WO2025130077A1 - Procédé, dispositif et produit-programme informatique pour communication sans fil - Google Patents
Procédé, dispositif et produit-programme informatique pour communication sans fil Download PDFInfo
- Publication number
- WO2025130077A1 WO2025130077A1 PCT/CN2024/111114 CN2024111114W WO2025130077A1 WO 2025130077 A1 WO2025130077 A1 WO 2025130077A1 CN 2024111114 W CN2024111114 W CN 2024111114W WO 2025130077 A1 WO2025130077 A1 WO 2025130077A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- wireless communication
- node
- user identifier
- uia
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Definitions
- This document is directed generally to wireless communications, and in particular to 5 th generation (5G) communications or 6 th generation (6G) communications.
- User identifiers in a communication network help an operator to provide customization and enhanced user experience for services inside and outside the network.
- the implementation of user identifiers is still a topic to be discussed.
- This document relates to methods, systems, and computer program products for a wireless communication.
- the wireless communication method includes: receiving, via the communication unit from a wireless communication terminal, a request message comprising a user identifier to be activated; and transmitting, by the wireless communication node to the wireless communication terminal, a response message indicating whether the user identifier is successfully activated or whether a session for the user identifier is established.
- the wireless communication method includes: transmitting, via the communication unit to a wireless communication node, a request message comprising a user identifier to be activated; and receiving, by the wireless communication terminal from the wireless communication node, a response message indicating whether the user identifier is successfully activated or whether a session for the user identifier is established.
- the wireless communication terminal includes a communication unit and a processor.
- the processor is configured for: receiving, via the communication unit from a wireless communication terminal, a request message comprising a user identifier to be activated; and transmitting, by the wireless communication node to the wireless communication terminal, a response message indicating whether the user identifier is successfully activated or whether a session for the user identifier is established.
- the wireless communication node includes a communication unit and a processor.
- the processor is configured for: transmitting, via the communication unit to a wireless communication node, a request message comprising a user identifier to be activated; and receiving, by the wireless communication terminal from the wireless communication node, a response message indicating whether the user identifier is successfully activated or whether a session for the user identifier is established.
- the management node performs at least one of:
- the management node performs at least one of:
- At least one of the first message or the third message comprises at least one of the user identifier or an identifier of the wireless communication terminal.
- GPSI Generic Public Subscription Identifier
- the anchor node performs at least one of:
- the anchor node acquires the user identifier activation information based on a key identifier received from an application node.
- the wireless communication node comprises an application node.
- the application node performs at least one of:
- the application node transmits the first or third message in response to a decrypted user identifier matches user identifier activation information from an anchor node.
- the application node checks whether the decrypted user identifier matches the user identifier activation information based on a service type from the request message.
- the application node decrypts the request message to acquire a decrypted user identifier and/or a service type.
- response message comprises a UIA Active Response message transmitted from a management node of the wireless communication node to the wireless communication terminal and/or an Application Session Establishment Response message transmitted from an application node of the wireless communication node to the wireless communication terminal.
- a first response message of the request message transmitted to a management node of the wireless communication node comprises the user identifier and an activation result of the user identifier.
- a first request message of the request message transmitted to a management node of the wireless communication node comprises a User Identities and Authentication, UIA, Active Request message and/or a first response message of the response message received from a management node of the wireless communication node comprises a UIA Active Response message.
- a second request message of the request message transmitted to an application node of the wireless communication node further comprises a service type for activating the user identifier.
- the user identifier and/or the service type in the second request message is encrypted.
- the present disclosure relates to a computer program product comprising a computer-readable program medium code stored thereupon, the code, when executed by a processor, causing the processor to implement a wireless communication method recited in any one of foregoing methods.
- the present disclosure is not limited to the exemplary embodiments and applications described and illustrated herein. Additionally, the specific order and/or hierarchy of steps or operations in the methods disclosed herein are merely exemplary approaches. Based upon design preferences, the specific order or hierarchy of steps or operations of the disclosed methods or processes can be re-arranged while remaining within the scope of the present disclosure. Thus, those of ordinary skill in the art will understand that the methods and techniques disclosed herein present various steps or operations in a sample order, and the present disclosure is not limited to the specific order or hierarchy presented unless expressly stated otherwise.
- FIG. 1A and FIG. 1B show a procedure according to an embodiment of the present disclosure.
- FIG. 2 shows a schematic diagram of a procedure according to an embodiment of the present disclosure.
- FIG. 3 shows a schematic diagram of a procedure according to an embodiment of the present disclosure.
- FIG. 4 shows a schematic diagram of a procedure according to an embodiment of the present disclosure.
- FIG. 5 shows an example of a schematic diagram of a wireless communication terminal according to an embodiment of the present disclosure.
- FIG. 6 shows an example of a schematic diagram of a wireless communication node according to an embodiment of the present disclosure.
- FIGs. 7 and 8 show flowcharts of wireless communication methods according to some embodiments of the present disclosure.
- Some embodiments of the present disclosure directed to User Identities and Authentication (UIA) Architecture, which enhances the 5G System (5GS) to allow for the creation and utilization of user-specific identities in order to provide the enhanced user experience, the optimized performance, and offer services to specific users.
- UAA User Identities and Authentication
- one or more users e.g., human (s) or machine (s) identified by user identifier (s) (also referred to as user id (s) in the present disclosure)
- sharing one User Equipment (UE) e.g., user identifier (s) sharing one User Equipment (UE) .
- UE User Equipment
- a single user identifier is active with a UE subscription at a given time and it is assumed that the specific user identifier is associated with all of the UE’s traffic during the time that specific user identifier is active with the UE’s subscription.
- a user is considered active if the associated user identifier has been authenticated and authorized to use a linked subscription to access the 5GS.
- Some embodiments of the present disclosure may provide a mechanism related to a user identifier. Some embodiments of the present disclosure may provide a mechanism to active a specific user identifier (e.g., applies to a specific human) .
- the user identifier is different from the UE identifier (also referred to as the identifier of the UE) (e.g., SUPI (Subscription Permanent Identifier) or GPSI (Generic Public Subscription Identifier) ) of the associated UE (e.g., the UE operated by the user) .
- the UE identifier also referred to as the identifier of the UE
- SUPI Subscribescription Permanent Identifier
- GPSI Generic Public Subscription Identifier
- more than one user identifier may correspond to one UE identifier (e.g., the UE may be operated by different users) .
- one user identifier may correspond to more than one UE identifier (e.g., different UEs may be operated by a user) .
- FIG. 1A and FIG. 1B show a procedure for User Identifier key material sharing to a UIA Anchor according to an embodiment of the present disclosure.
- the procedure may include at least one of the following operations.
- the UE sends a registration request to the gNodeB (gNB) , including the UE 5G-Globally Unique Temporary Identity (GUTI) or Subscription Concealed Identifier (SUCI) .
- gNB gNodeB
- GUI 5G-Globally Unique Temporary Identity
- SUCI Subscription Concealed Identifier
- the Radio Access Network selects an Access and Mobility Management Function (AMF) and forwards the Registration Request to the AMF.
- AMF Access and Mobility Management Function
- the Identity Request procedure is initiated by the AMF sending an Identity Request message to the UE requesting the SUCI.
- the UE sends an identity response to the new AMF.
- the AUSF sends a request (e.g., the Nudm_UEAuthentication_Get Request) to the Unified Data Management (UDM) , including the SUCI/SUPI and the serving network name.
- a request e.g., the Nudm_UEAuthentication_Get Request
- UDM Unified Data Management
- the UDM may return the 5G Home Environment Authentication Vector (HE AV) to the AUSF together with an indication that the 5G HE AV is to be used for 5G AKA in a response (e.g., the Nudm_UEAuthentication_Get Response) .
- the UDM may include the SUPI in the response (e.g., the Nudm_UEAuthentication_Get Response) after deconcealment of the SUCI.
- the UDM includes the user subscription in the response (e.g., the Nudm_UEAuthentication_Get Response) .
- the user subscription contains at least a user id (also referred to as User_Id in this disclosure) list.
- the format of the user id is not constrained, and thus, if the UIA-AnchorID is not a partial of the user id, the user subscription sends to the AUSF also contains an UIA-AnchorID list, which has a mapping relationship with the user id list.
- the UIA-AnchorID is used for the network to identify the specific UIA Anchor Function for a specific user id. Different user ids for a single UE may have different UIA-AnchorIDs, and therefore register to different UIA Anchor Functions.
- the AUSF may store the Expected Response (XRES*) temporarily together with the received SUCI or the received SUPI.
- XRES* Expected Response
- the AUSF may then generate the 5G AV from the 5G HE AV received from the UDM/Authentication credential Repository and Processing Function (ARPF) by computing the Expected Response (HXRES*) from the XRES*and the Security Anchor Function Key (K SEAF ) from the K AUSF , and replacing the XRES*with the HXRES*and KAUSF with KSEAF in the 5G HE AV.
- ARPF UDM/Authentication credential Repository and Processing Function
- the AUSF may then remove the K SEAF and return the 5G SE AV (Random Number (RAND) , Authentication Token (AUTN) , HXRES*) to the AMF in a response (e.g., the Nausf_UEAuthentication_UEAuthentication Response) .
- 5G SE AV Random Number (RAND) , Authentication Token (AUTN) , HXRES*
- RAND Random Number
- AUTN Authentication Token
- HXRES* Authentication Token
- the AMF may send the RAND, the AUTN to the UE in a request (e.g., Non-Access Stratum (NAS) message Authentication Request) .
- this message may also include the Key Set Identifier (ngKSI) that may be used by the UE and the AMF to identify the K AMF and the partial native security context that is created if the authentication is successful.
- ngKSI Key Set Identifier
- This message may also include the Anti-Bidding down Between Architectures (ABBA) parameter.
- ABBA Anti-Bidding down Between Architectures
- the AMF may set the ABBA parameter.
- the UE may forward the RAND and AUTN received in NAS message Authentication Request to the Universal Subscriber Identity Module (USIM) .
- USIM Universal Subscriber Identity Module
- the USIM may verify the freshness of the received values by checking whether the AUTN can be accepted. If the AUTN is accepted, the USIM computes a response (e.g., RES) . The USIM may return the RES, the Cipher Key (CK) , the Integrity Key (IK) to the UE. If the USIM computes a Kc (i.e., General Packet Radio Service (GPRS) Kc) from the CK and the IK, and sends it to the UE, then the UE may ignore such GPRS Kc and not store the GPRS Kc on the USIM or in the UE. The UE then may compute RES*from RES. The UE may calculate the K AUSF from the CK
- GPRS General Packet Radio Service
- the UE may return the RES*to the AMF in a response (e.g., the NAS message Authentication Response) .
- a response e.g., the NAS message Authentication Response
- the AMF may then compute HRES*from RES*, and the AMF may compare HRES*and HXRES*. If they coincide, the AMF may consider the authentication successful from the serving network point of view.
- the AMF may send the RES*, as received from the UE, in a request (e.g., the Nausf_UEAuthentication_Authenticate Request message) to the AUSF.
- a request e.g., the Nausf_UEAuthentication_Authenticate Request message
- the AUSF may verify whether the 5G AV has expired. If the 5G AV has expired, the AUSF may consider the authentication as unsuccessful from the home network point of view. Upon successful authentication, the AUSF stores the K AUSF based on the home network operator’s policy. The AUSF may compare the received RES*with the stored XRES*. If the RES*and XRES*are equal, the AUSF may consider the authentication as successful from the home network point of view.
- the AUSF may indicate to the AMF in the response (e.g., the Nausf_UEAuthentication_Authenticate Response) whether the authentication was successful or not from the home network point of view. If the authentication was successful, the K SEAF may be sent to the SEAF in the response (e.g., the Nausf_UEAuthentication_Authenticate Response) . In case the AUSF received a SUCI from the SEAF in the authentication request, and if the authentication was successful, then the AUSF may also include the SUPI in the response (Nausf_UEAuthentication_Authenticate Response message) .
- the AUSF includes the received user id list in the response (e.g., Nausf_UEAuthentication_Authenticate Response message) .
- the AMF and the UE complete the NAS security mode command procedure to establish NAS Security context between the UE and the AMF.
- the AUSF If the AUSF receives the user id list from the UDM, the AUSF stores the KAUSF and generate the UIA Anchor Key (K UIA ) and the UIA-KID based on K AUSF after the primary authentication procedure is successfully completed.
- K UIA UIA Anchor Key
- the UE generates the UIA Anchor Key (K UIA ) and the UIA-KID based on K AUSF before initiating communication with an UIA Application Function.
- K UIA UIA Anchor Key
- UIA-KID UIA-KID
- the AUSF selects the UIA-Anchor Function (also referred to as UIA-Anchor) according to the UIA-AnchorID or the user id, and sends the generated UIA-KID and K UIA to the UIA-Anchor Function together with the user id using the service operation (e.g., the Nuiaa_UIA_KeyRegistration Request service operation) . If there are more than one user ids related with the UIA-Anchor Function, the user id may be a user id list.
- the AUSF can optionally also send the SUPI to the UIA-Anchor Function.
- the UIA-Anchor Function stores the latest information sent by the AUSF.
- the UIA-Anchor Function sends the response to the AUSF using the service operation (e.g., Nuiaa_UIA_AnchorKey_Register Response service operation) .
- the service operation e.g., Nuiaa_UIA_AnchorKey_Register Response service operation
- the new AMF registers with the UDM using a registration (e.g., Nudm_UECM_Registration) for the access to be registered.
- a registration e.g., Nudm_UECM_Registration
- the AMF retrieves the Access and Mobility Subscription data, the SMF Selection Subscription data, the UE context in the SMF data and the Location services (LCS) mobile origination using a service operation request (e.g., Nudm_SDM_Get) .
- a service operation request e.g., Nudm_SDM_Get
- the AMF subscribes to be notified using Nudm_SDM_Subscribe when the data requested is modified.
- the UDM initiates a Nudm_UECM_DeregistrationNotification to the old AMF corresponding to the same access, if one exists.
- old AMF does not have UE context for another access type (i.e. non-3GPP access)
- the Old AMF unsubscribes with the UDM for subscription data using Nudm_SDM_unsubscribe.
- the new AMF sends a registration accept to the UE.
- the UE sends a registration complete to the new AMF.
- the UE and the UIA AF may know whether to implement the mechanism of the user identifier. This knowledge can be obtained from an application on the UE and/or the UIA AF or indicated from the network (e.g., from the UIA AF) to the UE.
- FIG. 2 shows a user identifier activation procedure according to an embodiment of the present disclosure.
- the UDM performs the user identifier activation.
- the procedure may include at least one of the following operations.
- the UE may be registered and established PDU Sessions.
- the registration can be performed by using the procedure described in Aspect 0, and details in this regard will not be repeated herein.
- the registration can be performed by using another registration procedure.
- the UE may send a request (e.g., the UIA Active request, in the paragraph below, the UIA Active request will be taken as an example, but the present disclosure is not limited thereto) to the AMF with the user id (e.g., the User_Id#1) .
- the AMF forwards the request to the UDM.
- the UE transmits another request (e.g., the Application Session Establishment Request message) to an UIA AF.
- said another request comprises the UIA-KID and the user id.
- the user id is encrypted.
- the user id is encrypted by a key K UIAAF (e.g., a key used for the communication between the UE and the UIA AF) .
- the UE derives K UIAAF from the UIA Anchor Key (K UIA ) .
- the UE generates the UIA Anchor Key (K UIA ) and/or the UIA-KID based the K AUSF (e.g., before initiating the communication with the UIA AF) .
- the Authentication and Key Management for Applications (AKMA) Anchor Function (AAnF) verifies whether the subscriber is authorized to use UIA based on the presence of the UE specific KUIA key identified by the UIA-KID.
- AKMA Authentication and Key Management for Applications
- AAA Anchor Function
- the UIA-Anchor Function derives the UIA Application Key (K UIAAF ) based on K UIA if it does not already have K UIAAF .
- the UDM activates this user id (e.g., the User_Id#1) . In some embodiments, if the user id received in operation 2a matches the user identifier activation information received in operation 5, the UDM determines the user identifier activation is failed and does not activate the user id.
- the UDM sends the response (e.g., the UIA active response) to the AMF.
- the response includes at least one of the user id (e.g., User_Id#1) and/or the activation result indicating whether the user identifier is successfully activated.
- the AMF forwards the response to the UE.
- the UIA AF sends the response (e.g., Application Session Establishment Response) to the UE. If the information in operation 9 indicates a failure, the UIA AF rejects the Application Session Establishment by including a failure cause.
- the response e.g., Application Session Establishment Response
- the UE and the UIA AF may know whether to implement the mechanism of the user identifier. This knowledge can be obtained from an application on the UE and/or the UIA AF or indicated from the network (e.g., from the UIA AF) to the UE.
- FIG. 3 shows a user identifier activation procedure according to an embodiment of the present disclosure.
- both the UIA AF and the UDM are involved in the user identifier activation.
- the procedure may include at least one of the following operations.
- the UE may send a request (e.g., the UIA Active request, in the paragraph below) to the AMF with the user id (e.g., the User_Id#1) .
- the AMF forwards the request to the UDM.
- the UE transmits another request (e.g., the Application Session Establishment Request message) to an UIA AF.
- said another request comprises the UIA-KID and the user id.
- said another request further comprises a service type.
- the service type may be set to “activate” or “active” .
- the service type may be used to request the activation of the user id.
- the user id and/or the service type is encrypted.
- the user id and/or the service type is encrypted by a key K UIAAF .
- the UE derives K UIAAF from the UIA Anchor Key (K UIA ) . In some embodiments, the UE generates the UIA Anchor Key (K UIA ) and/or the UIA-KID based the K AUSF (e.g., before initiating the communication with the UIA AF) .
- the UIA AF selects the UIA-Anchor Function, and sends a request (e.g., Nuiaa_UIA_ApplicationKey_Get request) to the UIA-Anchor Function with the UIA-KID to request the K UIAAF for the UE.
- a request e.g., Nuiaa_UIA_ApplicationKey_Get request
- the UIA AF also includes its identity (UIA_AF_ID) in the request.
- the UIA-Anchor Function checks whether the UIA-Anchor Function can provide the service to the UIA AF based on the configured local policy or based on the authorization information available in the signaling (i.e., Oauth2.0 token) . If it succeeds, the following procedures are executed. Otherwise, the UIA-Anchor Function rejects the procedure.
- the AAnF verifies whether the subscriber is authorized to use UIA based on the presence of the UE specific KUIA key identified by the UIA-KID.
- the UIA-Anchor Function continues with operation 4.
- the UIA-Anchor Function continues with operation 5 with an error response (e.g., the UIA-Anchor Function transmits an error response to the UIA AF in operation 5) .
- the UIA-Anchor Function derives the UIA Application Key (K UIAAF ) based on K UIA if it does not already have K UIAAF .
- the UIA-Anchor Function sends a response (e.g., Nniaa_UIA_ApplicationKey_Get response) to the UIA AF.
- the request comprises the user identifier activation information (e.g., including the user id (e.g., User_Id#1) ) , an identifier of the UE (e.g., SUPI or GPSI) , K UIAAF and/or the K UIAAF expiration time.
- the UIA-Anchor Function acquires the user identifier activation information based on the received UIA-KID. In some embodiments, whether to send the SUPI or the GPSI is determined by UIA-Anchor Function based on the local policy.
- the UIA AF decrypts the request received in operation 2b to get the plain text of User_Id#1 and/or service type. In some embodiments, the UIA AF decrypts the request received in operation 2b using the received K UIAAF. In some embodiments, the UIA AF checks whether the decrypted user id (e.g., the plain text of User_Id#1) matches the user identifier activation information based on a service type from the request message. In some embodiments, the UIA AF checks whether the decrypted user id matches the user identifier activation information in response to the service type is “active” .
- the decrypted user id e.g., the plain text of User_Id#1
- the UIA AF checks whether the decrypted user id matches the user identifier activation information in response to the service type is “active” .
- the UIA AF checks whether the decrypted user id and the user id received in operation 5 identify the same user. In some embodiments, if the decrypted user id matches the user identifier activation information received from UIA-Anchor in operation 5, the UIA AF performs operation 7. In some embodiments, if the decrypted user id matches the user identifier activation information, the UIA AF performs the user id based EAP authentication with the AAA-S.
- the UIA AF sends a request (e.g., the UIA Active request) user identifier activation information (e.g., including User_Id#1) (e.g., can be the one received from the UIA-Anchor in operation 5 or different user identifier activation information to the UDM.
- the request may further include the UE identifier.
- the UIA AF sends the request (e.g., the Nuiaa_UIA_Active request) to the UIA-Anchor with the user identifier activation information (e.g., including User_Id#1) and optionally with the SUPI.
- the UIA-Anchor sends the request (e.g., the Nudm_UIA_Active request) to the UDM.
- the UIA AF sends the request (e.g., the Nudm_UIA_Active request) to the UDM with the user identifier activation information (e.g., including User_Id#1) and optionally with the SUPI. In some embodiments, the UIA AF directly sends the request to the UDM.
- the request e.g., the Nudm_UIA_Active request
- the user identifier activation information e.g., including User_Id#1
- the UIA AF directly sends the request to the UDM.
- the UIA AF sends the request (e.g., the Nnef_UIA_Active request) to the NEF with the user identifier activation information (e.g., including User_Id#1) and optionally with the GPSI.
- the NEF then forwards the request to the UDM through the UIA-Anchor.
- the UDM determines whether to activate the user id (e.g., User_Id#1) . In some embodiments, the UDM determines whether to activate the user id based on whether the user id received in operation 2a matches the user identifier activation information received in operation 7. In some embodiments, when the user identifier activation information includes or is a user id, the UDM determines whether to activate the user id based on whether the user id received in operation 2a and the user id received in operation 7 identifier the same user of the UE.
- the user id e.g., User_Id#1
- the UDM determines whether to activate the user id based on whether the user id received in operation 2a matches the user identifier activation information received in operation 7.
- the user identifier activation information includes or is a user id
- the UDM determines whether to activate the user id based on whether the user id received in operation 2a and
- the UDM activates this user id (e.g., the User_Id#1) . In some embodiments, if the user id received in operation 2a matches the user identifier activation information received in operation 7, the UDM determines the activation for the user identifier is failed and does not activate the user id.
- the UDM sends a response (e.g., the UIA Active response) to the UIA AF.
- the response includes at least one of the user id (e.g., the User_Id#1) and/or the activation result.
- the UDM sends the response to the UIA AF via the UIA-Anchor.
- the UDM directly sends the response to the UIA AF.
- the UDM sends the response to the UIA AF via the NEF and the UIA-Anchor.
- the UDM sends another response (e.g., the UIA active response) to the AMF with the user id (e.g., User_Id#1) and the activation result.
- the AMF forwards the response to the UE.
- the UIA AF sends the response (e.g., the Application Session Establishment Response) to the UE. If the UIA AF receives the error response in operation 5 or the response received in operation 8 indicates the activation of the user id is failed, the UIA AF rejects the request (e.g., the Application Session Establishment) by including a failure cause.
- the response e.g., the Application Session Establishment Response
- the UE and the UIA AF may know whether to implement the mechanism of the user identifier. This knowledge can be obtained from an application on the UE and/or the UIA AF or indicated from the network (e.g., from the UIA AF) to the UE.
- FIG. 4 shows a user identifier activation procedure according to an embodiment of the present disclosure.
- the UIA AF e.g., the application layer
- the procedure may include at least one of the following operations.
- the UE may be registered and established PDU Sessions.
- the registration can be performed by using the procedure described in Aspect 0, and details in this regard will not be repeated herein.
- the registration can be performed by using another registration procedure.
- the UE sends a request (e.g., the Application Session Establishment Request message) to an UIA AF.
- the request comprises the UIA-KID and the user id.
- the request further comprises a service type.
- the service type may be set to “activate” or “active” .
- the service type may be used to request the activation of the user id.
- the user id and/or the service type is encrypted.
- the user id and/or the service type is encrypted by a key K UIAAF .
- the UE derives K UIAAF from the UIA Anchor Key (K UIA ) . In some embodiments, the UE generates the UIA Anchor Key (K UIA ) and/or the UIA-KID based the K AUSF (e.g., before initiating the communication with the UIA AF) .
- UIA-Anchor Function if K UIA is present in UIA-Anchor Function, the UIA-Anchor Function continues with operation 4.
- the UIA-Anchor Function continues with operation 5 with an error response (e.g., the UIA-Anchor Function transmits an error response to the UIA AF in operation 5) .
- the UIA-Anchor Function derives the UIA Application Key (K UIAAF ) based on K UIA if it does not already have K UIAAF .
- the UIA-Anchor Function sends a response (e.g., Nniaa_UIA_ApplicationKey_Get response) to the UIA AF.
- the request comprises the user identifier activation information (e.g., including the user id (e.g., User_Id#1) ) , an identifier of the UE (e.g., SUPI or GPSI) , K UIAAF and/or the K UIAAF expiration time.
- the UIA-Anchor Function acquires the user identifier activation information based on the received UIA-KID. In some embodiments, whether to send the SUPI or the GPSI is determined by the UIA-Anchor Function based on the local policy.
- the UIA AF decrypts the request received in operation 2b to get the plain text of User_Id#1 and/or service type. In some embodiments, the UIA AF decrypts the request received in operation 2b using the received K UIAAF. In some embodiments, the UIA AF checks whether the decrypted user id (e.g., the plain text of User_Id#1) matches the user identifier activation information based on a service type from the request message. In some embodiments, the UIA AF checks whether the decrypted user id matches the user identifier activation information in response to the service type is “active” .
- the decrypted user id e.g., the plain text of User_Id#1
- the UIA AF checks whether the decrypted user id matches the user identifier activation information in response to the service type is “active” .
- the UIA AF sends a notification (e.g., the Nudm_UIA Active Notify) to the UDM inform the UDM that the User_Id#1 is activated.
- the notification may include at least one of the user id (e.g., the User_Id#1) and/or the UE identifier.
- the UIA AF sends the notification to the UDM via the UIA-Anchor.
- the UIA AF sends the notification to the UDM directly.
- the UIA AF sends the notification to the UDM via the NEF and the UIA-Anchor.
- the UIA AF sends the response (e.g., Application Session Establishment Response) to the UE. If the UIA AF receives the error response in operation 5 or, in operation 6, the decrypted user id does not match the user identifier activation information received from UIA-Anchor, the UIA AF rejects the request (e.g., Application Session Establishment) by including a failure cause.
- the request e.g., Application Session Establishment
- the UDM may perform at least one of the following:
- the request e.g., the UIA active request
- the request e.g., the UIA active request
- a response e.g., the UIA active response
- a response e.g., the UIA active response
- a notification e.g., Nudm_UIA Active Notify
- a notification e.g., Nudm_UIA Active Notify
- the UIA-Anchor may perform at least one of the following:
- a request (e.g., the UIA active request) to the UDM with the user id;
- a response e.g., the UIA active response
- the UIA AF may perform at least one of the following:
- a request (e.g., the UIA active request) to the UIA-Anchor/UDM/NEF with the user id and the UE identity;
- the response e.g., the UIA active response
- the user id e.g., User_Id#1
- a notification e.g., Nudm_UIA Active Notify
- a notification e.g., Nudm_UIA Active Notify
- the UE may perform at least one of the following:
- a request (e.g., the UIA active request) to the AMF with the user id;
- the AMF forwards the messages (e.g., UIA Active Request and UIA Active Response) between the UE and the UDM.
- the messages e.g., UIA Active Request and UIA Active Response
- FIG. 5 relates to a diagram of a wireless communication terminal 30 according to an embodiment of the present disclosure.
- the wireless communication terminal 30 may be a tag, a mobile phone, a laptop, a tablet computer, an electronic book or a portable computer system and is not limited herein.
- the wireless communication terminal 30 may be used to implement the UE described in this disclosure.
- the wireless communication terminal 30 may include a processor 300 such as a microprocessor or Application Specific Integrated Circuit (ASIC) , a storage unit 310 and a communication unit 320.
- the storage unit 310 may be any data storage device that stores a program code 312, which is accessed and executed by the processor 300.
- Embodiments of the storage unit 310 include but are not limited to a subscriber identity module (SIM) , read-only memory (ROM) , flash memory, random-access memory (RAM) , hard-disk, and optical data storage device.
- SIM subscriber identity module
- ROM read-only memory
- RAM random-access memory
- the communication unit 320 may a transceiver and is used to transmit and receive signals (e.g., messages or packets) according to processing results of the processor 300.
- the communication unit 320 transmits and receives the signals via at least one antenna 322 or via wiring.
- the storage unit 310 and the program code 312 may be omitted and the processor 300 may include a storage unit with stored program code.
- the processor 300 may implement any one of the steps or operations in exemplified embodiments on the wireless communication terminal 30, e.g., by executing the program code 312.
- the communication unit 320 may be a transceiver.
- the communication unit 320 may as an alternative or in addition be combining a transmitting unit and a receiving unit configured to transmit and to receive, respectively, signals to and from a wireless communication node.
- the wireless communication terminal 30 may be used to perform the operations of the UE described in this disclosure.
- the processor 300 and the communication unit 320 collaboratively perform the operations described in this disclosure. For example, the processor 300 performs operations and transmit or receive signals, message, and/or information through the communication unit 320.
- FIG. 6 relates to a diagram of a wireless communication node 40 according to an embodiment of the present disclosure.
- the wireless communication node 40 may be a satellite, a base station (BS) , a gNB, a network entity, a Domain Name System (DNS) server, a Mobility Management Entity (MME) , Serving Gateway (S-GW) , Packet Data Network (PDN) Gateway (P-GW), a radio access network (RAN) , a next generation RAN (NG-RAN) , a data network, a core network, a communication node in the core network, or a Radio Network Controller (RNC) , and is not limited herein.
- BS base station
- gNB a network entity
- DNS Domain Name System
- MME Mobility Management Entity
- S-GW Serving Gateway
- PDN Packet Data Network Gateway
- RAN radio access network
- NG-RAN next generation RAN
- RNC Radio Network Controller
- the wireless communication node 40 may include (perform) at least one network function such as an access and mobility management function (AMF) , a Unified Data Management (UDM) , a UIA Anchor, a session management function (SMF) , a user place function (UPF) , a policy control function (PCF) , an application function (AF) (e.g., a UIA AF) , etc.
- the wireless communication node 40 may be a network or a network node include (perform) at least one of the UDM, the UIA-Anchor, the UIA AF, and/or the AMF described in this disclosure.
- the wireless communication node 40 may be used to implement the UDM, the UIA-Anchor, the UIA AF, and/or the AMF described in this disclosure or the wireless communication node 40 may be used to implement a network or a network node including at least one of the UDM, the UIA- Anchor, the UIA AF, and/or the AMF described in this disclosure.
- the wireless communication node 40 may include one or more processors 400 such as a microprocessors or ASICs, one or more storage units 410 and one or more communication units 420.
- the storage units 410 may be any data storage devices that store one or more program codes 412, which are accessed and executed by the one or more processors 400.
- Examples of the one or more storage units 410 include but are not limited to a SIM, ROM, flash memory, RAM, hard-disk, and optical data storage device.
- the one or more communication units 420 may be transceivers and are used to transmit and receive signals (e.g., messages or packets) according to processing results of the one or more processors 400. In an embodiment, the one or more communication units 420 transmit and receive the signals via at least one antenna 422 or via wiring.
- the one or more storage units 410 and the one or more program codes 412 may be omitted.
- the one or more processors 400 may include one or more storage units with stored program codes.
- the one or more processors 400 may implement any steps or operations described in exemplified embodiments on the wireless communication node 40, e.g., via executing the program codes 412.
- the one or more communication units 420 may be one or more transceivers.
- the one or more communication units 420 may as an alternative or in addition be combining a transmitting unit and a receiving unit configured to transmit and to receive, respectively, signals, messages, or information to and from a wireless communication node or a wireless communication terminal.
- the wireless communication node 40 may be used to perform the operations of at least one of the UDM, the UIA-Anchor, the UIA AF, and/or the AMF described in this disclosure.
- the one or more processors 400 and the one or more communication units 420 collaboratively perform the operations described in this disclosure.
- the one or more processors 400 perform operations and transmit or receive signals through the one or more communication units 420.
- different processors 400 and different communication units 420 may be used to perform operations of different network functions (e.g., the at least one of the UDM, the UIA-Anchor, the UIA AF, and/or the AMF described in this disclosure)
- a wireless communication method is also provided according to an embodiment of the present disclosure.
- the wireless communication method may be performed by using a wireless communication terminal (e.g., a UE) .
- the wireless communication terminal may be implemented by using the wireless communication terminal 30 described in this disclosure, but is not limited thereto.
- the wireless communication method includes: receiving, via the communication unit from a wireless communication terminal, a request message comprising a user identifier to be activated; and transmitting, by the wireless communication node to the wireless communication terminal, a response message indicating whether the user identifier is successfully activated or whether a session for the user identifier is established.
- the wireless communication method may be performed by using a wireless communication node (e.g., a UDM, a UIA-Anchor, a UIA AF, an AMF, and/or a network or network node including at least one of a UDM, a UIA-Anchor, a UIA AF and/or an AMF) .
- a wireless communication node e.g., a UDM, a UIA-Anchor, a UIA AF, an AMF
- the wireless communication node may be implemented by using the wireless communication node 40 described in this disclosure, but is not limited thereto.
- the wireless communication method includes: transmitting, via the communication unit to a wireless communication node, a request message comprising a user identifier to be activated; and receiving, by the wireless communication terminal from the wireless communication node, a response message indicating whether the user identifier is successfully activated or whether a session for the user identifier is established.
- the wireless communication terminal used in the present disclosure may indicate the UE described above.
- the wireless communication node used in the present disclosure may indicate the UDM, the UIA-Anchor, the UIA AF, the AMF, and/or a network or network node including at least one of the UDM, the UIA-Anchor, the UIA AF, and/or the AMF described above.
- the management node used in the present disclosure may indicate the UDM described above.
- the anchor node used in the present disclosure may indicate the UIA-Anchor described above.
- the application node used in the present disclosure may indicate the UIA AF described above.
- the network exposure node used in the present disclosure may indicate the NEF described above.
- the first message used in the present disclosure may indicate Nudm_UIA_Active Request in operation 5 of Aspect 1 or operation 7 in Aspect 2 described above.
- the second message used in the present disclosure may indicate Nudm_UIA_Active Response in operation 8 of Aspect 1 or UIA Active Response in operation 8 of Aspect 2 described above.
- the third message used in the present disclosure may indicate Nudm_UIA Active Notify in operation 7 of Aspect 3 described above.
- the key identifier used in the present disclosure may indicate UIA-KID described above.
- a and/or B and/or C includes any and all combinations of one or more of A, B, and C, including A, B, C, A and B, A and C, B and C, and a combination of A and B and C.
- A/B/C includes any and all combinations of one or more of A, B, and C, including A, B, C, A and B, A and C, B and C, and a combination of A and B and C.
- any reference to an element herein using a designation such as “first, “ “second, “ and so forth does not generally limit the quantity or order of those elements. Rather, these designations can be used herein as a convenient means of distinguishing between two or more elements or instances of an element. Thus, a reference to first and second elements does not mean that only two elements can be employed, or that the first element must precede the second element in some manner.
- any one of the various illustrative logical blocks, units, processors, means, circuits, methods and functions described in connection with the aspects disclosed herein can be implemented by electronic hardware (e.g., a digital implementation, an analog implementation, or a combination of the two) , firmware, various forms of program or design code incorporating instructions (which can be referred to herein, for convenience, as "software” or a “software unit” ) , or any combination of these techniques.
- a processor, device, component, circuit, structure, machine, unit, etc. can be configured to perform one or more of the functions described herein.
- IC integrated circuit
- DSP digital signal processor
- ASIC application specific integrated circuit
- FPGA field programmable gate array
- the logical blocks, units, and circuits can further include antennas and/or transceivers to communicate with various components within the network or within the device.
- a general-purpose processor can be a microprocessor, but in the alternative, the processor can be any conventional processor, controller, or state machine.
- a processor can also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other suitable configuration to perform the functions described herein. If implemented in software, the functions can be stored as one or more instructions or code on a computer-readable medium. Thus, the steps or operations of a method or algorithm disclosed herein can be implemented as software stored on a computer-readable medium.
- Computer-readable media includes both computer storage media and communication media including any medium that can be enabled to transfer a computer program or code from one place to another.
- a storage media can be any available media that can be accessed by a computer.
- such computer-readable media can include RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to store desired program code in the form of instructions or data structures and that can be accessed by a computer.
- unit refers to software, firmware, hardware, and any combination of these elements for performing the associated functions described herein. Additionally, for purpose of discussion, the various units are described as discrete units; however, as would be apparent to one of ordinary skill in the art, two or more units may be combined to form a single unit that performs the associated functions according to embodiments of the present disclosure.
- memory or other storage may be employed in embodiments of the present disclosure.
- memory or other storage may be employed in embodiments of the present disclosure.
- any suitable distribution of functionality between different functional units, processing logic elements or domains may be used without detracting from the present disclosure.
- functionality illustrated to be performed by separate processing logic elements, or controllers may be performed by the same processing logic element, or controller.
- references to specific functional units are only references to a suitable means for providing the described functionality, rather than indicative of a strict logical or physical structure or organization.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Un procédé de communication sans fil est divulgué. Le procédé consiste à recevoir, par l'intermédiaire de l'unité de communication depuis un terminal de communication sans fil, un message de demande comprenant un identifiant d'utilisateur à activer ; et à transmettre, par le nœud de communication sans fil au terminal de communication sans fil, un message de réponse indiquant si l'identifiant d'utilisateur est activé avec succès ou si une session pour l'identifiant d'utilisateur est établie.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2024/111114 WO2025130077A1 (fr) | 2024-08-09 | 2024-08-09 | Procédé, dispositif et produit-programme informatique pour communication sans fil |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2024/111114 WO2025130077A1 (fr) | 2024-08-09 | 2024-08-09 | Procédé, dispositif et produit-programme informatique pour communication sans fil |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2025130077A1 true WO2025130077A1 (fr) | 2025-06-26 |
Family
ID=96136345
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/CN2024/111114 Pending WO2025130077A1 (fr) | 2024-08-09 | 2024-08-09 | Procédé, dispositif et produit-programme informatique pour communication sans fil |
Country Status (1)
| Country | Link |
|---|---|
| WO (1) | WO2025130077A1 (fr) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114503630A (zh) * | 2019-10-04 | 2022-05-13 | 三星电子株式会社 | 激活5g用户的方法和装置 |
| US20220264504A1 (en) * | 2019-07-03 | 2022-08-18 | Nec Corporation | Ue, core network node, and control method for handling multiple user identities per ue |
-
2024
- 2024-08-09 WO PCT/CN2024/111114 patent/WO2025130077A1/fr active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20220264504A1 (en) * | 2019-07-03 | 2022-08-18 | Nec Corporation | Ue, core network node, and control method for handling multiple user identities per ue |
| CN114503630A (zh) * | 2019-10-04 | 2022-05-13 | 三星电子株式会社 | 激活5g用户的方法和装置 |
Non-Patent Citations (4)
| Title |
|---|
| ANONYMOUS: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on security aspects of User Identities and Authentication (Release 19)", 3GPP STANDARD; TECHNICAL REPORT; 3GPP TR 33.700-32, no. V0.2.0, 30 May 2024 (2024-05-30), pages 1 - 53, XP052624399 * |
| ANONYMOUS: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on User Identities and Authentication Architecture (Release 19)", 3GPP STANDARD; TECHNICAL REPORT; 3GPP TR 23.700-32, no. V1.0.0, 10 June 2024 (2024-06-10), pages 1 - 124, XP052624511 * |
| MIRKO CANO SOVERI, ZTE CORPORATION: "Solution to KI#1 and KI#2", 3GPP DRAFT; S3-242499; TYPE PCR; FS_UIA_SEC, vol. SA WG3, 28 May 2024 (2024-05-28), Jeju, KR, pages 1 - 3, XP052620997 * |
| ZHENDONG LI, ZTE: "KI#1, conclusion update", 3GPP DRAFT; S2-2406616; TYPE PCR; FS_UIA_ARC, vol. SA WG2, 17 May 2024 (2024-05-17), Jeju, KR, pages 1 - 3, XP052614030 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN115769618B (zh) | 使用假名用于通过非3gpp接入的接入认证 | |
| EP2297923B1 (fr) | Authentification d un dispositif sans fil dans un réseau visité | |
| US8990897B2 (en) | Generic key-decision mechanism for GAA | |
| US20090217038A1 (en) | Methods and Apparatus for Locating a Device Registration Server in a Wireless Network | |
| CN109922474B (zh) | 触发网络鉴权的方法及相关设备 | |
| CN110798833A (zh) | 一种鉴权过程中验证用户设备标识的方法及装置 | |
| US20240334186A1 (en) | Method for ue-to-network relay security in proximity-based services | |
| CN105052184A (zh) | 控制用户设备对服务的接入 | |
| TW201203979A (en) | Method and apparatus for network personalization of subscriber devices | |
| CN111866870B (zh) | 密钥的管理方法和装置 | |
| KR102783803B1 (ko) | 등록 절차를 위한 무선 통신 방법 | |
| WO2025130077A1 (fr) | Procédé, dispositif et produit-programme informatique pour communication sans fil | |
| CN101568116A (zh) | 一种证书状态信息的获取方法及证书状态管理系统 | |
| WO2024168472A1 (fr) | Procédé sans fil et dispositif associé | |
| WO2025156442A1 (fr) | Procédé, dispositif et produit-programme d'ordinateur pour communication sans fil | |
| WO2025043389A1 (fr) | Procédé, dispositif et produit-programme d'ordinateur pour communication sans fil | |
| WO2024011392A1 (fr) | Procédé de communication sans fil et dispositif associé | |
| US20260067270A1 (en) | Two factor authentication | |
| US20240137761A1 (en) | Method, device and computer program product for wireless communication | |
| WO2025156599A1 (fr) | Procédé, dispositif et produit-programme d'ordinateur pour communication sans fil | |
| CN121040104A (zh) | 用于无线通信的方法、设备和计算机程序产品 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 24905572 Country of ref document: EP Kind code of ref document: A1 |