Nothing Special   »   [go: up one dir, main page]

WO2024192638A1 - Information processing method and apparatus, communication device, and storage medium - Google Patents

Information processing method and apparatus, communication device, and storage medium Download PDF

Info

Publication number
WO2024192638A1
WO2024192638A1 PCT/CN2023/082585 CN2023082585W WO2024192638A1 WO 2024192638 A1 WO2024192638 A1 WO 2024192638A1 CN 2023082585 W CN2023082585 W CN 2023082585W WO 2024192638 A1 WO2024192638 A1 WO 2024192638A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
identifier
network element
hash
key
Prior art date
Application number
PCT/CN2023/082585
Other languages
French (fr)
Chinese (zh)
Inventor
梁浩然
陆伟
Original Assignee
北京小米移动软件有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京小米移动软件有限公司 filed Critical 北京小米移动软件有限公司
Priority to PCT/CN2023/082585 priority Critical patent/WO2024192638A1/en
Publication of WO2024192638A1 publication Critical patent/WO2024192638A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation

Definitions

  • the present disclosure relates to, but is not limited to, the field of wireless communication technology, and in particular to an information processing method and apparatus, a communication device, and a storage medium.
  • each network element in the network can realize more and more functions.
  • the interaction between network elements in the network needs to consider security.
  • the connection between user equipment (UE) and other network elements in the network needs to consider secure connection.
  • the embodiments of the present disclosure provide an information processing method and apparatus, a communication device, and a storage medium.
  • a first aspect of an embodiment of the present disclosure provides an information processing method, which is executed by a first UE and includes:
  • the first information includes first hash information of a first identifier; the first hash information is used by the first network element to determine key information corresponding to the first identifier; the first identifier is an identifier of the first UE.
  • the method further includes: determining first hash information based on a first identifier of the first UE.
  • the first information further includes: authentication information; the authentication information is determined based on the key information.
  • the first identifier includes one of the following:
  • Subscription Permanent Identifier of the first UE
  • the Subscription Concealed Identifier (SUCI) of the first UE SUCI
  • GUI globally unique temporary UE identity
  • the first network element includes one of the following:
  • TWIF Trusted WLAN Interworking Function
  • TNGF Trusted Non-3GPP Gateway Function
  • the key information includes at least one of the following:
  • K TWIF a first key associated with TWIF
  • a second key (K TNGF ) associated with TNGF is associated with TNGF.
  • a second aspect of the embodiment of the present disclosure provides an information processing method, which is executed by a second network element, including:
  • the second information includes: second hash information of at least one second identifier, and key information corresponding to the second hash information; the second information is used by the first network element to determine the key information corresponding to the first identifier; the first identifier is the identifier of the first UE, and the second identifier is the identifier of the second UE.
  • the method includes: determining second hash information of at least one second UE based on a second identifier of the at least one second UE.
  • the first identifier includes one of: a SUPI of the first UE, a SUCI of the first UE, a GUTI of the first UE, and an index or number indicating the first UE;
  • the second identifier includes one of the following: a SUPI of the second UE, a SUCI of the second UE, a GUTI of the second UE, and an index or number indicating the second UE.
  • the first network element includes one of: a TWIF, and a TNGF.
  • the key information includes at least one of the following:
  • K TWIF a first key associated with TWIF
  • a second key (K TNGF ) associated with TNGF is associated with TNGF.
  • the second network element is an access and mobility management function (AMF).
  • AMF access and mobility management function
  • a third aspect of the embodiments of the present disclosure provides an information processing method, which is executed by a first network element and includes:
  • the first information includes the first hash information of the first identifier;
  • the second information includes the second hash information of the second identifier and the key information corresponding to the second hash information;
  • the first identifier is the identifier of the first UE;
  • the second identifier is the identifier of the second UE;
  • key information of the first UE is determined.
  • obtaining the first information includes: receiving the first information sent by the first UE.
  • obtaining the second information includes one of the following:
  • the second information stored in the first network element is obtained.
  • the first information further includes: authentication information; the authentication information is determined based on the key information.
  • the method comprises one of the following:
  • Verifying the authentication information based on the key information fails, and not establishing a connection with the first UE based on the key information.
  • the first network element includes one of: a TWIF, and a TNGF.
  • the key information includes at least one of the following:
  • K TWIF a first key associated with TWIF
  • a second key (K TNGF ) associated with TNGF is associated with TNGF.
  • the second network element is an AMF.
  • a fourth aspect of the present disclosure provides an information processing device, including:
  • the first sending module is configured to send first information to the first network element, wherein the first information includes first hash information of a first identifier; the first hash information is used by the first network element to determine key information corresponding to the first identifier; the first identifier is an identifier of the first UE.
  • the device also includes: a first processing module configured to determine first hash information based on a first identifier of the first UE.
  • the first information further includes: authentication information; the authentication information is determined based on the key information.
  • the first identifier includes one of the following: a SUPI of the first UE, a SUCI of the first UE, a GUTI of the first UE, and an index or number indicating the first UE.
  • the first network element includes one of: a TWIF, and a TNGF.
  • the key information includes at least one of the following:
  • K TWIF a first key associated with TWIF
  • a second key (K TNGF ) associated with TNGF is associated with TNGF.
  • a fifth aspect of the present disclosure provides an information processing device, including:
  • the second sending module is configured to send second information to the first network element, wherein the second information includes: second hash information of at least one second identifier, and key information corresponding to the second hash information; the second information is used by the first network element to determine the key information corresponding to the first identifier; the first identifier is the identifier of the first UE, and the second identifier is the identifier of the second UE.
  • the apparatus includes: a second processing module configured to determine second hash information of at least one second UE based on a second identifier of at least one second UE.
  • the first network element includes one of: a TWIF, and a TNGF.
  • the first identifier includes one of: a SUPI of the first UE, a SUCI of the first UE, a GUTI of the first UE, and an index or number indicating the first UE;
  • the second identifier includes one of the following: a SUPI of the second UE, a SUCI of the second UE, a GUTI of the second UE, and an index or number indicating the second UE.
  • the key information includes at least one of the following:
  • K TWIF a first key associated with TWIF
  • a second key (K TNGF ) associated with TNGF is associated with TNGF.
  • the second network element is an AMF.
  • a sixth aspect of the present disclosure provides an information processing device, including:
  • the acquisition module is configured to acquire first information and acquire second information; wherein the first information includes first hash information of the first identifier; the second information includes second hash information of the second identifier and key information corresponding to the second hash information; the first identifier is the first The first UE identifier; the second identifier is the identifier of the second UE;
  • a third processing module is configured to determine second hash information matching the first hash information based on the first information and the second information;
  • the third processing module is also configured to determine the key information of the first UE based on the second hash information.
  • the acquisition module is configured to receive first information sent by the first UE.
  • the acquisition module is configured to receive the second information sent by the second network element; or, the acquisition module is configured to acquire the second information stored in the first network element.
  • the first information further includes: authentication information; the authentication information is determined based on the key information.
  • the third processing module is configured to successfully verify the authentication information based on the key information and establish a connection with the first UE based on the key information; or, the third processing module is configured to fail to verify the authentication information based on the key information and not establish a connection with the first UE based on the key information.
  • the first network element includes one of: a TWIF, and a TNGF.
  • the key information includes at least one of the following:
  • K TWIF a first key associated with TWIF
  • a second key (K TNGF ) associated with TNGF is associated with TNGF.
  • the second network element is an AMF.
  • a seventh aspect of the embodiments of the present disclosure provides an information processing system, including: a first UE, a first network element, and a second network element; wherein:
  • a first UE is configured to send first information to a first network element, wherein the first information includes first hash information of a first identifier; the first identifier is an identifier of the first UE;
  • the second network element is configured to send second information to the first network element, wherein the second information includes: second hash information of at least one second identifier, and key information corresponding to the second hash information; the second identifier is an identifier of the second UE;
  • the first network element is configured to determine second hash information matching the first hash information based on the first information and the second information; and determine key information of the first UE based on the second hash information.
  • An eighth aspect of an embodiment of the present disclosure provides a communication device, comprising a processor, a transceiver, a memory, and an executable program stored in the memory and capable of being run by the processor, wherein the processor executes the information processing method provided in the first aspect, the second aspect, or the third aspect when running the executable program.
  • a ninth aspect of the embodiments of the present disclosure provides a computer storage medium storing an executable program. After the executable program is executed by a processor, the information processing method provided in the first, second or third aspect can be implemented.
  • a first information is sent to a first network element by a first UE, wherein the first information includes first hash information of a first identifier, and the first hash information is used by the first network element to determine key information corresponding to the first identifier of the first UE; in this way, the first network element can accurately determine the key information of the first UE based on the first hash information of the first identifier, thereby facilitating a secure connection between the first UE and the first network element.
  • FIG1 is a schematic structural diagram of a wireless communication system according to an exemplary embodiment
  • Fig. 2 is a schematic flow chart of an information processing method according to an exemplary embodiment.
  • Fig. 3 is a schematic flow chart of an information processing method according to an exemplary embodiment.
  • Fig. 4 is a schematic flow chart of an information processing method according to an exemplary embodiment.
  • Fig. 5 is a schematic flow chart of an information processing method according to an exemplary embodiment.
  • Fig. 6 is a schematic flow chart of an information processing method according to an exemplary embodiment.
  • Fig. 7 is a schematic diagram showing the structure of an information processing device according to an exemplary embodiment.
  • Fig. 8 is a schematic diagram showing the structure of an information processing device according to an exemplary embodiment.
  • Fig. 9 is a schematic diagram showing the structure of an information processing device according to an exemplary embodiment.
  • FIG10 is a schematic diagram showing the structure of a UE according to an exemplary embodiment
  • Fig. 11 is a schematic structural diagram of a communication device according to an exemplary embodiment.
  • first and second in the embodiments of the present disclosure are only used to distinguish different description objects, and do not limit the position, order, priority, quantity or content of the description objects.
  • the description of the description object is described in the context of the claims or embodiments, and should not be redundant due to the use of prefix numerals.
  • first, second, “third”, etc. are used to describe various information, but these information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other.
  • the first information may also be referred to as the second information
  • the second information may also be referred to as the first information.
  • the word “if” as used herein may be interpreted as “at the time of” or “when” or “in response to determining”.
  • the names of information and the like are not limited to the names described in the embodiments, and the terms “information”, “message”, “signaling”, “report”, “instruction”, “configuration”, “data” and the like may be interchangeable.
  • obtain In some embodiments of the present disclosure, “obtain”, “obtain”, “get”, “receive”, and “transmit (send and/or receive)” are interchangeable, which can be interpreted as receiving from other entities, obtaining from a protocol, obtaining by self-processing, and other meanings.
  • Figure 1 shows a schematic diagram of the structure of a wireless communication system provided by an embodiment of the present disclosure.
  • the wireless communication system is a communication system based on cellular mobile communication technology, and the wireless communication system may include: a plurality of UEs 11 and a plurality of access devices 12.
  • UE 11 can be a device that provides voice and/or data connectivity to users.
  • UE 11 can communicate with one or more core networks via a radio access network (RAN).
  • RAN radio access network
  • UE 11 can be an Internet of Things UE, such as a sensor device, a mobile phone (or a "cellular" phone), and a computer with an Internet of Things UE, for example, a fixed, portable, pocket-sized, handheld, computer-built-in, or vehicle-mounted device.
  • a station STA
  • a subscriber unit a subscriber station, a mobile station, a mobile station, a mobile station, a remote station, an access point, a remote terminal, an access terminal, a user terminal, a user agent, or a user equipment (UE).
  • STA station
  • UE user equipment
  • UE 11 can also be a device of an unmanned aerial vehicle.
  • UE 11 can also be a vehicle-mounted device, for example, a driving computer with wireless communication function, or a wireless communication device connected to an external driving computer.
  • UE 11 may also be a roadside device, for example, a street lamp, traffic light or other roadside device with wireless communication function.
  • the access device 12 may be a network side device in a wireless communication system.
  • the wireless communication system may be a 4th generation mobile communication technology (4G) system, also known as a long term evolution (LTE) system; or, the wireless communication system may be a 5G system, also known as a new radio (NR) system or a 5G NR system.
  • 4G 4th generation mobile communication technology
  • 5G also known as a new radio (NR) system or a 5G NR system.
  • NR new radio
  • the wireless communication system may be a next generation system of the 5G system.
  • the access network in the 5G system may be called a new generation-radio access network (NG-RAN).
  • NG-RAN new generation-radio access network
  • MTC Mobility Management Entity
  • the access device 12 can be an evolved access device (eNB) adopted in a 4G system.
  • the access device 12 can also be an access device (gNB) adopting a centralized distributed architecture in a 5G system.
  • the access device 12 adopts a centralized distributed architecture it usually includes a centralized unit (central unit, CU) and at least two distributed units (distributed units, DU).
  • the centralized unit is provided with a packet data convergence protocol (Packet Data Convergence Protocol, PDCP) layer, a radio link layer control protocol (Radio Link Control, RLC) layer, and a media access control (Media Access Control, MAC) layer protocol stack;
  • the distributed unit is provided with a physical (Physical, PHY) layer protocol stack.
  • the embodiment of the present disclosure does not limit the specific implementation method of the access device 12.
  • a wireless connection can be established between the access device 12 and the UE 11 through a wireless air interface.
  • the wireless air interface is a wireless air interface based on the fourth generation mobile communication network technology (4G) standard; or, the wireless air interface is a wireless air interface based on the fifth generation mobile communication network technology (5G) standard, for example, the wireless air interface is a new air interface; or, the wireless air interface can also be a wireless air interface based on the next generation mobile communication network technology standard of 5G.
  • the AMF in order to support specific UEs and the Trusted WLAN Interoperability Function (TWIF), Alternatively, in order to support a secure connection between a specific UE and a trusted non-3GPP gateway function (TNGF), the AMF needs to send key information (K TWIF or K TNGF ) to the TWIF or TNGF. However, the TWIF or TNGF stores key information belonging to multiple UEs. In a non-public network (NPN) scenario, if the UE sends an anonymous identifier to the TWIF or TNGF, the TWIF/TNGF cannot identify the key information (K TWIF or K TNGF ) belonging to a specific UE.
  • NPN non-public network
  • An embodiment of the present disclosure provides an information processing method, which is executed by a first UE and includes: sending first hash information to a first network element.
  • An embodiment of the present disclosure provides an information processing method, which is executed by a first UE and includes: sending first information to a first network element, where the first information includes first hash information.
  • an embodiment of the present disclosure provides an information processing method, which is executed by a first UE and includes:
  • Step S21 Send first information to the first network element, wherein the first information includes first hash information of a first identifier; the first hash information is used by the first network element to determine key information corresponding to the first identifier; the first identifier is an identifier of the first UE.
  • the first network element determines the key information corresponding to the first identifier, that is, the first network element determines the key information of the first UE.
  • the first UE involved in the embodiment of the present disclosure and the second UE involved in the following embodiments may be, but are not limited to, various mobile terminals or fixed terminals.
  • the first UE and the second UE may be at least one of the following: a mobile phone, a computer, a server, a wearable device, a game control platform or a multimedia device, etc.
  • the first UE and the second UE may be at least one of the following: a fixed, portable, pocket-sized, handheld, computer-built-in or vehicle-mounted device.
  • the first UE and the second UE may be at least one of the following: an unmanned aerial vehicle device, a vehicle-mounted device, an Internet of Things device, a street lamp, a signal lamp or other roadside device with a wireless communication function, and a driving computer with a wireless communication function or a wireless communication device external to the driving computer.
  • the first network element involved in the embodiments of the present disclosure and the second network element involved in the embodiments below may be, but are not limited to, logical nodes or functions flexibly deployed in the network.
  • the first network element may be a logical node or function flexibly deployed in an access network or a core network.
  • the first network element may be a TWIF and/or a TNGF.
  • the first network element may also be a base station or a network element having some functions of a base station or a network element having network element functions, etc.; the base station may be at least one of the following: a 3G base station, a 4G base station, a 5G base station and other evolved base stations.
  • the second network element may be a logical node or function flexibly deployed in the core network.
  • the second network element may be an AMF.
  • the second network element may be a unified data management (UDM) or a unified database (User Data Repository, UDR).
  • the first identifier includes one of the following: a SUPI of the first UE, a SUCI of the first UE, a GUTI of the first UE, and an index or number indicating the first UE.
  • the index or number indicating the first UE may be any index or number, for example, a string of one or more bits, as long as the index or number of the first UE can be used to identify the first UE. In this way, multiple identification methods of the first UE are provided, so that the first identifier can be flexibly determined for the first UE.
  • the first hash information includes at least a first hash value.
  • the first hash value may be a hash value obtained by operating the first identifier based on any hash algorithm.
  • the first hash value may be a one-bit character or a multi-bit string.
  • the key information includes at least one of the following: a first key associated with TWIF and a second key associated with TNGF.
  • the first key is K TWIF .
  • the second key is K TNGF .
  • the first UE sends first information to the TWIF, where the first information includes a first hash value of the first identifier; the first hash value is used by the TWIF to determine K TWIF corresponding to the first identifier.
  • the first UE sends first information to the TNGF, where the first information includes a first hash value of the first identifier; the first hash value is used by the TNGF to determine K TNGF corresponding to the first identifier.
  • the key information may also be key information determined based on any encryption and decryption algorithm; it is sufficient that the first UE and the second network element have the same encryption and decryption algorithm.
  • a first information is sent to a first network element by a first UE, wherein the first information includes first hash information of a first identifier, and the first hash information is used by the first network element to determine key information corresponding to the first identifier of the first UE; in this way, the first network element can accurately determine the key information of the first UE based on the first hash information of the first identifier, thereby facilitating a secure connection between the first UE and the first network element.
  • different key information can be obtained for different first network elements; for example, for TWIF, the first key can be obtained, and for TNGF, the second key can be obtained; this can help the UE to establish secure connections for different first network elements respectively.
  • the present disclosure embodiment provides an information processing method, which is executed by a first UE, including: determining first hash information based on a first identifier of the first UE.
  • the first hash information includes at least a first hash value.
  • the first UE performs a hash operation on the first identifier of the first UE to obtain first hash information corresponding to the first identifier. In this way, the first hash information corresponding to the first identifier can be accurately determined.
  • the first information further includes: authentication information; the authentication information is determined based on the key information.
  • An embodiment of the present disclosure provides an information processing method, which is executed by a first UE and includes: determining authentication information based on key information.
  • the authentication information is used to protect the integrity of the key information. For example, if the key information successfully verifies the authentication information, it is determined that the key information has not been tampered with; or if the key information fails to verify the authentication information, it is determined that the key information is incomplete or has been tampered with.
  • the authentication information may be a key exchange authentication payload (AUTH payload).
  • AUTH payload key exchange authentication payload
  • the first UE may also send authentication information to the first network element, so that the first network element can authenticate the key information, thereby facilitating the first network element to determine whether the key information has been tampered with or whether it is complete key information.
  • the authentication information may not be carried in the first information, or the authentication information and the first hash information may be sent separately.
  • the first UE sends the first information to the first network element, and the first information carries the first hash information; the first UE sends the authentication information to the first network element.
  • the first UE sends the first hash information and the authentication information to the first network element respectively.
  • the following information processing method is executed by the second network element, which is similar to the description of the information processing method executed by the first UE mentioned above; and for technical details not disclosed in the embodiment of the information processing method executed by the second network element, please refer to the description of the example of the information processing method executed by the first UE, and no detailed description is given here.
  • An embodiment of the present disclosure provides an information processing method, which is executed by a second network element, and includes: sending second hash information of at least one second identifier and key information corresponding to the second hash information to a first network element.
  • the embodiment of the present disclosure provides an information processing method, which is executed by a second network element, including: sending second information to a first network element; the second information includes second hash information of at least one second identifier and key information corresponding to the second hash information.
  • the second information includes second hash information of at least one second identifier and key information corresponding to the second hash information.
  • one second UE corresponds to one second identifier.
  • one second identifier corresponds to one second hash information.
  • an embodiment of the present disclosure provides an information processing method, which is executed by a second network element and includes:
  • Step S31 Send second information to the first network element, wherein the second information includes: second hash information of at least one second identifier, and key information corresponding to the second hash information; the second information is used by the first network element to determine the key information corresponding to the first identifier; the first identifier is the identifier of the first UE, and the second identifier is the identifier of the second UE.
  • the first UE and the second UE may be the first UE and the second UE in the above-mentioned embodiment, respectively; the first network element and the second network element may be the first network element and the second network element in the above-mentioned embodiment, respectively; and the key information may be the key information in the above-mentioned embodiment.
  • the first network element may be TWIF and/or TNGF.
  • the second network element may be AMF.
  • the key information may be the first key and/or the second key.
  • the first key may be K TWIF .
  • the second key may be K TNGF .
  • the first identifier may be the first identifier in the above embodiment.
  • the first identifier includes one of the following: a SUPI of the first UE, a SUCI of the first UE, a GUTI of the first UE, and an index or number indicating the first UE.
  • the second identifier includes one of the following: a SUPI of the second UE, a SUCI of the second UE, a GUTI of the second UE, and an index or number indicating the second UE.
  • the index or number indicating the second UE may be any index or number, for example, a string of one or more bits, as long as the index or number of the second UE can be used to identify the second UE. In this way, multiple identification methods of the second UE are provided, so that the second identifier can be flexibly determined for the second UE.
  • the second hash information includes at least a second hash value.
  • the second hash value may be a hash value obtained by operating the second identifier based on any hash algorithm.
  • the second hash value is a one-bit character or a multi-bit string.
  • the second UE includes the first UE.
  • the second UE does not include the first UE.
  • the second network element can send second information to the first network element, and the second information includes second hash information of at least one second identifier and key information corresponding to the second hash information; in this way, the first network element can obtain hash information and corresponding key information of multiple UEs, which is conducive to the first network element identifying the key information corresponding to the first identifier of the first UE.
  • the embodiment of the present disclosure provides an information processing method, which is executed by a second network element, and includes: determining second hash information of at least one second UE based on a second identifier of at least one second UE.
  • a second identifier of a second UE corresponds to a second hash information.
  • the second network element performs a hash operation on the second identifier of the second UE to obtain second hash information corresponding to the second identifier. In this way, the second network element can accurately determine the second hash information corresponding to the second identifier.
  • the second information includes at least one of the following: a third identifier and a fourth identifier.
  • the third identifier is a RAN UE NG application protocol (NG Application Protocol, NGAP) identifier (ID);
  • the fourth identifier is an AMF UE NGAP ID.
  • NGAP may be an application layer protocol of the N2 interface.
  • NGAP is a protocol between AMF and TWIF, or NGAP is a protocol between AMF and TNGF; for the AMF side, the UE identifier may be considered as AMF UE NGAP ID; for the TWIF or NGAP side, the UE identifier may be considered as RAN UE NGAP ID.
  • the first network element and the second network element can know which UE the second identifier corresponds to, thereby facilitating communication between the first network element and the second network element.
  • the following information processing method is executed by the first network element, which is similar to the description of the information processing method executed by the first UE and/or the second network element.
  • the first network element is similar to the description of the information processing method executed by the first UE and/or the second network element.
  • the description of the example of the information processing method executed by the first UE and/or the second network element please refer to the description of the example of the information processing method executed by the first UE and/or the second network element, and no detailed description is given here.
  • the disclosed embodiment provides an information processing method, which is executed by a first network element, including: determining second hash information matching the first hash information based on the first information and the second information; and determining key information of the first UE based on the second hash information.
  • the first network element determines second hash information corresponding to the first hash information based on the first hash information; and determines key information corresponding to the second hash information based on the second hash information; the key information corresponding to the second hash information is the key information of the first UE.
  • an embodiment of the present disclosure provides an information processing method, which is executed by a first network element and includes:
  • Step S41 obtaining first information and obtaining second information; wherein the first information includes first hash information of the first identifier; the second information includes second hash information of the second identifier and key information corresponding to the second hash information; the first identifier is the identifier of the first UE; the second identifier is the identifier of the second UE;
  • Step S42 Determine second hash information matching the first hash information based on the first information and the second information;
  • Step S43 Determine the key information of the first UE based on the second hash information.
  • the first UE and the second UE may be the first UE and the second UE in the above-mentioned embodiment, respectively; the first network element and the second network element may be the first network element and the second network element in the above-mentioned embodiment, respectively; and the key information may be the key information in the above-mentioned embodiment.
  • the first network element may be TWIF and/or TNGF.
  • the second network element may be AMF.
  • the key information may be the first key and/or the second key.
  • the first key may be K TWIF .
  • the second key may be K TNGF .
  • the first identifier and the second identifier may be the first identifier and the second identifier in the above-mentioned embodiments, respectively.
  • the first identifier includes one of the following: a SUPI of the first UE, a SUCI of the first UE, a GUTI of the first UE, and an index or number indicating the first UE.
  • the second identifier includes one of the following: a SUPI of the second UE, a SUCI of the second UE, a GUTI of the second UE, and an index or number indicating the second UE.
  • the first hash information and the second hash information may be the first hash information and the second hash information in the above embodiment, respectively.
  • the first hash information includes at least the first hash value.
  • the second hash information includes at least the second hash value.
  • the second hash information matching the first hash information may be: second hash information that is the same as the first hash information.
  • the first network element obtains first information, the first information includes first hash information, and the first hash information is determined by the first identifier of the first UE; the first network element obtains second information, the second information includes at least one second hash information and at least one key information corresponding to the second hash information, and one second hash information is determined by the second identifier of a second UE; the first network element determines second hash information that is identical to the first hash information based on the first hash information included in the first information; the first network element determines the key information corresponding to the second hash information based on the second hash information and the key information corresponding to at least one second hash information included in the second information; the key information determined by the second network element is the key information corresponding to the first identifier of the first UE.
  • the first network element can obtain the first information and the second information, and determine the key information of the first UE based on the first information and the second information; in this way, the key information of the first UE can be accurately identified, which is conducive to the first network element and the first UE to establish a secure connection.
  • obtaining the first information includes: receiving the first information sent by the first UE.
  • the first network element may also obtain the first information of the first UE from other network devices other than the first UE; for example, the first information of the first UE may be obtained from a base station or other core network devices.
  • An embodiment of the present disclosure provides an information processing method, which is executed by a first network element and includes: receiving first information sent by a first UE.
  • obtaining the second information includes one of the following:
  • the second information stored in the first network element is obtained.
  • the embodiment of the present disclosure provides an information processing method, which is executed by a first network element and includes: receiving second information sent by a second network element.
  • the embodiment of the present disclosure provides an information processing method, which is executed by a first network element, and includes: obtaining second information stored in the first network element.
  • the second information may be stored in a database of the first network element.
  • the first network element obtains the second information in advance and stores it in the first network element.
  • the first information further includes: authentication information; the authentication information is determined based on the key information.
  • the authentication information is used to perform integrity protection on the key information.
  • the authentication information may be an AUTH payload.
  • determining the key information of the first UE includes: successfully verifying the authentication information based on the key information to determine the key information of the first UE. In this way, when the key information passes the integrity authentication, it is determined that the key information is the key information required by the first UE; thus, the accuracy of obtaining the key information of the first UE is further improved.
  • an embodiment of the present disclosure provides an information processing method, which is executed by a first network element and includes:
  • Step S51 successfully verifying the authentication information based on the key information, and establishing a connection with the first UE based on the key information; or, failing to verify the authentication information based on the key information, not establishing a connection with the first UE based on the key information.
  • connection is a secure connection.
  • the first network element and the first UE may establish a connection based on the key information; or, if the key information fails to verify the authentication information and determines that the key information is not the key information of the first UE, the first network element and the first UE do not establish a connection with the first UE based on the key information.
  • the embodiment of the present disclosure can determine whether to establish a connection with the first UE based on the key information by whether the first network element successfully verifies the authentication information based on the key information, thereby ensuring the security of the connection when the first network element and the first UE are connected.
  • an embodiment of the present disclosure provides an information processing method, which is performed by a communication device, and the communication device includes a UE, a TWIF or a TNGF, and an AMF; the information processing method includes the following steps:
  • the UE in the disclosed embodiment may be the first UE in the above embodiment.
  • Step S61 During the registration process, when the Non-Access Stratum (NAS) Security Mode Control (SMC) is successfully completed, the AMF decides to provide the UE security context to the TWIF or TNGF;
  • NAS Non-Access Stratum
  • SMC Security Mode Control
  • Step S62 Before the AMF initiates the Initial Context Request, the AMF determines the hash value of the SUPI of the UE used to identify the K TWIF or K TNGF ;
  • Step S63 AMF sends K TWIF or K TNGF , RAN UE NGAP ID, AMF UE NGAP ID and a hash value of SUPI to TWIF or TNGF;
  • Step S64 TWIF or TNGF stores the hash value of SUPI received from AMF and associates the received K TWIF or K TNGF with the hash value;
  • Step S65 The UE determines the hash value of the SUPI.
  • the UE calculates the hash value of the SUPI.
  • the UE generates an AUTH payload based on K TWIF or K TNGF .
  • Step S66 The UE sends the hash value of the SUPI and the AUTH payload to the TWIF or TNGF;
  • Step S67 TWIF or TNGF identifies the UE's K TWIF or K TNGF by searching for a match between the hash value of the SUPI received by the UE and the hash value of the SUPI stored from the AMF.
  • TWIF or TNGF verifies the validity of the AUTH payload based on the identified key information (e.g., K TWIF or K TNGF ).
  • Step S68 If the TWIF or TNGF determines that the AUTH payload is successfully verified, it establishes a secure connection with the UE based on the identified K TWIF or K TNGF ; otherwise, the TWIF or TNGF terminates the process.
  • the present disclosure provides an information processing system, which includes: a first UE, a first network element, and a second network element; wherein:
  • a first UE is configured to send first information to a first network element, wherein the first information includes first hash information of a first identifier; the first identifier is an identifier of the first UE;
  • the second network element is configured to send second information to the first network element, wherein the second information includes: second hash information of at least one second identifier, and key information corresponding to the second hash information; the second identifier is an identifier of the second UE;
  • the first network element is configured to determine second hash information matching the first hash information based on the first information and the second information; and determine key information of the first UE based on the second hash information.
  • the first UE is configured to determine first hash information based on a first identifier of the first UE.
  • the second network element is configured to determine second hash information based on a second identifier of the second UE.
  • the first network element is configured to receive first information sent by the first UE and/or receive second information sent by the second network element.
  • the first network element is configured to successfully verify the authentication information based on the key information and establish a connection with the first UE based on the key information; or, if the authentication information fails to be verified based on the key information, not establish a connection with the first UE based on the key information.
  • an information processing device including:
  • the first sending module 51 is configured to send first information to the first network element, wherein the first information includes first hash information of a first identifier; the first hash information is used by the first network element to determine key information corresponding to the first identifier; the first identifier is an identifier of the first UE.
  • the information processing device provided by the embodiment of the present disclosure may be a first UE.
  • An embodiment of the present disclosure provides an information processing device, including: a first processing module, configured to determine first hash information based on a first identifier of a first UE.
  • the first information further includes: authentication information; the authentication information is determined based on the key information.
  • the first identifier includes one of the following: a SUPI of the first UE, a SUCI of the first UE, a GUTI of the first UE, and an index or number indicating the first UE.
  • the first network element includes one of: a TWIF, and a TNGF.
  • the key information includes at least one of the following:
  • K TWIF a first key associated with TWIF
  • a second key (K TNGF ) associated with TNGF is associated with TNGF.
  • an information processing device including:
  • the second sending module 61 is configured to send second information to the first network element, wherein the second information includes: second hash information of at least one second identifier, and key information corresponding to the second hash information; the second information is used by the first network element to determine the key information corresponding to the first identifier; the first identifier is the identifier of the first UE, and the second identifier is the identifier of the second UE.
  • the information processing device provided in the embodiment of the present disclosure may be a second network element.
  • the second network element is an AMF.
  • An embodiment of the present disclosure provides an information processing device, including: a second processing module, configured to determine second hash information of at least one second UE based on a second identifier of at least one second UE.
  • the first network element includes one of: a TWIF, and a TNGF.
  • the first identifier includes one of: a SUPI of the first UE, a SUCI of the first UE, a GUTI of the first UE, and an index or number indicating the first UE;
  • the second identifier includes one of the following: a SUPI of the second UE, a SUCI of the second UE, a GUTI of the second UE, and an index or number indicating the second UE.
  • the key information includes at least one of the following:
  • K TWIF a first key associated with TWIF
  • a second key (K TNGF ) associated with TNGF is associated with TNGF.
  • an information processing device including:
  • the acquisition module 71 is configured to acquire first information and acquire second information; wherein the first information includes first hash information of the first identifier; the second information includes second hash information of the second identifier and key information corresponding to the second hash information; the first identifier is the identifier of the first UE; the second identifier is the identifier of the second UE;
  • a third processing module 72 is configured to determine second hash information matching the first hash information based on the first information and the second information;
  • the third processing module 72 is further configured to determine the key information of the first UE based on the second hash information.
  • the information processing device provided in the embodiment of the present disclosure may be a first network element.
  • the first network element may be a TWIF or a TNGF.
  • An embodiment of the present disclosure provides an information processing device, including: an acquisition module 71, configured to receive first information sent by a first UE.
  • An embodiment of the present disclosure provides an information processing device, including: an acquisition module 71, configured to receive second information sent by a second network element; or, the acquisition module 71, configured to acquire second information stored in a first network element.
  • the first information further includes: authentication information; the authentication information is determined based on the key information.
  • the third processing module 72 is configured to successfully verify the authentication information based on the key information and establish a connection with the first UE based on the key information; or, the third processing module 72 is configured to fail to verify the authentication information based on the key information and not establish a connection with the first UE based on the key information.
  • the key information includes at least one of the following:
  • K TWIF a first key associated with TWIF
  • a second key (K TNGF ) associated with TNGF is associated with TNGF.
  • the second network element is an AMF.
  • An embodiment of the present disclosure provides a communication device, including a processor, a transceiver, a memory, and an executable program stored in the memory and capable of being run by the processor, wherein the processor executes the information processing method provided above when running the executable program.
  • the processor may include various types of storage media, which are non-transitory computer storage media that can continue to remember information stored thereon after the communication device loses power.
  • the communication device includes: a UE or a network element, and the network element may be any one of the aforementioned first network element and the second network element.
  • the processor may be connected to the memory via a bus or the like, and is used to read an executable program stored in the memory, for example, at least one of the methods shown in FIG. 2 to FIG. 6 .
  • the present disclosure provides a computer storage medium storing an executable program; after the executable program is executed by a processor, the aforementioned information processing method can be implemented, for example, at least one of the methods shown in FIG. 2 to FIG. 6 .
  • FIG10 is a block diagram of a UE 800 according to an exemplary embodiment.
  • the UE 800 may be a mobile phone, a computer, a digital broadcast user equipment, a messaging device, a game console, a tablet device, a medical device, a fitness device, a personal digital assistant, etc.
  • UE 800 may include one or more of the following components: a processing component 802 , a memory 804 , a power component 806 , a multimedia component 808 , an audio component 810 , an input/output (I/O) interface 812 , a sensor component 814 , and a communication component 816 .
  • the processing component 802 generally controls the overall operation of the UE 800, such as operations associated with display, phone calls, data communications, camera operations, and recording operations.
  • the processing component 802 may include one or more processors 820 to execute instructions to generate all or part of the steps of the above-described method.
  • the processing component 802 may include one or more modules to facilitate interaction between the processing component 802 and other components.
  • the processing component 802 may include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.
  • the memory 804 is configured to store various types of data to support the operation of the UE 800. Examples of such data include instructions for any application or method operating on the UE 800, contact data, phone book data, messages, pictures, videos, etc.
  • the memory 804 can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as static random access memory. SRAM, electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic storage, flash memory, magnetic disk or optical disk.
  • EEPROM electrically erasable programmable read-only memory
  • EPROM erasable programmable read-only memory
  • PROM programmable read-only memory
  • ROM read-only memory
  • magnetic storage flash memory
  • flash memory magnetic disk or optical disk.
  • the power component 806 provides power to various components of the UE 800.
  • the power component 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power to the UE 800.
  • the multimedia component 808 includes a screen that provides an output interface between the UE 800 and the user.
  • the screen may include a liquid crystal display (LCD) and a touch panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from the user.
  • the touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundaries of the touch or slide action, but also detect the duration and pressure associated with the touch or slide operation.
  • the multimedia component 808 includes a front camera and/or a rear camera. When the UE 800 is in an operating mode, such as a shooting mode or a video mode, the front camera and/or the rear camera may receive external multimedia data. Each front camera and rear camera may be a fixed optical lens system or have focal length and optical zoom capabilities.
  • the audio component 810 is configured to output and/or input audio signals.
  • the audio component 810 includes a microphone (MIC), and when the UE 800 is in an operating mode, such as a call mode, a recording mode, and a speech recognition mode, the microphone is configured to receive an external audio signal.
  • the received audio signal may be further stored in the memory 804 or sent via the communication component 816.
  • the audio component 810 also includes a speaker for outputting an audio signal.
  • I/O interface 812 provides an interface between processing component 802 and peripheral interface modules, such as keyboards, click wheels, buttons, etc. These buttons may include but are not limited to: home button, volume button, start button, and lock button.
  • the sensor assembly 814 includes one or more sensors for providing various aspects of status assessment for the UE 800.
  • the sensor assembly 814 can detect the open/closed state of the device 800, the relative positioning of components, such as the display and keypad of the UE 800, the sensor assembly 814 can also detect the position change of the UE 800 or a component of the UE 800, the presence or absence of user contact with the UE 800, the UE 800 orientation or acceleration/deceleration and the temperature change of the UE 800.
  • the sensor assembly 814 can include a proximity sensor configured to detect the presence of nearby objects without any physical contact.
  • the sensor assembly 814 can also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications.
  • the sensor assembly 814 can also include an accelerometer, a gyroscope sensor, a magnetic sensor, a pressure sensor or a temperature sensor.
  • the communication component 816 is configured to facilitate wired or wireless communication between the UE 800 and other devices.
  • the UE 800 can access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof.
  • the communication component 816 receives a broadcast signal or broadcast-related information from an external broadcast management system via a broadcast channel.
  • the communication component 816 also includes a near field communication (NFC) module to facilitate short-range communication.
  • the NFC module can be implemented based on radio frequency identification (RFID) technology, infrared data association (IrDA) technology, ultra-wideband (UWB) technology, Bluetooth (BT) technology and other technologies.
  • RFID radio frequency identification
  • IrDA infrared data association
  • UWB ultra-wideband
  • Bluetooth Bluetooth
  • UE 800 may be implemented by one or more application-specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components to perform the above methods.
  • ASICs application-specific integrated circuits
  • DSPs digital signal processors
  • DSPDs digital signal processing devices
  • PLDs programmable logic devices
  • FPGAs field programmable gate arrays
  • controllers microcontrollers, microprocessors, or other electronic components to perform the above methods.
  • a non-transitory computer-readable storage medium including instructions is also provided, such as a memory 804 including instructions, and the above instructions can be executed by the processor 820 of the UE 800 to generate the above method.
  • the non-transitory computer-readable storage medium can be a ROM, a random access memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, etc.
  • an embodiment of the present disclosure shows a structure of a communication device.
  • the communication device 900 may be provided as a network side device.
  • the communication device may be various network elements such as the aforementioned access network element and/or network function.
  • the communication device may be the AMF, or the first network element or the second network element in the above embodiment.
  • the communication device 900 includes a processing component 922, which further includes one or more processors, and a memory resource represented by a memory 932 for storing instructions that can be executed by the processing component 922, such as an application.
  • the application stored in the memory 932 may include one or more modules each corresponding to a set of instructions.
  • the processing component 922 is configured to execute instructions to perform any method of the aforementioned method applied to the access device.
  • the communication device 900 may also include a power supply component 926 configured to perform power management of the communication device 900, a wired or wireless network interface 950 configured to connect the communication device 900 to a network, and an input/output (I/O) interface 958.
  • the communication device 900 may operate based on an operating system stored in the memory 932, such as Windows Server TM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, or the like.
  • each step in a certain implementation mode or embodiment can be implemented as an independent embodiment, and each step can be implemented as an independent embodiment.
  • the steps may be arbitrarily combined.
  • a solution after removing some steps in a certain implementation manner or example may also be implemented as an independent example.
  • the order of the steps in a certain implementation manner or example may be arbitrarily exchanged.
  • the optional methods or optional examples in a certain implementation manner or example may be arbitrarily combined.
  • the various implementation manners or examples may be arbitrarily combined. For example, some or all of the steps of different implementation manners or examples may be arbitrarily combined.
  • a certain implementation manner or example may be arbitrarily combined with the optional methods or optional examples of other implementation manners or examples.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Embodiments of the present disclosure provide an information processing method and apparatus, a communication device, and a storage medium. The information processing method is executed by a first UE, and comprises: sending first information to a first network element, wherein the first information comprises first hash information of a first identifier, the first hash information is used by the first network element to determine key information corresponding to the first identifier, and the first identifier is an identifier of the first UE.

Description

信息处理方法及装置、通信设备及存储介质Information processing method and device, communication equipment and storage medium 技术领域Technical Field
本公开涉及但不限于无线通信技术领域,尤其涉及一种信息处理方法及装置、通信设备及存储介质。The present disclosure relates to, but is not limited to, the field of wireless communication technology, and in particular to an information processing method and apparatus, a communication device, and a storage medium.
背景技术Background Art
随着无线通信技术不断的发展,网络中各网元可以实现越来越多的功能。目前,网络中各网元之间的交互需要考虑安全性,例如,用户设备(User Equipment,UE)与网络中其它网元之间的连接,需要考虑安全连接。With the continuous development of wireless communication technology, each network element in the network can realize more and more functions. At present, the interaction between network elements in the network needs to consider security. For example, the connection between user equipment (UE) and other network elements in the network needs to consider secure connection.
发明内容Summary of the invention
本公开实施例一种信息处理方法及装置、通信设备及存储介质。The embodiments of the present disclosure provide an information processing method and apparatus, a communication device, and a storage medium.
本公开实施例第一方面提供一种信息处理方法,由第一UE执行,包括:A first aspect of an embodiment of the present disclosure provides an information processing method, which is executed by a first UE and includes:
向第一网元发送第一信息,其中,第一信息包括第一标识的第一哈希信息;第一哈希信息用于第一网元确定与第一标识对应的密钥信息;第一标识为第一UE的标识。Send first information to the first network element, wherein the first information includes first hash information of a first identifier; the first hash information is used by the first network element to determine key information corresponding to the first identifier; the first identifier is an identifier of the first UE.
在一些实施例中,方法还包括:基于第一UE的第一标识,确定第一哈希信息。In some embodiments, the method further includes: determining first hash information based on a first identifier of the first UE.
在一些实施例中,第一信息还包括:认证信息;认证信息是基于密钥信息确定的。In some embodiments, the first information further includes: authentication information; the authentication information is determined based on the key information.
在一些实施例中,第一标识包括以下之一:In some embodiments, the first identifier includes one of the following:
第一UE的订阅用户永久标识(Subscription Permanent Identifier,SUPI);Subscription Permanent Identifier (SUPI) of the first UE;
第一UE的签约用户隐式标识(Subscription Concealed Identifier,SUCI);The Subscription Concealed Identifier (SUCI) of the first UE;
第一UE的全球唯一临时标识(Globally Unique Temporary UE Identity,GUTI);The globally unique temporary UE identity (GUTI) of the first UE;
指示第一UE的索引或编号。Indicates the index or number of the first UE.
在一些实施例中,第一网元包括以下之一:In some embodiments, the first network element includes one of the following:
可信WLAN互操作功能(Trusted WLAN Interworking Function,TWIF);Trusted WLAN Interworking Function (TWIF);
可信非3GPP网关功能(Trusted Non-3GPP Gateway Function,TNGF)。Trusted Non-3GPP Gateway Function (TNGF).
在一些实施例中,密钥信息包括以下至少之一:In some embodiments, the key information includes at least one of the following:
与TWIF关联的第一密钥(KTWIF);a first key associated with TWIF (K TWIF );
与TNGF关联的第二密钥(KTNGF)。A second key (K TNGF ) associated with TNGF.
本公开实施例第二方面提供一种信息处理方法,由第二网元执行,包括:A second aspect of the embodiment of the present disclosure provides an information processing method, which is executed by a second network element, including:
向第一网元发送第二信息,其中,第二信息包括:至少一个第二标识的第二哈希信息,以及与第二哈希信息对应的密钥信息;第二信息用于第一网元确定与第一标识对应的密钥信息;第一标识为第一UE的标识,第二标识为第二UE的标识。Send second information to the first network element, wherein the second information includes: second hash information of at least one second identifier, and key information corresponding to the second hash information; the second information is used by the first network element to determine the key information corresponding to the first identifier; the first identifier is the identifier of the first UE, and the second identifier is the identifier of the second UE.
在一些实施例中,方法包括:基于至少一个第二UE的第二标识,确定至少一个第二UE的第二哈希信息。In some embodiments, the method includes: determining second hash information of at least one second UE based on a second identifier of the at least one second UE.
在一些实施例中,第一标识包括以下之一:第一UE的SUPI、第一UE的SUCI、第一UE的GUTI、以及指示第一UE的索引或编号;In some embodiments, the first identifier includes one of: a SUPI of the first UE, a SUCI of the first UE, a GUTI of the first UE, and an index or number indicating the first UE;
和/或,第二标识包括以下之一:第二UE的SUPI、第二UE的SUCI、第二UE的GUTI、以及指示第二UE的索引或编号。And/or, the second identifier includes one of the following: a SUPI of the second UE, a SUCI of the second UE, a GUTI of the second UE, and an index or number indicating the second UE.
在一些实施例中,第一网元包括以下之一:TWIF、以及TNGF。In some embodiments, the first network element includes one of: a TWIF, and a TNGF.
在一些实施例中,密钥信息包括以下至少之一:In some embodiments, the key information includes at least one of the following:
与TWIF关联的第一密钥(KTWIF);a first key associated with TWIF (K TWIF );
与TNGF关联的第二密钥(KTNGF)。 A second key (K TNGF ) associated with TNGF.
在一些实施例中,第二网元为接入与移动性管理功能(Access and Mobility Management Function,AMF)。In some embodiments, the second network element is an access and mobility management function (AMF).
本公开实施例第三方面提供一种信息处理方法,由第一网元执行,包括:A third aspect of the embodiments of the present disclosure provides an information processing method, which is executed by a first network element and includes:
获取第一信息以及获取第二信息;其中,第一信息包括第一标识的第一哈希信息;第二信息包括第二标识的第二哈希信息及与第二哈希信息对应的密钥信息;第一标识为第一UE的标识;第二标识为第二UE的标识;Acquire the first information and acquire the second information; wherein the first information includes the first hash information of the first identifier; the second information includes the second hash information of the second identifier and the key information corresponding to the second hash information; the first identifier is the identifier of the first UE; the second identifier is the identifier of the second UE;
基于第一信息及第二信息,确定与第一哈希信息匹配的第二哈希信息;Based on the first information and the second information, determining second hash information that matches the first hash information;
基于第二哈希信息,确定第一UE的密钥信息。Based on the second hash information, key information of the first UE is determined.
在一些实施例中,获取第一信息,包括:接收第一UE发送的第一信息。In some embodiments, obtaining the first information includes: receiving the first information sent by the first UE.
在一些实施例中,获取第二信息,包括以下之一:In some embodiments, obtaining the second information includes one of the following:
接收第二网元发送的第二信息;receiving second information sent by the second network element;
获取存储在第一网元的第二信息。The second information stored in the first network element is obtained.
在一些实施例中,第一信息,还包括:认证信息;认证信息是基于密钥信息确定的。In some embodiments, the first information further includes: authentication information; the authentication information is determined based on the key information.
在一些实施例中,方法包括以下之一:In some embodiments, the method comprises one of the following:
基于密钥信息成功校验认证信息,基于密钥信息与第一UE建立连接;Successfully verifying the authentication information based on the key information, and establishing a connection with the first UE based on the key information;
基于密钥信息校验认证信息失败,不基于密钥信息与第一UE建立连接。Verifying the authentication information based on the key information fails, and not establishing a connection with the first UE based on the key information.
在一些实施例中,第一网元包括以下之一:TWIF、以及TNGF。In some embodiments, the first network element includes one of: a TWIF, and a TNGF.
在一些实施例中,密钥信息包括以下至少之一:In some embodiments, the key information includes at least one of the following:
与TWIF关联的第一密钥(KTWIF);a first key associated with TWIF (K TWIF );
与TNGF关联的第二密钥(KTNGF)。A second key (K TNGF ) associated with TNGF.
在一些实施例中,第二网元为AMF。In some embodiments, the second network element is an AMF.
本公开实施例第四方面提供一种信息处理装置,包括:A fourth aspect of the present disclosure provides an information processing device, including:
第一发送模块,被配置为向第一网元发送第一信息,其中,第一信息包括第一标识的第一哈希信息;第一哈希信息用于第一网元确定与第一标识对应的密钥信息;第一标识为第一UE的标识。The first sending module is configured to send first information to the first network element, wherein the first information includes first hash information of a first identifier; the first hash information is used by the first network element to determine key information corresponding to the first identifier; the first identifier is an identifier of the first UE.
在一些实施例中,装置还包括:第一处理模块,被配置为基于第一UE的第一标识,确定第一哈希信息。In some embodiments, the device also includes: a first processing module configured to determine first hash information based on a first identifier of the first UE.
在一些实施例中,第一信息还包括:认证信息;认证信息是基于密钥信息确定的。In some embodiments, the first information further includes: authentication information; the authentication information is determined based on the key information.
在一些实施例中,第一标识包括以下之一:第一UE的SUPI、第一UE的SUCI、第一UE的GUTI以及指示第一UE的索引或编号。In some embodiments, the first identifier includes one of the following: a SUPI of the first UE, a SUCI of the first UE, a GUTI of the first UE, and an index or number indicating the first UE.
在一些实施例中,第一网元包括以下之一:TWIF、以及TNGF。In some embodiments, the first network element includes one of: a TWIF, and a TNGF.
在一些实施例中,密钥信息包括以下至少之一:In some embodiments, the key information includes at least one of the following:
与TWIF关联的第一密钥(KTWIF);a first key associated with TWIF (K TWIF );
与TNGF关联的第二密钥(KTNGF)。A second key (K TNGF ) associated with TNGF.
本公开实施例第五方面提供一种信息处理装置,包括:A fifth aspect of the present disclosure provides an information processing device, including:
第二发送模块,被配置为向第一网元发送第二信息,其中,第二信息包括:至少一个第二标识的第二哈希信息,以及与第二哈希信息对应的密钥信息;第二信息用于第一网元确定与第一标识对应的密钥信息;第一标识为第一UE的标识,第二标识为第二UE的标识。The second sending module is configured to send second information to the first network element, wherein the second information includes: second hash information of at least one second identifier, and key information corresponding to the second hash information; the second information is used by the first network element to determine the key information corresponding to the first identifier; the first identifier is the identifier of the first UE, and the second identifier is the identifier of the second UE.
在一些实施例中,装置包括:第二处理模块,被配置为基于至少一个第二UE的第二标识,确定至少一个第二UE的第二哈希信息。In some embodiments, the apparatus includes: a second processing module configured to determine second hash information of at least one second UE based on a second identifier of at least one second UE.
在一些实施例中,第一网元包括以下之一:TWIF、以及TNGF。In some embodiments, the first network element includes one of: a TWIF, and a TNGF.
在一些实施例中,第一标识包括以下之一:第一UE的SUPI、第一UE的SUCI、第一UE的GUTI、以及指示第一UE的索引或编号;In some embodiments, the first identifier includes one of: a SUPI of the first UE, a SUCI of the first UE, a GUTI of the first UE, and an index or number indicating the first UE;
和/或,第二标识包括以下之一:第二UE的SUPI、第二UE的SUCI、第二UE的GUTI、以及指示第二UE的索引或编号。And/or, the second identifier includes one of the following: a SUPI of the second UE, a SUCI of the second UE, a GUTI of the second UE, and an index or number indicating the second UE.
在一些实施例中,密钥信息包括以下至少之一:In some embodiments, the key information includes at least one of the following:
与TWIF关联的第一密钥(KTWIF);a first key associated with TWIF (K TWIF );
与TNGF关联的第二密钥(KTNGF)。A second key (K TNGF ) associated with TNGF.
在一些实施例中,第二网元为AMF。In some embodiments, the second network element is an AMF.
本公开实施例第六方面提供一种信息处理装置,包括:A sixth aspect of the present disclosure provides an information processing device, including:
获取模块,被配置为获取第一信息以及获取第二信息;其中,第一信息包括第一标识的第一哈希信息;第二信息包括第二标识的第二哈希信息及与第二哈希信息对应的密钥信息;第一标识为第 一UE的标识;第二标识为第二UE的标识;The acquisition module is configured to acquire first information and acquire second information; wherein the first information includes first hash information of the first identifier; the second information includes second hash information of the second identifier and key information corresponding to the second hash information; the first identifier is the first The first UE identifier; the second identifier is the identifier of the second UE;
第三处理模块,被配置为基于第一信息及第二信息,确定与第一哈希信息匹配的第二哈希信息;A third processing module is configured to determine second hash information matching the first hash information based on the first information and the second information;
第三处理模块,还被配置为基于第二哈希信息,确定第一UE的密钥信息。The third processing module is also configured to determine the key information of the first UE based on the second hash information.
在一些实施例中,获取模块,被配置为接收第一UE发送的第一信息。In some embodiments, the acquisition module is configured to receive first information sent by the first UE.
在一些实施例中,获取模块,配置为接收第二网元发送的第二信息;或者,获取模块,被配置为获取存储在第一网元的第二信息。In some embodiments, the acquisition module is configured to receive the second information sent by the second network element; or, the acquisition module is configured to acquire the second information stored in the first network element.
在一些实施例中,第一信息,还包括:认证信息;认证信息是基于密钥信息确定的。In some embodiments, the first information further includes: authentication information; the authentication information is determined based on the key information.
在一些实施例中,第三处理模块,被配置为基于密钥信息成功校验认证信息,基于密钥信息与第一UE建立连接;或者,第三处理模块,被配置为基于密钥信息校验认证信息失败,不基于密钥信息与第一UE建立连接。In some embodiments, the third processing module is configured to successfully verify the authentication information based on the key information and establish a connection with the first UE based on the key information; or, the third processing module is configured to fail to verify the authentication information based on the key information and not establish a connection with the first UE based on the key information.
在一些实施例中,第一网元包括以下之一:TWIF、以及TNGF。In some embodiments, the first network element includes one of: a TWIF, and a TNGF.
在一些实施例中,密钥信息包括以下至少之一:In some embodiments, the key information includes at least one of the following:
与TWIF关联的第一密钥(KTWIF);a first key associated with TWIF (K TWIF );
与TNGF关联的第二密钥(KTNGF)。A second key (K TNGF ) associated with TNGF.
在一些实施例中,第二网元为AMF。In some embodiments, the second network element is an AMF.
本公开实施例第七方面提供一种信息处理系统,包括:第一UE、第一网元以及第二网元;其中,A seventh aspect of the embodiments of the present disclosure provides an information processing system, including: a first UE, a first network element, and a second network element; wherein:
第一UE,被配置为向第一网元发送第一信息,其中,第一信息包括第一标识的第一哈希信息;第一标识为第一UE的标识;A first UE is configured to send first information to a first network element, wherein the first information includes first hash information of a first identifier; the first identifier is an identifier of the first UE;
第二网元,被配置为向第一网元发送第二信息,其中,第二信息包括:至少一个第二标识的第二哈希信息,以及与第二哈希信息对应的密钥信息;第二标识为第二UE的标识;The second network element is configured to send second information to the first network element, wherein the second information includes: second hash information of at least one second identifier, and key information corresponding to the second hash information; the second identifier is an identifier of the second UE;
第一网元,被配置为基于第一信息及第二信息,确定与第一哈希信息匹配的第二哈希信息;并基于第二哈希信息,确定第一UE的密钥信息。The first network element is configured to determine second hash information matching the first hash information based on the first information and the second information; and determine key information of the first UE based on the second hash information.
本公开实施例第八方面提供一种通信设备,包括处理器、收发器、存储器及存储在存储器上并能够有处理器运行的可执行程序,其中,处理器运行可执行程序时执行如前述第一方面或第二方面或第三方面提供的信息处理方法。An eighth aspect of an embodiment of the present disclosure provides a communication device, comprising a processor, a transceiver, a memory, and an executable program stored in the memory and capable of being run by the processor, wherein the processor executes the information processing method provided in the first aspect, the second aspect, or the third aspect when running the executable program.
本公开实施例第九方面提供一种计算机存储介质,计算机存储介质存储有可执行程序;可执行程序被处理器执行后,能够实现前述的第一方面或第二方面或第三方面提供的信息处理方法。A ninth aspect of the embodiments of the present disclosure provides a computer storage medium storing an executable program. After the executable program is executed by a processor, the information processing method provided in the first, second or third aspect can be implemented.
本公开实施例提供的技术方案可以包括以下有益效果:The technical solution provided by the embodiments of the present disclosure may have the following beneficial effects:
在本公开实施例中,通过第一UE向第一网元发送第一信息,其中,第一信息包括第一标识的第一哈希信息,第一哈希信息用于第一网元确定与第一UE的第一标识对应的密钥信息;如此可以使得第一网元能够基于该第一标识的第一哈希信息,准确确定出第一UE的密钥信息,从而有利于第一UE与第一网元之间的安全连接。In an embodiment of the present disclosure, a first information is sent to a first network element by a first UE, wherein the first information includes first hash information of a first identifier, and the first hash information is used by the first network element to determine key information corresponding to the first identifier of the first UE; in this way, the first network element can accurately determine the key information of the first UE based on the first hash information of the first identifier, thereby facilitating a secure connection between the first UE and the first network element.
本公开实施例提供的技术方案,应当理解的是,以上的一般描述和后文的细节描述仅是示例性和解释性的,并不能限制本公开实施例。The technical solutions provided by the embodiments of the present disclosure should be understood that the above general description and the following detailed description are merely exemplary and explanatory and cannot limit the embodiments of the present disclosure.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
此处的附图被并入说明书中并构成本说明书的一部分,示出了符合本发明实施例,并与说明书一起用于解释本发明实施例的原理。The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present invention and, together with the description, serve to explain the principles of the embodiments of the present invention.
图1是根据一示例性实施例示出的一种无线通信系统的结构示意图;FIG1 is a schematic structural diagram of a wireless communication system according to an exemplary embodiment;
图2是根据一示例性实施例示出的一种信息处理方法的流程示意图。Fig. 2 is a schematic flow chart of an information processing method according to an exemplary embodiment.
图3是根据一示例性实施例示出的一种信息处理方法的流程示意图。Fig. 3 is a schematic flow chart of an information processing method according to an exemplary embodiment.
图4是根据一示例性实施例示出的一种信息处理方法的流程示意图。Fig. 4 is a schematic flow chart of an information processing method according to an exemplary embodiment.
图5是根据一示例性实施例示出的一种信息处理方法的流程示意图。Fig. 5 is a schematic flow chart of an information processing method according to an exemplary embodiment.
图6是根据一示例性实施例示出的一种信息处理方法的流程示意图。Fig. 6 is a schematic flow chart of an information processing method according to an exemplary embodiment.
图7是根据一示例性实施例示出的一种信息处理装置的结构示意图。Fig. 7 is a schematic diagram showing the structure of an information processing device according to an exemplary embodiment.
图8是根据一示例性实施例示出的一种信息处理装置的结构示意图。Fig. 8 is a schematic diagram showing the structure of an information processing device according to an exemplary embodiment.
图9是根据一示例性实施例示出的一种信息处理装置的结构示意图。Fig. 9 is a schematic diagram showing the structure of an information processing device according to an exemplary embodiment.
图10是根据一示例性实施例示出的一种UE的结构示意图;FIG10 is a schematic diagram showing the structure of a UE according to an exemplary embodiment;
图11是根据一示例性实施例示出的一种通信设备的结构示意图。 Fig. 11 is a schematic structural diagram of a communication device according to an exemplary embodiment.
具体实施方式DETAILED DESCRIPTION
这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本发明实施例相一致的所有实施方式。相反,它们仅是本发明实施例的一些方面相一致的装置和方法的例子。Here, exemplary embodiments will be described in detail, examples of which are shown in the accompanying drawings. When the following description refers to the drawings, unless otherwise indicated, the same numbers in different drawings represent the same or similar elements. The implementations described in the following exemplary embodiments do not represent all implementations consistent with the embodiments of the present invention. Instead, they are only examples of devices and methods consistent with some aspects of the embodiments of the present invention.
在本公开实施例使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本公开实施例。本公开实施例中的单数表达形式“一个”、“一种”、“该”、“上述”、“前述”、“这一”等也包括复数表达形式,除非其上下文中有明确相反指示。还应当理解,本文中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。本公开实施例中,“多个”是指两个或两个以上。本公开实施例中的“第一”、“第二”等前缀词,仅仅为了区分不同的描述对象,不对描述对象的位置、顺序、优先级、数量或者内容等构成限制,对描述对象的陈述参见权利要求或实施例中上下文的描述,不应因为使用前缀数词而构成多余的限制。例如,用“第一”、“第二”、“第三”等来描述各种信息,但这些信息不应限于这些术语。这些术语仅用来将同一类型的信息彼此区分开。例如,在不脱离本公开实施例范围的情况下,第一信息也可以被称为第二信息,类似地,第二信息也可以被称为第一信息。取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”。在一些实施例中,信息等的名称不限定于实施例中所记载的名称,“信息”、“消息”、“信令”、“报告”、“指示”、“配置(configuration)”、“数据”等术语可相互替换。The terms used in the embodiments of the present disclosure are only for the purpose of describing specific embodiments, and are not intended to limit the embodiments of the present disclosure. The singular expressions "one", "a kind of", "the", "above", "aforementioned", "this", etc. in the embodiments of the present disclosure also include plural expressions, unless there is a clear contrary indication in the context. It should also be understood that the term "and/or" used in this article refers to and includes any or all possible combinations of one or more associated listed items. In the embodiments of the present disclosure, "multiple" refers to two or more. The prefixes such as "first" and "second" in the embodiments of the present disclosure are only used to distinguish different description objects, and do not limit the position, order, priority, quantity or content of the description objects. The description of the description object is described in the context of the claims or embodiments, and should not be redundant due to the use of prefix numerals. For example, "first", "second", "third", etc. are used to describe various information, but these information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other. For example, without departing from the scope of the embodiments of the present disclosure, the first information may also be referred to as the second information, and similarly, the second information may also be referred to as the first information. Depending on the context, the word "if" as used herein may be interpreted as "at the time of" or "when" or "in response to determining". In some embodiments, the names of information and the like are not limited to the names described in the embodiments, and the terms "information", "message", "signaling", "report", "instruction", "configuration", "data" and the like may be interchangeable.
在本公开的一些实施例中,“获取”、“获得”、“得到”、“接收”、“传输(发送和/或接收)”相互替换,其可解释为从其他主体接收,从协议中获取,自身处理得到等多种含义。In some embodiments of the present disclosure, "obtain", "obtain", "get", "receive", and "transmit (send and/or receive)" are interchangeable, which can be interpreted as receiving from other entities, obtaining from a protocol, obtaining by self-processing, and other meanings.
在本公开的一些实施例中,“发送”、“上报”、“下发”、“传输(发送和/或接收)”可相互替换。In some embodiments of the present disclosure, "send", "report", "send", and "transmit (send and/or receive)" can be replaced with each other.
请参考图1,其示出了本公开实施例提供的一种无线通信系统的结构示意图。如图1所示,无线通信系统是基于蜂窝移动通信技术的通信系统,该无线通信系统可以包括:若干个UE 11以及若干个接入设备12。Please refer to Figure 1, which shows a schematic diagram of the structure of a wireless communication system provided by an embodiment of the present disclosure. As shown in Figure 1, the wireless communication system is a communication system based on cellular mobile communication technology, and the wireless communication system may include: a plurality of UEs 11 and a plurality of access devices 12.
其中,UE 11可以是指向用户提供语音和/或数据连通性的设备。UE 11可以经无线接入网(Radio Access Network,RAN)与一个或多个核心网进行通信,UE 11可以是物联网UE,如传感器设备、移动电话(或称为“蜂窝”电话)和具有物联网UE的计算机,例如,可以是固定式、便携式、袖珍式、手持式、计算机内置的或者车载的装置。例如,站(Station,STA)、订户单元(subscriber unit)、订户站(subscriber station)、移动站(mobile station)、移动台(mobile)、远程站(remote station)、接入点、远程终端(remote terminal)、接入终端(access terminal)、用户终端(user terminal)、用户代理(user agent)、或用户设备(user equipment,UE)。或者,UE 11也可以是无人飞行器的设备。或者,UE 11也可以是车载设备,比如,可以是具有无线通信功能的行车电脑,或者是外接行车电脑的无线通信设备。或者,UE 11也可以是路边设备,比如,可以是具有无线通信功能的路灯、信号灯或者其它路边设备等。Among them, UE 11 can be a device that provides voice and/or data connectivity to users. UE 11 can communicate with one or more core networks via a radio access network (RAN). UE 11 can be an Internet of Things UE, such as a sensor device, a mobile phone (or a "cellular" phone), and a computer with an Internet of Things UE, for example, a fixed, portable, pocket-sized, handheld, computer-built-in, or vehicle-mounted device. For example, a station (STA), a subscriber unit, a subscriber station, a mobile station, a mobile station, a mobile station, a remote station, an access point, a remote terminal, an access terminal, a user terminal, a user agent, or a user equipment (UE). Alternatively, UE 11 can also be a device of an unmanned aerial vehicle. Alternatively, UE 11 can also be a vehicle-mounted device, for example, a driving computer with wireless communication function, or a wireless communication device connected to an external driving computer. Alternatively, UE 11 may also be a roadside device, for example, a street lamp, traffic light or other roadside device with wireless communication function.
接入设备12可以是无线通信系统中的网络侧设备。其中,该无线通信系统可以是第四代移动通信技术(the 4th generation mobile communication,4G)系统,又称长期演进(Long Term Evolution,LTE)系统;或者,该无线通信系统也可以是5G系统,又称新空口(new radio,NR)系统或5G NR系统。或者,该无线通信系统也可以是5G系统的再下一代系统。其中,5G系统中的接入网可以称为新一代无线接入网(New Generation-Radio Access Network,NG-RAN)。或者,MTC系统。The access device 12 may be a network side device in a wireless communication system. The wireless communication system may be a 4th generation mobile communication technology (4G) system, also known as a long term evolution (LTE) system; or, the wireless communication system may be a 5G system, also known as a new radio (NR) system or a 5G NR system. Alternatively, the wireless communication system may be a next generation system of the 5G system. The access network in the 5G system may be called a new generation-radio access network (NG-RAN). Alternatively, an MTC system.
其中,接入设备12可以是4G系统中采用的演进型接入设备(eNB)。或者,接入设备12也可以是5G系统中采用集中分布式架构的接入设备(gNB)。当接入设备12采用集中分布式架构时,通常包括集中单元(central unit,CU)和至少两个分布单元(distributed unit,DU)。集中单元中设置有分组数据汇聚协议(Packet Data Convergence Protocol,PDCP)层、无线链路层控制协议(Radio Link Control,RLC)层、媒体访问控制(Media Access Control,MAC)层的协议栈;分布单元中设置有物理(Physical,PHY)层协议栈,本公开实施例对接入设备12的具体实现方式不加以限定。Among them, the access device 12 can be an evolved access device (eNB) adopted in a 4G system. Alternatively, the access device 12 can also be an access device (gNB) adopting a centralized distributed architecture in a 5G system. When the access device 12 adopts a centralized distributed architecture, it usually includes a centralized unit (central unit, CU) and at least two distributed units (distributed units, DU). The centralized unit is provided with a packet data convergence protocol (Packet Data Convergence Protocol, PDCP) layer, a radio link layer control protocol (Radio Link Control, RLC) layer, and a media access control (Media Access Control, MAC) layer protocol stack; the distributed unit is provided with a physical (Physical, PHY) layer protocol stack. The embodiment of the present disclosure does not limit the specific implementation method of the access device 12.
接入设备12和UE 11之间可以通过无线空口建立无线连接。在不同的实施方式中,该无线空口是基于第四代移动通信网络技术(4G)标准的无线空口;或者,该无线空口是基于第五代移动通信网络技术(5G)标准的无线空口,比如该无线空口是新空口;或者,该无线空口也可以是基于5G的更下一代移动通信网络技术标准的无线空口。A wireless connection can be established between the access device 12 and the UE 11 through a wireless air interface. In different implementations, the wireless air interface is a wireless air interface based on the fourth generation mobile communication network technology (4G) standard; or, the wireless air interface is a wireless air interface based on the fifth generation mobile communication network technology (5G) standard, for example, the wireless air interface is a new air interface; or, the wireless air interface can also be a wireless air interface based on the next generation mobile communication network technology standard of 5G.
在一些实施例中,在非3GPP接入场景中,为了支持特定UE与可信WLAN互操作功能(TWIF) 或者,为了支持特定UE与可信非3GPP网关功能(TNGF)之间的安全连接,AMF需要向TWIF或者TNGF发送密钥信息(KTWIF或者KTNGF)。然而,TWIF或者TNGF存储属于多个UE的密钥信息。在非公共网络(Non Public Network,NPN)场景中,如果UE向TWIF或者TNGF发送匿名标识,则TWIF/TNGF不能识别属于特定UE的密钥信息(KTWIF或者KTNGF)。In some embodiments, in non-3GPP access scenarios, in order to support specific UEs and the Trusted WLAN Interoperability Function (TWIF), Alternatively, in order to support a secure connection between a specific UE and a trusted non-3GPP gateway function (TNGF), the AMF needs to send key information (K TWIF or K TNGF ) to the TWIF or TNGF. However, the TWIF or TNGF stores key information belonging to multiple UEs. In a non-public network (NPN) scenario, if the UE sends an anonymous identifier to the TWIF or TNGF, the TWIF/TNGF cannot identify the key information (K TWIF or K TNGF ) belonging to a specific UE.
本公开实施例提供一种信息处理方法,由第一UE执行,包括:向第一网元发送第一哈希信息。An embodiment of the present disclosure provides an information processing method, which is executed by a first UE and includes: sending first hash information to a first network element.
本公开实施例提供一种信息处理方法,由第一UE执行,包括:向第一网元发送第一信息,第一信息包括第一哈希信息。An embodiment of the present disclosure provides an information processing method, which is executed by a first UE and includes: sending first information to a first network element, where the first information includes first hash information.
如图2所示,本公开实施例提供一种信息处理方法,由第一UE执行,包括:As shown in FIG. 2 , an embodiment of the present disclosure provides an information processing method, which is executed by a first UE and includes:
步骤S21:向第一网元发送第一信息,其中,第一信息包括第一标识的第一哈希信息;第一哈希信息用于第一网元确定与第一标识对应的密钥信息;第一标识为第一UE的标识。Step S21: Send first information to the first network element, wherein the first information includes first hash information of a first identifier; the first hash information is used by the first network element to determine key information corresponding to the first identifier; the first identifier is an identifier of the first UE.
示例性的,第一网元确定与第一标识对应的密钥信息,即第一网元确定第一UE的密钥信息。Exemplarily, the first network element determines the key information corresponding to the first identifier, that is, the first network element determines the key information of the first UE.
本公开实施例涉及的第一UE以及以下实施例涉及的第二UE可以是但不限于是各种移动终端或者固定终端。例如,第一UE和第二UE均可以是以下至少之一:手机、计算机、服务器、可穿戴设备、游戏控制平台或多媒体设备等。又如,第一UE和第二UE均可以是以下至少之一:固定式、便携式、袖珍式、手持式、计算机内置的或者车载的装置。再如,第一UE和第二UE均可以是可以至少之一:无人飞行器的设备、车载设备、物联网设备、无线通信功能的路灯、信号灯或者其它路边设备、以及无线通信功能的行车电脑或者是外接行车电脑的无线通信设备。The first UE involved in the embodiment of the present disclosure and the second UE involved in the following embodiments may be, but are not limited to, various mobile terminals or fixed terminals. For example, the first UE and the second UE may be at least one of the following: a mobile phone, a computer, a server, a wearable device, a game control platform or a multimedia device, etc. For another example, the first UE and the second UE may be at least one of the following: a fixed, portable, pocket-sized, handheld, computer-built-in or vehicle-mounted device. For another example, the first UE and the second UE may be at least one of the following: an unmanned aerial vehicle device, a vehicle-mounted device, an Internet of Things device, a street lamp, a signal lamp or other roadside device with a wireless communication function, and a driving computer with a wireless communication function or a wireless communication device external to the driving computer.
本公开实施例涉及的第一网元以下是实施例涉及的第二网元均可以是但不限于是网络中灵活部署的逻辑节点或者功能。例如,第一网元可以为接入网或者核心网中灵活部署的逻辑节点或者功能。示例性的,第一网元可以是TWIF和/或TNGF。示例性的,第一网元也可以是基站或者具备基站部分功能的网元或者具备网元功能的网元等;该基站可以是以下至少之一:3G基站、4G基站、5G基站及其它演进型基站。第二网元可以是核心网中灵活部署的逻辑节点或者功能。示例性的,第二网元可以是AMF。示例性的,第二网元可以为统一数据管理(Unified Data Management,UDM),或者统一数据库(User Data Repository,UDR)。The first network element involved in the embodiments of the present disclosure and the second network element involved in the embodiments below may be, but are not limited to, logical nodes or functions flexibly deployed in the network. For example, the first network element may be a logical node or function flexibly deployed in an access network or a core network. Exemplarily, the first network element may be a TWIF and/or a TNGF. Exemplarily, the first network element may also be a base station or a network element having some functions of a base station or a network element having network element functions, etc.; the base station may be at least one of the following: a 3G base station, a 4G base station, a 5G base station and other evolved base stations. The second network element may be a logical node or function flexibly deployed in the core network. Exemplarily, the second network element may be an AMF. Exemplarily, the second network element may be a unified data management (UDM) or a unified database (User Data Repository, UDR).
在一些实施例中,第一标识包括以下之一:第一UE的SUPI、第一UE的SUCI、第一UE的GUTI以及指示第一UE的索引或编号。该指示第一UE的索引或者编号可以是任意索引或者编号,例如可以是一个或多个比特的字符串,只需该第一UE的索引或者编号可以用于标识该第一UE即可。如此,提供了第一UE的多种标识方式,实现灵活地为第一UE确定第一标识。In some embodiments, the first identifier includes one of the following: a SUPI of the first UE, a SUCI of the first UE, a GUTI of the first UE, and an index or number indicating the first UE. The index or number indicating the first UE may be any index or number, for example, a string of one or more bits, as long as the index or number of the first UE can be used to identify the first UE. In this way, multiple identification methods of the first UE are provided, so that the first identifier can be flexibly determined for the first UE.
在一些实施例中,第一哈希信息至少包括第一哈希值。该第一哈希值可以是基于任意一种哈希算法对第一标识进行运算得到的哈希值。示例性的,第一哈希值可以是一个比特的字符或者多个比特的字符串。In some embodiments, the first hash information includes at least a first hash value. The first hash value may be a hash value obtained by operating the first identifier based on any hash algorithm. Exemplarily, the first hash value may be a one-bit character or a multi-bit string.
在一些实施例中,密钥信息包括以下至少之一:与TWIF关联的第一密钥以及与TNGF关联的第二密钥。示例性的,第一密钥为KTWIF。示例性的,第二密钥为KTNGFIn some embodiments, the key information includes at least one of the following: a first key associated with TWIF and a second key associated with TNGF. Exemplarily, the first key is K TWIF . Exemplarily, the second key is K TNGF .
示例性的,第一UE向TWIF发送第一信息,第一信息包括第一标识的第一哈希值;第一哈希值用于TWIF确定与第一标识对应的KTWIFExemplarily, the first UE sends first information to the TWIF, where the first information includes a first hash value of the first identifier; the first hash value is used by the TWIF to determine K TWIF corresponding to the first identifier.
示例性的,第一UE向TNGF发送第一信息,第一信息包括第一标识的第一哈希值;第一哈希值用于TNGF确定与第一标识对应的KTNGFExemplarily, the first UE sends first information to the TNGF, where the first information includes a first hash value of the first identifier; the first hash value is used by the TNGF to determine K TNGF corresponding to the first identifier.
在一些实施例中,密钥信息也可以是基于任意一种加解密算法确定的密钥信息;只需第一UE与第二网元具备相同的加解密算法即可。In some embodiments, the key information may also be key information determined based on any encryption and decryption algorithm; it is sufficient that the first UE and the second network element have the same encryption and decryption algorithm.
在本公开实施例中,通过第一UE向第一网元发送第一信息,其中,第一信息包括第一标识的第一哈希信息,第一哈希信息用于第一网元确定与第一UE的第一标识对应的密钥信息;如此可以使得第一网元能够基于该第一标识的第一哈希信息,准确确定出第一UE的密钥信息,从而有利于第一UE与第一网元之间的安全连接。In an embodiment of the present disclosure, a first information is sent to a first network element by a first UE, wherein the first information includes first hash information of a first identifier, and the first hash information is used by the first network element to determine key information corresponding to the first identifier of the first UE; in this way, the first network element can accurately determine the key information of the first UE based on the first hash information of the first identifier, thereby facilitating a secure connection between the first UE and the first network element.
并且,对于不同的第一网元,可以获取不同的密钥信息;例如,对于TWIF,可以获取第一密钥,又如,对于TNGF,可以获取第二密钥;如此可以有利于实现UE对于不同的第一网元分别建立安全连接。Moreover, different key information can be obtained for different first network elements; for example, for TWIF, the first key can be obtained, and for TNGF, the second key can be obtained; this can help the UE to establish secure connections for different first network elements respectively.
本公开实施例提供一种信息处理方法,由第一UE执行,包括:基于第一UE的第一标识,确定第一哈希信息。示例性的,第一哈希信息至少包括第一哈希值。示例性的,第一UE对第一UE的第一标识进行哈希运算,以获得与第一标识对应的第一哈希信息。如此,可以准确确定出第一标识对应的第一哈希信息。 The present disclosure embodiment provides an information processing method, which is executed by a first UE, including: determining first hash information based on a first identifier of the first UE. Exemplarily, the first hash information includes at least a first hash value. Exemplarily, the first UE performs a hash operation on the first identifier of the first UE to obtain first hash information corresponding to the first identifier. In this way, the first hash information corresponding to the first identifier can be accurately determined.
在一些实施例中,第一信息还包括:认证信息;认证信息是基于密钥信息确定的。In some embodiments, the first information further includes: authentication information; the authentication information is determined based on the key information.
本公开实施例提供一种信息处理方法,由第一UE执行,包括:基于密钥信息,确定认证信息。An embodiment of the present disclosure provides an information processing method, which is executed by a first UE and includes: determining authentication information based on key information.
示例性的,认证信息用于对密钥信息进行完整性保护。例如,若密钥信息成功校验认证信息,确定该密钥信息未被篡改;或者,若密钥信息校验认证信息失败,确定该密钥信息不完整或者已被篡改。Exemplarily, the authentication information is used to protect the integrity of the key information. For example, if the key information successfully verifies the authentication information, it is determined that the key information has not been tampered with; or if the key information fails to verify the authentication information, it is determined that the key information is incomplete or has been tampered with.
示例性的,认证信息可以为密钥交换认证载荷(AUTH payload)。Exemplarily, the authentication information may be a key exchange authentication payload (AUTH payload).
如此,在本公开实施例中,第一UE还可以向第一网元发送认证信息,以有利于第一网元可以对密钥信息进行认证,从而有利于第一网元确定出该密钥信息是否为被篡改或者是否为完整的密钥信息。Thus, in the disclosed embodiment, the first UE may also send authentication information to the first network element, so that the first network element can authenticate the key information, thereby facilitating the first network element to determine whether the key information has been tampered with or whether it is complete key information.
在一些实施例中,认证信息也可以不被携带在第一信息中发送,或者认证信息与第一哈希信息分别单独发送。例如,第一UE向第一网元发送第一信息,第一信息中携带第一哈希信息;第一UE向第一网元发送认证信息。又如,第一UE分别向第一网元发送第一哈希信息及认证信息。In some embodiments, the authentication information may not be carried in the first information, or the authentication information and the first hash information may be sent separately. For example, the first UE sends the first information to the first network element, and the first information carries the first hash information; the first UE sends the authentication information to the first network element. For another example, the first UE sends the first hash information and the authentication information to the first network element respectively.
需要说明的是,本领域内技术人员可以理解,本公开实施例提供的方法,可以被单独执行,也可以与本公开实施例中一些方法或相关技术中的一些方法一起被执行。It should be noted that those skilled in the art can understand that the method provided in the embodiments of the present disclosure can be executed alone or together with some methods in the embodiments of the present disclosure or some methods in related technologies.
以下一种信息处理方法,是第二网元执行,与上述由第一UE执行的信息处理方法的描述是类似的;且对于由第二网元执行的信息处理方法实施例中未披露的技术细节,请参照由第一UE执行的信息处理方法示例的描述,在此不做详细描述说明。The following information processing method is executed by the second network element, which is similar to the description of the information processing method executed by the first UE mentioned above; and for technical details not disclosed in the embodiment of the information processing method executed by the second network element, please refer to the description of the example of the information processing method executed by the first UE, and no detailed description is given here.
本公开实施例提供一种信息处理方法,由第二网元执行,包括:向第一网元发送至少一个第二标识的第二哈希信息以及与第二哈希信息对应的密钥信息。An embodiment of the present disclosure provides an information processing method, which is executed by a second network element, and includes: sending second hash information of at least one second identifier and key information corresponding to the second hash information to a first network element.
本公开实施例提供一种信息处理方法,由第二网元执行,包括:向第一网元发送第二信息;第二信息包括至少一个第二标识的第二哈希信息以及与第二哈希信息对应的密钥信息。示例性的,一个第二UE对应一个第二标识。示例性的,一个第二标识对应一个第二哈希信息。The embodiment of the present disclosure provides an information processing method, which is executed by a second network element, including: sending second information to a first network element; the second information includes second hash information of at least one second identifier and key information corresponding to the second hash information. Exemplarily, one second UE corresponds to one second identifier. Exemplarily, one second identifier corresponds to one second hash information.
如图3所示,本公开实施例提供一种信息处理方法,由第二网元执行,包括:As shown in FIG3 , an embodiment of the present disclosure provides an information processing method, which is executed by a second network element and includes:
步骤S31:向第一网元发送第二信息,其中,第二信息包括:至少一个第二标识的第二哈希信息,以及与第二哈希信息对应的密钥信息;第二信息用于第一网元确定与第一标识对应的密钥信息;第一标识为第一UE的标识,第二标识为第二UE的标识。Step S31: Send second information to the first network element, wherein the second information includes: second hash information of at least one second identifier, and key information corresponding to the second hash information; the second information is used by the first network element to determine the key information corresponding to the first identifier; the first identifier is the identifier of the first UE, and the second identifier is the identifier of the second UE.
在本公开的一些实施例中,第一UE和第二UE分别可以为上述实施例中第一UE和第二UE;第一网元和第二网元分别可以为上述实施例中第一网元和第二网元;密钥信息可以为上述实施例中密钥信息。示例性的,第一网元可以是TWIF和/或TNGF。示例性的,第二网元可以是AMF。密钥信息可以是第一密钥和/或第二密钥。示例性的,第一密钥可以是KTWIF。示例性的,第二密钥可以是KTNGFIn some embodiments of the present disclosure, the first UE and the second UE may be the first UE and the second UE in the above-mentioned embodiment, respectively; the first network element and the second network element may be the first network element and the second network element in the above-mentioned embodiment, respectively; and the key information may be the key information in the above-mentioned embodiment. Exemplarily, the first network element may be TWIF and/or TNGF. Exemplarily, the second network element may be AMF. The key information may be the first key and/or the second key. Exemplarily, the first key may be K TWIF . Exemplarily, the second key may be K TNGF .
在本公开的一些实施例中,第一标识可以为上述实施例中第一标识。示例性的,第一标识包括以下之一:第一UE的SUPI、第一UE的SUCI、第一UE的GUTI以及指示第一UE的索引或编号。In some embodiments of the present disclosure, the first identifier may be the first identifier in the above embodiment. Exemplarily, the first identifier includes one of the following: a SUPI of the first UE, a SUCI of the first UE, a GUTI of the first UE, and an index or number indicating the first UE.
在一些实施例中,第二标识包括以下之一:第二UE的SUPI、第二UE的SUCI、第二UE的GUTI以及指示第二UE的索引或编号。该指示第二UE的索引或者编号可以是任意索引或者编号,例如可以是一个或多个比特的字符串,只需该第二UE的索引或者编号可以用于标识该第二UE即可。如此,提供了第二UE的多种标识方式,实现灵活地为第二UE确定第二标识。In some embodiments, the second identifier includes one of the following: a SUPI of the second UE, a SUCI of the second UE, a GUTI of the second UE, and an index or number indicating the second UE. The index or number indicating the second UE may be any index or number, for example, a string of one or more bits, as long as the index or number of the second UE can be used to identify the second UE. In this way, multiple identification methods of the second UE are provided, so that the second identifier can be flexibly determined for the second UE.
在一些实施例中,第二哈希信息至少包括第二哈希值。该第二哈希值可以是基于任意一种哈希算法对第二标识进行运算得到的哈希值。示例性的,第二哈希值是一个比特的字符或者多个比特的字符串。In some embodiments, the second hash information includes at least a second hash value. The second hash value may be a hash value obtained by operating the second identifier based on any hash algorithm. Exemplarily, the second hash value is a one-bit character or a multi-bit string.
在一些实施例中,第二UE包括第一UE。In some embodiments, the second UE includes the first UE.
在一些实施例中,第二UE不包括第一UE。In some embodiments, the second UE does not include the first UE.
在本公开实施例中,第二网元可以向第一网元发送第二信息,第二信息包括至少一个第二标识的第二哈希信息以及与第二哈希信息对应的密钥信息;如此可以使得第一网元获取到多个UE的哈希信息及对应的密钥信息,从而有利于第一网元识别出第一UE的第一标识对应的密钥信息。In an embodiment of the present disclosure, the second network element can send second information to the first network element, and the second information includes second hash information of at least one second identifier and key information corresponding to the second hash information; in this way, the first network element can obtain hash information and corresponding key information of multiple UEs, which is conducive to the first network element identifying the key information corresponding to the first identifier of the first UE.
本公开实施例提供一种信息处理方法,由第二网元执行,包括:基于至少一个第二UE的第二标识,确定至少一个第二UE的第二哈希信息。示例性的,一个第二UE的第二标识,对应一个第二哈希信息。The embodiment of the present disclosure provides an information processing method, which is executed by a second network element, and includes: determining second hash information of at least one second UE based on a second identifier of at least one second UE. Exemplarily, a second identifier of a second UE corresponds to a second hash information.
示例性的,第二网元对第二UE的第二标识进行哈希运算,以获得与第二标识对应的第二哈希信息。如此,第二网元可以准确确定出第二标识对应的第二哈希信息。 Exemplarily, the second network element performs a hash operation on the second identifier of the second UE to obtain second hash information corresponding to the second identifier. In this way, the second network element can accurately determine the second hash information corresponding to the second identifier.
在一些实施例中,第二信息包括以下至少之一:第三标识及第四标识。示例性的,第三标识为RAN UE NG应用协议(NG Application Protocol,NGAP)标识(ID);第四标识为AMF UE NGAP ID。In some embodiments, the second information includes at least one of the following: a third identifier and a fourth identifier. Exemplarily, the third identifier is a RAN UE NG application protocol (NG Application Protocol, NGAP) identifier (ID); the fourth identifier is an AMF UE NGAP ID.
示例性的,NGAP可以为N2接口的应用层协议。例如,NGAP是AMF与TWIF之间的协议,或者,NGAP是AMF与TNGF之间的协议;对于AMF侧,UE的标识可以认为是AMF UE NGAP ID;对于TWIF或者NGAP侧,UE的标识可以认为是RAN UE NGAP ID。Exemplarily, NGAP may be an application layer protocol of the N2 interface. For example, NGAP is a protocol between AMF and TWIF, or NGAP is a protocol between AMF and TNGF; for the AMF side, the UE identifier may be considered as AMF UE NGAP ID; for the TWIF or NGAP side, the UE identifier may be considered as RAN UE NGAP ID.
如此,可以通过该第三标识和/或第四标识的发送,有利于第一网元和第二网元知晓第二标识对应的是哪个UE,便于第一网元和第二网元之间的通信。In this way, by sending the third identifier and/or the fourth identifier, the first network element and the second network element can know which UE the second identifier corresponds to, thereby facilitating communication between the first network element and the second network element.
以上实施方式,具体可以参见第一UE侧的表述,在此不再赘述。For the above implementation modes, please refer to the description on the first UE side for details, which will not be described again here.
需要说明的是,本领域内技术人员可以理解,本公开实施例提供的方法,可以被单独执行,也可以与本公开实施例中一些方法或相关技术中的一些方法一起被执行。It should be noted that those skilled in the art can understand that the method provided in the embodiments of the present disclosure can be executed alone or together with some methods in the embodiments of the present disclosure or some methods in related technologies.
以下一种信息处理方法,是第一网元执行,与上述由第一UE和/或第二网元执行的信息处理方法的描述是类似的;且对于由第一网元执行的信息处理方法实施例中未披露的技术细节,请参照由第一UE和/或第二网元执行的信息处理方法示例的描述,在此不做详细描述说明。The following information processing method is executed by the first network element, which is similar to the description of the information processing method executed by the first UE and/or the second network element. For technical details not disclosed in the embodiment of the information processing method executed by the first network element, please refer to the description of the example of the information processing method executed by the first UE and/or the second network element, and no detailed description is given here.
本公开实施例提供一种信息处理方法,由第一网元执行,包括:基于第一信息及第二信息,确定与第一哈希信息匹配的第二哈希信息;基于第二哈希信息,确定第一UE的密钥信息。示例性的,第一网元基于第一哈希信息,确定与第一哈希信息对应的第二哈希信息;基于第二哈希信息,确定与第二哈希信息对应的密钥信息;该第二哈希信息对应的密钥信息即为第一UE的密钥信息。The disclosed embodiment provides an information processing method, which is executed by a first network element, including: determining second hash information matching the first hash information based on the first information and the second information; and determining key information of the first UE based on the second hash information. Exemplarily, the first network element determines second hash information corresponding to the first hash information based on the first hash information; and determines key information corresponding to the second hash information based on the second hash information; the key information corresponding to the second hash information is the key information of the first UE.
如图4所示,本公开实施例提供一种信息处理方法,由第一网元执行,包括:As shown in FIG. 4 , an embodiment of the present disclosure provides an information processing method, which is executed by a first network element and includes:
步骤S41:获取第一信息以及获取第二信息;其中,第一信息包括第一标识的第一哈希信息;第二信息包括第二标识的第二哈希信息及与第二哈希信息对应的密钥信息;第一标识为第一UE的标识;第二标识为第二UE的标识;Step S41: obtaining first information and obtaining second information; wherein the first information includes first hash information of the first identifier; the second information includes second hash information of the second identifier and key information corresponding to the second hash information; the first identifier is the identifier of the first UE; the second identifier is the identifier of the second UE;
步骤S42:基于第一信息及第二信息,确定与第一哈希信息匹配的第二哈希信息;Step S42: Determine second hash information matching the first hash information based on the first information and the second information;
步骤S43:基于第二哈希信息,确定第一UE的密钥信息。Step S43: Determine the key information of the first UE based on the second hash information.
在本公开的一些实施例中,第一UE和第二UE分别可以为上述实施例中第一UE和第二UE;第一网元和第二网元分别可以为上述实施例中第一网元和第二网元;密钥信息可以为上述实施例中密钥信息。示例性的,第一网元可以是TWIF和/或TNGF。示例性的,第二网元可以是AMF。密钥信息可以是第一密钥和/或第二密钥。示例性的,第一密钥可以是KTWIF。示例性的,第二密钥可以是KTNGFIn some embodiments of the present disclosure, the first UE and the second UE may be the first UE and the second UE in the above-mentioned embodiment, respectively; the first network element and the second network element may be the first network element and the second network element in the above-mentioned embodiment, respectively; and the key information may be the key information in the above-mentioned embodiment. Exemplarily, the first network element may be TWIF and/or TNGF. Exemplarily, the second network element may be AMF. The key information may be the first key and/or the second key. Exemplarily, the first key may be K TWIF . Exemplarily, the second key may be K TNGF .
在本公开的一些实施例中,第一标识和第二标识分别可以为上述实施例中第一标识和第二标识。示例性的,第一标识包括以下之一:第一UE的SUPI、第一UE的SUCI、第一UE的GUTI以及指示第一UE的索引或编号。示例性的,第二标识包括以下之一:第二UE的SUPI、第二UE的SUCI、第二UE的GUTI以及指示第二UE的索引或编号。In some embodiments of the present disclosure, the first identifier and the second identifier may be the first identifier and the second identifier in the above-mentioned embodiments, respectively. Exemplarily, the first identifier includes one of the following: a SUPI of the first UE, a SUCI of the first UE, a GUTI of the first UE, and an index or number indicating the first UE. Exemplarily, the second identifier includes one of the following: a SUPI of the second UE, a SUCI of the second UE, a GUTI of the second UE, and an index or number indicating the second UE.
在本公开的一些实施例中,第一哈希信息和第二哈希信息分别可以为上述实施例中第一哈希信息和第二哈希信息。示例性的,第一哈希信息至少包括第一哈希值。第二哈希信息至少包括第二哈希值In some embodiments of the present disclosure, the first hash information and the second hash information may be the first hash information and the second hash information in the above embodiment, respectively. Exemplarily, the first hash information includes at least the first hash value. The second hash information includes at least the second hash value.
在一些实施例中,与第一哈希信息匹配的第二哈希信息可以是:与第一哈希信息相同的第二哈希信息。In some embodiments, the second hash information matching the first hash information may be: second hash information that is the same as the first hash information.
示例性的,第一网元获取第一信息,第一信息包括第一哈希信息,第一哈希信息由第一UE的第一标识确定;第一网元获取第二信息,第二信息包括至少一个第二哈希信息以及至少一个第二哈希信息对应的密钥信息,一个第二哈希信息由一个第二UE的第二标识确定;第一网元基于第一信息中包括的第一哈希信息,确定与该第一哈希信息相同的第二哈希信息;第一网元基于该第二哈希信息、以及第二信息中包括的至少一个第二哈希信息对应的密钥信息,确定该第二哈希信息所对应的密钥信息;由该第二网元确定的该密钥信息即为第一UE的第一标识对应的密钥信息。Exemplarily, the first network element obtains first information, the first information includes first hash information, and the first hash information is determined by the first identifier of the first UE; the first network element obtains second information, the second information includes at least one second hash information and at least one key information corresponding to the second hash information, and one second hash information is determined by the second identifier of a second UE; the first network element determines second hash information that is identical to the first hash information based on the first hash information included in the first information; the first network element determines the key information corresponding to the second hash information based on the second hash information and the key information corresponding to at least one second hash information included in the second information; the key information determined by the second network element is the key information corresponding to the first identifier of the first UE.
如此,在本公开实施例中,第一网元可以获取到第一信息和第二信息,并基于第一信息和第二信息,确定出第一UE的密钥信息;如此可以准确识别第一UE的密钥信息,有利于第一网元与第一UE建立安全连接。In this way, in the embodiment of the present disclosure, the first network element can obtain the first information and the second information, and determine the key information of the first UE based on the first information and the second information; in this way, the key information of the first UE can be accurately identified, which is conducive to the first network element and the first UE to establish a secure connection.
在一些实施例中,获取第一信息,包括:接收第一UE发送的第一信息。当然,在其它的实施例中,第一网元也可以从第一UE之外的其它网络设备中获取第一UE的第一信息;例如可以从基站或者其它和核心网设备等获取第一UE的第一信息。In some embodiments, obtaining the first information includes: receiving the first information sent by the first UE. Of course, in other embodiments, the first network element may also obtain the first information of the first UE from other network devices other than the first UE; for example, the first information of the first UE may be obtained from a base station or other core network devices.
本公开实施例提供一种信息处理方法,由第一网元执行,包括:接收第一UE发送的第一信息。 An embodiment of the present disclosure provides an information processing method, which is executed by a first network element and includes: receiving first information sent by a first UE.
在一些实施例中,获取第二信息,包括以下之一:In some embodiments, obtaining the second information includes one of the following:
接收第二网元发送的第二信息;receiving second information sent by the second network element;
获取存储在第一网元的第二信息。The second information stored in the first network element is obtained.
本公开实施例提供一种信息处理方法,由第一网元执行,包括:接收第二网元发送的第二信息。The embodiment of the present disclosure provides an information processing method, which is executed by a first network element and includes: receiving second information sent by a second network element.
本公开实施例提供一种信息处理方法,由第一网元执行,包括:获取存储在第一网元的第二信息。可选地,第二信息可以存储在第一网元的数据库中。可选地,第一网元预先获取到第二信息,并存储在第一网元中。The embodiment of the present disclosure provides an information processing method, which is executed by a first network element, and includes: obtaining second information stored in the first network element. Optionally, the second information may be stored in a database of the first network element. Optionally, the first network element obtains the second information in advance and stores it in the first network element.
如此可以提供多种方式获取到至少一个第二UE的第二哈希信息以及该第二哈希信息对应的密钥信息。In this way, multiple methods can be provided to obtain the second hash information of at least one second UE and the key information corresponding to the second hash information.
以上实施方式,具体可以参见第一UE侧和/或第二网元侧的表述,在此不再赘述。For the above implementation modes, please refer to the description on the first UE side and/or the second network element side, which will not be described in detail here.
需要说明的是,本领域内技术人员可以理解,本公开实施例提供的方法,可以被单独执行,也可以与本公开实施例中一些方法或相关技术中的一些方法一起被执行。It should be noted that those skilled in the art can understand that the method provided in the embodiments of the present disclosure can be executed alone or together with some methods in the embodiments of the present disclosure or some methods in related technologies.
在一些实施例中,第一信息,还包括:认证信息;认证信息是基于密钥信息确定的。示例性的,认证信息用于对密钥信息进行完整性保护。示例性的,认证信息可以为AUTH载荷。In some embodiments, the first information further includes: authentication information; the authentication information is determined based on the key information. Exemplarily, the authentication information is used to perform integrity protection on the key information. Exemplarily, the authentication information may be an AUTH payload.
在一些实施例中,确定第一UE的密钥信息,包括:基于密钥信息成功验证认证信息,确定第一UE的密钥信息。如此,当密钥信息进行完整性认证通过后,才确定该密钥信息为第一UE需要的密钥信息;如此进一步提高获取第一UE的密钥信息的准确性。In some embodiments, determining the key information of the first UE includes: successfully verifying the authentication information based on the key information to determine the key information of the first UE. In this way, when the key information passes the integrity authentication, it is determined that the key information is the key information required by the first UE; thus, the accuracy of obtaining the key information of the first UE is further improved.
如图5所示,本公开实施例提供一种信息处理方法,由第一网元执行,包括:As shown in FIG5 , an embodiment of the present disclosure provides an information processing method, which is executed by a first network element and includes:
步骤S51:基于密钥信息成功校验认证信息,基于密钥信息与第一UE建立连接;或者,基于密钥信息校验认证信息失败,不基于密钥信息与第一UE建立连接。Step S51: successfully verifying the authentication information based on the key information, and establishing a connection with the first UE based on the key information; or, failing to verify the authentication information based on the key information, not establishing a connection with the first UE based on the key information.
示例性的,该连接为安全连接。Exemplarily, the connection is a secure connection.
示例性的,若密钥信息成功验证认证信息,确定该密钥信息为第一UE的密钥信息,则第一网元和第一UE可基于该密钥信息建立连接;或者,若密钥信息校验认证信息失败,确定该密钥信息不是第一UE的密钥信息,则第一网元和第一UE不基于该密钥信息与第一UE建立连接。Exemplarily, if the key information successfully verifies the authentication information and determines that the key information is the key information of the first UE, the first network element and the first UE may establish a connection based on the key information; or, if the key information fails to verify the authentication information and determines that the key information is not the key information of the first UE, the first network element and the first UE do not establish a connection with the first UE based on the key information.
本公开实施例可以通过第一网元是否基于密钥信息成功验证认证信息,来确定是否基于密钥信息与第一UE建立连接,可以确保若建立第一网元和第一UE建立连接时连接的安全性。The embodiment of the present disclosure can determine whether to establish a connection with the first UE based on the key information by whether the first network element successfully verifies the authentication information based on the key information, thereby ensuring the security of the connection when the first network element and the first UE are connected.
以上实施方式,具体可以参见第一UE侧和/或第二网元侧的表述,在此不再赘述。For the above implementation modes, please refer to the description on the first UE side and/or the second network element side, which will not be described in detail here.
需要说明的是,本领域内技术人员可以理解,本公开实施例提供的方法,可以被单独执行,也可以与本公开实施例中一些方法或相关技术中的一些方法一起被执行。It should be noted that those skilled in the art can understand that the method provided in the embodiments of the present disclosure can be executed alone or together with some methods in the embodiments of the present disclosure or some methods in related technologies.
为了进一步解释本公开任意实施例,以下提供几个具体实施例。In order to further explain any embodiment of the present disclosure, several specific embodiments are provided below.
示例一Example 1
如图6所示,本公开实施例提供一种信息处理方法,由通信设备执行,通信设备包括UE、TWIF或TNGF、以及AMF;信息处理方法包括以下步骤:As shown in FIG6 , an embodiment of the present disclosure provides an information processing method, which is performed by a communication device, and the communication device includes a UE, a TWIF or a TNGF, and an AMF; the information processing method includes the following steps:
本公开实施例中UE可以为上述实施例中第一UE。The UE in the disclosed embodiment may be the first UE in the above embodiment.
步骤S61:在注册过程中,当非接入层(Non-Access Stratum,NAS)安全模式控制(Security Mode Control,SMC)成功完成时,AMF决定向TWIF或TNGF提供UE安全上下文;Step S61: During the registration process, when the Non-Access Stratum (NAS) Security Mode Control (SMC) is successfully completed, the AMF decides to provide the UE security context to the TWIF or TNGF;
步骤S62:在AMF发起初始上下文请求之前,AMF确定用于识别KTWIF或KTNGF的UE的SUPI的哈希值;Step S62: Before the AMF initiates the Initial Context Request, the AMF determines the hash value of the SUPI of the UE used to identify the K TWIF or K TNGF ;
步骤S63:AMF向TWIF或TNGF发送KTWIF或KTNGF、RAN UE NGAP ID、AMF UE NGAP ID以及SUPI的哈希值;Step S63: AMF sends K TWIF or K TNGF , RAN UE NGAP ID, AMF UE NGAP ID and a hash value of SUPI to TWIF or TNGF;
步骤S64:TWIF或TNGF存储从AMF接收的SUPI的哈希值,并将其接收的KTWIF或KTNGF与哈希值相关联;Step S64: TWIF or TNGF stores the hash value of SUPI received from AMF and associates the received K TWIF or K TNGF with the hash value;
步骤S65:UE确定SUPI的哈希值。可选地,为了建立与TWIF或TNGF的安全连接,UE计算SUPI的哈希值。可选地,UE基于KTWIF或KTNGF生成AUTH载荷。Step S65: The UE determines the hash value of the SUPI. Optionally, in order to establish a secure connection with the TWIF or TNGF, the UE calculates the hash value of the SUPI. Optionally, the UE generates an AUTH payload based on K TWIF or K TNGF .
步骤S66:UE将SUPI的哈希值及AUTH载荷发送给TWIF或TNGF;Step S66: The UE sends the hash value of the SUPI and the AUTH payload to the TWIF or TNGF;
步骤S67:TWIF或TNGF通过搜索UE接收的SUPI的哈希值与存储的来自AMF的SUPI的哈希值的匹配,来识别UE的KTWIF或KTNGF。可选地,TWIF或TNGF基于所识别的密钥信息(例如,KTWIF或KTNGF)来验证AUTH载荷的有效性。Step S67: TWIF or TNGF identifies the UE's K TWIF or K TNGF by searching for a match between the hash value of the SUPI received by the UE and the hash value of the SUPI stored from the AMF. Optionally, TWIF or TNGF verifies the validity of the AUTH payload based on the identified key information (e.g., K TWIF or K TNGF ).
步骤S68:TWIF或TNGF若确定AUTH载荷被成功验证,基于识别的KTWIF或KTNGF与UE建立安全连接;否者,TWIF或TNGF终止该过程。 Step S68: If the TWIF or TNGF determines that the AUTH payload is successfully verified, it establishes a secure connection with the UE based on the identified K TWIF or K TNGF ; otherwise, the TWIF or TNGF terminates the process.
以上实施方式,具体可以参见第一UE侧和/或第一网元侧和/或第二网元侧的表述,在此不再赘述。For the above implementation modes, specific reference may be made to the descriptions on the first UE side and/or the first network element side and/or the second network element side, which will not be described in detail here.
需要说明的是,本领域内技术人员可以理解,本公开实施例提供的方法,可以被单独执行,也可以与本公开实施例中一些方法或相关技术中的一些方法一起被执行。It should be noted that those skilled in the art can understand that the method provided in the embodiments of the present disclosure can be executed alone or together with some methods in the embodiments of the present disclosure or some methods in related technologies.
示例二Example 2
本公开实施例提供一种信息处理系统,信息处理系统包括:第一UE、第一网元以及第二网元;其中,The present disclosure provides an information processing system, which includes: a first UE, a first network element, and a second network element; wherein:
第一UE,被配置为向第一网元发送第一信息,其中,第一信息包括第一标识的第一哈希信息;第一标识为第一UE的标识;A first UE is configured to send first information to a first network element, wherein the first information includes first hash information of a first identifier; the first identifier is an identifier of the first UE;
第二网元,被配置为向第一网元发送第二信息,其中,第二信息包括:至少一个第二标识的第二哈希信息,以及与第二哈希信息对应的密钥信息;第二标识为第二UE的标识;The second network element is configured to send second information to the first network element, wherein the second information includes: second hash information of at least one second identifier, and key information corresponding to the second hash information; the second identifier is an identifier of the second UE;
第一网元,被配置为基于第一信息及第二信息,确定与第一哈希信息匹配的第二哈希信息;并基于第二哈希信息,确定第一UE的密钥信息。The first network element is configured to determine second hash information matching the first hash information based on the first information and the second information; and determine key information of the first UE based on the second hash information.
在一些实施例中,第一UE被配置为基于第一UE的第一标识,确定第一哈希信息。In some embodiments, the first UE is configured to determine first hash information based on a first identifier of the first UE.
在一些实施例中,第二网元被配置为基于第二UE的第二标识,确定第二哈希信息。In some embodiments, the second network element is configured to determine second hash information based on a second identifier of the second UE.
在一些实施例中,第一网元被配置为接收第一UE发送的第一信息和/或接收第二网元发送的第二信息。In some embodiments, the first network element is configured to receive first information sent by the first UE and/or receive second information sent by the second network element.
在一些实施例中,第一网元被配置为基于密钥信息成功校验认证信息,基于密钥信息与第一UE建立连接;或者,基于密钥信息校验认证信息失败,不基于密钥信息与第一UE建立连接。In some embodiments, the first network element is configured to successfully verify the authentication information based on the key information and establish a connection with the first UE based on the key information; or, if the authentication information fails to be verified based on the key information, not establish a connection with the first UE based on the key information.
以上实施方式,具体可以参见第一UE侧和/或第一网元侧和/或第二网元侧的表述,在此不再赘述。For the above implementation modes, specific reference may be made to the descriptions on the first UE side and/or the first network element side and/or the second network element side, which will not be described in detail here.
需要说明的是,本领域内技术人员可以理解,本公开实施例提供的方法,可以被单独执行,也可以与本公开实施例中一些方法或相关技术中的一些方法一起被执行。It should be noted that those skilled in the art can understand that the method provided in the embodiments of the present disclosure can be executed alone or together with some methods in the embodiments of the present disclosure or some methods in related technologies.
如图7所示,本公开实施例提供一种信息处理装置,包括:As shown in FIG. 7 , an embodiment of the present disclosure provides an information processing device, including:
第一发送模块51,被配置为向第一网元发送第一信息,其中,第一信息包括第一标识的第一哈希信息;第一哈希信息用于第一网元确定与第一标识对应的密钥信息;第一标识为第一UE的标识。The first sending module 51 is configured to send first information to the first network element, wherein the first information includes first hash information of a first identifier; the first hash information is used by the first network element to determine key information corresponding to the first identifier; the first identifier is an identifier of the first UE.
本公开实施例提供的信息处理装置可以为第一UE。The information processing device provided by the embodiment of the present disclosure may be a first UE.
本公开实施例提供一种信息处理装置,包括:第一处理模块,被配置为基于第一UE的第一标识,确定第一哈希信息。An embodiment of the present disclosure provides an information processing device, including: a first processing module, configured to determine first hash information based on a first identifier of a first UE.
在一些实施例中,第一信息还包括:认证信息;认证信息是基于密钥信息确定的。In some embodiments, the first information further includes: authentication information; the authentication information is determined based on the key information.
在一些实施例中,第一标识包括以下之一:第一UE的SUPI、第一UE的SUCI、第一UE的GUTI以及指示第一UE的索引或编号。In some embodiments, the first identifier includes one of the following: a SUPI of the first UE, a SUCI of the first UE, a GUTI of the first UE, and an index or number indicating the first UE.
在一些实施例中,第一网元包括以下之一:TWIF、以及TNGF。In some embodiments, the first network element includes one of: a TWIF, and a TNGF.
在一些实施例中,密钥信息包括以下至少之一:In some embodiments, the key information includes at least one of the following:
与TWIF关联的第一密钥(KTWIF);a first key associated with TWIF (K TWIF );
与TNGF关联的第二密钥(KTNGF)。A second key (K TNGF ) associated with TNGF.
如图8所示,本公开实施例提供一种信息处理装置,包括:As shown in FIG8 , an embodiment of the present disclosure provides an information processing device, including:
第二发送模块61,被配置为向第一网元发送第二信息,其中,第二信息包括:至少一个第二标识的第二哈希信息,以及与第二哈希信息对应的密钥信息;第二信息用于第一网元确定与第一标识对应的密钥信息;第一标识为第一UE的标识,第二标识为第二UE的标识。The second sending module 61 is configured to send second information to the first network element, wherein the second information includes: second hash information of at least one second identifier, and key information corresponding to the second hash information; the second information is used by the first network element to determine the key information corresponding to the first identifier; the first identifier is the identifier of the first UE, and the second identifier is the identifier of the second UE.
本公开实施例提供的信息处理装置可以为第二网元。示例性的,第二网元为AMF。The information processing device provided in the embodiment of the present disclosure may be a second network element. Exemplarily, the second network element is an AMF.
本公开实施例提供一种信息处理装置,包括:第二处理模块,被配置为基于至少一个第二UE的第二标识,确定至少一个第二UE的第二哈希信息。An embodiment of the present disclosure provides an information processing device, including: a second processing module, configured to determine second hash information of at least one second UE based on a second identifier of at least one second UE.
在一些实施例中,第一网元包括以下之一:TWIF、以及TNGF。In some embodiments, the first network element includes one of: a TWIF, and a TNGF.
在一些实施例中,第一标识包括以下之一:第一UE的SUPI、第一UE的SUCI、第一UE的GUTI、以及指示第一UE的索引或编号;In some embodiments, the first identifier includes one of: a SUPI of the first UE, a SUCI of the first UE, a GUTI of the first UE, and an index or number indicating the first UE;
和/或,第二标识包括以下之一:第二UE的SUPI、第二UE的SUCI、第二UE的GUTI、以及指示第二UE的索引或编号。And/or, the second identifier includes one of the following: a SUPI of the second UE, a SUCI of the second UE, a GUTI of the second UE, and an index or number indicating the second UE.
在一些实施例中,密钥信息包括以下至少之一:In some embodiments, the key information includes at least one of the following:
与TWIF关联的第一密钥(KTWIF); a first key associated with TWIF (K TWIF );
与TNGF关联的第二密钥(KTNGF)。A second key (K TNGF ) associated with TNGF.
如图9所示,本公开实施例提供一种信息处理装置,包括:As shown in FIG9 , an embodiment of the present disclosure provides an information processing device, including:
获取模块71,被配置为获取第一信息以及获取第二信息;其中,第一信息包括第一标识的第一哈希信息;第二信息包括第二标识的第二哈希信息及与第二哈希信息对应的密钥信息;第一标识为第一UE的标识;第二标识为第二UE的标识;The acquisition module 71 is configured to acquire first information and acquire second information; wherein the first information includes first hash information of the first identifier; the second information includes second hash information of the second identifier and key information corresponding to the second hash information; the first identifier is the identifier of the first UE; the second identifier is the identifier of the second UE;
第三处理模块72,被配置为基于第一信息及第二信息,确定与第一哈希信息匹配的第二哈希信息;A third processing module 72 is configured to determine second hash information matching the first hash information based on the first information and the second information;
第三处理模块72,还被配置为基于第二哈希信息,确定第一UE的密钥信息。The third processing module 72 is further configured to determine the key information of the first UE based on the second hash information.
本公开实施例提供的信息处理装置可以为第一网元。示例性的,第一网元可以为TWIF或者TNGF。The information processing device provided in the embodiment of the present disclosure may be a first network element. Exemplarily, the first network element may be a TWIF or a TNGF.
本公开实施例提供一种信息处理装置,包括:获取模块71,被配置为接收第一UE发送的第一信息。An embodiment of the present disclosure provides an information processing device, including: an acquisition module 71, configured to receive first information sent by a first UE.
本公开实施例提供一种信息处理装置,包括:获取模块71,配置为接收第二网元发送的第二信息;或者,获取模块71,被配置为获取存储在第一网元的第二信息。An embodiment of the present disclosure provides an information processing device, including: an acquisition module 71, configured to receive second information sent by a second network element; or, the acquisition module 71, configured to acquire second information stored in a first network element.
在一些实施例中,第一信息,还包括:认证信息;认证信息是基于密钥信息确定的。In some embodiments, the first information further includes: authentication information; the authentication information is determined based on the key information.
在一些实施例中,第三处理模块72,被配置为基于密钥信息成功校验认证信息,基于密钥信息与第一UE建立连接;或者,第三处理模块72,被配置为基于密钥信息校验认证信息失败,不基于密钥信息与第一UE建立连接。In some embodiments, the third processing module 72 is configured to successfully verify the authentication information based on the key information and establish a connection with the first UE based on the key information; or, the third processing module 72 is configured to fail to verify the authentication information based on the key information and not establish a connection with the first UE based on the key information.
在一些实施例中,密钥信息包括以下至少之一:In some embodiments, the key information includes at least one of the following:
与TWIF关联的第一密钥(KTWIF);a first key associated with TWIF (K TWIF );
与TNGF关联的第二密钥(KTNGF)。A second key (K TNGF ) associated with TNGF.
在一些实施例中,第二网元为AMF。In some embodiments, the second network element is an AMF.
需要说明的是,本领域内技术人员可以理解,本公开实施例提供的装置,可以被单独执行,也可以与本公开实施例中一些装置或相关技术中的一些装置一起被执行。It should be noted that those skilled in the art can understand that the device provided in the embodiments of the present disclosure can be executed alone or together with some devices in the embodiments of the present disclosure or some devices in related technologies.
关于上述实施例中的装置,其中各个模块执行操作的具体方式已经在有关该方法的实施例中进行了详细描述,此处将不做详细阐述说明。Regarding the device in the above embodiment, the specific manner in which each module performs operations has been described in detail in the embodiment of the method, and will not be elaborated here.
本公开实施例提供一种通信设备,包括处理器、收发器、存储器及存储在存储器上并能够有处理器运行的可执行程序,其中,处理器运行可执行程序时执行如前述提供的信息处理方法。An embodiment of the present disclosure provides a communication device, including a processor, a transceiver, a memory, and an executable program stored in the memory and capable of being run by the processor, wherein the processor executes the information processing method provided above when running the executable program.
在一些实施例中,处理器可包括各种类型的存储介质,该存储介质为非临时性计算机存储介质,在通信设备掉电之后能够继续记忆存储其上的信息。In some embodiments, the processor may include various types of storage media, which are non-transitory computer storage media that can continue to remember information stored thereon after the communication device loses power.
在一些实施例中,通信设备包括:UE或者网元,该网元可为前述第一网元以及第二网元中的任意一个。In some embodiments, the communication device includes: a UE or a network element, and the network element may be any one of the aforementioned first network element and the second network element.
所述处理器可以通过总线等与存储器连接,用于读取存储器上存储的可执行程序,例如,如图2至图6所示的方法的至少其中之一。The processor may be connected to the memory via a bus or the like, and is used to read an executable program stored in the memory, for example, at least one of the methods shown in FIG. 2 to FIG. 6 .
本公开实施例提供一种计算机存储介质,计算机存储介质存储有可执行程序;可执行程序被处理器执行后,能够实现前述提供的信息处理方法。例如,如图2至图6所示的方法的至少其中之一。The present disclosure provides a computer storage medium storing an executable program; after the executable program is executed by a processor, the aforementioned information processing method can be implemented, for example, at least one of the methods shown in FIG. 2 to FIG. 6 .
图10是根据一示例性实施例示出的一种UE 800的框图。例如,UE 800可以是移动电话,计算机,数字广播用户设备,消息收发设备,游戏控制台,平板设备,医疗设备,健身设备,个人数字助理等。FIG10 is a block diagram of a UE 800 according to an exemplary embodiment. For example, the UE 800 may be a mobile phone, a computer, a digital broadcast user equipment, a messaging device, a game console, a tablet device, a medical device, a fitness device, a personal digital assistant, etc.
参照图10,UE 800可以包括以下一个或多个组件:处理组件802,存储器804,电源组件806,多媒体组件808,音频组件810,输入/输出(I/O)的接口812,传感器组件814,以及通信组件816。10 , UE 800 may include one or more of the following components: a processing component 802 , a memory 804 , a power component 806 , a multimedia component 808 , an audio component 810 , an input/output (I/O) interface 812 , a sensor component 814 , and a communication component 816 .
处理组件802通常控制UE 800的整体操作,诸如与显示,电话呼叫,数据通信,相机操作和记录操作相关联的操作。处理组件802可以包括一个或多个处理器820来执行指令,以生成上述的方法的全部或部分步骤。此外,处理组件802可以包括一个或多个模块,便于处理组件802和其他组件之间的交互。例如,处理组件802可以包括多媒体模块,以方便多媒体组件808和处理组件802之间的交互。The processing component 802 generally controls the overall operation of the UE 800, such as operations associated with display, phone calls, data communications, camera operations, and recording operations. The processing component 802 may include one or more processors 820 to execute instructions to generate all or part of the steps of the above-described method. In addition, the processing component 802 may include one or more modules to facilitate interaction between the processing component 802 and other components. For example, the processing component 802 may include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.
存储器804被配置为存储各种类型的数据以支持在UE 800的操作。这些数据的示例包括用于在UE 800上操作的任何应用程序或方法的指令,联系人数据,电话簿数据,消息,图片,视频等。存储器804可以由任何类型的易失性或非易失性存储设备或者它们的组合实现,如静态随机存取存储 器(SRAM),电可擦除可编程只读存储器(EEPROM),可擦除可编程只读存储器(EPROM),可编程只读存储器(PROM),只读存储器(ROM),磁存储器,快闪存储器,磁盘或光盘。The memory 804 is configured to store various types of data to support the operation of the UE 800. Examples of such data include instructions for any application or method operating on the UE 800, contact data, phone book data, messages, pictures, videos, etc. The memory 804 can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as static random access memory. SRAM, electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic storage, flash memory, magnetic disk or optical disk.
电源组件806为UE 800的各种组件提供电力。电源组件806可以包括电源管理系统,一个或多个电源,及其他与为UE 800生成、管理和分配电力相关联的组件。The power component 806 provides power to various components of the UE 800. The power component 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power to the UE 800.
多媒体组件808包括在所述UE 800和用户之间的提供一个输出接口的屏幕。在一些实施例中,屏幕可以包括液晶显示器(LCD)和触摸面板(TP)。如果屏幕包括触摸面板,屏幕可以被实现为触摸屏,以接收来自用户的输入信号。触摸面板包括一个或多个触摸传感器以感测触摸、滑动和触摸面板上的手势。所述触摸传感器可以不仅感测触摸或滑动动作的边界,而且还检测与所述触摸或滑动操作相关的持续时间和压力。在一些实施例中,多媒体组件808包括一个前置摄像头和/或后置摄像头。当UE 800处于操作模式,如拍摄模式或视频模式时,前置摄像头和/或后置摄像头可以接收外部的多媒体数据。每个前置摄像头和后置摄像头可以是一个固定的光学透镜系统或具有焦距和光学变焦能力。The multimedia component 808 includes a screen that provides an output interface between the UE 800 and the user. In some embodiments, the screen may include a liquid crystal display (LCD) and a touch panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from the user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundaries of the touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front camera and/or a rear camera. When the UE 800 is in an operating mode, such as a shooting mode or a video mode, the front camera and/or the rear camera may receive external multimedia data. Each front camera and rear camera may be a fixed optical lens system or have focal length and optical zoom capabilities.
音频组件810被配置为输出和/或输入音频信号。例如,音频组件810包括一个麦克风(MIC),当UE 800处于操作模式,如呼叫模式、记录模式和语音识别模式时,麦克风被配置为接收外部音频信号。所接收的音频信号可以被进一步存储在存储器804或经由通信组件816发送。在一些实施例中,音频组件810还包括一个扬声器,用于输出音频信号。The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a microphone (MIC), and when the UE 800 is in an operating mode, such as a call mode, a recording mode, and a speech recognition mode, the microphone is configured to receive an external audio signal. The received audio signal may be further stored in the memory 804 or sent via the communication component 816. In some embodiments, the audio component 810 also includes a speaker for outputting an audio signal.
I/O接口812为处理组件802和外围接口模块之间提供接口,上述外围接口模块可以是键盘,点击轮,按钮等。这些按钮可包括但不限于:主页按钮、音量按钮、启动按钮和锁定按钮。I/O interface 812 provides an interface between processing component 802 and peripheral interface modules, such as keyboards, click wheels, buttons, etc. These buttons may include but are not limited to: home button, volume button, start button, and lock button.
传感器组件814包括一个或多个传感器,用于为UE 800提供各个方面的状态评估。例如,传感器组件814可以检测到设备800的打开/关闭状态,组件的相对定位,例如所述组件为UE 800的显示器和小键盘,传感器组件814还可以检测UE 800或UE 800一个组件的位置改变,用户与UE 800接触的存在或不存在,UE 800方位或加速/减速和UE 800的温度变化。传感器组件814可以包括接近传感器,被配置用来在没有任何的物理接触时检测附近物体的存在。传感器组件814还可以包括光传感器,如CMOS或CCD图像传感器,用于在成像应用中使用。在一些实施例中,该传感器组件814还可以包括加速度传感器,陀螺仪传感器,磁传感器,压力传感器或温度传感器。The sensor assembly 814 includes one or more sensors for providing various aspects of status assessment for the UE 800. For example, the sensor assembly 814 can detect the open/closed state of the device 800, the relative positioning of components, such as the display and keypad of the UE 800, the sensor assembly 814 can also detect the position change of the UE 800 or a component of the UE 800, the presence or absence of user contact with the UE 800, the UE 800 orientation or acceleration/deceleration and the temperature change of the UE 800. The sensor assembly 814 can include a proximity sensor configured to detect the presence of nearby objects without any physical contact. The sensor assembly 814 can also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 can also include an accelerometer, a gyroscope sensor, a magnetic sensor, a pressure sensor or a temperature sensor.
通信组件816被配置为便于UE 800和其他设备之间有线或无线方式的通信。UE 800可以接入基于通信标准的无线网络,如WiFi,2G或3G,或它们的组合。在一个示例性实施例中,通信组件816经由广播信道接收来自外部广播管理系统的广播信号或广播相关信息。在一个示例性实施例中,所述通信组件816还包括近场通信(NFC)模块,以促进短程通信。例如,在NFC模块可基于射频识别(RFID)技术,红外数据协会(IrDA)技术,超宽带(UWB)技术,蓝牙(BT)技术和其他技术来实现。The communication component 816 is configured to facilitate wired or wireless communication between the UE 800 and other devices. The UE 800 can access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast-related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 also includes a near field communication (NFC) module to facilitate short-range communication. For example, the NFC module can be implemented based on radio frequency identification (RFID) technology, infrared data association (IrDA) technology, ultra-wideband (UWB) technology, Bluetooth (BT) technology and other technologies.
在示例性实施例中,UE 800可以被一个或多个应用专用集成电路(ASIC)、数字信号处理器(DSP)、数字信号处理设备(DSPD)、可编程逻辑器件(PLD)、现场可编程门阵列(FPGA)、控制器、微控制器、微处理器或其他电子元件实现,用于执行上述方法。In an exemplary embodiment, UE 800 may be implemented by one or more application-specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components to perform the above methods.
在示例性实施例中,还提供了一种包括指令的非临时性计算机可读存储介质,例如包括指令的存储器804,上述指令可由UE 800的处理器820执行以生成上述方法。例如,所述非临时性计算机可读存储介质可以是ROM、随机存取存储器(RAM)、CD-ROM、磁带、软盘和光数据存储设备等。In an exemplary embodiment, a non-transitory computer-readable storage medium including instructions is also provided, such as a memory 804 including instructions, and the above instructions can be executed by the processor 820 of the UE 800 to generate the above method. For example, the non-transitory computer-readable storage medium can be a ROM, a random access memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, etc.
如图11所示,本公开一实施例示出一种通信设备的结构。例如,通信设备900可以被提供为一网络侧设备。该通信设备可为前述的接入网元和/或网络功能等各种网元。该通信设备可以是上述实施例中AMF、或者第一网元或者第二网元。As shown in FIG. 11 , an embodiment of the present disclosure shows a structure of a communication device. For example, the communication device 900 may be provided as a network side device. The communication device may be various network elements such as the aforementioned access network element and/or network function. The communication device may be the AMF, or the first network element or the second network element in the above embodiment.
参照图11,通信设备900包括处理组件922,其进一步包括一个或多个处理器,以及由存储器932所代表的存储器资源,用于存储可由处理组件922的执行的指令,例如应用程序。存储器932中存储的应用程序可以包括一个或一个以上的每一个对应于一组指令的模块。此外,处理组件922被配置为执行指令,以执行上述方法前述应用在所述接入设备的任意方法。11, the communication device 900 includes a processing component 922, which further includes one or more processors, and a memory resource represented by a memory 932 for storing instructions that can be executed by the processing component 922, such as an application. The application stored in the memory 932 may include one or more modules each corresponding to a set of instructions. In addition, the processing component 922 is configured to execute instructions to perform any method of the aforementioned method applied to the access device.
通信设备900还可以包括一个电源组件926被配置为执行通信设备900的电源管理,一个有线或无线网络接口950被配置为将通信设备900连接到网络,和一个输入输出(I/O)接口958。通信设备900可以操作基于存储在存储器932的操作系统,例如Windows Server TM,Mac OS XTM,UnixTM,LinuxTM,FreeBSDTM或类似。The communication device 900 may also include a power supply component 926 configured to perform power management of the communication device 900, a wired or wireless network interface 950 configured to connect the communication device 900 to a network, and an input/output (I/O) interface 958. The communication device 900 may operate based on an operating system stored in the memory 932, such as Windows Server TM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, or the like.
在不矛盾的情况下,某一实施方式或实施例中的每个步骤均可以作为独立实施例来实施,且各 步骤之间可以任意组合,例如,在某一实施方式或实施例中去除部分步骤后的方案也可以作为独立实施例来实施,且在某一实施方式或实施例中各步骤的顺序可以任意交换,另外,某一实施方式或实施例中的可选方式或可选例可以任意组合;此外,各实施方式或实施例之间可以任意组合,例如,不同实施方式或实施例的部分或全部步骤可以任意组合,某一实施方式或实施例可以与其他实施方式或实施例的可选方式或可选例任意组合。In the absence of contradiction, each step in a certain implementation mode or embodiment can be implemented as an independent embodiment, and each step can be implemented as an independent embodiment. The steps may be arbitrarily combined. For example, a solution after removing some steps in a certain implementation manner or example may also be implemented as an independent example. The order of the steps in a certain implementation manner or example may be arbitrarily exchanged. In addition, the optional methods or optional examples in a certain implementation manner or example may be arbitrarily combined. Furthermore, the various implementation manners or examples may be arbitrarily combined. For example, some or all of the steps of different implementation manners or examples may be arbitrarily combined. A certain implementation manner or example may be arbitrarily combined with the optional methods or optional examples of other implementation manners or examples.
本领域技术人员在考虑说明书及实践这里公开的发明后,将容易想到本发明的其它实施方案。本公开旨在涵盖本发明的任何变型、用途或者适应性变化,这些变型、用途或者适应性变化遵循本发明的一般性原理并包括本公开未公开的本技术领域中的公知常识或惯用技术手段。说明书和实施例仅被视为示例性的,本发明的真正范围和精神由下面的权利要求指出。Those skilled in the art will readily appreciate other embodiments of the present invention after considering the specification and practicing the invention disclosed herein. The present disclosure is intended to cover any variations, uses or adaptations of the present invention that follow the general principles of the present invention and include common knowledge or customary techniques in the art that are not disclosed in the present disclosure. The description and examples are to be considered exemplary only, and the true scope and spirit of the present invention are indicated by the following claims.
应当理解的是,本发明并不局限于上面已经描述并在附图中示出的精确结构,并且可以在不脱离其范围进行各种修改和改变。本发明的范围仅由所附的权利要求来限制。 It should be understood that the present invention is not limited to the exact construction that has been described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present invention is limited only by the appended claims.

Claims (26)

  1. 一种信息处理方法,其中,由第一用户设备UE执行,包括:An information processing method, wherein the method is performed by a first user equipment UE, comprising:
    向第一网元发送第一信息,其中,所述第一信息包括第一标识的第一哈希信息;所述第一哈希信息用于所述第一网元确定与所述第一标识对应的密钥信息;所述第一标识为所述第一UE的标识。Send first information to a first network element, wherein the first information includes first hash information of a first identifier; the first hash information is used by the first network element to determine key information corresponding to the first identifier; and the first identifier is an identifier of the first UE.
  2. 根据权利要求1所述的方法,其中,所述方法还包括:The method according to claim 1, wherein the method further comprises:
    基于所述第一UE的所述第一标识,确定所述第一哈希信息。Based on the first identifier of the first UE, determine the first hash information.
  3. 根据权利要求1或2所述的方法,所述第一信息还包括:认证信息;所述认证信息是基于所述密钥信息确定的。According to the method according to claim 1 or 2, the first information also includes: authentication information; the authentication information is determined based on the key information.
  4. 根据权利要求1至3任一项所述的方法,其中,所述第一标识包括以下之一:The method according to any one of claims 1 to 3, wherein the first identifier comprises one of the following:
    所述第一UE的订阅用户永久标识SUPI;A Subscriber Permanent User Identity (SUPI) of the first UE;
    所述第一UE的签约用户隐式标识SUCI;A subscriber implicit identity SUCI of the first UE;
    所述第一UE的全球唯一临时标识GUTI;A globally unique temporary identifier GUTI of the first UE;
    指示所述第一UE的索引或编号。Indicates the index or number of the first UE.
  5. 根据权利要求1至4任一项所述的方法,其中,所述第一网元包括以下之一:The method according to any one of claims 1 to 4, wherein the first network element comprises one of the following:
    可信WLAN互操作功能TWIF;Trusted WLAN interoperability function TWIF;
    可信非3GPP网关功能TNGF。Trusted non-3GPP gateway function TNGF.
  6. 根据权利要求5所述的方法,其中,所述密钥信息包括以下至少之一:The method according to claim 5, wherein the key information includes at least one of the following:
    与所述TWIF关联的第一密钥KTWIFa first key K TWIF associated with the TWIF;
    与所述TNGF关联的第二密钥KTNGFA second key K TNGF associated with said TNGF.
  7. 一种信息处理方法,其中,由第二网元执行,包括:An information processing method, wherein the method is performed by a second network element, comprising:
    向第一网元发送第二信息,其中,第二信息包括:至少一个第二标识的第二哈希信息,以及与所述第二哈希信息对应的密钥信息;所述第二信息用于所述第一网元确定与第一标识对应的所述密钥信息;所述第一标识为第一用户设备UE的标识,所述第二标识为第二UE的标识。Send second information to the first network element, wherein the second information includes: second hash information of at least one second identifier, and key information corresponding to the second hash information; the second information is used by the first network element to determine the key information corresponding to the first identifier; the first identifier is the identifier of the first user equipment UE, and the second identifier is the identifier of the second UE.
  8. 根据权利要求7所述的方法,其中,所述方法包括:The method according to claim 7, wherein the method comprises:
    基于至少一个所述第二UE的所述第二标识,确定至少一个所述第二UE的所述第二哈希信息。Based on the second identifier of at least one second UE, determine the second hash information of at least one second UE.
  9. 根据权利要求7或8所述的方法,其中,The method according to claim 7 or 8, wherein
    所述第一标识包括以下之一:所述第一UE的订阅用户永久标识SUPI、所述第一UE的签约用户隐式标识SUCI、所述第一UE的GUTI、以及指示所述第一UE的索引或编号;The first identifier includes one of the following: a subscriber permanent identifier SUPI of the first UE, a subscriber implicit identifier SUCI of the first UE, a GUTI of the first UE, and an index or number indicating the first UE;
    和/或,and/or,
    所述第二标识包括以下之一:所述第二UE的SUPI、所述第二UE的SUCI、所述第二UE的GUTI、以及指示所述第二UE的索引或编号。The second identifier includes one of the following: a SUPI of the second UE, a SUCI of the second UE, a GUTI of the second UE, and an index or number indicating the second UE.
  10. 根据权利要求7至9任一项所述的方法,其中,所述第一网元包括以下之一:The method according to any one of claims 7 to 9, wherein the first network element comprises one of the following:
    可信WLAN互操作功能TWIF;Trusted WLAN interoperability function TWIF;
    可信非3GPP网关功能TNGF。Trusted non-3GPP gateway function TNGF.
  11. 根据权利要求10所述的方法,其中,所述密钥信息包括以下至少之一:The method according to claim 10, wherein the key information includes at least one of the following:
    与所述TWIF关联的第一密钥KTWIFa first key K TWIF associated with the TWIF;
    与所述TNGF关联的第二密钥KTNGFA second key K TNGF associated with said TNGF.
  12. 根据权利要求7至11任一项所述的方法,其中,所述第二网元为接入与移动性管理功能AMF。The method according to any one of claims 7 to 11, wherein the second network element is an access and mobility management function AMF.
  13. 一种信息处理方法,其中,由第一网元执行,包括:An information processing method, wherein the method is performed by a first network element, comprising:
    获取第一信息以及获取第二信息;其中,所述第一信息包括第一标识的第一哈希信息;所述第二信息包括第二标识的第二哈希信息及与所述第二哈希信息对应的密钥信息;所述第一标识为第一用户设备UE的标识;所述第二标识为第二UE的标识;Acquire first information and acquire second information; wherein the first information includes first hash information of a first identifier; the second information includes second hash information of a second identifier and key information corresponding to the second hash information; the first identifier is an identifier of a first user equipment UE; the second identifier is an identifier of a second UE;
    基于所述第一信息及所述第二信息,确定与所述第一哈希信息匹配的所述第二哈希信息;Based on the first information and the second information, determining the second hash information matching the first hash information;
    基于所述第二哈希信息,确定所述第一UE的所述密钥信息。Based on the second hash information, determine the key information of the first UE.
  14. 根据权利要求13所述的方法,其中,所述获取第一信息,包括:The method according to claim 13, wherein the obtaining the first information comprises:
    接收第一用户设备UE发送的所述第一信息。The first information sent by the first user equipment UE is received.
  15. 根据权利要求13或14所述的方法,其中,所述获取第二信息,包括以下之一:The method according to claim 13 or 14, wherein the obtaining the second information comprises one of the following:
    接收第二网元发送的所述第二信息;receiving the second information sent by the second network element;
    获取存储在所述第一网元的所述第二信息。Acquire the second information stored in the first network element.
  16. 根据权利要求13至15任一项所述的方法,其中,所述第一信息,还包括:认证信息;所 述认证信息是基于密钥信息确定的。The method according to any one of claims 13 to 15, wherein the first information further includes: authentication information; The authentication information is determined based on the key information.
  17. 根据权利要求16所述的方法,其中,所述方法包括以下之一:The method according to claim 16, wherein the method comprises one of the following:
    基于所述密钥信息成功校验所述认证信息,基于所述密钥信息与所述第一UE建立连接;Successfully verifying the authentication information based on the key information, and establishing a connection with the first UE based on the key information;
    基于所述密钥信息校验所述认证信息失败,不基于所述密钥信息与所述第一UE建立连接。If verification of the authentication information based on the key information fails, a connection is not established with the first UE based on the key information.
  18. 根据权利要求13至17任一项所述的方法,其中,所述第一网元包括以下之一:The method according to any one of claims 13 to 17, wherein the first network element comprises one of the following:
    可信WLAN互操作功能TWIF;Trusted WLAN interoperability function TWIF;
    可信非3GPP网关功能TNGF。Trusted non-3GPP gateway function TNGF.
  19. 根据权利要求18所述的方法,其中,所述密钥信息包括以下至少之一:The method according to claim 18, wherein the key information includes at least one of the following:
    与所述TWIF关联的第一密钥KTWIFa first key K TWIF associated with the TWIF;
    与所述TNGF关联的第二密钥KTNGFA second key K TNGF associated with said TNGF.
  20. 根据权利要求15所述的方法,其中,所述第二网元为接入与移动性管理功能AMF。The method according to claim 15, wherein the second network element is an access and mobility management function AMF.
  21. 一种信息处理装置,其中,包括:An information processing device, comprising:
    第一发送模块,被配置为向第一网元发送第一信息,其中,所述第一信息包括第一标识的第一哈希信息;所述第一哈希信息用于所述第一网元确定与所述第一标识对应的密钥信息;所述第一标识为所述第一UE的标识。The first sending module is configured to send first information to the first network element, wherein the first information includes first hash information of a first identifier; the first hash information is used by the first network element to determine key information corresponding to the first identifier; the first identifier is the identifier of the first UE.
  22. 一种信息处理装置,其中,包括:An information processing device, comprising:
    第二发送模块,被配置为向第一网元发送第二信息,其中,第二信息包括:至少一个第二标识的第二哈希信息,以及与所述第二哈希信息对应的密钥信息;所述第二信息用于所述第一网元确定与第一标识对应的所述密钥信息;所述第一标识为第一用户设备UE的标识,所述第二标识为第二UE的标识。The second sending module is configured to send second information to the first network element, wherein the second information includes: second hash information of at least one second identifier, and key information corresponding to the second hash information; the second information is used by the first network element to determine the key information corresponding to the first identifier; the first identifier is the identifier of the first user equipment UE, and the second identifier is the identifier of the second UE.
  23. 一种信息处理装置,其中,包括:An information processing device, comprising:
    获取模块,被配置为获取第一信息以及获取第二信息;其中,所述第一信息包括第一标识的第一哈希信息;所述第二信息包括第二标识的第二哈希信息及与所述第二哈希信息对应的密钥信息;所述第一标识为第一用户设备UE的标识;所述第二标识为第二UE的标识;An acquisition module is configured to acquire first information and acquire second information; wherein the first information includes first hash information of a first identifier; the second information includes second hash information of a second identifier and key information corresponding to the second hash information; the first identifier is an identifier of a first user equipment UE; and the second identifier is an identifier of a second UE;
    第三处理模块,被配置为基于所述第一信息及所述第二信息,确定与所述第一哈希信息匹配的所述第二哈希信息;A third processing module is configured to determine the second hash information matching the first hash information based on the first information and the second information;
    所述第三处理模块,还配置为基于所述第二哈希信息,确定所述第一UE的所述密钥信息。The third processing module is also configured to determine the key information of the first UE based on the second hash information.
  24. 一种信息处理系统,其中,包括:第一用户设备UE、第一网元以及第二网元;其中,An information processing system, comprising: a first user equipment UE, a first network element and a second network element; wherein:
    所述第一UE,被配置为向所述第一网元发送第一信息,其中,所述第一信息包括第一标识的第一哈希信息;所述第一标识为所述第一UE的标识;The first UE is configured to send first information to the first network element, wherein the first information includes first hash information of a first identifier; the first identifier is an identifier of the first UE;
    所述第二网元,被配置为向第一网元发送第二信息,其中,第二信息包括:至少一个第二标识的第二哈希信息,以及与所述第二哈希信息对应的密钥信息;所述第二标识为第二UE的标识;The second network element is configured to send second information to the first network element, wherein the second information includes: second hash information of at least one second identifier, and key information corresponding to the second hash information; the second identifier is an identifier of a second UE;
    所述第一网元,被配置为基于所述第一信息及所述第二信息,确定与所述第一哈希信息匹配的所述第二哈希信息;并基于所述第二哈希信息,确定所述第一UE的所述密钥信息。The first network element is configured to determine the second hash information matching the first hash information based on the first information and the second information; and determine the key information of the first UE based on the second hash information.
  25. 一种通信设备,其中,所述通信设备,包括:收发器、存储器及存储在存储器上并能够由所述处理器运行的可执行程序,其中,所述处理器运行可执行程序时执行如权利要求1至6、或者权利要求7至12、或者权利要求13至20任一项所述的信息处理方法。A communication device, wherein the communication device comprises: a transceiver, a memory, and an executable program stored in the memory and capable of being run by the processor, wherein the processor executes the information processing method as described in any one of claims 1 to 6, or claims 7 to 12, or claims 13 to 20 when running the executable program.
  26. 一种计算机存储介质,其中,所述计算机存储介质存储有计算机可执行程序,所述可执行程序被处理器执行后,能够实现如权利要求1至6、或者权利要求7至12、或者权利要求13至20任一项所述的信息处理方法。 A computer storage medium, wherein the computer storage medium stores a computer executable program, and after the executable program is executed by a processor, it can implement the information processing method according to any one of claims 1 to 6, or claims 7 to 12, or claims 13 to 20.
PCT/CN2023/082585 2023-03-20 2023-03-20 Information processing method and apparatus, communication device, and storage medium WO2024192638A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2023/082585 WO2024192638A1 (en) 2023-03-20 2023-03-20 Information processing method and apparatus, communication device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2023/082585 WO2024192638A1 (en) 2023-03-20 2023-03-20 Information processing method and apparatus, communication device, and storage medium

Publications (1)

Publication Number Publication Date
WO2024192638A1 true WO2024192638A1 (en) 2024-09-26

Family

ID=92840775

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/082585 WO2024192638A1 (en) 2023-03-20 2023-03-20 Information processing method and apparatus, communication device, and storage medium

Country Status (1)

Country Link
WO (1) WO2024192638A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107046735A (en) * 2016-02-05 2017-08-15 中兴通讯股份有限公司 Connection processing method and device between terminal and network
US20200275269A1 (en) * 2017-11-17 2020-08-27 Huawei Technologies Co., Ltd. Secure Communication Method and Secure Communications Apparatus
WO2022172160A1 (en) * 2021-02-11 2022-08-18 Lenovo (Singapore) Pte. Ltd. Network security based on routing information
CN115428495A (en) * 2020-04-06 2022-12-02 联想(新加坡)私人有限公司 Notification in EAP procedures
CN115769618A (en) * 2020-06-15 2023-03-07 联想(新加坡)私人有限公司 Using pseudonyms for access authentication over non-3 GPP access

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107046735A (en) * 2016-02-05 2017-08-15 中兴通讯股份有限公司 Connection processing method and device between terminal and network
US20200275269A1 (en) * 2017-11-17 2020-08-27 Huawei Technologies Co., Ltd. Secure Communication Method and Secure Communications Apparatus
CN115428495A (en) * 2020-04-06 2022-12-02 联想(新加坡)私人有限公司 Notification in EAP procedures
CN115769618A (en) * 2020-06-15 2023-03-07 联想(新加坡)私人有限公司 Using pseudonyms for access authentication over non-3 GPP access
WO2022172160A1 (en) * 2021-02-11 2022-08-18 Lenovo (Singapore) Pte. Ltd. Network security based on routing information

Similar Documents

Publication Publication Date Title
WO2024197490A1 (en) Information processing method, system and apparatus, and communication device and storage medium
WO2024164337A1 (en) Location service authorization method and apparatus, and communication device and storage medium
WO2024021142A1 (en) Application program interface (api) authentication method and apparatus, and communication device and storage medium
WO2024192638A1 (en) Information processing method and apparatus, communication device, and storage medium
WO2022222005A1 (en) Communication device detection method and apparatus, communication device, and storage medium
WO2024138444A1 (en) Information processing methods, apparatus, communication device and storage medium
WO2024212079A1 (en) Information processing method and apparatus, and communication device and storage medium
WO2024092573A1 (en) Information processing method and apparatus, communication device and storage medium
WO2024092735A1 (en) Communication control method, system and apparatus, and communication device and storage medium
WO2024164333A1 (en) Key distribution method and apparatus, communication device, and storage medium
WO2024092800A1 (en) Information transmission method and apparatus, communication device, and storage medium
WO2024197756A1 (en) Information processing methods and apparatuses, communication device, and storage medium
WO2024145948A1 (en) Authorization methods and apparatuses, communication device, and storage medium
WO2024092801A1 (en) Authentication methods and apparatuses, communication device and storage medium
WO2024031399A1 (en) Method and apparatus for ue to join pin, and communication device and storage medium
WO2024164345A1 (en) Information processing method, system and apparatus, communication device and storage medium
WO2024212254A1 (en) Information processing method and apparatus, and communication device and storage medium
WO2024031549A1 (en) Information processing method and apparatus, and communication device and storage medium
WO2024207347A1 (en) Information transmission method, apparatus and storage medium
WO2023142090A1 (en) Information transmission method and apparatus, and communication device and storage medium
WO2024031392A1 (en) Personal iot network information updating method and apparatus, communication device and storage medium
WO2023230924A1 (en) Authentication method, apparatus, communication device, and storage medium
WO2023142089A1 (en) Information transmission method and apparatus, communication device, and storage medium
WO2024000115A1 (en) Ims session method and apparatus, and communication device and storage medium
WO2024031390A1 (en) Personal iot network information updating method and apparatus, communication device and storage medium