WO2023184548A1 - 信息处理方法及装置、通信设备及存储介质 - Google Patents

信息处理方法及装置、通信设备及存储介质 Download PDF

Info

Publication number
WO2023184548A1
WO2023184548A1 PCT/CN2022/085134 CN2022085134W WO2023184548A1 WO 2023184548 A1 WO2023184548 A1 WO 2023184548A1 CN 2022085134 W CN2022085134 W CN 2022085134W WO 2023184548 A1 WO2023184548 A1 WO 2023184548A1
Authority
WO
WIPO (PCT)
Prior art keywords
request
pegc
pine
authentication
ausf
Prior art date
Application number
PCT/CN2022/085134
Other languages
English (en)
French (fr)
Inventor
梁浩然
陆伟
Original Assignee
北京小米移动软件有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京小米移动软件有限公司 filed Critical 北京小米移动软件有限公司
Priority to PCT/CN2022/085134 priority Critical patent/WO2023184548A1/zh
Priority to CN202280001053.8A priority patent/CN117178583A/zh
Publication of WO2023184548A1 publication Critical patent/WO2023184548A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present disclosure relates to the field of wireless communication technology but is not limited to the field of wireless communication technology, and in particular, to an information processing method and device, communication equipment and storage medium.
  • IoT Internet of Things
  • Typical IoT devices include, but are not limited to: wearable devices, smart home devices, and/or smart office devices.
  • Typical wearable devices include, but are not limited to: headphones, smart watches, and/or health monitoring sensors.
  • Typical smart home devices include, but are not limited to: smart lights, cameras, thermostats, access control devices, voice assistant devices, speakers, refrigerators, washing machines, lawn mowers, and/or robots.
  • Smart office equipment can be applied in small business offices or factories.
  • Typical smart office equipment includes but is not limited to: printers, meters and/or sensors.
  • Some IoT devices have very specific requirements in terms of size (e.g. headphones), and some IoT devices have very specific requirements in terms of weight (e.g. glasses).
  • Some IoT devices have very specific requirements in multiple areas (i.e. size, weight and power consumption).
  • PIN Personal IoT Network
  • Embodiments of the present disclosure provide an information processing method and device, communication equipment, and storage media.
  • a first aspect of the embodiment of the present disclosure provides an information processing method, which is executed by a personal Internet of Things gateway PEGC.
  • the method includes:
  • the first request at least includes: the identification of PINE.
  • the first request also includes at least one of the following:
  • Credential configuration indicator indicating the request for credential configuration
  • the identification of the PEGC is at least used for the legality verification of the PEGC.
  • the identification of the PEGC includes: the hidden identifier of the PEGC.
  • sending the first request to the network function includes:
  • the first request further includes: capability information indicating the PEGC, wherein the capability information at least indicates the security capability of the PEGC.
  • the method also includes:
  • a second aspect of the embodiment of the present disclosure provides an information processing method, which is executed by the network access function AMF.
  • the method includes:
  • the first request includes: the identification of the PEGC;
  • the sending of the second request to the authentication service function AUSF includes:
  • the second request is sent to the AUSF selected according to the identification of the PEGC.
  • the second request includes:
  • the identifier of the PINE is used to identify the PINE whose credentials are to be configured.
  • the second request also includes at least one of the following:
  • Credential configuration indicator indicating the request for credential configuration
  • the visited network name of the PEGC is the visited network name of the PEGC.
  • the PEGC identifier and the visited network name are used to verify whether the PEGC is legal.
  • the method also includes:
  • the third aspect of the embodiment of the present disclosure provides an information processing method, which is executed by AUSF.
  • the method includes:
  • a third request is sent to the user data management UDM, where the third request is used for the UDM to configure PINE credentials.
  • the third request includes:
  • the identifier of the PINE is used to identify the PINE whose credentials are to be configured.
  • the third request also includes at least one of the following:
  • Credential configuration indicator indicating the request for credential configuration
  • the visited network name of the PEGC is the visited network name of the PEGC.
  • the method also includes:
  • a fourth request is sent to the slice independent networking private network authentication and authorization network element NSSAAF, where the fourth request is used for the NSSAAF to select authentication and authorization.
  • the accounting AAA authentication server performs authentication of the default credentials of the PINE.
  • receiving the request response of the third request includes:
  • the fourth request includes: the identifier of PINE, where the identifier of PINE is used for the NSSAAF to select the authentication authorization accounting AAA authentication server for default credential authentication of PINE;
  • the fourth request includes: the identifier of the PEGC and the identifier of the PINE, where the identifier of the PEGC and the identifier of the PINE are used for authentication and authorization of the default credential authentication of the PINE selected by the NSSAAF. Accounting AAA authentication server.
  • the method also includes:
  • the authentication result of the PINE is sent to the UDM; wherein the authentication result that the default credential authentication is passed is used to start the operation of the PINE Business voucher configuration process.
  • the second request includes: the capability information of the PEGC;
  • the method also includes:
  • the security algorithm used in the PINE operator credential configuration process is selected.
  • the fourth aspect of the embodiment of the present disclosure provides an information processing method, which is executed by user data management UDM, and the method further includes:
  • the method also includes:
  • the request response of the third request includes: authentication mode information; wherein the authentication mode information is used to indicate whether to use authentication authorization accounting AAA authentication server Perform authentication with PINE's default credentials.
  • the third request includes: the identification of the PEGC and/or the visited network name of the PEGC;
  • the request response to the third request sent to the AUSF includes:
  • a request response of the third request carrying the authentication method information is sent to the AUSF.
  • the method also includes:
  • the third request at least includes:
  • the third request also includes at least one of the following:
  • Credential configuration indicator indicating the request for operator credential configuration
  • the visited network name of the PEGC is the visited network name of the PEGC.
  • the fifth aspect of the disclosed embodiment provides an information processing method, which is executed by the slice independent networking private network authentication and authorization network element NSSAAF.
  • the method includes:
  • a request response of the fourth request is sent to the AUSF; wherein the request response of the fourth request is used to carry the authentication result of the default credential.
  • the fourth request includes the identification of PEGC
  • the sending of a fifth request to the AAA authentication server based on the authentication method information carried in the fourth request includes:
  • the fifth request is sent to the AAA authentication server determined according to the identification of the PEGC.
  • a sixth aspect of the embodiment of the present disclosure provides an information processing device, wherein the device includes:
  • the first sending module is configured to send a first request to the network function, where the first request is used to request the network function to configure credentials for the personal Internet of Things unit PINE connected to the PEGC.
  • the first request at least includes: the identification of PINE.
  • the first request also includes at least one of the following:
  • Credential configuration indicator indicating the request for credential configuration
  • the identification of the PEGC is at least used for the legality verification of the PEGC.
  • the identification of the PEGC includes: the hidden identifier of the PEGC.
  • the first sending module is configured to send the non-access layer NAS message including the first request to the network function.
  • the first request further includes: capability information indicating the PEGC, wherein the capability information at least indicates the security capability of the PEGC.
  • the device also includes:
  • the first receiving module is configured to receive the operator credential sent by the network function after the default credential verification of PINE is passed;
  • the first sending module is also configured to send the operator credentials to the PINE.
  • a seventh aspect of the embodiment of the present disclosure provides an information processing device, wherein the device includes:
  • the second receiving module is configured to receive the first request sent by PEGC; wherein the first request requests credential configuration for PINE;
  • the second sending module is configured to send the second request to the authentication service function AUSF, where the second request is used for the AUSF to trigger UDM to configure the credentials of the PINE.
  • the first request includes: the identification of the PEGC;
  • the second sending module is configured to send the second request to the AUSF selected according to the identification of the PEGC.
  • the second request includes:
  • the identifier of the PINE is used to identify the PINE whose credentials are to be configured.
  • the second request also includes at least one of the following:
  • Credential configuration indicator indicating the request for credential configuration
  • the visited network name of the PEGC is the visited network name of the PEGC.
  • the PEGC identifier and the visited network name are used to verify whether the PEGC is legal.
  • the second sending module is further configured to send the capability information of the PEGC to the AUSF, where the capability information indicates the security capability of the PEGC.
  • An eighth aspect of the embodiment of the present disclosure provides an information processing device, which is executed by AUSF, and the device includes:
  • the third receiving module is configured to receive the second request sent by the AMF; the second request requests credential configuration for PINE;
  • the third sending module is configured to send a third request to the user data management UDM according to the second request, where the third request is used for the UDM to configure PINE credentials.
  • the third request includes:
  • the identifier of the PINE is used to identify the PINE whose credentials are to be configured.
  • the third request also includes at least one of the following:
  • Credential configuration indicator indicating the request for credential configuration
  • the visited network name of the PEGC is the visited network name of the PEGC.
  • the third receiving module is configured to receive a request response of the third request, wherein the request response includes: authentication method information;
  • the third sending module is configured to send a fourth request to the slice independent networking private network authentication and authorization network element NSSAAF when the authentication method information requires authentication authorization accounting AAA authentication service authentication, wherein the fourth request The request is used for the NSSAAF to select an authentication, authorization and accounting AAA authentication server to authenticate the default credentials of the PINE.
  • the third receiving module is configured to receive the request response of the third request returned when the PEGC verification is legal.
  • the fourth request includes: the identifier of PINE, where the identifier of the INE is used for the NSSAAF to select the authentication authorization accounting AAA authentication server for default credential authentication of PINE;
  • the fourth request includes: the identifier of the PEGC and the identifier of the PINE, where the identifier of the PEGC and the identifier of the PINE are used for authentication and authorization of the default credential authentication of the PINE selected by the NSSAAF. Accounting AAA authentication server.
  • the third receiving module is also configured to receive the authentication response of the fourth request
  • the third sending module is configured to send the authentication result of the PINE to the UDM when the authentication response indicates that the default credential authentication of the PINE is passed; wherein, the authentication result of the default credential authentication is passed.
  • the operator credential configuration process is used to initiate the PINE.
  • the second request includes: the capability information of the PEGC;
  • the device also includes:
  • a selection module configured to select a security algorithm used in the PINE operator credential configuration process based on the PEGC capability information.
  • a ninth aspect of the embodiment of the present disclosure provides an information processing device, wherein the device further includes:
  • the fourth receiving module is configured to receive a third request sent by the authentication service function AUSF; wherein the third request is used for credential configuration of PINE.
  • the device also includes:
  • the fourth sending module is configured to send a request response of the third request to the AUSF, wherein the request response of the third request includes: authentication mode information; wherein the authentication mode information is used to indicate whether Use the authentication, authorization and accounting AAA authentication server to authenticate PINE's default credentials.
  • the third request includes: the identification of the PEGC and/or the visited network name of the PEGC;
  • the fourth sending module is configured to send the third request carrying the authentication method information to the AUSF when verifying that the PEGC is legal based on the identification of the PEGC and/or the visited network name of the PEGC. Request response.
  • the fourth receiving module is also configured to receive the authentication result of the default credential of the PINE from the AUSF;
  • the device also includes:
  • the startup module is configured to start the operator credential configuration process of the PINE when the default credential of the PINE is legal.
  • the third request at least includes:
  • the third request also includes at least one of the following:
  • Credential configuration indicator indicating the request for operator credential configuration
  • the visited network name of the PEGC is the visited network name of the PEGC.
  • a tenth aspect of the embodiment of the present disclosure provides an information processing device, wherein the device includes:
  • the fifth receiving module is configured to receive the fourth request sent by AUSF;
  • the fifth sending module is configured to send a fifth request to the AAA authentication server according to the carry of the fourth request; wherein the fifth request is used for the AAA authentication server to verify the default credential of PINE;
  • the fifth receiving module is configured to receive a request response to the fifth request
  • the fifth sending module is configured to send a request response of the fourth request to the AUSF according to the request response of the fifth request; wherein the request response of the fourth request is used to carry the defective information. Certification results of provincial certificates.
  • the fourth request includes the identification of PEGC
  • the sending of a fifth request to the AAA authentication server based on the authentication method information carried in the fourth request includes:
  • the fifth request is sent to the AAA authentication server determined according to the identification of the PEGC.
  • An eleventh aspect of an embodiment of the present disclosure provides a communication device, including a processor, a transceiver, a memory, and an executable program stored in the memory and capable of being run by the processor, wherein the processor runs the executable program.
  • the information processing method provided in the first aspect or the second aspect is executed.
  • a twelfth aspect of the embodiments of the present disclosure provides a computer storage medium that stores an executable program; after the executable program is executed by a processor, it can implement the aforementioned first or second aspects.
  • Information processing methods are provided.
  • the policies related to the UE are determined based on the physical status information of the UE.
  • the thus determined strategy for controlling the data flow of the UE will not only take into account the network status and ignore the physical status of the UE. This reduces the waste of network resources and/or the poor communication quality of the UE caused by the inconsistency between the formulated strategy and the physical condition of the UE, improves the communication quality of the UE, and reduces the waste of network resources.
  • Figure 1 is a schematic structural diagram of a wireless communication system according to an exemplary embodiment
  • Figure 2 is a schematic flowchart of an information processing method according to an exemplary embodiment
  • Figure 3 is a schematic flowchart of an information processing method according to an exemplary embodiment
  • Figure 4 is a schematic flowchart of an information processing method according to an exemplary embodiment
  • Figure 5 is a schematic flowchart of an information processing method according to an exemplary embodiment
  • Figure 6 is a schematic flowchart of an information processing method according to an exemplary embodiment
  • Figure 7 is a schematic flowchart of an information processing method according to an exemplary embodiment
  • Figure 8 is a schematic flowchart of an information processing method according to an exemplary embodiment
  • Figure 9 is a schematic structural diagram of an information processing device according to an exemplary embodiment
  • Figure 10 is a schematic structural diagram of an information processing device according to an exemplary embodiment
  • Figure 11 is a schematic structural diagram of an information processing device according to an exemplary embodiment
  • Figure 12 is a schematic structural diagram of an information processing device according to an exemplary embodiment
  • Figure 13 is a schematic structural diagram of an information processing device according to an exemplary embodiment
  • Figure 14 is a schematic structural diagram of a UE according to an exemplary embodiment
  • Figure 15 is a schematic structural diagram of a communication device according to an exemplary embodiment.
  • first, second, third, etc. may be used to describe various information in the embodiments of the present disclosure, the information should not be limited to these terms. These terms are only used to distinguish information of the same type from each other.
  • first information may also be called second information, and similarly, the second information may also be called first information.
  • word “if” as used herein may be interpreted as "when” or "when” or "in response to determining.”
  • FIG. 1 shows a schematic structural diagram of a wireless communication system provided by an embodiment of the present disclosure.
  • the wireless communication system is a communication system based on cellular mobile communication technology.
  • the wireless communication system may include several UEs 11 and several access devices 12 .
  • UE11 may be a device that provides voice and/or data connectivity to users.
  • UE11 can communicate with one or more core networks via the Radio Access Network (RAN).
  • RAN Radio Access Network
  • UE11 can be an Internet of Things UE, such as a sensor device, a mobile phone (or a "cellular" phone) and a device with Internet of Things
  • the computer of the UE may, for example, be a fixed, portable, pocket-sized, handheld, computer-built-in or vehicle-mounted device.
  • UE11 may also be a device for an unmanned aerial vehicle.
  • UE11 may also be a vehicle-mounted device, for example, it may be a driving computer with a wireless communication function, or a wireless communication device connected to an external driving computer.
  • UE11 may also be a roadside device, for example, it may be a streetlight, a signal light or other roadside device with wireless communication function.
  • the access device 12 may be a network-side device in the wireless communication system.
  • the wireless communication system can be the 4th generation mobile communication technology (the 4th generation mobile communication, 4G) system, also known as the Long Term Evolution (LTE) system; or the wireless communication system can also be a 5G system, Also called new radio (NR) system or 5G NR system.
  • the wireless communication system may also be a next-generation system of the 5G system.
  • the access network in the 5G system can be called NG-RAN (New Generation-Radio Access Network). Or, MTC system.
  • the access device 12 may be an evolved access device (eNB) used in the 4G system.
  • the access device 12 may also be an access device (gNB) using a centralized distributed architecture in the 5G system.
  • eNB evolved access device
  • gNB access device
  • the access device 12 adopts a centralized distributed architecture it usually includes a centralized unit (central unit, CU) and at least two distributed units (distributed unit, DU).
  • the centralized unit is equipped with a protocol stack including the Packet Data Convergence Protocol (PDCP) layer, the Radio Link Control protocol (Radio Link Control, RLC) layer, and the Media Access Control (Media Access Control, MAC) layer; distributed
  • PDCP Packet Data Convergence Protocol
  • RLC Radio Link Control
  • MAC Media Access Control
  • the unit is provided with a physical (Physical, PHY) layer protocol stack, and the embodiment of the present disclosure does not limit the specific implementation of the access device 12.
  • a wireless connection can be established between the access device 12 and the UE11 through the wireless air interface.
  • the wireless air interface is a wireless air interface based on the fourth generation mobile communication network technology (4G) standard; or the wireless air interface is a wireless air interface based on the fifth generation mobile communication network technology (5G) standard, such as
  • the wireless air interface is a new air interface; alternatively, the wireless air interface may also be a wireless air interface based on the next generation mobile communication network technology standard of 5G.
  • PINE Personal IoT Network Element
  • PEGC and PEMC are also UEs that can directly access the 5G network.
  • PEMC can also access 5G networks through PEGC.
  • PINE cannot directly access the 5G network, and the 5G network needs to recognize the PINE for enhanced management.
  • 5G networks need to provide PINE with operator credentials. With operator credentials, 5GS can authenticate and identify the PINE behind the PEGC. Before provisioning 5G network to PINE, PINE's default credentials need to be authenticated. However, the lack of a mechanism to authenticate through the default credentials provided by 5GC's third-party Authentication, Authorization, Accounting (AAA) server will delay 5GC's communication control of PINE, resulting in communication delays. .
  • AAA Authentication, Authorization, Accounting
  • an embodiment of the present disclosure provides an information processing method, which is executed by PEGC.
  • the method includes:
  • S1110 Send a first request to the network function, where the first request is used to request the network function to configure credentials for the PINE connected to the PEGC.
  • the network function can include various core network functions.
  • the core network functions include but are not limited to: Access Management Function (AMF)
  • This first request may be used to request NF to allocate operator credentials for PINE.
  • the operator certificate may be a certificate of a communication network operator, for example, an operator certificate of a 5G network, a 4G network or a next-generation mobile communication network.
  • the PEGC here is a gateway that has passed NF verification and issued the PIN of the operator certificate.
  • a 3GPP connection is established between the PEGC and NF, and a secure non-3GPP connection is established between the PEGC and PINE.
  • the non-3GPP connection includes but is not limited to: Bluetooth connection and/or WiFi connection.
  • a PINE if a PINE is only configured with default credentials, it can apply for operator credentials from the network through PEGC after establishing a connection with PEGC. Subsequently, if the PINE needs to use network communication, it can be done quickly and efficiently. Communication, reduce communication delay and improve communication efficiency.
  • the first request includes at least: an identification of PINE.
  • the identification of this PINE can be used by NF to know which PINE applies for operator credentials.
  • the identifier of the PINE may include at least one of the following: PINE's International Mobile Equipment Identity (IMEI), Media Access Control (MAC) address, or any other identifier that uniquely identifies the PINE.
  • IMEI International Mobile Equipment Identity
  • MAC Media Access Control
  • the first request also includes at least one of the following:
  • Credential configuration indicator indicating the request for credential configuration
  • the identification of the PEGC is at least used for the legality verification of the PEGC.
  • the credential configuration indicator indicates that the operator credential needs to be configured for PINE. If the first request carries the credential configuration indicator, it indicates that the first request is a PEGC request for NF to configure operator credentials for PINE.
  • the credential configuration indicator may include one or more bits. For example, when the credential configuration indicator is 1 bit, if the bit is 1 or 0, it represents a request for credential configuration.
  • the credential configuration requested here can be: operator credential configuration.
  • the identification of PEGC can be used by NF to verify the legality of PEGC. If PEGC passes the legality verification, it means that the first request is credible.
  • the identification of PEGC includes but is not limited to:
  • User Concealed Identifier Subscription Concealed Identifier, SUCI
  • User Concealed Identifier Subscription Concealed Identifier, SUPI
  • sending the first request to the network function includes:
  • PEGC can serve as a UE connected to the 3GPP network, directly transmit NAS messages with the first network element, and carry the first request through various NAS messages. That is, access network functions such as base stations can transparently transmit NAS messages provided by PEGC.
  • a core network that enables rapid provisioning of first request.
  • the first request further includes: capability information indicating the PEGC, wherein the capability information at least indicates security capabilities of the PEGC.
  • the capability information may at least indicate: whether PEGC supports data encryption and data integrity verification; if it supports data encryption and/or integrity verification, which security algorithms PEGC supports.
  • the network function can select an appropriate security algorithm for data encryption and/or integrity verification based on PEGC's capability information.
  • PEGC receives an operator certificate issued by an operator from a network function, it can perform encrypted transmission of the operator certificate based on PEGC's security capabilities.
  • an embodiment of the present disclosure provides an information processing method, which is executed by PEGC.
  • the method includes:
  • S1210 Send a first request to the network function, where the first request is used to request the network function to configure credentials for the PINE connected to the PEGC.
  • S1220 Receive the operator credential sent by the network function after PINE's default credential verification is passed;
  • the PINE's default credentials pass verification, it means that the current PINE is a secure and/or legally trusted device, and therefore the network function will issue an operator credential to the PINE. If the network function issues an operator certificate, PEGC will receive the operator certificate. After PEGC receives the operator certificate, it will forward it to PINE.
  • PINE needs to register to the 3GPP network or communicate through the 3GPP network, it can achieve quick authentication based on the operator's credentials to improve PINE communication efficiency.
  • an embodiment of the present disclosure provides an information processing method, which is executed by a network access function (Access Management Function, AMF).
  • AMF Access Management Function
  • S2110 Receive the first request sent by PEGC; wherein the first request requests credential configuration for PINE;
  • S2120 Send the second request to the Authentication Service Function (AUSF), where the second request is used for the AUSF to trigger UDM to configure the credentials of the PINE.
  • AUSF Authentication Service Function
  • the AMF is a NF in the aforementioned information processing method.
  • AMF will receive the first request, and upon receiving the first request, it will send a request to AUSF. After receiving the second request, AUSF will request UDM to configure operator credentials for PINE.
  • the first request includes: an identification of the PEGC.
  • the S2120 may include: sending the second request to the AUSF selected according to the identification of the PEGC.
  • the first request carries the PEGC identifier.
  • the AUSF can carry the PEGC identifier in the second request, so that after UDM allocates operator credentials to PINE, it can use the PEGC identifier according to the PEGC identifier.
  • the PEGC identifier returns the operator's credentials to the corresponding PEGC.
  • the second request includes: an identification of the PINE, used to identify the PINE to be configured with credentials.
  • the identifier of the PINE may be carried in the first request.
  • the AUSF receives the first request, it receives the identifier of the PINE and carries the identifier of the PINE in the second request. This facilitates the UDM to know which PINE it is. Assign carrier credentials.
  • the second request further includes at least one of the following:
  • Credential configuration indicator indicating the request for credential configuration
  • the visited network name of the PEGC is the visited network name of the PEGC.
  • the PEGC identifier and the visited network name are used to verify whether the PEGC is legal.
  • the credential configuration indicator may include one or more bits.
  • the credential configuration indicator includes 1 bit, which when 0 or 1 indicates that credential configuration is requested.
  • the method further includes:
  • the AMF will also know the PEGC capability information.
  • the PEGC capability information may be carried in the first request, or may be informed by the AMF when the PEGC registers with the network.
  • the AMF will also carry the PEGC identifier in the second request, which indicates to which PEGC the subsequent AUSF or UDM needs to send the identifier issued to the PINE.
  • the second request may also carry the visited location name of the PEGC to facilitate subsequent network elements to select an AAA server for the default certificate authentication, thereby selecting an AAA server that is closer to the PEGC for default. Authentication of credentials, thereby increasing the authentication rate of default credentials.
  • an embodiment of the present disclosure provides an information processing method, which is executed by AUSF.
  • the method includes:
  • S3110 Receive the second request sent by AMF; the second request requests credential configuration for PINE;
  • S3120 According to the second request, send a third request to the UDM, where the third request is used for the UDM to configure PINE credentials.
  • the information processing method provided by the embodiment of the present disclosure can be executed by the AUSF in the aforementioned NF.
  • the AUSF can exchange various information with the AMF. AUSF will receive the second request sent by AMF, and the second request is used to request operator credentials for PINE.
  • AUSF After receiving the second request, AUSF will send a third request to UDM. This third request is to trigger UDM to perform operator credentials on PINE.
  • the third request includes:
  • the identifier of the PINE is used to identify the PINE whose credentials are to be configured.
  • the third request further includes at least one of the following:
  • Credential configuration indicator indicating the request for credential configuration
  • the visited network name of the PEGC is the visited network name of the PEGC.
  • the identification of the PEGC and/or the visited network name are used to verify whether the PEGC is legal.
  • the method further includes:
  • a fourth request is sent to the slice independent networking private network authentication and authorization network element NSSAAF, where the fourth request is used for the NSSAAF to select authentication and authorization.
  • the accounting AAA authentication server performs authentication of the default credentials of the PINE.
  • PINE's default credentials are not pre-issued or pre-configured by the network operator, the default credentials need to be authenticated by a third-party server. If PINE's default credentials are pre-issued or pre-configured by the network operator, the default credentials The certificate can be authenticated by NF within the network such as UDM.
  • AUSF after AUSF sends the third request to UDM, it will receive a request response returned by UDM.
  • the request response will carry authentication method information.
  • the authentication method information will indicate whether authentication by a third-party AAA server is required. If necessary, AUSF will respond to the request and send a fourth request to NSSAAF. After the fourth request is transmitted to NSSAAF, NSSAAF will select an AAA server that uses PINE's default credentials for authentication.
  • the fourth request may include: the identification of the PEGC and/or the visited network name of the PEGC.
  • the identification of the PEGC and/or the visited network identification of the PEGC can be used by the NSSAAF to select a network with a close physical distance or a close network distance from the PEGC.
  • the AAA server performs authentication of the PINE's default credentials.
  • receiving the request response of the third request includes:
  • the third request will carry the PEGC identifier, so that UDM can verify the legitimacy of PEGC. After the validity verification of PEGC is passed, UDM will return a request response for AUSF to send the fourth request to NSSAAF.
  • the fourth request includes: an identifier of PINE, where the identifier of PINE is used for the NSSAAF to select an authentication authorization accounting AAA authentication server for default credential authentication of PINE.
  • the fourth request includes: the identification of the PEGC and the identification of the PINE, wherein the identification of the PEGC and the identification of the PINE are used for the NSSAAF to select the PINE deficiency.
  • Trust credential authentication authentication authorization accounting AAA authentication server
  • NSSAAF may select an appropriate AAA server based solely on the identification of PINE. In another embodiment, NSSAAF will notify the user to select an appropriate AAA server based on the identifier of PINE and the identifier of PEGC.
  • the method further includes:
  • the authentication result of the PINE is sent to the UDM; wherein the authentication result that the default credential authentication is passed is used to start the operation of the PINE Business voucher configuration process.
  • the authentication result will be fed back to NSSAAF once, and NSSAAF will return it to AUSF.
  • AUSF If AUSF receives the authentication response and determines that PINE's default credential authentication has passed, it can send PINE's authentication result to UDM, which will trigger UDM to start the process of configuring PINE operator credentials.
  • the second request includes: capability information of the PEGC;
  • the method further includes: selecting a security algorithm used in the PINE operator credential configuration process based on the PEGC capability information.
  • the AUSF will also select the security algorithm used to configure operator credentials for PINE, and the selected security algorithm is used as the encryption algorithm and/or integrity protection algorithm in the process of configuring PINE operator credentials.
  • AUSF can inform at least one of UDM, AMF, and PEGC of the algorithm identification of the security algorithm, thereby enabling subsequent information exchange about operator credentials between any two of UDM, AMF, and PEGC. .
  • an embodiment of the present disclosure provides an information processing method, which is executed by UDM, and the method further includes:
  • S4110 Receive the third request sent by AUSF; wherein the third request is used for credential configuration of PINE.
  • UDM will receive a third request, which is a request to configure operator credentials for PINE.
  • the UDM can be the execution subject for configuring operator credentials. If the operator credentials are configured for the PINE, the configured operator credentials will be transmitted to the PEGC, and finally returned to the PINE by the PEGC.
  • the method further includes:
  • the request response of the third request includes: authentication mode information; wherein the authentication mode information is used to indicate whether to use authentication authorization accounting AAA authentication server Perform authentication with PINE's default credentials.
  • the UDM determines whether it needs to use a third-party AAA authentication server to authenticate the default credentials.
  • the third request includes: the identification of the PEGC and/or the visited network name of the PEGC;
  • the request response to the third request sent to the AUSF includes:
  • a request response of the third request carrying the authentication method information is sent to the AUSF.
  • the third request also includes the identification of the PEGC and/or the visited network name of the PEGC.
  • Subsequent UDM can verify the legitimacy of the PEGC based on the identification of the PEGC and/or the visited network name of the PEGC to ensure that PINE Security of operator credential configuration.
  • the method further includes:
  • UDM will receive the authentication result of PINE's default credential from AUSF. If PINE's default credential is legal, that is, PINE's default credential authentication passes, the configuration process for PINE's operator credentials can be started. , thereby realizing PINE’s operator credential authentication.
  • the third request at least includes: the identification of the PINE.
  • the third request also includes at least one of the following:
  • Credential configuration indicator indicating the request for operator credential configuration
  • the visited network name of the PEGC is the visited network name of the PEGC.
  • an embodiment of the present disclosure provides an information processing method, which is executed by NSSAAF.
  • the method includes:
  • S4120 Send a fifth request to the AAA authentication server according to the fourth request; wherein the fifth request is used for the AAA authentication server to verify the default credential of PINE;
  • S4140 Send a request response of the fourth request to the AUSF according to the request response of the fifth request; wherein the request response of the fourth request is used to carry the authentication result of the default credential.
  • NSSAAF will receive the fourth request from AUSF; if it receives the fourth request, it will send a request to the AAA server, thereby triggering the selected AAA server to perform PINE's default certificate authentication. Specifically, NSSAAF will send a fifth request to the AAA server based on the fourth request, and trigger the AAA server to perform PINE's default certificate authentication through the fifth request. The AAA server's authentication result for the default credential will be returned through the request response of the fifth request.
  • NSSAAF After receiving the request response, NSSAAF sends the request response of the fourth request to the corresponding AUSF, so that after receiving the request response of the fourth request, the AUSF determines whether to trigger UDM to allocate operator credentials to PINE.
  • the fourth request includes an identification of PEGC
  • the sending of a fifth request to the AAA authentication server based on the authentication method information carried in the fourth request includes:
  • the fifth request is sent to the AAA authentication server determined according to the identification of the PEGC.
  • PINE is pre-configured with default credentials, which are generated by a third-party AAA server.
  • the AAA server maintains a mapping between device identifiers and each PINE's default credentials.
  • PEGC has registered with the 5G Core Network (5GC).
  • 5GC 5G Core Network
  • the following is the process for default credential authentication of personal IoT devices using a third-party AAA server.
  • 1.PINE connects to PEGC via secure non-3GPP.
  • the PINE sends an operator credential configuration request to PEGC.
  • 5GC contains the logo of PINE.
  • the identification of the PINE may include at least: a device identifier.
  • the operator credential configuration request may be the aforementioned first request, which may be abbreviated as a credential configuration request.
  • PEGC sends a credential configuration request to AMF through a NAS message.
  • the credential configuration request includes: the credential configuration indicator, the device identifier of PINE, the SUCI of PEGC and/or the capability information of PEGC, which capability information is at least the security capability of PEGC. Credential configuration indicator indicating the purpose of this request.
  • the AMF will send an operator credential configuration request to the AUSF.
  • the operator credential configuration request may include PEGC capability information, and the PEGC capability information at least indicates the security capabilities of the PEGC.
  • AMF uses the AUSF_UEAuthentication_authentication service operation to initiate the PINE authentication process for PINE, e.g., sending a Nausf_UEAU-Authenticate Req to AUSF.
  • AMF should select AUSF based on PEGC’s SUCI.
  • the input to the Nausf_UEAuthentication_Authentication service operation includes the credential configuration request, the device identifier of PINE, the SUCI of PEGC, and the visited network (SN) name.
  • Nudm__Get service operation starts the Nudm__Get service operation through UDM.
  • Inputs to the Nudm_ueu_Get service operation include the credential setup indicator, PEGC's SUCI, and SN name.
  • UDM first checks whether PEGC is authorized as a legal gateway based on PEGC's contract information. If PEGC is not authorized to act as a gateway, UDM will terminate the credential provision process. Otherwise, UDM will determine PINE's authentication method based on PEGC's contracting data and credential configuration request.
  • the input of the operation includes PEGC's SUCI and authentication method information.
  • AUSF initiates the Nnssaaf_AIWF_authentication operation to NSSAAF.
  • the input to the operation includes the identifier of PINE. Specifically, AUSF selected NSSAAF based on PEGC’s SUCI.
  • 9.NSSAAF should select the AAA server based on the identification of PINE.
  • the PINE identification is then sent to the third-party AAA server.
  • 10.PINE and AAA servers perform mutual authentication based on the Extensible Authentication Protocol (EAP) EAP authentication mechanism and corresponding default credentials.
  • EAP Extensible Authentication Protocol
  • the third-party server sends an EAP success message to NSSAAF. Otherwise, the third-party AAA server will terminate the operator credential configuration process.
  • NSSAAF sends an EAP success message to AUSF through Nnssaaf_AIWF_authentication service operator.
  • AUSF starts the certification result indication procedure.
  • AUSF sends the credential configuration indicator, EAP success, PINE identification, PEGC SUPI and corresponding authentication method information to UDM.
  • the authentication result indication process can be implemented by defining a new UDM service operation or reusing the existing Nudm_UEAuthentication_ResultConfication operation.
  • UDM executes the operator credential configuration process, which may include: UDM stores PINE's authentication results. If the verification results indicate that PINE has been successfully authenticated, UDM will initiate the operator credential configuration process.
  • PEGC sends the configured operator credentials to PINE.
  • an embodiment of the present disclosure provides an information processing device, wherein the device includes:
  • the first sending module 110 is configured to send a first request to the network function, where the first request is used to request the network function to configure credentials for the personal Internet of Things unit PINE connected to the PEGC.
  • the information processing device may be included in the PEGC.
  • the information processing device further includes: a storage module; the storage module can be used to store at least the first request.
  • the information processing device may further include: a storage module; the storage module may be used to store at least the first request.
  • the first sending module 110 may be a program module; after the program module is executed by a processor, the above operations can be implemented.
  • the first sending module 110 may include: a software-hardware combination module; the software-hardware combination module includes but is not limited to: a programmable array; the programmable array includes but is not limited to: field programmable arrays and/or complex programmable arrays.
  • the first sending module 110 may include a pure hardware module.
  • the pure hardware module includes but is not limited to: application specific integrated circuit.
  • the first request includes at least: an identification of PINE.
  • the first request also includes at least one of the following:
  • Credential configuration indicator indicating the request for credential configuration
  • the identification of the PEGC is at least used for the legality verification of the PEGC.
  • the identification of the PEGC includes: a hidden identifier of the PEGC.
  • the first sending module 110 is configured to send a non-access stratum NAS message including the first request to the network function.
  • the first request further includes: capability information indicating the PEGC, wherein the capability information at least indicates security capabilities of the PEGC.
  • the device further includes:
  • the first receiving module is configured to receive the operator credential sent by the network function after the default credential verification of PINE is passed;
  • the first sending module 110 is also configured to send the operator certificate to the PINE.
  • an embodiment of the present disclosure provides an information processing device, wherein the device includes:
  • the second receiving module 210 is configured to receive the first request sent by PEGC; wherein the first request requests credential configuration for PINE;
  • the second sending module 220 is configured to send the second request to the authentication service function AUSF, where the second request is used for the AUSF to trigger UDM to configure the credentials of the PINE.
  • the information processing device may be included in the AMF.
  • the second receiving module 210 and the second sending module 220 may be program modules; after the program modules are executed by a processor, the above operations can be implemented.
  • the second receiving module 210 and the second sending module 220 may be software-hardware combination modules; the software-hardware combination modules include but are not limited to: programmable arrays; the programmable arrays include but Not limited to: field programmable arrays and/or complex programmable arrays.
  • the second receiving module 210 and the second sending module 220 may be pure hardware modules; the pure hardware modules include but are not limited to: application specific integrated circuits.
  • the first request includes: an identification of the PEGC
  • the second sending module 220 is configured to send the second request to the AUSF selected according to the identification of the PEGC.
  • the second request includes:
  • the identifier of the PINE is used to identify the PINE whose credentials are to be configured.
  • the second request further includes at least one of the following:
  • Credential configuration indicator indicating the request for credential configuration
  • the visited network name of the PEGC is the visited network name of the PEGC.
  • the PEGC identifier and the visited network name are used to verify whether the PEGC is legal.
  • the second sending module 220 is further configured to send the capability information of the PEGC to the AUSF, where the capability information indicates the security capability of the PEGC.
  • an embodiment of the present disclosure provides an information processing device, which includes:
  • the third receiving module 310 is configured to receive the second request sent by the AMF; the second request requests credential configuration for PINE;
  • the third sending module 320 is configured to send a third request to the user data management UDM according to the second request, where the third request is used for the UDM to configure PINE credentials.
  • the information processing device may be included in the AUSF.
  • the third receiving module 310 and the third sending module 320 may be program modules; after the program modules are executed by a processor, the above operations can be implemented.
  • the third receiving module 310 and the third sending module 320 may be software-hardware combination modules; the software-hardware combination modules include but are not limited to: programmable arrays; the programmable arrays include but Not limited to: field programmable arrays and/or complex programmable arrays.
  • the third receiving module 310 and the third sending module 320 may be pure hardware modules; the pure hardware modules include but are not limited to: application specific integrated circuits.
  • the third request includes:
  • the identifier of the PINE is used to identify the PINE whose credentials are to be configured.
  • the third request further includes at least one of the following:
  • Credential configuration indicator indicating the request for credential configuration
  • the visited network name of the PEGC is the visited network name of the PEGC.
  • the third receiving module 310 is configured to receive a request response to the third request, where the request response includes: authentication method information;
  • the third sending module 320 is configured to send a fourth request to the slice independent networking private network authentication and authorization network element NSSAAF when the authentication method information requires authentication authorization accounting AAA authentication service authentication, wherein the third The fourth request is used for the NSSAAF to select an authentication, authorization and accounting AAA authentication server to authenticate the default credentials of the PINE.
  • the third receiving module 310 is configured to receive the request response of the third request returned when the PEGC verification is legal.
  • the fourth request includes: the identification of PINE, where the identification of INE is used for the NSSAAF to select the authentication authorization accounting AAA authentication server for default credential authentication of PINE;
  • the fourth request includes: the identifier of the PEGC and the identifier of the PINE, where the identifier of the PEGC and the identifier of the PINE are used for authentication and authorization of the default credential authentication of the PINE selected by the NSSAAF. Accounting AAA authentication server.
  • the third receiving module 310 is further configured to receive the authentication response of the fourth request
  • the third sending module 320 is configured to send the authentication result of the PINE to the UDM when the authentication response indicates that the default credential authentication of the PINE has passed; wherein, the default credential authentication has passed.
  • the authentication result is used to start the operator credential configuration process of the PINE.
  • the second request includes: capability information of the PEGC;
  • the device also includes:
  • a selection module configured to select a security algorithm used in the PINE operator credential configuration process based on the PEGC capability information.
  • an embodiment of the present disclosure provides an information processing device, wherein the device further includes:
  • the fourth receiving module 410 is configured to receive a third request sent by the authentication service function AUSF; wherein the third request is used for credential configuration of PINE.
  • the information processing device may be included in the NSSAA.
  • the information processing device may further include: a storage module that may store the third request.
  • the fourth receiving module 410 may be a program module. After the program module is executed by the processor, the above operations can be implemented.
  • the fourth receiving module 410 may be a combination of soft and hard modules, which includes, but is not limited to, various programmable arrays; the programmable arrays include, but is not limited to: field programmable arrays and/or Complex programmable arrays.
  • the fourth receiving module 410 can also be a pure hardware module; the pure hardware module includes but is not limited to: an application specific integrated circuit.
  • the device further includes:
  • the fourth sending module is configured to send a request response of the third request to the AUSF, wherein the request response of the third request includes: authentication mode information; wherein the authentication mode information is used to indicate whether Use the authentication, authorization and accounting AAA authentication server to authenticate PINE's default credentials.
  • the third request includes: the identification of the PEGC and/or the visited network name of the PEGC;
  • the fourth sending module is configured to send the third request carrying the authentication method information to the AUSF when verifying that the PEGC is legal based on the identification of the PEGC and/or the visited network name of the PEGC. Request response.
  • the fourth receiving module 410 is further configured to receive the authentication result of the default credential of the PINE from the AUSF;
  • the device also includes:
  • the startup module is configured to start the operator credential configuration process of the PINE when the default credential of the PINE is legal.
  • the third request includes at least:
  • the third request further includes at least one of the following:
  • Credential configuration indicator indicating the request for operator credential configuration
  • the visited network name of the PEGC is the visited network name of the PEGC.
  • an embodiment of the present disclosure provides an information processing device, wherein the device includes:
  • the fifth receiving module 510 is configured to receive the fourth request sent by AUSF;
  • the fifth sending module 520 is configured to send a fifth request to the AAA authentication server according to the carry of the fourth request; wherein the fifth request is used for the AAA authentication server to verify the default credential of PINE;
  • the fifth receiving module 510 is configured to receive the request response of the fifth request
  • the fifth sending module 520 is configured to send a request response of the fourth request to the AUSF according to the request response of the fifth request; wherein the request response of the fourth request is used to carry the Authentication results for default credentials.
  • the information processing device may be included in the UDM.
  • the fifth receiving module 510 and the fifth sending module 520 may be program modules. After the program modules are executed by the processor, the above operations can be implemented.
  • the fifth receiving module 510 and the fifth sending module 520 may be software-hardware combination modules, and the software-hardware combination modules include, but are not limited to, various programmable arrays; the programmable arrays include, but are not limited to: field Programmable arrays and/or complex programmable arrays.
  • the fifth receiving module 510 and the fifth sending module 520 can also be pure hardware modules; the pure hardware modules include but are not limited to: application specific integrated circuits.
  • the fourth request includes an identification of PEGC
  • the sending of a fifth request to the AAA authentication server based on the authentication method information carried in the fourth request includes:
  • the fifth request is sent to the AAA authentication server determined according to the identification of the PEGC.
  • An embodiment of the present disclosure provides a communication device, including:
  • Memory used to store instructions executable by the processor
  • the processor is configured to execute the information processing method provided by any of the foregoing technical solutions.
  • the processor may include various types of storage media, which are non-transitory computer storage media that can continue to store information stored thereon after the communication device is powered off.
  • the communication device includes: a UE or a network element, and the network element may be any one of the aforementioned first to fourth network elements.
  • the processor may be connected to the memory through a bus or the like, and be used to read the executable program stored on the memory, for example, at least one of the methods shown in FIGS. 2 to 8 .
  • FIG 14 is a block diagram of a UE 800 according to an exemplary embodiment.
  • UE 800 may be a mobile phone, computer, digital broadcast user equipment, messaging device, game console, tablet device, medical device, fitness device, personal digital assistant, etc.
  • UE 800 may include one or more of the following components: a processing component 802, a memory 804, a power supply component 806, a multimedia component 808, an audio component 810, an input/output (I/O) interface 812, a sensor component 814, and Communication component 816.
  • Processing component 802 generally controls the overall operations of UE 800, such as operations associated with display, phone calls, data communications, camera operations, and recording operations.
  • the processing component 802 may include one or more processors 820 to execute instructions to generate all or part of the steps of the methods described above.
  • processing component 802 may include one or more modules that facilitate interaction between processing component 802 and other components.
  • processing component 802 may include a multimedia module to facilitate interaction between multimedia component 808 and processing component 802.
  • Memory 804 is configured to store various types of data to support operations at UE 800. Examples of this data include instructions for any application or method operating on the UE800, contact data, phonebook data, messages, pictures, videos, etc.
  • Memory 804 may be implemented by any type of volatile or non-volatile storage device, or a combination thereof, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EEPROM), Programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk.
  • SRAM static random access memory
  • EEPROM electrically erasable programmable read-only memory
  • EEPROM erasable programmable read-only memory
  • EPROM Programmable read-only memory
  • PROM programmable read-only memory
  • ROM read-only memory
  • magnetic memory flash memory, magnetic or optical disk.
  • Power supply component 806 provides power to various components of UE 800.
  • Power component 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power to UE 800.
  • Multimedia component 808 includes a screen that provides an output interface between the UE 800 and the user.
  • the screen may include a liquid crystal display (LCD) and a touch panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from the user.
  • the touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide action.
  • multimedia component 808 includes a front-facing camera and/or a rear-facing camera. When UE800 is in operating mode, such as shooting mode or video mode, the front camera and/or rear camera can receive external multimedia data.
  • Each front-facing camera and rear-facing camera can be a fixed optical lens system or have a focal length and optical zoom capabilities.
  • Audio component 810 is configured to output and/or input audio signals.
  • audio component 810 includes a microphone (MIC) configured to receive external audio signals when UE 800 is in operating modes, such as call mode, recording mode, and voice recognition mode. The received audio signal may be further stored in memory 804 or sent via communication component 816 .
  • audio component 810 also includes a speaker for outputting audio signals.
  • the I/O interface 812 provides an interface between the processing component 802 and a peripheral interface module, which may be a keyboard, a click wheel, a button, etc. These buttons may include, but are not limited to: Home button, Volume buttons, Start button, and Lock button.
  • Sensor component 814 includes one or more sensors that provide various aspects of status assessment for UE 800 .
  • the sensor component 814 can detect the open/closed state of the device 800, the relative positioning of components, such as the display and keypad of the UE800, the sensor component 814 can also detect the position change of the UE800 or a component of the UE800, the user and the Presence or absence of UE800 contact, UE800 orientation or acceleration/deceleration and temperature changes of UE800.
  • Sensor assembly 814 may include a proximity sensor configured to detect the presence of nearby objects without any physical contact.
  • Sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications.
  • the sensor component 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
  • Communication component 816 is configured to facilitate wired or wireless communication between UE 800 and other devices.
  • UE800 can access wireless networks based on communication standards, such as WiFi, 2G or 3G, or a combination thereof.
  • the communication component 816 receives broadcast signals or broadcast related information from an external broadcast management system via a broadcast channel.
  • the communications component 816 also includes a near field communications (NFC) module to facilitate short-range communications.
  • NFC near field communications
  • the NFC module can be implemented based on radio frequency identification (RFID) technology, infrared data association (IrDA) technology, ultra-wideband (UWB) technology, Bluetooth (BT) technology and other technologies.
  • RFID radio frequency identification
  • IrDA infrared data association
  • UWB ultra-wideband
  • Bluetooth Bluetooth
  • UE 800 may be configured by one or more application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gates Array (FPGA), controller, microcontroller, microprocessor or other electronic components are implemented for executing the above method.
  • ASICs application specific integrated circuits
  • DSPs digital signal processors
  • DSPDs digital signal processing devices
  • PLDs programmable logic devices
  • FPGA field programmable gates Array
  • controller microcontroller, microprocessor or other electronic components are implemented for executing the above method.
  • a non-transitory computer-readable storage medium including instructions such as a memory 804 including instructions, executable by the processor 820 of the UE 800 to generate the above method is also provided.
  • the non-transitory computer-readable storage medium may be ROM, random access memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.
  • an embodiment of the present disclosure shows the structure of an access device.
  • the communication device 900 may be provided as a network side device.
  • the communication device may be various network elements such as the aforementioned access network element and/or network function.
  • communications device 900 includes a processing component 922, which further includes one or more processors, and memory resources represented by memory 932 for storing instructions, such as application programs, executable by processing component 922.
  • the application program stored in memory 932 may include one or more modules, each corresponding to a set of instructions.
  • the processing component 922 is configured to execute instructions to perform any of the foregoing methods applied to the access device, for example, the methods shown in any one of Figures 2 to 8.
  • Communication device 900 may also include a power supply component 926 configured to perform power management of communication device 900, a wired or wireless network interface 950 configured to connect communication device 900 to a network, and an input-output (I/O) interface 958 .
  • the communication device 900 may operate based on an operating system stored in the memory 932, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本公开实施例提供一种信息处理方法及装置、通信设备及存储介质。由PEGC执行的信息处理方法可包括:向网络功能发送第一请求,其中,所述第一请求,用于请求所述网络功能对所述PEGC连接的PINE进行凭证配置。

Description

信息处理方法及装置、通信设备及存储介质 技术领域
本公开涉及无线通信技术领域但不限于无线通信技术领域,尤其涉及一种信息处理方法及装置、通信设备及存储介质。
背景技术
物联网设备(Internet of Things,IoT)设备有很多种。
典型的物联网设备包括但不限于:可穿戴设备、智能家居设备和/或智能办公设备。
典型的可穿戴设备包括不限于:耳机、智能手表和/或健康监控传感器。
典型的智能家居设备包括但不限于:智能灯、相机、恒温器、门禁设备、语音助手设备、扬声器、冰箱、洗衣机、割草机和/或机器人。
智能办公设备可应用于在小型企业的办公室或工厂,典型的智能办公设备包括但不限于:打印机、仪表和/或传感器。
一些物联网设备在尺寸方面有非常具体的要求(例如耳机),一些物联网设备在重量方面有非常具体的要求(例如眼镜)。
一些物联网设备在多个领域(即尺寸、重量和功耗)有非常具体的要求。
基于物联网设备数量的大幅增加,用户主要在家中、办公室、工厂和/或身体周围利用所有这些物联网设备创建(例如,规划、更改拓扑)网络。个人物联网(Personal IoT Network,PIN),可由用户经常使用的各种设备组成。
发明内容
本公开实施例提供一种信息处理方法及装置、通信设备及存储介质。
本公开实施例第一方面提供一种信息处理方法,其中,由个人物联网网关PEGC执行,所述方法包括:
向网络功能发送第一请求,其中,所述第一请求,用于请求所述网络功能对所述PEGC连接的个人物联网单元PINE进行凭证配置。
基于上述方案,所述第一请求至少包括:PINE的标识。
基于上述方案,所述第一请求,还包括以下至少之一:
凭证配置指示符,指示请求凭证配置;
所述PEGC的标识,至少用于所述PEGC的合法性验证。
基于上述方案,所述PEGC的标识包括:所述PEGC的隐藏标识符。
基于上述方案,所述向网络功能发送第一请求包括:
向所述网络功能发送包含所述第一请求的非接入层NAS消息。
基于上述方案,所述第一请求还包括:指示所述PEGC的能力信息,其中,所述能力信息至少指示所述PEGC的安全能力。
基于上述方案,所述方法还包括:
接收在PINE的缺省凭证验证通过之后由所述网络功能发送的运营商凭证;
将所述运营商凭证发送给所述PINE。
本公开实施例第二方面提供一种信息处理方法,其中,由网络接入功能AMF执行,所述方法包括:
接收PEGC发送的第一请求;其中,所述第一请求,请求对PINE进行凭证配置;
向认证服务功能AUSF发送所述第二请求,其中,所述第二请求,用于供所述AUSF触发UDM进行所述PINE的凭证配置。
基于上述方案,所述第一请求包括:所述PEGC的标识;
所述向认证服务功能AUSF发送所述第二请求,包括:
向根据所述PEGC的标识选择的所述AUSF发送所述第二请求。
基于上述方案,所述第二请求包括:
所述PINE的标识,用于标识待进行凭证配置的PINE。
基于上述方案,所述第二请求还包括以下至少之一:
凭证配置指示符,指示请求凭证配置;
所述PEGC的标识;
所述PEGC的拜访地网络名称;
其中,所述PEGC的标识和所述拜访地网络名称,用于验证所述PEGC是否合法。
基于上述方案,所述方法还包括:
本公开实施例第三方面提供一种信息处理方法,其中,由AUSF执行,所述方法包括:
接收AMF发送的第二请求;所述第二请求,请求对PINE进行凭证配置;
根据所述第二请求,向用户数据管理UDM发送第三请求,其中,所述第三请求,用于供所述UDM进行PINE的凭证配置。
基于上述方案,所述第三请求包括:
所述PINE的标识,用于标识待进行凭证配置的PINE。
基于上述方案,所述第三请求还包括以下至少之一:
凭证配置指示符,指示请求凭证配置;
所述PEGC的标识;
所述PEGC的拜访地网络名称。
基于上述方案,所述方法还包括:
接收所述第三请求的请求响应,其中,所述请求响应包括:认证方式信息;
当所述认证方式信息需要认证授权记账AAA认证服务认证时,向切片独立组网私网认证授权网元NSSAAF发送第四请求,其中,所述第四请求用于供所述NSSAAF选择认证授权记账AAA认证服务器进行所述PINE的缺省凭证的认证。
基于上述方案,所述接收所述第三请求的请求响应,包括:
接收在所述PEGC验证合法时返回的所述第三请求的请求响应。
基于上述方案,所述第四请求包括:PINE的标识,其中,所述PINE的标识,用于供所述NSSAAF选择进行PINE的缺省凭证认证的认证授权记账AAA认证服务器;
或者,
所述第四请求包括:所述PEGC的标识和所述PINE的标识,其中,所述PEGC的标识和所述PINE的标识,用于供所述NSSAAF选择进行PINE的缺省凭证认证的认证授权记账AAA认证服务器。
基于上述方案,所述方法还包括:
接收所述第四请求的认证响应;
当所述认证响应指示所述PINE的缺省凭证认证通过时,向所述UDM发送所述PINE的认证结果;其中,所述缺省凭证认证通过的认证结果,用于启动所述PINE的运营商凭证配置流程。
基于上述方案,所述第二请求包括:所述PEGC的能力信息;
所述方法还包括:
根据所述PEGC的能力信息,选择所述PINE运营商凭证配置流程中使用的安全算法。
本公开实施例第四方面提供一种信息处理方法,其中,由用户数据管理UDM执行,所述方法还包括:
接收认证服务功能AUSF发送的第三请求;其中,所述第三请求,用于PINE的凭证配置。
基于上述方案,所述方法还包括:
向所述AUSF发送所述第三请求的请求响应,其中,所述第三请求的请求响应包括:认证方式信息;其中,所述认证方式信息,用于指示是否采用认证授权记账AAA认证服务器进行PINE的缺省凭证的认证。
基于上述方案,所述第三请求包括:PEGC的标识和/或PEGC的拜访地网络名称;
所述向所述AUSF发送所述第三请求的请求响应,包括:
当根据PEGC的标识和/或PEGC的拜访地网络名称验证所述PEGC合法时,向所述AUSF发送携带有所述认证方式信息的所述第三请求的请求响应。
基于上述方案,所述方法还包括:
从所述AUSF接收所述PINE的缺省凭证的认证结果;
当所述PINE的缺省凭证合法时,启动所述PINE的运营商凭证配置流程。
基于上述方案,所述第三请求至少包括:
所述PINE的标识。
基于上述方案,所述第三请求还包括以下至少之一:
凭证配置指示符,指示请求运营商凭证配置;
所述PEGC的标识;
所述PEGC的拜访地网络名称。
本公开实施例第五方面提供一种信息处理方法,其中,由切片独立组网私网认证授权网元NSSAAF执行,所述方法包括:
接收AUSF发送的第四请求;
根据所述第四请求携带,向AAA认证服务器发送第五请求;其中,所述第五请求,用于供所述AAA认证服务器验证PINE的缺省凭证;
接收所述第五请求的请求响应;
根据所述第五请求的请求响应,向所述AUSF发送第四请求的请求响应;其中,所述第四请求的请求响应,用于携带有所述缺省凭证的认证结果。
基于上述方案,所述第四请求包括PEGC的标识;
所述根据所述第四请求携带的认证方式信息,向AAA认证服务器发送第五请求,包括:
根据所述第四请求携带的认证方式信息,向根据所述PEGC的标识确定的AAA认证服务器发送所述第五请求。
本公开实施例第六方面提供一种信息处理装置,其中,所述装置包括:
第一发送模块,被配置为向网络功能发送第一请求,其中,所述第一请求,用于请求所述网络功能对所述PEGC连接的个人物联网单元PINE进行凭证配置。
基于上述方案,所述第一请求至少包括:PINE的标识。
基于上述方案,所述第一请求,还包括以下至少之一:
凭证配置指示符,指示请求凭证配置;
所述PEGC的标识,至少用于所述PEGC的合法性验证。
基于上述方案,所述PEGC的标识包括:所述PEGC的隐藏标识符。
基于上述方案,所述第一发送模块,被配置为向所述网络功能发送包含所述第一请求的非接入层NAS消息。
基于上述方案,所述第一请求还包括:指示所述PEGC的能力信息,其中,所述能力信息至少指示所述PEGC的安全能力。
基于上述方案,所述装置还包括:
第一接收模块,被配置为接收在PINE的缺省凭证验证通过之后由所述网络功能发送的运营商 凭证;
所述第一发送模块,还被配置为将所述运营商凭证发送给所述PINE。
本公开实施例第七方面提供一种信息处理装置,其中,所述装置包括:
第二接收模块,被配置为接收PEGC发送的第一请求;其中,所述第一请求,请求对PINE进行凭证配置;
第二发送模块,被配置为向认证服务功能AUSF发送所述第二请求,其中,所述第二请求,用于供所述AUSF触发UDM进行所述PINE的凭证配置。
基于上述方案,所述第一请求包括:所述PEGC的标识;
所述第二发送模块,被配置为向根据所述PEGC的标识选择的所述AUSF发送所述第二请求。
基于上述方案,所述第二请求包括:
所述PINE的标识,用于标识待进行凭证配置的PINE。
基于上述方案,所述第二请求还包括以下至少之一:
凭证配置指示符,指示请求凭证配置;
所述PEGC的标识;
所述PEGC的拜访地网络名称;
其中,所述PEGC的标识和所述拜访地网络名称,用于验证所述PEGC是否合法。
基于上述方案,所述第二发送模块,还被配置为向AUSF发送所述PEGC的能力信息,其中,所述能力信息指示所述PEGC的安全能力。
本公开实施例第八方面提供一种信息处理装置,其中,由AUSF执行,所述装置包括:
第三接收模块,被配置为接收AMF发送的第二请求;所述第二请求,请求对PINE进行凭证配置;
第三发送模块,被配置为根据所述第二请求,向用户数据管理UDM发送第三请求,其中,所述第三请求,用于供所述UDM进行PINE的凭证配置。
基于上述方案,所述第三请求包括:
所述PINE的标识,用于标识待进行凭证配置的PINE。
基于上述方案,所述第三请求还包括以下至少之一:
凭证配置指示符,指示请求凭证配置;
所述PEGC的标识;
所述PEGC的拜访地网络名称。
基于上述方案,所述第三接收模块,被配置为接收所述第三请求的请求响应,其中,所述请求响应包括:认证方式信息;
所述第三发送模块,被配置为当所述认证方式信息需要认证授权记账AAA认证服务认证时,向切片独立组网私网认证授权网元NSSAAF发送第四请求,其中,所述第四请求用于供所述NSSAAF 选择认证授权记账AAA认证服务器进行所述PINE的缺省凭证的认证。
基于上述方案,所述第三接收模块,被配置为接收在所述PEGC验证合法时返回的所述第三请求的请求响应。
基于上述方案,所述第四请求包括:PINE的标识,其中,所述INE的标识,用于供所述NSSAAF选择进行PINE的缺省凭证认证的认证授权记账AAA认证服务器;
或者,
所述第四请求包括:所述PEGC的标识和所述PINE的标识,其中,所述PEGC的标识和所述PINE的标识,用于供所述NSSAAF选择进行PINE的缺省凭证认证的认证授权记账AAA认证服务器。
基于上述方案,所述第三接收模块,还被配置为接收所述第四请求的认证响应;
所述第三发送模块,被配置为当所述认证响应指示所述PINE的缺省凭证认证通过时,向所述UDM发送所述PINE的认证结果;其中,所述缺省凭证认证通过的认证结果,用于启动所述PINE的运营商凭证配置流程。
基于上述方案,所述第二请求包括:所述PEGC的能力信息;
所述装置还包括:
选择模块,被配置为根据所述PEGC的能力信息,选择所述PINE运营商凭证配置流程中使用的安全算法。
本公开实施例第九方面提供一种信息处理装置,其中,所述装置还包括:
第四接收模块,被配置为接收认证服务功能AUSF发送的第三请求;其中,所述第三请求,用于PINE的凭证配置。
基于上述方案,所述装置还包括:
第四发送模块,被配置为向所述AUSF发送所述第三请求的请求响应,其中,所述第三请求的请求响应包括:认证方式信息;其中,所述认证方式信息,用于指示是否采用认证授权记账AAA认证服务器进行PINE的缺省凭证的认证。
基于上述方案,所述第三请求包括:PEGC的标识和/或PEGC的拜访地网络名称;
所述第四发送模块,被配置为当根据PEGC的标识和/或PEGC的拜访地网络名称验证所述PEGC合法时,向所述AUSF发送携带有所述认证方式信息的所述第三请求的请求响应。
基于上述方案,所述第四接收模块,还被配置为从所述AUSF接收所述PINE的缺省凭证的认证结果;
所述装置还包括:
启动模块,被配置为当所述PINE的缺省凭证合法时,启动所述PINE的运营商凭证配置流程。
基于上述方案,所述第三请求至少包括:
所述PINE的标识。
基于上述方案,所述第三请求还包括以下至少之一:
凭证配置指示符,指示请求运营商凭证配置;
所述PEGC的标识;
所述PEGC的拜访地网络名称。
本公开实施例第十方面提供一种信息处理装置,其中,所述装置包括:
第五接收模块,被配置为接收AUSF发送的第四请求;
第五发送模块,被配置为根据所述第四请求携带,向AAA认证服务器发送第五请求;其中,所述第五请求,用于供所述AAA认证服务器验证PINE的缺省凭证;
所述第五接收模块,被配置为接收所述第五请求的请求响应;
所述第五发送模块,被配置为根据所述第五请求的请求响应,向所述AUSF发送第四请求的请求响应;其中,所述第四请求的请求响应,用于携带有所述缺省凭证的认证结果。
基于上述方案,所述第四请求包括PEGC的标识;
所述根据所述第四请求携带的认证方式信息,向AAA认证服务器发送第五请求,包括:
根据所述第四请求携带的认证方式信息,向根据所述PEGC的标识确定的AAA认证服务器发送所述第五请求。
本公开实施例第十一方面提供一种通信设备,包括处理器、收发器、存储器及存储在存储器上并能够有所述处理器运行的可执行程序,其中,所述处理器运行所述可执行程序时执行如前述第一方面或第二方面提供的信息处理方法。
本公开实施例第十二方面提供一种计算机存储介质,所述计算机存储介质存储有可执行程序;所述可执行程序被处理器执行后,能够实现前述的第一方面或第二方面提供的信息处理方法。
本公开实施例提供的技术方案,与UE相关的策略,是根据UE的物理状态信息确定的,如此确定的控制UE的数据流的策略,不会仅仅兼顾网络状况而忽略了UE的物理状况,减少制定的策略与UE的物理状况不符导致的网络资源浪费和/或UE的通信质量差的现象,提升了UE的通信质量,并减少了网络资源浪费。
应当理解的是,以上的一般描述和后文的细节描述仅是示例性和解释性的,并不能限制本公开实施例。
附图说明
此处的附图被并入说明书中并构成本说明书的一部分,示出了符合本发明实施例,并与说明书一起用于解释本发明实施例的原理。
图1是根据一示例性实施例示出的一种无线通信系统的结构示意图;
图2是根据一示例性实施例示出的一种信息处理方法的流程示意图;
图3是根据一示例性实施例示出的一种信息处理方法的流程示意图;
图4是根据一示例性实施例示出的一种信息处理方法的流程示意图;
图5是根据一示例性实施例示出的一种信息处理方法的流程示意图;
图6是根据一示例性实施例示出的一种信息处理方法的流程示意图;
图7是根据一示例性实施例示出的一种信息处理方法的流程示意图;
图8是根据一示例性实施例示出的一种信息处理方法的流程示意图;
图9是根据一示例性实施例示出的一种信息处理装置的结构示意图;
图10是根据一示例性实施例示出的一种信息处理装置的结构示意图;
图11是根据一示例性实施例示出的一种信息处理装置的结构示意图;
图12是根据一示例性实施例示出的一种信息处理装置的结构示意图;
图13是根据一示例性实施例示出的一种信息处理装置的结构示意图;
图14是根据一示例性实施例示出的一种UE的结构示意图;
图15是根据一示例性实施例示出的一种通信设备的结构示意图。
具体实施方式
这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本发明实施例相一致的所有实施方式。相反,它们仅是本发明实施例的一些方面相一致的装置和方法的例子。
在本公开实施例使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本公开实施例。在本公开所使用的单数形式的“一种”、“”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。还应当理解,本文中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。
应当理解,尽管在本公开实施例可能采用术语第一、第二、第三等来描述各种信息,但这些信息不应限于这些术语。这些术语仅用来将同一类型的信息彼此区分开。例如,在不脱离本公开实施例范围的情况下,第一信息也可以被称为第二信息,类似地,第二信息也可以被称为第一信息。取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”。
请参考图1,其示出了本公开实施例提供的一种无线通信系统的结构示意图。如图1所示,无线通信系统是基于蜂窝移动通信技术的通信系统,该无线通信系统可以包括:若干个UE11以及若干个接入设备12。
其中,UE11可以是指向用户提供语音和/或数据连通性的设备。UE11可以经无线接入网(Radio Access Network,RAN)与一个或多个核心网进行通信,UE11可以是物联网UE,如传感器设备、移动电话(或称为“蜂窝”电话)和具有物联网UE的计算机,例如,可以是固定式、便携式、袖珍 式、手持式、计算机内置的或者车载的装置。例如,站(Station,STA)、订户单元(subscriber unit)、订户站(subscriber station)、移动站(mobile station)、移动台(mobile)、远程站(remote station)、接入点、远程UE(remote terminal)、接入UE(access terminal)、用户装置(user terminal)、用户代理(user agent)、用户设备(user device)、或用户UE(user equipment,UE)。或者,UE11也可以是无人飞行器的设备。或者,UE11也可以是车载设备,比如,可以是具有无线通信功能的行车电脑,或者是外接行车电脑的无线通信设备。或者,UE11也可以是路边设备,比如,可以是具有无线通信功能的路灯、信号灯或者其它路边设备等。
接入设备12可以是无线通信系统中的网络侧设备。其中,该无线通信系统可以是第四代移动通信技术(the 4th generation mobile communication,4G)系统,又称长期演进(Long Term Evolution,LTE)系统;或者,该无线通信系统也可以是5G系统,又称新空口(new radio,NR)系统或5G NR系统。或者,该无线通信系统也可以是5G系统的再下一代系统。其中,5G系统中的接入网可以称为NG-RAN(New Generation-Radio Access Network,新一代无线接入网)。或者,MTC系统。
其中,接入设备12可以是4G系统中采用的演进型接入设备(eNB)。或者,接入设备12也可以是5G系统中采用集中分布式架构的接入设备(gNB)。当接入设备12采用集中分布式架构时,通常包括集中单元(central unit,CU)和至少两个分布单元(distributed unit,DU)。集中单元中设置有分组数据汇聚协议(Packet Data Convergence Protocol,PDCP)层、无线链路层控制协议(Radio Link Control,RLC)层、媒体访问控制(Media Access Control,MAC)层的协议栈;分布单元中设置有物理(Physical,PHY)层协议栈,本公开实施例对接入设备12的具体实现方式不加以限定。
接入设备12和UE11之间可以通过无线空口建立无线连接。在不同的实施方式中,该无线空口是基于第四代移动通信网络技术(4G)标准的无线空口;或者,该无线空口是基于第五代移动通信网络技术(5G)标准的无线空口,比如该无线空口是新空口;或者,该无线空口也可以是基于5G的更下一代移动通信网络技术标准的无线空口。
PIN中有三种类型的个人物联网单元(Personal IoT Network Element,PINE):具有网关功能的设备(PEGC)、具有管理功能的设备(PEMC),以及不具有网关和管理功能的普通PINE。
PEGC和PEMC也是可以直接接入5G网络的UE。PEMC还可以通过PEGC访问5G网络。
PINE无法直接访问5G网络,而5G网络需要识别PINE以增强管理。为了满足需求,5G网络需要为PINE提供运营商凭证。有了运营商凭证,5GS可以验证和识别PEGC背后的PINE。在向PINE提供5G网络之前,需要对PINE的缺省凭据进行身份验证。然而,缺乏通过5GC对第三方的验证、授权和记账(Authentication、Authorization、Accounting,AAA)服务器提供的默认凭据进行身份验证的机制,这会延迟5GC对PINE的通信控制,从而导致通信延时。
如图2所示,本公开实施例提供一种信息处理方法,由PEGC执行,所述方法包括:
S1110:向网络功能发送第一请求,其中,所述第一请求,用于请求所述网络功能对所述PEGC连接的PINE进行凭证配置。
该网络功能(Network Function,NF)可包括各种核心网功能。该核心网功能包括但不限于:接入管理功能(Access Management Function,AMF)
该第一请求可用于请求NF为PINE分配运营商凭证。该运营商凭证可为通信网络运营商的凭证,例如,5G网络、4G网络或者下一代移动通信网络的运营商凭证。
此处的PEGC为已经通过NF验证,并颁发了运营商凭证的PIN的网关。
该PEGC与NF之间建立有3GPP连接,而PEGC和PINE之间建立安全的非3GPP连接。该非3GPP连接包括但不限于:蓝牙连接和/或WiFi连接。
在本公开实施例中,若一个仅仅配置有缺省凭证的PINE,可以在与PEGC建立连接之后,通过PEGC向网络申请运营商凭证,后续,若该PINE需要使用网络通信时,可以快速高效进行通信,减少通信延时,提升通信效率。
在一个实施例中,所述第一请求至少包括:PINE的标识。
该PINE的标识,可用于NF知晓哪个PINE申请运营商凭证。所述PINE的标识可包括以下至少之一:PINE的国际移动设备识别码(International Mobile Equipment Identity,IMEI)、媒体访问控制(MAC)地址等等唯一标识所述PINE的任意标识。
在一些实施例中,所述第一请求,还包括以下至少之一:
凭证配置指示符,指示请求凭证配置;
所述PEGC的标识,至少用于所述PEGC的合法性验证。
所述凭证配置指示符,指示需要为PINE配置运营商凭证,若第一请求携带有凭证配置指示符,则说明该第一请求为PEGC请求NF为PINE进行运营商凭证配置的请求。
在一个实施例中,所述凭证配置指示符可包括一个或多个比特。示例性地,该凭证配置指示符为1个比特时,若该比特为1或0时代表请求凭证配置。此处请求的凭证配置可为:运营商凭证配置。
PEGC的标识,可用于NF验证PEGC的合法性验证,若PEGC通过合法性验证,则说明该第一请求是可信的。
示例性地,所述PEGC的标识包括但不限于:
用户隐藏标识符(Subscription Concealed Identifier,SUCI);和/或用户隐藏标识(Subscription Concealed Identifier,SUPI)。
在一些实施例中,所述向网络功能发送第一请求包括:
向所述网络功能发送包含所述第一请求的非接入层NAS消息。
即PEGC可以作为接入到3GPP网络的UE,直接与第一网元之间传输NAS消息,通过各种NAS消息携带第一请求,即基站等接入网功能可以透传PEGC提供的NAS消息,实现第一请求快速提供的核心网。在一些实施例中,所述第一请求还包括:指示所述PEGC的能力信息,其中,所述能力信息至少指示所述PEGC的安全能力。
示例性地,所述能力信息至少可指示:PEGC是否支持数据加密、是否支持数据完整性校验; 若支持数据加密和/或完整性校验,则PEGC支持哪些安全算法。
如此,若PEGC需要和网络功能之间进行安全通信时,网络功能可以根据PEGC的能力信息,选择合适的安全算法进行数据加密和/或完整性校验。
示例性地,若PEGC从网络功能接收运营商颁发的运营商证书时,可以基于PEGC的安全能力,进行运营商证书的加密传输。
如图3所示,本公开实施例提供一种信息处理方法,由PEGC执行,所述方法包括:
S1210:向网络功能发送第一请求,其中,所述第一请求,用于请求所述网络功能对所述PEGC连接的PINE进行凭证配置。
S1220:接收在PINE的缺省凭证验证通过之后由所述网络功能发送的运营商凭证;
S1230:将所述运营商凭证发送给所述PINE。
在一些实施例中,若PINE的缺省凭证通过验证,说明当前PINE是一个安全地和/或合法地的可信设备,因此网络功能会给该PINE颁发运营商凭证。若网络功能颁发运营商凭证,则PEGC会收到该运营商凭证,PEGC收到该运营商凭证之后,会转发给PINE。
后续,PINE需要注册到3GPP网络或者通过3GPP网络通信时,可以基于该运营商凭证实现快速认证,提PINE通信效率。
如图4所示,本公开实施例提供一种信息处理方法,其中,由网络接入功能(Access Management Function,AMF)执行,所述方法包括:
S2110:接收PEGC发送的第一请求;其中,所述第一请求,请求对PINE进行凭证配置;
S2120:向认证服务功能(Authentication Service Function,AUSF)发送所述第二请求,其中,所述第二请求,用于供所述AUSF触发UDM进行所述PINE的凭证配置。
在一个实施例中,该AMF为前述信息处理方法中的一个NF。
在本公开实施例中,AMF会接收第一请求,接收到第一请求会向AUSF发送请求,如此AUSF接收到第二请求之后,会请求UDM为PINE进行运营商凭证配置。
在一些实施例中,所述第一请求包括:所述PEGC的标识。
所述S2120可包括:向根据所述PEGC的标识选择的所述AUSF发送所述第二请求。
在本公开实施例中,第一请求携带PEGC的标识,AUSF接收到该PEGC的标识之后,可以将该PEGC的标识携带在第二请求,方便在UDM为PINE分配运营商凭证之后,可以根据该PEGC的标识,向对应的PEGC返回该运营商凭证。
在一些实施例中,所述第二请求包括:所述PINE的标识,用于标识待进行凭证配置的PINE。
示例性地,所述PINE的标识可由第一请求携带,如此AUSF在接收到第一请求时,就接收到了PINE的标识,将PINE的标识携带在第二请求中,如此方便UDM知晓为哪个PINE分配运营商凭证。
在一些实施例中,所述第二请求还包括以下至少之一:
凭证配置指示符,指示请求凭证配置;
所述PEGC的标识;
所述PEGC的拜访地网络名称;
其中,所述PEGC的标识和所述拜访地网络名称,用于验证所述PEGC是否合法。
在一些实施例中,凭证配置指示符可包括一个或多个比特。例如,凭证配置指示符包括1个比特,在该比特为0或1时指示请求凭证配置。
在一些实施例中,所述方法还包括:
向AUSF发送所述PEGC的能力信息,其中,所述能力信息指示所述PEGC的安全能力。
在公开实施例中AMF还会知晓PEGC的能力信息,该PEGC的能力信息可以是携带在第一请求中,还可以是AMF在PEGC注册到网络时告知AMF的。
总之,AMF在第二请求中还会携带PEGC的标识,该标识指示后续AUSF或者UDM需要向哪个PEGC发送颁发给PINE的标识。
在还有一些实施例中,第二请求还可以携带PEGC的拜访地名称方便后续网元的进行所述缺省凭证认证的AAA服务器的选择,从而选择与PEGC距离较近的AAA服务器进行缺省凭证的认证,从而提升缺省凭证的认证速率。
如图5所示,本公开实施例提供一种信息处理方法,其中,由AUSF执行,所述方法包括:
S3110:接收AMF发送的第二请求;所述第二请求,请求对PINE进行凭证配置;
S3120:根据所述第二请求,向UDM发送第三请求,其中,所述第三请求,用于供所述UDM进行PINE的凭证配置。
本公开实施例提供的信息处理方法,可以由前述NF中的AUSF执行。
该AUSF可以与AMF之间可以交互各种信息。AUSF会收到AMF发送的第二请求,第二请求用于请求为PINE进行运营商凭证。
在收到第二请求之后,AUSF会向UDM发送第三请求,该第三请求是触发UDM对PINE进行运营商凭证。
在一个实施例中,所述第三请求包括:
所述PINE的标识,用于标识待进行凭证配置的PINE。
示例性地,所述第三请求还包括以下至少之一:
凭证配置指示符,指示请求凭证配置;
所述PEGC的标识;
所述PEGC的拜访地网络名称。
在一些实施例中,所述PEGC的标识和/或所述拜访地网络名称,用于验证所述PEGC是否合法。
在一些实施例中,所述方法还包括:
接收所述第三请求的请求响应,其中,所述请求响应包括:认证方式信息;
当所述认证方式信息需要认证授权记账AAA认证服务认证时,向切片独立组网私网认证授权网元NSSAAF发送第四请求,其中,所述第四请求用于供所述NSSAAF选择认证授权记账AAA认证 服务器进行所述PINE的缺省凭证的认证。
若PINE的缺省凭证并非是网络运营商预先颁发或者预先配置的,则缺省凭证需要由第三方服务器认证,而若PINE的缺省凭证是网络运营商预先颁发或者预先配置的,则缺省凭证由UDM等网络内的NF认证即可。
本公开实施例中,AUSF在向UDM发送第三请求之后,会收到UDM返回的请求响应,该请求响应会携带认证方式信息,该认证方式信息会指示是否需要由第三方的AAA服务器认证,若需要,则AUSF会根据该请求响应,向NSSAAF发送第四请求,该第四请求被传输到NSSAAF之后,NSSAAF会选择进行PINE的缺省凭证进行认证的AAA服务器。
该第四请求可包括:PEGC的标识和/或PEGC的拜访地网络名称,该PEGC的标识和/或PEGC的拜访地网络标识,可供NSSAAF选择与PEGC之间物理距离近或者网络距离近的AAA服务器进行所述PINE的缺省凭证的认证。
在一些实施例中,所述接收所述第三请求的请求响应,包括:
接收在所述PEGC验证合法时返回的所述第三请求的请求响应。
为了减少运营商凭证的随意颁发并确保运营商凭证的颁发安全性,第三请求会携带PEGC的标识,如此UDM可以对PEGC进行PEGC的合法性验证。在PEGC的合法性验证通过之后,UDM才会返回让AUSF向NSSAAF发送第四请求的请求响应。
在一些实施例中,所述第四请求包括:PINE的标识,其中,所述PINE的标识,用于供所述NSSAAF选择进行PINE的缺省凭证认证的认证授权记账AAA认证服务器。
在一个实施例中,所述第四请求包括:所述PEGC的标识和所述PINE的标识,其中,所述PEGC的标识和所述PINE的标识,用于供所述NSSAAF选择进行PINE的缺省凭证认证的认证授权记账AAA认证服务器。
在一个实施例中,NSSAAF可以单独根据PINE的标识选择合适的AAA服务器。在另一个实施例中,NSSAAF会通知根据PINE的标识和PEGC的标识选择合适的AAA服务器。
在一些实施例中,所述方法还包括:
接收所述第四请求的认证响应;
当所述认证响应指示所述PINE的缺省凭证认证通过时,向所述UDM发送所述PINE的认证结果;其中,所述缺省凭证认证通过的认证结果,用于启动所述PINE的运营商凭证配置流程。
在一些实施例中,若被选择的AAA服务器可以完成了PINE的缺省凭证认证,认证结果会一次反馈给NSSAAF,并由NSSAAF返回给AUSF.
若AUSF接收到认证响应,确定出PINE的缺省凭证认证通过时,可以向UDM发送PINE的认证结果,如此将触发UDM启动为PINE运营商凭证配置的流程。
在一些实施例中,所述第二请求包括:所述PEGC的能力信息;
所述方法还包括:根据所述PEGC的能力信息,选择所述PINE运营商凭证配置流程中使用的安全算法。
在本公开实施例中,AUSF还会选择对PINE进行运营商凭证配置使用的安全算法,被选择的安全算法用于为PINE运营商凭证配置过程中的加密算法和/或完整性保护算法。
AUSF在完成安全算法选择之后,可以将安全算法的算法标识分别告知UDM、AMF以及PEGC的至少其中之一,从而使得后续UDM、AMF以及PEGC中任意两者之间进行关于运营商凭证的信息交互。
如图6所示,本公开实施例提供一种信息处理方法,其中,由UDM执行,所述方法还包括:
S4110:接收AUSF发送的第三请求;其中,所述第三请求,用于PINE的凭证配置。
本公开实施例UDM会接收到第三请求,该第三请求是请求为PINE进行运营商凭证配置的请求。
本公开实施例中,UDM可以为进行运营商凭证配置的执行主体,若对该PINE进行运营商凭证配置,会将配置好的运营商凭证传输到PEGC,并最终由PEGC返回给PINE。
在一些实施例中,所述方法还包括:
向所述AUSF发送所述第三请求的请求响应,其中,所述第三请求的请求响应包括:认证方式信息;其中,所述认证方式信息,用于指示是否采用认证授权记账AAA认证服务器进行PINE的缺省凭证的认证。该UDM接收到第三请求后,会确定是否需要借助第三方AAA认证服务器进行缺省凭证的认证。
在一些实施例中,所述第三请求包括:PEGC的标识和/或PEGC的拜访地网络名称;
所述向所述AUSF发送所述第三请求的请求响应,包括:
当根据PEGC的标识和/或PEGC的拜访地网络名称验证所述PEGC合法时,向所述AUSF发送携带有所述认证方式信息的所述第三请求的请求响应。
在本公开实施例中,第三请求还包括PEGC的标识和/或PEGC的拜访地网络名称,后续UDM可以根据PEGC的标识和/或PEGC的拜访地网络名称进行PEGC的合法性验证,确保PINE的运营商凭证配置的安全性。
在一些实施例中,所述方法还包括:
从所述AUSF接收所述PINE的缺省凭证的认证结果;
当所述PINE的缺省凭证合法时,启动所述PINE的运营商凭证配置流程。
在一些实施例中,UDM会从AUSF接收到PINE的缺省凭证的认证结果,若PINE的缺省凭证合法,即PINE的缺省凭证认证通过,则可以启动为PINE的运营商凭证的配置流程,从而实现PINE的运营商凭证认证。
在一些实施例中,所述第三请求至少包括:所述PINE的标识。
示例性地,述第三请求还包括以下至少之一:
凭证配置指示符,指示请求运营商凭证配置;
所述PEGC的标识;
所述PEGC的拜访地网络名称。
如图7所示,本公开实施例提供一种信息处理方法,其中,由NSSAAF执行,所述方法包括:
S4110:接收AUSF发送的第四请求;
S4120:根据所述第四请求,向AAA认证服务器发送第五请求;其中,所述第五请求,用于供所述AAA认证服务器验证PINE的缺省凭证;
S4130:接收所述第五请求的请求响应;
S4140:根据所述第五请求的请求响应,向所述AUSF发送第四请求的请求响应;其中,所述第四请求的请求响应,用于携带有所述缺省凭证的认证结果。
本公开实施例中NSSAAF会接收到AUSF的第四请求;若接收到第四请求就会向AAA服务器发送请求,从而触发被选择的AAA服务器进行PINE的缺省凭证认证。具体地,NSSAAF会根据第四请求向AAA服务器发送第五请求,通过第五请求触发AAA服务器进行PINE的缺省凭证认证。AAA服务器对缺省凭证的认证结果,会通过第五请求的请求响应返回。
NSSAAF收到该请求响应之后,向对应的AUSF发送第四请求的请求响应,方便AUSF接收到第四请求的请求响应之后,确定是否触发UDM为PINE分配运营商凭证。
在一些实施例中,所述第四请求包括PEGC的标识;
所述根据所述第四请求携带的认证方式信息,向AAA认证服务器发送第五请求,包括:
根据所述第四请求携带的认证方式信息,向根据所述PEGC的标识确定的AAA认证服务器发送所述第五请求。
参考图8所示,假设PINE已经与PEGC建立了安全的非3GPP连接。
PINE预先配置了默认凭证,该默认凭证由第三方AAA服务器生成。AAA服务器维护设备标识符和每个PINE的默认凭证之间的映射。
PEGC已向5G核心网(5GC)注册。PEGC和AMF之间的连接受NAS安全保护。
以下是使用第三方AAA服务器对个人物联网设备进行默认凭证认证的过程。
1.PINE通过安全的非3GPP连接到PEGC。
2.PINE向PEGC发送运营商凭证配置请求。5GC包含PINE的标识。该PINE的标识可至少包括:设备标识符。该运营商凭证配置请求可为前述的第一请求,可缩写为凭证配置请求。
3.PEGC通过NAS消息向AMF发送凭证配置请求。凭证配置请求包括:凭证配置指示符、PINE的设备标识符、PEGC的SUCI和/或PEGC的能力信息,该能力信息至少PEGC的安全能力。凭证配置指示符,用于指示此请求的目的。
4.AMF会向AUSF发送运营商凭证配置请求,该运营商凭证配置请求可包括PEGC的能力信息,该PEGC能力信息至少指示PEGC的安全能力。例如,AMF使用AUSF_UEAuthentication_authentication服务操作为PINE启动PINE身份验证过程,例如,向AUSF发送Nausf_UEAU-Authenticate Req。AMF应根据PEGC的SUCI选择AUSF。Nausf_UEAuthentication_Authentication service操作的输入包括凭证配置请求、PINE的设备标识符、PEGC的SUCI和拜访地网络(SN)名称。
5.AUSF通过UDM启动Nudm__Get服务操作。Nudm_ueu_Get服务操作的输入包括凭证设置指 示器、PEGC的SUCI和SN名称。
6.UDM首先根据PEGC的签约信息检查PEGC是否被授权作为合法网关。如果PEGC未被授权用作网关,UDM将终止凭证提供过程。否则,UDM将根据PEGC的签约数据和凭证配置请求决定PINE的身份验证方法。
7.UDM用Nudm__Get操作和AUSF进行响应。操作的输入包括PEGC的SUCI和认证方式信息。
8.AUSF向NSSAAF发起Nnssaaf_AIWF_认证操作。操作的输入包括PINE的标识。具体而言,AUSF根据PEGC的SUCI选择NSSAAF。
9.NSSAAF应根据PINE的标识选择AAA服务器。然后将PINE的标识发送给第三方AAA服务器。
10.PINE和AAA服务器基于扩展认证协议(Extensible Authentication Protocol,EAP)EAP认证机制和相应的默认凭证执行相互认证。
11.如果相互认证成功,第三方服务器向NSSAAF发送EAP成功消息,否则,第三方AAA服务器将终止运营商凭证配置过程。
12.NSSAAF通过Nnssaaf_AIWF_认证服务运营商向AUSF发送EAP成功消息。
13.AUSF启动认证结果指示程序。在指示过程中,AUSF向UDM发送凭证配置指示符、EAP成功、PINE的标识、PEGC的SUPI以及相应的认证方式信息。身份验证结果指示过程可以通过定义新的UDM服务操作或重用现有的Nudm_UEAuthentication_ResultConfication操作来实现。
14.UDM执行运营商凭证配置流程,具体可包括:UDM存储PINE的认证结果。如果验证结果表明PINE已成功验证,UDM将启动运营商凭证配置过程。
15.PEGC将配置好的运营商凭证发送到PINE。
如图9所示,本公开实施例提供一种信息处理装置,其中,所述装置包括:
第一发送模块110,被配置为向网络功能发送第一请求,其中,所述第一请求,用于请求所述网络功能对所述PEGC连接的个人物联网单元PINE进行凭证配置。
该信息处理装置可包含在PEGC中。
该信息处理装置还包括:存储模块;该存储模块可至少用于存储所述第一请求。
在一些实施例中,该信息处理装置还可包括:存储模块;该存储模块至少可用于存储第一请求。
在一些实施例中,所述第一发送模块110可为程序模块;所述程序模块被处理器执行之后,能够实现上述操作。
在另一些实施例中,所述第一发送模块110可包括:软硬结合模块;所述软硬结合模块包括但不限于:可编程阵列;所述可编程阵列包括但不限于:现场可编程阵列和/或复杂可编程阵列。
在还有一些实施例中,所述第一发送模块110可包括:纯硬件模块。该纯硬件模块包括但不限于:专用集成电路。
在一些实施例中,所述第一请求至少包括:PINE的标识。
在一些实施例中,所述第一请求,还包括以下至少之一:
凭证配置指示符,指示请求凭证配置;
所述PEGC的标识,至少用于所述PEGC的合法性验证。
在一些实施例中,所述PEGC的标识包括:所述PEGC的隐藏标识符。
在一些实施例中,所述第一发送模块110,被配置为向所述网络功能发送包含所述第一请求的非接入层NAS消息。
在一些实施例中,所述第一请求还包括:指示所述PEGC的能力信息,其中,所述能力信息至少指示所述PEGC的安全能力。
在一些实施例中,所述装置还包括:
第一接收模块,被配置为接收在PINE的缺省凭证验证通过之后由所述网络功能发送的运营商凭证;
所述第一发送模块110,还被配置为将所述运营商凭证发送给所述PINE。
如图10所示,本公开实施例提供一种信息处理装置,其中,所述装置包括:
第二接收模块210,被配置为接收PEGC发送的第一请求;其中,所述第一请求,请求对PINE进行凭证配置;
第二发送模块220,被配置为向认证服务功能AUSF发送所述第二请求,其中,所述第二请求,用于供所述AUSF触发UDM进行所述PINE的凭证配置。
该信息处理装置可包括AMF中。
在一些实施例中,所述第二接收模块210以及第二发送模块220可为程序模块;所述程序模块被处理器执行之后,能够实现上述操作。
在还有一些实施例中,所述第二接收模块210以及第二发送模块220可为软硬结合模块;所述软硬结合模块包括但不限于:可编程阵列;所述可编程阵列包括但不限于:现场可编程阵列和/或复杂可编程阵列。
在还有一些实施例中,所述第二接收模块210以及第二发送模块220可为纯硬件模块;所述纯硬件模块包括但不限于:专用集成电路。
在一些实施例中,所述第一请求包括:所述PEGC的标识;
所述第二发送模块220,被配置为向根据所述PEGC的标识选择的所述AUSF发送所述第二请求。
在一些实施例中,所述第二请求包括:
所述PINE的标识,用于标识待进行凭证配置的PINE。
在一些实施例中,所述第二请求还包括以下至少之一:
凭证配置指示符,指示请求凭证配置;
所述PEGC的标识;
所述PEGC的拜访地网络名称;
其中,所述PEGC的标识和所述拜访地网络名称,用于验证所述PEGC是否合法。
在一些实施例中,所述第二发送模块220,还被配置为向AUSF发送所述PEGC的能力信息,其中,所述能力信息指示所述PEGC的安全能力。
如图11所示,本公开实施例提供一种信息处理装置,所述装置包括:
第三接收模块310,被配置为接收AMF发送的第二请求;所述第二请求,请求对PINE进行凭证配置;
第三发送模块320,被配置为根据所述第二请求,向用户数据管理UDM发送第三请求,其中,所述第三请求,用于供所述UDM进行PINE的凭证配置。
该信息处理装置可包括AUSF中。
在一些实施例中,所述第三接收模块310以及第三发送模块320可为程序模块;所述程序模块被处理器执行之后,能够实现上述操作。
在还有一些实施例中,所述第三接收模块310以及第三发送模块320可为软硬结合模块;所述软硬结合模块包括但不限于:可编程阵列;所述可编程阵列包括但不限于:现场可编程阵列和/或复杂可编程阵列。
在还有一些实施例中,所述第三接收模块310以及第三发送模块320可为纯硬件模块;所述纯硬件模块包括但不限于:专用集成电路。
在一些实施例中,所述第三请求包括:
所述PINE的标识,用于标识待进行凭证配置的PINE。
在一些实施例中,所述第三请求还包括以下至少之一:
凭证配置指示符,指示请求凭证配置;
所述PEGC的标识;
所述PEGC的拜访地网络名称。
在一些实施例中,所述第三接收模块310,被配置为接收所述第三请求的请求响应,其中,所述请求响应包括:认证方式信息;
所述第三发送模块320,被配置为当所述认证方式信息需要认证授权记账AAA认证服务认证时,向切片独立组网私网认证授权网元NSSAAF发送第四请求,其中,所述第四请求用于供所述NSSAAF选择认证授权记账AAA认证服务器进行所述PINE的缺省凭证的认证。
在一些实施例中,所述第三接收模块310,被配置为接收在所述PEGC验证合法时返回的所述第三请求的请求响应。
在一些实施例中,所述第四请求包括:PINE的标识,其中,所述INE的标识,用于供所述NSSAAF选择进行PINE的缺省凭证认证的认证授权记账AAA认证服务器;
或者,
所述第四请求包括:所述PEGC的标识和所述PINE的标识,其中,所述PEGC的标识和所述PINE的标识,用于供所述NSSAAF选择进行PINE的缺省凭证认证的认证授权记账AAA认证服务器。
在一些实施例中,所述第三接收模块310,还被配置为接收所述第四请求的认证响应;
所述第三发送模块320,被配置为当所述认证响应指示所述PINE的缺省凭证认证通过时,向所述UDM发送所述PINE的认证结果;其中,所述缺省凭证认证通过的认证结果,用于启动所述PINE的运营商凭证配置流程。
在一些实施例中,所述第二请求包括:所述PEGC的能力信息;
所述装置还包括:
选择模块,被配置为根据所述PEGC的能力信息,选择所述PINE运营商凭证配置流程中使用的安全算法。
如图12所示,本公开实施例提供一种信息处理装置,其中,所述装置还包括:
第四接收模块410,被配置为接收认证服务功能AUSF发送的第三请求;其中,所述第三请求,用于PINE的凭证配置。
该信息处理装置可包括在NSSAA中。
该信息处理装置还可包括:存储模块,该存储模块可存储第三请求。
在一些实施例中,该第四接收模块410可为程序模块,该程序模块被处理器执行之后,能够实现上述操作。
在另一些实施例中,第四接收模块410可为软硬结合模块,该软硬结合模块包括但不限于各种可编程阵列;该可编程阵列包括但不限于:现场可编程阵列和/或复杂可编程阵列。
在还有一些实施例中,第四接收模块410还可纯硬件模块;该纯硬件模块包括但不限于:专用集成电路。
在一些实施例中,所述装置还包括:
第四发送模块,被配置为向所述AUSF发送所述第三请求的请求响应,其中,所述第三请求的请求响应包括:认证方式信息;其中,所述认证方式信息,用于指示是否采用认证授权记账AAA认证服务器进行PINE的缺省凭证的认证。
在一些实施例中,所述第三请求包括:PEGC的标识和/或PEGC的拜访地网络名称;
所述第四发送模块,被配置为当根据PEGC的标识和/或PEGC的拜访地网络名称验证所述PEGC合法时,向所述AUSF发送携带有所述认证方式信息的所述第三请求的请求响应。
在一些实施例中,所述第四接收模块410,还被配置为从所述AUSF接收所述PINE的缺省凭证的认证结果;
所述装置还包括:
启动模块,被配置为当所述PINE的缺省凭证合法时,启动所述PINE的运营商凭证配置流程。
在一些实施例中,所述第三请求至少包括:
所述PINE的标识。
在一些实施例中,所述第三请求还包括以下至少之一:
凭证配置指示符,指示请求运营商凭证配置;
所述PEGC的标识;
所述PEGC的拜访地网络名称。
如图13所示,本公开实施例提供一种信息处理装置,其中,所述装置包括:
第五接收模块510,被配置为接收AUSF发送的第四请求;
第五发送模块520,被配置为根据所述第四请求携带,向AAA认证服务器发送第五请求;其中,所述第五请求,用于供所述AAA认证服务器验证PINE的缺省凭证;
所述第五接收模块510,被配置为接收所述第五请求的请求响应;
所述第五发送模块520,被配置为根据所述第五请求的请求响应,向所述AUSF发送第四请求的请求响应;其中,所述第四请求的请求响应,用于携带有所述缺省凭证的认证结果。
该信息处理装置可包含在UDM中。
在一些实施例中,该第五接收模块510以及第五发送模块520可为程序模块,该程序模块被处理器执行之后,能够实现上述操作。
在另一些实施例中,第五接收模块510以及第五发送模块520可为软硬结合模块,该软硬结合模块包括但不限于各种可编程阵列;该可编程阵列包括但不限于:现场可编程阵列和/或复杂可编程阵列。
在还有一些实施例中,第五接收模块510以及第五发送模块520还可纯硬件模块;该纯硬件模块包括但不限于:专用集成电路。
在一些实施例中,所述第四请求包括PEGC的标识;
所述根据所述第四请求携带的认证方式信息,向AAA认证服务器发送第五请求,包括:
根据所述第四请求携带的认证方式信息,向根据所述PEGC的标识确定的AAA认证服务器发送所述第五请求。
本公开实施例提供一种通信设备,包括:
用于存储处理器可执行指令的存储器;
处理器,分别存储器连接;
其中,处理器被配置为执行前述任意技术方案提供的信息处理方法。
处理器可包括各种类型的存储介质,该存储介质为非临时性计算机存储介质,在通信设备掉电之后能够继续记忆存储其上的信息。
这里,所述通信设备包括:UE或者网元,该网元可为前述第一网元至第四网元中的任意一个。
所述处理器可以通过总线等与存储器连接,用于读取存储器上存储的可执行程序,例如,如图2至图8所示的方法的至少其中之一。
图14是根据一示例性实施例示出的一种UE800的框图。例如,UE 800可以是移动电话,计算机,数字广播用户设备,消息收发设备,游戏控制台,平板设备,医疗设备,健身设备,个人数字助理等。
参照图14,UE800可以包括以下一个或多个组件:处理组件802,存储器804,电源组件806, 多媒体组件808,音频组件810,输入/输出(I/O)的接口812,传感器组件814,以及通信组件816。
处理组件802通常控制UE800的整体操作,诸如与显示,电话呼叫,数据通信,相机操作和记录操作相关联的操作。处理组件802可以包括一个或多个处理器820来执行指令,以生成上述的方法的全部或部分步骤。此外,处理组件802可以包括一个或多个模块,便于处理组件802和其他组件之间的交互。例如,处理组件802可以包括多媒体模块,以方便多媒体组件808和处理组件802之间的交互。
存储器804被配置为存储各种类型的数据以支持在UE800的操作。这些数据的示例包括用于在UE800上操作的任何应用程序或方法的指令,联系人数据,电话簿数据,消息,图片,视频等。存储器804可以由任何类型的易失性或非易失性存储设备或者它们的组合实现,如静态随机存取存储器(SRAM),电可擦除可编程只读存储器(EEPROM),可擦除可编程只读存储器(EPROM),可编程只读存储器(PROM),只读存储器(ROM),磁存储器,快闪存储器,磁盘或光盘。
电源组件806为UE800的各种组件提供电力。电源组件806可以包括电源管理系统,一个或多个电源,及其他与为UE800生成、管理和分配电力相关联的组件。
多媒体组件808包括在所述UE800和用户之间的提供一个输出接口的屏幕。在一些实施例中,屏幕可以包括液晶显示器(LCD)和触摸面板(TP)。如果屏幕包括触摸面板,屏幕可以被实现为触摸屏,以接收来自用户的输入信号。触摸面板包括一个或多个触摸传感器以感测触摸、滑动和触摸面板上的手势。所述触摸传感器可以不仅感测触摸或滑动动作的边界,而且还检测与所述触摸或滑动操作相关的持续时间和压力。在一些实施例中,多媒体组件808包括一个前置摄像头和/或后置摄像头。当UE800处于操作模式,如拍摄模式或视频模式时,前置摄像头和/或后置摄像头可以接收外部的多媒体数据。每个前置摄像头和后置摄像头可以是一个固定的光学透镜系统或具有焦距和光学变焦能力。
音频组件810被配置为输出和/或输入音频信号。例如,音频组件810包括一个麦克风(MIC),当UE800处于操作模式,如呼叫模式、记录模式和语音识别模式时,麦克风被配置为接收外部音频信号。所接收的音频信号可以被进一步存储在存储器804或经由通信组件816发送。在一些实施例中,音频组件810还包括一个扬声器,用于输出音频信号。
I/O接口812为处理组件802和外围接口模块之间提供接口,上述外围接口模块可以是键盘,点击轮,按钮等。这些按钮可包括但不限于:主页按钮、音量按钮、启动按钮和锁定按钮。
传感器组件814包括一个或多个传感器,用于为UE800提供各个方面的状态评估。例如,传感器组件814可以检测到设备800的打开/关闭状态,组件的相对定位,例如所述组件为UE800的显示器和小键盘,传感器组件814还可以检测UE800或UE800一个组件的位置改变,用户与UE800接触的存在或不存在,UE800方位或加速/减速和UE800的温度变化。传感器组件814可以包括接近传感器,被配置用来在没有任何的物理接触时检测附近物体的存在。传感器组件814还可以包括光传感器,如CMOS或CCD图像传感器,用于在成像应用中使用。在一些实施例中,该传感器组件814还可以包括加速度传感器,陀螺仪传感器,磁传感器,压力传感器或温度传感器。
通信组件816被配置为便于UE800和其他设备之间有线或无线方式的通信。UE800可以接入基于通信标准的无线网络,如WiFi,2G或3G,或它们的组合。在一个示例性实施例中,通信组件816经由广播信道接收来自外部广播管理系统的广播信号或广播相关信息。在一个示例性实施例中,所述通信组件816还包括近场通信(NFC)模块,以促进短程通信。例如,在NFC模块可基于射频识别(RFID)技术,红外数据协会(IrDA)技术,超宽带(UWB)技术,蓝牙(BT)技术和其他技术来实现。
在示例性实施例中,UE800可以被一个或多个应用专用集成电路(ASIC)、数字信号处理器(DSP)、数字信号处理设备(DSPD)、可编程逻辑器件(PLD)、现场可编程门阵列(FPGA)、控制器、微控制器、微处理器或其他电子元件实现,用于执行上述方法。
在示例性实施例中,还提供了一种包括指令的非临时性计算机可读存储介质,例如包括指令的存储器804,上述指令可由UE800的处理器820执行以生成上述方法。例如,所述非临时性计算机可读存储介质可以是ROM、随机存取存储器(RAM)、CD-ROM、磁带、软盘和光数据存储设备等。
如图15所示,本公开一实施例示出一种接入设备的结构。例如,通信设备900可以被提供为一网络侧设备。该通信设备可为前述的接入网元和/或网络功能等各种网元。
参照图15,通信设备900包括处理组件922,其进一步包括一个或多个处理器,以及由存储器932所代表的存储器资源,用于存储可由处理组件922的执行的指令,例如应用程序。存储器932中存储的应用程序可以包括一个或一个以上的每一个对应于一组指令的模块。此外,处理组件922被配置为执行指令,以执行上述方法前述应用在所述接入设备的任意方法,例如,如图2至图8任意一个所示方法。
通信设备900还可以包括一个电源组件926被配置为执行通信设备900的电源管理,一个有线或无线网络接口950被配置为将通信设备900连接到网络,和一个输入输出(I/O)接口958。通信设备900可以操作基于存储在存储器932的操作系统,例如Windows Server TM,Mac OS XTM,UnixTM,LinuxTM,FreeBSDTM或类似。
本领域技术人员在考虑说明书及实践这里公开的发明后,将容易想到本发明的其它实施方案。本公开旨在涵盖本发明的任何变型、用途或者适应性变化,这些变型、用途或者适应性变化遵循本发明的一般性原理并包括本公开未公开的本技术领域中的公知常识或惯用技术手段。说明书和实施例仅被视为示例性的,本发明的真正范围和精神由下面的权利要求指出。
应当理解的是,本发明并不局限于上面已经描述并在附图中示出的精确结构,并且可以在不脱离其范围进行各种修改和改变。本发明的范围仅由所附的权利要求来限制。

Claims (35)

  1. 一种信息处理方法,其中,由个人物联网网关PEGC执行,所述方法包括:
    向网络功能发送第一请求,其中,所述第一请求,用于请求所述网络功能对所述PEGC连接的个人物联网单元PINE进行凭证配置。
  2. 根据权利要求1所述的方法,其中,所述第一请求至少包括:PINE的标识。
  3. 根据权利要求1或2所述的方法,其中,所述第一请求,还包括以下至少之一:
    凭证配置指示符,指示请求凭证配置;
    所述PEGC的标识,至少用于所述PEGC的合法性验证。
  4. 根据权利要求3所述的方法,其中,所述PEGC的标识包括:所述PEGC的隐藏标识符。
  5. 根据权利要求1至4任一项所述的方法,其中,所述向网络功能发送第一请求包括:
    向所述网络功能发送包含所述第一请求的非接入层NAS消息。
  6. 根据权利要求1至5任一项所述的方法,其中,所述第一请求还包括:指示所述PEGC的能力信息,其中,所述能力信息至少指示所述PEGC的安全能力。
  7. 根据权利要求1至5任一项所述的方法,其中,所述方法还包括:
    接收在PINE的缺省凭证验证通过之后由所述网络功能发送的运营商凭证;
    将所述运营商凭证发送给所述PINE。
  8. 一种信息处理方法,其中,由网络接入功能AMF执行,所述方法包括:
    接收PEGC发送的第一请求;其中,所述第一请求,请求对PINE进行凭证配置;
    向认证服务功能AUSF发送所述第二请求,其中,所述第二请求,用于供所述AUSF触发UDM进行所述PINE的凭证配置。
  9. 根据权利要求8所述的方法,其中,所述第一请求包括:所述PEGC的标识;
    所述向认证服务功能AUSF发送所述第二请求,包括:
    向根据所述PEGC的标识选择的所述AUSF发送所述第二请求。
  10. 根据权利要求8或9所述的方法,其中,所述第二请求包括:
    所述PINE的标识,用于标识待进行凭证配置的PINE。
  11. 根据要求10所述的方法,其中,所述第二请求还包括以下至少之一:
    凭证配置指示符,指示请求凭证配置;
    所述PEGC的标识;
    所述PEGC的拜访地网络名称;
    其中,所述PEGC的标识和所述拜访地网络名称,用于验证所述PEGC是否合法。
  12. 根据权利要求8所述的方法,其中,所述方法还包括:
    向AUSF发送所述PEGC的能力信息,其中,所述能力信息指示所述PEGC的安全能力。
  13. 一种信息处理方法,其中,由AUSF执行,所述方法包括:
    接收AMF发送的第二请求;所述第二请求,请求对PINE进行凭证配置;
    根据所述第二请求,向用户数据管理UDM发送第三请求,其中,所述第三请求,用于供所述UDM进行PINE的凭证配置。
  14. 根据权利要求13所述的方法,其中,所述第三请求包括:
    所述PINE的标识,用于标识待进行凭证配置的PINE。
  15. 根据权利要求14所述的方法,其中,所述第三请求还包括以下至少之一:
    凭证配置指示符,指示请求凭证配置;
    所述PEGC的标识;
    所述PEGC的拜访地网络名称。
  16. 根据权利要求13至15任一项所述的方法,其中,所述方法还包括:
    接收所述第三请求的请求响应,其中,所述请求响应包括:认证方式信息;
    当所述认证方式信息需要认证授权记账AAA认证服务认证时,向切片独立组网私网认证授权网元NSSAAF发送第四请求,其中,所述第四请求用于供所述NSSAAF选择认证授权记账AAA认证服务器进行所述PINE的缺省凭证的认证。
  17. 根据权利要求16所述的方法,其中,所述接收所述第三请求的请求响应,包括:
    接收在所述PEGC验证合法时返回的所述第三请求的请求响应。
  18. 根据权利要求16或17所述的方法,其中,所述第四请求包括:PINE的标识,其中,所述PINE的标识,用于供所述NSSAAF选择进行PINE的缺省凭证认证的认证授权记账AAA认证服务器;
    或者,
    所述第四请求包括:所述PEGC的标识和所述PINE的标识,其中,所述PEGC的标识和所述PINE的标识,用于供所述NSSAAF选择进行PINE的缺省凭证认证的认证授权记账AAA认证服务器。
  19. 根据权利要求15至18任一项所述的方法,其中,所述方法还包括:
    接收所述第四请求的认证响应;
    当所述认证响应指示所述PINE的缺省凭证认证通过时,向所述UDM发送所述PINE的认证结果;其中,所述缺省凭证认证通过的认证结果,用于启动所述PINE的运营商凭证配置流程。
  20. 根据权利要求15至19任一项所述的方法,其中,所述第二请求包括:所述PEGC的能力信息;
    所述方法还包括:
    根据所述PEGC的能力信息,选择所述PINE运营商凭证配置流程中使用的安全算法。
  21. 一种信息处理方法,其中,由用户数据管理UDM执行,所述方法还包括:
    接收认证服务功能AUSF发送的第三请求;其中,所述第三请求,用于PINE的凭证配置。
  22. 根据权利要求21所述的方法,其中,所述方法还包括:
    向所述AUSF发送所述第三请求的请求响应,其中,所述第三请求的请求响应包括:认证方式信息;其中,所述认证方式信息,用于指示是否采用认证授权记账AAA认证服务器进行PINE的缺省凭证的认证。
  23. 根据权利要求22所述的方法,其中,所述第三请求包括:PEGC的标识和/或PEGC的拜访地网络名称;
    所述向所述AUSF发送所述第三请求的请求响应,包括:
    当根据PEGC的标识和/或PEGC的拜访地网络名称验证所述PEGC合法时,向所述AUSF发送携带有所述认证方式信息的所述第三请求的请求响应。
  24. 根据权利要求21至23任一项所述的方法,其中,所述方法还包括:
    从所述AUSF接收所述PINE的缺省凭证的认证结果;
    当所述PINE的缺省凭证合法时,启动所述PINE的运营商凭证配置流程。
  25. 根据权利要求22所述的方法,其中,所述第三请求至少包括:
    所述PINE的标识。
  26. 根据权利要求25所述的方法,其中,所述第三请求还包括以下至少之一:
    凭证配置指示符,指示请求运营商凭证配置;
    所述PEGC的标识;
    所述PEGC的拜访地网络名称。
  27. 一种信息处理方法,其中,由切片独立组网私网认证授权网元NSSAAF执行,所述方法包括:
    接收AUSF发送的第四请求;
    根据所述第四请求携带,向AAA认证服务器发送第五请求;其中,所述第五请求,用于供所述AAA认证服务器验证PINE的缺省凭证;
    接收所述第五请求的请求响应;
    根据所述第五请求的请求响应,向所述AUSF发送第四请求的请求响应;其中,所述第四请求的请求响应,用于携带有所述缺省凭证的认证结果。
  28. 根据权利要求27所述的方法,其中,所述第四请求包括PEGC的标识;
    所述根据所述第四请求携带的认证方式信息,向AAA认证服务器发送第五请求,包括:
    根据所述第四请求携带的认证方式信息,向根据所述PEGC的标识确定的AAA认证服务器发送所述第五请求。
  29. 一种信息处理装置,其中,所述装置包括:
    第一发送模块,被配置为向网络功能发送第一请求,其中,所述第一请求,用于请求所述网络功能对所述PEGC连接的个人物联网单元PINE进行凭证配置。
  30. 一种信息处理装置,其中,所述装置包括:
    第二接收模块,被配置为接收PEGC发送的第一请求;其中,所述第一请求,请求对PINE进 行凭证配置;
    第二发送模块,被配置为向认证服务功能AUSF发送所述第二请求,其中,所述第二请求,用于供所述AUSF触发UDM进行所述PINE的凭证配置。
  31. 一种信息处理装置,其中,所述装置包括:
    第三接收模块,被配置为接收AMF发送的第二请求;所述第二请求,请求对PINE进行凭证配置;
    第三发送模块,被配置为根据所述第二请求,向用户数据管理UDM发送第三请求,其中,所述第三请求,用于供所述UDM进行PINE的凭证配置。
  32. 一种信息处理装置,其中,所述装置还包括:
    第四接收模块,被配置为接收认证服务功能AUSF发送的第三请求;其中,所述第三请求,用于PINE的凭证配置。
  33. 一种信息处理装置,其中,所述装置包括:
    第五接收模块,被配置为接收AUSF发送的第四请求;
    第五发送模块,被配置为根据所述第四请求携带,向AAA认证服务器发送第五请求;其中,所述第五请求,用于供所述AAA认证服务器验证PINE的缺省凭证;
    所述第五接收模块,被配置为接收所述第五请求的请求响应;
    所述第五发送模块,被配置为根据所述第五请求的请求响应,向所述AUSF发送第四请求的请求响应;其中,所述第四请求的请求响应,用于携带有所述缺省凭证的认证结果。
  34. 一种通信设备,包括处理器、收发器、存储器及存储在存储器上并能够有所述处理器运行的可执行程序,其中,所述处理器运行所述可执行程序时执行如权利要求1至7、8至12、13至20、21至26或27至28任一项提供的方法。
  35. 一种计算机存储介质,所述计算机存储介质存储有可执行程序;所述可执行程序被处理器执行后,能够实现如权利要求1至7、8至12、13至20、21至26或27至28任一项提供的方法。
PCT/CN2022/085134 2022-04-02 2022-04-02 信息处理方法及装置、通信设备及存储介质 WO2023184548A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2022/085134 WO2023184548A1 (zh) 2022-04-02 2022-04-02 信息处理方法及装置、通信设备及存储介质
CN202280001053.8A CN117178583A (zh) 2022-04-02 2022-04-02 信息处理方法及装置、通信设备及存储介质

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2022/085134 WO2023184548A1 (zh) 2022-04-02 2022-04-02 信息处理方法及装置、通信设备及存储介质

Publications (1)

Publication Number Publication Date
WO2023184548A1 true WO2023184548A1 (zh) 2023-10-05

Family

ID=88198884

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/085134 WO2023184548A1 (zh) 2022-04-02 2022-04-02 信息处理方法及装置、通信设备及存储介质

Country Status (2)

Country Link
CN (1) CN117178583A (zh)
WO (1) WO2023184548A1 (zh)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112105021A (zh) * 2019-06-17 2020-12-18 华为技术有限公司 一种认证方法、装置及系统
US20210368341A1 (en) * 2020-08-10 2021-11-25 Ching-Yu LIAO Secure access for 5g iot devices and services
CN113709732A (zh) * 2020-05-21 2021-11-26 阿里巴巴集团控股有限公司 网络接入方法、用户设备、网络实体及存储介质

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112105021A (zh) * 2019-06-17 2020-12-18 华为技术有限公司 一种认证方法、装置及系统
CN113709732A (zh) * 2020-05-21 2021-11-26 阿里巴巴集团控股有限公司 网络接入方法、用户设备、网络实体及存储介质
US20210368341A1 (en) * 2020-08-10 2021-11-25 Ching-Yu LIAO Secure access for 5g iot devices and services

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
ERICSSON: "Change request to living", 3GPP DRAFT; S3-212734, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG3, no. e-meeting; 20210816 - 20210827, 9 August 2021 (2021-08-09), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, XP052063386 *
HUAWEI, HISILICON: "KI#4, Sol#30, add the impacts", 3GPP DRAFT; S2-2008400, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG2, no. e-meeting; 20201116 - 20201120, 9 November 2020 (2020-11-09), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , XP051952461 *
HUAWEI, HISILICON: "New Solution on Authentication for UE onboarding for SNPN", 3GPP DRAFT; S3-202987, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG3, no. e-meeting; 20201109 - 20201120, 30 October 2020 (2020-10-30), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , XP051949562 *
OPPO, CHINA TELECOM: "KI#4, New Solution: Onboarding and remote provisioning for PNI-NPN UE", 3GPP DRAFT; S2-2003726, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG2, no. Elbonia; 20200601 - 20200612, 22 May 2020 (2020-05-22), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , XP051889766 *
VIVO, APPLE, ZTE, XIAOMI, CATT, OPPO, CHINA UNICOM, CHINA TELECOM, CABLELABS, INTERDIGITAL: "New SID on Personal IoT Networks security aspects", 3GPP DRAFT; S3-220133, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG3, no. e-meeting; 20220214 - 20220225, 7 February 2022 (2022-02-07), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, XP052125460 *

Also Published As

Publication number Publication date
CN117178583A (zh) 2023-12-05

Similar Documents

Publication Publication Date Title
EP4007321B1 (en) Information sharing method, terminal apparatus, storage medium, and computer program product
US20220330029A1 (en) Method for mutual recognition or mutual trust between bluetooth devices
WO2020143414A1 (zh) 无线网络接入方法、装置、设备及系统
WO2023184561A1 (zh) 中继通信方法、装置、通信设备及存储介质
WO2024021142A1 (zh) 应用程序接口api认证方法、装置、通信设备及存储介质
WO2023184548A1 (zh) 信息处理方法及装置、通信设备及存储介质
WO2023231018A1 (zh) 个人物联网pin基元凭证配置方法、装置、通信设备及存储介质
WO2024000439A1 (zh) 信息处理方法及装置、通信设备及存储介质
WO2023197178A1 (zh) 信息处理方法及装置、通信设备及存储介质
WO2023240661A1 (zh) 认证与授权方法、装置、通信设备及存储介质
WO2024031549A1 (zh) 信息处理方法及装置、通信设备及存储介质
WO2023240574A1 (zh) 信息处理方法及装置、通信设备及存储介质
WO2024031640A1 (zh) 一种信息传输方法、装置、通信设备及存储介质
WO2023193157A1 (zh) 信息处理方法及装置、通信设备及存储介质
WO2023240657A1 (zh) 认证与授权方法、装置、通信设备及存储介质
WO2023201551A1 (zh) 信息处理方法及装置、通信设备及存储介质
WO2024000123A1 (zh) 密钥生成方法及装置、通信设备及存储介质
WO2024031523A1 (zh) 信息处理方法及装置、通信设备及存储介质
WO2024031711A1 (zh) 信息处理方法及装置、通信设备及存储介质
WO2023000139A1 (zh) 传输凭证的方法、装置、通信设备及存储介质
WO2023226051A1 (zh) 为个人物联网设备选择认证机制的方法及装置、ue、网络功能及存储介质
WO2024031399A1 (zh) Ue加入pin的方法及装置、通信设备及存储介质
WO2024145947A1 (zh) 信息处理方法及装置、通信设备及存储介质
WO2023240575A1 (zh) 一种中继通信方法、通信装置及通信设备
WO2023230924A1 (zh) 认证方法、装置、通信设备和存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22934375

Country of ref document: EP

Kind code of ref document: A1