accordingly.
  • the UDM sends the fifth message to the AUSF according to the second indication in the fourth message or according to the new parameter update type carried in the fourth message, which carries the second parameter update type, the fifth MAC and the fourth count value.
  • the fifth message also carries fourth information.
  • the UDM may ignore or delete the MAC according to the second indication or according to the new parameter update type carried in the fourth message.
  • Step 812 AUSF checks the fifth MAC according to the second parameter update type, the fourth count value and Kausf.
  • the AUSF generates the sixth MAC according to the update type of the second parameter, the fourth count value and Kausf.
  • the sixth MAC is the same as the fifth MAC
  • the verification of the fifth MAC is successful, that is, it is determined that the fifth MAC received by the UDM is the same as the fourth MAC sent by the terminal, and the second parameter update type received by the UDM is the same as that sent by the terminal.
  • the first parameter update type is the same
  • the fourth count value received by the AMF is the same as the third count value sent by the terminal.
  • the sixth MAC is different from the fifth MAC, it indicates that the first parameter update type may be tampered with during transmission, that is, the second parameter update type may be different from the first parameter update type, and the verification of the fifth MAC fails.
  • the AUSF checks the fifth MAC according to the second parameter update type, the fourth count value, the fourth information and Kausf.
  • Checking the fifth MAC here may also be described as: checking the second parameter update type, or as: checking whether the second parameter update type matches the fifth MAC.
  • step 813 the AUSF sends the MAC check result to the UDM.
  • the UDM receives the MAC check result.
  • the result of the MAC check is that the fifth MAC check succeeds or the fifth MAC check fails.
  • the MAC verification result here may also be described as: the result of verifying the second parameter update type, or as: the result of verifying whether the second parameter update type matches the fifth MAC.
  • Step 814 when the MAC verification result is that the fifth MAC verification is successful, the UDM saves the received second parameter update type; when the MAC verification result is that the fifth MAC verification fails, the UDM discards the received second parameter Update the type and/or reduce the priority of the PLMN where the terminal is located.
  • the fifth MAC in the above step 811 does not carry the fifth MAC
  • the above step 812 is modified to: AUSF generates the sixth MAC according to the second parameter update type, the fourth count value and Kasuf
  • the above step 813 is modified to: AUSF sends the sixth MAC to UDM
  • a step is added between step 813 and step 814: UDM checks the fifth MAC according to the sixth MAC.
  • the parameter update type supported by the terminal is carried in the SoR process, so that the existing process can be reused to the greatest extent, the signaling overhead of the terminal and the network side is reduced, and the purpose of transmitting the parameter update type supported by the terminal to the network is also achieved.
  • step 808 the third counter value used by the terminal when generating the fourth MAC is the same as the second counter value received in step 807.
  • step 812 the fourth count value used when checking the fifth MAC is the same as the first count value.
  • the first count value, the second count value, the second count value and the fourth count value are all the same count value.
  • the AUSF saves the used first count value.
  • the UDM saves the received first count value.
  • the UDM receives the fourth count value, it may determine whether the fourth count value is the same as the first count value.
  • the AUSF may further determine whether the fourth count value is the same as the first count value. If they are the same, it indicates that the received fourth count value is fresh, then perform step 812 and subsequent steps. If not, the fifth message is discarded and subsequent steps are stopped.
  • the third counter value used when the terminal generates the fourth MAC in step 808 is the same as the second counter value received in step 807, then the third message does not carry the first The third count value, correspondingly, the fourth message does not carry the fourth count value, so the count value used when checking the fifth MAC in step 812 is the first count value.
  • the UDM saves the first count value after step 804, after the UDM performs the above verification action, even if it does not receive the fourth count value in the fourth message, the saved first count value can also be saved. The count value is carried in the fifth message, so the count value used when checking the fifth MAC in step 812 is the first count value.
  • AUSF can directly use the stored first count value, so that the count value used when checking the fifth MAC in step 812 is the first count value value.
  • the terminal in the SoR process, the terminal is notified to report the parameter update type supported by the terminal.
  • the terminal in the UPU process, the terminal may also be notified of the type of parameter update supported by the terminal.
  • the specific implementation process is similar to the above-mentioned method embodiment in FIG. 8, the main difference is:
  • the above-mentioned first request may be a Nausf_UPUProtection message, and the new parameter update type supported by UDM refers to other parameter update types except routing indication update data and default configuration NSSAI update data.
  • the above first information may be UPF header.
  • the above-mentioned first response may be a Nausf_UPUProtection Response message.
  • the above third information may be UPU header.
  • the AUSF, UDM, AMF and the terminal include corresponding hardware structures and/or software modules for performing respective functions.
  • the present application can be implemented in the form of hardware or a combination of hardware and computer software with reference to the units and method steps of the examples described in the embodiments disclosed in the present application. Whether a certain function is executed by hardware or computer software drives the hardware depends on the specific application scenario and design constraints of the technical solution.
  • FIG. 9 and FIG. 10 are schematic structural diagrams of possible communication devices provided by the embodiments of the present application. These communication devices can be used to implement the functions of the terminal, AMF, UDM or AUSF in the above method embodiments, and therefore can also realize the beneficial effects of the above method embodiments.
  • the communication device may be a terminal, AMF, UDM or AUSF, and may also be a module (such as a chip) applied to the terminal, AMF, UDM or AUSF.
  • a communication device 900 includes a processing unit 910 and a transceiver unit 920 .
  • the communication device 900 is configured to realize the functions of the terminal, AMF, UDM or AUSF in the method embodiments shown in FIGS. 3 to 6 above.
  • the processing unit 910 is configured to generate a first message authentication code MAC according to the first parameter update type and Kausf, so The first parameter update type is a parameter update type supported by the terminal, and the Kausf is a key between the terminal and an authentication network element; the transceiver unit 920 is configured to send the first parameter update to a mobility management network element A parameter update type and the first MAC.
  • the transceiver unit 920 is further configured to receive a fifth MAC from the mobility management network element.
  • the fifth MAC is generated according to the first confirmation information and the Kausf, and the fifth MAC is generated according to the first confirmation information and the Kausf.
  • the confirmation information is used to indicate that the data management network element has successfully received the first parameter update type; the processing unit 910 is further configured to verify the fifth MAC according to the second confirmation information and the Kausf.
  • the processing unit 910 is further configured to save the acknowledgment information when the fifth MAC verification succeeds; or, discard the second acknowledgment when the fifth MAC verification fails information and/or reduce the priority of the public land mobile network PLMN where the terminal is located.
  • the transceiver unit 920 is further configured to receive a downlink message from the mobility management network element after sending the first parameter update type and the first MAC to the mobility management network element A non-access stratum transmission message; the processing unit 910 is further configured to determine that the data management network element has successfully received the first parameter update type when the downlink non-access stratum transmission message contains a parameter corresponding to the first parameter update type A parameter update type; or, when the downlink non-access stratum transmission message does not include the parameter corresponding to the first parameter update type, lower the priority of the PLMN where the terminal is located.
  • the processing unit 910 is further configured to include one or more of the following before generating the first MAC according to the first parameter update type and Kausf:
  • the first parameter update type includes other parameter update types except routing indication update data and default configuration NSSAI update data;
  • the transceiving unit 920 is specifically configured to send a registration request message to the mobility management network element, where the registration request message includes the first parameter update type and the first MAC; Or, sending an uplink non-access stratum transmission message to the mobility management network element, where the uplink non-access stratum transmission message includes the first parameter update type and the first MAC.
  • the first parameter update type includes one or more of the following:
  • the transceiver unit 920 is configured to receive the second parameter update type and the second message authentication code MAC from the terminal; process The unit 910 is configured to check whether the second MAC matches a third MAC according to the second parameter update type, and the third MAC is generated according to the second parameter update type and Kausf; wherein, the The Kausf is the key between the terminal and the authentication network element.
  • the processing unit 910 is specifically configured to send the second parameter update type to the authentication network element through the transceiver unit 920; the third MAC; checking whether the second MAC matches the third MAC.
  • the processing unit 910 is specifically configured to send the second parameter update type and the second MAC to the authentication network element through the transceiver unit 920; A MAC verification result of the authentication network element, where the MAC verification result is that the second MAC matches the third MAC or the second MAC does not match the third MAC.
  • the transceiver unit 920 is further configured to receive a fourth MAC from the authentication network element, the fourth MAC is generated according to the first confirmation information and the Kausf, and the fourth MAC is generated according to the first confirmation information and the Kausf A confirmation message is used to indicate that the parameter update type supported by the terminal is successfully received; and the fourth MAC is sent to the terminal.
  • the processing unit 910 is further configured to save the second parameter update type when the second MAC matches the third MAC; or, when the second MAC matches the third MAC, If the three MACs do not match, the second parameter update type is discarded, and/or the priority of the PLMN where the terminal is located is lowered.
  • the transceiver unit 920 is configured to receive the second parameter update type and the second message authentication code MAC from the data management network element;
  • the processing unit 910 is configured to generate a third MAC according to the second parameter update type and Kausf, where the Kausf is a key between the terminal and the authentication network element; check whether the second MAC is consistent with the The third MAC matching;
  • the transceiver unit 920 is further configured to send a MAC verification result to the data management network element, and the MAC verification result is that the second MAC matches the third MAC or the second MAC matches the second MAC The third MAC does not match.
  • the processing unit 910 is further configured to generate the second MAC according to the first confirmation information and the Kausf when the MAC verification result is that the second MAC matches the third MAC.
  • the first confirmation information is used to indicate that the data management network element has successfully received the parameter update type supported by the terminal; the transceiver unit 920 is also used to send the fourth MAC to the data management network element .
  • the transceiver unit 920 is used to receive the second parameter update type from the data management network element; the processing unit 910 is used to Generate a third message authentication code MAC according to the second parameter update type and Kausf, the Kausf is the key between the terminal and the authentication network element; the transceiver unit 920 is also used to send the data to the data management network sending the third MAC.
  • the transceiving unit 920 is further configured to receive indication information from the data management network element, where the indication information is used to indicate that the second MAC matches the third MAC; the processing unit 910, It is also used to generate a fourth MAC according to the first confirmation information and the Kausf; wherein the first confirmation information is used to indicate that the data management network element has successfully received the parameter update type supported by the terminal; the transceiver unit 920 , further configured to send the fourth MAC to the data management network element.
  • processing unit 910 and the transceiver unit 920 can be directly obtained by referring to related descriptions in the method embodiments shown in FIG. 3 to FIG. 6 , and details are not repeated here.
  • a communication device 1000 includes a processor 1010 and an interface circuit 1020 .
  • the processor 1010 and the interface circuit 1020 are coupled to each other.
  • the interface circuit 1020 may be a transceiver or an input-output interface.
  • the communication device 1000 may further include a memory 1030 for storing instructions executed by the processor 1010 or storing input data required by the processor 1010 to execute the instructions or storing data generated by the processor 1010 after executing the instructions.
  • the processor 1010 is used to implement the functions of the processing unit 910
  • the interface circuit 1120 is used to implement the functions of the transceiver unit 920 .
  • the processor in the embodiments of the present application can be a central processing unit (Central Processing Unit, CPU), and can also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application-specific integrated circuits (Application Specific Integrated Circuit, ASIC), Field Programmable Gate Array (Field Programmable Gate Array, FPGA) or other programmable logic devices, transistor logic devices, hardware components or any combination thereof.
  • a general-purpose processor can be a microprocessor, or any conventional processor.
  • the method steps in the embodiments of the present application may be implemented by means of hardware, or may be implemented by means of a processor executing software instructions.
  • Software instructions can be composed of corresponding software modules, and software modules can be stored in random access memory, flash memory, read-only memory, programmable read-only memory, erasable programmable read-only memory, electrically erasable programmable read-only Memory, registers, hard disk, removable hard disk, CD-ROM or any other form of storage medium known in the art.
  • An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium.
  • the storage medium may also be a component of the processor.
  • the processor and storage medium can be located in the ASIC.
  • all or part of them may be implemented by software, hardware, firmware or any combination thereof.
  • software When implemented using software, it may be implemented in whole or in part in the form of a computer program product.
  • the computer program product includes one or more computer programs or instructions. When the computer program or instructions are loaded and executed on the computer, the processes or functions described in the embodiments of the present application are executed in whole or in part.
  • the computer may be a general purpose computer, a special purpose computer, a computer network, a base station, a terminal or other programmable devices.
  • the computer program or instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer program or instructions may be downloaded from a website, computer, A server or data center transmits to another website site, computer, server or data center by wired or wireless means.
  • the computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center integrating one or more available media.
  • the available medium may be a magnetic medium, such as a floppy disk, a hard disk, or a magnetic tape; it may also be an optical medium, such as a digital video disk; and it may also be a semiconductor medium, such as a solid state disk.
  • the computer readable storage medium may be a volatile or a nonvolatile storage medium, or may include both volatile and nonvolatile types of storage media.
  • “at least one” means one or more, and “multiple” means two or more.
  • “And/or” describes the association relationship of associated objects, indicating that there may be three types of relationships, for example, A and/or B, which can mean: A exists alone, A and B exist simultaneously, and B exists alone, where A, B can be singular or plural.
  • the character “/” generally indicates that the contextual objects are an “or” relationship; in the formulas of this application, the character “/” indicates that the contextual objects are a "division” Relationship.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present application provides a wireless communication method, a communication device, and a communication system. The method comprises: generating a first message authentication code according to a first parameter update type and Kausf, the first parameter update type being a parameter update type supported by a terminal; and sending the first parameter update type and the first message authentication code to a mobility management network element. A terminal actively reports to a network side a parameter update type supported by the terminal, such that the network side can send a corresponding parameter to the terminal according to the parameter update type reported by the terminal, i.e., sending to the terminal the parameter corresponding to the parameter update type supported by the terminal, thereby preventing the network side from sending to the terminal a parameter corresponding to a parameter update type not supported by the terminal, such that resource waste can be reduced. Moreover, during a process of the terminal sending to the network side the parameter update type supported by the terminal, security protection is also implemented on the parameter update type by generating a message authentication code, so as to ensure that the network side can successfully receive the parameter update type supported by the terminal.

Description

一种无线通信方法、通信装置及通信系统A wireless communication method, communication device and communication system
相关申请的交叉引用Cross References to Related Applications
本申请要求在2021年05月08日提交中国专利局、申请号为202110501343.6、申请名称为“一种无线通信方法、通信装置及通信系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application with the application number 202110501343.6 and the application title "a wireless communication method, communication device and communication system" submitted to the China Patent Office on May 08, 2021, the entire contents of which are incorporated by reference in this application.
技术领域technical field
本申请涉及无线通信技术领域,尤其涉及一种无线通信方法、通信装置及通信系统。The present application relates to the technical field of wireless communication, and in particular to a wireless communication method, communication device and communication system.
背景技术Background technique
在目前的第三代合作伙伴计划(3rd generation partnership project,3GPP)标准中,协议预定义终端所支持的参数更新类型,从而网络侧可以根据协议定义知晓终端所支持的参数更新类型。后续,网络侧可以根据终端所支持的参数更新类型,向终端发送与该参数更新类型对应的参数。In the current 3rd generation partnership project (3rd generation partnership project, 3GPP) standard, the protocol predefines the parameter update type supported by the terminal, so that the network side can know the parameter update type supported by the terminal according to the protocol definition. Subsequently, the network side may send parameters corresponding to the parameter update type to the terminal according to the parameter update type supported by the terminal.
然而,当网络侧有新的参数更新类型对应的参数需要更新到终端时,由于网络侧不知道终端是否支持该新的参数更新类型,从而网络侧无法判断是否需要将新的参数更新类型对应的参数更新到终端。However, when the network side has parameters corresponding to a new parameter update type that need to be updated to the terminal, since the network side does not know whether the terminal supports the new parameter update type, the network side cannot judge whether it is necessary to update the parameters corresponding to the new parameter update type Parameters are updated to the terminal.
如果网络侧不管终端是否支持该新的参数更新类型,直接将新的参数更新类型对应的参数更新到终端,则当终端不支持该新的参数更新类型时,终端需要丢弃收到的该参数,造成资源浪费。If the network side directly updates the parameters corresponding to the new parameter update type to the terminal regardless of whether the terminal supports the new parameter update type, then when the terminal does not support the new parameter update type, the terminal needs to discard the received parameter. cause waste of resources.
发明内容Contents of the invention
本申请提供一种无线通信方法、通信装置及通信系统,用以实现网络侧按照终端支持的参数更新类型向终端发送相应的参数,以减少资源浪费。The present application provides a wireless communication method, a communication device and a communication system, which are used to realize that the network side sends corresponding parameters to the terminal according to the parameter update type supported by the terminal, so as to reduce waste of resources.
第一方面,本申请实施例提供一种无线通信方法,该方法可以由终端或应用于终端中的模块(如芯片)来执行。该方法包括:根据第一参数更新类型和Kausf,生成第一消息认证码,所述第一参数更新类型是所述终端支持的参数更新类型,所述Kausf是所述终端与鉴权网元之间的密钥;向移动性管理网元发送所述第一参数更新类型和所述第一消息认证码。In a first aspect, the embodiment of the present application provides a wireless communication method, and the method may be executed by a terminal or a module (such as a chip) applied to the terminal. The method includes: generating a first message authentication code according to a first parameter update type and Kausf, the first parameter update type is a parameter update type supported by the terminal, and the Kausf is a link between the terminal and an authentication network element An inter-key; sending the first parameter update type and the first message authentication code to a mobility management network element.
根据上述方案,终端主动向网络侧上报终端支持的参数更新类型,使得网络侧可以根据终端上报的参数更新类型,向终端发送相应的参数,即向终端发送终端支持的参数更新类型对应的参数,避免网络侧向终端发送该终端不支持的参数更新类型对应的参数,从而可以减少资源浪费。并且,在终端向网络侧发送该终端支持的参数更新类型过程中,还通过生成消息认证码对该参数更新类型进行安全保护,以保证网络侧可以成功收到该终端支持的参数更新类型。According to the above solution, the terminal actively reports the parameter update type supported by the terminal to the network side, so that the network side can send corresponding parameters to the terminal according to the parameter update type reported by the terminal, that is, send to the terminal the parameter corresponding to the parameter update type supported by the terminal, The network side is prevented from sending parameters corresponding to parameter update types not supported by the terminal to the terminal, thereby reducing waste of resources. Moreover, when the terminal sends the parameter update type supported by the terminal to the network side, the parameter update type is also protected by generating a message authentication code to ensure that the network side can successfully receive the parameter update type supported by the terminal.
在一种可能的实现方法中,接收来自所述移动性管理网元的第五消息认证码所述第五 消息认证码是根据第一确认信息和所述Kausf生成的,所述第一确认信息用于指示数据管理网元成功收到了所述第一参数更新类型;根据第二确认信息和所述Kausf,对所述第五消息认证码进行校验。In a possible implementation method, receiving a fifth message authentication code from the mobility management network element. The fifth message authentication code is generated according to the first confirmation information and the Kausf, and the first confirmation information It is used to indicate that the data management network element has successfully received the first parameter update type; and the fifth message authentication code is verified according to the second confirmation information and the Kausf.
根据上述方案,终端在向网络侧发送了第一参数更新类型之后,还从网络侧收到一个针对该第一参数更新类型的消息认证码,即第五消息认证码。然后终端对该第五消息认证码进行校验,当第五MAC校验成功,表明网络侧成功收到第一参数更新类型,当第五MAC校验失败,表明网络侧没有成功收到第一参数更新类型。通过该方案,可以使得终端能够获知网络侧是否成功收到第一参数更新类型,避免终端盲目地重复向网络侧发送第一参数更新类型,有助于减少开销。According to the solution above, after sending the first parameter update type to the network side, the terminal further receives a message authentication code for the first parameter update type, that is, a fifth message authentication code from the network side. Then the terminal checks the fifth message authentication code. When the fifth MAC check is successful, it indicates that the network side has successfully received the first parameter update type. When the fifth MAC check fails, it indicates that the network side has not successfully received the first parameter update type. Parameter update type. Through this solution, the terminal can know whether the network side has successfully received the first parameter update type, avoiding the terminal from blindly repeatedly sending the first parameter update type to the network side, and helping to reduce overhead.
在一种可能的实现方法中,当所述第五消息认证码校验成功,保存所述第二确认信息;或者,当所述第五消息认证码校验失败,丢弃所述第二确认信息和/或降低所述终端所在的公共陆地移动网络PLMN的优先级。In a possible implementation method, when the verification of the fifth message authentication code is successful, the second confirmation information is saved; or, when the verification of the fifth message authentication code fails, the second confirmation information is discarded And/or reduce the priority of the public land mobile network PLMN where the terminal is located.
根据上述方案,当第五消息认证码校验成功,表明网络侧成功收到第一参数更新类型,终端保存该第二确认信息,后续终端根据保存的第二确认信息,确认网络侧已经成功收到第一参数更新类型,从而终端可以不再向网络侧发送第一参数更新类型,有助于减少开销。当第五MAC校验失败,表明网络侧没有成功收到第一参数更新类型,终端丢弃第二确认信息,后续终端确认自身没有保存第二确认信息,则确认网络侧没有成功收到第一参数更新类型,从而终端可以再次网络侧发送第一参数更新类型,有助于提升网络侧成功收到第一参数更新类型的可能性。当第五MAC校验失败,表明当前网络可能不够安全,存在篡改传输的信息(如网络侧向终端发送的消息认证码)的可能性,因此终端可以降低该终端所在的PLMN的优先级,从而可以降低不安全网络带来的风险。According to the above solution, when the verification of the fifth message authentication code succeeds, it indicates that the network side has successfully received the first parameter update type, and the terminal saves the second confirmation information, and the subsequent terminal confirms that the network side has successfully received the second confirmation information according to the stored second confirmation information. To the first parameter update type, so that the terminal can no longer send the first parameter update type to the network side, which helps to reduce overhead. When the fifth MAC check fails, it indicates that the network side has not successfully received the first parameter update type, the terminal discards the second confirmation information, and the subsequent terminal confirms that it has not saved the second confirmation information, then confirms that the network side has not successfully received the first parameter The update type, so that the terminal can send the first parameter update type again from the network side, which helps to improve the possibility that the network side successfully receives the first parameter update type. When the fifth MAC check fails, it indicates that the current network may not be secure enough, and there is a possibility of tampering with the transmitted information (such as the message authentication code sent by the network side to the terminal), so the terminal can reduce the priority of the PLMN where the terminal is located, thereby Risks posed by insecure networks can be reduced.
在一种可能的实现方法中,在向移动性管理网元发送所述第一参数更新类型和所述第一消息认证码之后,接收来自所述移动性管理网元的下行非接入层传输消息;当所述下行非接入层传输消息中包含所述第一参数更新类型对应的参数,确定所述数据管理网元成功收到所述第一参数更新类型;或者,当所述下行非接入层传输消息中不包含所述第一参数更新类型对应的参数,降低所述终端所在的PLMN的优先级。In a possible implementation method, after sending the first parameter update type and the first message authentication code to the mobility management network element, receiving the downlink non-access stratum transmission from the mobility management network element message; when the downlink non-access stratum transmission message contains parameters corresponding to the first parameter update type, it is determined that the data management network element has successfully received the first parameter update type; or, when the downlink non-access stratum The parameter corresponding to the first parameter update type is not included in the access layer transmission message, and the priority of the PLMN where the terminal is located is lowered.
根据上述方案,终端在向网络侧发送了第一参数更新类型之后,可以通过后续网络侧是否向终端发送该第一参数更新类型对应的参数,来判断网络侧是否成功收到第一参数更新类型。该方法不需要网络侧通过额外的指示信息(如一个消息认证码),来告知终端网络侧是否成功收到第一参数更新类型,而是通过隐式方法告知终端网络侧是否成功收到第一参数更新类型,可以减少网络侧与终端之间的信令交互,有助于减少开销。According to the above solution, after the terminal sends the first parameter update type to the network side, it can determine whether the network side has successfully received the first parameter update type by checking whether the network side subsequently sends the parameter corresponding to the first parameter update type to the terminal. . This method does not require the network side to inform the terminal whether the network side has successfully received the first parameter update type through additional indication information (such as a message authentication code), but uses an implicit method to inform the terminal whether the network side has successfully received the first parameter update type. The parameter update type can reduce the signaling interaction between the network side and the terminal, which helps to reduce overhead.
在一种可能的实现方法中,所述根据第一参数更新类型和Kausf,生成第一消息认证码之前,还包括以下一项或多项:确定在所述终端中插入了新的全球用户身份模块USIM;确定所述第一参数更新类型中包含除路由指示更新数据和默认配置NSSAI更新数据之外的其它参数更新类型;确定所述终端开机;确定未发送过所述第一参数更新类型;或确定未收到过针对所述第一参数更新类型的响应。In a possible implementation method, before generating the first message authentication code according to the first parameter update type and Kausf, it further includes one or more of the following: determining that a new global user identity is inserted in the terminal Module USIM; determine that the first parameter update type includes other parameter update types except routing indication update data and default configuration NSSAI update data; determine that the terminal is powered on; determine that the first parameter update type has not been sent; Or determine that no response to the first parameter update type has been received.
根据上述方案,在满足一定条件时,终端才向网络上报第一参数更新类型,可以避免重复上报或无效上报,从而减少终端开销。According to the above solution, the terminal reports the first parameter update type to the network only when a certain condition is met, which can avoid repeated reporting or invalid reporting, thereby reducing terminal overhead.
在一种可能的实现方法中,向所述移动性管理网元发送注册请求消息,所述注册请求消息中包含所述第一参数更新类型和所述第一消息认证码;或者,向所述移动性管理网元 发送上行非接入层传输消息,所述上行非接入层传输消息中包含所述第一参数更新类型和所述第一消息认证码。In a possible implementation method, send a registration request message to the mobility management network element, where the registration request message includes the first parameter update type and the first message authentication code; or, send the registration request message to the The mobility management network element sends an uplink non-access stratum transmission message, where the uplink non-access stratum transmission message includes the first parameter update type and the first message authentication code.
根据上述方案,可以在不同的应用场景中,通过多种消息,向网络侧上报第一参数更新类型,实现较为灵活。According to the above solution, in different application scenarios, the update type of the first parameter can be reported to the network side through various messages, which is relatively flexible.
在一种可能的实现方法中,所述第一参数更新类型包括以下一项或多项:In a possible implementation method, the first parameter update type includes one or more of the following:
切片认证凭据的更新、协议数据单元PDU会话认证凭据的更新。Slice authentication credential update, protocol data unit PDU session authentication credential update.
第二方面,本申请实施例提供一种无线通信方法,该方法可以由数据管理网元或应用于数据管理网元中的模块(如芯片)来执行。该方法包括:接收来自终端的第二参数更新类型和第二消息认证码;根据所述第二参数更新类型,校验所述第二消息认证码是否与第三消息认证码匹配,所述第三消息认证码是根据所述第二参数更新类型和Kausf生成的;其中,所述Kausf是所述终端与鉴权网元之间的密钥。In a second aspect, the embodiment of the present application provides a wireless communication method, and the method may be executed by a data management network element or a module (such as a chip) applied to the data management network element. The method includes: receiving a second parameter update type and a second message authentication code from the terminal; checking whether the second message authentication code matches a third message authentication code according to the second parameter update type, and the first message authentication code matches the third message authentication code. The three-message authentication code is generated according to the second parameter update type and Kausf; wherein, the Kausf is a key between the terminal and the authentication network element.
根据上述方案,网络侧可以收到终端上报的该终端支持的参数更新类型,从而网络侧可以根据终端支持的参数更新类型,向该终端发送相应的参数,即向终端发送终端支持的参数更新类型对应的参数,避免网络侧向终端发送该终端不支持的参数更新类型对应的参数,从而可以减少网络侧的盲目发送,有助于减少网络侧的资源浪费。并且,网络侧还对收到的该终端支持的参数更新类型进行安全校验,从而可以保证网络侧能够成功收到该终端支持的参数更新类型,有助于实现网络侧与终端之间的正确通信。According to the above solution, the network side can receive the parameter update type supported by the terminal reported by the terminal, so that the network side can send corresponding parameters to the terminal according to the parameter update type supported by the terminal, that is, send the terminal supported parameter update type to the terminal The corresponding parameters prevent the network side from sending parameters corresponding to parameter update types that the terminal does not support to the terminal, thereby reducing blind sending on the network side and helping to reduce resource waste on the network side. In addition, the network side also performs security verification on the received parameter update type supported by the terminal, so as to ensure that the network side can successfully receive the parameter update type supported by the terminal, which helps to achieve correct communication between the network side and the terminal. communication.
在一种可能的实现方法中,向所述鉴权网元发送所述第二参数更新类型;接收来自所述鉴权网元的所述第三消息认证码;校验所述第二消息认证码是否与所述第三消息认证码匹配。In a possible implementation method, send the second parameter update type to the authentication network element; receive the third message authentication code from the authentication network element; verify the second message authentication Whether the code matches the third message authentication code.
根据上述方案,由鉴权网元与数据管理网元相互配合来校验第二消息认证码与第三消息认证码是否匹配,具体的,由鉴权网元计算得到第三消息认证码,由数据管理网元对第二消息认证码和第三消息认证码进行比对,相较于由鉴权网元计算得到第三消息认证码,以及由鉴权网元对第二消息认证码和第三消息认证码进行比对,有助于减轻鉴权网元的负荷。According to the above solution, the authentication network element and the data management network element cooperate to verify whether the second message authentication code matches the third message authentication code, specifically, the authentication network element calculates the third message authentication code, and the The data management network element compares the second message authentication code with the third message authentication code, compared with the third message authentication code calculated by the authentication network element, and the second message authentication code and the third message authentication code calculated by the authentication network element The comparison of the three message authentication codes helps to reduce the load on the authentication network element.
在一种可能的实现方法中,向所述鉴权网元发送所述第二参数更新类型和所述第二消息认证码;接收来自所述鉴权网元的消息认证码校验结果,所述消息认证码校验结果为所述第二消息认证码与第三消息认证码匹配或所述第二消息认证码与第三消息认证码不匹配。In a possible implementation method, sending the second parameter update type and the second message authentication code to the authentication network element; receiving the verification result of the message authentication code from the authentication network element, the The verification result of the message authentication code is that the second message authentication code matches the third message authentication code or the second message authentication code does not match the third message authentication code.
根据上述方案,由鉴权网元来校验第二消息认证码与第三消息认证码是否匹配,并将消息认证码校验结果发送给数据管理网元,该方法由鉴权网元执行校验功能,而数据管理网元只需要从鉴权网元获取消息认证码校验结果,可以实现不同网元之间的功能解耦,有助于减少网元之间的信息传输量。According to the above scheme, the authentication network element checks whether the second message authentication code matches the third message authentication code, and sends the message authentication code check result to the data management network element. In this method, the authentication network element performs the verification. verification function, while the data management network element only needs to obtain the verification result of the message authentication code from the authentication network element, which can realize the decoupling of functions between different network elements and help reduce the amount of information transmission between network elements.
在一种可能的实现方法中,接收来自所述鉴权网元的第四消息认证码,所述第四消息认证码是根据第一确认信息和所述Kausf生成的,所述第一确认信息用于指示成功收到所述终端支持的参数更新类型;向所述终端发送所述第四消息认证码。In a possible implementation method, a fourth message authentication code from the authentication network element is received, the fourth message authentication code is generated according to the first confirmation information and the Kausf, and the first confirmation information It is used to indicate that the parameter update type supported by the terminal is successfully received; and the fourth message authentication code is sent to the terminal.
根据上述方案,在网络侧成功收到终端支持的参数更新类型后,向终端发送第四消息认证码,以告知终端网络侧成功收到终端支持的参数更新类型,可以避免终端盲目地重复向网络侧发送终端支持的参数更新类型,有助于减少网络侧与终端之间的交互带来的开销。According to the above scheme, after the network side successfully receives the parameter update type supported by the terminal, the fourth message authentication code is sent to the terminal to inform the terminal that the network side has successfully received the parameter update type supported by the terminal, which can prevent the terminal from blindly repeatedly sending the network The side sends the parameter update type supported by the terminal, which helps to reduce the overhead caused by the interaction between the network side and the terminal.
在一种可能的实现方法中,在所述第二消息认证码与第三消息认证码匹配的情况下, 保存所述第二参数更新类型;或者,在所述第二消息认证码与第三消息认证码不匹配的情况下,丢弃所述第二参数更新类型,和/或降低所述终端所在的PLMN的优先级。In a possible implementation method, when the second message authentication code matches the third message authentication code, save the second parameter update type; or, when the second message authentication code matches the third message authentication code If the message authentication codes do not match, the second parameter update type is discarded, and/or the priority of the PLMN where the terminal is located is lowered.
根据上述方案,在第二消息认证码与第三消息认证码匹配的情况下,表明网络侧收到的第二参数更新类型与终端发送的第一参数更新类型是相同的,也即网络侧成功收到终端支持的参数更新类型,则网络侧可以保存第二参数更新类型,从而后续网络侧可以根据第二参数更新类型,向终端发送与该第二参数更新类型对应的参数,有助于避免网络侧向终端发送该终端不支持的参数更新类型对应的参数,从而可以减少资源浪费。在第二消息认证码与第三消息认证码不匹配的情况下,表明网络侧收到的第二参数更新类型与终端发送的第一参数更新类型是不同的,也即网络侧没有成功收到终端支持的参数更新类型,则网络侧可以丢弃第二参数更新类型,从而后续网络侧不会向终端发送与该第二参数更新类型对应的参数,有助于避免网络侧向终端发送该终端不支持的参数更新类型对应的参数,从而可以减少资源浪费。在第二消息认证码与第三消息认证码不匹配的情况下,表明当前网络可能不够安全,存在篡改传输的信息(如终端向网络侧发送的第一参数更新类型)的可能性,因此网络可以降低该终端所在的PLMN的优先级,从而可以降低不安全网络带来的风险。According to the above solution, if the second message authentication code matches the third message authentication code, it indicates that the second parameter update type received by the network side is the same as the first parameter update type sent by the terminal, that is, the network side successfully After receiving the parameter update type supported by the terminal, the network side can save the second parameter update type, so that the subsequent network side can send parameters corresponding to the second parameter update type to the terminal according to the second parameter update type, which helps to avoid The network side sends parameters corresponding to parameter update types that the terminal does not support to the terminal, thereby reducing waste of resources. If the second message authentication code does not match the third message authentication code, it indicates that the second parameter update type received by the network side is different from the first parameter update type sent by the terminal, that is, the network side has not successfully received The parameter update type supported by the terminal, the network side can discard the second parameter update type, so that the subsequent network side will not send the parameters corresponding to the second parameter update type to the terminal, which helps to prevent the network side from sending the terminal to the terminal. The parameters corresponding to the supported parameter update types can reduce resource waste. If the second message authentication code does not match the third message authentication code, it indicates that the current network may not be secure enough, and there is a possibility of tampering with the transmitted information (such as the first parameter update type sent by the terminal to the network side), so the network The priority of the PLMN where the terminal is located can be reduced, thereby reducing the risk caused by an insecure network.
第三方面,本申请实施例提供一种无线通信方法,该方法可以由鉴权网元或应用于鉴权网元中的模块(如芯片)来执行。该方法包括:接收来自数据管理网元的第二参数更新类型和第二消息认证码;根据所述第二参数更新类型和Kausf,生成第三消息认证码,所述Kausf是终端与所述鉴权网元之间的密钥;校验所述第二消息认证码是否与所述第三消息认证码匹配;向所述数据管理网元发送消息认证码校验结果,所述消息认证码校验结果为所述第二消息认证码与第三消息认证码匹配或所述第二消息认证码与第三消息认证码不匹配。In a third aspect, the embodiment of the present application provides a wireless communication method, which can be executed by an authentication network element or a module (such as a chip) applied to the authentication network element. The method includes: receiving a second parameter update type and a second message authentication code from a data management network element; generating a third message authentication code according to the second parameter update type and Kausf, and the Kausf is the terminal and the authentication the secret key between right network elements; verify whether the second message authentication code matches the third message authentication code; send the message authentication code verification result to the data management network element, and the message authentication code verification The verification result is that the second message authentication code matches the third message authentication code or the second message authentication code does not match the third message authentication code.
根据上述方案,鉴权网元可以对数据管理网元收到的第二消息认证码进行校验,并向数据管理网元发送消息认证码校验结果,从而数据管理网元可以获知收到的第二参数更新类型是否被篡改过。该方案可以确保数据管理网元能够判断是否使用该第二参数更新类型,有助于实现网络侧与终端之间的正确通信。According to the above scheme, the authentication network element can verify the second message authentication code received by the data management network element, and send the verification result of the message authentication code to the data management network element, so that the data management network element can know the received Whether the second parameter update type has been tampered with. This solution can ensure that the data management network element can judge whether to use the second parameter update type, which helps to realize correct communication between the network side and the terminal.
在一种可能的实现方法中,在所述消息认证码校验结果为所述第二消息认证码与第三消息认证码匹配的情况下,根据第一确认信息和所述Kausf,生成第四消息认证码,所述第一确认信息用于指示所述数据管理网元成功收到所述终端支持的参数更新类型;向所述数据管理网元发送所述第四消息认证码。In a possible implementation method, when the verification result of the message authentication code is that the second message authentication code matches the third message authentication code, a fourth message authentication code is generated according to the first confirmation information and the Kausf A message authentication code, where the first confirmation information is used to indicate that the data management network element has successfully received the parameter update type supported by the terminal; and sending the fourth message authentication code to the data management network element.
根据上述方案,在消息认证码校验结果为第二消息认证码与第三消息认证码匹配的情况下,认证网元生成第四消息认证码,并将该第四消息认证码发送给数据管理网元,从而数据管理网元可以将该第四消息认证码发送给终端,以告知终端网络侧成功收到终端支持的参数更新类型,可以避免终端重复向网络侧发送终端支持的参数更新类型,有助于减少终端与网络侧之间的开销。According to the above solution, when the verification result of the message authentication code is that the second message authentication code matches the third message authentication code, the authentication network element generates a fourth message authentication code and sends the fourth message authentication code to the data management The network element, so that the data management network element can send the fourth message authentication code to the terminal to inform the terminal that the network side has successfully received the parameter update type supported by the terminal, which can prevent the terminal from repeatedly sending the parameter update type supported by the terminal to the network side, Helps reduce the overhead between the terminal and the network side.
第四方面,本申请实施例提供一种无线通信方法,该方法可以由鉴权网元或应用于鉴权网元中的模块(如芯片)来执行。该方法包括:接收来自数据管理网元的第二参数更新类型;根据所述第二参数更新类型和Kausf,生成第三消息认证码,所述Kausf是终端与所述鉴权网元之间的密钥;向所述数据管理网元发送所述第三消息认证码。In a fourth aspect, the embodiment of the present application provides a wireless communication method, which can be executed by an authentication network element or a module (such as a chip) applied to the authentication network element. The method includes: receiving a second parameter update type from a data management network element; generating a third message authentication code according to the second parameter update type and Kausf, and the Kausf is a link between the terminal and the authentication network element a key; sending the third message authentication code to the data management network element.
根据上述方案,鉴权网元可以对数据管理网元收到的第二消息认证码进行校验,并向 数据管理网元发送第三消息认证码,从而数据管理网元可以根据第二消息认证码和第三消息认证码,判断收到的第二参数更新类型是否被篡改过。该方案可以确保数据管理网元能够判断是否使用该第二参数更新类型,有助于实现网络侧与终端之间的正确通信。According to the above scheme, the authentication network element can verify the second message authentication code received by the data management network element, and send the third message authentication code to the data management network element, so that the data management network element can authenticate the second message according to the second message. code and the third message authentication code to determine whether the received second parameter update type has been tampered with. This solution can ensure that the data management network element can judge whether to use the second parameter update type, which helps to realize correct communication between the network side and the terminal.
在一种可能的实现方法中,接收来自所述数据管理网元的指示信息,所述指示信息用于指示所述第二消息认证码与第三消息认证码匹配;根据第一确认信息和所述Kausf,生成第四消息认证码;其中,所述第一确认信息用于指示所述数据管理网元成功收到所述终端支持的参数更新类型;向所述数据管理网元发送所述第四消息认证码。In a possible implementation method, receiving indication information from the data management network element, where the indication information is used to indicate that the second message authentication code matches the third message authentication code; according to the first confirmation information and the Kausf above, generating a fourth message authentication code; wherein, the first confirmation information is used to indicate that the data management network element has successfully received the parameter update type supported by the terminal; sending the first confirmation message to the data management network element Four Message Authentication Code.
根据上述方案,在收到来自数据管理网元的用于指示第二消息认证码与第三消息认证码匹配的指示信息的情况下,认证网元生成第四消息认证码,并将该第四消息认证码发送给数据管理网元,从而数据管理网元可以将该第四消息认证码发送给终端,以告知该终端网络侧成功收到终端支持的参数更新类型,可以避免终端重复向网络侧发送终端支持的参数更新类型,有助于减少终端与网络侧之间的开销。According to the above solution, when receiving the indication information from the data management network element indicating that the second message authentication code matches the third message authentication code, the authentication network element generates a fourth message authentication code, and sends the fourth message authentication code to The message authentication code is sent to the data management network element, so that the data management network element can send the fourth message authentication code to the terminal to inform the terminal that the network side has successfully received the parameter update type supported by the terminal, which can prevent the terminal from repeatedly sending messages to the network side. Send the parameter update type supported by the terminal, which helps to reduce the overhead between the terminal and the network side.
第五方面,本申请实施例提供一种通信装置,该装置可以是终端,还可以是用于终端的芯片。该装置具有实现上述第一方面的任意实现方法的功能。该功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。该硬件或软件包括一个或多个与上述功能相对应的模块。In a fifth aspect, the embodiment of the present application provides a communication device, and the device may be a terminal, or may be a chip for the terminal. The device has the function of realizing any realization method of the first aspect above. This function may be implemented by hardware, or may be implemented by executing corresponding software on the hardware. The hardware or software includes one or more modules corresponding to the above functions.
第六方面,本申请实施例提供一种通信装置,该装置可以是数据管理网元,还可以是用于数据管理网元的芯片或模块。该装置具有实现上述第二方面的任意实现方法的功能。该功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。该硬件或软件包括一个或多个与上述功能相对应的模块。In a sixth aspect, the embodiment of the present application provides a communication device, and the device may be a data management network element, or may be a chip or a module for the data management network element. The device has the function of implementing any implementation method of the second aspect above. This function may be implemented by hardware, or may be implemented by executing corresponding software on the hardware. The hardware or software includes one or more modules corresponding to the above functions.
第七方面,本申请实施例提供一种通信装置,该装置可以是鉴权网元,还可以是用于鉴权网元的芯片或模块。该装置具有实现上述第三方面或第四方面的任意实现方法的功能。该功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。该硬件或软件包括一个或多个与上述功能相对应的模块。In a seventh aspect, the embodiment of the present application provides a communication device, and the device may be an authentication network element, or may be a chip or a module used for the authentication network element. The device has the function of realizing any realization method of the above-mentioned third aspect or fourth aspect. This function may be implemented by hardware, or may be implemented by executing corresponding software on the hardware. The hardware or software includes one or more modules corresponding to the above functions.
第八方面,本申请实施例提供一种通信装置,包括处理器和存储器;该存储器用于存储计算机指令,当该装置运行时,该处理器执行该存储器存储的计算机指令,以使该装置执行上述第一方面至第四方面中的任意实现方法。In an eighth aspect, the embodiment of the present application provides a communication device, including a processor and a memory; the memory is used to store computer instructions, and when the device is running, the processor executes the computer instructions stored in the memory so that the device executes Any implementation method in the first aspect to the fourth aspect above.
第九方面,本申请实施例提供一种通信装置,包括用于执行上述第一方面至第四方面中的任意实现方法的各个步骤的单元或手段(means)。In a ninth aspect, the embodiment of the present application provides a communication device, including a unit or means (means) for performing each step of any implementation method in the first aspect to the fourth aspect.
第十方面,本申请实施例提供一种通信装置,包括处理器和接口电路,所述处理器用于通过接口电路与其它装置通信,并执行上述第一方面至第四方面中的任意实现方法。该处理器包括一个或多个。In a tenth aspect, the embodiment of the present application provides a communication device, including a processor and an interface circuit, the processor is configured to communicate with other devices through the interface circuit, and execute any implementation method in the first aspect to the fourth aspect above. The processor includes one or more.
第十一方面,本申请实施例提供一种通信装置,包括与存储器耦合的处理器,该处理器用于调用所述存储器中存储的程序,以执行上述第一方面至第四方面中的任意实现方法。该存储器可以位于该装置之内,也可以位于该装置之外。且该处理器可以是一个或多个。In the eleventh aspect, the embodiment of the present application provides a communication device, including a processor coupled to the memory, and the processor is used to call the program stored in the memory to execute any implementation in the first aspect to the fourth aspect above method. The memory may be located within the device or external to the device. And there may be one or more processors.
第十二方面,本申请实施例还提供一种计算机可读存储介质,所述计算机可读存储介质中存储有指令,当其在通信装置上运行时,使得上述第一方面至第四方面中的任意实现方法被执行。In the twelfth aspect, the embodiment of the present application also provides a computer-readable storage medium, the computer-readable storage medium stores instructions, and when it runs on the communication device, the above-mentioned first aspect to the fourth aspect Any implementation method of is executed.
第十三方面,本申请实施例还提供一种计算机程序产品,该计算机程序产品包括计算机程序或指令,当计算机程序或指令被通信装置运行时,使得上述第一方面至第五方面中 的任意实现方法被执行。In a thirteenth aspect, the embodiment of the present application also provides a computer program product, the computer program product includes a computer program or instruction, when the computer program or instruction is run by a communication device, any of the above first to fifth aspects The implementation method is executed.
第十四方面,本申请实施例还提供一种芯片系统,包括:处理器,用于执行上述第一方面至第四方面中的任意实现方法。In a fourteenth aspect, the embodiment of the present application further provides a chip system, including: a processor, configured to execute any implementation method in the first aspect to the fourth aspect above.
第十五方面,本申请实施例提供一种通信系统,该通信系统包括用于执行上述第二方面的任意实现方法的数据管理网元,和用于执行上述第三方面的任意实现方法的鉴权网元。In a fifteenth aspect, the embodiment of the present application provides a communication system, the communication system includes a data management network element for performing any implementation method of the above second aspect, and an authentication network element for performing any implementation method of the above third aspect. right network element.
第十六方面,本申请实施例提供一种通信系统,该通信系统包括用于执行上述第二方面的任意实现方法的数据管理网元,和用于执行上述第四方面的任意实现方法的鉴权网元。In a sixteenth aspect, the embodiment of the present application provides a communication system, the communication system includes a data management network element for performing any implementation method of the above second aspect, and an authentication network element for performing any implementation method of the above fourth aspect. right network element.
附图说明Description of drawings
图1为3GPP定义的参数配置架构图;Figure 1 is a parameter configuration architecture diagram defined by 3GPP;
图2为本申请实施例提供的一种无线通信方法示意图;FIG. 2 is a schematic diagram of a wireless communication method provided by an embodiment of the present application;
图3为本申请实施例提供的一种无线通信方法示意图;FIG. 3 is a schematic diagram of a wireless communication method provided by an embodiment of the present application;
图4为本申请实施例提供的一种无线通信方法示意图;FIG. 4 is a schematic diagram of a wireless communication method provided by an embodiment of the present application;
图5为本申请实施例提供的一种无线通信方法示意图;FIG. 5 is a schematic diagram of a wireless communication method provided by an embodiment of the present application;
图6为本申请实施例提供的一种无线通信方法示意图;FIG. 6 is a schematic diagram of a wireless communication method provided by an embodiment of the present application;
图7为本申请实施例提供的一种无线通信方法示意图;FIG. 7 is a schematic diagram of a wireless communication method provided by an embodiment of the present application;
图8为本申请实施例提供的一种无线通信方法示意图;FIG. 8 is a schematic diagram of a wireless communication method provided by an embodiment of the present application;
图9为本申请实施例提供的一种通信装置示意图;FIG. 9 is a schematic diagram of a communication device provided by an embodiment of the present application;
图10为本申请实施例提供的一种通信装置示意图。FIG. 10 is a schematic diagram of a communication device provided by an embodiment of the present application.
具体实施方式Detailed ways
图1为3GPP定义的参数配置架构图。其中,归属网络通过服务网络向终端下发配置信息。具体的,归属网络的统一数据管理(unified data management,UDM)网元将配置信息通过服务网络的接入与移动性管理功能(access and mobility management function,AMF)网元发送给终端。Fig. 1 is a parameter configuration architecture diagram defined by 3GPP. Wherein, the home network delivers the configuration information to the terminal through the service network. Specifically, the unified data management (unified data management, UDM) network element of the home network sends the configuration information to the terminal through the access and mobility management function (AMF) network element of the serving network.
如果是非漫游场景,服务网络与归属网络是同一个公共陆地移动网络(public land mobile network,PLMN)。In a non-roaming scenario, the serving network and the home network are the same public land mobile network (PLMN).
如果是漫游场景,服务网络是拜访网络,服务网络与归属网络是不同的PLMN。其中,拜访网络可以是拜访地PLMN(visited PLMN,vPLMN),归属网络可以是归属地公共陆地移动网络(home public land mobile network,hPLMN)。In the roaming scenario, the serving network is the visited network, and the serving network and the home network are different PLMNs. Wherein, the visited network may be a visited PLMN (visited PLMN, vPLMN), and the home network may be a home public land mobile network (home public land mobile network, hPLMN).
终端也可以称为终端设备、用户设备(user equipment,UE)、移动台、移动终端等。终端可以广泛应用于各种场景,例如,设备到设备(device-to-device,D2D)、车物(vehicle to everything,V2X)通信、机器类通信(machine-type communication,MTC)、物联网(internet of things,IOT)、虚拟现实、增强现实、工业控制、自动驾驶、远程医疗、智能电网、智能家具、智能办公、智能穿戴、智能交通、智慧城市等。终端可以是手机、平板电脑、带无线收发功能的电脑、可穿戴设备、车辆、无人机、直升机、飞机、轮船、机器人、机械臂、智能家居设备等。本申请的实施例对终端所采用的具体技术和具体设备形态不做限定。A terminal may also be called terminal equipment, user equipment (user equipment, UE), mobile station, mobile terminal, and so on. Terminals can be widely used in various scenarios, such as device-to-device (D2D), vehicle-to-everything (V2X) communication, machine-type communication (MTC), Internet of Things ( internet of things, IOT), virtual reality, augmented reality, industrial control, autonomous driving, telemedicine, smart grid, smart furniture, smart office, smart wearables, smart transportation, smart city, etc. Terminals can be mobile phones, tablet computers, computers with wireless transceiver functions, wearable devices, vehicles, drones, helicopters, airplanes, ships, robots, robotic arms, smart home devices, etc. The embodiment of the present application does not limit the specific technology and specific device form adopted by the terminal.
AMF网元,执行移动性管理、接入鉴权/授权等功能。此外,还负责在终端与策略控制功能(policy control function,PCF)网元间传递用户策略。The AMF network element performs functions such as mobility management and access authentication/authorization. In addition, it is also responsible for transmitting user policies between terminals and policy control function (policy control function, PCF) network elements.
UDM网元,执行管理签约数据、用户接入授权等功能。The UDM network element performs functions such as managing subscription data and user access authorization.
鉴权服务器功能(authentication server function,AUSF)网元,负责对用户进行鉴权,以确定是否允许用户或设备接入网络。The authentication server function (authentication server function, AUSF) network element is responsible for authenticating users to determine whether users or devices are allowed to access the network.
本申请实施例中的移动性管理网元、数据管理网元、鉴权网元分别可以是第五代(5th generation,5G)网络中的AMF、UDM、AUSF,也可以是,也可以是未来通信如第六代(6th generation,6G)等网络中具有上述AMF、UDM、AUSF的功能的网元,本申请对此不限定。在本申请的实施例中,以AMF、UDM、AUSF分别作为移动性管理网元、数据管理网元、鉴权网元的一个示例进行描述。The mobility management network element, data management network element, and authentication network element in the embodiment of the present application may be AMF, UDM, and AUSF in the fifth generation (5th generation, 5G) network, or they may be, or they may be in the future Network elements with the functions of the above-mentioned AMF, UDM, and AUSF in communication such as the sixth generation (6th generation, 6G) network, which are not limited in this application. In the embodiment of the present application, AMF, UDM, and AUSF are respectively used as examples of mobility management network elements, data management network elements, and authentication network elements for description.
为解决网络侧无法判断是否需要将新的参数更新类型对应的参数更新到终端的问题,本申请实施提供的解决方案可以参考图2所示的无线通信方法,包括以下步骤:In order to solve the problem that the network side cannot determine whether the parameters corresponding to the new parameter update type need to be updated to the terminal, the solution provided by the implementation of this application can refer to the wireless communication method shown in Figure 2, including the following steps:
步骤201,终端根据第一参数更新类型和Kausf,生成第一消息认证码(message authentication code,MAC)。Step 201, the terminal generates a first message authentication code (message authentication code, MAC) according to the first parameter update type and Kausf.
该第一参数更新类型是终端支持的参数更新类型。比如,第一参数更新类型可以是终端支持的除了“routing indicator update data”和“default configured NSSAI update data”之外的其它参数更新类型,如支持的终端参数更新数据集类型列表(supported UE parameters update data set types list),比如包括切片认证凭据的更新,和/或二次认证凭据的更新。这里的“凭据”可以理解为是参数。其中,二次认证凭据的更新也可以称为协议数据单元会话认证凭据的更新。The first parameter update type is a parameter update type supported by the terminal. For example, the first parameter update type may be other parameter update types supported by the terminal except "routing indicator update data" and "default configured NSSAI update data", such as the supported terminal parameter update data set type list (supported UE parameters update data set types list), for example including update of slice authentication credentials, and/or update of secondary authentication credentials. The "credentials" here can be understood as parameters. Wherein, the update of the secondary authentication credential may also be referred to as the update of the protocol data unit session authentication credential.
其中,routing indicator update data的中文名称是路由指示更新数据,default configured NSSAI update data的中文名称是默认配置网络切片选择辅助信息(network slicing selection assistance information,NSSAI)更新数据。Among them, the Chinese name of routing indicator update data is routing instruction update data, and the Chinese name of default configured NSSAI update data is the default configuration of network slicing selection assistance information (network slicing selection assistance information, NSSAI) update data.
之所以在一种实现方式中排除这两种参数更新类型,是因为现有的3GPP版本的终端都支持这两种参数更新类型,且UDM知晓终端支持这两种参数更新类型,因此可以不用上报。当然上报这两种参数更新类型也是可以的。The reason why these two parameter update types are excluded in one implementation is that the terminals of the existing 3GPP version support these two parameter update types, and UDM knows that the terminal supports these two parameter update types, so there is no need to report . Of course, it is also possible to report these two parameter update types.
作为一种实现方法,第一参数更新类型也可以包括路由指示更新数据和默认配置NSSAI更新数据,以兼容旧的特性。As an implementation method, the first parameter update type may also include routing indication update data and default configuration NSSAI update data to be compatible with old features.
该Kausf是终端与AUSF之间的密钥。作为一种实现方法,以Kausf作为密钥(key),以第一参数更新类型作为输入参数,计算得到第一MAC。作为另一种实现方法,以Kausf作为密钥(key),以第一参数更新类型和第一计数值作为输入参数,计算得到第一MAC。该第一MAC用于防止第一参数更新类型在发送过程中被篡改。其中,Kausf是终端与AUSF之间的密钥。The Kausf is the key between the terminal and AUSF. As an implementation method, Kausf is used as a key (key), and the first parameter update type is used as an input parameter to calculate the first MAC. As another implementation method, Kausf is used as a key (key), and the first parameter update type and the first count value are used as input parameters to calculate the first MAC. The first MAC is used to prevent the first parameter update type from being tampered with during sending. Among them, Kausf is the key between the terminal and AUSF.
作为一种实现方法,终端可以直接执行上述步骤201,也即向网络侧发送第一参数更新类型。As an implementation method, the terminal may directly perform the above step 201, that is, send the first parameter update type to the network side.
作为另一种实现方法,当满足以下条件1至条件5中的一个或多个时,则终端确定向网络侧发送第一参数更新类型,也即执行上述步骤201:As another implementation method, when one or more of the following conditions 1 to 5 are met, the terminal determines to send the first parameter update type to the network side, that is, executes the above step 201:
条件1,在终端中插入了新的全球用户身份模块(universal subscriber identity module,USIM)卡。Condition 1, a new universal subscriber identity module (USIM) card is inserted into the terminal.
也即,当新插入USIM卡时,可以触发终端向UDM发送第一参数更新类型。That is, when a USIM card is newly inserted, the terminal may be triggered to send the first parameter update type to the UDM.
条件2,该新插入的USIM卡支持第一参数更新类型。Condition 2, the newly inserted USIM card supports the first parameter update type.
也即,当新卡支持第一参数更新类似时,则可以触发终端向UDM发送第一参数更新类型。That is, when the new card supports the first parameter update similarity, the terminal may be triggered to send the first parameter update type to the UDM.
条件3,终端开机。Condition 3, the terminal is turned on.
也即,当终端开机时,可以触发终端向UDM发送第一参数更新类型。That is, when the terminal is turned on, the terminal may be triggered to send the first parameter update type to the UDM.
条件4,未向UDM发送过第一参数更新类型。Condition 4, the first parameter update type has not been sent to the UDM.
也即,当没有向UDM发送过第一参数更新类型,则可以向UDM发送第一参数更新类型。That is, when the first parameter update type has not been sent to the UDM, the first parameter update type may be sent to the UDM.
条件5,未从UDM收到过针对第一参数更新类型的响应。Condition 5, no response for the first parameter update type has been received from the UDM.
也即,当终端向UDM发送了第一参数更新类型,但没有收到来自UDM的响应,则终端可以重新向UDM发送第一参数更新类型。That is, when the terminal sends the first parameter update type to the UDM but does not receive a response from the UDM, the terminal may resend the first parameter update type to the UDM.
其中,这里的响应可以是一个MAC,比如可以是如下所述的第五MAC。Wherein, the response here may be a MAC, such as the fifth MAC as described below.
步骤202,终端向AMF发送第一参数更新类型和第一MAC。Step 202, the terminal sends the first parameter update type and the first MAC to the AMF.
作为一种实现方法,终端在向AMF发送的注册请求消息中携带该第一参数更新类型和第一MAC。As an implementation method, the terminal carries the first parameter update type and the first MAC in the registration request message sent to the AMF.
作为另一种实现方法,终端在向AMF发送的上行非接入层(non access stratum,NAS)传输消息中携带该第一参数更新类型和第一MAC。As another implementation method, the terminal carries the first parameter update type and the first MAC in an uplink non-access stratum (non access stratum, NAS) transmission message sent to the AMF.
根据上述方案,终端主动向网络侧上报终端支持的参数更新类型,即第一参数更新类型,使得网络侧可以根据第一参数更新类型,向终端发送相应的参数,即向终端发送与第一参数更新类型对应的参数,避免网络侧向终端发送该终端不支持的参数更新类型对应的参数,从而可以减少资源浪费。并且,在终端向网络侧发送该终端支持的参数更新类型过程中,还通过生成消息认证码,即第一MAC,对该参数更新类型进行安全保护,以保证网络侧可以成功收到该终端支持的参数更新类型。According to the above scheme, the terminal actively reports the parameter update type supported by the terminal to the network side, that is, the first parameter update type, so that the network side can send corresponding parameters to the terminal according to the first parameter update type, that is, send the terminal the same parameter as the first parameter update type. The parameters corresponding to the update type avoid the network side from sending to the terminal the parameters corresponding to the parameter update type not supported by the terminal, thereby reducing waste of resources. Moreover, when the terminal sends the parameter update type supported by the terminal to the network side, the parameter update type is also protected by generating a message authentication code, that is, the first MAC, so as to ensure that the network side can successfully receive the terminal support. The parameter update type for .
其中,终端发送的是第一参数更新类型、第一MAC,而AMF收到的是第二参数更新类型、第二MAC。在正常情况下,AMF收到的第二参数更新类型与终端发送的第一参数更新类型相同,AMF收到的第二MAC与终端发送的第一MAC相同。但当网络不够安全时,则终端发送的上述信息可能会被篡改,导致AMF收到的第二参数更新类型与终端发送的第一参数更新类型可能不同,AMF收到的第二MAC与终端发送的第一MAC可能不同。Wherein, what the terminal sends is the first parameter update type and the first MAC, and what the AMF receives is the second parameter update type and the second MAC. Under normal circumstances, the type of the second parameter update received by the AMF is the same as the type of the first parameter update sent by the terminal, and the second MAC received by the AMF is the same as the first MAC sent by the terminal. But when the network is not secure enough, the above information sent by the terminal may be tampered with, resulting in the second parameter update type received by the AMF may be different from the first parameter update type sent by the terminal, and the second MAC received by the AMF is the same as the one sent by the terminal. The first MAC may be different.
AMF在收到第二参数更新类型和第二MAC后,向UDM发送该第二参数更新类型和第二MAC。后续可以由UDM根据第二参数更新类型,对收到的第二MAC进行校验,在第二MAC校验成功的情况下,UDM确认成功收到终端支持的参数更新类型,也即UDM收到的第二参数更新类型与终端发送的第一参数更新类型是相同的。After receiving the second parameter update type and the second MAC, the AMF sends the second parameter update type and the second MAC to the UDM. Subsequently, the UDM can verify the received second MAC according to the second parameter update type. If the second MAC verification is successful, the UDM confirms that the parameter update type supported by the terminal has been successfully received, that is, the UDM receives The second parameter update type is the same as the first parameter update type sent by the terminal.
其中,UDM对收到的第二MAC进行校验,也可以称为UDM校验第二MAC是否与第三MAC匹配,该第三MAC是AUSF根据第二参数更新类型和Kausf生成的。Wherein, the UDM checks the received second MAC, which may also be referred to as the UDM checking whether the second MAC matches the third MAC, and the third MAC is generated by the AUSF according to the second parameter update type and Kausf.
作为示例,下面介绍两种校验方法,即以下实现方法一和实现方法二。As an example, two verification methods are introduced below, that is, the following implementation method 1 and implementation method 2.
实现方法一,UDM向AUSF发送第二参数更新类型,AUSF根据第二参数更新类型和Kausf生成第三MAC,AUSF向UDM发送第三MAC,UDM校验第二MAC是否与第三MAC匹配。其中,当第二MAC与第三MAC相同,则校验第二MAC成功,或称为校验第二MAC与第三MAC匹配。当第二MAC与第三MAC不同,则校验第二MAC失败, 或称为校验第二MAC与第三MAC不匹配。Implementation method 1: UDM sends the second parameter update type to AUSF, AUSF generates a third MAC according to the second parameter update type and Kausf, AUSF sends the third MAC to UDM, and UDM checks whether the second MAC matches the third MAC. Wherein, when the second MAC is the same as the third MAC, the verification of the second MAC is successful, or referred to as verifying that the second MAC matches the third MAC. When the second MAC is different from the third MAC, the verification of the second MAC fails, or it is called that the verification of the second MAC does not match the third MAC.
实现方法二,UDM向AUSF发送第二参数更新类型,AUSF根据第二参数更新类型和Kausf生成第三MAC,AUSF向UDM发送第三MAC,AUSF校验第二MAC是否与第三MAC匹配。然后,AUSF向UDM发送MAC校验结果,该MAC校验结果是第二MAC与第三MAC匹配或第二MAC与第三MAC不匹配。Implementation method 2: UDM sends the second parameter update type to AUSF, AUSF generates a third MAC according to the second parameter update type and Kausf, AUSF sends the third MAC to UDM, and AUSF checks whether the second MAC matches the third MAC. Then, the AUSF sends the MAC verification result to the UDM, and the MAC verification result is that the second MAC matches the third MAC or the second MAC does not match the third MAC.
在第二消息认证码与第三消息认证码匹配的情况下,表明网络侧收到的第二参数更新类型与终端发送的第一参数更新类型是相同的,也即网络侧成功收到终端支持的参数更新类型,则网络侧可以保存第二参数更新类型,从而后续网络侧可以根据第二参数更新类型,向终端发送与该第二参数更新类型对应的参数,有助于避免网络侧向终端发送该终端不支持的参数更新类型对应的参数,从而可以减少资源浪费。在第二消息认证码与第三消息认证码不匹配的情况下,表明网络侧收到的第二参数更新类型与终端发送的第一参数更新类型是不同的,也即网络侧没有成功收到终端支持的参数更新类型,则网络侧可以丢弃第二参数更新类型,从而后续网络侧不会向终端发送与该第二参数更新类型对应的参数,有助于避免网络侧向终端发送该终端不支持的参数更新类型对应的参数,从而可以减少资源浪费。在第二消息认证码与第三消息认证码不匹配的情况下,表明当前网络可能不够安全,存在篡改传输的信息(如终端向网络侧发送的第一参数更新类型)的可能性,因此网络可以降低该终端所在的PLMN的优先级,从而可以降低不安全网络带来的风险。If the second message authentication code matches the third message authentication code, it indicates that the second parameter update type received by the network side is the same as the first parameter update type sent by the terminal, that is, the network side successfully receives the terminal support Parameter update type, the network side can save the second parameter update type, so that the subsequent network side can send the parameters corresponding to the second parameter update type to the terminal according to the second parameter update type, which helps to prevent the network side from sending the terminal Parameters corresponding to parameter update types not supported by the terminal are sent, thereby reducing waste of resources. If the second message authentication code does not match the third message authentication code, it indicates that the second parameter update type received by the network side is different from the first parameter update type sent by the terminal, that is, the network side has not successfully received The parameter update type supported by the terminal, the network side can discard the second parameter update type, so that the subsequent network side will not send the parameters corresponding to the second parameter update type to the terminal, which helps to prevent the network side from sending the terminal to the terminal. The parameters corresponding to the supported parameter update types can reduce resource waste. If the second message authentication code does not match the third message authentication code, it indicates that the current network may not be secure enough, and there is a possibility of tampering with the transmitted information (such as the first parameter update type sent by the terminal to the network side), so the network The priority of the PLMN where the terminal is located can be reduced, thereby reducing the risk caused by an insecure network.
其中,在MAC校验结果为第二MAC与第三MAC匹配的情况下,表明UDM成功收到终端支持的参数更新类型,则UDM还可以告知终端:UDM成功收到了终端支持的参数更新类型。下面介绍两种不同的方法,即以下实现方法A和实现方法B。Wherein, if the MAC verification result shows that the second MAC matches the third MAC, it indicates that the UDM has successfully received the parameter update type supported by the terminal, and the UDM may also inform the terminal that the UDM has successfully received the parameter update type supported by the terminal. Two different methods are described below, namely the implementation method A and the implementation method B below.
实现方法A,UDM向终端发送第四MAC,该第四MAC是由AUSF根据第一确认信息和Kausf生成的,该第一确认信息用于指示成功收到终端支持的参数更新类型。终端收到第五MAC,然后根据第二确认信息和Kausf,对第五MAC进行校验。To implement method A, the UDM sends a fourth MAC to the terminal. The fourth MAC is generated by the AUSF according to the first confirmation information and Kausf. The first confirmation information is used to indicate that the parameter update type supported by the terminal is successfully received. After receiving the fifth MAC, the terminal verifies the fifth MAC according to the second confirmation information and Kausf.
其中,UDM发送的是第四MAC,而终端收到的是第五MAC。在正常情况下,第五MAC与第四MAC相同。在网络存在安全风险情况下,则UDM发送的第四MAC有可能被篡改,则终端收到的第五MAC有可能与第四MAC不同。Wherein, what the UDM sends is the fourth MAC, and what the terminal receives is the fifth MAC. Under normal circumstances, the fifth MAC is the same as the fourth MAC. If there is a security risk in the network, the fourth MAC sent by the UDM may be tampered with, and the fifth MAC received by the terminal may be different from the fourth MAC.
其中,终端校验第五MAC时使用的第二确认信息与AUSF生成第四MAC时使用的第一确认信息是相同的确认信息,比如可以是相同的1比特信息。Wherein, the second confirmation information used when the terminal checks the fifth MAC is the same confirmation information as the first confirmation information used when the AUSF generates the fourth MAC, for example, it may be the same 1-bit information.
作为一种实现方法,终端校验第五MAC的方法,比如可以是:以Kausf作为密钥,以第二确认信息作为输入参数,计算得到第六MAC。然后终端判断第六MAC与第五MAC是否相同。当第六MAC与第五MAC相同,则校验第五MAC成功,当第六MAC与第五MAC不同,则校验第五MAC失败。其中,校验第五MAC成功,也意味着UDM发送的第四MAC与终端收到的第五MAC相同。As an implementation method, the method for the terminal to verify the fifth MAC may be, for example, using Kausf as a key and using the second confirmation information as an input parameter to calculate and obtain the sixth MAC. Then the terminal judges whether the sixth MAC is the same as the fifth MAC. When the sixth MAC is the same as the fifth MAC, the verification of the fifth MAC succeeds, and when the sixth MAC is different from the fifth MAC, the verification of the fifth MAC fails. The successful verification of the fifth MAC also means that the fourth MAC sent by the UDM is the same as the fifth MAC received by the terminal.
当第五消息认证码校验成功,表明网络侧成功收到第一参数更新类型,则终端可以保存该第二确认信息,后续终端根据保存的第二确认信息,确认网络侧已经成功收到第一参数更新类型,从而终端可以不再向网络侧发送第一参数更新类型,有助于减少开销。当第五MAC校验失败,表明网络侧没有成功收到第一参数更新类型,则终端可以丢弃第二确认信息,后续终端确认自身没有保存第二确认信息,则确认网络侧没有成功收到第一参数更新类型,从而终端可以再次网络侧发送第一参数更新类型,有助于提升网络侧成功收到 第一参数更新类型的可能性。当第五MAC校验失败,表明当前网络可能不够安全,存在篡改传输的信息(如网络侧向终端发送的消息认证码)的可能性,因此终端可以降低该终端所在的PLMN的优先级,从而可以降低不安全网络带来的风险。When the verification of the fifth message authentication code succeeds, it indicates that the network side has successfully received the first parameter update type, then the terminal can save the second confirmation information, and the subsequent terminal confirms that the network side has successfully received the second confirmation information according to the saved second confirmation information. A parameter update type, so that the terminal can no longer send the first parameter update type to the network side, which helps to reduce overhead. When the fifth MAC check fails, it indicates that the network side has not successfully received the first parameter update type, then the terminal can discard the second confirmation information, and the subsequent terminal confirms that it has not saved the second confirmation information, then confirms that the network side has not successfully received the second confirmation information. A parameter update type, so that the terminal can send the first parameter update type again from the network side, which helps to improve the possibility that the network side successfully receives the first parameter update type. When the fifth MAC check fails, it indicates that the current network may not be secure enough, and there is a possibility of tampering with the transmitted information (such as the message authentication code sent by the network side to the terminal), so the terminal can reduce the priority of the PLMN where the terminal is located, thereby Risks posed by insecure networks can be reduced.
作为一种实现方法,当UDM通过上述实现方法一校验第二MAC,则UDM获取第四MAC的方法可以是:在AUSF生成的MAC校验结果为第二MAC与第三MAC匹配的情况下,AUSF根据第一确认信息和Kausf,生成第四MAC,然后AUSF向UDM发送该第四MAC。As an implementation method, when the UDM checks the second MAC through the above implementation method 1, the method for the UDM to obtain the fourth MAC may be: when the MAC check result generated by the AUSF is that the second MAC matches the third MAC , the AUSF generates a fourth MAC according to the first confirmation information and Kausf, and then the AUSF sends the fourth MAC to the UDM.
作为另一种实现方法,当UDM通过上述实现方法二校验第二MAC,则UDM获取第四MAC的方法可以是:UDM在确定第二MAC与第二MAC匹配时,则向AUSF发送指示信息,该指示信息用于指示第二MAC与第三MAC匹配;然后AUSF根据该指示信息,触发根据第一确认信息和Kausf,生成第四MAC,接着AUSF向UDM发送该第四MAC。As another implementation method, when the UDM checks the second MAC through the above implementation method 2, the method for the UDM to obtain the fourth MAC may be: when the UDM determines that the second MAC matches the second MAC, it sends indication information to the AUSF , the indication information is used to indicate that the second MAC matches the third MAC; then, according to the indication information, the AUSF triggers generation of a fourth MAC according to the first confirmation information and Kausf, and then the AUSF sends the fourth MAC to the UDM.
实现方法B,终端从AMF接收下行非接入层传输消息,其中,当该下行非接入层传输消息中包含第一参数更新类型对应的参数,确定UDM成功收到第一参数更新类型,当该下行非接入层传输消息中不包含第一参数更新类型对应的参数,确定UDM没有成功收到第一参数更新类型,进而终端可以降低终端所在的PLMN的优先级。To implement method B, the terminal receives a downlink non-access stratum transmission message from the AMF, wherein, when the downlink non-access stratum transmission message contains parameters corresponding to the first parameter update type, it is determined that the UDM has successfully received the first parameter update type, and when The downlink non-access stratum transmission message does not include the parameters corresponding to the first parameter update type, and it is determined that the UDM has not successfully received the first parameter update type, and then the terminal may lower the priority of the PLMN where the terminal is located.
具体的,UDM在向终端发送参数的过程中,在第二MAC与第三MAC匹配的情况下,UDM可以向终端发送与第二参数更新类型对应的参数,这里的第二参数更新类型与第一参数更新类型相同。在第二MAC与第三MAC不匹配的情况下,UDM不向终端发送与第二参数更新类型对应的参数,这里的第二参数更新类型与第一参数更新类型可能相同,也可能不同。终端通过判断UDM是否发送了与第一参数更新类型对应的参数,来判断UDM是否成功收到第一参数更新类型。Specifically, when the UDM sends parameters to the terminal, if the second MAC matches the third MAC, the UDM can send the parameter corresponding to the second parameter update type to the terminal, where the second parameter update type is the same as the first MAC address. A parameter update of the same type. If the second MAC does not match the third MAC, the UDM does not send the parameter corresponding to the second parameter update type to the terminal, where the second parameter update type may be the same as or different from the first parameter update type. The terminal judges whether the UDM has successfully received the first parameter update type by judging whether the UDM has sent the parameter corresponding to the first parameter update type.
根据上述方案,终端在向网络侧发送了第一参数更新类型之后,可以通过后续网络侧是否向终端发送该第一参数更新类型对应的参数,来判断网络侧是否成功收到第一参数更新类型。该方法不需要网络侧通过额外的指示信息(如一个消息认证码),来告知终端网络侧是否成功收到第一参数更新类型,而是通过隐式方法告知终端网络侧是否成功收到第一参数更新类型,可以减少网络侧与终端之间的信令交互,有助于减少开销。According to the above solution, after the terminal sends the first parameter update type to the network side, it can determine whether the network side has successfully received the first parameter update type by checking whether the network side subsequently sends the parameter corresponding to the first parameter update type to the terminal. . This method does not require the network side to inform the terminal whether the network side has successfully received the first parameter update type through additional indication information (such as a message authentication code), but uses an implicit method to inform the terminal whether the network side has successfully received the first parameter update type. The parameter update type can reduce the signaling interaction between the network side and the terminal, which helps to reduce overhead.
下面结合以下图3至图6所示的不同具体实现方案,对上述图2所示的方法进行具体说明。The method shown in FIG. 2 above will be specifically described below in conjunction with the different specific implementation solutions shown in FIG. 3 to FIG. 6 below.
图3为本申请实施例提供的一种无线通信方法,该方法包括以下步骤:Fig. 3 is a kind of wireless communication method provided by the embodiment of the present application, the method includes the following steps:
步骤301,终端向AMF发送第一请求。相应地,AMF收到该第一请求。Step 301, the terminal sends a first request to the AMF. Correspondingly, the AMF receives the first request.
该第一请求可以是注册请求或上行NAS传输(UL NAS transport)消息。The first request may be a registration request or an uplink NAS transport (UL NAS transport) message.
该第一请求中包含第一参数更新类型和第一MAC,可选的,还包含第一计数值(counter)和/或确认指示(ACK indication)。The first request includes a first parameter update type and a first MAC, and optionally also includes a first count value (counter) and/or an acknowledgment indication (ACK indication).
当计算第一MAC时使用了第一计数值,则需要该第一请求中携带第一计数值。When the first count value is used when calculating the first MAC, the first count value needs to be carried in the first request.
其中,确认指示用于指示在收到第一参数更新类型后返回响应,该响应可以包含一个MAC。Wherein, the acknowledgment indication is used to indicate to return a response after receiving the first parameter update type, and the response may include a MAC.
可选的,在满足上述步骤201中描述的条件1至条件5中的任一个或多个条件时,在上述第一请求中携带第一参数更新类型和第一MAC,可选的,还携带第一计数值和/或确认指示。Optionally, when any one or more of conditions 1 to 5 described in step 201 above is satisfied, the first request carries the first parameter update type and the first MAC, and optionally, also carries A first count value and/or a confirmation indication.
作为一种实现方法,可以将第一参数更新类型和第一MAC封装至一个容器(container)中,该容器对AMF来说是透明的,也就是不需要AMF读取容器的内容,AMF直接将该容器传给UDM。可选的,该容器中还包含第一计数值和/或确认指示。As an implementation method, the first parameter update type and the first MAC can be encapsulated into a container (container), which is transparent to AMF, that is, AMF does not need to read the content of the container, and AMF directly This container is passed to UDM. Optionally, the container further includes a first count value and/or a confirmation indication.
需要说明的是,如果该方案应用于初始注册场景,则第一请求可以是注册请求,该注册请求可以携带于安全模式完成(security mode complete)消息中,该安全模式完成消息可以对该注册请求进行安全保护。It should be noted that if this solution is applied to the initial registration scenario, the first request may be a registration request, and the registration request may be carried in a security mode complete (security mode complete) message, and the security mode completion message may be the registration request For security protection.
步骤302,AMF向UDM发送第二请求。相应地,UDM收到该第二请求。In step 302, the AMF sends a second request to the UDM. Correspondingly, the UDM receives the second request.
其中,终端发送的是第一参数更新类型、第一MAC和第一计数值,而UDM收到的是第二参数更新类型、第二MAC和第二计数值。在正常情况下,UDM收到的第二参数更新类型与终端发送的第一参数更新类型相同,UDM收到的第二MAC与终端发送的第一MAC相同,UDM收到的第二计数值与终端发送的第一计数值相同。但当网络不够安全时,则终端发送的上述信息可能会被篡改,导致UDM收到的第二参数更新类型与终端发送的第一参数更新类型可能不同,UDM收到的第二MAC与终端发送的第一MAC可能不同,UDM收到的第二计数值与终端发送的第一计数值可能不同。Wherein, the terminal sends the first parameter update type, the first MAC and the first count value, and the UDM receives the second parameter update type, the second MAC and the second count value. Under normal circumstances, the second parameter update type received by the UDM is the same as the first parameter update type sent by the terminal, the second MAC received by the UDM is the same as the first MAC sent by the terminal, and the second count value received by the UDM is the same as The first count values sent by the terminal are the same. However, when the network is not secure enough, the above information sent by the terminal may be tampered with, resulting in that the second parameter update type received by UDM may be different from the first parameter update type sent by the terminal, and the second MAC received by UDM is the same as that sent by the terminal. The first MAC may be different, and the second count value received by the UDM may be different from the first count value sent by the terminal.
该第二请求中包含第二参数更新类型和第二MAC。The second request includes a second parameter update type and a second MAC.
其中,当第一请求中包含第一计数值,则该第二请求中还包含第二计数值。当第一请求中包含确认指示,则该第二请求中还包含该确认指示。Wherein, when the first request includes the first count value, the second request also includes the second count value. When the first request includes the confirmation indication, the second request also includes the confirmation indication.
该第二请求可以是UE上下文管理注册请求、签约数据管理获取请求或签约数据管理通知消息。The second request may be a UE context management registration request, a subscription data management acquisition request, or a subscription data management notification message.
步骤303,UDM向AUSF发送第三请求。相应地,AUSF收到该第三请求。In step 303, the UDM sends a third request to the AUSF. Correspondingly, the AUSF receives the third request.
该第三请求中包含永久签约标识(subscription permanent identifier,SUPI),第二参数更新类型和第二MAC。The third request includes a permanent subscription identifier (subscription permanent identifier, SUPI), a second parameter update type, and a second MAC.
其中,当第二请求中包含第二计数值,则该第三请求中还包含该第二计数值。当第二请求中包含确认指示,则该第三请求中还包含确认指示。Wherein, when the second request includes the second count value, the third request also includes the second count value. When the second request includes an acknowledgment indication, the third request also includes an acknowledgment indication.
该第二请求可以是UE参数更新(UE parameter update,UPU)保护请求或UPU数据类型校验请求。The second request may be a UE parameter update (UE parameter update, UPU) protection request or a UPU data type verification request.
其中,SUPI用于唯一标识一个终端。AUSF可以根据SUPI获取该SUPI对应的密钥(Kausf)。也即,AUSF中存储有各个终端分别对应的Kausf,AUSF需要根据SUPI,获取相应的Kausf,从而保证AUSF与终端使用相同的Kausf。Among them, SUPI is used to uniquely identify a terminal. AUSF can obtain the key (Kausf) corresponding to the SUPI according to the SUPI. That is, the AUSF stores Kausf corresponding to each terminal, and the AUSF needs to obtain the corresponding Kausf according to the SUPI, so as to ensure that the AUSF and the terminal use the same Kausf.
步骤304,AUSF校验该第二MAC。In step 304, the AUSF checks the second MAC.
这里的校验第二MAC,也可以描述为:校验第二参数更新类型,或者描述为:校验第二参数更新类型与第二MAC是否匹配。具体的,AUSF按照与终端生成第一MAC相同的方法,生成第三MAC。如果该第三MAC与第二MAC相同,则第二MAC校验成功,表明第一参数更新类型在传输过程中没有被篡改,即第二参数更新类型与第一参数更新类型相同。如果该第二MAC与第一MAC不同,则第二MAC校验失败,表明第一参数更新类型在传输过程中可能被篡改,即第二参数更新类型与第一参数更新类型可能不同。Checking the second MAC here may also be described as: checking the second parameter update type, or as: checking whether the second parameter update type matches the second MAC. Specifically, the AUSF generates the third MAC in the same way as the terminal generates the first MAC. If the third MAC is the same as the second MAC, the verification of the second MAC is successful, indicating that the first parameter update type has not been tampered with during transmission, that is, the second parameter update type is the same as the first parameter update type. If the second MAC is different from the first MAC, the verification of the second MAC fails, indicating that the first parameter update type may be tampered with during transmission, that is, the second parameter update type may be different from the first parameter update type.
AUSF生成第三MAC的具体过程为:作为一种实现方法,以Kausf作为密钥,以AUSF收到的第二参数更新类型作为输入参数,计算得到第三MAC。作为另一种实现方法,如果第三请求中还携带第二计数值,则AUSF以Kausf作为密钥,以AUSF收到的第二参数更新类型和第二计数值作为输入参数,计算得到第三MAC。The specific process for the AUSF to generate the third MAC is as follows: As an implementation method, the third MAC is calculated by using Kausf as a key and the second parameter update type received by the AUSF as an input parameter. As another implementation method, if the third request also carries the second count value, AUSF uses Kausf as the key, uses the second parameter update type and the second count value received by AUSF as input parameters, and calculates the third MAC.
其中,AUSF校验第二MAC,也可以称为AUSF校验第三MAC与第二MAC是否匹配。Wherein, the AUSF checks the second MAC, which may also be referred to as whether the AUSF checks whether the third MAC matches the second MAC.
步骤305,AUSF生成第四MAC。In step 305, the AUSF generates a fourth MAC.
其中,当第三请求中包含确认指示,且在步骤304中第二MAC校验成功,则AUSF执行该步骤305,当第三请求中不包含确认指示,或在步骤304中第二MAC校验失败,则AUSF不执行该步骤305。Wherein, when the third request contains an acknowledgment indication, and the second MAC verification is successful in step 304, the AUSF executes the step 305; If it fails, the AUSF does not execute step 305.
其中,AUSF生成第四MAC的方法是:AUSF根据确认指示生成第一确认信息(ACK),然后以Kausf作为密钥,以第一确认信息和第二计数值作为输入参数,计算得到第四MAC。其中,生成第四MAC时使用的计数值与生成第三MAC时使用的计数值相同,都为第二计数值。需要说明的是,AUSF使用的第一确认信息也可以是UDM发送给AUSF的。Wherein, the method for AUSF to generate the fourth MAC is: AUSF generates the first acknowledgment information (ACK) according to the acknowledgment indication, then uses Kausf as the key, and uses the first acknowledgment information and the second count value as input parameters to calculate the fourth MAC . Wherein, the count value used when generating the fourth MAC is the same as the count value used when generating the third MAC, both being the second count value. It should be noted that the first confirmation information used by the AUSF may also be sent to the AUSF by the UDM.
其中,该第一确认信息用于指示UDM成功收到了第一参数更新类型或UDM成功校验了收到的参数更新类型。Wherein, the first confirmation information is used to indicate that the UDM has successfully received the first parameter update type or the UDM has successfully verified the received parameter update type.
本申请所描述生成第一确认信息(ACK),仅表明AUSF根据第一确认信息进行MAC计算,并不一定需要第一确认信息的生成,因为该第一确认信息可以是固定的1比特数据,可以直接作为计算MAC的输入,不需要生成。The generation of the first acknowledgment information (ACK) described in this application only means that the AUSF performs MAC calculation according to the first acknowledgment information, and does not necessarily require the generation of the first acknowledgment information, because the first acknowledgment information can be fixed 1-bit data, It can be directly used as the input to calculate the MAC, and does not need to be generated.
步骤306,AUSF向UDM发送第三响应。相应地,UDM收到该第三响应。In step 306, the AUSF sends a third response to the UDM. Correspondingly, the UDM receives the third response.
该第三响应是针对第三请求的响应。The third response is a response to the third request.
该第三响应中包含MAC校验结果。其中,该MAC校验结果是第二MAC校验成功或第二MAC校验失败。The third response includes the MAC check result. Wherein, the MAC verification result is success of the second MAC verification or failure of the second MAC verification.
这里的MAC校验结果,也可以描述为:校验第二参数更新类型的结果,或者描述为:校验第二参数更新类型与第二MAC是否匹配的结果。The MAC verification result here may also be described as: the result of verifying the second parameter update type, or as: the result of verifying whether the second parameter update type matches the second MAC.
可选的,该第三响应中还包含第四MAC。当第三响应中包含第四MAC,可选地第三响应中还可以包含第一确认信息。Optionally, the third response further includes a fourth MAC. When the third response includes the fourth MAC, optionally the third response may also include the first confirmation information.
步骤307,当MAC校验结果是第二MAC校验成功,则UDM保存第二参数更新类型;当MAC校验结果是第二MAC校验失败,则UDM丢弃第二参数更新类型和/或降低终端所在的PLMN的优先级。Step 307, when the MAC verification result is that the second MAC verification is successful, the UDM saves the second parameter update type; when the MAC verification result is the second MAC verification failure, the UDM discards the second parameter update type and/or reduces The priority of the PLMN where the terminal is located.
其中,MAC校验结果是第二MAC校验成功,也可以理解为是第二MAC与第三MAC匹配。MAC校验结果是第二MAC校验失败,也可以理解为是第二MAC与第三MAC不匹配。Wherein, the result of the MAC verification is that the verification of the second MAC is successful, which can also be understood as that the second MAC matches the third MAC. The result of the MAC verification is that the second MAC verification fails, which can also be understood as the fact that the second MAC does not match the third MAC.
之所以降低终端所在的PLMN的优先级,是因为该网络中可能存在篡改传输的信息(如第一参数更新类型)的问题,因此可能存在安全风险。The reason why the priority of the PLMN where the terminal is located is lowered is that there may be a problem of tampering with the transmitted information (such as the update type of the first parameter) in the network, so there may be a security risk.
步骤308,UDM向AMF发送第二响应。相应地,AMF收到该第二响应。Step 308, the UDM sends a second response to the AMF. Correspondingly, the AMF receives the second response.
该第二响应中携带第四MAC。The second response carries the fourth MAC.
其中,当UDM从AUSF收到第四MAC,则执行该步骤308;当UDM没有从AUSF收到第四MAC,则可以不执行该步骤308。Wherein, when the UDM receives the fourth MAC from the AUSF, the step 308 is performed; when the UDM does not receive the fourth MAC from the AUSF, the step 308 may not be performed.
步骤309,AMF向终端发送第一响应。相应地,终端收到该第一响应。Step 309, the AMF sends a first response to the terminal. Correspondingly, the terminal receives the first response.
当第一请求是注册请求,则第一响应是注册接受,也可以是下行NAS传输(DL NAS transport)消息。When the first request is a registration request, the first response is a registration acceptance, or a downlink NAS transport (DL NAS transport) message.
当第一请求是上行NAS传输消息,则第一响应是下行NAS传输(DL NAS transport)消息。When the first request is an uplink NAS transport message, the first response is a downlink NAS transport (DL NAS transport) message.
该第一响应中包含第五MAC。The first response includes the fifth MAC.
其中,UDM发送的是第四MAC,而终端收到的第一响应中携带的是第五MAC。在正常情况下,第五MAC与第四MAC相同。在网络存在安全风险情况下,则UDM发送的第四MAC有可能被篡改,则终端收到的第五MAC有可能与第四MAC不同。需要说明的是,UDM发送的第四MAC可能是在AMF发出该第一响应之前被篡改,也可能是在AMF发出该第一响应之后在空口被篡改。Wherein, the UDM sends the fourth MAC, and the first response received by the terminal carries the fifth MAC. Under normal circumstances, the fifth MAC is the same as the fourth MAC. If there is a security risk in the network, the fourth MAC sent by the UDM may be tampered with, and the fifth MAC received by the terminal may be different from the fourth MAC. It should be noted that the fourth MAC sent by the UDM may be tampered before the AMF sends the first response, or may be tampered on the air interface after the AMF sends the first response.
步骤310,终端校验第五MAC。Step 310, the terminal checks the fifth MAC.
在正常情况下,终端收到的第五MAC与UDM发送的第四MAC相同。但当网络不够安全时,则UDM发送的第四MAC可能会被篡改,导致终端收到的第五MAC与UDM发送的第四MAC可能不同。Under normal circumstances, the fifth MAC received by the terminal is the same as the fourth MAC sent by the UDM. However, when the network is not secure enough, the fourth MAC sent by the UDM may be tampered with, so that the fifth MAC received by the terminal may be different from the fourth MAC sent by the UDM.
具体的,终端根据第二确认信息和Kausf,校验第五MAC。其中,这里的校验第五MAC,也可以描述为:校验第二确认信息,或者描述为:校验第二确认信息与第五MAC是否匹配。Specifically, the terminal verifies the fifth MAC according to the second confirmation information and Kausf. Wherein, checking the fifth MAC here may also be described as: checking the second confirmation information, or as: checking whether the second confirmation information matches the fifth MAC.
其中,当终端收到第五MAC,则执行该步骤310;当终端没有收到第五MAC,则不执行该步骤310。Wherein, when the terminal receives the fifth MAC, the step 310 is performed; when the terminal does not receive the fifth MAC, the step 310 is not performed.
其中,当第五MAC与第四MAC相同时,该第五MAC则是根据第一确认信息和Kausf生成的。Wherein, when the fifth MAC is the same as the fourth MAC, the fifth MAC is generated according to the first confirmation information and Kausf.
具体的,终端按照与AUSF生成第四MAC相同的方法,生成第六MAC。如果该第六MAC与第五MAC相同,则第五MAC校验成功,表明UDM成功收到终端支持的参数更新类型(即第一参数更新类型),也表明第四MAC在传输过程中没有被篡改。如果该第六MAC与第五MAC不同,则第五MAC校验失败,表明第四MAC在传输过程中被篡改。Specifically, the terminal generates the sixth MAC in the same way as the AUSF generates the fourth MAC. If the sixth MAC is the same as the fifth MAC, the verification of the fifth MAC is successful, indicating that the UDM has successfully received the parameter update type (ie, the first parameter update type) supported by the terminal, and also indicates that the fourth MAC has not been blocked during transmission. tamper. If the sixth MAC is different from the fifth MAC, then the verification of the fifth MAC fails, indicating that the fourth MAC has been tampered with during transmission.
终端生成第六MAC的具体过程为:以Kausf作为密钥,以第二确认信息和第一计数值作为输入参数,计算得到第六MAC。其中,生成第六MAC使用的计数值与生成第一MAC使用的计数值相同,都是第一计数值。The specific process for the terminal to generate the sixth MAC is: using Kausf as a key, and using the second confirmation information and the first count value as input parameters to obtain the sixth MAC through calculation. Wherein, the count value used to generate the sixth MAC is the same as the count value used to generate the first MAC, and both are the first count value.
其中,终端生成第六MAC时使用的第二确认信息与AUSF生成第四MAC时使用的第一确认信息是相同的确认信息,比如可以是相同的1比特信息。Wherein, the second confirmation information used when the terminal generates the sixth MAC is the same confirmation information as the first confirmation information used when the AUSF generates the fourth MAC, for example, it may be the same 1-bit information.
其中,第二确认信息可以是终端生成的,或者是终端在需要生成第六MAC时,直接将该第二确认信息作为计算第六MAC的输入,也即可以不生成该第二确认信息,而是直接使用该第二确认信息。Wherein, the second confirmation information may be generated by the terminal, or when the terminal needs to generate the sixth MAC, the terminal directly uses the second confirmation information as an input for calculating the sixth MAC, that is, the second confirmation information may not be generated, but It is to directly use the second confirmation information.
需要说明的是,终端可以是在收到第五MAC后,触发该终端计算第六MAC,并使用第六MAC校验第五MAC。或者,终端也可以是在上述步骤301中确定要在第一请求中携带确认指示时,则终端可以在发送第一MAC之前,先计算得到第六MAC进行保存,待收到第五MAC后,使用第六MAC校验第五MAC。It should be noted that, after receiving the fifth MAC, the terminal may trigger the terminal to calculate the sixth MAC, and use the sixth MAC to check the fifth MAC. Alternatively, when the terminal determines in the above step 301 that the confirmation indication is to be carried in the first request, the terminal can calculate and save the sixth MAC before sending the first MAC, and after receiving the fifth MAC, The fifth MAC is verified using the sixth MAC.
作为一种实现方法,当第五MAC校验成功,则终端保存第二确认信息。当第五MAC校验失败,则终端丢弃第二确认信息和/或降低终端所在的PLMN的优先级。As an implementation method, when the fifth MAC verification succeeds, the terminal stores the second confirmation information. When the fifth MAC check fails, the terminal discards the second confirmation information and/or reduces the priority of the PLMN where the terminal is located.
根据上述方案,终端主动向网络侧上报终端支持的参数更新类型,使得网络侧可以根据终端上报的参数更新类型,向终端发送相应的参数,即向终端发送终端支持的参数更新类型对应的参数,避免网络侧向终端发送该终端不支持的参数更新类型对应的参数,从而可以减少资源浪费。并且,在终端向网络侧发送终端支持的参数更新类型过程中,还通过生成MAC对该参数更新类型进行安全保护,以保证网络侧可以成功收到该终端支持的参 数更新类型。According to the above solution, the terminal actively reports the parameter update type supported by the terminal to the network side, so that the network side can send corresponding parameters to the terminal according to the parameter update type reported by the terminal, that is, send to the terminal the parameter corresponding to the parameter update type supported by the terminal, The network side is prevented from sending parameters corresponding to parameter update types not supported by the terminal to the terminal, thereby reducing waste of resources. Moreover, when the terminal sends the parameter update type supported by the terminal to the network side, the parameter update type is also protected by generating a MAC to ensure that the network side can successfully receive the parameter update type supported by the terminal.
图4为本申请实施例提供的一种无线通信方法,该方法与上述图3的方法的区别是:FIG. 4 is a wireless communication method provided by the embodiment of the present application. The difference between this method and the above-mentioned method in FIG. 3 is:
在图3的方法中UDM根据第二参数更新类型,校验第二MAC是否与第三MAC匹配的方法是:UDM向AUSF发送第二参数更新类型和第二MAC,由AUSF根据第二参数更新类型和Kausf生成第三MAC,然后AUSF判断第三MAC与第二MAC是否相同,并生成MAC校验结果,MAC校验结果为第二MAC与第三MAC匹配或第二MAC与第三MAC不匹配,然后AUSF向UDM发送MAC校验结果。从而UDM根据MAC校验结果,获取第二MAC是否与第三MAC匹配。In the method in Fig. 3, UDM checks whether the second MAC matches the third MAC according to the second parameter update type: UDM sends the second parameter update type and the second MAC to AUSF, and AUSF updates according to the second parameter Type and Kausf generate the third MAC, and then AUSF judges whether the third MAC is the same as the second MAC, and generates a MAC verification result, and the MAC verification result is that the second MAC matches the third MAC or the second MAC does not match the third MAC. match, and then the AUSF sends the MAC check result to the UDM. Therefore, the UDM acquires whether the second MAC matches the third MAC according to the MAC verification result.
在图4的方法中UDM根据第二参数更新类型,校验第二MAC是否与第三MAC匹配的方法是:UDM向AUSF发送第二参数更新类型,由AUSF根据第二参数更新类型和Kausf生成第三MAC,AUSF向UDM发送第三MAC,然后UDM校验第二MAC是否与第三MAC匹配,也即判断第三MAC与第二MAC是否相同。当第三MAC与第二MAC相同,则第二MAC与第三MAC匹配,当第三MAC与第二MAC不同,则第二MAC与第三MAC不匹配。In the method in Fig. 4, UDM checks whether the second MAC matches the third MAC according to the second parameter update type: UDM sends the second parameter update type to AUSF, which is generated by AUSF according to the second parameter update type and Kausf The third MAC, the AUSF sends the third MAC to the UDM, and then the UDM checks whether the second MAC matches the third MAC, that is, determines whether the third MAC is the same as the second MAC. When the third MAC is the same as the second MAC, the second MAC matches the third MAC, and when the third MAC is different from the second MAC, the second MAC does not match the third MAC.
该图4的方法包括以下步骤:The method of Figure 4 includes the following steps:
步骤401至步骤402,同步骤301至步骤302,可参考前述描述。Step 401 to step 402, same as step 301 to step 302, can refer to the foregoing description.
步骤403,UDM向AUSF发送第三请求。相应地,AUSF收到该第三请求。In step 403, the UDM sends a third request to the AUSF. Correspondingly, the AUSF receives the third request.
该第三请求中包含SUPI和第二参数更新类型。The third request includes SUPI and the second parameter update type.
其中,当第二请求中包含第二计数值,则该第三请求中还包含该第二计数值。当第二请求中包含确认指示,则该第三请求中还包含该确认指示。Wherein, when the second request includes the second count value, the third request also includes the second count value. When the second request includes the confirmation indication, the third request also includes the confirmation indication.
该第二请求可以是UPU保护请求或UPU数据类型校验请求。The second request may be a UPU protection request or a UPU data type verification request.
其中,SUPI的作用可以参考步骤303中的描述。Wherein, the function of SUPI can refer to the description in step 303 .
步骤404,AUSF生成第三MAC。In step 404, the AUSF generates a third MAC.
其中,AUSF生成第三MAC的方法,可以参考步骤304中的描述。Wherein, for the method for the AUSF to generate the third MAC, reference may be made to the description in step 304 .
步骤405,AUSF向UDM发送第三响应。相应地,UDM收到该第三响应。In step 405, the AUSF sends a third response to the UDM. Correspondingly, the UDM receives the third response.
该第三响应是针对第三请求的响应。The third response is a response to the third request.
该第三响应中包含第三MAC。The third response includes the third MAC.
步骤406,同步骤307,可参考前述描述。Step 406 is the same as step 307, and reference may be made to the foregoing description.
步骤407,当MAC校验结果是第二MAC校验成功,UDM向AUSF发送指示信息,用于指示第二MAC与第三MAC匹配,或用于指示第二MAC校验成功。Step 407, when the result of the MAC verification is that the verification of the second MAC is successful, the UDM sends indication information to the AUSF, which is used to indicate that the second MAC matches the third MAC, or is used to indicate that the verification of the second MAC is successful.
步骤408,AUSF生成第四MAC。In step 408, the AUSF generates a fourth MAC.
当AUSF收到来自UDM的指示信息,且上述第三请求中包含确认指示,则AUSF执行该步骤408,当AUSF未收到来自UDM的指示信息,或上述第三请求中不包含确认指示,则AUSF不执行该步骤408。When the AUSF receives the indication information from the UDM, and the above-mentioned third request contains an acknowledgment indication, the AUSF executes step 408, and when the AUSF does not receive the indication information from the UDM, or the above-mentioned third request does not contain an acknowledgment indication, then AUSF does not perform this step 408 .
其中,AUSF生成第四MAC的方法可以参考步骤305中的描述。For the method for the AUSF to generate the fourth MAC, reference may be made to the description in step 305 .
步骤409,AUSF向UDM发送第四MAC。相应地,UDM收到该第四MAC。In step 409, the AUSF sends the fourth MAC to the UDM. Correspondingly, the UDM receives the fourth MAC.
该步骤可选。该执行步骤408,则执行该步骤409。This step is optional. If step 408 is executed, then step 409 is executed.
步骤410至步骤412,同步骤308至步骤310,可参考前述描述。Step 410 to step 412, same as step 308 to step 310, can refer to the foregoing description.
根据上述方案,终端主动向网络侧上报终端支持的参数更新类型,使得网络侧可以根 据终端上报的参数更新类型,向终端发送相应的参数,即向终端发送终端支持的参数更新类型对应的参数,避免网络侧向终端发送该终端不支持的参数更新类型对应的参数,从而可以减少资源浪费。并且,在终端向网络侧发送终端支持的参数更新类型过程中,还通过生成MAC对该参数更新类型进行安全保护,以保证网络侧可以成功收到该终端支持的参数更新类型。According to the above solution, the terminal actively reports the parameter update type supported by the terminal to the network side, so that the network side can send corresponding parameters to the terminal according to the parameter update type reported by the terminal, that is, send to the terminal the parameter corresponding to the parameter update type supported by the terminal, The network side is prevented from sending parameters corresponding to parameter update types not supported by the terminal to the terminal, thereby reducing waste of resources. Moreover, when the terminal sends the parameter update type supported by the terminal to the network side, the parameter update type is also protected by generating a MAC to ensure that the network side can successfully receive the parameter update type supported by the terminal.
图5为本申请实施例提供的一种无线通信方法,该方法与图3的方法的主要区别是:图3的方法中,终端可以通过校验收到的第五MAC,来判断UDM是否成功收到第一参数更新类型,也即UDM通过显式方式告知终端是否成功收到第一参数更新类型;图5的方法中,UDM在成功收到第一参数更新类型时,不会向终端发送第四MAC,而是终端通过判断在后续UE参数更新(UE parameter update,UPU)流程或漫游处理(Steering of roaming,SoR)流程中是否收到第一参数更新类型对应的参数,来判断UDM是否成功收到第一参数更新类型,也即UDM通过隐式方式告知终端是否成功收到第一参数更新类型。Figure 5 is a wireless communication method provided by the embodiment of the present application. The main difference between this method and the method in Figure 3 is that in the method in Figure 3, the terminal can judge whether the UDM is successfully received by checking the received fifth MAC. The first parameter update type, that is, the UDM explicitly informs the terminal whether the first parameter update type is successfully received; in the method in Figure 5, when the UDM successfully receives the first parameter update type, it will not send the second Four MAC, but the terminal judges whether the UDM is successful by judging whether the parameter corresponding to the first parameter update type is received in the subsequent UE parameter update (UE parameter update, UPU) process or roaming processing (Steering of roaming, SoR) process The first parameter update type is received, that is, the UDM implicitly informs the terminal whether the first parameter update type has been successfully received.
该方法包括以下步骤:The method includes the following steps:
步骤501至步骤506,同步骤301至步骤304、步骤306至步骤307,可参考前述描述。Step 501 to step 506, same as step 301 to step 304, step 306 to step 307, can refer to the foregoing description.
需要说明的是,在步骤501至步骤506的过程中,第一请求、第二请求以及第三请求中均没有携带确认指示,AUSF也没有计算第四MAC,第三响应中也没有包含第四MAC。也即在终端与UDM的交互过程中,不需要UDM向终端发送第四MAC。It should be noted that during the process from step 501 to step 506, none of the first request, second request, and third request carried an acknowledgment indication, AUSF did not calculate the fourth MAC, and the third response did not include the fourth MAC. MAC. That is, during the interaction process between the terminal and the UDM, the UDM does not need to send the fourth MAC to the terminal.
步骤507,AMF向终端发送第一响应。相应地,终端收到该第一响应。Step 507, the AMF sends a first response to the terminal. Correspondingly, the terminal receives the first response.
当第一请求是注册请求,则第一响应是注册接受。当第一请求是上行NAS传输消息,则第一响应是下行NAS传输(DL NAS transport)消息。When the first request is a registration request, the first response is a registration acceptance. When the first request is an uplink NAS transport message, the first response is a downlink NAS transport (DL NAS transport) message.
步骤508,UDM决定进行UPU或SoR。Step 508, UDM decides to perform UPU or SoR.
步骤509,UDM向AMF发送第一通知消息。相应地,AMF收到第一通知消息。In step 509, the UDM sends a first notification message to the AMF. Correspondingly, the AMF receives the first notification message.
该第一通知消息可以是Nudm_SDM_Notification消息。The first notification message may be a Nudm_SDM_Notification message.
其中,当UDM在上述步骤506中,保存了收到的第二参数更新类型,则可以在第一通知消息中包含第二参数更新类型对应的参数。由于该情形下,第二参数更新类型与第一参数更新类型相同,因此也可以理解为第一通知消息中包含第一参数更新类型对应的参数。Wherein, when the UDM saves the received second parameter update type in the above step 506, the first notification message may include parameters corresponding to the second parameter update type. Since in this case, the second parameter update type is the same as the first parameter update type, it can also be understood that the first notification message includes parameters corresponding to the first parameter update type.
步骤510,AMF向终端发送第二通知消息。相应地,终端收到第二通知消息。Step 510, the AMF sends a second notification message to the terminal. Correspondingly, the terminal receives the second notification message.
该第二通知消息可以是下行NAS传输(DL NAS transport)消息。The second notification message may be a downlink NAS transport (DL NAS transport) message.
当第一通知消息中包含第一参数更新类型对应的参数,则在该第二通知消息中携带该第一参数更新类型对应的参数。When the first notification message includes the parameter corresponding to the first parameter update type, the second notification message carries the parameter corresponding to the first parameter update type.
终端可以根据第二通知消息中是否包含第一参数更新类型对应的参数,来判断UDM是否收到第一参数更新类型。其中,当第二通知消息中包含第一参数更新类型对应的参数,则确定UDM成功收到了第一参数更新类型;当第二通知消息中没有包含第一参数更新类型对应的参数,则确定UDM没有成功收到第一参数更新类型。The terminal may determine whether the UDM has received the first parameter update type according to whether the second notification message includes a parameter corresponding to the first parameter update type. Wherein, when the second notification message contains the parameters corresponding to the first parameter update type, it is determined that the UDM has successfully received the first parameter update type; when the second notification message does not contain the parameters corresponding to the first parameter update type, then it is determined that the UDM The first parameter update type was not successfully received.
其中,当确定UDM没有成功收到第一参数更新类型,则终端可以降低终端所在的PLMN的优先级。Wherein, when it is determined that the UDM has not successfully received the first parameter update type, the terminal may lower the priority of the PLMN where the terminal is located.
根据上述方案,终端主动向网络侧上报终端支持的参数更新类型,使得网络侧可以根据终端上报的参数更新类型,向终端发送相应的参数,即向终端发送终端支持的参数更新类型对应的参数,避免网络侧向终端发送该终端不支持的参数更新类型对应的参数,从而 可以减少资源浪费。并且,在终端向网络侧发送终端支持的参数更新类型过程中,还通过生成MAC对该参数更新类型进行安全保护,以保证网络侧可以成功收到该终端支持的参数更新类型。并且,通过终端根据后续UPU或SoR流程进行隐式判断之前所发送的第一参数更新类型是否被安全地传送到了UDM,进而判断服务网络是否对第一参数更新类型进行了篡改或丢弃,从而可以省去额外的MAC计算以及传递,降低终端与网路的信令和计算开销。According to the above solution, the terminal actively reports the parameter update type supported by the terminal to the network side, so that the network side can send corresponding parameters to the terminal according to the parameter update type reported by the terminal, that is, send to the terminal the parameter corresponding to the parameter update type supported by the terminal, The network side is prevented from sending parameters corresponding to parameter update types not supported by the terminal to the terminal, thereby reducing waste of resources. Moreover, when the terminal sends the parameter update type supported by the terminal to the network side, the parameter update type is also protected by generating a MAC to ensure that the network side can successfully receive the parameter update type supported by the terminal. In addition, the terminal implicitly judges whether the previously sent first parameter update type has been safely transmitted to the UDM according to the subsequent UPU or SoR process, and then judges whether the service network has tampered with or discarded the first parameter update type, so that It saves extra MAC calculation and transmission, and reduces the signaling and calculation overhead of the terminal and the network.
图6为本申请实施例提供的一种无线通信方法,该方法与图4的方法的主要区别是:图4的方法中,终端可以通过校验收到的第五MAC,来判断UDM是否成功收到第一参数更新类型,也即UDM通过显式方式告知终端是否成功收到第一参数更新类型;图6的方法中,UDM在成功收到第一参数更新类型时,不会向终端发送第四MAC,而是终端通过判断在后续UPU流程或SoR流程中是否收到第一参数更新类型对应的参数,来判断UDM是否成功收到第一参数更新类型,也即UDM通过隐式方式告知终端是否成功收到第一参数更新类型。该方法包括以下步骤:Figure 6 is a wireless communication method provided by the embodiment of the present application. The main difference between this method and the method in Figure 4 is that in the method in Figure 4, the terminal can judge whether the UDM is successfully received by checking the received fifth MAC. The first parameter update type, that is, the UDM explicitly informs the terminal whether the first parameter update type is successfully received; in the method in Figure 6, when the UDM successfully receives the first parameter update type, it will not send the second Four MAC, but the terminal judges whether the UDM has successfully received the first parameter update type by judging whether the parameter corresponding to the first parameter update type is received in the subsequent UPU process or SoR process, that is, the UDM informs the terminal implicitly Whether the first parameter update type was successfully received. The method includes the following steps:
步骤601至步骤606,同步骤401至步骤406,可参考前述描述。Step 601 to step 606, same as step 401 to step 406, can refer to the foregoing description.
需要说明的是,在步骤601至步骤606的过程中,第一请求、第二请求以及第三请求中均没有携带确认指示。It should be noted that, during the process from step 601 to step 606, none of the first request, the second request, and the third request carries an acknowledgment indication.
步骤607至步骤610,同步骤507至步骤510,可参考前述描述。Step 607 to step 610, same as step 507 to step 510, can refer to the foregoing description.
根据上述方案,终端主动向网络侧上报终端支持的参数更新类型,使得网络侧可以根据终端上报的参数更新类型,向终端发送相应的参数,即向终端发送终端支持的参数更新类型对应的参数,避免网络侧向终端发送该终端不支持的参数更新类型对应的参数,从而可以减少资源浪费。并且,在终端向网络侧发送终端支持的参数更新类型过程中,还通过生成MAC对该参数更新类型进行安全保护,以保证网络侧可以成功收到该终端支持的参数更新类型。并且,通过终端根据后续UPU或SoR流程进行隐式判断之前所发送的第一参数更新类型是否被安全地传送到了UDM,进而判断服务网络是否对第一参数更新类型进行了篡改或丢弃,从而可以省去额外的MAC计算以及传递,降低终端与网路的信令和计算开销。According to the above solution, the terminal actively reports the parameter update type supported by the terminal to the network side, so that the network side can send corresponding parameters to the terminal according to the parameter update type reported by the terminal, that is, send to the terminal the parameter corresponding to the parameter update type supported by the terminal, The network side is prevented from sending parameters corresponding to parameter update types not supported by the terminal to the terminal, thereby reducing waste of resources. Moreover, when the terminal sends the parameter update type supported by the terminal to the network side, the parameter update type is also protected by generating a MAC to ensure that the network side can successfully receive the parameter update type supported by the terminal. In addition, the terminal implicitly judges whether the previously sent first parameter update type has been safely transmitted to the UDM according to the subsequent UPU or SoR process, and then judges whether the service network has tampered with or discarded the first parameter update type, so that It saves extra MAC calculation and transmission, and reduces the signaling and calculation overhead of the terminal and the network.
为解决网络侧无法判断是否需要将新的参数更新类型对应的参数更新到终端的问题,本申请实施还提供一种解决方案,参考图7,为本申请实施例提供的一种无线通信方法,该方法包括以下步骤:In order to solve the problem that the network side cannot judge whether it is necessary to update the parameters corresponding to the new parameter update type to the terminal, the implementation of this application also provides a solution. Referring to FIG. 7, it is a wireless communication method provided by the embodiment of this application. The method includes the following steps:
步骤701,终端向AMF发送注册请求。相应地,AMF收到该注册请求。Step 701, the terminal sends a registration request to the AMF. Correspondingly, the AMF receives the registration request.
该注册请求中包含签约隐藏标识(subscription concealed identifier,SUCI)。The registration request includes a subscription concealed identifier (SUCI).
其中,该SUCI的实现方法包括但不限于以下方法1和方法2:Among them, the implementation methods of SUCI include but are not limited to the following methods 1 and 2:
方法1,对SUPI以及终端支持的参数更新类型进行加密,得到该SUCI。Method 1: Encrypt the SUPI and the parameter update type supported by the terminal to obtain the SUCI.
比如,先将终端支持的参数更新类型和SUPI进行拼接得到拼接信息,然后对该拼接进行加密得到SUCI的输出部分(output)。其中,拼接信息可以表示为“SUPI||终端支持的参数更新类型”,或者表示为“终端支持的参数更新类型||SUPI”。其中“||”是拼接符号。For example, the parameter update type supported by the terminal and SUPI are spliced first to obtain spliced information, and then the concatenated information is encrypted to obtain an output part (output) of SUCI. Wherein, the splicing information may be expressed as "SUPI||parameter update type supported by the terminal", or as "parameter update type supported by the terminal||SUPI". Where "||" is a splicing symbol.
方法2,对终端支持的参数更新类型、MAC以及SUPI密文进行拼接,得到该SUCI。Method 2, splicing the parameter update type, MAC and SUPI ciphertext supported by the terminal to obtain the SUCI.
其中,MAC是使用UDM公钥以及终端支持的参数更新类型进行计算得到的。该MAC 用于防止终端支持的参数更新类型在传输过程中被篡改。比如,SUCI中可以包含以下信息中的任一个:Wherein, the MAC is calculated by using the UDM public key and the parameter update type supported by the terminal. This MAC is used to prevent the parameter update type supported by the terminal from being tampered with during transmission. For example, SUCI can contain any of the following information:
1)“终端支持的参数更新类型||SUPI密文||MAC”;1) "Parameter update type supported by the terminal||SUPI ciphertext||MAC";
2)“终端支持的参数更新类型||MAC||SUPI密文”;2) "Parameter update type supported by the terminal||MAC||SUPI ciphertext";
3)“SUPI密文||MAC||终端支持的参数更新类型”;3) "SUPI ciphertext||MAC||terminal support parameter update type";
4)“SUPI密文||终端支持的参数更新类型||MAC”;4) "SUPI ciphertext||parameter update type supported by the terminal||MAC";
5)“MAC||终端支持的参数更新类型||SUPI密文”;5) "MAC||terminal supported parameter update type||SUPI ciphertext";
6)“MAC||SUPI密文||终端支持的参数更新类型”。6) "MAC||SUPI ciphertext||parameter update type supported by the terminal".
作为一种实现方法,当满足上述步骤301中描述的条件1至条件5中的一个或多个时,则在该注册请求中携带该SUCI。As an implementation method, when one or more of the conditions 1 to 5 described in the above step 301 is satisfied, the SUCI is carried in the registration request.
需要说明的是,如果该方案应用于初始注册场景,该注册请求可以携带于安全模式完成消息中,该安全模式完成消息可以对该注册请求进行安全保护。It should be noted that, if this solution is applied to the initial registration scenario, the registration request can be carried in a security mode completion message, and the security mode completion message can provide security protection for the registration request.
步骤702,AMF向AUSF发送认证请求。相应地,AUSF收到该认证请求。In step 702, the AMF sends an authentication request to the AUSF. Correspondingly, the AUSF receives the authentication request.
该认证请求中包含SUCI。该认证请求用于对SUCI指示的终端进行认证。SUCI is included in the authentication request. The authentication request is used to authenticate the terminal indicated by the SUCI.
步骤703,AUSF向UDM发送认证请求。相应地,UDM收到该认证请求。In step 703, the AUSF sends an authentication request to the UDM. Correspondingly, UDM receives the authentication request.
该认证请求中包含SUCI。所述认证请求用于请求获取所述SUCI指示的终端的认证参数。SUCI is included in the authentication request. The authentication request is used to request to acquire authentication parameters of the terminal indicated by the SUCI.
步骤704,UDM从SUCI中解密得到终端支持的参数更新类型。In step 704, the UDM decrypts the SUCI to obtain the parameter update type supported by the terminal.
其中,如果是按照方法1生成SUCI,则UDM解密SUCI,可以得到终端支持的参数更新类型。Wherein, if the SUCI is generated according to method 1, the UDM decrypts the SUCI to obtain the parameter update type supported by the terminal.
如果是按照方法2生成SUCI,则UDM可以从SUCI中获取终端支持的参数更新类型的明文信息,然后根据终端支持的参数更新类型对MAC进行校验,如果校验成功,则表明终端支持的参数更新类型在传输过程中没有被篡改,因此UDM可以成功获取终端发送的终端支持的参数更新类型。If the SUCI is generated according to method 2, the UDM can obtain the plaintext information of the parameter update type supported by the terminal from the SUCI, and then verify the MAC according to the parameter update type supported by the terminal. If the verification is successful, it indicates the parameters supported by the terminal The update type has not been tampered with during transmission, so the UDM can successfully obtain the parameter update type supported by the terminal sent by the terminal.
步骤705,UDM保存收到的终端支持的参数更新类型。In step 705, the UDM saves the received parameter update type supported by the terminal.
根据上述方案,通过在发送的SUCI中保护终端支持的参数更新类型,可以复用现有的IE和流程也能将终端支持的参数更新类型安全的送到UDM,避免了对现有系统流程的改造,降低了终端和网络的信令开销。According to the above solution, by protecting the parameter update type supported by the terminal in the sent SUCI, the existing IE and process can be reused and the parameter update type supported by the terminal can be safely sent to UDM, avoiding the impact on the existing system process The transformation reduces the signaling overhead of the terminal and the network.
为解决网络侧无法判断是否需要将新的参数更新类型对应的参数更新到终端的问题,本申请实施还提供一种解决方案,参考图8,为本申请实施例提供的一种无线通信方法,该方法应用于SOR流程中。该方法是在SOR流程中,通知终端上报终端支持的参数更新类型。In order to solve the problem that the network side cannot judge whether it is necessary to update the parameters corresponding to the new parameter update type to the terminal, the implementation of this application also provides a solution. Referring to FIG. 8, it is a wireless communication method provided by the embodiment of this application. This method is applied in the SOR process. The method is to notify the terminal to report the parameter update type supported by the terminal in the SOR process.
该方法包括以下步骤:The method includes the following steps:
步骤801,UDM向AUSF发送第一请求,相应地,AUSF接收该第一请求。In step 801, the UDM sends a first request to the AUSF, and the AUSF receives the first request accordingly.
可选地,第一请求可以是Nausf_SoRProtection消息。Optionally, the first request may be a Nausf_SoRProtection message.
其中,该UDM支持新的参数更新类型,且该UDM需要获取终端支持的新的参数更新类型。如果UDM没有SoR参数需要发送到终端,UDM也可以因为需要获取终端支持的参数更新类型而发起一个负载(payload)为空的SoR流程。如果UDM需要进行SoR参数的更新,则可选地,该负载部分携带相应的漫游参数。Wherein, the UDM supports a new parameter update type, and the UDM needs to obtain the new parameter update type supported by the terminal. If the UDM has no SoR parameters to be sent to the terminal, the UDM can also initiate a SoR process with an empty payload because it needs to obtain the parameter update type supported by the terminal. If the UDM needs to update SoR parameters, optionally, the payload part carries corresponding roaming parameters.
这里的新的参数更新类型,指的是除SoR参数更新之外的其它参数更新类型。比如,UDM支持的新的参数更新类型是SoR-CMCI。其中,CMCI的全称是连接态控制信息(connected mode control information)。还比如,UDM支持除路由指示更新数据和默认配置网络切片选择辅助信息更新数据之外的其他参数更新类型。The new parameter update type here refers to other parameter update types except SoR parameter update. For example, the new parameter update type supported by UDM is SoR-CMCI. Among them, the full name of CMCI is connected mode control information (connected mode control information). For another example, the UDM supports other parameter update types besides the routing indication update data and the default configuration network slice selection auxiliary information update data.
这里的SoR参数更新,指的是UDM向终端发送更新的SoR参数,该SoR参数可以是接入技术/PLMN ID的列表。例如,该列表包含:4G/PLMN ID 1,4G/PLMN ID 2,5G/PLMN ID 1,5G/PLMN ID 2。The SoR parameter update here refers to that the UDM sends the updated SoR parameter to the terminal, and the SoR parameter may be a list of access technologies/PLMN IDs. For example, the list contains: 4G/PLMN ID 1, 4G/PLMN ID 2, 5G/PLMN ID 1, 5G/PLMN ID 2.
该第一请求中包含SUPI,该SUPI用于标识一个终端。AUSF可以根据该SUPI,获取与该SUPI对应的Kausf。The first request includes SUPI, and the SUPI is used to identify a terminal. The AUSF can obtain the Kausf corresponding to the SUPI according to the SUPI.
可选的,该第一请求中还包含UDM支持的新的参数更新类型。Optionally, the first request also includes a new parameter update type supported by UDM.
步骤802,AUSF获取第一信息。In step 802, the AUSF acquires first information.
该第一信息可以是SoRheader。The first information may be SoRheader.
该第一信息中包含第一指示,该第一指示用于指示终端需要使用新增参数计算终端侧返回的MAC,或者指示UDM支持新的参数更新类型,或者指示终端发送支持的参数更新类型。新增参数指除ACK之外的参数,如终端返回的SoR header和/或新的参数更新类型。The first information includes a first indication, and the first indication is used to indicate that the terminal needs to use newly added parameters to calculate the MAC returned by the terminal side, or indicate that UDM supports a new parameter update type, or indicate that the terminal sends a supported parameter update type. New parameters refer to parameters other than ACK, such as the SoR header returned by the terminal and/or new parameter update types.
作为一种实现方法,该第一信息是UDM生成后发送给AUSF的。As an implementation method, the first information is sent to the AUSF after the UDM is generated.
作为另一种实现方法,该第一信息是AUSF生成。比如,上述第一请求中包含UDM支持的新的参数更新类型,则AUSF根据UDM支持的新的参数更新类型,生成第一指示,然后根据第一指示,生成第一信息。As another implementation method, the first information is generated by the AUSF. For example, if the first request includes a new parameter update type supported by UDM, the AUSF generates a first indication according to the new parameter update type supported by UDM, and then generates first information according to the first indication.
步骤803,AUSF根据Kausf,第一信息以及第一计数值,生成第一MAC。Step 803, AUSF generates a first MAC according to Kausf, first information and a first count value.
其中,该Kausf是与SUPI对应。该Kausf与终端中使用的Kausf相同。Among them, the Kausf corresponds to SUPI. This Kausf is the same Kausf used in the terminal.
步骤804,AUSF向UDM发送第一响应,相应地,UDM接收第一响应。In step 804, the AUSF sends a first response to the UDM, and the UDM receives the first response accordingly.
可选地,第一响应可以是Nausf_SoRProtection Response消息。Optionally, the first response may be a Nausf_SoRProtection Response message.
该第一响应中包含第一MAC、第一信息和第一计数值。The first response includes a first MAC, first information, and a first count value.
步骤805,UDM向AMF发送第一消息,相应地,AMF接收第一消息。In step 805, the UDM sends the first message to the AMF, and the AMF receives the first message accordingly.
可选地,第一消息可以是Nudm_SDM_Notification消息。Optionally, the first message may be a Nudm_SDM_Notification message.
该第一消息可以是签约数据管理获取响应或签约数据管理通知。The first message may be a subscription data management acquisition response or a subscription data management notification.
该第一消息中包含第一MAC、第一信息和第一计数值。The first message includes a first MAC, first information and a first count value.
步骤806,AMF向终端发送第二消息,相应地,终端接收第二消息。Step 806, the AMF sends the second message to the terminal, and the terminal receives the second message accordingly.
该第二消息可以是注册接受消息或下行NAS传输消息。The second message may be a registration accept message or a downlink NAS transmission message.
该第二消息中包含第一MAC、第一信息和第一计数值。The second message includes the first MAC, the first information and the first count value.
其中,UDM发送的是第一MAC、第一信息和第一计数值,而终端收到的是第二MAC、第二信息和第二计数值。在正常情况下,终端收到的第二MAC与UDM发送的第一MAC相同,终端收到的第二信息与UDM发送的第一信息相同,终端收到的第二计数值与UDM发送的第一计数值相同。但当网络不够安全时,则UDM发送的上述信息可能会被篡改,导致终端收到的第二MAC与UDM发送的第一MAC可能不同,终端收到的第二信息与UDM发送的第一信息可能不同,终端收到的第二计数值与UDM发送的第一计数值可能不同。Wherein, what the UDM sends is the first MAC, the first information and the first count value, and what the terminal receives is the second MAC, the second information and the second count value. Under normal circumstances, the second MAC received by the terminal is the same as the first MAC sent by UDM, the second information received by the terminal is the same as the first message sent by UDM, and the second count value received by the terminal is the same as the first MAC sent by UDM. A count of the same value. However, when the network is not secure enough, the above information sent by UDM may be tampered with, causing the second MAC received by the terminal to be different from the first MAC sent by UDM, and the second message received by the terminal is different from the first message sent by UDM. It may be different, and the second count value received by the terminal may be different from the first count value sent by the UDM.
步骤807,终端根据第二计数值、第二信息和Kausf,校验第二MAC。Step 807, the terminal checks the second MAC according to the second count value, the second information and Kausf.
其中,终端根据第二计数值、第二信息和Kausf,生成第三MAC。当第三MAC与第 二MAC相同,表明第一信息在传输过程中没有被篡改,则校验第二MAC成功,也即确定终端收到的第二MAC与AMF发送的第一MAC相同,终端收到的第二信息与AMF发送的第一信息相同,终端收到的第二计数值与AMF发送的第一计数值相同。当第三MAC与第二MAC不同,表明第一信息在传输过程中可能被篡改,即第二信息可能与第一信息不同,则校验第二MAC失败。Wherein, the terminal generates the third MAC according to the second count value, the second information and Kausf. When the third MAC is the same as the second MAC, indicating that the first information has not been tampered with during transmission, the second MAC is verified successfully, that is, it is determined that the second MAC received by the terminal is the same as the first MAC sent by the AMF, and the terminal The received second information is the same as the first information sent by the AMF, and the second count value received by the terminal is the same as the first count value sent by the AMF. When the third MAC is different from the second MAC, it indicates that the first information may be tampered with during transmission, that is, the second information may be different from the first information, and the verification of the second MAC fails.
步骤808,在第二MAC校验成功的情况下,当该终端支持新的参数更新类型,则根据第一指示,触发根据Kausf,第一参数更新类型和第三计数值,生成第四MAC。Step 808, if the second MAC verification is successful, when the terminal supports a new parameter update type, trigger generation of a fourth MAC according to Kausf, the first parameter update type and the third count value according to the first indication.
所述第一参数更新类型,比如可以是支持的终端参数更新数据集类型列表(supported UE parameters update data set types list),或者是除路由指示更新数据和默认配置网络切片选择辅助信息更新数据之外支持的终端参数更新数据集类型列表。The first parameter update type, for example, may be a supported UE parameters update data set types list (supported UE parameters update data set types list), or other than routing indication update data and default configuration network slice selection auxiliary information update data Updated list of supported terminal parameters for dataset types.
具体的,根据第二信息中的第一指示,触发终端以Kausf为密钥,以第一参数更新类型以及第三计数值作为输入,生成第四MAC。可选的,生成第四MAC时还以第三信息作为输入,该第三信息可以是终端生成的SoR header。其中,该第三计数值与前述第二计数值不同。Specifically, according to the first indication in the second information, the trigger terminal uses Kausf as a key, takes the first parameter update type and the third count value as inputs, and generates a fourth MAC. Optionally, when generating the fourth MAC, the third information is also used as input, and the third information may be the SoR header generated by the terminal. Wherein, the third count value is different from the aforementioned second count value.
其中,第一参数更新类型指的是终端支持的参数更新类型。Wherein, the first parameter update type refers to a parameter update type supported by the terminal.
其中,可选的,该第三信息中包含第二指示,该第二指示用于指示需要使用新增参数计算AUSF侧的MAC,或者指示终端支持新的参数更新类型,或者指示终端发送了新的参数更新类型。Wherein, optionally, the third information includes a second indication, and the second indication is used to indicate that new parameters need to be used to calculate the MAC on the AUSF side, or indicate that the terminal supports a new parameter update type, or indicate that the terminal sends a new The parameter update type for .
步骤809,终端向AMF发送第三消息,相应的,AMF接收第三消息。Step 809, the terminal sends the third message to the AMF, and the AMF receives the third message accordingly.
该第三消息可以是注册完成消息或/上行NAS传输消息。The third message may be a registration completion message or an uplink NAS transmission message.
该第三消息中包含第一参数更新类型,第四MAC,第三信息和第三计数值。The third message includes the first parameter update type, the fourth MAC, the third information and the third count value.
步骤810,AMF向UDM发送第四消息,相应的,UDM接收第四消息。In step 810, the AMF sends a fourth message to the UDM, and the UDM receives the fourth message accordingly.
该第四消息中包含第二参数更新类型,第五MAC,第四信息和第四计数值。The fourth message includes a second parameter update type, a fifth MAC, fourth information and a fourth count value.
该第四消息可以是Nudm_SDM_Info消息。The fourth message may be a Nudm_SDM_Info message.
其中,终端发送的是第一参数更新类型、第四MAC、第三信息和第三计数值,而UDM收到的是第二参数更新类型、第五MAC、第四信息和第四计数值。在正常情况下,UDM收到的第二参数更新类型与终端发送的第一参数更新类型相同,UDM收到的第五MAC与终端发送的第四MAC相同,UDM收到的第四信息与终端发送的第三信息相同,UDM收到的第四计数值与终端发送的第三计数值相同。但当网络不够安全时,则终端发送的上述信息可能会被篡改,导致UDM收到的第二参数更新类型与终端发送的第一参数更新类型可能不同,UDM收到的第五MAC与终端发送的第四MAC可能不同,UDM收到的第四信息与终端发送的第三信息可能不同,UDM收到的第四计数值与终端发送的第三计数值可能不同。Wherein, the terminal sends the first parameter update type, the fourth MAC, the third information and the third count value, while the UDM receives the second parameter update type, the fifth MAC, the fourth information and the fourth count value. Under normal circumstances, the second parameter update type received by UDM is the same as the first parameter update type sent by the terminal, the fifth MAC received by UDM is the same as the fourth MAC sent by the terminal, and the fourth message received by UDM is the same as the terminal The third information sent is the same, and the fourth count value received by the UDM is the same as the third count value sent by the terminal. However, when the network is not secure enough, the above information sent by the terminal may be tampered with, causing the second parameter update type received by UDM to be different from the first parameter update type sent by the terminal, and the fifth MAC received by UDM is the same as that sent by the terminal. The fourth MAC may be different, the fourth information received by the UDM may be different from the third information sent by the terminal, and the fourth count value received by the UDM may be different from the third count value sent by the terminal.
步骤811,UDM向AUSF发送第五消息,相应地,AUSF收到第五消息。作为一种实现方式,UDM根据第四信息中的第二指示或根据第四消息中携带新的参数更新类型向AUSF发送第五消息,其中携带第二参数更新类型、第五MAC和第四计数值。可选的,第五消息中还携带第四信息。In step 811, the UDM sends a fifth message to the AUSF, and the AUSF receives the fifth message accordingly. As an implementation, the UDM sends the fifth message to the AUSF according to the second indication in the fourth message or according to the new parameter update type carried in the fourth message, which carries the second parameter update type, the fifth MAC and the fourth count value. Optionally, the fifth message also carries fourth information.
如果UDM在步骤804中获取了终端侧响应的MAC,则可选地,UDM可以根据第二指示或根据第四消息中携带新的参数更新类型,忽略或删除该MAC。If the UDM acquires the MAC of the response from the terminal side in step 804, optionally, the UDM may ignore or delete the MAC according to the second indication or according to the new parameter update type carried in the fourth message.
步骤812,AUSF根据第二参数更新类型、第四计数值和Kausf,校验第五MAC。Step 812, AUSF checks the fifth MAC according to the second parameter update type, the fourth count value and Kausf.
其中,AUSF根据第二参数更新类型、第四计数值和Kausf,生成第六MAC。当第六MAC与第五MAC相同,则校验第五MAC成功,也即确定UDM收到的第五MAC与终端发送的第四MAC相同,UDM收到的第二参数更新类型与终端发送的第一参数更新类型相同,AMF收到的第四计数值与终端发送的第三计数值相同。当第六MAC与第五MAC不同,表明第一参数更新类型在传输过程中可能被篡改,即第二参数更新类型可能与第一参数更新类型不同,则校验第五MAC失败。Wherein, the AUSF generates the sixth MAC according to the update type of the second parameter, the fourth count value and Kausf. When the sixth MAC is the same as the fifth MAC, the verification of the fifth MAC is successful, that is, it is determined that the fifth MAC received by the UDM is the same as the fourth MAC sent by the terminal, and the second parameter update type received by the UDM is the same as that sent by the terminal. The first parameter update type is the same, and the fourth count value received by the AMF is the same as the third count value sent by the terminal. When the sixth MAC is different from the fifth MAC, it indicates that the first parameter update type may be tampered with during transmission, that is, the second parameter update type may be different from the first parameter update type, and the verification of the fifth MAC fails.
可选的,当第五消息中包含第四信息,则该步骤中AUSF根据第二参数更新类型、第四计数值、第四信息和Kausf,校验第五MAC。Optionally, when the fifth message includes the fourth information, in this step, the AUSF checks the fifth MAC according to the second parameter update type, the fourth count value, the fourth information and Kausf.
这里的校验第五MAC,也可以描述为:校验第二参数更新类型,或者描述为:校验第二参数更新类型与第五MAC是否匹配。Checking the fifth MAC here may also be described as: checking the second parameter update type, or as: checking whether the second parameter update type matches the fifth MAC.
步骤813,AUSF向UDM发送MAC校验结果。相应地,UDM接收MAC校验结果。In step 813, the AUSF sends the MAC check result to the UDM. Correspondingly, the UDM receives the MAC check result.
该MAC校验结果是第五MAC校验成功或第五MAC校验失败。The result of the MAC check is that the fifth MAC check succeeds or the fifth MAC check fails.
这里的MAC校验结果,也可以描述为:校验第二参数更新类型的结果,或者描述为:校验第二参数更新类型与第五MAC是否匹配的结果。The MAC verification result here may also be described as: the result of verifying the second parameter update type, or as: the result of verifying whether the second parameter update type matches the fifth MAC.
步骤814,当MAC校验结果是第五MAC校验成功,则UDM保存收到的第二参数更新类型;当MAC校验结果是第五MAC校验失败,则UDM丢弃收到的第二参数更新类型和/或降低终端所在的PLMN的优先级。Step 814, when the MAC verification result is that the fifth MAC verification is successful, the UDM saves the received second parameter update type; when the MAC verification result is that the fifth MAC verification fails, the UDM discards the received second parameter Update the type and/or reduce the priority of the PLMN where the terminal is located.
作为另一种可替代的实现方法,上述步骤811的第五消息中不携带第五MAC,将上述步骤812修改为:AUSF根据第二参数更新类型、第四计数值和Kasuf,生成第六MAC,上述步骤813修改为:AUSF向UDM发送第六MAC,以及在步骤813和步骤814之间增加一个步骤:UDM根据第六MAC,校验第五MAC。其中,当第六MAC与第五MAC相同,则MAC校验结果是第五MAC校验成功;当第六MAC与第五MAC不同,则MAC校验结果是第五MAC校验失败。As another alternative implementation method, the fifth MAC in the above step 811 does not carry the fifth MAC, and the above step 812 is modified to: AUSF generates the sixth MAC according to the second parameter update type, the fourth count value and Kasuf , the above step 813 is modified to: AUSF sends the sixth MAC to UDM, and a step is added between step 813 and step 814: UDM checks the fifth MAC according to the sixth MAC. Wherein, when the sixth MAC is the same as the fifth MAC, the result of the MAC verification is that the verification of the fifth MAC is successful; when the sixth MAC is different from the fifth MAC, the result of the MAC verification is that the verification of the fifth MAC fails.
根据上述方案,在SoR流程中携带终端支持的参数更新类型,从而能最大程度复用现有流程,减少终端和网络侧信令开销,也达到了向网络传递终端支持的参数更新类型的目的。According to the above solution, the parameter update type supported by the terminal is carried in the SoR process, so that the existing process can be reused to the greatest extent, the signaling overhead of the terminal and the network side is reduced, and the purpose of transmitting the parameter update type supported by the terminal to the network is also achieved.
需要说明的是,作为另一种实现方法,上述步骤808中,终端生成第四MAC时使用的第三计数器值与在步骤807中收到的第二计数值相同。则相应地,在步骤812中,校验第五MAC时使用的第四计数值与第一计数值相同。在正常情况下,第一计数值、第二计数值、第二计数值以及第四计数值均是同一个计数值。在该方法中,可选的,AUSF在执行步骤803后,保存使用的第一计数值。可选的,UDM在步骤804后,保存收到的第一计数值。可选的,UDM在收到第四计数值时,可以判断第四计数值与第一计数值是否相同。如果相同,表明收到的第四计数值是新鲜的,则执行步骤811以及后续步骤。如果不同,则丢弃第四消息,并停止执行后续步骤。可选的,AUSF在执行步骤812之前,还可以判断第四计数值与第一计数值是否相同。如果相同,表明收到的第四计数值是新鲜的,则执行步骤812以及后续步骤。如果不同,则丢弃第五消息并停止执行后续步骤。当然,作为另一种实现方法,如果上述步骤808中终端生成第四MAC时使用的第三计数器值与在步骤807中收到的第二计数值相同,则在上述第三消息中不携带第三计数值,相应地,第四消息中也不携带第四计数值,从而在步骤812时校验第五MAC时使用的计数值就是 第一计数值。作为另一种实现方法,如果UDM在步骤804后保存了第一计数值,则UDM执行完上述校验动作后,即使没有在第四消息收到第四计数值,也可以将保存的第一计数值携带在第五消息中,从而在步骤812中校验第五MAC时使用的计数值就是第一计数值。作为另一种实现方法,如果第五消息中也不携带第四计数值,AUSF可以直接使用保存的第一计数值,从而在步骤812中校验第五MAC时使用的计数值就是第一计数值。It should be noted that, as another implementation method, in the above step 808, the third counter value used by the terminal when generating the fourth MAC is the same as the second counter value received in step 807. Correspondingly, in step 812, the fourth count value used when checking the fifth MAC is the same as the first count value. Under normal circumstances, the first count value, the second count value, the second count value and the fourth count value are all the same count value. In this method, optionally, after performing step 803, the AUSF saves the used first count value. Optionally, after step 804, the UDM saves the received first count value. Optionally, when the UDM receives the fourth count value, it may determine whether the fourth count value is the same as the first count value. If they are the same, it indicates that the received fourth count value is fresh, then perform step 811 and subsequent steps. If not, the fourth message is discarded, and subsequent steps are stopped. Optionally, before performing step 812, the AUSF may further determine whether the fourth count value is the same as the first count value. If they are the same, it indicates that the received fourth count value is fresh, then perform step 812 and subsequent steps. If not, the fifth message is discarded and subsequent steps are stopped. Of course, as another implementation method, if the third counter value used when the terminal generates the fourth MAC in step 808 is the same as the second counter value received in step 807, then the third message does not carry the first The third count value, correspondingly, the fourth message does not carry the fourth count value, so the count value used when checking the fifth MAC in step 812 is the first count value. As another implementation method, if the UDM saves the first count value after step 804, after the UDM performs the above verification action, even if it does not receive the fourth count value in the fourth message, the saved first count value can also be saved. The count value is carried in the fifth message, so the count value used when checking the fifth MAC in step 812 is the first count value. As another implementation method, if the fifth message does not carry the fourth count value, AUSF can directly use the stored first count value, so that the count value used when checking the fifth MAC in step 812 is the first count value value.
上述图8的方法实施例中,是在SoR流程中,通知终端上报终端支持的参数更新类型。作为另一种实现方法,也可以在UPU流程中,通知终端上报至终端支持的参数更新类型。该情形下,则具体实现过程与上述图8的方法实施例类似,主要区别在于:In the above-mentioned embodiment of the method in FIG. 8 , in the SoR process, the terminal is notified to report the parameter update type supported by the terminal. As another implementation method, in the UPU process, the terminal may also be notified of the type of parameter update supported by the terminal. In this case, the specific implementation process is similar to the above-mentioned method embodiment in FIG. 8, the main difference is:
1)上述第一请求可以是Nausf_UPUProtection消息,UDM支持新的参数更新类型指的是除路由指示更新数据和默认配置NSSAI更新数据之外的其它参数更新类型。1) The above-mentioned first request may be a Nausf_UPUProtection message, and the new parameter update type supported by UDM refers to other parameter update types except routing indication update data and default configuration NSSAI update data.
2)上述第一信息可以是UPF header。2) The above first information may be UPF header.
3)上述第一响应可以是Nausf_UPUProtection Response消息。3) The above-mentioned first response may be a Nausf_UPUProtection Response message.
3)上述的第三信息可以是UPU header。3) The above third information may be UPU header.
可以理解的是,为了实现上述实施例中功能,AUSF、UDM、AMF和终端包括了执行各个功能相应的硬件结构和/或软件模块。本领域技术人员应该很容易意识到,结合本申请中所公开的实施例描述的各示例的单元及方法步骤,本申请能够以硬件或硬件和计算机软件相结合的形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用场景和设计约束条件。It can be understood that, in order to realize the functions in the foregoing embodiments, the AUSF, UDM, AMF and the terminal include corresponding hardware structures and/or software modules for performing respective functions. Those skilled in the art should easily realize that the present application can be implemented in the form of hardware or a combination of hardware and computer software with reference to the units and method steps of the examples described in the embodiments disclosed in the present application. Whether a certain function is executed by hardware or computer software drives the hardware depends on the specific application scenario and design constraints of the technical solution.
图9和图10为本申请的实施例提供的可能的通信装置的结构示意图。这些通信装置可以用于实现上述方法实施例中终端、AMF、UDM或AUSF的功能,因此也能实现上述方法实施例所具备的有益效果。在本申请的实施例中,该通信装置可以是终端、AMF、UDM或AUSF,还可以是应用于终端、AMF、UDM或AUSF的模块(如芯片)。FIG. 9 and FIG. 10 are schematic structural diagrams of possible communication devices provided by the embodiments of the present application. These communication devices can be used to implement the functions of the terminal, AMF, UDM or AUSF in the above method embodiments, and therefore can also realize the beneficial effects of the above method embodiments. In the embodiment of the present application, the communication device may be a terminal, AMF, UDM or AUSF, and may also be a module (such as a chip) applied to the terminal, AMF, UDM or AUSF.
如图9所示,通信装置900包括处理单元910和收发单元920。通信装置900用于实现上述图3至图6中所示的方法实施例中终端、AMF、UDM或AUSF的功能。As shown in FIG. 9 , a communication device 900 includes a processing unit 910 and a transceiver unit 920 . The communication device 900 is configured to realize the functions of the terminal, AMF, UDM or AUSF in the method embodiments shown in FIGS. 3 to 6 above.
当通信装置900用于实现图3至图6中所示的方法实施例中的终端的功能时:处理单元910,用于根据第一参数更新类型和Kausf,生成第一消息认证码MAC,所述第一参数更新类型是所述终端支持的参数更新类型,所述Kausf是所述终端与鉴权网元之间的密钥;收发单元920,用于向移动性管理网元发送所述第一参数更新类型和所述第一MAC。When the communication device 900 is used to implement the terminal functions in the method embodiments shown in FIGS. 3 to 6: the processing unit 910 is configured to generate a first message authentication code MAC according to the first parameter update type and Kausf, so The first parameter update type is a parameter update type supported by the terminal, and the Kausf is a key between the terminal and an authentication network element; the transceiver unit 920 is configured to send the first parameter update to a mobility management network element A parameter update type and the first MAC.
在一种可能的实现方法中,收发单元920,还用于接收来自所述移动性管理网元的第五MAC所述第五MAC是根据第一确认信息和所述Kausf生成的,所述第一确认信息用于指示数据管理网元成功收到了所述第一参数更新类型;处理单元910,还用于根据第二确认信息和所述Kausf,对所述第五MAC进行校验。In a possible implementation method, the transceiver unit 920 is further configured to receive a fifth MAC from the mobility management network element. The fifth MAC is generated according to the first confirmation information and the Kausf, and the fifth MAC is generated according to the first confirmation information and the Kausf. The confirmation information is used to indicate that the data management network element has successfully received the first parameter update type; the processing unit 910 is further configured to verify the fifth MAC according to the second confirmation information and the Kausf.
在一种可能的实现方法中,处理单元910,还用于当所述第五MAC校验成功,保存所述确认信息;或者,当所述第五MAC校验失败,丢弃所述第二确认信息和/或降低所述终端所在的公共陆地移动网络PLMN的优先级。In a possible implementation method, the processing unit 910 is further configured to save the acknowledgment information when the fifth MAC verification succeeds; or, discard the second acknowledgment when the fifth MAC verification fails information and/or reduce the priority of the public land mobile network PLMN where the terminal is located.
在一种可能的实现方法中,收发单元920,还用于在向移动性管理网元发送所述第一参数更新类型和所述第一MAC之后,接收来自所述移动性管理网元的下行非接入层传输消息;处理单元910,还用于当所述下行非接入层传输消息中包含所述第一参数更新类型 对应的参数,确定所述数据管理网元成功收到所述第一参数更新类型;或者,当所述下行非接入层传输消息中不包含所述第一参数更新类型对应的参数,降低所述终端所在的PLMN的优先级。In a possible implementation method, the transceiver unit 920 is further configured to receive a downlink message from the mobility management network element after sending the first parameter update type and the first MAC to the mobility management network element A non-access stratum transmission message; the processing unit 910 is further configured to determine that the data management network element has successfully received the first parameter update type when the downlink non-access stratum transmission message contains a parameter corresponding to the first parameter update type A parameter update type; or, when the downlink non-access stratum transmission message does not include the parameter corresponding to the first parameter update type, lower the priority of the PLMN where the terminal is located.
在一种可能的实现方法中,处理单元910,还用于在根据第一参数更新类型和Kausf,生成第一MAC之前,还包括以下一项或多项:In a possible implementation method, the processing unit 910 is further configured to include one or more of the following before generating the first MAC according to the first parameter update type and Kausf:
确定在所述终端中插入了新的全球用户身份模块USIM;determining that a new Universal Subscriber Identity Module USIM is inserted in said terminal;
确定所述第一参数更新类型中包含除路由指示更新数据和默认配置NSSAI更新数据之外的其它参数更新类型;Determining that the first parameter update type includes other parameter update types except routing indication update data and default configuration NSSAI update data;
确定所述终端开机;determining that the terminal is turned on;
确定未发送过所述第一参数更新类型;determining that the first parameter update type has not been sent;
确定未收到过针对所述第一参数更新类型的响应。It is determined that no response to the first parameter update type has been received.
在一种可能的实现方法中,收发单元920,具体用于向所述移动性管理网元发送注册请求消息,所述注册请求消息中包含所述第一参数更新类型和所述第一MAC;或者,向所述移动性管理网元发送上行非接入层传输消息,所述上行非接入层传输消息中包含所述第一参数更新类型和所述第一MAC。In a possible implementation method, the transceiving unit 920 is specifically configured to send a registration request message to the mobility management network element, where the registration request message includes the first parameter update type and the first MAC; Or, sending an uplink non-access stratum transmission message to the mobility management network element, where the uplink non-access stratum transmission message includes the first parameter update type and the first MAC.
在一种可能的实现方法中,所述第一参数更新类型包括以下一项或多项:In a possible implementation method, the first parameter update type includes one or more of the following:
切片认证凭据的更新、协议数据单元PDU会话认证凭据的更新。Slice authentication credential update, protocol data unit PDU session authentication credential update.
当通信装置900用于实现图3至图6中所示的方法实施例中的UDM的功能时:收发单元920,用于接收来自终端的第二参数更新类型和第二消息认证码MAC;处理单元910,用于根据所述第二参数更新类型,校验所述第二MAC是否与第三MAC匹配,所述第三MAC是根据所述第二参数更新类型和Kausf生成的;其中,所述Kausf是所述终端与鉴权网元之间的密钥。When the communication device 900 is used to implement the UDM function in the method embodiments shown in FIGS. 3 to 6: the transceiver unit 920 is configured to receive the second parameter update type and the second message authentication code MAC from the terminal; process The unit 910 is configured to check whether the second MAC matches a third MAC according to the second parameter update type, and the third MAC is generated according to the second parameter update type and Kausf; wherein, the The Kausf is the key between the terminal and the authentication network element.
在一种可能的实现方法中,处理单元910,具体用于通过收发单元920向所述鉴权网元发送所述第二参数更新类型;通过收发单元920接收来自所述鉴权网元的所述第三MAC;校验所述第二MAC是否与所述第三MAC匹配。In a possible implementation method, the processing unit 910 is specifically configured to send the second parameter update type to the authentication network element through the transceiver unit 920; the third MAC; checking whether the second MAC matches the third MAC.
在一种可能的实现方法中,处理单元910,具体用于通过收发单元920向所述鉴权网元发送所述第二参数更新类型和所述第二MAC;通过收发单元920接收来自所述鉴权网元的MAC校验结果,所述MAC校验结果为所述第二MAC与第三MAC匹配或所述第二MAC与第三MAC不匹配。In a possible implementation method, the processing unit 910 is specifically configured to send the second parameter update type and the second MAC to the authentication network element through the transceiver unit 920; A MAC verification result of the authentication network element, where the MAC verification result is that the second MAC matches the third MAC or the second MAC does not match the third MAC.
在一种可能的实现方法中,收发单元920,还用于接收来自所述鉴权网元的第四MAC,所述第四MAC是根据第一确认信息和所述Kausf生成的,所述第一确认信息用于指示成功收到所述终端支持的参数更新类型;向所述终端发送所述第四MAC。In a possible implementation method, the transceiver unit 920 is further configured to receive a fourth MAC from the authentication network element, the fourth MAC is generated according to the first confirmation information and the Kausf, and the fourth MAC is generated according to the first confirmation information and the Kausf A confirmation message is used to indicate that the parameter update type supported by the terminal is successfully received; and the fourth MAC is sent to the terminal.
在一种可能的实现方法中,处理单元910,还用于在所述第二MAC与第三MAC匹配的情况下,保存所述第二参数更新类型;或者,在所述第二MAC与第三MAC不匹配的情况下,丢弃所述第二参数更新类型,和/或降低所述终端所在的PLMN的优先级。In a possible implementation method, the processing unit 910 is further configured to save the second parameter update type when the second MAC matches the third MAC; or, when the second MAC matches the third MAC, If the three MACs do not match, the second parameter update type is discarded, and/or the priority of the PLMN where the terminal is located is lowered.
当通信装置900用于实现图3或图5示的方法实施例中的AUSF的功能时:收发单元920,用于接收来自数据管理网元的第二参数更新类型和第二消息认证码MAC;处理单元910,用于根据所述第二参数更新类型和Kausf,生成第三MAC,所述Kausf是终端与所 述鉴权网元之间的密钥;校验所述第二MAC是否与所述第三MAC匹配;收发单元920,还用于向所述数据管理网元发送MAC校验结果,所述MAC校验结果为所述第二MAC与第三MAC匹配或所述第二MAC与第三MAC不匹配。When the communication device 900 is used to implement the AUSF function in the method embodiment shown in FIG. 3 or FIG. 5: the transceiver unit 920 is configured to receive the second parameter update type and the second message authentication code MAC from the data management network element; The processing unit 910 is configured to generate a third MAC according to the second parameter update type and Kausf, where the Kausf is a key between the terminal and the authentication network element; check whether the second MAC is consistent with the The third MAC matching; the transceiver unit 920 is further configured to send a MAC verification result to the data management network element, and the MAC verification result is that the second MAC matches the third MAC or the second MAC matches the second MAC The third MAC does not match.
在一种可能的实现方法中,处理单元910,还用于在所述MAC校验结果为所述第二MAC与第三MAC匹配的情况下,根据第一确认信息和所述Kausf,生成第四MAC,所述第一确认信息用于指示所述数据管理网元成功收到所述终端支持的参数更新类型;收发单元920,还用于向所述数据管理网元发送所述第四MAC。In a possible implementation method, the processing unit 910 is further configured to generate the second MAC according to the first confirmation information and the Kausf when the MAC verification result is that the second MAC matches the third MAC. Four MAC, the first confirmation information is used to indicate that the data management network element has successfully received the parameter update type supported by the terminal; the transceiver unit 920 is also used to send the fourth MAC to the data management network element .
当通信装置900用于实现图4或图6所示的方法实施例中的AUSF的功能时:收发单元920,用于接收来自数据管理网元的第二参数更新类型;处理单元910,用于根据所述第二参数更新类型和Kausf,生成第三消息认证码MAC,所述Kausf是终端与所述鉴权网元之间的密钥;收发单元920,还用于向所述数据管理网元发送所述第三MAC。When the communication device 900 is used to implement the AUSF function in the method embodiment shown in FIG. 4 or FIG. 6: the transceiver unit 920 is used to receive the second parameter update type from the data management network element; the processing unit 910 is used to Generate a third message authentication code MAC according to the second parameter update type and Kausf, the Kausf is the key between the terminal and the authentication network element; the transceiver unit 920 is also used to send the data to the data management network sending the third MAC.
在一种可能的实现方法中,收发单元920,还用于接收来自所述数据管理网元的指示信息,所述指示信息用于指示所述第二MAC与第三MAC匹配;处理单元910,还用于根据第一确认信息和所述Kausf,生成第四MAC;其中,所述第一确认信息用于指示所述数据管理网元成功收到所述终端支持的参数更新类型;收发单元920,还用于向所述数据管理网元发送所述第四MAC。In a possible implementation method, the transceiving unit 920 is further configured to receive indication information from the data management network element, where the indication information is used to indicate that the second MAC matches the third MAC; the processing unit 910, It is also used to generate a fourth MAC according to the first confirmation information and the Kausf; wherein the first confirmation information is used to indicate that the data management network element has successfully received the parameter update type supported by the terminal; the transceiver unit 920 , further configured to send the fourth MAC to the data management network element.
有关上述处理单元910和收发单元920更详细的描述可以直接参考图3至图6所示的方法实施例中相关描述直接得到,这里不加赘述。More detailed descriptions about the processing unit 910 and the transceiver unit 920 can be directly obtained by referring to related descriptions in the method embodiments shown in FIG. 3 to FIG. 6 , and details are not repeated here.
如图10所示,通信装置1000包括处理器1010和接口电路1020。处理器1010和接口电路1020之间相互耦合。可以理解的是,接口电路1020可以为收发器或输入输出接口。可选的,通信装置1000还可以包括存储器1030,用于存储处理器1010执行的指令或存储处理器1010运行指令所需要的输入数据或存储处理器1010运行指令后产生的数据。As shown in FIG. 10 , a communication device 1000 includes a processor 1010 and an interface circuit 1020 . The processor 1010 and the interface circuit 1020 are coupled to each other. It can be understood that the interface circuit 1020 may be a transceiver or an input-output interface. Optionally, the communication device 1000 may further include a memory 1030 for storing instructions executed by the processor 1010 or storing input data required by the processor 1010 to execute the instructions or storing data generated by the processor 1010 after executing the instructions.
当通信装置1000用于实现图3至图6所示的方法时,处理器1010用于实现上述处理单元910的功能,接口电路1120用于实现上述收发单元920的功能。When the communication device 1000 is used to implement the methods shown in FIGS. 3 to 6 , the processor 1010 is used to implement the functions of the processing unit 910 , and the interface circuit 1120 is used to implement the functions of the transceiver unit 920 .
可以理解的是,本申请的实施例中的处理器可以是中央处理单元(Central Processing Unit,CPU),还可以是其它通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field Programmable Gate Array,FPGA)或者其它可编程逻辑器件、晶体管逻辑器件,硬件部件或者其任意组合。通用处理器可以是微处理器,也可以是任何常规的处理器。It can be understood that the processor in the embodiments of the present application can be a central processing unit (Central Processing Unit, CPU), and can also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application-specific integrated circuits (Application Specific Integrated Circuit, ASIC), Field Programmable Gate Array (Field Programmable Gate Array, FPGA) or other programmable logic devices, transistor logic devices, hardware components or any combination thereof. A general-purpose processor can be a microprocessor, or any conventional processor.
本申请的实施例中的方法步骤可以通过硬件的方式来实现,也可以由处理器执行软件指令的方式来实现。软件指令可以由相应的软件模块组成,软件模块可以被存放于随机存取存储器、闪存、只读存储器、可编程只读存储器、可擦除可编程只读存储器、电可擦除可编程只读存储器、寄存器、硬盘、移动硬盘、CD-ROM或者本领域熟知的任何其它形式的存储介质中。一种示例性的存储介质耦合至处理器,从而使处理器能够从该存储介质读取信息,且可向该存储介质写入信息。当然,存储介质也可以是处理器的组成部分。处理器和存储介质可以位于ASIC中。The method steps in the embodiments of the present application may be implemented by means of hardware, or may be implemented by means of a processor executing software instructions. Software instructions can be composed of corresponding software modules, and software modules can be stored in random access memory, flash memory, read-only memory, programmable read-only memory, erasable programmable read-only memory, electrically erasable programmable read-only Memory, registers, hard disk, removable hard disk, CD-ROM or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be a component of the processor. The processor and storage medium can be located in the ASIC.
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产 品包括一个或多个计算机程序或指令。在计算机上加载和执行所述计算机程序或指令时,全部或部分地执行本申请实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、基站、终端或者其它可编程装置。所述计算机程序或指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机程序或指令可以从一个网站站点、计算机、服务器或数据中心通过有线或无线方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是集成一个或多个可用介质的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,例如,软盘、硬盘、磁带;也可以是光介质,例如,数字视频光盘;还可以是半导体介质,例如,固态硬盘。该计算机可读存储介质可以是易失性或非易失性存储介质,或可包括易失性和非易失性两种类型的存储介质。In the above embodiments, all or part of them may be implemented by software, hardware, firmware or any combination thereof. When implemented using software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer programs or instructions. When the computer program or instructions are loaded and executed on the computer, the processes or functions described in the embodiments of the present application are executed in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, a base station, a terminal or other programmable devices. The computer program or instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer program or instructions may be downloaded from a website, computer, A server or data center transmits to another website site, computer, server or data center by wired or wireless means. The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center integrating one or more available media. The available medium may be a magnetic medium, such as a floppy disk, a hard disk, or a magnetic tape; it may also be an optical medium, such as a digital video disk; and it may also be a semiconductor medium, such as a solid state disk. The computer readable storage medium may be a volatile or a nonvolatile storage medium, or may include both volatile and nonvolatile types of storage media.
在本申请的各个实施例中,如果没有特殊说明以及逻辑冲突,不同的实施例之间的术语和/或描述具有一致性、且可以相互引用,不同的实施例中的技术特征根据其内在的逻辑关系可以组合形成新的实施例。In each embodiment of the present application, if there is no special explanation and logical conflict, the terms and/or descriptions between different embodiments are consistent and can be referred to each other, and the technical features in different embodiments are based on their inherent Logical relationships can be combined to form new embodiments.
本申请中,“至少一个”是指一个或者多个,“多个”是指两个或两个以上。“和/或”,描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B的情况,其中A,B可以是单数或者复数。在本申请的文字描述中,字符“/”,一般表示前后关联对象是一种“或”的关系;在本申请的公式中,字符“/”,表示前后关联对象是一种“相除”的关系。In this application, "at least one" means one or more, and "multiple" means two or more. "And/or" describes the association relationship of associated objects, indicating that there may be three types of relationships, for example, A and/or B, which can mean: A exists alone, A and B exist simultaneously, and B exists alone, where A, B can be singular or plural. In the text description of this application, the character "/" generally indicates that the contextual objects are an "or" relationship; in the formulas of this application, the character "/" indicates that the contextual objects are a "division" Relationship.
可以理解的是,在本申请的实施例中涉及的各种数字编号仅为描述方便进行的区分,并不用来限制本申请的实施例的范围。上述各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定。It can be understood that the various numbers involved in the embodiments of the present application are only for convenience of description, and are not used to limit the scope of the embodiments of the present application. The size of the serial numbers of the above-mentioned processes does not mean the order of execution, and the execution order of each process should be determined by its functions and internal logic.

Claims (36)

  1. 一种无线通信方法,应用于终端,其特征在于,包括:A wireless communication method applied to a terminal, characterized in that it includes:
    根据第一参数更新类型和Kausf,生成第一消息认证码,所述第一参数更新类型是所述终端支持的参数更新类型,所述Kausf是所述终端与鉴权网元之间的密钥;Generate a first message authentication code according to the first parameter update type and Kausf, the first parameter update type is the parameter update type supported by the terminal, and the Kausf is the key between the terminal and the authentication network element ;
    向移动性管理网元发送所述第一参数更新类型和所述第一消息认证码。Sending the first parameter update type and the first message authentication code to a mobility management network element.
  2. 如权利要求1所述的方法,其特征在于,还包括:The method of claim 1, further comprising:
    接收来自所述移动性管理网元的第五消息认证码,所述第五消息认证码是根据第一确认信息和所述Kausf生成的,所述第一确认信息用于指示数据管理网元成功收到了所述第一参数更新类型;receiving a fifth message authentication code from the mobility management network element, the fifth message authentication code is generated according to the first confirmation information and the Kausf, and the first confirmation information is used to indicate that the data management network element successfully The first parameter update type is received;
    根据第二确认信息和所述Kausf,对所述第五消息认证码进行校验。Verifying the fifth message authentication code according to the second confirmation information and the Kausf.
  3. 如权利要求2所述的方法,其特征在于,还包括:The method of claim 2, further comprising:
    当所述第五消息认证码校验成功,保存所述第二确认信息;或者,When the verification of the fifth message authentication code is successful, save the second confirmation information; or,
    当所述第五消息认证码校验失败,丢弃所述第二确认信息和/或降低所述终端所在的公共陆地移动网络PLMN的优先级。When the verification of the fifth message authentication code fails, the second confirmation information is discarded and/or the priority of the public land mobile network PLMN where the terminal is located is reduced.
  4. 如权利要求1至3中任一项所述的方法,其特征在于,在向移动性管理网元发送所述第一参数更新类型和所述第一消息认证码之后,所述方法还包括:The method according to any one of claims 1 to 3, wherein after sending the first parameter update type and the first message authentication code to a mobility management network element, the method further comprises:
    接收来自所述移动性管理网元的下行非接入层传输消息;receiving a downlink non-access stratum transmission message from the mobility management network element;
    当所述下行非接入层传输消息中包含所述第一参数更新类型对应的参数,确定所述数据管理网元成功收到所述第一参数更新类型;或者,When the downlink non-access stratum transmission message contains parameters corresponding to the first parameter update type, determine that the data management network element has successfully received the first parameter update type; or,
    当所述下行非接入层传输消息中不包含所述第一参数更新类型对应的参数,降低所述终端所在的PLMN的优先级。When the downlink non-access stratum transmission message does not include the parameter corresponding to the first parameter update type, lower the priority of the PLMN where the terminal is located.
  5. 如权利要求1至4中任一项所述的方法,其特征在于,所述根据第一参数更新类型和Kausf,生成第一消息认证码之前,还包括以下一项或多项:The method according to any one of claims 1 to 4, wherein, before generating the first message authentication code according to the first parameter update type and Kausf, it also includes one or more of the following:
    确定在所述终端中插入了新的全球用户身份模块USIM;determining that a new Universal Subscriber Identity Module USIM is inserted in said terminal;
    确定所述第一参数更新类型中包含除路由指示更新数据和默认配置NSSAI更新数据之外的其它参数更新类型;Determining that the first parameter update type includes other parameter update types except routing indication update data and default configuration NSSAI update data;
    确定所述终端开机;determining that the terminal is turned on;
    确定未发送过所述第一参数更新类型;determining that the first parameter update type has not been sent;
    确定未收到过针对所述第一参数更新类型的响应。It is determined that no response to the first parameter update type has been received.
  6. 如权利要求1至5中任一项所述的方法,其特征在于,所述向移动性管理网元发送所述第一参数更新类型和所述第一消息认证码,包括:The method according to any one of claims 1 to 5, wherein the sending the first parameter update type and the first message authentication code to a mobility management network element comprises:
    向所述移动性管理网元发送注册请求消息,所述注册请求消息中包含所述第一参数更新类型和所述第一消息认证码;或者,Sending a registration request message to the mobility management network element, where the registration request message includes the first parameter update type and the first message authentication code; or,
    向所述移动性管理网元发送上行非接入层传输消息,所述上行非接入层传输消息中包含所述第一参数更新类型和所述第一消息认证码。sending an uplink non-access stratum transmission message to the mobility management network element, where the uplink non-access stratum transmission message includes the first parameter update type and the first message authentication code.
  7. 如权利要求1至6中任一项所述的方法,其特征在于,所述第一参数更新类型包括以下一项或多项:The method according to any one of claims 1 to 6, wherein the first parameter update type includes one or more of the following:
    切片认证凭据的更新、协议数据单元PDU会话认证凭据的更新。Slice authentication credential update, protocol data unit PDU session authentication credential update.
  8. 一种无线通信方法,应用于数据管理网元,其特征在于,包括:A wireless communication method applied to a data management network element, characterized in that it includes:
    接收来自终端的第二参数更新类型和第二消息认证码;receiving a second parameter update type and a second message authentication code from the terminal;
    根据所述第二参数更新类型,校验所述第二消息认证码是否与第三消息认证码匹配,所述第三消息认证码是根据所述第二参数更新类型和Kausf生成的;其中,所述Kausf是所述终端与鉴权网元之间的密钥。According to the second parameter update type, check whether the second message authentication code matches a third message authentication code, and the third message authentication code is generated according to the second parameter update type and Kausf; wherein, The Kausf is a key between the terminal and the authentication network element.
  9. 如权利要求8所述的方法,其特征在于,所述根据所述第二参数更新类型,校验所述第二消息认证码是否与第三消息认证码匹配,包括:The method according to claim 8, wherein the checking whether the second message authentication code matches the third message authentication code according to the update type of the second parameter comprises:
    向所述鉴权网元发送所述第二参数更新类型;sending the second parameter update type to the authentication network element;
    接收来自所述鉴权网元的所述第三消息认证码;receiving the third message authentication code from the authentication network element;
    校验所述第二消息认证码是否与所述第三消息认证码匹配。Checking whether the second message authentication code matches the third message authentication code.
  10. 如权利要求8所述的方法,其特征在于,所述根据所述第二参数更新类型,校验所述第二消息认证码是否与第三消息认证码匹配,包括:The method according to claim 8, wherein the checking whether the second message authentication code matches the third message authentication code according to the update type of the second parameter comprises:
    向所述鉴权网元发送所述第二参数更新类型和所述第二消息认证码;sending the second parameter update type and the second message authentication code to the authentication network element;
    接收来自所述鉴权网元的消息认证码校验结果,所述消息认证码校验结果为所述第二消息认证码与第三消息认证码匹配或所述第二消息认证码与第三消息认证码不匹配。Receive a message authentication code verification result from the authentication network element, the message authentication code verification result is that the second message authentication code matches the third message authentication code or the second message authentication code matches the third message authentication code Message authentication codes do not match.
  11. 如权利要求8至10中任一项所述的方法,其特征在于,还包括:The method according to any one of claims 8 to 10, further comprising:
    接收来自所述鉴权网元的第四消息认证码,所述第四消息认证码是根据第一确认信息和所述Kausf生成的,所述第一确认信息用于指示成功收到所述终端支持的参数更新类型;receiving a fourth message authentication code from the authentication network element, the fourth message authentication code is generated according to the first confirmation information and the Kausf, and the first confirmation information is used to indicate that the terminal is successfully received Supported parameter update types;
    向所述终端发送所述第四消息认证码。Send the fourth message authentication code to the terminal.
  12. 如权利要求8至11中任一项所述的方法,其特征在于,还包括:The method according to any one of claims 8 to 11, further comprising:
    在所述第二消息认证码与第三消息认证码匹配的情况下,保存所述第二参数更新类型;或者,If the second message authentication code matches the third message authentication code, save the second parameter update type; or,
    在所述第二消息认证码与第三消息认证码不匹配的情况下,丢弃所述第二参数更新类型,和/或降低所述终端所在的PLMN的优先级。If the second message authentication code does not match the third message authentication code, the second parameter update type is discarded, and/or the priority of the PLMN where the terminal is located is lowered.
  13. 一种无线通信方法,应用于鉴权网元,其特征在于,包括:A wireless communication method applied to an authentication network element, characterized in that it includes:
    接收来自数据管理网元的第二参数更新类型和第二消息认证码;receiving a second parameter update type and a second message authentication code from the data management network element;
    根据所述第二参数更新类型和Kausf,生成第三消息认证码,所述Kausf是终端与所述鉴权网元之间的密钥;Generate a third message authentication code according to the second parameter update type and Kausf, where Kausf is a key between the terminal and the authentication network element;
    校验所述第二消息认证码是否与所述第三消息认证码匹配;checking whether the second message authentication code matches the third message authentication code;
    向所述数据管理网元发送消息认证码校验结果,所述消息认证码校验结果为所述第二消息认证码与第三消息认证码匹配或所述第二消息认证码与第三消息认证码不匹配。sending a message authentication code verification result to the data management network element, where the message authentication code verification result is that the second message authentication code matches the third message authentication code or that the second message authentication code matches the third message authentication code Authentication codes do not match.
  14. 如权利要求13所述的方法,其特征在于,还包括:The method of claim 13, further comprising:
    在所述消息认证码校验结果为所述第二消息认证码与第三消息认证码匹配的情况下,根据第一确认信息和所述Kausf,生成第四消息认证码,所述第一确认信息用于指示所述数据管理网元成功收到所述终端支持的参数更新类型;When the verification result of the message authentication code is that the second message authentication code matches the third message authentication code, a fourth message authentication code is generated according to the first confirmation information and the Kausf, and the first confirmation The information is used to indicate that the data management network element has successfully received the parameter update type supported by the terminal;
    向所述数据管理网元发送所述第四消息认证码。Send the fourth message authentication code to the data management network element.
  15. 一种无线通信方法,应用于鉴权网元,其特征在于,包括:A wireless communication method applied to an authentication network element, characterized in that it includes:
    接收来自数据管理网元的第二参数更新类型;receiving a second parameter update type from a data management network element;
    根据所述第二参数更新类型和Kausf,生成第三消息认证码,所述Kausf是终端与所述鉴权网元之间的密钥;Generate a third message authentication code according to the second parameter update type and Kausf, where Kausf is a key between the terminal and the authentication network element;
    向所述数据管理网元发送所述第三消息认证码。Send the third message authentication code to the data management network element.
  16. 如权利要求15所述的方法,其特征在于,还包括:The method of claim 15, further comprising:
    接收来自所述数据管理网元的指示信息,所述指示信息用于指示所述第二消息认证码与第三消息认证码匹配;receiving indication information from the data management network element, where the indication information is used to indicate that the second message authentication code matches a third message authentication code;
    根据第一确认信息和所述Kausf,生成第四消息认证码;其中,所述第一确认信息用于指示所述数据管理网元成功收到所述终端支持的参数更新类型;Generate a fourth message authentication code according to the first confirmation information and the Kausf; wherein the first confirmation information is used to indicate that the data management network element has successfully received the parameter update type supported by the terminal;
    向所述数据管理网元发送所述第四消息认证码。Send the fourth message authentication code to the data management network element.
  17. 一种通信装置,其特征在于,包括:A communication device, characterized by comprising:
    处理单元,用于根据第一参数更新类型和Kausf,生成第一消息认证码,所述第一参数更新类型是终端支持的参数更新类型,所述Kausf是所述终端与鉴权网元之间的密钥;A processing unit, configured to generate a first message authentication code according to a first parameter update type and a Kausf, where the first parameter update type is a parameter update type supported by the terminal, and the Kausf is a message between the terminal and an authentication network element the key;
    收发单元,用于向移动性管理网元发送所述第一参数更新类型和所述第一消息认证码。A transceiver unit, configured to send the first parameter update type and the first message authentication code to a mobility management network element.
  18. 如权利要求17所述的装置,其特征在于,所述收发单元,还用于接收来自所述移动性管理网元的第五消息认证码,所述第五消息认证码是根据第一确认信息和所述Kausf生成的,所述第一确认信息用于指示数据管理网元成功收到了所述第一参数更新类型;The device according to claim 17, wherein the transceiver unit is further configured to receive a fifth message authentication code from the mobility management network element, the fifth message authentication code is based on the first confirmation information and generated by the Kausf, the first confirmation information is used to indicate that the data management network element has successfully received the first parameter update type;
    所述处理单元,还用于根据第二确认信息和所述Kausf,对所述第五消息认证码进行校验。The processing unit is further configured to verify the fifth message authentication code according to the second confirmation information and the Kausf.
  19. 如权利要求18所述的装置,其特征在于,所述处理单元,还用于当所述第五消息认证码校验成功,保存所述第二确认信息;或者,当所述第五消息认证码校验失败,丢弃所述第二确认信息和/或降低所述终端所在的公共陆地移动网络PLMN的优先级。The device according to claim 18, wherein the processing unit is further configured to save the second confirmation information when the verification of the fifth message authentication code is successful; or, when the fifth message authentication code If the code verification fails, the second confirmation information is discarded and/or the priority of the public land mobile network PLMN where the terminal is located is lowered.
  20. 如权利要求17至19中任一项所述的装置,其特征在于,所述收发单元,还用于在向移动性管理网元发送所述第一参数更新类型和所述第一消息认证码之后,接收来自所述移动性管理网元的下行非接入层传输消息;The device according to any one of claims 17 to 19, wherein the transceiver unit is further configured to send the first parameter update type and the first message authentication code to a mobility management network element Afterwards, receiving a downlink non-access stratum transmission message from the mobility management network element;
    所述处理单元,还用于当所述下行非接入层传输消息中包含所述第一参数更新类型对应的参数,确定所述数据管理网元成功收到所述第一参数更新类型;或者,当所述下行非接入层传输消息中不包含所述第一参数更新类型对应的参数,降低所述终端所在的PLMN的优先级。The processing unit is further configured to determine that the data management network element has successfully received the first parameter update type when the downlink non-access stratum transmission message contains a parameter corresponding to the first parameter update type; or , when the downlink non-access stratum transmission message does not include the parameter corresponding to the first parameter update type, lowering the priority of the PLMN where the terminal is located.
  21. 如权利要求17至20中任一项所述的装置,其特征在于,所述处理单元,还用于根据第一参数更新类型和Kausf,生成第一消息认证码之前,还包括以下一项或多项:The device according to any one of claims 17 to 20, wherein the processing unit is further configured to, before generating the first message authentication code according to the first parameter update type and Kausf, further include the following one or Multiple:
    确定在所述终端中插入了新的全球用户身份模块USIM;determining that a new Universal Subscriber Identity Module USIM is inserted in said terminal;
    确定所述第一参数更新类型中包含除路由指示更新数据和默认配置NSSAI更新数据之外的其它参数更新类型;Determining that the first parameter update type includes other parameter update types except routing indication update data and default configuration NSSAI update data;
    确定所述终端开机;determining that the terminal is turned on;
    确定未发送过所述第一参数更新类型;determining that the first parameter update type has not been sent;
    确定未收到过针对所述第一参数更新类型的响应。It is determined that no response to the first parameter update type has been received.
  22. 如权利要求17至21中任一项所述的装置,其特征在于,所述收发单元,具体用于向所述移动性管理网元发送注册请求消息,所述注册请求消息中包含所述第一参数更新类型和所述第一消息认证码;或者,向所述移动性管理网元发送上行非接入层传输消息,所述上行非接入层传输消息中包含所述第一参数更新类型和所述第一消息认证码。The device according to any one of claims 17 to 21, wherein the transceiver unit is specifically configured to send a registration request message to the mobility management network element, and the registration request message includes the first A parameter update type and the first message authentication code; or, sending an uplink non-access stratum transmission message to the mobility management network element, where the uplink non-access stratum transmission message includes the first parameter update type and the first message authentication code.
  23. 如权利要求17至22中任一项所述的装置,其特征在于,所述第一参数更新类型包括以下一项或多项:The device according to any one of claims 17 to 22, wherein the first parameter update type includes one or more of the following:
    切片认证凭据的更新、协议数据单元PDU会话认证凭据的更新。Slice authentication credential update, protocol data unit PDU session authentication credential update.
  24. 一种通信装置,其特征在于,包括:A communication device, characterized by comprising:
    收发单元,用于接收来自终端的第二参数更新类型和第二消息认证码;A transceiver unit, configured to receive the second parameter update type and the second message authentication code from the terminal;
    处理单元,用于根据所述第二参数更新类型,校验所述第二消息认证码是否与第三消息认证码匹配,所述第三消息认证码是根据所述第二参数更新类型和Kausf生成的;其中,所述Kausf是所述终端与鉴权网元之间的密钥。A processing unit, configured to check whether the second message authentication code matches a third message authentication code according to the second parameter update type, and the third message authentication code is based on the second parameter update type and Kausf generated; wherein, the Kausf is a key between the terminal and the authentication network element.
  25. 如权利要求24所述的装置,其特征在于,所述处理单元,具体用于通过所述收发单元向所述鉴权网元发送所述第二参数更新类型;通过所述收发单元接收来自所述鉴权网元的所述第三消息认证码;校验所述第二消息认证码是否与所述第三消息认证码匹配。The device according to claim 24, wherein the processing unit is specifically configured to send the second parameter update type to the authentication network element through the transceiver unit; the third message authentication code of the authentication network element; check whether the second message authentication code matches the third message authentication code.
  26. 如权利要求24所述的装置,其特征在于,所述处理单元,具体用于通过所述收发单元向所述鉴权网元发送所述第二参数更新类型和所述第二消息认证码;通过所述收发单元接收来自所述鉴权网元的消息认证码校验结果,所述消息认证码校验结果为所述第二消息认证码与第三消息认证码匹配或所述第二消息认证码与第三消息认证码不匹配。The device according to claim 24, wherein the processing unit is specifically configured to send the second parameter update type and the second message authentication code to the authentication network element through the transceiver unit; The message authentication code check result from the authentication network element is received by the transceiver unit, and the message authentication code check result is that the second message authentication code matches the third message authentication code or the second message The authentication code does not match the third message authentication code.
  27. 如权利要求24至26中任一项所述的装置,其特征在于,所述收发单元,还用于接收来自所述鉴权网元的第四消息认证码,所述第四消息认证码是根据第一确认信息和所述Kausf生成的,所述第一确认信息用于指示成功收到所述终端支持的参数更新类型;向所述终端发送所述第四消息认证码。The device according to any one of claims 24 to 26, wherein the transceiver unit is further configured to receive a fourth message authentication code from the authentication network element, the fourth message authentication code is Generated according to the first confirmation information and the Kausf, the first confirmation information is used to indicate that the parameter update type supported by the terminal is successfully received; and the fourth message authentication code is sent to the terminal.
  28. 如权利要求24至27中任一项所述的装置,其特征在于,所述处理单元,还用于在所述第二消息认证码与第三消息认证码匹配的情况下,保存所述第二参数更新类型;或者,在所述第二消息认证码与第三消息认证码不匹配的情况下,丢弃所述第二参数更新类型,和/或降低所述终端所在的PLMN的优先级。The device according to any one of claims 24 to 27, wherein the processing unit is further configured to store the second message authentication code when the second message authentication code matches the third message authentication code. Two parameter update types; or, in the case that the second message authentication code does not match the third message authentication code, discarding the second parameter update type, and/or reducing the priority of the PLMN where the terminal is located.
  29. 一种通信装置,其特征在于,包括:A communication device, characterized by comprising:
    收发单元,用于接收来自数据管理网元的第二参数更新类型和第二消息认证码;A transceiver unit, configured to receive the second parameter update type and the second message authentication code from the data management network element;
    处理单元,用于根据所述第二参数更新类型和Kausf,生成第三消息认证码,所述Kausf是终端与所述鉴权网元之间的密钥;A processing unit, configured to generate a third message authentication code according to the second parameter update type and Kausf, where Kausf is a key between the terminal and the authentication network element;
    所述处理单元,还用于校验所述第二消息认证码是否与所述第三消息认证码匹配;The processing unit is further configured to check whether the second message authentication code matches the third message authentication code;
    所述收发单元,还用于向所述数据管理网元发送消息认证码校验结果,所述消息认证码校验结果为所述第二消息认证码与第三消息认证码匹配或所述第二消息认证码与第三消息认证码不匹配。The transceiver unit is further configured to send a message authentication code verification result to the data management network element, and the message authentication code verification result is that the second message authentication code matches the third message authentication code or the first message authentication code matches the second message authentication code. The second message authentication code does not match the third message authentication code.
  30. 如权利要求29所述的装置,其特征在于,所述处理单元,还用于在所述消息认证码校验结果为所述第二消息认证码与第三消息认证码匹配的情况下,根据第一确认信息和所述Kausf,生成第四消息认证码,所述第一确认信息用于指示所述数据管理网元成功收到所述终端支持的参数更新类型;所述收发单元,还用于向所述数据管理网元发送所述第四消息认证码。The device according to claim 29, wherein the processing unit is further configured to, when the verification result of the message authentication code is that the second message authentication code matches the third message authentication code, according to The first confirmation information and the Kausf generate a fourth message authentication code, the first confirmation information is used to indicate that the data management network element has successfully received the parameter update type supported by the terminal; the transceiver unit also uses to send the fourth message authentication code to the data management network element.
  31. 一种通信装置,应用于鉴权网元,其特征在于,包括:A communication device applied to an authentication network element, characterized in that it includes:
    收发单元,用于接收来自数据管理网元的第二参数更新类型;A transceiver unit, configured to receive the second parameter update type from the data management network element;
    处理单元,用于根据所述第二参数更新类型和Kausf,生成第三消息认证码,所述Kausf是终端与所述鉴权网元之间的密钥;A processing unit, configured to generate a third message authentication code according to the second parameter update type and Kausf, where Kausf is a key between the terminal and the authentication network element;
    所述收发单元,还用于向所述数据管理网元发送所述第三消息认证码。The transceiving unit is further configured to send the third message authentication code to the data management network element.
  32. 如权利要求31所述的装置,其特征在于,所述收发单元,还用于接收来自所述数据管理网元的指示信息,所述指示信息用于指示所述第二消息认证码与第三消息认证码匹 配;The device according to claim 31, wherein the transceiver unit is further configured to receive indication information from the data management network element, the indication information is used to indicate that the second message authentication code and the third message authentication code match;
    所述处理单元,还用于根据第一确认信息和所述Kausf,生成第四消息认证码;其中,所述第一确认信息用于指示所述数据管理网元成功收到所述终端支持的参数更新类型;The processing unit is further configured to generate a fourth message authentication code according to the first confirmation information and the Kausf; wherein the first confirmation information is used to indicate that the data management network element has successfully received the message supported by the terminal. Parameter update type;
    所述收发单元,还用于向所述数据管理网元发送所述第四消息认证码。The transceiving unit is further configured to send the fourth message authentication code to the data management network element.
  33. 一种通信装置,其特征在于,包括处理器和接口电路,所述接口电路用于接收来自所述通信装置之外的其它通信装置的信号并传输至所述处理器或将来自所述处理器的信号发送给所述通信装置之外的其它通信装置,所述处理器通过逻辑电路或执行代码指令用于实现如权利要求1至7中任一项所述的方法,或用于实现如权利要求8至12中任一项所述的方法,或用于实现如权利要求13至14中任一项所述的方法,或用于实现如权利要求15或16所述的方法。A communication device, characterized in that it includes a processor and an interface circuit, the interface circuit is used to receive signals from other communication devices other than the communication device and transmit them to the processor or transfer signals from the processor The signal is sent to other communication devices other than the communication device, and the processor implements the method according to any one of claims 1 to 7 through a logic circuit or executes code instructions, or is used to realize the method according to any one of claims 1 to 7 The method described in any one of claims 8 to 12, or used to implement the method described in any one of claims 13 to 14, or used to implement the method described in claims 15 or 16.
  34. 一种通信系统,其特征在于,包括用于执行如权利要求8至12中任一项所述方法的数据管理网元,和用于执行如权利要求13或14所述方法的鉴权网元;或者,包括用于执行如权利要求8至12中任一项所述方法的数据管理网元,和用于执行如权利要求15或16所述方法的鉴权网元。A communication system, characterized by comprising a data management network element for performing the method according to any one of claims 8 to 12, and an authentication network element for performing the method according to claim 13 or 14 or, comprising a data management network element for performing the method according to any one of claims 8 to 12, and an authentication network element for performing the method according to claim 15 or 16.
  35. 一种计算机程序产品,其特征在于,包括计算机程序,当所述计算机程序被通信装置执行时,实现如权利要求1至16中任一项所述的方法。A computer program product, characterized by comprising a computer program, and when the computer program is executed by a communication device, the method according to any one of claims 1 to 16 is realized.
  36. 一种计算机可读存储介质,其特征在于,所述存储介质中存储有计算机程序或指令,当所述计算机程序或指令被通信装置执行时,实现如权利要求1至16中任一项所述的方法。A computer-readable storage medium, characterized in that computer programs or instructions are stored in the storage medium, and when the computer programs or instructions are executed by a communication device, the implementation of any one of claims 1 to 16 Methods.
PCT/CN2022/086588 2021-05-08 2022-04-13 Wireless communication method, communication device, and communication system WO2022237441A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110501343.6A CN115396868A (en) 2021-05-08 2021-05-08 Wireless communication method, communication device and communication system
CN202110501343.6 2021-05-08

Publications (1)

Publication Number Publication Date
WO2022237441A1 true WO2022237441A1 (en) 2022-11-17

Family

ID=84029403

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/086588 WO2022237441A1 (en) 2021-05-08 2022-04-13 Wireless communication method, communication device, and communication system

Country Status (2)

Country Link
CN (1) CN115396868A (en)
WO (1) WO2022237441A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109842880A (en) * 2018-08-23 2019-06-04 华为技术有限公司 Method for routing, apparatus and system
CN111669276A (en) * 2019-03-07 2020-09-15 华为技术有限公司 Network verification method, device and system
WO2020208996A1 (en) * 2019-04-08 2020-10-15 Nec Corporation Procedure to provide integrity protection to a ue parameter during ue configuration update procedure

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109842880A (en) * 2018-08-23 2019-06-04 华为技术有限公司 Method for routing, apparatus and system
CN111669276A (en) * 2019-03-07 2020-09-15 华为技术有限公司 Network verification method, device and system
WO2020208996A1 (en) * 2019-04-08 2020-10-15 Nec Corporation Procedure to provide integrity protection to a ue parameter during ue configuration update procedure

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
HUAWEI, HISILICON, VIVO: "Discussion on alternatives for UE parameters update with unsupported UE parameters", 3GPP DRAFT; C1-207353, vol. CT WG1, 6 November 2020 (2020-11-06), pages 1 - 7, XP051951893 *

Also Published As

Publication number Publication date
CN115396868A (en) 2022-11-25

Similar Documents

Publication Publication Date Title
US20200162919A1 (en) Accessing a denied network resource
US11457360B2 (en) Security mode integrity verification
US11706618B2 (en) Data packet verification method and device
US9100796B2 (en) Methods, systems, and computer readable media for seamless roaming between diameter and non-diameter networks
US11751130B2 (en) Apparatus, method and computer program
US20210045050A1 (en) Communications method and apparatus
WO2021218978A1 (en) Key management method, device and system
WO2022170994A1 (en) Pc5 root key processing method and apparatus, and ausf and remote terminal
EP4271015A1 (en) Registration method and apparatus, authentication method and apparatus, routing indicator determining method and apparatus, entity, and terminal
CN111147436B (en) Network slice authorization method and communication device
US20230337002A1 (en) Security context generation method and apparatus, and computer-readable storage medium
WO2021132096A1 (en) Amf node and method therefor
JP2022529219A (en) Procedures that provide integrity protection for UE parameters during the UE configuration update procedure
WO2019024744A1 (en) Method and device for acquiring identifier of terminal device
US20220210648A1 (en) Air interface information security protection method and apparatus
US20220303763A1 (en) Communication method, apparatus, and system
US20210168614A1 (en) Data Transmission Method and Device
WO2022237441A1 (en) Wireless communication method, communication device, and communication system
KR102604240B1 (en) Handling of NSSAA failures due to network errors or passage of time
CN113709729A (en) Data processing method and device, network equipment and terminal
CN114208240B (en) Data transmission method, device and system
EP4145880A1 (en) Communication method and apparatus
WO2024000134A1 (en) Verification method and apparatus, device, and storage medium
WO2024087038A1 (en) Communication method and communication apparatus
WO2024077598A1 (en) Protecting capability indication in ue initiated visited public land mobile network (vplmn) slice-based steering of roaming (sor)

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22806411

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22806411

Country of ref document: EP

Kind code of ref document: A1