CN119450473A

CN119450473A - Session establishment method and related device

Info

Publication number: CN119450473A
Application number: CN202310968481.4A
Authority: CN
Inventors: 刘文峰; 崔洋; 郭燕飞; 吴义壮; 郭涛
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2023-07-31
Filing date: 2023-07-31
Publication date: 2025-02-14
Also published as: WO2025026232A1

Abstract

The present application provides a session establishment method and related devices, in which an application function network element can receive a connection establishment request message from a terminal device, the connection establishment request message is used to request the establishment of an end-to-end secure connection, wherein the ciphertext is obtained by the application's identity authentication and key management anchor function network element using the public key PK _AF of the application function network element to encrypt the terminal device's identification and the key K _CONN used when establishing the end-to-end secure connection; the application function network element can use its own private key SK _AF to decrypt the ciphertext to obtain the key K _CONN ; and send a connection establishment response message to the terminal device. It can be seen that the connection establishment request message sent by the terminal can carry the key K _CONN used when establishing the end-to-end secure connection, and there is no need for the application function network element to interact with the core network to obtain the secure connection key, thereby reducing the complexity of the interaction between the application function network element and the core network.

Description

Session establishment method and related device

Technical Field

The present application relates to the field of communications technologies, and in particular, to a session establishment method and a related device.

Background

In a mobile communication Network, an application layer needs to authenticate a User Equipment (UE), and a UE authenticated by an application provider can access (Network) application functions (AF/NAF) Application Function. In order to secure the communication between the UE and the AF/NAF, the AF/NAF and the UE are typically authenticated based on credentials, such as a session key, that are known only to the communicating parties.

In general bootstrapping architecture (GBA, generic Bootstrapping Architecture) technology and applied Authentication and key management (Authentication AND KEY MANAGEMENT for Applications, AKMA) technology, the AF/NAF needs to interact with the core network to obtain the security connection key between the UE and the AF/NAF when the UE establishes a new security connection with the AF/NAF. Therefore, how to reduce the complexity of interaction between the AF and the core network when the UE and the AF establish a secure connection is a problem to be solved.

Disclosure of Invention

The application provides a session establishment method and a related device, which can reduce the complexity of interaction between an AF network element and a core network when a terminal device and an application function network element establish a safety connection for the first time.

In a first aspect, the present application provides a session establishment method, where the method may be applied to an application function network element or a device related to the application function network element, and may also be applied to a device related to performing part or all of the functions of the application function network element. In the method, an application function network element can receive a connection establishment request message from a terminal device, wherein the connection establishment request message is used for requesting to establish an end-to-end secure connection, the connection establishment request message comprises a ciphertext, the ciphertext is obtained by encrypting an identification of the terminal device and a secret key K _CONN used during the establishment of the end-to-end secure connection by using a public key PK _AF of the application function network element by using an application function network element, decrypting the ciphertext by using a private key SK _AF of the application function network element to obtain a secret key K _CONN, and sending a connection establishment response message to the terminal device.

In the application, the key K _CONN used in the establishment of the end-to-end secure connection can be carried in the connection establishment request message sent by the terminal equipment, and when the terminal equipment and the application function network element establish the secure connection, interaction between the application function network element and the core network is not needed to obtain the secure connection key, thereby reducing the complexity of interaction between the application function network element and the core network.

In an optional implementation manner, the connection establishment request message further includes signature content, the signature content is obtained by the application authentication and key management anchor function network element performing digital signature on the ciphertext by using a private key SK _AAnF, and correspondingly, the session establishment method further includes the steps that the application function network element performs authentication on the signature content by using the application authentication and key management anchor function network element public key PK _AAnF, and if the signature content passes authentication, the step of performing decryption on the ciphertext by using the private key SK _AF of the application function network element to obtain the key K _CONN.

Optionally, if the signature content is not verified, a connection establishment response message may be sent in advance, where the connection establishment response message may be used to inform the terminal device that the connection establishment fails, or inform the terminal device that the connection establishment fails, and information such as a failure reason. Correspondingly, if the application function network element decrypts the ciphertext by using the private key SK _AF, if the decryption fails, a connection establishment response message can be sent to the terminal equipment to inform the terminal equipment that the connection establishment fails, or information such as connection establishment failure and failure reason.

Optionally, the public key PK _AAnF of the authentication and key management anchor function network element of the application is pre-stored.

In an alternative embodiment, the connection establishment request message further includes one or more of a public key identifier for identifying the public key PK _AF, a public key identifier for identifying the public key PK _AAnF, and a timestamp for the terminal device to initiate the end-to-end secure connection establishment. It can be seen that this embodiment may enable the method to be applied in the context of multi-application functional network elements and/or multi-application authentication and key management anchor functional network elements.

In an optional implementation manner, the connection establishment request message further comprises a message verification code, the message verification code is obtained by calculating the ciphertext by using a shared key K _EE through the applied authentication and key management anchor function network element, and correspondingly, the method further comprises the steps of checking the message verification code by using the shared key K _EE, and if the message verification code passes, executing the step of decrypting the ciphertext by using the private key SK _AF of the user to obtain the key K _CONN.

Optionally, if the verification code of the message is not verified, a connection establishment response message may be sent in advance, where the connection establishment response message may be used to inform the terminal device that the connection establishment fails, or information such as connection establishment failure and failure reason. Correspondingly, if the application function network element decrypts the ciphertext by using the private key SK _AF, if the decryption fails, a connection establishment response message can be sent to the terminal equipment to inform the terminal equipment that the connection establishment fails, or information such as connection establishment failure and failure reason.

Optionally, the connection establishment request message further includes one or more of a public key identifier for identifying the public key PK _AF, a shared key identifier for identifying the shared key K _EE, and a timestamp for initiating the end-to-end secure connection establishment by the terminal device. It can be seen that this embodiment may enable the method to be applied in the context of a multi-application functional network element.

In a second aspect, the present application also provides a session establishment method, which may be applied to an authentication and key management anchor function network element of an application or a related device in the authentication and key management anchor function network element of the application, or may also be applied to a related device that performs part or all of the functions of the authentication and key management anchor function network element of the application. In the method, an applied identity authentication and key management anchor function network element can create a key K _CONN used when establishing end-to-end secure connection between a terminal device and an application function network element, a public key PK _AF of the application function network element is utilized to encrypt an identifier of the terminal device and a key K _CONN to obtain a ciphertext, and a connection key message is sent to the terminal device, wherein the connection key message comprises the key K _CONN and the ciphertext.

Therefore, in the application, the applied authentication and key management anchor function network element can be created and sent to the terminal equipment, and the key K _CONN used when the end-to-end secure connection between the terminal equipment and the application function network element is established is beneficial to the establishment of the secure connection between the terminal equipment and the application function network element, so that the interaction between the application function network element and the core network is not needed to obtain the secure connection key, thereby reducing the complexity of the interaction between the application function network element and the core network.

In an alternative embodiment, the applied authentication and key management anchor function network element may also digitally sign the ciphertext with its own private key SK _AAnF to obtain the signed content. Correspondingly, the connection key message also comprises the signature content. It can be seen that this embodiment is advantageous for enabling a third party, such as an application function network element, to determine the legitimacy of the terminal device based on the signed content.

In another optional implementation manner, the applied authentication and key management anchor function network element may further calculate the ciphertext by using the shared key K _EE to obtain a message authentication code, where the connection key message further includes the message authentication code. It can be seen that this embodiment is advantageous for enabling a third party, such as an application function network element, to determine the legitimacy of the terminal device from the message authentication code.

In an alternative embodiment, before the authentication and key management anchor function network element of the application creates the key K _CONN used when the end-to-end secure connection between the terminal device and the application function network element is established, the method further comprises that the authentication and key management anchor function network element of the application receives a connection key request message from the terminal device, the connection key request message being used to request the key K _CONN. It can be seen that in this embodiment, the authentication and key management anchor function network element of the application may create a key K _CONN for use in establishing an end-to-end secure connection between the terminal device and the application function network element in response to a connection key request message from the terminal device.

In an alternative embodiment, the applied authentication and key management anchor function network element checks whether the terminal device has the right to use the end-to-end security protection service, and if the terminal device has the right to use the end-to-end security protection service, the step of creating the key K _CONN used when the end-to-end security connection between the terminal device and the application function network element is established is performed.

In an alternative embodiment, the applied authentication and key management anchor function network element checks whether the terminal device has the authority to use the end-to-end security protection service, and the method comprises the steps of sending a query request message to the unified data management network element, wherein the query request message is used for requesting whether the terminal device has the authority to use the end-to-end security protection service, and receiving a query response message from the unified data management network element, wherein the query response message is used for indicating whether the terminal device has the authority to use the end-to-end security protection service.

In an alternative embodiment, the connection key request message includes an identifier of the application function network element and an identifier of the terminal device, and the connection key message includes a public key identifier of a public key PK _AF for identifying the application function network element. It can be seen that this embodiment uses the public key identification of the public key PK _AF of the application function network element to distinguish the public keys PK _AF of different application function network elements, so that the method can be applied to the scenario of the multi-application function network element.

In an alternative embodiment, for the authentication and key management anchor function network element of the application, the private key SK _AAnF of the network element is used to digitally sign the ciphertext to obtain the signature content, and the connection key message further includes a public key identifier for identifying the public key PK _AAnF of the network element. It can be seen that this embodiment can be identified by the public key of the public key PK _AAnF of the authentication and key management anchor function network element of an application, and distinguish the public keys PK _AAnF of the authentication and key management anchor function network element of different applications, so that the method can be applied to the scenario of the authentication and key management anchor function network element of multiple applications.

In another alternative embodiment, for the authentication and key management anchor function network element of the application, the ciphertext is calculated by using the shared key K _EE to obtain the message authentication code, and the connection key message further includes a shared key identifier for identifying the shared key K _EE. It can be seen that this embodiment can be identified by a shared key that identifies shared key K _EE, distinguishing between different shared keys K _EE.

In an alternative embodiment, the public key PK _AF of the application-function network element is pre-stored. That is, the identity verification and key management anchor function network element of the application encrypts the identity of the terminal device and the key K _CONN, and the public key PK _AF of the application function network element used is pre-stored.

In a third aspect, the present application further provides a session establishment method, where the method may be applied to a terminal device or a device related to the terminal device, such as a chip or a chip module, and the present application is described by taking the terminal device as an example. In the method, the terminal equipment can send a connection establishment request message to the application function network element, wherein the connection establishment request message is used for requesting to establish an end-to-end secure connection with the application function network element, the connection establishment request message comprises a ciphertext, the ciphertext is obtained by encrypting an identification of the terminal equipment and a key K _CONN used during end-to-end secure connection establishment by the application function network element by using a public key PK _AF of the application function network element, and the connection establishment response message from the application function network element is received.

In the application, the key K _CONN used when the end-to-end secure connection between the terminal equipment and the application function network element is established is carried in the connection establishment request message sent by the terminal equipment, and interaction between the application function network element and the core network is not needed to obtain the secure connection key, thereby reducing the complexity of interaction between the application function network element and the core network.

In an alternative embodiment, the connection establishment request message further includes signature content, where the signature content is obtained by the application's authentication and key management anchor function network element digitally signing the ciphertext with the private key SK _AAnF. The embodiment can enable the application function network element to determine the validity of the terminal equipment according to the signature content.

In another alternative embodiment, the connection establishment request message further includes a message authentication code, where the message authentication code is obtained by calculating the ciphertext by using the shared key K _EE by the network element of the authentication and key management anchor function of the application. It can be seen that this embodiment may enable the application function network element to determine the validity of the terminal device according to the message authentication code.

In an alternative embodiment, before the terminal device sends the connection establishment request message to the application function network element, the method further comprises sending a connection key request message to the application authentication and key management anchor function network element, the connection key request message being used for requesting the key K _CONN, and further, the terminal device receives the connection key message from the application authentication and key management anchor function network element, the connection key message comprising the key K _CONN and the ciphertext. Optionally, the connection key message may also include signed content or a message authentication code.

In an alternative embodiment, the connection key request message includes an identifier of the application function network element and an identifier of the terminal device, and correspondingly, the connection key message and the connection establishment request message further include a public key identifier for identifying the public key PK _AF. It can be seen that this embodiment uses the public key identification of the public key PK _AF of the application function network element to distinguish the public keys PK _AF of different application function network elements, so that the method can be applied to the scenario of the multi-application function network element.

In an alternative embodiment, for the authentication and key management anchor function network element of the application, the private key SK _AAnF of the network element is used to digitally sign the ciphertext, so as to obtain the signature content, and the connection key message and the connection establishment request message further include a public key identifier of the public key PK _AAnF for identifying the authentication and key management anchor function network element of the application. It can be seen that this embodiment can be identified by the public key of the public key PK _AAnF of the authentication and key management anchor function network element of an application, and distinguish the public keys PK _AAnF of the authentication and key management anchor function network element of different applications, so that the method can be applied to the scenario of the authentication and key management anchor function network element of multiple applications.

In another alternative embodiment, for the authentication and key management anchor function network element of the application, the ciphertext is calculated by using the shared key K _EE, and the connection key message and the connection establishment request message further include a shared key identifier for identifying the shared key K _EE in a manner of obtaining the message authentication code. It can be seen that this embodiment can be identified by a shared key that identifies shared key K _EE, distinguishing between different shared keys K _EE.

In an alternative embodiment, the connection establishment request message further includes a timestamp that the terminal device initiates the end-to-end secure connection establishment.

In an alternative embodiment, the ciphertext is obtained by encrypting the identity of the terminal device and the key K _CONN, respectively. In another alternative embodiment, the ciphertext is encrypted after the identifier of the terminal device and the key K _CONN are combined into a binary group.

In a fourth aspect, the present application also provides a session establishment method, where the method is described from the perspective of interaction between an application function network element, a terminal device, and an application authentication and key management anchor function network element. In the method, a terminal device sends a connection establishment request message to an application function network element, wherein the connection establishment request message is used for requesting to establish an end-to-end secure connection with the application function network element, the connection establishment request message comprises a ciphertext, the ciphertext is obtained by using an identification of an application function network element and a secret key K _CONN used during end-to-end secure connection establishment by a key management anchor function network element through public key PK _AF of the application function network element, the application function network element can receive the connection establishment request message and decrypt the ciphertext through private key SK _AF of the application function network element to obtain a secret key K _CONN, and further the application function network element can send a connection establishment response message to the terminal device, and correspondingly, the terminal device can receive the connection establishment response message.

In an alternative implementation manner, before the terminal device sends the connection establishment request message to the application function network element, the method further comprises the steps that the application identity authentication and key management anchor function network element creates a key K _CONN used when the end-to-end secure connection between the terminal device and the application function network element is established, the public key PK _AF of the application function network element is used for encrypting the identification of the terminal device and the key K _CONN to obtain a ciphertext, and a connection key message is sent to the terminal device, wherein the connection key message comprises the key K _CONN and the ciphertext. In this embodiment, the connection key message sent by the application authentication and key management anchor function network element to the terminal device may include the key K _CONN and the ciphertext thereof used when the end-to-end secure connection between the terminal device and the application function network element is established, so that the connection establishment request message sent by the terminal device may carry the ciphertext of the key K _CONN, and interaction between the application function network element and the core network is not required to obtain the secure connection key.

In an alternative implementation manner, the applied authentication and key management anchor function network element can digitally sign the ciphertext by using its own private key SK _AAnF to obtain signature content, the corresponding connection key message also includes the signature content, the connection establishment request message sent by the terminal device also includes the signature content, further, the applied function network element can verify the signature content by using the applied authentication and key management anchor function network element's public key PK _AAnF, if the signature content verification is passed, the applied function network element executes the step of decrypting the ciphertext by using its own private key SK _AF to obtain a key K _CONN. It can be seen that this embodiment may enable the application function network element to determine the validity of the terminal device according to the signature content.

In an alternative embodiment, the public key PK _AAnF of the authentication and key management anchor function network element applied in the application function network element is pre-stored. In an alternative embodiment, the public key PK _AF of the application function network element of the application authentication and key management anchor function network element is pre-stored.

In an alternative implementation manner, the applied authentication and key management anchor functional network element can calculate the ciphertext by using the shared key K _EE to obtain a message verification code, the connection key message also includes the message verification code, and correspondingly, the connection key message also includes the message verification code, and the connection establishment request message sent by the terminal device also includes the message verification code, so that the application functional network element can check the message verification code by using the shared key K _EE, and if the message verification code passes, the step of decrypting the ciphertext by using the private key SK _AF of the application functional network element to obtain the key K _CONN is executed. It can be seen that this embodiment may enable the application function network element to determine the validity of the terminal device according to the message authentication code.

In an alternative embodiment, the terminal device may send a connection key request message to the authentication and key management anchor function network element of the application, where the connection key request message is used to request the key K _CONN, and the authentication and key management anchor function network element of the application receives the connection key request message from the terminal device, and further, the authentication and key management anchor function network element of the application executes the key K _CONN used when establishing the end-to-end secure connection between the terminal device and the application function network element.

In an alternative embodiment, the public key identification of the public key PK _AAnF used for identifying the authentication and key management anchor function network element of the application is also included in the connection key message and the connection establishment request message, and it can be seen that the embodiment can distinguish the public key PK _AAnF of the authentication and key management anchor function network element of different applications by the public key identification of the public key PK _AAnF of the authentication and key management anchor function network element of the application, so that the method can be applied to the scenes of the authentication and key management anchor function network element of multiple applications. Or in an alternative embodiment, the connection key message and the connection establishment request message further include a shared key identifier for identifying the shared key K _EE. It can be seen that this embodiment can be identified by a shared key that identifies shared key K _EE, distinguishing between different shared keys K _EE.

In an alternative embodiment, the connection establishment request message further includes a timestamp of the end-to-end secure connection establishment initiated by the terminal device.

In an alternative implementation manner, after receiving the connection key request message from the terminal device, the applied authentication and key management anchor function network element can also check whether the terminal device has the authority to use the end-to-end security protection service, and if the terminal device has the authority to use the end-to-end security protection service, the step of creating the key K _CONN used when the end-to-end security connection between the terminal device and the application function network element is established is executed.

Optionally, the public key PK _AF of the application function network element in the application authentication and key management anchor function network element is pre-stored, and the public key PK _AAnF of the application authentication and key management anchor function network element in the application function network element is pre-stored.

In a fifth aspect, the present application also provides a communication device which may comprise a processor and interface circuitry for receiving signals from or transmitting signals to other communication devices than the communication device, the processor being operable to implement a method as shown in any one of the first to third aspects or any one of the possible implementations thereof by logic circuitry or executing code instructions.

In a sixth aspect, the present application provides a computer readable storage medium having instructions stored therein which, when executed by a communication device, implement a method as shown in any one of the first to third aspects or any one of its possible implementation manners.

In a seventh aspect, the present application provides a computer program product comprising computer instructions which, when read and executed by a computer, cause the computer to perform the method as shown in any one of the first to third aspects or any one of its possible implementations.

In an eighth aspect, the present application provides a communication system comprising at least one communication device for performing the method according to the first aspect, at least one communication device for performing the method according to the second aspect, and at least one communication device for performing the method according to the third aspect.

In a ninth aspect, the present application provides a circuit coupled to a memory, the circuit being adapted to perform a method as shown in any one of the first to third aspects or any one of its possible implementations. Alternatively, the circuitry may comprise chip circuitry.

In a tenth aspect, the present application provides an apparatus comprising means or units for implementing a method as shown in any one of the first to third aspects or any one of its possible embodiments.

Drawings

FIG. 1 is a schematic diagram of a AKMA architecture according to an example embodiment of the present application;

fig. 2 is a simplified architecture diagram of a GBA according to an embodiment of the present application;

Fig. 3 is a flow chart of a session establishment method according to an embodiment of the present application;

fig. 4 is a flow chart of another session establishment method according to an embodiment of the present application;

fig. 5 is a flow chart of another session establishment method according to an embodiment of the present application;

fig. 6 is a schematic structural diagram of a communication device according to an embodiment of the present application;

Fig. 7 is a schematic structural diagram of a communication device according to an embodiment of the present application.

Detailed Description

In the description of the embodiment of the present application, "/" means or, for example, a/B may mean a or B, and "and/or" in the text is merely an association relationship describing an association object, means that three relationships may exist, for example, a and/or B, three cases where a exists alone, a and B exist together, and B exists alone, and further, in the description of the embodiment of the present application, "a plurality" means two or more.

The terms "first," "second," and the like, are used below for descriptive purposes only and are not to be construed as implying or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature, and in the description of embodiments of the application, unless otherwise indicated, the meaning of "a plurality" is two or more.

The application introduces a session establishment method, in the session establishment method, a key K _CONN can be carried in a connection establishment request message sent by a terminal device, and the key K _CONN can be used when the terminal device and an application function network element establish a secure connection, so that the application function network element does not need to interact with a core network to obtain a secure connection key, thereby reducing the complexity of interaction between the application function network element and the core network.

First, the present application introduces a schematic architecture of Authentication and key management (Authentication AND KEY MANAGEMENT for Applications, AKMA) of an application, as shown in fig. 1, the AKMA architecture introduces AKMA anchor functionality (AKMA Anchor Function, AAnF) into a fifth generation (5th generation,5G) communication system, and AAnF functions to generate and manage session keys provided to application function network elements, the session keys being used to secure communications between terminal devices and application servers. AKMA is an operator service using home network security material, AAnF belongs to the home public land mobile network, maintaining AKMA service context for each User Equipment (UE).

The 5G communication system is divided into an access network and a core network, wherein the access network realizes wireless access related functions through access network equipment, the network functions are based on modularized disassembly, and decoupled Network Functions (NF) can be independently expanded, independently evolved and deployed as required. The service interfaces are adopted among all the NFs of the control surface, the same service can be called by multiple NFs, the coupling degree defined by the interfaces among the NFs is reduced, the on-demand customization of the whole network function is finally realized, and different service scenes and requirements are flexibly supported. The interfaces between NF network elements are the served interfaces, and the interactive messages are the served messages, as shown in fig. 1. Optionally, the architecture may also include a UE.

The UE is equipment with wireless receiving and transmitting functions, can be deployed on land, including indoor or outdoor, handheld, wearable or vehicle-mounted, can be deployed on water surface (such as a ship and the like), and can be deployed in air (such as an airplane, a balloon, a satellite and the like). The UE may be a mobile phone, a tablet (Pad), a computer with wireless transceiving function, a Virtual Reality (VR) terminal device, an augmented reality (augmented reality, AR) terminal device, a wireless terminal in industrial control (industrial control), a vehicle-mounted terminal device, a wireless terminal in unmanned (SELF DRIVING), a wireless terminal in remote medical (remote medical), a wireless terminal in smart grid (SMART GRID), a wireless terminal in transportation security (transportation safety), a wireless terminal in smart city (SMART CITY), a wireless terminal in smart home (smart home), a wearable terminal device, and so on. A UE may also be referred to as a terminal, terminal device, access terminal device, vehicle terminal, industrial control terminal, UE unit, UE station, mobile station, remote terminal device, mobile device, UE agent, UE apparatus, or the like. The UE may also be fixed or mobile.

The access network is used for realizing the function related to access, can provide the network access function for authorized users in a specific area, and can determine transmission tunnels with different qualities according to the level of the users, the service requirements and the like so as to transmit user data. The access network forwards control signals and user data between the terminal device and the core network. The access network may comprise an access network device. For example, in the present application, information interacted between the tag device and the network element of the core network may be forwarded through the access network device.

The access network device may be a device providing access to the UE and may include a radio access network (radio access network, RAN) device and AN device. The (R) AN equipment is mainly responsible for the functions of radio resource management, quality of service (quality of service, qoS) management, data compression, encryption and the like on the air interface side. The RAN equipment may include various forms of base stations, such as macro base stations, micro base stations (also referred to as small stations), relay stations, access points, balloon stations, and the like. In systems employing different radio access technologies, the names of the devices with base station functionality may vary, for example, in long term evolution (long term evolution, LTE) systems, fifth generation (5th generation,5G), sixth generation (6th generation,6G) and even seventh generation (7th generation,7G) systems, the network devices may be referred to as RAN or next generation base station (next-generation Node basestation, gNB), evolved NodeB (eNB or eNodeB), network device controller (base station controller, BSC), network device transceiver station (base transceiver station, BTS), home network device (home evolved Node B, or home Node B, HNB), baseband unit (BBU), access point (access point, AP) in wireless fidelity (WIRELESS FIDELITY, WIFI) systems, wireless relay Node, wireless backhaul Node, transceiver Node (transmission and reception point, TRP), transmission point (transmission point, TP) etc., or one or a set of network devices in 5G systems (including multiple antenna panels) may also be configured as a base band unit (pdu) or a distributed network unit (e.g. a distributed network unit in a network system, such as a mobile Node V, a mobile unit, or a distributed network unit (34v, a mobile unit, or a distributed unit in a system, such as a mobile unit, a network unit, a mobile unit, a network system, or a mobile unit, 76).

In some deployments, the gNB or transmission point may include a centralized unit (centralized unit, CU), DU, and the like. The gNB or transmission point may also include a Radio Unit (RU). The CU implements part of the functions of the gNB or the transmission point, the DU implements part of the functions of the gNB or the transmission point, for example, the CU implements the functions of a radio resource control (radio resource control, RRC), a packet data convergence layer protocol (PACKET DATA convergence protocol, PDCP) layer, and the DU implements the functions of a radio link control (radio link control, RLC), a medium access control (MEDIA ACCESS control, MAC), and a Physical (PHY) layer. Since the information of the RRC layer is eventually changed into or converted from the information of the physical layer, under this architecture, higher layer signaling, such as RRC layer signaling or PDCP layer signaling, may also be considered to be transmitted by the DU or by the du+ru. It is understood that the network device may be a CU node, or a DU node, or a device comprising a CU node and a DU node. Alternatively, the network device may be an auxiliary communication device, such as a satellite.

The core network is responsible for maintaining subscription data of the mobile network and providing session management, mobility management, policy management, security authentication and other functions for the terminal equipment. As shown in fig. 1, the core network may comprise authentication service function (authentication server function, AUSF) network elements, access and mobility management function (ACCESS AND mobility management function, AMF) network elements, unified data management (unified DATA MANAGEMENT, UDM) network elements, and application function (application function, AF) network elements.

AUSF network element for performing security authentication of the UE. NSSF network elements for selecting network slices for the UE. The NEF network element is mainly used for supporting the opening of the capability and the event. The AMF network element is mainly responsible for mobility management in the mobile network, such as user location update, user registration network, user handover, etc. UDM network elements for storing subscriber data, such as subscription data, authentication/authorization data, etc. An AF network element or application server (NAF, network Application Function) mainly supports interactions with the 3GPP core network to provide services, e.g. influencing data routing decisions, policy control functions or providing some services of third parties to the network side.

In addition, as shown in fig. 1, the UE and the AMF network element can interact through AN N1 interface, and interactions between other network function network elements are similar, for example, interactions between the AN and the AMF network element can interact through AN N2 interface, and interactions between all NF network elements of the control plane can be performed by adopting a service interface. Interaction between the UDM network element and AUSF network elements may be performed via a servitization interface N13. Interaction between the AF network element and AAnf network elements may be performed through a servitization interface N62. Interaction between AUSF network elements and AMF network elements may be performed via a servitization interface N12. Interaction between AAnf and AUSF network elements may be performed via a servitization interface N61.

Reference point transmission application protocol, similar to the reference point defined by generic bootstrapping architecture (GBA, generic Bootstrapping Architecture), supports interactions between UE and AF during AKMA and is then protected by AKMA application keys according to the specific application protocol on Ua. GBA defined Ua reference point, represents an application protocol protected with support of a bootstrapping server function (Bootstrapping Server Function, BSF) using key material agreed between the UE and the AF network element, where the key material is a parameter for creating a key.

In a mobile communication system, authentication and key agreement uses an AKA protocol, which is an authentication and key agreement procedure defined by the third generation partnership project (3 GPP), which implements access authentication and session key agreement of the mobile communication system by using a symmetric key shared by an operator network and a (global) subscriber identity card ((U) SIM) Subscriber Identity Module. After the UE successfully runs the AKA protocol, after successfully accessing the operator network (also referred to as successful implementation of primary authentication between the UE and the 3GPP network element), the UE shares security keys with the operator, and these shared keys are further used to establish a secure communication channel between the UE and the application server.

In Authentication AND KEY MANAGEMENT for Applications (AKMA) and GBA technologies, the AF/NAF needs to interact with the core network to obtain the secure connection key between the UE and the AF/NAF when the UE establishes a new secure connection with the AF/NAF.

For example, in the AKMA architecture shown in fig. 1, the process of the UE establishing a connection with an AF network element may include (1) the UE generating AKMA anchor keys K _AKMA and AKMA anchor key identification a-KID using key K _AUSF of AUSF network element before initiating communication with the AF network element, (2) the AF network element selecting AAnF network element with a-KID and sending AKMA application key acquisition request (Naanf _ AKMA _ ApplicationKey _get) to the AAnF network element when the UE initiates communication with the AF network element, (3) the UE sending a session establishment request message to the AF network element including derived a-KID if AAnF network element has not had derived a-KID, the UE deriving a secure connection key K _AF before or after sending the session establishment request message, (2) the AF network element selecting AAnF network element with a-KID and sending AKMA application key acquisition request (Naanf _ AKMA _ ApplicationKey _get) to the AAnF network element, (3) the AF network element deriving AKMA from K _AKMA if AAnF network element has not had K82348, (Naanf) the AF network element sending a-g3932_g3932_g2_g2 response to the UE, wherein the AF network element has a 3932_g3932_g3932 response. If the information in the Naanf _ AKMA _ ApplicationKey _get response in step (4) indicates AKMA that the key request failed, the AF network element in step (5) may reject the application session establishment of the UE by the application session establishment response including the failure reason.

For example, as shown in fig. 2, fig. 2 is a simplified architecture diagram of a GBA, where the BSF is defined as a separate network element for verifying the UE, maintaining the security context, and deriving keys for subsequent use by the UE. In the GBA implementation procedure, authentication between the UE and the BSF is achieved by performing a separate AKA procedure, which allows the UE to access the operator network, different from the procedure of the primary authentication. GBA can be independently accessed (independent of primary authentication), which means that cellular connectivity may not be required, and GBA can also operate in the context of wireless network communication technology (WiFi) access and wired access. In the architecture diagram, the Ub reference point between the UE and the BSF is based on the HTTP protocol to support the bootstrapping procedure, and the Ua reference point between the UE and the AF network element or the NAF represents the application protocol protected with BSF support using key material agreed between the UE and the AF network element or the NAF. A Zh reference point between the BSF and the home subscriber server (Home Subscriber Server, HSS) is used to access authentication vectors and subscription credentials for the bootstrapping procedure. A Zn reference point between the BSF and the AF network element or NAF is used for the AF network element or NAF to request key material from the BSF to ensure communication between the UE and the NAF.

For the GBA architecture shown in fig. 2, the procedure of establishing a connection between the UE and the AF network element may include (1) the UE communicating with the NAF through the reference point Ua, the communication request carrying the UE identification B-TID, (2) the NAF communicating with the BSF through the reference point Zn, the communication request carrying the AF network element identification NAF-ID and the UE identification B-TID, (3) the BSF deriving a key required for protecting a protocol used at the reference point Ua from the key Ks and the key derivation parameters, and providing the requested key ks_naf to the NAF, and the bootstrapping time and lifetime of the key ks_naf, in addition, if the key identified by the UE identification B-TID provided by the NAF is not available at the BSF, the BSF may indicate this in a reply to the NAF, and further, the NAF may indicate a renegotiation request to the UE, (4) the NAF replies to the UE, at which time the UE and the AF network element are complete the establishment of the secure connection. It can be seen that when the UE establishes a secure connection with the AF/NAF, the NAF needs to interact with the core network to obtain the secure connection key ks_naf between the UE and the AF network element.

It should be noted that, the foregoing only exemplifies a 5G communication system to which the session establishment method provided by the embodiment of the present application is applicable, and the session establishment method provided by the embodiment of the present application may also be applicable to future communication systems such as a 4G communication system, a sixth generation (6th generation,6G) system, and even a seventh generation (7th generation,7G) system, where functions of a core network control plane network element and a core network user plane network element in the 4G communication system are similar to those in the 5G communication system, and the present application is not specifically exemplified herein. The network architecture and the service scenario described in the embodiments of the present application are for more clearly describing the technical solution of the embodiments of the present application, and do not constitute a limitation on the technical solution provided by the embodiments of the present application, and those skilled in the art can know that, with the evolution of the communication network architecture and the appearance of the new service scenario, the technical solution provided by the embodiments of the present application is applicable to similar technical problems.

The session establishment method is described below with reference to the accompanying drawings, respectively.

Referring to fig. 3, fig. 3 is a flow chart of a session establishment method according to an embodiment of the present application, where the method is illustrated from the perspective of interaction of a UE, an AAnF network element, and an AF network element, and some or all of the steps performed by the AAnF network element may be performed by other network elements of the core network, and fig. 3 is illustrated by AAnF network element. As shown in fig. 3, the method may include, but is not limited to, the following steps:

S101, AAnF network element creates a key K _CONN, AAnF used when the end-to-end secure connection between the UE and the AF network element is established, and the network element encrypts the UE identifier and the key K _CONN by using the public key PK _AF of the AF network element to obtain a ciphertext.

Optionally, public key PK _AF of AF network elements in AAnF network elements is pre-stored. Optionally, in the encryption process, the AAnF network element may encrypt the key K _CONN and the UE identifier separately to obtain corresponding ciphertexts, or the AAnF network element may combine the key K _CONN and the UE identifier into a binary group, for example, the UE identifier is ue_id, and then the binary group may be (K _CONN, ue_id), and then the AAnF network element encrypts the binary group to obtain the ciphertexts.

In an alternative embodiment, the method further comprises the step that the UE can send a connection key request message to AAnF network elements, wherein the connection key request message is used for requesting a key K _CONN, and correspondingly, the AAnF network elements receive the connection key request message from the terminal equipment and execute the step of creating a key K _CONN used when establishing an end-to-end secure connection between the UE and the AF network elements. Alternatively, the UE may send a connection key request message to the AAnF network element via the AMF network element and the AUSF network element. Alternatively, the connection key message sent by the AAnF network element to the UE may be referred to as a connection key response message. In an alternative implementation mode, after AAnF network element receives the connection key request message from the UE, the method further includes AAnF that the network element can check whether the UE has authority to use the end-to-end security protection service, and if the UE has authority to use the end-to-end security protection service, executing the step of creating the key K _CONN used when the end-to-end security connection between the UE and the AF network element is established. Optionally, AAnF the network element checks whether the UE has permission to use the end-to-end security protection service, including AAnF the network element sending a query request message to the UDM network element, the query request message being for requesting (or querying) whether the UE has permission to use the end-to-end security protection service, AAnF the network element receiving a query response message from the UDM network element, the query response message being for indicating whether the UE has permission to use the end-to-end security protection service.

S102, AAnF network elements send connection key information to the UE, wherein the connection key information comprises a key K _CONN and the ciphertext, and correspondingly, the UE receives the connection key information.

S103, the UE sends a connection establishment request message to the AF network element, wherein the connection establishment request message is used for requesting to establish the end-to-end secure connection with the AF network element, the connection establishment request message comprises a ciphertext, the ciphertext is obtained by encrypting the identification of the UE and a key K _CONN used during the establishment of the end-to-end secure connection by the AAnF network element by utilizing a public key PK _AF of the AF network element, and the AF network element can correspondingly receive the connection establishment request message.

The AAnF network element encrypts the identifier of the UE, so that an attacker can be prevented from intercepting a connection establishment request message and then identifying the identity of the UE initiating connection, and confidentiality of data or information in a transmission process is protected. Optionally, the connection establishment request message sent by the UE to the AF network element further includes a timestamp of the UE initiating end-to-end secure connection establishment.

S104, the AF network element decrypts the ciphertext by using the private key SK _AF of the AF network element to obtain a key K _CONN.

S105, the AF network element may send a connection establishment response message to the UE, and correspondingly, the UE may receive the connection establishment response message.

Optionally, if the AF network element cannot decrypt the ciphertext to obtain the key K _CONN, the UE may be informed of connection establishment failure, or information such as connection establishment failure and failure reason through a connection establishment response message. Optionally, the UE may initiate the connection establishment request message again.

In the session establishment method shown in fig. 3, the key K _CONN used when the end-to-end secure connection is established can be carried in the connection establishment request message sent by the UE, and when the UE and the AF network element initially establish the secure connection, or when the key K _CONN on the UE side fails or is updated, interaction between the AF network element and the core network is not needed to obtain the secure connection key K _CONN, so that the complexity of interaction between the AF network element and the core network is reduced.

Alternative embodiments of the session establishment method are set forth below.

In an optional implementation mode, the method further comprises the step that AAnF network elements digitally sign the ciphertext by using a private key SK _AAnF of the network elements to obtain signature content, and correspondingly, the signature content is further included in a connection key message sent to the UE by the AAnF network elements. In this way, the connection establishment request message sent by the UE to the AF network element also comprises the signature content, the AF network element verifies the signature content by utilizing the public key PK _AAnF of the AAnF network element, and if the signature content passes the verification, the step of decrypting the ciphertext by utilizing the private key SK _AF of the AF network element is executed. It can be seen that this embodiment enables the AF network element to determine the legitimacy of the UE from the signature content, that is, the signature content verifies, indicating that the core network considers the UE to be a legitimate UE, and that the UE has permission to use the end-to-end secure connection establishment service between the UE and the AF network element.

Optionally, the AF network element verifies the signature content by using the public key PK _AAnF of the AAnF network element, and if the signature content verification is not passed, the AF network element may send a connection establishment response message in advance, where the connection establishment response message may be used to inform the UE that the connection establishment fails, or inform the UE that the connection establishment fails, and information such as a failure reason. Optionally, public key PK _AAnF of AAnF network elements used by the AF network elements is pre-stored. Alternatively, if AAnF network element encrypts the key K _CONN and the UE identity separately, then AAnF network element digitally signs the ciphertext using its own private key SK _AAnF, which may be a separate signature of the respective ciphertext. If AAnF network element encrypts the binary group, AAnF network element uses its own private key SK _AAnF to digitally sign the ciphertext, which may be the ciphertext after the binary group is encrypted.

In another optional implementation mode, the method further comprises the step that AAnF network elements can calculate the ciphertext by using the shared key K _EE to obtain a message verification code, and correspondingly, the message verification code is further included in a connection key message sent to the UE by the AAnF network elements. In this way, the connection establishment request message sent by the UE to the AF network element also includes the message authentication code, and further, the AF network element may check the message authentication code by using the shared key K _EE, and if the message authentication code passes, execute the step of decrypting the ciphertext by using the private key SK _AF of the UE to obtain the key K _CONN. It can be seen that this embodiment may enable the application function network element to determine the validity of the terminal device according to the message authentication code. That is, the message authentication code is verified to be passed, indicating that the core network considers the UE as a legitimate UE, and that the UE has authority to use the end-to-end secure connection establishment service between the UE and the AF network element.

Optionally, the AF network element checks the message authentication code by using the shared key K _EE, and if the message authentication code is not verified, the AF network element may send a connection establishment response message in advance, where the connection establishment response message may be used to inform the UE of the connection establishment failure, or inform the UE of the connection establishment failure, and information such as a failure reason. Optionally, the shared key K _EE used by the AF network element is pre-stored. Alternatively, if AAnF network element encrypts the key K _CONN and the UE identity separately, then AAnF network element calculates the ciphertext using the shared key K _EE, and the process of obtaining the message authentication code may be to calculate the message authentication code separately. If AAnF network element encrypts the two-tuple, AAnF network element calculates ciphertext by using shared key K _EE to obtain the message authentication code, which may be the process of calculating the message authentication code together with the encrypted ciphertext.

Optionally, the connection key request message sent by the UE to the AAnF network element includes or carries an identifier of the AF network element, such as an af_id, and an identifier of the UE. Thus, after receiving the connection key request message, the AAnF network element may use the identifier of the AF network element, such as af_id, to search the public key PK _AF of the AF network element from the stored keys, so as to execute the step of encrypting the UE identifier and the key K _CONN by using the public key PK _AF to obtain the ciphertext in step S101. In addition, the connection key response message sent by the AAnF network element to the UE may include the public key identifier PK _AF _id of the public key PK _AF, and the connection establishment request message sent by the UE to the AF network element may also include the public key identifier PK _AF _id of the public key PK _AF, so that the AF network element may search the corresponding private key SK _AF according to the public key identifier PK _AF _id, so as to execute the step of decrypting the ciphertext to obtain the key K _CONN. As can be seen, this embodiment uses the public key ID PK _AF _id of the public key PK _AF of the AF network element to distinguish the public keys PK _AF of different AF network elements, so that the method can be applied to the scenario of the multi-application function network element.

Optionally, for the embodiment that the AAnF network element digitally signs the ciphertext of SK _AAnF by using its own private key, the connection key message sent by the AAnF network element to the UE and the connection establishment request message sent by the UE to the AF network element further include the public key identifier of the public key PK _AAnF of the AAnF network element. In this way, the AF network element may retrieve the pre-stored public key PK _AAnF of the AAnF network element based on the public key identification PK _AAnF _id to verify the signed content. It can be seen that this embodiment can distinguish between the public key PK _AAnF of the different AAnF network elements by the public key identification PK _AAnF _id of the public key PK _AAnF of the AAnF network elements, so that the method can be applied to the scenarios of multi-application authentication and key management anchor function network elements.

Optionally, for the embodiment that the AAnF network element calculates the message authentication code by using the shared key K _EE on the ciphertext, the connection key message sent by the AAnF network element to the UE and the connection establishment request message sent by the UE to the AF network element further include a shared key identifier K _EE _id of the shared key K _EE. The AF network element may then retrieve the pre-stored shared key K _EE from the shared key identification K _EE _id to verify the message authentication code using the shared key K _EE.

Optionally, public key PK _AF of AF network elements in AAnF network elements is pre-stored. Optionally, public key PK _AAnF of AAnF of the AF network elements is pre-stored. Optionally, the shared key K _EE is pre-stored in AAnF network elements and in AF network elements. Alternatively, these pre-stored public keys or shared keys may also be obtained interactively in advance, which is not limited by the embodiment of the present application.

Referring to fig. 4, fig. 4 is a flow chart of another session establishment method according to an embodiment of the present application, the method is mainly described by an interaction angle of AAnF network elements, UE and AF network elements, and the session establishment method shown in fig. 4 is described by using a manner of verifying validity of the UE by signature content as an example. As shown in fig. 4, the session establishment method may include, but is not limited to, the following steps:

S201a, AAnF network element prestores public key PK _AF of AF network element, S201b, AF network element prestores public key PK _AAnF of AAnF network element.

S202, the UE accesses the network to finish the main authentication flow.

Optionally, the primary authentication procedure may be defined in 6.1.3.1 or 6.1.3.2 in TS 33.501, for example, the UE initiates an authentication request, the UDM network element creates an authentication vector for the UE, and the UE creates response information RES according to the authentication parameters RAND and AUTH fields in the authentication vector. AUSF checking that RES returned by the UE is consistent with expected response information XRES calculated by the local pre-calculation, if the RES is consistent with the expected response information XRES, checking that the RES is passed, and after the RES is passed, returning an authentication pass or authentication failure result to the AMF network element by the UE.

S203, the UE sends a connection key request message to the AAnF network element through the AMF network element and the AUSF network element, wherein the connection key request message is used for requesting a key K _CONN used when the end-to-end secure connection between the UE and the AF network element is established, and the connection key request message carries an identifier of the UE and an identifier AF_ID of the AF network element.

And S204, AAnF the network element checks whether the UE has the authority to use the end-to-end safety protection service, if so, executing the step S205, otherwise, refusing to respond to the connection key request message of the UE or sending the connection key response message to inform the UE of the failure of the connection key request, the reason of the failure and the like.

As described above, the AAnF network element checks whether the UE has permission to use the end-to-end security protection service, which may be implemented by querying the UDM network element for subscription data through the AAnF network element, or the AAnF network element checks whether the UE has permission to use the end-to-end security protection service, which may be implemented by querying the local configuration policy through the AAnF network element.

And S205, AAnF, creating a key K _CONN used when establishing end-to-end secure connection between the UE and the AF network element by using the network element, searching a public key PK _AF of the AF network element from the prestored key by using an identification AF_ID of the AF network element by using the AAnF network element, encrypting the K _CONN and the identification of the UE by using the public key PK _AF to obtain a ciphertext, and signing the ciphertext by using a private key SK _AAnF of AAnF to obtain signature content.

The method for creating the key K _CONN by AAnF network elements can be derived from the master authentication key (for example, K _AUSF), or can be derived by AAnF network elements by using random numbers generated by the network elements.

S206, AAnF network element sends a connection key response message to UE, and correspondingly, the UE receives the connection key response message.

As in the foregoing optional embodiments, the connection key response message may optionally include a key K _CONN, a ciphertext, signature content, a public key identifier PK _AAnF _id of the AAnF network element and a public key identifier PK _AF _id of the AF network element used when the end-to-end secure connection between the UE and the AF network element is established. The AAnF network element may send the connection key response message to the UE via the AUSF network element and the AMF network element. For example, if AAnF network element separately encrypts the UE identity and key K _CONN, separately signs, the connect key response message may carry key K _CONN, ciphertext (Enc (K _CONN)PK_AF)) encrypted with public key PK _AF to K _CONN, Signature content (Sig (Enc (K _CONN)PK_AF)SK_AAnF)), ciphertext (Enc (ue_id) PK _AF) obtained by signing ciphertext (Enc (K _CONN)PK_AF)) using private key SK _AAnF, ciphertext (Enc (ue_id) PK _AF) using public key PK _AF to encrypt UE identification, The obtained signature content (Sig (Enc (ue_id) PK _AF)SK_AAnF), the public key identification PK _AAnF _id of the AAnF network element, and the public key identification PK _AF _id of the AF network element) is signed with the ciphertext (Enc (ue_id) PK _AF) using the private key SK _AAnF.

Wherein, the related content of the ciphertext and the signature content can refer to the embodiment described above, and will not be described in detail herein.

S207, when the UE needs to initiate communication to the AF network element, the UE initiates a secure connection establishment request, such as sending a connection establishment request message to the AF network element, and correspondingly, the AF network element receives the connection establishment request message.

As in the foregoing embodiments, optionally, the connection establishment request message carries ciphertext, signature content, a public key identifier PK _AAnF _id of AAnF network elements, a public key identifier PK _AF _id of AF network elements, and a timestamp for initiating the secure connection establishment request. For example, if AAnF network element encrypts the UE's identity and key K _CONN separately, signed separately, the connection setup request message may carry Enc(K_CONN)PK_AF、Sig(Enc(K_CONN)PK_AF)SK_AAnF、Enc(UE_ID)PK_AF、Sig(Enc(UE_ID)PK_AF)SK_AAnF、PK_AAnF_ID、PK_AF_ID, and a Timestamp.

And S208, the AF network element uses a pre-stored public key PK _AAnF of AAnF network elements to verify the signature content, and if the signature content passes the verification, a private key of the AF network element is used for decrypting the ciphertext to obtain a secret key K _CONN used when the UE and the AF network element are connected safely.

S209, the AF network element replies a connection establishment response message to the UE, and the process of establishing the safe connection between the UE and the AF network element is completed. Wherein the connection establishment response message is protected by a key K _CONN.

As can be seen, in the session establishment method shown in fig. 4, by presetting a key (such as the public key PK) between the AAnF network element and the AF network element, the key K _CONN generated when the UE and the AF network element perform secure connection is generated by the core network and then sent to the UE, so that the UE can directly carry the secure connection key K _CONN of the UE and the AF network element in the secure connection establishment request process, so that the AF network element does not need to communicate with the core network to obtain the secure connection key of the UE and the AF network element, thereby reducing the complexity of interaction between the AF network element and the core network.

Referring to fig. 5, fig. 5 is a flow chart of another session establishment method according to an embodiment of the present application, the method is mainly described by an interaction angle of AAnF network elements, UE and AF network elements, and the session establishment method shown in fig. 5 is described by using a manner of verifying validity of the UE by using a message verification code as an example. As shown in fig. 5, the session establishment method may include, but is not limited to, the following steps:

S301a, AAnF network element prestores public key PK _AF and shared key K _EE of AF network element, S301b, AF network element prestores shared key K _EE.

Optionally, the AAnF network element and the AF network element may also pre-store the shared key identification K _EE _id of the shared key K _EE, respectively.

S302, the UE accesses the network to finish the main authentication flow.

Alternatively, the primary authentication procedure may be defined in TS 33.501 at 6.1.3.1 or 6.1.3.2, as described above in connection with step S202, which is not described in detail herein.

S303, the UE sends a connection key request message to the AAnF network element through the AMF network element and the AUSF network element, wherein the connection key request message is used for requesting a key K _CONN used when the end-to-end secure connection between the UE and the AF network element is established, and the connection key request message carries an identifier of the UE and an identifier AF_ID of the AF network element.

And S304, AAnF the network element checks whether the UE has the authority to use the end-to-end safety protection service, if so, executing the step S305, otherwise, refusing to respond to the connection key request message of the UE, or sending the connection key response message to inform the UE of the failure of the connection key request, the reason of the failure and the like.

The manner in which AAnF network elements check whether the UE has the right to use the end-to-end security protection service is as described above, and will not be described in detail here.

S305, AAnF network element creates key K _CONN used when the end-to-end secure connection between UE and AF network element is established, AAnF network element uses AF_ID of AF network element to search public key PK _AF of AF network element from prestored key, then uses public key PK _AF to encrypt K _CONN and UE identification to obtain ciphertext, and uses shared key K _EE to calculate message verification code (message authentication code, MAC)/hash-based message verification code (hash-based message authentication code, HMAC).

The method for creating the key K _CONN by the AAnF network element is as described above, and will not be described in detail here.

And S306, AAnF, the network element sends a connection key response message to the UE, and correspondingly, the UE receives the connection key response message.

As in the foregoing embodiments, the connection key response message may optionally include a key K _CONN, a ciphertext, a message authentication code, a public key identifier PK _AF _id of the AF network element, and a shared key identifier K _EE _id of a shared key K _EE pre-stored by the AAnF network element and the AF network element, which are used when the end-to-end secure connection between the UE and the AF network element is established. The AAnF network element may send the connection key response message to the UE via the AUSF network element and the AMF network element.

The ciphertext and the message authentication code may be related to the embodiments described above, and will not be described in detail herein.

S307, when the UE needs to initiate communication to the AF network element, the UE initiates a secure connection establishment request, such as sending a connection establishment request message to the AF network element, and correspondingly, the AF network element receives the connection establishment request message.

As in the foregoing embodiments, optionally, the connection establishment request message carries a ciphertext, a message authentication code, a public key identifier PK _AF _id of the AF network element, a shared key identifier K _EE _id, and a timestamp for initiating the secure connection establishment request.

And S308, the AF network element uses the shared key identifier K _EE _ID to search a prestored shared key K _EE, verifies the message verification code, and if the verification is passed, decrypts the ciphertext by using the private key of the AF network element to obtain a key K _CONN used when the UE and the AF network element are connected safely.

S309, the AF network element replies a connection establishment response message to the UE, and the process of establishing the safe connection between the UE and the AF network element is completed. Wherein the AF network element uses the key K _CONN to protect the connection setup response message.

As can be seen, in the session establishment method shown in fig. 5, by presetting a key (such as a public key PK of an AF network element and a shared key K _EE prestored by the AAnF network element and the AF network element) between the AAnF network element and the AF network element, a key K _CONN generated by a core network when the UE and the AF network element perform secure connection establishment is sent to the UE, so that the UE can directly carry a secure connection key K _CONN of the UE and the AF network element in a secure connection establishment request process, so that the AF network element does not need to communicate with the core network to acquire the secure connection key of the UE and the AF network element, thereby reducing complexity of interaction between the AF network element and the core network.

In the embodiment provided by the application, the scheme of the communication method provided by the embodiment of the application is introduced from the angles of each network element or equipment and interaction among the network elements or equipment. It will be appreciated that the various network elements and devices, such as the authentication and key management anchor function network elements of the applications, the application function network elements and the UE, comprise, in order to implement the above functions, corresponding hardware structures and/or software elements that perform the various functions. Optionally, in the above embodiment of the method, the information sent by the UE to the network element of the authentication and key management anchor function of the application may be sent to the network element of the access and mobility management function, the network element of the authentication service function, or the network element of the network capability opening function. Those of skill in the art will readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

Fig. 6 is a schematic structural diagram of a communication device according to the present application. The communication device shown in fig. 6 comprises a transceiver module 601 and a processing module 602.

In one embodiment, in one design, the communication device is an application function network element or a device related to the application function network element:

The transceiver module 601 is for receiving a connection establishment request message from a terminal device, where the connection establishment request message is used for requesting to establish an end-to-end secure connection, and the connection establishment request message includes a ciphertext, where the ciphertext is obtained by encrypting an identifier of the terminal device and a key K _CONN used when the end-to-end secure connection is established by using a public key PK _AF of an application function network element, and the processing module 602 is for decrypting the ciphertext by using a private key SK _AF of the processing module to obtain the key K _CONN, and the transceiver module 601 is further for sending a connection establishment response message to the terminal device.

Optionally, when the communication device is an application function network element or a device related to the application function network element, the communication device is configured to implement the functions and optional implementation manners of the application function network element in the embodiments shown in fig. 3 to fig. 5.

In one design, the communication device is an application authentication and key management anchor function network element or a related device in an application authentication and key management anchor function network element:

The processing module 602 is used for creating a key K _CONN used when an end-to-end secure connection between the terminal device and the application function network element is established, the processing module 602 is also used for encrypting an identifier of the terminal device and a key K _CONN by using a public key PK _AF of the application function network element to obtain a ciphertext, and the transceiver module 601 is used for sending a connection key message to the terminal device, wherein the connection key message comprises the key K _CONN and the ciphertext.

Optionally, when the communication device is an access network device, the communication device is configured to implement the functions and optional implementation manners of the network element with the authentication and key management anchor functions applied in the embodiments shown in fig. 3 to fig. 5.

In one design, the communication device is a terminal device or a device associated with a terminal device:

illustratively, the transceiver module 601 sends second information to the session management function network element, where the second information is used to indicate the bandwidth shared by one or more traffic flows.

Optionally, when the communication device is a policy control function network element, the communication device is configured to implement the functions of the policy control function network element in the embodiments shown in fig. 3 to fig. 5.

In one design, the communication device is an application function network element:

The transceiver module 601 is for sending a connection establishment request message to an application function network element, where the connection establishment request message is used for requesting to establish an end-to-end secure connection with the application function network element, and the connection establishment request message includes a ciphertext, where the ciphertext is obtained by encrypting an identity of an application and a key K _CONN used when the key management anchor function network element establishes an end-to-end secure connection with a public key PK _AF of the application function network element, and the transceiver module 601 is further for receiving a connection establishment response message from the application function network element.

Optionally, when the communication device is an application function network element, the communication device is configured to implement the functions of the application function network element in the embodiments shown in fig. 3 to fig. 5.

Fig. 7 is a schematic structural diagram of another communication device according to the present application. The communication device shown in fig. 7 comprises at least one processor 701, a memory 702 and optionally a transceiver 703. The specific connection medium between the processor 701 and the memory 702 is not limited in the embodiment of the present application. In fig. 7, the memory 702 and the processor 701 are connected by a bus 704, and the bus 704 is shown as a thick line in the drawing, and the connection between other components is merely schematically illustrated and not limited thereto. The bus 704 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in fig. 7, but not only one bus or one type of bus.

The processor 701 may have a data transceiver function and be capable of communicating with other devices, and in the apparatus shown in fig. 7, a separate data transceiver module, for example, a transceiver 703 may be provided for transmitting and receiving data, and the processor 701 may perform data transmission through the transceiver 703 when communicating with other devices.

In one example, when the application function network element takes the form shown in fig. 7, the processor 701 in fig. 7 may cause the application function network element to perform the method performed by the application function network element in any of the embodiments of fig. 3 to 5 by invoking computer-executable instructions stored in the memory 702.

In one example, when the authentication and key management anchor function network element of the application takes the form shown in fig. 7, the processor 701 in fig. 7 may cause the authentication and key management anchor function network element of the application to perform the method performed by the authentication and key management anchor function network element of the application in any of the embodiments of fig. 3 to 5 by invoking computer-executable instructions stored in the memory 702.

In one example, when the terminal device takes the form shown in fig. 7, the processor 701 in fig. 7 may cause the terminal device to perform the method performed by the terminal device in any of the embodiments of fig. 3 to 5 by invoking computer-executable instructions stored in the memory 702.

The embodiment of the application also provides a communication system, which can comprise part or all of the application function network element, the application authentication and key management anchor function network element and the terminal equipment in fig. 3 to 5, and can be specifically referred to the method embodiment.

The described aspects of the application may be implemented in various ways. For example, these techniques may be implemented in hardware, software, or a combination of hardware. For a hardware implementation, the processing module for performing these techniques at a communication device (e.g., a base station, terminal, network entity, core network element, or chip) may be implemented in one or more general purpose processors, digital Signal Processors (DSPs), digital signal processing devices, application Specific Integrated Circuits (ASICs), programmable logic devices, field programmable gate arrays (field programmable GATE ARRAY, FPGAs), or other programmable logic devices, discrete gate or transistor logic, discrete hardware components, or any combination thereof. A general purpose processor may be a microprocessor, but in the alternative, the general purpose processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a digital signal processor and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a digital signal processor core, or any other similar configuration.

It will be appreciated that the memory in embodiments of the application may be volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an erasable programmable ROM (erasable PROM), an electrically erasable programmable EPROM (EEPROM), or a flash memory. The volatile memory may be random access memory (random access memory, RAM) which acts as external cache memory. By way of example, and not limitation, many forms of RAM are available, such as static random access memory (STATIC RAM, SRAM), dynamic random access memory (DYNAMIC RAM, DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate synchronous dynamic random access memory (doubledata RATE SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (ENHANCED SDRAM, ESDRAM), synchronous link dynamic random access memory (SYNCHLINK DRAM, SLDRAM), and direct memory bus random access memory (direct rambus RAM, DR RAM). It should be noted that the memory of the systems and methods described herein is intended to comprise, without being limited to, these and any other suitable types of memory.

The application also provides a computer readable medium having stored thereon instructions which when executed by a computer perform the functions of any of the method embodiments described above.

The application also provides a computer program product which, when executed by a computer, implements the functions of any of the method embodiments described above.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer instructions are loaded and executed on a computer, the processes or functions described in accordance with embodiments of the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line (digital subscriber line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a high-density digital video disc (digital video disc, DVD)), or a semiconductor medium (e.g., a solid-state disk (solid-state drive STATE DISK, SSD)), or the like.

It can be understood that some optional features of the embodiments of the present application may be implemented independently in some scenarios, independent of other features, such as the scheme on which they are currently based, so as to solve corresponding technical problems, achieve corresponding effects, or may be combined with other features according to requirements in some scenarios. Accordingly, the device provided in the embodiment of the present application may also implement these features or functions accordingly, which will not be described herein.

Those of skill in the art will further appreciate that the various illustrative logical blocks (illustrative logical block) and steps (steps) described in connection with the embodiments of the application may be implemented by electronic hardware, computer software, or combinations of both. Whether such functionality is implemented as hardware or software depends upon the particular application and design requirements of the overall system. Those skilled in the art may implement the described functionality in varying ways for the respective application, but such implementation should not be understood to be beyond the scope of the embodiments of the present application.

It is appreciated that reference throughout this specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present application. Thus, the various embodiments are not necessarily all referring to the same embodiment throughout the specification. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. It should be understood that, in various embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present application.

It is to be understood that in the present application, the terms "when", "if" and "if" are used to indicate that the device is performing the corresponding process under some objective condition, and are not intended to limit the time and require no judgment in the implementation of the device, nor are other limitations intended to be implied.

Elements referred to in the singular are intended to be used in the present disclosure as "one or more" rather than "one and only one" unless specifically stated otherwise. In the present application, "at least one" is intended to mean "one or more" and "a plurality" is intended to mean "two or more" unless specifically indicated.

In addition, the terms "system" and "network" are often used interchangeably herein. The term "and/or" is used herein to describe an associative relationship of associative objects, and means that there may be three relationships, for example, a and/or B, and it may mean that there are three cases where a alone, a and B together, and B alone, are present, where a may be singular or plural, and B may be singular or plural.

Predefined in the present application may be understood as defining, predefining, storing, pre-negotiating, pre-configuring, curing, or pre-sintering.

Those skilled in the art will understand that, for convenience and brevity, the specific working process of the system, apparatus and unit described above may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.

The same or similar parts may be referred to each other in the various embodiments of the application. In the embodiments of the present application, and the respective implementation/implementation methods in the embodiments, if there is no specific description and logic conflict, terms and/or descriptions between different embodiments, and between the respective implementation/implementation methods in the embodiments, may be consistent and may refer to each other, and technical features in the different embodiments, and the respective implementation/implementation methods in the embodiments, may be combined to form a new embodiment, implementation, or implementation method according to their inherent logic relationship. The embodiments of the present application described above do not limit the scope of the present application.

The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application.

Claims

1. A method of session establishment, the method comprising:

Receiving a connection establishment request message from a terminal device, wherein the connection establishment request message is used for requesting to establish an end-to-end secure connection, the connection establishment request message comprises ciphertext,

The ciphertext is obtained by encrypting the identification of the terminal equipment and a key K _CONN used when the end-to-end secure connection is established by using a public key PK _AF of an application function network element by using an application identity authentication and key management anchor function network element;

Decrypting the ciphertext by using the private key SK _AF of the user to obtain the secret key K _CONN;

And sending a connection establishment response message to the terminal equipment.

2. The method according to claim 1, wherein the connection establishment request message further includes signature content, the signature content being obtained by the authentication and key management anchor function network element of the application digitally signing the ciphertext using a private key SK _AAnF;

The method further comprises the steps of:

Verifying the signature content by using the public key PK _AAnF of the applied identity verification and key management anchor function network element;

If the signature content passes verification, the step of decrypting the ciphertext using its own private key SK _AF to obtain the key K _CONN is performed.

3. The method according to claim 2, wherein the public key PK _AAnF of the application's authentication and key management anchor function network element is pre-stored.

4. A method according to any of claims 1 to 3, characterized in that the connection establishment request message further comprises one or more of a public key identification for identifying the public key PK _AF, a public key identification for identifying the public key PK _AAnF and a timestamp of the initiation of the end-to-end secure connection by the terminal device.

5. The method according to claim 1, wherein the connection establishment request message further includes a message authentication code, the message authentication code being obtained by calculating the ciphertext by the authentication and key management anchor function network element of the application using a shared key K _EE;

The method further comprises the steps of:

Verifying the message authentication code using the shared key K _EE;

If the verification code passes, the step of decrypting the ciphertext by using the private key SK _AF to obtain the key K _CONN is executed.

6. The method of claim 5, wherein the connection establishment request message further comprises one or more of a public key identification for identifying the public key PK _AF, a shared key identification for identifying the shared key K _EE, and a timestamp of the initiation of the end-to-end secure connection by the terminal device.

7. A method of session establishment, the method comprising:

Creating a key K _CONN used when establishing end-to-end secure connection between the terminal equipment and the application function network element;

Encrypting the identification of the terminal equipment and the secret key K _CONN by using the public key PK _AF of the application function network element to obtain a ciphertext;

And sending a connection key message to the terminal equipment, wherein the connection key message comprises the key K _CONN and the ciphertext.

8. The method of claim 7, wherein the method further comprises:

And carrying out digital signature on the ciphertext by using a private key SK _AAnF of the self, so as to obtain the signature content, wherein the signature content is also included in the connection key message.

9. The method of claim 7, wherein the method further comprises:

And calculating the ciphertext by using the shared key K _EE to obtain a message verification code, wherein the message verification code is also included in the connection key message.

10. The method according to any of the claims 7 to 9, characterized in that before said creating a key K _CONN for use in the establishment of an end-to-end secure connection between a terminal device and an application function network element, the method further comprises:

A connection key request message is received from a terminal device, the connection key request message being used to request the key K _CONN.

11. The method according to any one of claims 7 to 10, further comprising:

Checking whether the terminal equipment has authority to use an end-to-end security protection service;

And if the terminal equipment has permission to use the end-to-end safety protection service, executing the step of creating the key K _CONN used when the end-to-end safety connection between the terminal equipment and the application function network element is established.

12. The method of claim 11, wherein said checking whether said terminal device has permission to use an end-to-end security protection service comprises:

sending a query request message to a unified data management network element, wherein the query request message is used for requesting whether the terminal equipment has permission to use an end-to-end security protection service;

And receiving a query response message from the unified data management network element, wherein the query response message is used for indicating whether the terminal equipment has permission to use the end-to-end security protection service.

13. The method according to claim 10, wherein the connection key request message includes an identification of the application function network element and an identification of the terminal device, and wherein the connection key message includes a public key identification of a public key PK _AF for identifying the application function network element.

14. The method according to claim 8, 9 or 13, characterized in that the connection key message further comprises a public key identification for identifying the own public key PK _AAnF or a shared key identification for identifying the shared key K _EE.

15. The method according to any of the claims 7 to 14, characterized in that the public key PK _AF of the application function network element is pre-stored.

16. A method of session establishment, the method comprising:

Sending a connection establishment request message to an application function network element, wherein the connection establishment request message is used for requesting to establish end-to-end secure connection with the application function network element, the connection establishment request message comprises ciphertext,

and receiving a connection establishment response message from the application function network element.

17. The method of claim 16, wherein the connection establishment request message further includes signature content obtained by the authentication and key management anchor function network element of the application digitally signing the ciphertext using private key SK _AAnF.

18. The method of claim 16, wherein the connection establishment request message further includes a message authentication code, the message authentication code being obtained by the authentication and key management anchor function network element of the application calculating the ciphertext using a shared key K _EE.

19. The method according to any of the claims 16 to 18, wherein before said sending a connection establishment request message to an application function network element, the method further comprises:

Sending a connection key request message to the applied authentication and key management anchor function network element, wherein the connection key request message is used for requesting the key K _CONN;

receiving a connection key message from the authentication and key management anchor function network element of the application, wherein the connection key message comprises the key K _CONN and the ciphertext, or the connection key message comprises the key K _CONN, the ciphertext and the signature content, or the connection key message comprises the key K _CONN, the ciphertext and the message authentication code.

20. The method of claim 19, wherein the step of determining the position of the probe comprises,

The connection key request message comprises an identifier of the application function network element and an identifier of the terminal equipment;

Wherein the connection key message and the connection establishment request message further respectively comprise a public key identifier for identifying the public key PK _AF, and/or,

The connection key message and the connection establishment request message further comprise a public key identification of a public key PK _AAnF for identifying an authentication and key management anchor function network element of the application, or further comprise a shared key identification for identifying the shared key K _EE, and/or,

The connection establishment request message further includes a time stamp for the terminal device to initiate the end-to-end secure connection establishment.

21. A communication device comprising means for performing the method of any one of claims 1 to 6, or for performing the method of any one of claims 7 to 14, or for performing the method of any one of claims 16 to 20.

22. A communication device comprising a processor and interface circuitry for receiving signals from other communication devices than the communication device and transmitting to the processor or sending signals from the processor to other communication devices than the communication device, the processor being configured to implement the method of any one of claims 1 to 6, or to implement the method of any one of claims 7 to 14, or to implement the method of any one of claims 16 to 20, by logic circuitry or executing code instructions.

23. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a computer program or instructions which, when executed by a communication device, implements a module of a method according to any of claims 1 to 6, or implements a method according to any of claims 7 to 14, or implements a method according to any of claims 16 to 20.

24. A communication device, the communication device comprising a processor and a transceiver;

Wherein the transceiver is for communicating with other communication devices, the processor being for running a computer program to cause the communication devices to implement the method of any one of claims 1 to 6, or to implement the method of any one of claims 7 to 14, or to implement the method of any one of claims 16 to 20.

25. A communication device comprising a memory, a processor, and a transceiver;

Wherein the transceiver is configured to receive signals or transmit signals, the memory is configured to store instructions or a computer program, and the processor is configured to execute the computer program or instructions stored in the memory, to cause the communication device to perform the method according to any one of claims 1 to 6, or to implement the method according to any one of claims 7 to 14, or to implement the method according to any one of claims 15 to 19.

26. A computer program product comprising computer instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1 to 6, or to perform the method of any one of claims 7 to 14, or to perform the method of any one of claims 16 to 20.