WO2024051742A1 - Procédé et appareil de traitement de service, et dispositif de réseau et support d'enregistrement - Google Patents

Procédé et appareil de traitement de service, et dispositif de réseau et support d'enregistrement Download PDF

Info

Publication number
WO2024051742A1
WO2024051742A1 PCT/CN2023/117255 CN2023117255W WO2024051742A1 WO 2024051742 A1 WO2024051742 A1 WO 2024051742A1 CN 2023117255 W CN2023117255 W CN 2023117255W WO 2024051742 A1 WO2024051742 A1 WO 2024051742A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
information
http request
stage
request
Prior art date
Application number
PCT/CN2023/117255
Other languages
English (en)
Chinese (zh)
Inventor
白杰
田野
马洁
粟栗
Original Assignee
中国移动通信有限公司研究院
中国移动通信集团有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国移动通信有限公司研究院, 中国移动通信集团有限公司 filed Critical 中国移动通信有限公司研究院
Publication of WO2024051742A1 publication Critical patent/WO2024051742A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present disclosure relates to the field of network security technology, and in particular, to a business processing method, device, network equipment and storage medium.
  • GBA Generic Bootstrapping Architecture
  • 4G 4th Generation
  • 5G 5th Generation
  • AKA Authentication and Key Agreement
  • the Global System for Mobile communications Association has defined an enhanced GBA system and secure communication mechanism to enable operators to provide open network security capabilities to terminals and application service providers.
  • the enhanced GBA system uses the shared key between the terminal's Universal Subscriber Identity Module (USIM) card and the 4G/5G network as the root of trust, and can realize the connection between the terminal and the application server ( Server), negotiate and share session keys to ensure end-to-end communication security of business applications.
  • the Network Application Function (NAF)/Authentication Proxy (AP) network element is deployed on the operator's network side, and correct processing needs to be made based on the current stage of the GBA process. For example, in the third stage, NAF/AP needs to respond directly to the received Hypertext Transfer Protocol (HTTP) message; while in the fourth stage, NAF/AP needs to forward the HTTP message to the server for processing.
  • NAF Network Application Function
  • AP Authentication Proxy
  • the HTTP message forwarded by NAF/AP to the server will cause the server to handle it as an exception and return an HTTP 404 error response, which will eventually cause the enhanced GBA business process to be terminated in the third stage;
  • the enhanced GBA mechanism will be The business authorization operation in the fourth stage is bypassed, causing security issues.
  • AKMA Authentication and Key Management for Applications
  • the present disclosure proposes a business processing method, device, network equipment and storage medium to solve abnormal situations or security issues in business processing in related technologies.
  • embodiments of the present disclosure provide a business processing method, which includes:
  • the first message includes first information indicating the current processing stage.
  • the first message is an HTTP request message
  • the first information is carried in at least one of a request line, a request header, and a message body of the HTTP request message.
  • determining the current processing stage based on the first message, or performing a first operation based on the first message includes:
  • determining the current processing stage based on the first message, or performing a first operation based on the first message includes:
  • the first message is an HTTP request message
  • the second information is the message body of the HTTP request message
  • the first message is an HTTP request message
  • the second information is at least one specific field.
  • the at least one specific field is located in at least one of the request line, request header and message body of the HTTP request message. at.
  • determining the current processing stage based on the first message includes:
  • the current GBA processing stage is determined based on the first message.
  • the first operation includes:
  • sending the second message includes: sending a second message in response to the first message.
  • sending the third message includes: sending the third message to the second device;
  • the third message includes at least one of the following situations:
  • the third message is the first message
  • the third message includes part or all of the content of the first message
  • the third message includes part or all of the content of the first message, and also includes third information corresponding to the second device.
  • embodiments of the present disclosure provide a business processing method, which method includes:
  • the first message includes first information indicating the current processing stage.
  • the first message is an HTTP request message
  • the first information is carried in at least one of a request line, a request header, and a message body of the HTTP request message.
  • the first message includes the second information or does not include the second information.
  • the first message is an HTTP request message
  • the second information is the message body of the HTTP request message
  • the first message is an HTTP request message
  • the second information is at least one specific field.
  • the at least one specific field is located in at least one of the request line, request header and message body of the HTTP request message. at.
  • an embodiment of the present disclosure provides a business processing device, which includes:
  • a receiving module configured to receive the first message sent by the first device
  • a first processing module configured to determine the current processing stage according to the first message, or to perform a first operation according to the first message.
  • embodiments of the present disclosure provide user equipment, including:
  • a sending module configured to send a first message for the third device to determine the current processing stage according to the first message, or to perform a first operation according to the first message.
  • an embodiment of the present disclosure provides a network device, including: a processor, a memory, and a program stored on the memory and executable on the processor.
  • the program is executed by the processor Steps to implement the business processing method of the first aspect or the second aspect.
  • embodiments of the present disclosure provide a computer-readable storage medium.
  • a computer program is stored on the computer-readable storage medium.
  • the computer program is executed by a processor, the above-mentioned first or second aspects are implemented. The steps of the business process.
  • the beneficial effects brought by the technical solutions provided by the embodiments of the present disclosure include at least: receiving the first message sent by the first device; determining the current processing stage according to the first message, or performing a first operation according to the first message. ; Able to determine the processing stage, or perform the first operation, so as to avoid abnormal situations or safety issues caused by cognitive errors in the processing stage during the processing.
  • Figure 1 is a flow chart of a business processing method provided by an embodiment of the present disclosure
  • Figure 2 is a schematic diagram of a GBA authentication process provided by an embodiment of the present disclosure
  • Figure 3 is a schematic diagram of an AKMA authentication process provided by an embodiment of the present disclosure
  • FIG. 4 is a schematic diagram of an HTTP request message format provided by an embodiment of the present disclosure.
  • Figure 5 is a flow chart of another business processing method provided by an embodiment of the present disclosure.
  • Figure 6 is a schematic structural diagram of a business processing device provided by an embodiment of the present disclosure.
  • Figure 7 is a schematic structural diagram of a user equipment provided by an embodiment of the present disclosure.
  • Figure 8 is a schematic structural diagram of a network device provided by an embodiment of the present disclosure.
  • Figure 9 is a schematic diagram of stage determination of a GBA authentication process provided by an embodiment of the present disclosure.
  • Server server
  • BSF Bootstrapping Server Function, general service function
  • HSS Home Subscriber Server, belongs to the subscriber server
  • NAF Network Application Function
  • Network Application Function Network Application Function
  • GBA Generic Bootstrapping Architecture, general boot architecture
  • AKMA Authentication and Key Management for Applications, application layer authentication and key management
  • AAP AKMA Application Function Proxy, AKMA application function proxy
  • A-KID AKMA Key Identifier, AKMA key identification
  • AF_ID Application Function Identifier
  • application function identifier application function identifier
  • Figure 1 shows a flow chart of a business processing method provided by an embodiment of the present disclosure.
  • the method includes:
  • Step 11 Receive the first message sent by the first device
  • Step 12 Determine the current processing stage according to the first message, or perform a first operation according to the first message.
  • processing stages here may correspond to different concepts in different implementation scenarios.
  • Figure 2 illustrates that the GBA authentication process includes: first-stage initialization, second-stage boot, third-stage boot security association use, and fourth-stage application security association use.
  • Step I Initiation of Bootstrapping
  • Step II Bootstrapping
  • Step III Bootstrapped Security Association Usage
  • Step IV Application Security Association Usage
  • the method provided by the embodiment of the present disclosure can determine that it is currently in the third stage or the fourth stage based on the first message stage.
  • Figure 3 illustrates the AKMA certification process including: security association usage phase (also called the AKMA security association usage phase, corresponding to steps 1-5 in Figure 3), application security association usage phase (corresponding to Figure 3 of step 6 and the subsequent steps of step 6).
  • security association usage phase also called the AKMA security association usage phase, corresponding to steps 1-5 in Figure 3
  • application security association usage phase corresponding to Figure 3 of step 6 and the subsequent steps of step 6.
  • the names of the stages here are only examples. In actual applications, those skilled in the art may call each stage differently according to different situations.
  • the method provided by the embodiment of the present disclosure can determine that the current state is in the security association use stage or the application security association use stage based on the first message. Or in practical applications, those skilled in the art may not divide the stages, but may determine to perform the first operation based on the first message.
  • the UE and the Authentication Server Function (AUSF) and AAnF perform main authentication and establish KAKMA .
  • the UE sends an application layer session establishment request, and includes the exported A-KID in the application session establishment request message.
  • the AAP selects AAnF and sends a key request message to AAnF.
  • the request message includes A-KID and AF_ID.
  • AAnF derives the key K AF from K AKMA .
  • AAnF sends a key response message to AAP, which contains the key K AF , A-KID and AF_ID.
  • the AAP sends an application layer session establishment response message to the UE.
  • the UE sends an application layer session establishment request, and includes the exported A-KID in the application session establishment request message.
  • AAP interacts with AF according to the key acquisition method and supports two key acquisition methods: the first is for AAP to actively push the key to AF, and the second is for AF to actively apply to AAP for the key.
  • the AAP After exchanging keys with the AF, the AAP sends an application layer session establishment response message to the UE.
  • the stages here can also be called steps, processes, processes, etc.
  • the first message contains first information indicating the current processing stage.
  • the first information is also the first identifier; the current processing stage can be determined through the first identifier, or the first operation can be performed according to the first representation.
  • the first identifier can be based on different processes and the type of the first message. Set up accordingly.
  • the first message is an HTTP request message
  • the first information is carried in at least one of a request line, a request header, and a message body of the HTTP request message.
  • the request line of the HTTP request message here can also be called request line, etc.;
  • the request header of the HTTP request message here can also be called header, message header, etc.;
  • the message body here can also be called request body, request data, body, Entity body, etc.
  • the first information here can be carried in the request line, request header, and a certain part of the request body.
  • the first information can be divided into multiple parts, which can be scattered in one or more parts of the request line, request header, and request body; it can also be scattered in a discontinuous place somewhere in the request line, request header, and request body. in the position.
  • the first identifier is carried in the HTTP request message sent by the UE, referring to the "Network Application Function/Authentication Agent, NAF/AP" in Figure 2.
  • NAF/AP Network Application Function/Authentication Agent
  • FIG. 4 shows the format of an HTTP request message.
  • the HTTP request message mainly consists of a request line, a request header, and a request body (ie, message body).
  • the HTTP request header contains several header fields, consisting of keyword/value pairs, one pair per line, and the keywords and values are separated by English colons ":".
  • Typical header fields include User-Agent, Accept, Host, etc.
  • Business data will be stored in the request body of the HTTP message.
  • determining the current processing stage according to the first message, or performing a first operation according to the first message includes:
  • the Select the request line or an existing element in the request header as the indication identifier when using the request line or request header in the HTTP request message as the first identifier to indicate different stages of the process, taking the GBA authentication process as an example, on the premise that the value specifications are met, the Select the request line or an existing element in the request header as the indication identifier.
  • the indication methods include:
  • stage3 for the third stage
  • stage4 for the fourth stage
  • determining the current processing stage according to the first message, or performing a first operation according to the first message includes:
  • the indication can be made by whether the message body is carried.
  • the indication is given by whether to carry the message body.
  • the business data will be stored in the message body of the HTTP request message.
  • the HTTP request message sent by the UE contains application layer service data, it means that the message needs to be sent and received by the Server. At this time, the NAF/AP should forward the message to the Server.
  • the HTTP request message sent by the UE does not contain application layer service data, it means that the message does not need to be processed by the server, and the NAF/AP should not forward the message. Sent to Server.
  • the UE when sending an HTTP request message, the UE can decide whether to carry the message body according to different stages. For example, in the third phase, the HTTP request message sent by the UE should not contain a message body; in the fourth phase, the HTTP request message sent by the UE should contain a message body. Therefore, NAF/AP can determine the stage of the current GBA authentication process based on whether the HTTP request message sent by the UE carries a message body. After receiving the HTTP request message sent by the UE, the NAF/AP first uses the GBA session key to perform HTTP digest (Digest) authentication on the message. After the authentication is passed, NAF/AP adds a judgment mechanism.
  • HTTP digest Dynamicst
  • the HTTP request message sent by the UE does not contain a message body, it indicates that it is currently in the third stage. NAF/AP should reply HTTP 200 OK to the UE and will not send the message Forwarded to the Server; if the HTTP request message sent by the UE contains a message body, it is currently in the fourth stage, and the NAF/AP should process it according to the preset Ks_NAF* key acquisition method.
  • the first message is an HTTP request message
  • the second information is the message body of the HTTP request message
  • the HTTP request messages in the third and fourth stages of the current GBA authentication process contain message bodies, causing NAF/AP to be unable to distinguish the current processing stage, resulting in the problems mentioned in the background technology. .
  • the HTTP request message sent by the terminal in the third stage of the GBA authentication process, since there is no need to transmit business data at this stage, the HTTP request message sent by the terminal does not carry the message body; in the fourth stage of the GBA authentication process, since it is necessary to transmit Business data, the HTTP request message sent by the terminal carries the message body. By whether it carries a message body, the receiving end can simply determine the current GBA authentication process. For the terminal, this method only needs to choose whether to carry the message body, which is simple to implement and has low transformation cost. It is easy to judge for network-side devices, has good compatibility, and is easy to deploy on a large scale.
  • the first message is an HTTP request message
  • the second information is at least one specific field.
  • the at least one specific field is located in the request line, request header, and message body of the HTTP request message. At least one place.
  • the second information is a field, which can be located somewhere in the request line, request header, and message body;
  • the second information is multiple fields, which may be located at a continuous or discontinuous position in the request line, request header, and message body; or may be dispersed in multiple locations in the request line, request header, and message body.
  • URI Uniform Resource Locator
  • stage3 it means that it is currently in the third stage
  • URL Uniform Resource Identifier
  • stage4 it means that it is currently in the fourth stage, where URI is the Uniform Resource Identifier (Uniform Resource Identifier).
  • the NAF/AP After receiving the HTTP request message sent by the UE, the NAF/AP first uses the GBA session key to perform HTTP Digest authentication on the message. After the authentication is passed, NAF/AP adds a judgment mechanism to judge the current GBA authentication process stage based on the URL in the message.
  • NAF/AP should reply HTTP 200 OK to the UE and not forward the message to the server; if it is determined that it is currently in the fourth stage, NAF/AP should obtain the Ks_NAF* key based on the preset method. deal with.
  • the indication is made through existing fields in the request header, such as using existing fields in the HTTP request message as indication identifiers to indicate different stages of the GBA authentication process. For example, you can use the Host field in the request header and add a new indicator value after the field value as an indicator.
  • the Host field value is "ServerFQDN; stage3"
  • the Host field value is " ServerFQDN; stage4"
  • FQDN is a fully qualified domain name (Fully Qualified Domain Name).
  • the indication is provided through a new field in the request header, and a new header field is added as an indication mark in the request header of the HTTP request message to indicate different stages of the GBA authentication process. For example, add a header field named "gba-stage" to the request header. When the field value is "stage3", it means that the current stage is in the third stage; when the field value is "stage4", it means that the current stage is in the fourth stage. stage.
  • the request body in the HTTP request message can also be used in another way to indicate the process stage.
  • the UE sends the HTTP request message it can be in the third stage or the fourth stage.
  • the message body is carried, and a new field is added in the message body as an indicator to indicate the stage of the current GBA authentication process.
  • the implementation method and processing flow are the same as the other aforementioned embodiments.
  • determining the current processing stage according to the first message includes:
  • the current GBA processing stage is determined based on the first message.
  • the first operation includes:
  • sending the second message corresponds to sending HTTP 200K in the third stage in Figure 2; referring to the AKAM authentication process shown in Figure 3, corresponding to Figure Step 5 "Application Layer Session Establishment Response" shown in 3.
  • sending the third message corresponds to the HTTP request message in optional mode 1 or optional mode 2 of the step shown in the fourth stage in Figure 2 ;
  • the application software or modem fills in the value as the indication identifier.
  • a new judgment mechanism is added to judge the current GBA authentication process stage based on the indication mark in the HTTP message, and then take corresponding processing methods.
  • sending the second message includes sending a second message in response to the first message.
  • sending the third message includes: sending the third message to the second device;
  • the third message includes at least one of the following situations:
  • the third message is the first message
  • the third message includes part or all of the content of the first message
  • the third message includes part or all of the content of the first message, and also includes third information corresponding to the second device. It is worth noting that the third information here can have multiple situations.
  • the third information is the GBA application layer session key.
  • the third information may be a key provided for the corresponding Server (that is, the second device). It should be noted that the above two are only examples. In actual situations, the third information is not limited to the key, but may also be other information used by the second device. Of course, the third message here may also include other information such as the key lifetime.
  • the business processing method provided by the embodiments of the present disclosure can achieve the following technical effects:
  • the stage of the process can be clarified through the first message, or the first operation can be performed, thereby preventing bypassing of the process stage, improving the security of the business system, and improving the compatibility of the business processing system. Avoid some abnormal situations.
  • the NAF/AP can clearly distinguish the third and fourth stages of the enhanced GBA authentication process through the method indicated by the UE, preventing the business authorization operation in the fourth stage from being bypassed. , improve the security of the enhanced GBA system; eliminate the HTTP 404 error response returned by the server when handling abnormal situations, and prevent the enhanced GBA business process from being abnormally terminated; reduce the impact on the existing standard GBA processing mechanism, and avoid terminal Modem chip modification. Improve the compatibility and implementability of the enhanced GBA mechanism.
  • the AKAM authentication process it can be determined based on the first message that it is currently in the security association use stage or the application security association use stage, so as to avoid abnormal situations and thereby improve the security and compatibility of the business process.
  • Figure 9 is a schematic diagram of stage judgment of the GBA authentication process provided by the embodiment of the present disclosure
  • the business processing method provided by the embodiment of the present disclosure is further explained in conjunction with Figure 9, Figure 2, and Figure 3:
  • Figure 9 illustrates how the NAF/AP performs stage determination and performs the corresponding message processing process when receiving the HTTP request message sent by the UE in the GBA authentication process.
  • the stage determination illustrated in Figure 9 corresponds to the stage determination steps after HTTP Digest verification in the third or fourth stage in Figure 2.
  • the specific steps are as follows:
  • Step 901 NAF/AP receives the HTTP request message sent by the UE;
  • Step 902 NAF/AP uses the GBA session key to process the received HTTP request message.
  • HTTP Digest authentication
  • Step 903 After the authentication is passed, NAF/AP checks the stage indicated by the indication identifier (request line, request header, message body) in the HTTP request message;
  • Step 904 when the determination result is that the HTTP request is in the third stage, NAF/AP replies HTTP 200 OK to the UE and will not forward the HTTP request message sent by the UE to the server;
  • Step 905 When the determination result is that the HTTP request is in the fourth stage, NAF/AP takes corresponding processing methods according to the set key acquisition method (processing methods include: Server actively applies to NAF/AP, or NAF/AP actively push to Server);
  • Step 906 perform subsequent processing procedures.
  • a "stage determination” step is added to the GBA authentication process.
  • the stage determination step after HTTP Digest verification is passed.
  • the "Stage Determination” step realizes the judgment of the business stage.
  • Figure 5 shows another business processing method provided by an embodiment of the present disclosure.
  • the method includes:
  • Step 51 Send a first message for the third device to determine the current processing stage based on the first message, or to perform a first operation based on the first message.
  • the service processing method shown in Figure 5 is applied to the user equipment UE, and the user equipment UE can send messages or requests to other devices through this method.
  • the first message includes first information indicating the current processing stage.
  • the first message is an HTTP request message
  • the first information is carried in at least one of a request line, a request header, and a message body of the HTTP request message.
  • the first message includes the second information or does not include the second information.
  • the first message is an HTTP request message
  • the second information is the message body of the HTTP request message
  • the first message is an HTTP request message
  • the second information is at least one specific field.
  • the at least one specific field is located in the request line and request header of the HTTP request message. and at least one place in the message body.
  • the business processing method provided by the embodiment of the present disclosure can correspond to the business processing method provided by the first aspect of the present disclosure, and can be applied to the user equipment side corresponding to the business processing method, and can realize the business processing method provided by the first aspect of the present disclosure. All the technical effects of the business processing method will not be repeated here.
  • an embodiment of the present disclosure provides a business processing device 60.
  • the device 60 includes:
  • the receiving module 61 is used to receive the first message sent by the first device
  • the processing module 62 is configured to determine the current processing stage according to the first message, or to perform a first operation according to the first message.
  • the first message includes first information indicating the current processing stage.
  • the first message is an HTTP request message
  • the first information is carried in at least one of a request line, a request header, and a message body of the HTTP request message.
  • processing module 62 is also used to:
  • processing module 62 is also used to:
  • the first message is an HTTP request message
  • the second information is the message body of the HTTP request message
  • the first message is an HTTP request message
  • the second information is at least one specific field.
  • the at least one specific field is located in at least one of the request line, request header and message body of the HTTP request message. at.
  • processing module 62 is also used to:
  • the current GBA processing stage is determined based on the first message.
  • the first operation includes:
  • the processing module 62 is also configured to send a second message including: sending a second message in response to the first message.
  • processing module 62 is also configured to send the third message including: sending the third message to the second device;
  • the third message includes at least one of the following situations:
  • the third message is the first message
  • the third message includes part or all of the content of the first message
  • the third message includes part or all of the content of the first message, and also includes third information corresponding to the second device.
  • the embodiment of the present disclosure provides a business processing device 60, which can implement a business processing method provided by the embodiment of the present disclosure, and can achieve the same technical effect. To avoid duplication, the details will not be described here.
  • an embodiment of the present disclosure provides a user equipment 70, where the user equipment includes:
  • Sending module 71 configured to send a first message for the third device to determine the current processing stage based on the first message
  • the processing module 72 performs a first operation according to the first message.
  • the first message includes first information indicating the current processing stage.
  • the first message is an HTTP request message
  • the first information is carried in at least one of a request line, a request header, and a message body of the HTTP request message.
  • the first message includes the second information or does not include the second information.
  • the first message is an HTTP request message
  • the second information is the message body of the HTTP request message
  • the first message is an HTTP request message
  • the second information is at least one specific field.
  • the at least one specific field is located in at least one of the request line, request header and message body of the HTTP request message. at.
  • the embodiment of the present disclosure provides a user equipment 70 that can implement another service processing method provided by the embodiment of the present disclosure and can achieve the same technical effect. To avoid duplication, the details will not be described here.
  • This embodiment of the present disclosure also provides a network device 80, which includes a processor 81, a memory 82, and a computer program stored on the memory 82 and executable on the processor 81.
  • the computer program is processed by the processor 81.
  • 81 realizes each process of the above business processing method embodiment when executed, and can achieve the same technical effect. To avoid duplication, it will not be described again here.
  • Embodiments of the present disclosure also provide a computer-readable storage medium.
  • a computer program is stored on the computer-readable storage medium.
  • the computer program is executed by a processor, each process of the above business processing method embodiment is implemented, and the same can be achieved. The technical effects will not be repeated here to avoid repetition.
  • the computer-readable storage medium is such as read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk, etc.
  • the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk). ), includes several instructions to cause a terminal (which can be a mobile phone, computer, server, air conditioner, or network device, etc.) to execute the methods described in various embodiments of the present disclosure.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

La présente divulgation appartient au domaine technique de la sécurité des réseaux. L'invention concerne un procédé et un appareil de traitement de service, et un dispositif de réseau et un support d'enregistrement. Le procédé de traitement de service selon la présente divulgation consiste à : recevoir un premier message envoyé par un premier dispositif ; et déterminer l'étape de traitement actuelle selon le premier message, ou exécuter une première opération selon le premier message.
PCT/CN2023/117255 2022-09-08 2023-09-06 Procédé et appareil de traitement de service, et dispositif de réseau et support d'enregistrement WO2024051742A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202211093563.0 2022-09-08
CN202211093563.0A CN117729539A (zh) 2022-09-08 2022-09-08 业务处理方法、装置、网络设备和存储介质

Publications (1)

Publication Number Publication Date
WO2024051742A1 true WO2024051742A1 (fr) 2024-03-14

Family

ID=90192039

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/117255 WO2024051742A1 (fr) 2022-09-08 2023-09-06 Procédé et appareil de traitement de service, et dispositif de réseau et support d'enregistrement

Country Status (2)

Country Link
CN (1) CN117729539A (fr)
WO (1) WO2024051742A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101087260A (zh) * 2006-06-05 2007-12-12 华为技术有限公司 基于通用引导构架实现推送功能的方法和设备
CN103051594A (zh) * 2011-10-13 2013-04-17 中兴通讯股份有限公司 一种标识网端到端安全建立的方法、网络侧设备及系统
US20130117824A1 (en) * 2010-06-22 2013-05-09 Telefonaktiebolaget L M Ericsson (Publ) Privacy preserving authorisation in pervasive environments
CN113518348A (zh) * 2020-06-30 2021-10-19 中国移动通信有限公司研究院 业务处理方法、装置、系统及存储介质

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101087260A (zh) * 2006-06-05 2007-12-12 华为技术有限公司 基于通用引导构架实现推送功能的方法和设备
US20130117824A1 (en) * 2010-06-22 2013-05-09 Telefonaktiebolaget L M Ericsson (Publ) Privacy preserving authorisation in pervasive environments
CN103051594A (zh) * 2011-10-13 2013-04-17 中兴通讯股份有限公司 一种标识网端到端安全建立的方法、网络侧设备及系统
CN113518348A (zh) * 2020-06-30 2021-10-19 中国移动通信有限公司研究院 业务处理方法、装置、系统及存储介质

Also Published As

Publication number Publication date
CN117729539A (zh) 2024-03-19

Similar Documents

Publication Publication Date Title
US20210297942A1 (en) Service authorization for indirect communication in a communication system
US10356619B2 (en) Access through non-3GPP access networks
EP1796342B1 (fr) Procede de transmission de demandes de sessions
EP1916797B1 (fr) Procede de transmission de message de protocole d'authentification d'autorisation et de comptabilite
CN101160920A (zh) 对用户终端进行鉴权的方法及鉴权系统
JP6067651B2 (ja) デュアルスタック・オペレーションの認可を織り込むための方法および装置
US11363023B2 (en) Method, device and system for obtaining local domain name
CN106714154B (zh) 用于通用自举架构协议的代理服务器、方法和系统
US11789803B2 (en) Error handling framework for security management in a communication system
EP4124096A1 (fr) Procédé, appareil et système de communication
US8799630B2 (en) Advanced security negotiation protocol
CN100479570C (zh) 连接建立方法、系统、网络应用实体及用户终端
RU2537275C2 (ru) Профиль средств обеспечения безопасности смарт-карт в домашнем абонентском сервере
US10581979B2 (en) Information transmission method and apparatus
WO2024051742A1 (fr) Procédé et appareil de traitement de service, et dispositif de réseau et support d'enregistrement
CN109120578B (zh) 一种实现链路连接处理的方法及装置
WO2008006309A1 (fr) Procédé appareil de détermination du type de service d'une demande de clé
US20070028092A1 (en) Method and system for enabling chap authentication over PANA without using EAP
WO2022067736A1 (fr) Procédé et appareil de communication
US20160344716A1 (en) Implicit Challenge Authentication Process
CN115209522B (zh) 网络功能注册方法、发现方法、装置、设备及介质
KR100541756B1 (ko) 무선통신 시스템에서 대용량 데이터 전송방법
CN114945173B (zh) 跨plmn信令转发方法、电子设备及存储介质
WO2024032554A1 (fr) Procédé et système d'authentification de dispositif terminal, et dispositif associé
EP4322480A1 (fr) Identification sécurisée d'applications dans un réseau de communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23862436

Country of ref document: EP

Kind code of ref document: A1