Communication method and apparatus

By employing a multi-layered security mechanism involving terminal devices and core network elements, anonymized identity identifiers are generated and processed, thus resolving the user privacy protection issue when terminal devices access the network. This achieves a higher level of security for user identity privacy protection, meeting the needs of future communication networks.

CN122317596APending Publication Date: 2026-06-30HUAWEI TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
HUAWEI TECH CO LTD
Filing Date
2024-12-31
Publication Date
2026-06-30

Smart Images

  • Figure CN122317596A_ABST
    Figure CN122317596A_ABST
Patent Text Reader

Abstract

A communication method and apparatus, belonging to the field of communications, are disclosed. The method includes: a first module in a terminal-side device obtaining a first hidden identity identifier from a second module in the same device; the first hidden identity identifier being a hidden identity identifier obtained by the second module processing plaintext identity information using a second security mechanism; the first module processing the first hidden identity identifier using the first security mechanism to obtain a second hidden identity identifier; and the first module sending the second hidden identity identifier to a first network for accessing the first network. The first module can further process the first hidden identity identifier calculated by the second module using a first security mechanism with higher security strength to obtain the second hidden identity identifier. Thus, when the first module accesses the network, the second hidden identity identifier calculated by the first module can provide a higher level of security for user identity privacy protection.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of communications, and more specifically, to a communication method and apparatus. Background Technology

[0002] In the field of communications, terminal devices may have multiple different identifiers. Furthermore, for the sake of interoperability, communication protocols often stipulate that terminal devices need to use specific identifiers to access the network in different scenarios.

[0003] For example, in 5G (5th generation mobile communication technology), the user identifier of a terminal device includes a subscription concealed identifier (SUCI) and a subscription permanent identifier (SUPI), etc. SUPI can be understood as the terminal device's true identity information, while SUCI is an identity identifier obtained by encrypting or anonymizing SUPI. SUCI plays a crucial role in the network authentication process. For instance, when a terminal device attempts to access the network, it typically uses an anonymized identity identifier (such as SUCI) to authenticate with the network, preventing attackers from directly obtaining the user's true identity information, thereby improving the network security of the terminal device.

[0004] Future communication networks may have higher requirements for user privacy, so anonymized user identity identification that adapts to the network security needs of future communication networks remains a research hotspot. Summary of the Invention

[0005] This application provides a communication method and apparatus that can use anonymized identity identifiers instead of transmitting user identity identifiers in plaintext during the process of a terminal accessing a network, thereby protecting the user's privacy and security.

[0006] In a first aspect, a communication method is provided. The method provided in the first aspect relates to a terminal-side device. Unless otherwise specified, the terminal-side device in this application may be the terminal device itself, a component in the terminal device (e.g., a processor, a chip, or a chip system), or a logic module or software that can implement some or all of the functions of the terminal device.

[0007] The method includes: a first module in a terminal-side device obtaining a first hidden identity identifier from a second module in the same device, the first hidden identity identifier being a hidden identity identifier obtained by the second module processing plaintext identity information using a second security mechanism; wherein the terminal-side device includes the first module and the second module, the first module supporting the first security mechanism, the second module supporting the second security mechanism, the first security mechanism being different from the second security mechanism, and the first security mechanism having a higher security strength than the second security mechanism; the first module using the first security mechanism to process the first hidden identity identifier to obtain a second hidden identity identifier; and the first module sending the second hidden identity identifier to a first network for accessing the first network.

[0008] Based on the above scheme, the first module can use a more secure first security mechanism to further process the first hidden identity calculated by the second module to obtain a second hidden identity. Thus, when the first module joins the network, the second hidden identity calculated by the first module can provide a higher level of security for user identity privacy protection.

[0009] In some implementations, before the first module uses the first security mechanism to process the first hidden identity and obtain the second hidden identity, the method further includes: the first module determining that it supports the first security mechanism and the second module does not support the first security mechanism.

[0010] In some implementations, the first module determines whether it supports the first security mechanism and the second module does not support the first security mechanism, including: the first module determines whether the second module supports the first security mechanism based on the home network identifier in the first hidden identity or the home network identifier in the plaintext identity information; or, the first module determines whether the second module supports the first security mechanism based on the first security mechanism indication information in the first hidden identity, wherein the first security mechanism indication information is used to indicate the security mechanism that generated the first hidden identity.

[0011] In some implementations, the method further includes: the first module sending first indication information to the first network, the first indication information being used to indicate that the second hidden identity was obtained by processing the first hidden identity using the first security mechanism.

[0012] In some implementations, the first instruction information is also used to trigger the first network to change the default calculation method for hiding the identity to the first module.

[0013] In some implementations, the method further includes: the first module receiving second indication information from the first network, the second indication information being used to indicate that the default calculation method for hiding the identity should be modified to the first module.

[0014] In some implementations, the method further includes: in response to the second indication information, the first module obtains a third hidden identity identifier, which is a hidden identity identifier obtained by the first module after processing the plaintext identity information according to the first security mechanism; the first module sends the third hidden identity identifier to the second network, which is used to access the second network.

[0015] In some implementations, the second hidden identity is carried in a first registration request message, which is used to request access to the first network.

[0016] In some implementations, the first instruction information is carried in the first registration request message.

[0017] In some implementations, the first module is the Mobile Device (ME), and the second module is the Global User Identity (USIM) module.

[0018] In some implementations, this plaintext identity information is either the user's permanent identity identifier (SUPI) or the International Mobile Subscriber Identity (IMSI).

[0019] Secondly, a communication method is provided. The method provided in this second aspect involves a first network element. Unless otherwise specified, the first network element in this application can be the core network equipment itself, a component within the core network equipment (e.g., a processor, chip, or chip system), or a logical module or software capable of implementing some or all of the functions of the core network equipment. Exemplarily, the first network element can be used for access and mobility management.

[0020] For example, the first network element is configured with a mapping relationship between a routing indication and a second network element, and the second network element supports a first security mechanism; the method includes: receiving a second hidden identity identifier from a terminal-side device, the second hidden identity identifier including the routing indication, the routing indication being used to access a third network element, the third network element not supporting the first security mechanism; and sending the second hidden identity identifier to the second network element based on the mapping relationship.

[0021] Thirdly, a communication method is provided. The method provided in this third aspect involves a second network element. Unless otherwise specified, the second network element in this application can be the core network device itself, a component within the core network device (e.g., a processor, chip, or chip system), or a logic module or software capable of implementing some or all of the functions of the core network device. For example, the second network element may include a network element used for managing data, de-hiding identity, or storing data.

[0022] The method includes: receiving a second hidden identity identifier and first indication information from a terminal-side device, the first indication information indicating that the second hidden identity identifier was obtained by processing a first hidden identity identifier using a first security mechanism; responding to the first indication information, processing the second hidden identity identifier using the first security mechanism to obtain the first hidden identity identifier; and generating an authentication vector based on the first hidden identity identifier; wherein the first hidden identity identifier is used to determine the plaintext identity information of the terminal-side device, the plaintext identity information is used to generate the authentication vector, and the plaintext identity information is obtained by processing the first hidden identity identifier using the second security mechanism.

[0023] In some implementations, the method further includes: sending second indication information to the terminal device based on the first indication information, the second indication information being used to instruct the default calculation method for hiding the identity to be modified to the first module.

[0024] Fourthly, a communication method is provided. The method provided in the fourth aspect relates to a terminal-side device. Unless otherwise specified, the terminal-side device in this application may be the terminal device itself, a component in the terminal device (e.g., a processor, chip, or chip system), or a logic module or software that can implement some or all of the functions of the terminal device.

[0025] The method includes: a first module in a terminal-side device obtaining plaintext identity information from a second module in the same device, and obtaining a first secret, the first secret being obtained by the second module according to a second security mechanism; wherein the terminal-side device includes the first module and the second module, the first module supports the first security mechanism, the second module supports the second security mechanism, the first security mechanism is different from the second security mechanism, and the security strength of the first security mechanism is higher than that of the second security mechanism; the first module uses the first security mechanism to obtain the second secret; the first module performs key deduction based on the first secret and the second secret to obtain a first key; the first module uses the first key to process the plaintext identity information to obtain a fourth hidden identity identifier; and the first module sends the fourth hidden identity identifier to a first network, the fourth hidden identity identifier being used to access the first network.

[0026] Based on the above scheme, the first module can use a fourth hidden identity with higher security to access the network. Thus, when the first module joins the network, the fourth hidden identity calculated by the first module can provide a higher level of security for user identity privacy protection.

[0027] In some implementations, before the first module uses the first key to process the plaintext identity information and obtain the fourth hidden identity identifier, the method further includes: the first module determining that it supports the first security mechanism and the second module does not support the first security mechanism.

[0028] In some implementations, the determination by the first module that it supports the first security mechanism and the second module that it does not support the first security mechanism includes: the first module determining whether the second module supports the first security mechanism based on the home network identifier in the fifth hidden identity identifier or the home network identifier in the plaintext identity information; or, the first module determining whether the second module supports the first security mechanism based on the first security mechanism indication information in the fifth hidden identity identifier, wherein the first security mechanism indication information is used to indicate the security mechanism that generates the first hidden identity identifier; wherein the fifth hidden identity identifier is obtained by the second module processing the plaintext identity information according to the second security mechanism.

[0029] In some implementations, the method further includes sending a third indication message to the first network, the third indication message being used to indicate that the fourth hidden identity was obtained by processing the plaintext identity information using the first secret and the second secret.

[0030] In some implementations, before the first module obtains the first secret, the method further includes: the first module sending a request message to the second module, the request message being used to request the first secret, the request message being carried in a first message, the first message being used to request the second module to provide a hidden identity identifier.

[0031] In some implementations, the method further includes: the first module obtaining a fifth hidden identity identifier from the second module, the fifth hidden identity identifier being obtained by the second module processing the plaintext identity information according to the second security mechanism; the first module determining the second security mechanism indication information according to the first security mechanism indication information in the fifth hidden identity identifier; wherein, the first module using the first key to process the plaintext identity information to obtain a fourth hidden identity identifier includes: the first module carrying the security mechanism indication information in the fourth hidden identity identifier.

[0032] Fifthly, a communication method is provided. The method provided in this fifth aspect relates to a second network element. Unless otherwise specified, the second network element in this application can be the core network device itself, a component within the core network device (e.g., a processor, chip, or chip system), or a logic module or software capable of implementing some or all of the functions of the core network device. For example, the second network element may include a network element used for managing data, de-hiding identity, or storing data.

[0033] The method includes: receiving a fourth hidden identity identifier from a terminal device; obtaining a third secret, which is obtained according to a second security mechanism; obtaining a fourth secret using a first security mechanism; performing key deduction based on the third secret and the fourth secret to obtain a second key; decrypting the fourth hidden identity identifier using the second key to obtain the plaintext identity information of the terminal device; and generating an authentication vector based on the plaintext identity information.

[0034] In some implementations, the method further includes: receiving third indication information from the terminal device, the third indication information being used to indicate that the fourth hidden identity identifier was obtained by processing the plaintext identity information using two secrets; wherein, decrypting the fourth hidden identity identifier using the second key to obtain the plaintext identity information of the terminal device includes: in response to the third indication information, decrypting the fourth hidden identity identifier using the second key to obtain the plaintext identity information of the terminal device.

[0035] A sixth aspect provides a communication device including a processing circuit (or processor) and an input / output interface (also referred to as an interface circuit), the input / output interface being used for inputting and / or outputting signals, the processing circuit being used to perform the first aspect and any possible method of the first aspect, or the processing circuit being used to perform the second aspect and any possible method of the second aspect, or the processing circuit being used to perform the third aspect and any possible method of the third aspect, or the processing circuit being used to perform the fourth aspect and any possible method of the fourth aspect, or the processing circuit being used to perform the fifth aspect and any possible method of the fifth aspect.

[0036] In some implementations, the processing circuit is used to communicate with other devices through the interface circuit and to perform the first aspect and any possible method of the first aspect, or to perform the second aspect and any possible method of the second aspect, or to perform the third aspect and any possible method of the third aspect, or to perform the fourth aspect and any possible method of the fourth aspect, or to perform the fifth aspect and any possible method of the fifth aspect.

[0037] In a seventh aspect, a communication device is provided. This communication device may include units or modules for performing the functions of the communication device.

[0038] In some implementations, the communication device may include modules, units, or means for performing the methods / operations / steps / actions described in the first aspect and any possible implementation of the first aspect. These modules, units, or means may be hardware circuits, software, or a combination of hardware circuits and software.

[0039] In some implementations, the communication device may include modules, units, or means for performing the methods / operations / steps / actions described in the second aspect and any possible implementation of the second aspect. These modules, units, or means may be hardware circuits, software, or a combination of hardware circuits and software.

[0040] In some implementations, the communication device may include modules, units, or means for performing the methods / operations / steps / actions described in the third aspect and any possible implementation of the third aspect. These modules, units, or means may be hardware circuits, software, or a combination of hardware circuits and software.

[0041] In some implementations, the communication device may include modules, units, or means for performing the methods / operations / steps / actions described in the fourth aspect and any possible implementation of the fourth aspect, which may be hardware circuits, software, or a combination of hardware circuits and software.

[0042] In some implementations, the communication device may include modules, units, or means for performing the methods / operations / steps / actions described in the fifth aspect and any possible implementation of the fifth aspect, which may be hardware circuits, software, or a combination of hardware circuits and software.

[0043] Eighthly, a computer-readable storage medium is provided that stores a computer program or instructions that, when executed, cause the first aspect and any possible method of the first aspect to be performed (or implemented), or cause the second aspect and any possible method of the second aspect to be performed (or implemented), or cause the third aspect and any possible method of the third aspect to be performed (or implemented), or cause the fourth aspect and any possible method of the fourth aspect to be performed (or implemented), or cause the fifth aspect and any possible method of the fifth aspect to be performed (or implemented).

[0044] Ninthly, a computer program product is provided, comprising a computer program or instructions that, when executed, cause the first aspect and any possible method of the first aspect to be performed (or implemented), or cause the second aspect and any possible method of the second aspect to be performed (or implemented), or cause the third aspect and any possible method of the third aspect to be performed (or implemented), or cause the fourth aspect and any possible method of the fourth aspect to be performed (or implemented), or cause the fifth aspect and any possible method of the fifth aspect to be performed (or implemented).

[0045] In a tenth aspect, a communication device is provided, comprising a processor configured to execute (or implement) any of the possible methods of the first aspect, or any of the possible methods of the second aspect, or any of the possible methods of the third aspect, or any of the possible methods of the fourth aspect, or any of the possible methods of the fifth aspect, by executing a computer program (or computer-executable instructions) stored in a memory, and / or by logic circuitry.

[0046] In one possible implementation, the device also includes a memory. In another possible implementation, the processor and memory are integrated together. In yet another possible implementation, the memory is located outside the communication device. The processor may include one or more processors.

[0047] In one possible implementation, the communication device further includes a communication interface for communicating with other devices, such as transmitting or receiving data and / or signals. Exemplarily, the communication interface may be a transceiver, circuit, bus, module, or other type of communication interface.

[0048] In one implementation, the communication device described in the sixth, seventh, or tenth aspects can be a chip or a chip system.

[0049] Eleventhly, a chip is provided, including a processor, for calling a computer program or computer instructions in memory to execute (or implement) any of the implementations of the first aspect, or to execute (or implement) any of the implementations of the second aspect, or to execute (or implement) any of the implementations of the third aspect, or to execute (or implement) any of the implementations of the fourth aspect, or to execute (or implement) any of the implementations of the fifth aspect.

[0050] In some implementations, the processor is coupled to the memory via an interface.

[0051] In a twelfth aspect, a communication system is provided. The system includes a terminal-side device; and further includes a first network element and / or a second network element. The terminal-side device is configured to execute the first aspect and any possible implementation thereof, the first network element is configured to execute the second aspect and any possible implementation thereof, and the second network element is configured to execute the third aspect and any possible implementation thereof. Alternatively, the system includes a terminal-side device and a second network element. The terminal-side device is configured to execute the fourth aspect and any possible implementation thereof, and the second network element is configured to execute the fifth aspect and any possible implementation thereof.

[0052] The description of the beneficial effects of any implementation of any of the sixth to twelfth aspects can be found in the description of the beneficial effects of the first to fifth aspects. Attached Figure Description

[0053] Figure 1 This is a schematic diagram of a communication system.

[0054] Figure 2 This is a schematic diagram of a network architecture.

[0055] Figure 3 This is a schematic diagram of the structure of a SUCI.

[0056] Figure 4 These are schematic diagrams of some mechanism outputs.

[0057] Figure 5 A schematic flowchart illustrating the generation of SUCI by the terminal-side device is shown.

[0058] Figure 6 A schematic flowchart is shown to illustrate the process of decrypting SUCI on the network side to obtain SUPI.

[0059] Figure 7 This is a schematic flowchart of a communication method provided in an embodiment of this application.

[0060] Figure 8 This is a schematic flowchart illustrating another communication method provided in an embodiment of this application.

[0061] Figure 9 This is a schematic flowchart illustrating another communication method provided in the embodiments of this application.

[0062] Figure 10 This is a schematic flowchart illustrating another communication method provided in the embodiments of this application.

[0063] Figure 11 This is a schematic block diagram of a communication device provided in an embodiment of this application.

[0064] Figure 12 This is a schematic diagram of another communication device provided in an embodiment of this application.

[0065] Figure 13 This is a schematic diagram of a chip system provided in an embodiment of this application.

[0066] Figure 14 This is a schematic diagram of another chip system provided in an embodiment of this application. Detailed Implementation

[0067] In this application, unless otherwise specified or in case of logical conflict, the terminology and / or descriptions of different embodiments are consistent and can be referenced by each other. Technical features in different embodiments can be combined to form new embodiments based on their inherent logical relationships.

[0068] I. In this application, "at least one" means one or more, and "more than one" means two or more. "And / or" describes the relationship between related objects, indicating that three relationships can exist. For example, A and / or B can mean: A exists alone, A and B exist simultaneously, or B exists alone, where A and B can be singular or plural. In the textual description of this application, the character " / " generally indicates that the preceding and following related objects are in an "or" relationship. "At least one of the following" or similar expressions refer to any combination of these items, including any combination of single or plural items. For example, at least one of a, b, and c can mean: a, or, b, or, c, or, a and b, or, a and c, or, b and c, or, a, b, and c. Here, a, b, and c can each be single or multiple.

[0069] II. In this application, the terms "first," "second," and various numerical designations (e.g., #1, #2, etc.) indicate distinctions made for ease of description and are not intended to limit the scope of the embodiments of this application. For example, they may distinguish different messages, rather than describing a specific order or sequence. It should be understood that such descriptions can be interchanged where appropriate to describe solutions other than those in the embodiments of this application.

[0070] Third, in this application, descriptions such as "when," "under the circumstances," and "if" all refer to the device making corresponding processing under certain objective circumstances, and are not time-limited, nor do they require the device to make a judgment action when implementing it, nor do they imply any other limitations.

[0071] IV. In this application, "instruction" or "for instruction" can include both direct (or explicit) and indirect (or implicit) instruction. When describing instruction information as indicating A, it can include whether the instruction information directly or indirectly indicates A, but does not necessarily mean that the instruction information carries A. For example, in the case of indirect (or implicit) instruction, the receiving end of the instruction information can obtain A based on the parameters indicated by the instruction information, combined with other rules or parameters, or through deduction.

[0072] V. The indication methods involved in the embodiments of this application should be understood to cover various methods that enable the party to be indicated to obtain the information to be indicated. The information to be indicated can be sent as a whole or divided into multiple sub-information and sent separately. Moreover, the sending period and / or sending time of these sub-information can be the same or different. This application does not limit the sending method, for example.

[0073] VI. In this application, "protocol" can refer to standard protocols in the field of communications, such as 5G protocols, new radio (NR) protocols, and related protocols applied to future communication systems; this application does not limit this term. "Predefined" can include predefined terms, such as protocol definitions. "Preconfiguration" can be implemented by pre-storing corresponding codes, tables, or other means that can be used to indicate relevant information in the device; this application does not limit the implementation method.

[0074] VII. In this application, "communication" can also be described as "data transmission," "information transmission," "data processing," etc. "Transmission" includes "sending" and / or "receiving." For example, transmission can be uplink transmission, such as a terminal device sending a signal to a network device; transmission can also be downlink transmission, such as a network device sending a signal to a terminal device; transmission can also be sidelink transmission, such as a terminal device sending a signal to another terminal device. For example, "transmission" can be air interface level transmission, or it can be signal transmission from a chip input (I) / output (O) port, rather than air interface level transmission.

[0075] 8. In this application, terms such as “message”, “information”, “signal” or “information element (IE)” can be used interchangeably. There are no restrictions on the name of the message or information, as long as it can achieve the corresponding function.

[0076] 9. "Sending information to XX (device)" can be understood as the destination of the information being that device. This can include sending information directly or indirectly to that device. "Receiving information from XX (device), or receiving information from XX (device)" can be understood as the source of the information being that device. This can include receiving information directly or indirectly from that device. Information may undergo necessary processing between the source and destination, such as format changes, but the destination can understand the valid information from the source. Similar expressions in this application can be understood in a similar way, and will not be repeated here. Furthermore, "sending" can also be understood as the "output" of the chip interface, and "receiving" can also be understood as the "input" of the chip interface. In other words, "sending" or "receiving" can occur between devices, for example, between network devices and terminal devices via an air interface. "Sending" or "receiving" can also occur within a device, for example, between components, modules, chips, software modules, or hardware modules within the device via a bus, wiring, or interface.

[0077] 10. In this application, terms such as "exemplarily" and "for example" are used to indicate examples, illustrations, or descriptions to present concepts in a specific manner. Any embodiment or design described as an "example" in this application should not be construed as being more preferred or advantageous than other embodiments or designs. In the embodiments of this application, the terms "of," "corresponding (relevant)," "corresponding," and "associated" may sometimes be used interchangeably, and it should be noted that their intended meanings are consistent unless their distinctions are emphasized.

[0078] XI. In this application, configuration can be signaling configuration or can be described as configuring signaling. For example, signaling configuration includes configuration using signaling sent by network devices, which can be radio resource control (RRC) messages, downlink control information (DCI) messages, or system information blocks (SIBs). Another example is signaling configuration between network devices. These network devices can include access network devices, core network devices, or management plane devices, etc. Optionally, signaling configuration can also be configured to terminal devices or network devices using pre-configured signaling, or configured to terminal devices or network devices through pre-configuration. Here, pre-configuration refers to defining or configuring the values ​​of corresponding parameters in advance using a protocol, and storing them in the terminal device or network device during communication. Pre-configured messages can be modified or updated when the terminal device or network device is connected to the network.

[0079] 12. This application will present various aspects, embodiments, or features relating to systems that may include multiple devices, components, modules, etc. Each system may include devices, components, modules, etc., other than those illustrated, and / or may not include all and all of the devices, components, modules, etc. discussed in conjunction with the accompanying drawings.

[0080] Thirteen, the business scenarios described in the embodiments of this application are for the purpose of more clearly illustrating the technical solutions of the embodiments of this application, and do not constitute a limitation on the technical solutions provided in the embodiments of this application. As those skilled in the art will know, with the emergence of new business scenarios, the technical solutions provided in the embodiments of this application are also applicable to similar technical problems.

[0081] XIV. In the various embodiments of this application, the sequence number of each process does not imply the order of execution. The execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of this application. The terms "comprising," "including," "having," and their variations all mean "including but not limited to," unless otherwise specifically emphasized.

[0082] The technical solutions of this application embodiment can be applied to various communication systems, including but not limited to: Long Term Evolution (LTE) systems, NR systems, and other fifth-generation (5G) communication systems. th Generations of wireless communication systems, including 5G, narrowband Internet of Things (NB-IoT), enhanced machine-type communication (eMTC), enhanced mobile broadband (eMBB), ultra-reliable low latency communications (URLLC), satellite communication systems, LTE-machine-to-machine (LTE-M) systems, and other systems that evolve after 5G, such as future wireless communication systems.

[0083] The technical solutions in this application will now be described with reference to the accompanying drawings.

[0084] Figure 1 This is a schematic diagram of a communication system 100. (For example...) Figure 1As shown, the communication system 100 includes a wireless access network 110 and a core network 120. Optionally, the communication system 100 may also include an Internet 130. The wireless access network 110 may include at least one access network device (such as...). Figure 1 111a and 111b in the above), may also include at least one terminal device (such as Figure 1 (112a-112j in the original text). The terminal device connects to the access network device wirelessly. The access network device connects to the core network 120 wirelessly or via a wired connection. The core network 120 may include one or more core network devices. The core network device and the access network device may be independent physical devices, or the functions of the core network device and the logical functions of the access network device may be integrated on the same physical device, or a single physical device may integrate some of the functions of the core network device and some of the functions of the access network device. Terminal devices and access network devices can be interconnected via wired or wireless means. Terminal devices can communicate wirelessly with each other, with each other, and with each other via air interface resources. For example, air interface resources may include at least one of time-domain resources, frequency-domain resources, code resources, and spatial resources. It is understood that... Figure 1 This is a schematic diagram. The communication system 100 may also include other access network equipment, such as wireless repeater equipment and wireless backhaul equipment. Figure 1 It is not shown in the middle.

[0085] Access network equipment can be any device with wireless transceiver capabilities. For example, access network equipment can be a base station used to connect terminal devices to a radio access network (RAN). Access network equipment is sometimes also referred to as access network element, access network node, RAN node, RAN, access network (AN) node, or AN. It is understood that the names of devices with access network equipment functionality may differ in systems employing different wireless access technologies. For ease of description, devices providing wireless communication access functionality to terminal devices can be collectively referred to as base stations or RANs. Exemplarily, access network equipment includes, but is not limited to, various forms of macro base stations (such as...). Figure 1 111a), micro base stations or indoor stations (such as Figure 1Access network equipment includes 111b), picocells, small cells, balloon stations, relay stations, access points, etc., in LTE. It can also include evolved node B (eNB or eNodeB) in LTE, access points (APs), wireless relay nodes, wireless backhaul nodes, transmission points (TRPs or TPs), or transmission reception points (TRPs) in Wi-Fi systems. Furthermore, it can include next-generation NodeB (gNB), next-generation RAN (NG-RAN) nodes or transmission points (TRPs or TPs) in 5G systems, one or a group of antenna panels (including multiple antenna panels) of a base station in a 5G system, network nodes constituting a gNB or transmission point, such as baseband units (BBUs) or distributed units (DUs), and access network equipment, servers, or vehicle-mounted equipment in networks evolving after 5G. Access network equipment can also be modules or units that perform some of the functions of a base station. For example, it can be a central unit (CU) or a DU.

[0086] In addition, access network equipment can be used to perform functions such as radio resource management, quality of service (QoS) management, data compression or encryption on the air interface side.

[0087] In this embodiment, the apparatus for implementing the functions of the access network device can be the access network device itself, or it can be an apparatus capable of supporting the access network device in implementing the functions, such as a chip system, which can be installed in the access network device. The chip system can be composed of chips, or it can include chips and other discrete components.

[0088] In another possible scenario, multiple access network devices collaborate to assist the terminal in achieving wireless access, with each access network device performing a portion of the base station's functions. For example, the access network devices can be CU, DU, CU (control plane, CP), CU (user plane, UP), or radio unit (RU), etc. CU and DU can be configured separately or included in the same network element, such as in a BBU. RU can be included in radio equipment or radio units, such as in a remote radio unit (RRU), active antenna unit (AAU), or remote radio head (RRH).

[0089] In different systems, CU (or CU-CP and CU-UP), DU, or RU may have different names, but those skilled in the art will understand their meaning. For example, in an open radio access network (O-RAN) system, CU can also be called O-CU (open CU), DU can also be called O-DU, CU-CP can also be called O-CU-CP, CU-UP can also be called O-CU-UP, and RU can also be called O-RU. For ease of description, this application uses CU, CU-CP, CU-UP, DU, and RU as examples. Any of the units among CU (or CU-CP, CU-UP), DU, and RU in this application can be implemented through software modules, hardware modules, or a combination of software modules and hardware modules. The embodiments of this application do not limit the specific technology or specific device form used in the access network equipment.

[0090] Terminal equipment can be a device that provides voice and / or data connectivity to users. Terminal equipment can be deployed on land, including indoors or outdoors, handheld or vehicle-mounted; it can also be deployed on water (such as ships); and it can be deployed in the air (such as airplanes, balloons, and satellites). Terminal equipment can also be referred to as user equipment (UE), access terminal, terminal, subscriber unit, user station, mobile station, mobile station (MS), mobile terminal (MT), remote station, remote terminal, mobile device, user terminal, wireless network equipment, user agent, or user device. In this application embodiment, terminal devices include, but are not limited to: cellular phones, mobile phones, wireless data cards, wireless modems, tablets, laptop computers, notebook computers, handheld computers, mobile internet devices (MIDs), computers with wireless transceiver capabilities, cordless phones, session initiation protocol (SIP) phones, smartphones, wireless local loop (WLL) stations, personal digital assistants (PDAs), handsets or handheld devices with wireless communication capabilities, computing devices or other devices connected to wireless modems, vehicle-mounted devices (e.g., cars, bicycles, electric vehicles, airplanes, ships, trains, high-speed trains, etc.), wearable devices (e.g., smartwatches, smart bracelets, pedometers, smart glasses, etc.), satellite terminals, terminal devices in the Internet of Things or the Internet of Vehicles, as well as terminals of any form in future networks, relay user equipment, or terminals in future evolved public land mobile networks (PLMNs), etc.Terminal devices can also be virtual reality (VR) devices, augmented reality (AR) devices, smart point-of-sale (POS) machines, customer-premises equipment (CPE), light UE, reduced capability UE (REDCAP UE), machine type communication (MTC) terminals, terminal devices in industrial control, terminal devices in self-driving, terminal devices in telemedicine, terminal devices in smart grids, wireless terminals in transportation safety, terminal devices in smart cities, terminal devices in smart homes, tactile terminal devices, smart home devices (e.g., refrigerators, televisions, air conditioners, electricity meters, etc.), smart robots, robotic arms, workshop equipment, wireless terminals in self-driving, or flying devices (e.g., smart robots, hot air balloons, drones, airplanes), etc. The terminal device can also be a vehicle device, such as a complete vehicle device, an in-vehicle module, an in-vehicle chip, an on-board unit (OBU), or a telematics box (T-BOX). The terminal device can also be other devices with terminal functions; for example, it can be a device that functions as a terminal in device-to-device (D2D) communication. This application does not limit the scope of the embodiments in this regard.

[0091] In this application embodiment, the device for implementing the functions of the terminal device can be the terminal device itself, or it can be any device capable of supporting the terminal device in implementing those functions, such as a chip or chip system. This device can be installed in the terminal device. The chip system can consist of chips or include chips and other discrete components. In the technical solution of this application embodiment, the device for implementing the functions of the terminal device is the terminal device, which can also be called a terminal.

[0092] The roles of base stations and terminals can be relative, for example, Figure 1The helicopter or drone 112i can be configured as a mobile base station. For terminals 112j that access the wireless access network 110 via 112i, terminal 112i is a base station; however, for base station 111a, 112i is a terminal, meaning that 111a and 112i communicate via a wireless air interface protocol. Of course, 111a and 112i can also communicate via a base station-to-base station interface protocol; in this case, relative to 111a, 112i is also a base station. Therefore, both base stations and terminals can be collectively referred to as communication devices. Figure 1 111a and 111b in the diagram can be referred to as communication devices with base station functionality. Figure 1 The 112a-112j in the text can be referred to as communication devices with terminal functions.

[0093] Access network devices and terminal devices can communicate via wireless links. The transmission link from the access network device to the terminal device can be called a downlink (DL) or downlink channel, used for transmitting downlink signals. The transmission link from the terminal device to the access network device can be called an uplink (UL) or uplink channel, used for transmitting uplink signals. The transmission link from one terminal device to another can be called a sidelink (SL) or sidelink channel, used for transmitting sidelink signals.

[0094] For ease of description, the following description will use the UE as the terminal device.

[0095] Figure 2 This is a schematic diagram of a network architecture. (For example...) Figure 2 As shown, this network architecture uses the 5G system (5GS) as an example. As an example, this network architecture includes three parts: the terminal equipment part, the data network (DN) part, and the operator network PLMN part. The operator network PLMN part may include, but is not limited to, the radio access network (RAN) and the core network (CN) parts.

[0096] The following is a brief introduction to the network elements of each part.

[0097] 1. Terminal equipment, including user equipment (UE). See details. Figure 1 The relevant descriptions will not be repeated here.

[0098] 2. The data network portion can include a Data Network (DN), which provides the network for transmitting data. Examples include carrier service networks (such as IP Multimedia Subsystem (IMS)), the Internet, and third-party service networks. A DN can also be called a Packet Data Network (PDN), and is typically a network located outside the carrier network, such as a third-party network.

[0099] 3. The (R)AN section may include one or more access network elements or access network devices. See details. Figure 1 The relevant descriptions will not be repeated here.

[0100] 4. The CN component may include, but is not limited to, the following network functions (NFs): network slice selection function (NSSF), network slice specific authentication and authorization function (NSSAAF), authentication server function (AUSF), unified data management (UDM), network exposure function (NEF), network repository function (NRF), policy control function (PCF), application function (AF), access and mobility management function (AMF), session management function (SMF), user plane function (UPF), and signaling control point (SCP). A brief introduction to each network element follows.

[0101] 1) UPF network element: Used for packet routing and forwarding, as well as Quality of Service (QoS) processing of user plane data. User data can access the DN through this network element. In the embodiments of this application, it can be used to implement user plane functions.

[0102] 2) AMF network element: mainly used for mobility management and access management, and can be used to implement other functions of the mobility management entity (MME) except for session management, such as mobility state management, assigning temporary user identity identifiers, authenticating and authorizing users, etc.

[0103] AMF network elements can be used for non-access stratum (NAS) connections with terminal devices, possessing the same 5G NAS security context as the UE. The 5G NAS security context includes KAMF, the NAS stratum key and its identical key identification information, UE security capabilities, and uplink and downlink NAS COUNT values. The NAS stratum key includes a NAS encryption key and a NAS integrity protection key, used for confidentiality and integrity protection of NAS messages, respectively.

[0104] AMF network elements may include Security Anchor Function (SEAF) network elements. SEAF network elements are primarily used to initiate authentication requests to AFS network elements, completing the network-side authentication of the UE during the Evolved Packet System Authentication and Key Agreement (EPS-AKA) authentication process. It can be understood that SEAF network elements can also function as independent network elements, i.e., network elements independent of AMF network elements; this is not limited.

[0105] AMF network elements are control plane network functions provided by the operator's network, responsible for access control and mobility management of terminal equipment 110 accessing the operator's network.

[0106] 3) SMF network element: mainly used for session management, Internet Protocol (IP) address allocation and management of terminal devices, selection and management of user plane functions, policy control and billing function interface endpoints, and downlink data notification, etc.

[0107] 4) PCF network element: A unified policy framework used to guide network behavior, providing policy rule information to network elements (such as AMF network elements, SMF network elements, etc.) or terminal devices.

[0108] In addition, PCF internally stores QoS rules. Furthermore, PCF can generate corresponding QoS rules as required to ensure that the services provided by the network meet the requirements of third parties.

[0109] 5) NRF network element: Used to store network function entities and their description information, as well as support functions such as service discovery and network element entity discovery.

[0110] 6) NEF network element: used to enable third parties to use the services provided by the network, support the network to open its capabilities, events and data analysis, provide security configuration information to the PLMN from external applications, and convert information exchanged between the PLMN and external networks.

[0111] 7) UDM network element: used for unified data management, user data management, processing user identification, access authentication, registration, or mobility management, etc.

[0112] For example, the aforementioned user data may include subscription information of subscribed users in the operator's network. Subscription information may include the user's identity identifier (e.g., SUPI, or IMSI, etc.), and information related to the user's subsequent authentication for network access (e.g., long-term key K, or credential, etc.). The information stored in the UDM network element can be used for authentication and authorization of terminal devices accessing the operator's network. For example, the users in the aforementioned operator's network may be users of services provided by the operator's network, such as users using a subscriber identity module (SIM) card from a certain operator. The user's credential may be a small file stored in the SIM card, such as a long-term key or information related to SIM card encryption, used for authentication and / or authorization.

[0113] 8) UDR network element: Used to provide UDM with the function of saving and retrieving subscription data, PCF with the function of saving and retrieving policy data, and saving and retrieving user NF group ID information, etc.

[0114] 9) AF element: Used to provide corresponding services by interacting with other NFs in the PLMN, such as providing network selection information for roaming UE visits, routing data flows, and accessing NEFs.

[0115] 10) AUSF network element: used for authentication between UE (subscribed user) and operator network.

[0116] The AUSF (Authorized Unified Message) network element is a control plane function provided by the operator, typically used for authentication, i.e., authentication between terminal devices (such as subscribers) and the operator's network. After receiving an authentication request from a subscriber, the AUSF network element can authenticate and / or authorize the subscriber using authentication and / or authorization information stored in the UDM (User Delegated Message) network element, or generate the subscriber's authentication and / or authorization information using the UDM network element. The AUSF network element can then send the authentication and / or authorization information back to the subscriber.

[0117] In addition, the architecture may include other network elements, such as the authentication repository and processing function (ARPF) network element, which is mainly used to store the long-term key K; receive authentication vector requests from AUSF network elements; calculate the authentication vector using K; and send the authentication vector to AUSF network elements.

[0118] Figure 2 Nnssf, Nnef, Nnrf, Npcf, Nudm, Nudr, Naf, Nausf, Namf, Nsmf, Neasdf, Nnssaaf, Nnsacf, N1, N2, N3, N4, and N6 are interface serial numbers. For example, the meaning of the above interface serial numbers can be found in the Third Generation Partner Program (3...). rd The meaning of the interface sequence number as defined in the Generation Partnership Project (3GPP) standard protocol is not limited in this application. It should be noted that... Figure 2 The interface names between the various network functions in this document are merely examples. In specific implementations, the interface names of this system architecture may be other names, and this application does not limit them. Furthermore, the names of the messages (or signaling) transmitted between the aforementioned network elements are also merely examples and do not constitute any limitation on the function of the messages themselves.

[0119] exist Figure 2 In the architecture shown, the interface between (R)AN and CN can also be called the NG interface (not shown in the figure). (R)AN and CN are connected through the NG interface. The NG interface can include the NG-C interface and the NG-U interface. The NG-C interface is the control plane interface, connecting (R)AN and AMF network elements, and is used to transmit control plane data. The NG-U interface is the user plane interface, connecting (R)AN and UPF, and is used to transmit user plane data.

[0120] Figure 2 The network elements shown, such as AMF, SMF, UPF, NEF, AUSF, NRF, PCF, and UDM, can be understood as network elements in the core network used to implement different functions, such as network slices that can be combined as needed. These core network elements can be independent devices or integrated into the same device to implement different functions. This application does not limit the specific form of the above network elements. In addition, the above network elements or functions can be physical entities in hardware devices, software instances running on dedicated hardware, or virtualized functions instantiated on a shared platform (e.g., a cloud platform). Simply put, an NF can be implemented by hardware or by software.

[0121] Furthermore, the aforementioned naming is defined solely for the purpose of distinguishing different functions and should not constitute any limitation on this application. This application does not preclude the possibility of using other naming conventions in 5G networks and other future networks. For example, in future communication networks, some or all of the aforementioned network elements may retain the terminology used in 5G, or they may adopt other names, etc.

[0122] To make it easier to understand, let's first introduce a few concepts.

[0123] 1. User ID.

[0124] In mobile communication networks, each user is assigned a unique permanent identifier (or permanent identity). For example, in 2G / 3G / 4G networks, the permanent identifier can be the International Mobile Subscriber Identification Number (IMSI); in 5G networks, the permanent identifier can be the SUPI.

[0125] The user's permanent identity identifier (e.g., IMSI or SUPI) can be bound to the user identity module. The permanent identity identifier can uniquely identify a user. For example, the user identity module can be a subscriber identity module (SIM) or a universal subscriber identity module (USIM). Taking the USIM as an example, the UE can include the USIM and mobile equipment (ME).

[0126] The air interface is where third-party tracking of user identities is most likely to occur. For example, if the value of a permanent identifier (e.g., IMSI or SUPI) is transmitted in plaintext over the wireless link, third parties could use these permanent identifiers to identify, locate, and track users. Third parties could also obtain a user's permanent identifier through methods such as eavesdropping, which undermines user privacy.

[0127] To protect user privacy, mobile communications avoid using permanent user identifiers over the air interface as much as possible, instead employing temporary identifiers to identify users. These temporary identifiers can be assigned by the core network. Only the core network stores the mapping between temporary identifiers and actual permanent identifiers.

[0128] In some scenarios, different users can be identified by using periodically changing temporary identifiers, thereby reducing the risk of users being tracked.

[0129] In 4G networks, the aforementioned temporary identifier can be a globally unique temporary identifier (GUTI); in 5G networks, it can be a 5G-GUTI. After registering with the network, users can use the GUTI to identify themselves, thereby protecting their identity information. Furthermore, the temporary identifier can also be a temporary mobile subscriber identity (TMSI), and so on.

[0130] However, when a user registers with the network for the first time, the user has not yet been assigned a temporary identifier, and the user can only use the IMSI as the user identifier. Alternatively, if the network that the user wants to access cannot resolve the IMSI or SUPI from the reported TMSI or GUTI, the user will also use the permanent IMSI as the user identifier.

[0131] Both of the above scenarios pose security risks. Therefore, 5G networks introduce an encryption mechanism for SUPI (Supplemental Identity Provider Information). During initial registration, the user's SUPI information is encrypted; the encrypted information can be referred to as SUCI (Supplemental Identity Provider Information). This ensures end-to-end protection of the user's identity information.

[0132] 2. SUPI.

[0133] SUPI is a globally unique, permanent 5G subscription identifier assigned to each user in a 5G system. SUPI serves as the foundation for user authentication and authorization in the 5G system, possessing characteristics such as uniqueness, permanence, and security. For example, SUPI can be configured in UDM or UDR network elements of the 5G core network, forming the basis for user authentication and authorization.

[0134] A SUPI can consist of two parts: a SUPI type and a SUPI type value.

[0135] In the 3GPP specifications, the SUPI type can indicate IMSI, network-specific identifier (NSI), global line identifier (GLI), or global cable identifier (GCI).

[0136] Specifically, when the SUPI type is IMSI, the value of the SUPI type can be IMSI. When the SUPI type is NSI, GLI, or GCI, the value of the SUPI type can be the network access identifier (NAI).

[0137] The value of SUPI can be stored in the USIM card, the UDM of the 5G core network, or the UDR. As can be seen from the above, a valid SUPI can be in the form of IMSI or NAI, which will be introduced below.

[0138] For example, a SUPI using the IMSI format can be a 15-digit decimal string. The first three digits can be the mobile country code (MCC), representing the country; the next two or three digits can be the mobile network code (MNC), representing the operator; and the remaining ten or nine digits can be called the mobile subscriber identification number (MSIN), representing the user under a specific operator. The above format can be as shown in Table 1.

[0139] Table 1

[0140] MCC (3-bit) MNC (2-3 digits) MSIN (9-10 digits)

[0141] For example, a SUPI using the NAI format can be of variable length. The SUPI can have a fixed format, such as username@realm. In some examples, the length of a SUPI using the NAI format depends on the length of the usernames of different users defined in the non-public network (NPN).

[0142] For example, 3GPP stipulates that for private networks using 5G technology, 5G systems should support access to the network using third-party provided and managed, 3GPP-supported identities, credentials, and authentication methods.

[0143] The SUPI is globally unique, ensuring that each 5G user has a unique identifier. Once assigned, the SUPI accompanies the user throughout their 5G lifecycle. The SUPI includes the user's privacy information; therefore, in actual transmission, the SUPI is typically not transmitted directly, but rather the SUCI. The SUCI is generated using encryption mechanisms and a public key to protect the user's privacy.

[0144] 3. SUCI.

[0145] In some examples, the UE may include SUCI in some 5G non-access stratum (NAS) messages. For example:

[0146] If the UE is sending a registration request message of type "Initial Registration" to a PLMN that does not yet have a 5G-GUTI, the UE should include SUCI in the registration request message;

[0147] If the UE responds to the identity request message, and the network requests the UE to provide its permanent identifier through this message, the UE includes SUCI in the identity response message;

[0148] If the UE sends a de-registration request message to the PLMN during the initial registration process, but the UE does not receive a registration acceptance message with 5G-GUTI, the UE should include the SUCI used in the initial registration in the de-registration request message.

[0149] Furthermore, when the UE responds to an identity request message, the UE never sends SUPI (i.e., unencrypted user identity information).

[0150] SUCI can be a one-time-use user identifier, and a new SUCI is generated after each use to increase security.

[0151] In some examples, the terminal device can use the public key in the USIM card to encrypt the SUPI to obtain the SUCI. For instance, when a terminal device first joins the network, it can generate a SUCI and include it in the registration request message. This SUCI is used by the network for subsequent authentication of the terminal device, thus preventing network security performance degradation due to SUPI leakage. After the terminal device successfully accesses the network, core network elements (such as AMF elements) generate a 5G-GUTI and send it to the terminal device for subsequent message transmission between the terminal device and the network.

[0152] Figure 3 This is a schematic diagram of a SUCI structure. For SUPI encryption, only the MSIN portion of the IMSI or the username portion of the NAI may be encrypted using the protection strategy; while the Home Network Identifier, such as the MCC, MNC, or the domain name in the NAI, can be transmitted directly in plaintext. Figure 3 As shown, the SUCI format can consist of the following parts:

[0153] 1) SUPI type (or SUPI-type)

[0154] The SUPI type can be used to indicate the type of SUPI. This SUPI type can include values ​​in the range 0 to 7. Values ​​in the range 0 to 7 can be used to represent the type of SUPI hidden within the SUCI.

[0155] For example, when the type of SUPI is 0, it means that the type of SUPI is IMSI; when the type of SUPI is 1, it means that the type of SUPI is NSI; when the type of SUPI is 2, it means that the type of SUPI is GLI; when the type of SUPI is 3, it means that the type of SUPI is GCI; and when the type of SUPI is 4 to 7, it is a spare value for use in the future when new types of SUPI are added.

[0156] 2) Home network identifier

[0157] The Home Network Identifier can also be called the Home Public Land Mobile Network (HPLMN) ID or other names.

[0158] When the SUPI type is IMSI, the home network identifier can include MCC and MNC.

[0159] The Mobile Country Code (MCC) can consist of three decimal digits. The MCC uniquely identifies the country where a mobile user resides.

[0160] The Mobile Network Code (MNC) can consist of two or three decimal digits. The MNC can identify the home PLMN or stand-alone non-public network (SNPN) to which the mobile subscription belongs.

[0161] When the SUPI type is NSI, GLI, or GCI, the home network identifier may consist of a variable-length string representing the domain name specified in section 2.2 of the Internet Engineering Task Force (IETF) request for comments (RFC) 7542

[126] . For GLI or GCI, the domain name may correspond to the domain portion specified in the SUPI NAI format of sections 28.15.2 and 28.16.2.

[0162] 3) Routing indication.

[0163] A routing indicator (or routing descriptor) can represent a routing identifier. The routing indicator can be assigned by the home network operator and consists of 1 to 4 decimal numbers provided in the USIM. The routing indicator, together with the home network identifier, allows network signaling with SUCI to be routed to AUSF and UDM network element instances capable of serving the user.

[0164] Each decimal digit appearing in the routing indicator should be considered meaningful (e.g., the value "012" is different from the value "12"). If no routing indicator is configured on the USIM or ME, this data field should be set to 0 (i.e., it should contain only a decimal digit of "0").

[0165] 4) Protection scheme identifier.

[0166] The protection mechanism identifier can range from 0 to 15. The specific value of this identifier specifies whether an empty or non-empty mechanism is used, or it can specify the protection mechanism defined by the home public land mobile network (HPLMN). If the SUPI type is GLI or GCI, then an empty mechanism is used.

[0167] For example, the protection mechanism identifier is defined in existing standards as follows: the value of the null-scheme is 0x0; Overview (profile The value of ) is 0x1; Overview (profile The value of ) is 0x2; 0x3 to 0xB can be reserved for future protection mechanisms; 0xC to 0xF can be reserved for private protection mechanisms established by the home operator.

[0168] 5) Home network public key identity.

[0169] The home network public key identifier can range from 0 to 255. This home network public key identifier can identify the public key provided by HPLMN / SNPN, for example, it can be used to identify the key used for SUPI protection.

[0170] Specifically, this data field should be set to 0 if and only if the SUCI is determined using the null mechanism; or it can be understood that this data field should be set to 0 if and only if the null protection mechanism is used.

[0171] 6) Scheme output.

[0172] The mechanism output consists of a variable-length string or hexadecimal numbers, depending on the protection mechanism used.

[0173] Figure 4 These are schematic diagrams of some mechanism outputs.

[0174] Figure 4 (a) in the example can be a mechanism output under an empty mechanism. Here, the Mobile Subscriber Identity ("MSIN") or "Username" corresponds to the Username portion of the NAI, applicable to the Network Specific Identifier of the SUPI type, GLI, or GCI. If an empty mechanism (or empty protection mechanism) is used, NF network elements can derive SUPIs from SUCIs as needed. For example, when the routing indicator is 0 and the protection mechanism is empty, AMF network elements can derive SUPIs from SUCIs for AUSF network element discovery.

[0175] Figure 4 (b) in the summary can be a kind of overview Example of the mechanism output. For example, the mechanism output may include an ephemeral public key selected by the UE, a ciphertext value that encrypts the MSIN part of the IMSI or the username part of the NAI, and a message authentication code (MAC) tag value for the ciphertext.

[0176] In Overview The various parts of the output of the mechanism can be in hexadecimal. For example, the temporary public key can be a 64-bit hexadecimal elliptic curve cryptography (ECC) temporary public key. The ciphertext value above can be one or more hexadecimal digits. The MAC tag value above can be a 16-bit hexadecimal digit.

[0177] 4. SUPI encryption mechanism.

[0178] In 5G security specifications, plaintext transmission of SUPIs is not permitted via the radio interface. Instead, SUPIs can be encrypted using an elliptic curve integrated encryption scheme (ECIES) to obtain a SUCI. Specifically, the UE can generate a SUCI based on ECIES using a public key of the home network located in the USIM (e.g., written by the operator when the SIM card is activated).

[0179] The prerequisite for a UE to generate a SUCI is that the public key information corresponding to the UE's home network (HN) has been provided to the UE in a secure manner, for example, by storing it in the USIM card at the factory.

[0180] In some examples, if the operator chooses to calculate SUCI in the USIM, the operator should indicate in the USIM that SUCI is calculated using the USIM and provide the identifiers and corresponding parameters of the relevant protection mechanisms.

[0181] In other examples, if the operator decides that the mobile equipment (ME) should calculate SUCI, the home network operator should provide an ordered priority list of the protection mechanisms that the operator allows in the USIM, along with the corresponding parameters. For details on the USIM card configuration and the interaction between the ME, please refer to section 3.1.2 of TS 33.501.

[0182] In the case of ME calculating SUCI, the calculation process of SUCI may include steps (1) to (4), which are described below.

[0183] Step (1) The ME reads the SUCI calculation information from the USIM, including SUPI, SUPI type, routing indicator, home network public key identifier, home network public key, and a list of protection mechanism identifiers. The ME should select a protection scheme from the highest priority scheme in the list of protection mechanism identifiers that the ME supports. If the USIM does not provide a home network public key or a list of protection mechanism identifiers, the ME should use an empty mechanism to calculate the SUCI.

[0184] Step (2) ME constructs a scheme input for the protection mechanism based on the SUPI type. For SUPIs that include an IMSI, the MSIN of the IMSI is used. For SUPIs that use a NAI, the "username" part of the NAI is used.

[0185] Step (3) ME takes the constructed mechanism input as input, executes the protection mechanism corresponding to the protection mechanism identifier, and takes the output as the SUCI mechanism output (scheme out).

[0186] Step (4) ME constructs SUCI according to the format structure of SUCI.

[0187] For example, for a SUPI that includes an IMSI, the UE should construct the SUCI using the following data fields: SUPI type identifier corresponding to the SUPI type in the SUCI; Home network identifier set to the MCC and MNC of the IMSI; the specified routing indicator stored in the USIM; the protection scheme identifier of the protection scheme used for this encryption; the home network public key identifier stored in the USIM; and the calculated scheme out.

[0188] For example, for a SUPI that includes a NAI, the UE should construct the SUCI using the following data fields: the field portion of the SUCI is set to the realm portion of the SUPI; the username portion of the SUCI is set to the corresponding username portion, and the rest is the same as the construction of the IMSI described above.

[0189] Figure 5 A schematic flowchart of SUCI generation on the UE side is shown. Figure 5 For details not described herein, please refer to the technical specification (TS) 33.501.

[0190] For example, step (3) above may include operations <1> To operation <5> These will be introduced separately below.

[0191] operate <1> Temporary key pair generation.

[0192] For example, ME generates an ECC temporary public key and an ECC temporary private key based on the protection mechanism identifier and the parameters specified by the ECIES algorithm.

[0193] operate <2> Key negotiation.

[0194] For example, the ME uses the ECC temporary private key and the public key allocated by HN stored in the USIM to perform cryptographic operations according to the ECIES specification in the standards for efficient cryptography group (SECG). For instance, the ME can perform a key exchange algorithm on the two keys to obtain a secret. This secret can also be called a temporary shared key. Then, the ME performs the operation. <3> .

[0195] operate <3> Key deduction.

[0196] For example, ME can perform operations <2> The obtained secret is used as input to the key derivation function (KDF) to produce the corresponding output. As an example, ME can generate key data K. The length of key data K is the sum of the lengths of the ephemeral encryption key (EK), the ICB, and the ephemeral MAC key (MK). For example, the leftmost eight bytes of K are parsed into the ephemeral EK (or ephemeral encryption key); the middle eight bytes of K are parsed into the ICB (encrypted input); and the rightmost eight bytes of K are parsed into the ephemeral MAC key.

[0197] operate <4> Symmetric encryption.

[0198] For example, ME can use EK and ICB as inputs to a symmetric encryption algorithm to encrypt a plaintext block and obtain a ciphertext value.

[0199] operate <5> MAC functionality.

[0200] For example, ME can use a temporary MAC key as input to the MAC algorithm to encrypt the ciphertext value and obtain the MAC tag value.

[0201] For example, the scheme out may include the ECC temporary public key, the ciphertext value generated by encrypting the input using EK, the MAC tag value generated by performing MAC calculation on the ciphertext value using MK, and other parameters (if the other parameters are applicable to the algorithm described above).

[0202] In some cases, the UE can use a null mechanism to generate SUCI. For example, scenarios using a null mechanism may include at least one of the following:

[0203] If the UE is in the process of conducting an unauthenticated emergency session and the UE is not receiving 5G-GUTI from the selected PLMN;

[0204] If the home network is already configured to use the "empty mechanism";

[0205] If the home network has not yet allocated the public key required to generate SUCI.

[0206] When SUPI is received on the network side, the process of calculating SUCI from SUPI may include steps (a) to (b), which are described below.

[0207] Step (a): After receiving the SUCI, the Subscription Identifier Deconcealing Function (SIDF) on the home network side can extract the corresponding SUPI type, routing indicator, home network public key identifier, protection mechanism identifier, ME's ECC temporary public key, ciphertext value generated by encrypting the input using EK, and MAC tag value generated by MAC calculation of the ciphertext value using MK, according to the SUCI format.

[0208] Step (b): The home network determines the SUPI based on the SUCI. The following section combines... Figure 6 Detailed introduction.

[0209] Figure 6 A schematic flowchart is shown to illustrate the process of decrypting SUCI on the network side to obtain SUPI. Figure 6 For details not described herein, please refer to TS 33.501.

[0210] For example, step (b) above may include operations <1> To operation <4> These will be introduced separately below.

[0211] operate <1> The home network performs key negotiation.

[0212] For example, the home network can use the received ECC temporary public key of the ME (or UE) and the home network's private key to calculate the key exchange secret value according to the standard ECIES algorithm, which serves as the temporary shared key.

[0213] operate <2> Key deduction is performed on the home network.

[0214] The home network can use the aforementioned temporary shared key as input to the KDF to obtain key data K. The length of key data K is the sum of the lengths of EK, ICB, and the temporary MAC key (MK). For example, the leftmost eight bytes of K are parsed into a temporary EK (or temporary encryption key); the middle eight bytes of K are parsed into an ICB (encrypted input); and the rightmost eight bytes of K are parsed into a temporary MAC key.

[0215] operate <3> Affinity network symmetric decryption.

[0216] For example, the home network can decrypt the ciphertext in the SUCI mechanism output according to the decryption operation defined in the corresponding protection mechanism in SEGE to obtain the corresponding plaintext block (i.e., the mechanism input).

[0217] operate <4> Home network MAC verification function.

[0218] For example, the home network can input the ciphertext value into the MAC function. If the obtained MAC tag value matches the MAC tag value output by the mechanism, the verification is successful. If the MAC tag value calculated by the home network does not match the MAC tag value output by the mechanism, the verification fails.

[0219] This application does not limit the operation. <3> With operation <4> The execution order can be either simultaneous or sequential.

[0220] Furthermore, the home network can process plaintext blocks according to the SUPI type indicated in the SUCI, thereby recovering the corresponding SUPI value.

[0221] 5. File structure of the USIM card.

[0222] The UE can include a USIM card and an ME. The USIM card is used in conjunction with the ME to enable the UE's functions.

[0223] A USIM card can also be called a SIM card, or a universal integrated circuit card (UICC). It can also be referred to as USIM, or USIM applications, etc., and this application does not limit the terminology.

[0224] Strictly speaking, SIM can be considered an application concept. The physical card that carries the SIM application can be called a UICC. A UICC can simultaneously include multiple logical applications, such as SIM (or SIM application), USIM (or USIM application), and other applications (e.g., e-wallets).

[0225] The USIM card can be a physical card (e.g., a physical USIM card that can be inserted into the ME and used in conjunction with the ME; the physical USIM card can also be removed from the ME), an embedded card (e.g., a USIM card that is embedded in the ME and can be used in conjunction with the ME; but the USIM card cannot be removed), or it can exist in software form (e.g., the USIM card is a software program, logic module, or logic unit).

[0226] UICC can store application-specific configuration files. These configuration files can include elementary files (EF), dedicated files (DF), or application-specific files (ADF). Specifically, the file directory contains ADF files. USIM In EF, necessary parameters for specific functions can be stored.

[0227] For example, ADF USIM It can include EF UST Here, UST can represent the USIM service table (USIN servicetable, UST). EF UST It can include multiple services. Each service can correspond to a number (n°).

[0228] For example, service n°124 could indicate whether SUCI is supported, or in other words, whether user identity privacy is protected. Service n°125 could indicate whether SUCI is supported for calculation by USIM.

[0229] Specifically, the service n°125 is considered only if the service n°124 is declared "available". If both services n°124 and n°125 are declared "available", then "SUCI calculation will be performed by USIM". If the service n°124 is declared "available" but the service n°125 is not declared "available", then "SUCI calculation will be performed by ME".

[0230] 6. USIM initialization.

[0231] After UICC activation, ME can select a USIM application. Among them, EF... DIR This can include the application identity (AID) from UCCI. If EF is not present... DIR Or, EF DIR If no USIM application is available, the ME can select a GSM application. If the ME selects a USIM application, the selected USIM application can be stored on the UICC card after successful selection.

[0232] During the USIM initialization process, the ME can read the emergency call code, voice instructions, perform user authentication, request USIM, request the enabled service list, and so on. If the above steps are successfully executed, the ME can begin a 3G session.

[0233] Service n°130 can indicate whether NSI, GLI, or GCI type SUPI is supported. If service n°130 is available, the ME can read the IMSI; otherwise, it reads the SUPI_NAI (i.e., the SUPI containing the NAI). The ME can request access control information and / or user access control (UAC) access identifier configuration information. The ME can request the search interval of high-priority PLMNs and other information required for network selection, such as the equivalent HPLMN (EHPLMN), HPLMN selector, user-controlled PLMN selector, and operator-controlled PLMN selector, and then obtain location information, subsequent authentication information, etc., to establish a 5GS security context and perform subsequent services.

[0234] As can be seen, both the IMSI and SUPI contain MNC and MCC information, and the HPLMN selector also contains HPLMN information. Therefore, the ME can know the HPLMN corresponding to the USIM card. The operator-controlled PLMN selector has a priority configured by the operator and depends on the network selection strategy.

[0235] 7. Configuration files and processes for SUCI calculations.

[0236] As stated in Term 5 of the Terminology Explanation, the service table of the USIM card can indicate whether the USIM card supports SUPI privacy protection and whether SUCI is calculated by the USIM. If SUPI protection is supported, the USIM card will be configured with corresponding files to store SUCI calculation information and routing instructions. The configuration files related to SUCI calculation are described below.

[0237] Among them, EF SUCI_Calc_Info It can be used to store SUCI calculation information. SUCI_Calc_Info can represent SUCI calculation information. SUCI calculation information can include the protection scheme ID and the home network public key ID. The order of the protection scheme IDs can represent the priority order of the protection schemes. The order of the key index (or, the home network public key ID) can correspond to the order of the key's position in the home network public key list data object.

[0238] The routing indication can be stored separately in EF. Routing_Indicator Routing_Indicator represents the routing indicator.

[0239] If the USIM card supports application protocols, the ME can read information from the corresponding files through the application protocols on the USIM card. For example, the ME can obtain SUPI, SUCI parameters, routing instructions, or HPLMN, etc.

[0240] In some examples, the ME can select the USIM application and obtain SUPI. If service n°130 is available, the ME can perform a read EF. IMSI The process. If service n°130 is unavailable, ME can perform a read EF. SUPI_NAI The process.

[0241] The following describes the SUCI calculation process.

[0242] In some examples, the EF of the USIM card UST Service n°124 in the file is declared as "available," indicating support for SUPI protection; the USIM card's EF UST Service n°125 in the file is declared as "available," indicating that it supports SUCI calculation by USIM. In this case, USIM can encrypt SUPI to obtain SUCI.

[0243] The ME can use the "GET IDENTITY" command to obtain the SUCI calculated by the USIM. "GET IDENTITY" can be the USIM command used by the ME to obtain the SUCI.

[0244] "GET IDENTITY" is an optional command. ME can send the "GET IDENTITY" command to the USIM card.

[0245] After receiving the "GET IDENTITY" command, USIM can perform any of the following:

[0246] If the service table in the USIM card includes an indication for calculating the SUCI, the USIM card returns the SUCI to the ME. If the USIM card does not support the command, it returns status code "6D00" to the ME, indicating that it is not supported or is invalid.

[0247] If the indication in the USIM card is not for calculating the SUCI by the USIM card, or if the SUCI is calculated by the ME, then the USIM card sends status code "6985" to the ME, indicating that the condition is not met.

[0248] If the information used to calculate SUCI is not correctly configured in the USIM card, the USIM card sends an error status code to the ME.

[0249] In other examples, the EF of the USIM card UST Service n°124 in the file is declared as "available," indicating support for SUPI protection; the USIM card's EF UST Service n°125 in the file is declared as "unavailable," indicating that SUCI is not supported for calculation by USIM. In this case, the calculation method for SUCI is ME.

[0250] If ME can participate in SUCI calculations, then ME can perform the read EF. SUCI_Calc_Info This process allows the acquisition of SUCI computation information. Furthermore, ME can perform EF reading... Routing_Indicator The process. Understandably, the current protocol does not restrict ME from performing EF reads without participating in SUCI computation. Routing_Indicator The process is as follows. Furthermore, if the USIM card is not configured with a node to calculate the SUCI, or if the USIM card does not provide a public key or priority list, the ME uses an empty mechanism to calculate the SUCI. Therefore, the ME can obtain information such as routing indicators without participating in the SUCI calculation.

[0251] In some examples, if the permissions of the files on the USIM card support read and update, then the ME can read and update the current EF using the common read binary and update binary.

[0252] 8. Post-quantum cryptography (PQC) algorithm.

[0253] With the continuous development of quantum computing technology, traditional cryptographic algorithms may face threats from quantum computers. For example, asymmetric cryptographic algorithms may be cracked; the bit strength of symmetric cryptographic algorithms will be halved. To address the threat of quantum computers, post-quantum cryptography migration can be implemented, that is, introducing post-quantum algorithms to replace or strengthen traditional cryptographic algorithms.

[0254] For example, PQC algorithms may include, but are not limited to: module-lattice-based digital signature algorithms (ML-DSA) (or CRYSTALS-Dilithium), module-lattice-based key-encapsulation mechanisms (ML-KEM) (or CRYSTALS-Kyber), statelesshash-based digital signatures (SLH-DSA) (or SPHINCS+), and state-hash-based post-quantum algorithms such as the Leighton-Micali signature (LMS) mechanism, the extended Merkle signature scheme (XMSS), or algorithms that may be incorporated into PQC algorithms in the future. For example, CRYSTALS-Kyber may include KEMs such as CRYSTALS-Kyber512, CRYSTALS-Kyber768, or CRYSTALS-Kyber1024.

[0255] ML-KEM can be a key encapsulation algorithm. ML-DSA, SLH-DSA, LMS, or XMSS can be signature algorithms.

[0256] For example, a possible key-encapsulation mechanism (KEM) may include the following algorithms:

[0257] Algorithm 1: Key generating (KeyGen) algorithm, used to generate public and private key pairs pk and sk;

[0258] Algorithm 2: Encapsulation (Encaps) Algorithm. Input the public key pk into the Encaps algorithm, and it outputs ciphertext (ct) and a shared secret (ss). For example, it can be represented as Encaps(pk) = ct, ss.

[0259] Algorithm 3: Decapsulation (Decaps) Algorithm. Inputting the ciphertext ct and the private key sk into the Decaps algorithm will output the shared secret ss. For example, it can be represented as Decaps(sk, ct) = ss.

[0260] The shared secret ss mentioned above can be used as an input parameter for the final key generated during key negotiation.

[0261] Assuming that future communication technologies beyond 5G will support new security mechanisms, thus providing a higher level of security protection, terminal devices supporting these technologies can employ these new security mechanisms to protect plaintext identity information, thereby generating hidden identity identifiers with greater security strength.

[0262] However, during the transition from traditional to future communication technologies, a problem may arise where terminal devices are unable to use new security mechanisms to protect plaintext identity information. In other words, terminal devices may not be compatible with the higher levels of privacy and security requirements of future communication networks. One possible scenario is that the terminal devices include a User Identity Detection Card (USIM card) and a mobile device (ME), where the mobile device may support new security mechanisms, while the USIM card may not. One possible reason for this scenario is that the mobile device is a newly replaced device, while the USIM card remains an older module belonging to the traditional communication network. Furthermore, the user may not want to replace the USIM card, or may not be able to replace it in a timely manner, making the USIM card unable to support the new security mechanisms and thus unable to provide a higher level of privacy and security.

[0263] Furthermore, in the aforementioned scenario, the user identity card (BIC) may be configured to perform calculations of privacy-preserving identity information within the BIC. Understandably, when the terminal device needs to access the network, the network side may expect the terminal device to use new security mechanisms to protect plaintext identity information, thereby achieving higher security levels. However, because the BIC does not support these new security mechanisms, the terminal device cannot use them to protect plaintext identity information within the card. How to ensure user privacy in such situations is a pressing issue that needs to be addressed.

[0264] In view of this, this application provides a communication method 200. In method 200, the terminal-side device includes a first module that supports a new security mechanism and a second module that does not support the new security mechanism. The second module is configured with a default calculation method for the hidden identity identifier. The terminal-side device can obtain the hidden identity identifier 1 calculated by the second module using a traditional security mechanism, and then process the hidden identity identifier 1 using the new security mechanism to obtain the hidden identity identifier 2; it can then use the hidden identity identifier 2 to access the network, thereby providing a higher level of security for user identity privacy protection.

[0265] Figure 7 This application provides a schematic flowchart of a communication method 200. For ease of understanding, some nodes involved in method 200 are described below.

[0266] Terminal-side device. The terminal-side device in this application may be the terminal device itself, a component in the terminal device (e.g., a processor, chip, or chip system), or a logic module or software that can implement all or part of the functions of the terminal device.

[0267] The terminal-side device may include a first module and a second module, which are described below.

[0268] First Module. The first module can be used in conjunction with the second module. The first module in this application can be the ME itself, a component of the ME (e.g., a processor, chip, or chip system), or a logic module or software that can implement all or part of the ME's functions.

[0269] The second module can be used in conjunction with the first module. For example, the second module can be installed within the first module. The second module in this application can be the user identity card itself, a component within the user identity card (e.g., a processor, chip, or chip system), or a logic module or software capable of implementing all or part of the user identity card's functions. For example, user identification may include a UICC card, a USIM card, or a SIM card, etc. The second module may include a UICC card, a USIM application, a USIM card, a USIM, a SIM application, a SIM card, a SIM, or a module that will provide user identity in the future.

[0270] The first network element. The first network element can be used to route registration requests from terminal devices to the appropriate network element. For example, the first network element can be an access and mobility management (AMF) network element. This AMF network element can be an AMF in a 5G communication system, or a network element used for mobility management and access management in a future communication system. In future communication systems, the network element used for mobility management and access management may be called an AMF, or it may have other names.

[0271] The access and mobility management network element in this application may be the core network equipment itself, or a component in the core network equipment (e.g., a processor, chip, or chip system), or a logical module or software that can implement all or part of the functions of the core network equipment.

[0272] Second network elements. Second network elements can be used to remove hidden user identifiers. For example, a second network element can support new security mechanisms, thereby automatically decrypting the user's hidden identifier to obtain the user's plaintext identity information. Alternatively, the second network element itself may not support new security mechanisms, but it can access network elements that support them, requesting those network elements to decrypt the user's hidden identifier to obtain the user's plaintext identity information. See the description below for details.

[0273] For example, the second network element can be a UDM, SIDF, or other network elements (e.g., a data storage network element). In a 5G communication system, the network element used to dehide the user identifier can be called an SIDF. In future communication systems, the network element used to dehide the user identifier may still use the name SIDF, or it may have other names; this application does not limit this. Furthermore, in a 5G communication system, the network element used to manage data can be called a UDM. In future communication systems, the network element used to manage data may still use the name UDM, or it may have other names; this application does not limit this.

[0274] The second network element in this application may be the core network equipment itself, or a component in the core network equipment (e.g., a processor, chip, or chip system), or a logic module or software that can implement all or part of the functions of the core network equipment.

[0275] It is understandable that method 200 may also involve other nodes; for example, information sent from the terminal device to the network side may need to be forwarded by the access network device. Therefore, method 200 also involves access network devices. For the sake of brevity, the specific descriptions of other nodes will not be elaborated further.

[0276] For ease of understanding and description, some terms used in Method 200 are introduced below.

[0277] First Security Mechanism. The first module may support a first security mechanism. Exemplarily, the first security mechanism may be a new security mechanism proposed relative to traditional security mechanisms (e.g., security mechanisms in 5G communication systems). For example, the first security mechanism may be a protection mechanism for the PQC algorithm. A description of the PQC algorithm can be found in Section 8 of the Glossary of Terms, and will not be repeated here. As another example, the first security mechanism may be a hybrid mechanism of the PQC algorithm and traditional cryptographic algorithms (e.g., cryptographic algorithms used to process plaintext identity information in 5G communication systems). For ease of understanding, the following description uses examples of protection mechanisms or hybrid mechanisms for the PQC algorithm as the first security mechanism; however, the first security mechanism in this application is not limited to the above two mechanisms and may also include other security mechanisms.

[0278] Second security mechanism. The second module can support a second security mechanism. This second security mechanism can be a protection mechanism for traditional cryptographic algorithms; for example, it could be a protection mechanism for the elliptic curve Diffie–Hellman key exchange (ECDH) algorithm, elliptic curve cryptography (ECC) algorithm, or the Rivest Shamir Adleman (RSA) algorithm. For example, the second security mechanism could include ECIES and / or a null scheme. As an example, ECIES could include an overview. (profile ) and overview (profile For details, please refer to Articles 3 and 4 of the Terminology Explanation, which will not be repeated here. As an example, in 5G communication networks, the cryptographic algorithm used for encrypting SUPI is ECDH; the protection mechanisms used for encrypting SUPI may include ECIES and the null mechanism.

[0279] The first security mechanism differs from the second security mechanism. The first security mechanism may not include the second security mechanism; for example, the first security mechanism does not include the null mechanism (null-sche first module). (Overview) (profile ) and overview (profile For details, please refer to Articles 3 and 4 of the Terminology Explanation; they will not be repeated here.

[0280] The first security mechanism offers higher security than the second. Therefore, using the first security mechanism to protect user identity information can provide a higher level of security than using the second security mechanism.

[0281] Hidden identity. Hidden identity can be in 5G communication systems or in future communication systems beyond 5G. In 5G communication systems, the hidden identity can be SUCI, for example, see Section 3 of the Terminology Explanation. Figure 3 and Figure 4 In future communication systems, the Hidden Identity Token (SUCI) may retain the name SUCI or may have other names; this application does not limit this. Furthermore, in future communication networks, the structure of the Hidden Identity Token may be consistent with or different from the structure of SUCI in 5G communication systems; this application does not limit this.

[0282] Plaintext identity information. Plaintext identity information can be plaintext identity information in 5G communication systems or in future communication systems after 5G. In 5G communication systems, plaintext identity information can be SUPI, for example, see Section 2 of the Terminology Explanation. In future communication systems, plaintext identity information may retain the name SUPI or may have other names; this application does not limit this. Furthermore, in future communication networks, the structure of plaintext identity information may be consistent with or different from the structure of SUPI in 5G communication systems; this application does not limit this.

[0283] The following is combined with Figure 7 This section introduces the various operations of method 200.

[0284] S210, the first module in the terminal-side device obtains the first hidden identity identifier from the second module in the terminal-side device.

[0285] As an example, the first hidden identity is obtained by processing plaintext identity information using the second security mechanism (e.g., Overview A, Overview B, or an empty mechanism). For example, the first hidden identity may include plaintext identity information type, home network identifier, routing indication, protection mechanism identifier (e.g., identifier of the second security mechanism), home network public key identifier, and mechanism output.

[0286] The aforementioned terminal-side device may include a first module and a second module. The first module may support a first security mechanism, and the second module may support a second security mechanism. The first security mechanism differs from the second security mechanism, and the security strength of the first security mechanism may be higher than that of the second security mechanism.

[0287] In this terminal device, the default calculation method for hiding the identity is the second module. The following describes a possible example of the first module knowing that the default calculation method for hiding the identity is the second module.

[0288] For example, the configuration information of the default computing party for the hidden identity can be stored in the second module. For instance, during the process of the first module executing the initialization process of the second module, the first module can request the configuration information of the second module to learn that the default computing party for the hidden identity is the second module.

[0289] Furthermore, the first module can request the hidden identity from the second module based on the information that "the default calculation party for the hidden identity is the second module"; the second module can calculate the first hidden identity and send the first hidden identity to the first module.

[0290] For ease of understanding, taking a 5G communication system as an example, the first module can send a "GETIDENTITY" command to the second module; in response to this "GET IDENTITY" command, the second module can use locally configured hidden identity calculation parameters to process plaintext identity information and obtain a first hidden identity; the second module can then send this first hidden identity to the first module. Other descriptions can be found in Section 7 of the Glossary, and will not be repeated here.

[0291] In future communication systems, the message from which the first module requests the hiding of its identity may still be the "GET IDENTITY" command, or it may be other messages; this application does not limit this.

[0292] In the above method, the terminal device requests the second module to perform hidden identity calculation through the first module, thereby obtaining the first hidden identity.

[0293] S220, the first module uses the first security mechanism to process the first hidden identity identifier to obtain the second hidden identity identifier.

[0294] In some examples, the first module may be configured with computational parameters for a first security mechanism. For instance, the computational parameters for the first security mechanism may include an identifier for the first security mechanism, an index of the public key corresponding to the first security mechanism, and the public key itself. Alternatively, the computational parameters for the first security mechanism may include a list of public keys for the first security mechanism.

[0295] In some possible implementations, S220 includes: the first module taking the first hidden identity as a scheme input, using the first security mechanism and the public key of the first security mechanism, to obtain the second hidden identity.

[0296] The first security mechanism is a security mechanism with a higher security strength than traditional security mechanisms (e.g., the security mechanism used to encrypt plaintext identity information in 5G communication systems). This application does not limit the specific content of the first security mechanism. For ease of understanding, two examples are provided below, denoted as Example 1 and Example 2 of the second hidden identity calculation, respectively, using the first security mechanism in the first module.

[0297] Example 1 of calculating the second hidden identity: The first security mechanism can be the security mechanism of the PQC algorithm.

[0298] In some examples, the computational parameters of the first security mechanism may include the identifier of the first security mechanism, the index of the public key corresponding to the first security mechanism, and the public key.

[0299] For example, the first security mechanism identifier may include one or more protection mechanism identifiers of the PQC algorithm. A first module in the terminal device can select one of the protection mechanism identifiers from the first security mechanism identifiers, using the public key (pk) corresponding to that protection mechanism identifier as input to the PQC encapsulation (Encaps) algorithm, outputting ciphertext (ct) and a shared secret (ss). This process can also be represented as Encaps(pk) = ct, ss. Further, the first module in the terminal device can use the shared secret (ss) as input to a key derivation function (KDF) to derive a key for protection (e.g., encryption and / or integrity), thereby using this key to process the first hidden identity identifier, obtaining the encrypted and integrity-protected ciphertext and MAC tag. The first module can use ct, ciphertext, and MAC tag to construct the scheme output of the second hidden identity identifier. Furthermore, by combining information such as the home network identifier, routing indication, and plaintext identity information type, the second hidden identity identifier is obtained.

[0300] Example 2 of the second hidden identity calculation: The first security mechanism can be a hybrid mechanism of PQC algorithm and traditional cryptographic algorithm (e.g., cryptographic algorithm used to process plaintext identity information in 5G communication system).

[0301] In some examples, the computational parameters of the first security mechanism may include the identifier of the first security mechanism, the index of the public key corresponding to the first security mechanism, and the public key.

[0302] During the transition from traditional cryptographic algorithms to PQC algorithms, a hybrid mechanism combining PQC and traditional cryptographic algorithms can be used. In some examples, the first module in the terminal device can use both algorithms to perform key negotiation, obtaining two negotiated secrets. These two secrets are then used together as input parameters to a key derivation function (KDF) to obtain a key for protection (e.g., encryption and / or integrity). If the PQC algorithm is relatively stable, it may be possible to use only the PQC algorithm's protection mechanism as the first security mechanism (i.e., the content of Example 1 of the Second Hidden Identity Calculation), without using a hybrid mechanism; see Example 1 of the Second Hidden Identity Calculation for details.

[0303] For example, the process of migrating from traditional cryptographic algorithms to PQC algorithms can be called PQC migration. The process of encrypting plaintext identity information essentially involves negotiating a secret between a temporary key on the terminal device side and a long-term key on the network side, thereby deriving a key to protect the plaintext identity information. Therefore, PQC migration may also involve hybrid key negotiation, that is, using PQC algorithms and traditional cryptographic algorithms to jointly protect plaintext identity information.

[0304] The following is an example of a hybrid approach combining traditional cryptographic algorithms with PQC algorithms. For example, see... Figure 5 In operation <1> In the generation of temporary key pairs, KEM.Encaps(pk2) can be added, where pk2 can be the public key on the decryption side of the PQC algorithm. Using the above algorithm, KEM ct can be obtained. That is, in the operation... <1> The output of the temporary key pair generation can be an ECC temporary public key and a KEM ct.

[0305] In operation <2> In the key negotiation input, you can input HN's public key (e.g., denoted as ECC pk1) and PQCpk2. Thus, in step... <2> The terminal device can use the ECIES mechanism to perform a Diffie-Hellman key exchange between ECC pk1 and the terminal device's temporary ECC public key to obtain secret 1. The first module can also use a post-quantum key encapsulation scheme to obtain ciphertext ct and secret 2. The first module can use secret 1 and secret 2 to derive the key used for encryption and / or complete protection of the first hidden identity.

[0306] Correspondingly, the network side (e.g., the first network element) can use the private key of a traditional cryptographic algorithm to perform a Diffie-Hellman key exchange with the temporary public key of the terminal device to obtain secret 1; the network side can use the private key corresponding to the PQC algorithm to decapsulate the ciphertext ct based on the key decapsulation scheme to obtain secret 2. Using secret 1 and secret 2, the key for encrypting and / or fully protecting the first hidden identity can be derived, thereby recovering the first hidden identity.

[0307] For example, see Figure 3 For hidden identity identifiers obtained by encrypting using a mixture of traditional cryptographic algorithms and PQC algorithms, new protection mechanism identifiers can be defined to correspond to different mixed encryption mechanisms.

[0308] Furthermore, for the second hidden identity obtained by encryption using a mixture of traditional cryptographic algorithms and PQC algorithms, a new home network public key identifier can be defined, corresponding to combinations of public keys under different hybrid mechanisms. The mechanism output can be transformed into a combination of an ECC public key, a Kyber key encapsulating the ciphertext, and 64-bit MAC symmetric encryption of the ciphertext. Table 2 shows the possible new protection mechanisms. Here, CRYSTALS-Kyber can be a KEM in the PQC algorithm. As an example, CRYSTALS-Kyber can include KEMs such as CRYSTALS-Kyber512, CRYSTALS-Kyber768, or CRYSTALS-Kyber1024.

[0309] Table 2

[0310]

[0311] The new protection mechanism can be part or all of the content in Table 2, such as one or more rows, one or more columns, or one or more cells. Furthermore, the new protection mechanism is not limited to Table 2 and can also be other content.

[0312] In the above configuration, the current hidden identity structure does not need to be changed; only the corresponding protection mechanism identifier and home network public key identifier need to be added. At this point, the home network public key in the hybrid mechanism based on traditional cryptographic algorithms and PQC algorithms differs from the traditional public key structure in that the hybrid mechanism's home network public key may contain two public keys (the public key of the second security mechanism and the public key of the PQC algorithm). When processing the two public keys in the hybrid mechanism, the terminal device (including the second module and the first module) may need to determine, based on the value of the protection mechanism identifier, that it needs to derive the two corresponding public keys, and then perform key negotiation or key encapsulation using both the traditional cryptographic algorithm and the PQC algorithm. The temporary public key of the corresponding traditional cryptographic algorithm and the encapsulated key of the PQC algorithm are concatenated as the temporary public key part of the mechanism's output. The network side can determine, based on the protection mechanism identifier, that it needs to extract the two temporary public keys and find the two private keys corresponding to the public key ID for hybrid key negotiation, thereby obtaining the final first hidden identity. Therefore, the network side can perform corresponding parsing and calculation based on the new protection mechanism and key identifier. The corresponding parsing and calculation actions are different from those of a simple traditional cryptographic algorithm.

[0313] In another scenario, the PQC algorithm might be used directly for key negotiation, meaning only the PQC algorithm is constructed without mixing. In this case, i.e., in Example 1 of the second hidden identity calculation, the hidden identity structure remains unchanged. Schemes using only the PQC algorithm are similar to those using traditional keys and traditional cryptographic algorithms; they do not require parsing the two public keys, and the calculation process only requires key encapsulation and decapsulation.

[0314] The following is an example of triggering the execution of S220 in the first module.

[0315] In some possible implementations, method 200 also includes S215 before S220.

[0316] S215, the first module determines that it supports the first security mechanism, and the second module does not support the first security mechanism.

[0317] In some examples, the first module determines that it supports the first security mechanism, including: the first module determines that it supports the first security mechanism based on its capability information.

[0318] In some examples, the first module determines that the second module does not support the first security mechanism, including: the first module determines whether the second module supports the first security mechanism based on the plaintext identity information and / or the first hidden identity identifier. Three examples are described below, denoted as judgment method 1 to judgment method 3.

[0319] Judgment Method 1: The first module determines whether the second module supports the first security mechanism based on the plaintext identity information or the network identifier in the first hidden identity identifier.

[0320] For example, when the plaintext identity information type is IMSI, the home network identifier can include MCC and MNC. When the plaintext identity information type is NSI, GLI, or GCI, the home network identifier can include the realm. See Section 3 of the Terminology Explanation for details. Figure 3 .

[0321] The first module in the terminal device can determine whether the home network corresponding to the home network identifier supports the first security mechanism based on the home network identifier.

[0322] As an example, a first module in the terminal device can determine that the home network identifier in the plaintext identity information corresponds to a traditional communication network (e.g., a 3G, 4G, or 5G communication network). However, the traditional communication network does not support the first security mechanism. Thus, the first module can know that the home network corresponding to the second module does not support the first security mechanism. Furthermore, since the first module knows that the home network corresponding to the second module does not support the first security mechanism, it can determine that the second module does not support the first security mechanism.

[0323] As another example, the first module stores the correspondence between the home network identifier and whether the first security mechanism is supported. The first module determines whether the home network corresponding to the second module supports the first security mechanism based on the home network identifier.

[0324] The example of the terminal device using the home network identifier in the first hidden identity identifier to determine whether the second module supports the first security mechanism is similar to the example of using the home network identifier in the plaintext identity information to determine whether the second module supports the first security mechanism, except that the source of the home network identifier is different, and will not be described in detail here.

[0325] Method 2: The terminal device determines whether the second module supports the first security mechanism based on the first security mechanism indication information in the first hidden identity identifier. The first security mechanism indication information can be used to indicate the security mechanism that generated the first hidden identity identifier (e.g., the security mechanism may include a protection mechanism).

[0326] The first hidden identity may include a first security mechanism indication information. For example, since the first hidden identity is calculated based on a second security mechanism, the first security mechanism indication information is used to indicate the second security mechanism identifier. For instance, the first security mechanism indication information in the first hidden identity may be a protection mechanism identifier, which may be 0x0, 0x1, or 0x2.

[0327] The first module in the terminal device can determine, based on the first security mechanism indication information, whether the security mechanism indicated by the first security mechanism indication information includes only the second security mechanism. For example, whether the identifier of the security mechanism indicated by the first security mechanism indication information includes only 0x0, 0x1, or 0x2. If the identifier of the security mechanism indicated by the first security mechanism indication information includes only the identifier of the second security mechanism, the terminal device can determine that the second module does not support the first security mechanism.

[0328] Judgment Method 3: The terminal device determines whether the second module supports the first security mechanism based on the first security mechanism indication information in the first hidden identity identifier, as well as the plaintext identity information or the home network identifier in the first hidden identity identifier.

[0329] Judgment method 3 can be a combination of judgment method 1 and judgment method 2. In judgment method 3, if the security mechanism indicated by the first security mechanism indication information only includes the second security mechanism, and the home network corresponding to the home network identifier does not support the first security mechanism, the terminal-side device determines that the second module does not support the first security mechanism.

[0330] By using any one of the above judgment methods 1 to 3, the terminal device can determine whether the second module supports the first security mechanism.

[0331] S230, the first module sends the second hidden identity identifier to the first network, the second hidden identity identifier being used to access the first network. Correspondingly, the first network receives the second hidden identity identifier.

[0332] The second hidden identity can be used to access the first network. For example, the first network can authenticate the terminal device based on the first hidden identity, thereby establishing a secure connection between the terminal device and the first network.

[0333] The second hidden identity can be carried in the first registration request message. The first registration request message is used to request access to the first network, or in other words, the first registration request message can be used to request registration of the terminal device. The first network can authenticate the terminal device based on the second hidden identity in the first registration request message.

[0334] The specific process of generating the authentication vector based on the second hidden identity is described later, for example, the relevant content of S245, which will not be repeated here.

[0335] In some examples, prior to S230, method 200 further includes: the terminal device determining that it requests access to a first network. For example, the first module can obtain network selection-related parameters (e.g., including a network selection priority list) from the second module to perform network selection. Ultimately, the terminal device can select the first network.

[0336] For example, the first network can be a traditional communication network (e.g., a 3G, 4G, or 5G communication network) or a future communication network (e.g., a 5.5G communication network, or a communication network after 5G), and this application does not limit it. The first network may include a first network element (e.g., an access and mobility management function) and a second network element (e.g., a UDM, SIDF, or other network element). As an example, the terminal-side device can send a second hidden identity identifier to the first network element, and the first network element can forward the second hidden identity identifier to the first network element. The following describes this in detail with reference to S232.

[0337] S232, the first network element forwards the second hidden identity identifier to the second network element.

[0338] The first network element can be an access and mobility management function (AMF) in a first network. The first network can be a traditional communication network, a 5.5G communication network, or a future communication network. Thus, the first network element can be an access and mobility management function (e.g., AMF) in a traditional communication network, or an access and mobility management function in a 5.5G communication network or a future communication network.

[0339] In some examples, the first network element can locate the second network element based on the routing indication in the second hidden identity. This routing indication can be a routing indication found in traditional communication networks.

[0340] As an example, the first network element can send a second hidden identity, including the routing indication in the traditional communication network, to the second network element in the traditional communication network, based on the routing indication in the traditional communication network and the local default configuration.

[0341] As another example, a first network element can send a second hidden identity identifier, including the routing identifier in the traditional communication network, to a second network element in a 5.5G communication network or a future communication network, based on the routing indication in the traditional communication network and a pre-stored mapping relationship (denoted as mapping relationship #1). The aforementioned mapping relationship #1 can include the mapping relationship between the routing indication in the traditional communication network and the second network element in the 5.5G communication network or the future communication network. For example, if the first network element does not store mapping relationship #1, it may route the routing indication in the second hidden identity identifier to a network element in the traditional communication network that does not support the first security mechanism (denoted as a third network element). In other words, the routing indication can be used to access the third network element. However, based on the above scheme, the first network element can, based on the locally stored mapping relationship #1, send the second hidden identity identifier, which might originally be routed to a third network element that does not support the first security mechanism, to a second network element that supports the first security mechanism.

[0342] S240, the second network element uses the first security mechanism to process the second hidden identity identifier and obtain the first hidden identity identifier.

[0343] The second network element can be a network element in the first network. The first network can be a traditional communication network, a 5.5G communication network, or a future communication network.

[0344] For example, the second network element supports the first security mechanism and stores the private key corresponding to the public key of the first security mechanism. The second network element can decrypt the second hidden identity identifier based on the first security mechanism and the corresponding private key to obtain the first hidden identity identifier.

[0345] S245, the second network element generates an authentication vector based on the first hidden identity identifier.

[0346] The first hidden identity identifier can be used to determine the plaintext identity information of the terminal device. For example, the plaintext identity information is obtained by processing the first hidden identity identifier using a second security mechanism.

[0347] For ease of understanding, assume that the network to which the second module belongs is the third network, which is a traditional communication network (e.g., 3G, 4G, or 5G communication network). When the second network element is the first network element in a 5.5G communication network or a future communication network, two possible examples of how this second network element generates an authentication vector are described below, denoted as Authentication Vector Generation Example 1 and Authentication Vector Generation Example 2, respectively.

[0348] Example 1 of generating authentication vectors:

[0349] The second network element can store the subscription information of users on the third network.

[0350] If the second network element stores the private key corresponding to the user's public key used to encrypt plaintext identity information, and the second network element supports a second security mechanism, the second network element can decrypt the first hidden identity identifier based on the second security mechanism and the corresponding private key to obtain the plaintext identity information; and generate an authentication vector based on the plaintext identity information and the user's subscription information of the third network stored in the second network element.

[0351] In cases where the second network element does not support the second security mechanism or does not store the private key corresponding to the public key used to encrypt the plaintext identity information, in some examples, the second network element corresponds to one or more network elements in the third network that support the second security mechanism (denoted as the fourth network element). The first network element can communicate with the aforementioned fourth network element. Thus, the second network element can send the first hidden identity identifier to the fourth network element, which, after decryption, allows the second network element to receive the plaintext identity information. Furthermore, the second network element can generate an authentication vector based on the plaintext identity information and the user's subscription information stored in the second network element.

[0352] Example 2 of generating authentication vectors:

[0353] The second network element may not store the subscription information of users of the third network. The second network element may communicate with one or more network elements (denoted as the fourth network element) in the home network (i.e., the third network) that store the subscription information of users of the third network.

[0354] As an example, the second network element can support a second security mechanism and store the private key corresponding to the user's public key used to encrypt plaintext identity information. Based on the second security mechanism and the corresponding private key, the second network element can decrypt the first hidden identity identifier to obtain the plaintext identity information. Further, the second network element can send this plaintext identity information to the aforementioned fourth network element in the third network, whereby the fourth network element generates an authentication vector based on the plaintext identity information and the subscription information stored within it.

[0355] As another example, the second network element does not support the second security mechanism or has not stored the private key corresponding to the public key used to encrypt the plaintext identity information; the fourth network element supports the second security mechanism and stores the private key corresponding to the user's public key used to encrypt the plaintext identity information. The second network element can send a first hidden identity identifier to the fourth network element. After receiving the first hidden identity identifier, the fourth network element can decrypt the first hidden identity identifier based on the second security mechanism and the private key corresponding to the public key used to encrypt the plaintext identity information, obtain the plaintext identity information, and generate an authentication vector based on the plaintext identity information and the subscription information stored in the fourth network element.

[0356] The following example demonstrates how to trigger the second network element to perform two decryptions to hide the identity identifier.

[0357] In some possible implementations, method 200 also includes S235 before S240.

[0358] S235, the first module sends a first indication message to the second network element. Correspondingly, the second network element receives the first indication message.

[0359] Optionally, the first indication information is used to indicate that the second hidden identity was obtained by processing the first hidden identity using the first security mechanism. Alternatively, the first indication information is used to indicate that the second hidden identity was obtained by processing plaintext identity information using both the first and second security mechanisms. Alternatively, the first indication information is used to indicate that the second hidden identity was obtained by processing plaintext identity information using both security mechanisms. Alternatively, the first indication information is used to indicate that the second hidden identity was obtained through double encryption. Alternatively, the first indication information is used to indicate that the second hidden identity requires double decryption.

[0360] In some examples, the first instruction information may be carried in the same or different messages as the second hidden identity. When the message carried by the first instruction information is the same as the message carried by the second hidden identity, for example, the message may be a first registration request message. When the message carried by the first instruction information is different from the message carried by the second hidden identity, the two messages may be sent simultaneously or not, and this application does not impose any limitations on this.

[0361] In some possible implementations, S240 includes: in response to the first indication information, the second network element uses the first security mechanism to process the second hidden identity to obtain the first hidden identity.

[0362] Optionally, S245 includes: in response to the first indication information, the second network element obtains plaintext identity information based on the first hidden identity identifier; and generates an authentication vector based on the plaintext identity information for authenticating the terminal-side device. For example, the second network element may know, based on the first indication information, that after decrypting the hidden identity identifier once, it needs to decrypt the decrypted information (i.e., the first hidden identity identifier) ​​a second time. Examples of the second network element obtaining plaintext identity information based on the first hidden identity identifier and generating an authentication vector based on the plaintext identity information can be found above, such as S240, and Example 1 and Example 2 of generating authentication vector under S245, which will not be elaborated further.

[0363] It is understandable that in the above scheme, the default calculation method for the hidden identity identifier configured in the second module is the second module. If the first module recognizes that the second module does not support the first security mechanism with higher security strength, it can use the first security mechanism to further protect the first hidden identity identifier obtained by the second module according to the second security mechanism, and obtain the second hidden identity identifier.

[0364] The following is an example of triggering the network side to modify the default computing party that hides the identity identifier.

[0365] In some examples, the aforementioned first indication information is also used to trigger the first network to change the default calculation method for the hidden identity to the first module. That is, the aforementioned first indication information, while indicating that the second hidden identity was obtained by processing the first hidden identity using the first security mechanism, can also trigger the first network to change the default calculation method for the hidden identity to the first module.

[0366] In some possible implementations, method 200 also includes: S250.

[0367] S250, in response to the first indication information, the second network element sends a second indication information to the first module in the terminal-side device. This second indication information can be used to instruct the default calculation method for hiding the identity to be changed to the first module. Correspondingly, the first module receives the second indication information.

[0368] For example, S250 above can be understood as follows: after receiving the first instruction information, the second network element learns that the second hidden identity identifier was obtained through a special processing method, that is, the second hidden identity identifier is obtained by the first module further processing the first hidden identity identifier obtained by the second module. The reason why the first module uses the above-mentioned special processing method for the hidden identity identifier may be that the default calculation method for the hidden identity identifier configured by the second module is the second module itself. Therefore, the second network element can respond to the first instruction information and trigger the process of modifying the default calculation method for the hidden identity identifier to that of the first module.

[0369] In some possible implementations, method 200 also includes: S260.

[0370] S260, in response to the second instruction information, the first module obtains the third hidden identity identifier.

[0371] The third hidden identity identifier can be a hidden identity identifier obtained by the first module processing the plaintext identity information according to the first security mechanism.

[0372] The example of obtaining the third hidden identity identifier by processing plaintext identity information according to the first security mechanism is similar to the second hidden identity identifier calculation example 1 and the second hidden identity identifier calculation example 2 in S220 above. The difference is that S260 processes plaintext identity information to obtain the third hidden identity identifier, while S220 processes the first hidden identity identifier to obtain the fourth hidden identity identifier. The other contents are the same, and will not be repeated here.

[0373] It is understood that both S220 and S260 use a first security mechanism, which can be a type of security mechanism with a higher security strength than the second security mechanism supported by the second module. This application does not limit whether S220 and S260 use completely identical computational parameters during specific execution. For example, suppose the first module in S220 uses a PQC algorithm security mechanism to process the first hidden identity identifier; the first module in S260 can use a PQC algorithm security mechanism to process plaintext identity information, or it can use a hybrid mechanism to process plaintext identity information. Even if the first module in S260 uses a PQC algorithm security mechanism to process plaintext identity information, the computational parameters (e.g., public key) used by the first module in S260 can be the same as or different from the computational parameters (e.g., public key) used by the first module in S220; this application does not impose any limitations on this.

[0374] S270, the first module sends the third hidden identity identifier to the second network, which is used to access the second network. Correspondingly, a network element in the second network (denoted as the fifth network element) receives the third hidden identity identifier from the first module.

[0375] In some possible implementations, the third hidden identity is carried in the second registration request message. This second registration request message can be used to request access to a second network. Exemplarily, the second network can be a traditional communication network (e.g., a 3G, 4G, or 5G communication network) or a future communication network of 5.5G or beyond.

[0376] The first network and the second network can be the same or different. For example, the first network can be PLMN#1 and the second network can be PLMN#2. PLMN#1 and PLMN#2 can be the same or different; there is no restriction here.

[0377] For example, the fifth network element and the aforementioned second network element can be the same network element or different network elements, and this application does not limit this.

[0378] Similar to the first network, the second network may include access and mobility management functions (e.g., similar to the functions of the first network element) and a fifth network element for de-hiding user identifiers (e.g., similar to the functions of the second network element). As a specific example, the terminal device may send a third hidden identity to the access and mobility management function in the second network. The access and mobility management function in the second network may forward the third hidden identity to the aforementioned fifth network element based on the routing identifier in the second hidden identity. Specific examples are similar to those described above; for example, refer to S232, which will not be repeated here.

[0379] S270, the fifth network element in the second network generates an authentication vector based on the third hidden identity identifier.

[0380] For example, the fifth network element supports the first security mechanism and stores the private key corresponding to the public key of the first security mechanism. The fifth network element can decrypt the third hidden identity identifier based on the first security mechanism and the corresponding private key to obtain the plaintext identity information of the terminal device.

[0381] It is understandable that the private key on which the fifth network element in S270 decrypts the third hidden identity can be the same as or different from the private key on which the second network element in S240 decrypts the second hidden identity. This application does not limit this.

[0382] Furthermore, the fifth network element can generate an authentication vector based on the plaintext identity information of the terminal-side device to authenticate the terminal-side device. The specific process may vary depending on whether the fifth network element stores the subscription information of the terminal-side device. The specific description is similar to that above, for example, Example 1 and Example 2 of generating authentication vectors under S240, which will not be repeated here.

[0383] In the example above, the information that triggers the first network to change the default computation method for hiding the identity to the first module is the first indication information. In other examples, the information that triggers the first network to change the default computation method for hiding the identity to the first module may be a different piece of information than the first indication information, denoted as the fourth indication information, which will be described in detail below.

[0384] In some possible implementations, prior to S250, the terminal device may send fourth indication information to the first network. Correspondingly, network elements in the first network (e.g., the second network element) may receive the fourth indication information.

[0385] For example, the aforementioned fourth instruction information can be used to trigger the first network to change the default calculation method for hiding the identity to the first module.

[0386] Furthermore, the aforementioned S250 can be replaced by: in response to the fourth indication information, the second network element sends a second indication information to the first module in the terminal-side device. This second indication information can be used to instruct the default calculation method for hiding the identity to be modified to the first module. Correspondingly, the first module receives the second indication information.

[0387] The following section continues with an example of the fourth method's instruction message.

[0388] For example, the fourth instruction information and the second hidden identity identifier can be carried in the same or different messages. When the fourth instruction information and the second hidden identity identifier are carried in two different messages, the two messages can be sent simultaneously or at different times.

[0389] As an example of how the fourth instruction information and the second hidden identity can be carried in the same message, the fourth instruction information and the second hidden identity can be carried in a first registration request. This first registration request can be used to request access to a first network.

[0390] The fourth instruction can be either explicit or implicit, which will be described below:

[0391] The fourth instruction is to display instruction information:

[0392] In some examples, the fourth indication information is used to indicate that the first network should send the second indication information.

[0393] For example, the fourth indication information can be used to indicate that the first network sends the second indication information, or it can be understood as indicating that the fourth indication information is used to indicate that the first network modifies the default calculation method of the hidden identity of the terminal-side device to the first module. For example, the fourth indication information can be used to indicate an indication to update the calculation of the hidden identity.

[0394] In some instances, the second module can be configured with an indication of the hidden identity calculator. The fourth indication can be used to request modification of this hidden identity calculator indication configured in the second module. As a specific example, the fourth indication can be used to request modification of the EF (Enhanced Framework) of the second module. UST The service n°125 in the file is "unavailable".

[0395] Correspondingly, the second network element in the first network can modify the indication of the hidden identity calculation party configured in the second module based on the aforementioned fourth indication information. For example, it can modify the EF of the 5G second module. UST The service n°125 is "unavailable".

[0396] The aforementioned "instruction" can be replaced with "request" or "suggestion." It is understood that the first network can modify the default calculation method for the hidden identity identifier to this first module based on the first information, or it can ignore the first information. In other words, the first information does not necessarily trigger the first network to modify the default calculation method for the hidden identity identifier to this first module; rather, it depends on the first network's judgment.

[0397] The following is an example of how a terminal device determines whether to send a fourth indication message.

[0398] In some possible implementations, before the terminal device sends the fourth indication information, method 200 further includes: the first module determining that it supports the first security mechanism and the second module does not support the first security mechanism. See the preceding text for details, such as the description of S215, which will not be repeated here.

[0399] In some possible implementations, if the second module does not support the first security mechanism, the terminal device sends the fourth indication information to the first network. That is, if the terminal device determines that the second module does not support the first security mechanism, it can explicitly request the first network to issue the second indication information, or explicitly request the first network to change the default calculation method for hiding the identity to the first module.

[0400] The fourth instruction is an implicit instruction:

[0401] In some examples, the fourth instruction information can be used to implicitly instruct the first network to send the second instruction information.

[0402] For example, the fourth indication information may include the capability information of the first module. In some possible implementations, prior to step 250, method 200 may further include: the second network element determining, based on the fourth indication information (e.g., including the capability information of the first module), that the first module supports the first security mechanism; and determining, based on the second hidden identity identifier, that the second module does not support the first security mechanism.

[0403] The above scheme can also be understood as follows: the second network element can determine whether the first module supports the first security mechanism based on the capability information of the first module; the second network element can determine whether the second module supports the first security mechanism based on the second hidden identity identifier; if the first module supports the first security mechanism and the second module does not support the first security mechanism, the second network element sends the second indication information to the terminal device.

[0404] The following examples illustrate how the second network element determines whether the first module supports the first security mechanism and whether the second module does not support the first security mechanism.

[0405] The second network element can determine whether the first module supports the first security mechanism based on the capability information of the first module. The capability information of the first module can explicitly or implicitly indicate whether the first module supports the first security mechanism.

[0406] As an example, the capability information of the first module can directly indicate whether the first module supports the first security mechanism. For example, the capability information of the first module may include indication information, the different states of which can indicate whether the first module supports the first security mechanism. As a specific example, the indication information may be 1 bit. A bit of 1 indicates that the first module supports the first security mechanism; a bit of 0 indicates that the first module does not support the first security mechanism. Alternatively, a bit of 0 indicates that the first module supports the first security mechanism; a bit of 1 indicates that the first module does not support the first security mechanism. The indication information may also include more bits, or in other words, more bits may be used to indicate whether the first module supports the first security mechanism; this application does not limit this.

[0407] As another example, the capability information of the first module can implicitly indicate that the first module supports the first security mechanism. For example, the capability information of the first module can indicate that the first module supports a future communication protocol. If all first modules that support the future communication protocol also support the first security mechanism, then network elements in the first network (e.g., the second network element) can determine that the first module supports the first security mechanism based on the information that "the first module supports the future communication protocol".

[0408] The following describes one possible way for the second network element to determine whether the second module supports the first security mechanism.

[0409] In some examples, the second network element can determine whether the home network corresponding to the home network identifier in the second hidden identity supports the first security mechanism, thereby determining whether the second module supports the first security mechanism.

[0410] For example, when the plaintext identity information type is IMSI, the home network identifier can include MCC and MNC. When the plaintext identity information type is NSI, GLI, or GCI, the home network identifier can include the realm. See Section 3 of the Terminology Explanation for details. Figure 3 .

[0411] As an example, the second network element can determine that the home network identifier in the second hidden identity corresponds to a traditional communication network (e.g., a 3G, 4G, or 5G communication network). However, the traditional communication network does not support the first security mechanism. Thus, the second network element can know that the home network corresponding to the second module does not support the first security mechanism. Furthermore, since the second network element knows that the home network corresponding to the second module does not support the first security mechanism, it can determine that the second module does not support the first security mechanism.

[0412] If the home network corresponding to the home network identifier does not support the first security mechanism, the second network element can determine that the second module (i.e., the second module belonging to the home network) does not support the first security mechanism. One possible principle is that the home network identifier is provided by the second module.

[0413] As another example, the second network element stores the correspondence between the home network identifier and whether the first security mechanism is supported. The second network element determines whether the home network corresponding to the second module supports the first security mechanism based on the home network identifier.

[0414] Figure 8 This is a schematic flowchart of a communication method 300 provided in an embodiment of this application. Method 300 can be a possible specific implementation of method 200. In method 300, it is assumed that the second module is a 5G USIM. The 5G USIM does not support the first security mechanism but supports the second security mechanism, which can be a security mechanism used in the 5G communication system to protect plaintext identity information. For ease of understanding, the following description takes the first module as an ME that supports the first security mechanism. After the 5G USIM card is installed in the ME, the 5G USIM uses the second security mechanism to protect the SUPI, thereby obtaining the first hidden identity identifier. The ME uses the first security mechanism to process the first hidden identity identifier to obtain the second hidden identity identifier. The network side can correspondingly use the first security mechanism to decrypt the second hidden identity identifier to obtain the first hidden identity identifier; and use the second security mechanism to decrypt the first hidden identity identifier to obtain plaintext identity information.

[0415] The following describes the various nodes involved in method 300.

[0416] 5G USIM. A 5G USIM can be used to implement the functions of a USIM card as specified in the 5G protocol. The 5G USIM can be installed in the ME and used in conjunction with the ME. For example, a UE may include both a 5G USIM and an ME. See the preceding text, for example, the node introduction section of Method 200, and the terms explained in Articles 5, 6, and 7 regarding functions related to the USIM card. Unless otherwise specified, the 5G USIM in this application can be the 5G USIM card (or simply the USIM card itself), a component within the 5G USIM card (e.g., a processor, chip, or chip system), or a logic module or software capable of implementing all or part of the functions of the 5G USIM card. For ease of description, the following description uses the 5G USIM as the implementing entity.

[0417] ME. The ME can be an ME supporting 5.5G communication protocols or future communication protocols beyond 5G. The ME can be used in conjunction with a 5G USIM. For example, the UE may include a 5G USIM and an ME, as detailed above, for example, in the node introduction section of method 200. Unless otherwise specified, the ME in this application can be the ME itself, a component within the ME (e.g., a processor, chip, or chip system), or a logic module or software capable of implementing all or part of the ME's functions. For ease of description, the following description uses the ME as the implementing entity.

[0418] RAN. RAN can be a device that supports 5G communication protocols, 5.5G communication protocols, or future communication protocols, etc. Unless otherwise specified, RAN in this application can be the access network device itself, a component within the access network device (e.g., a processor, chip, or chip system), or a logical module or software that can implement all or part of the functions of the access network device. For ease of description, the following description uses RAN as the executing entity.

[0419] AMF. An AMF can be the AMF in a 5G core network, or a network element in a future communication system used to implement mobility management and access management functions. In future communication systems, this network element may retain the name AMF, or it may have other names; this application does not limit this. For ease of description, this application uses the name AMF as an example, but this name can also be replaced with the name of a network element in a future communication system. Unless otherwise specified, the AMF in this application can be the core network equipment itself, a component within the core network equipment (e.g., a processor, chip, or chip system), or a logical module or software capable of implementing all or part of the core network equipment's functions. For ease of description, the following description uses the AMF as the implementing entity.

[0420] UDM. UDM can be a UDM that supports future communication protocols or a UDM that supports 5G communication protocols. In 5G communication systems, network elements used for data management can be called UDMs. In future communication systems, network elements used for data management may still use the name UDM, or they may have other names; this application does not limit this. For ease of description, this application uses the name UDM as an example, but this name can also be replaced with the name of a network element in a future communication system.

[0421] Furthermore, UDM can also be replaced by SIDF or other network elements (e.g., data storage network elements). In 5G communication systems, the network element used to hide user identifiers can be called SIDF. In future communication systems, the network element used to hide user identifiers and supporting future communication protocols may still use the name SIDF, or it may have other names; this application does not limit this. For ease of description, this application uses the name SIDF as an example, but this name can also be replaced by the name of a network element in a future communication system. For ease of description, the following description still uses UDM as an example.

[0422] Unless otherwise specified, UDM in this application may be the core network equipment itself, a component in the core network equipment (e.g., a processor, chip, or chip system), or a logical module or software that can implement all or part of the functions of the core network equipment.

[0423] In addition, for ease of distinction, UDMs in 5G communication networks are referred to as the first UDM, and UDMs in 5.5G communication networks or future communication networks are referred to as the second UDM.

[0424] To facilitate understanding and description, some terms used in Method 300 are introduced below.

[0425] Hidden identity. Hidden identity can be in 5G communication systems or in future communication systems beyond 5G. In 5G communication systems, the hidden identity can be SUCI, for example, see Section 3 of the Terminology Explanation. Figure 3 and Figure 4 In future communication systems, the Hidden Identity Token (SUCI) may retain the name SUCI or may have other names; this application does not limit this. Furthermore, in future communication networks, the structure of the Hidden Identity Token may be consistent with or different from the structure of SUCI in 5G communication systems; this application does not limit this.

[0426] For ease of understanding and description, the following description uses SUCI as an example of a hidden identity. Accordingly, the first hidden identity can be denoted as SUCI#1, and the second hidden identity can be denoted as SUCI#2.

[0427] Plaintext identity information. Plaintext identity information can be plaintext identity information in 5G communication systems or in future communication systems after 5G. In 5G communication systems, plaintext identity information can be SUPI, for example, see Section 2 of the Terminology Explanation. In future communication systems, plaintext identity information may retain the name SUPI or may have other names; this application does not limit this. Furthermore, in future communication networks, the structure of plaintext identity information may be consistent with or different from the structure of SUPI in 5G communication systems; this application does not limit this.

[0428] For ease of understanding and description, the following description will use the plaintext identity information SUPI as an example.

[0429] Other terms can be found in the description of Method 200, and will not be repeated here.

[0430] The following is combined with Figure 8 This section introduces the various operations of method 300.

[0431] S305, ME confirms request for access to a future communication network.

[0432] In some possible implementations, prior to S305, method 300 may include: powering on the ME, activating the UICC card (including the 5G USIM), selecting a USIM application on the ME, performing a USIM initialization procedure on the ME (e.g., see Explanation of Terms 6), obtaining the user identifier (e.g., IMSI, SUPI, or other identifier) ​​in the 5G USIM, obtaining network selection related parameters (e.g., including a network selection priority list), and performing network selection on the ME.

[0433] The ME can determine which future communication network to access. In some examples, the ME determines the preferred future communication network based on predefined or pre-configured information. In other examples, after the operator deploys the future communication network, it can update the network selection priority list configured in the 5G USIM, which prioritizes future communication networks. Thus, when selecting a network, the ME can prioritize accessing the future communication network based on the configured network selection priority list.

[0434] Among them, the methods by which operators update the network selection priority list configured in the 5G USIM include, but are not limited to: over the air (OTA), UE parameter update (UPU), or UE configuration update (UCU).

[0435] S310, the ME sends a GET IDENTITY command to the 5G USIM. Correspondingly, the 5G USIM receives the GET IDENTITY command from the ME.

[0436] In some examples, the EF of the USIM card UST Service n°124 in the file is declared as "available," indicating support for SUPI protection; the USIM card's EF UST Service n°125 in the file is declared as "available," indicating that it supports SUCI calculation by USIM. In this case, USIM can encrypt SUPI to obtain SUCI.

[0437] The ME can use the "GET IDENTITY" command to obtain the SUCI calculated by the USIM. "GET IDENTITY" can be the USIM command used by the ME to obtain the SUCI.

[0438] "GET IDENTITY" is an optional command. ME can send the "GET IDENTITY" command to the USIM card.

[0439] S315, the 5G USIM sends a SUCI (denoted as SUCI#1) to the ME. Correspondingly, the ME receives SUCI#1 from the 5G USIM.

[0440] In some possible implementations, S315 includes: in response to an identity acquisition command, the 5G USIM sends SUCI#1 to the ME.

[0441] For example, after receiving the "GET IDENTITY" command, USIM can perform any of the following:

[0442] If the service table in the USIM card includes an indication for calculating the SUCI, the USIM card returns the SUCI to the ME. If the USIM card does not support the command, it returns status code "6D00" to the ME, indicating that it is not supported or is invalid.

[0443] If the indication in the USIM card is not for calculating the SUCI by the USIM card, or if the SUCI is calculated by the ME, then the USIM card sends status code "6985" to the ME, indicating that the condition is not met.

[0444] If the information used to calculate SUCI is not correctly configured in the USIM card, the USIM card sends an error status code to the ME.

[0445] It is understood that in future communication protocols, the USIM command used by the ME to obtain SUCI-related information from the USIM may still be called "GET IDENTITY" or may have other names, and this application does not limit this. The term "GET IDENTITY" in method 300 is only for ease of understanding and expression, and "GET IDENTITY" in method 300 can be replaced with a command with other names.

[0446] As an example, the 5G USIM can be configured with calculation parameters for a second security mechanism (e.g., parameters related to SUCI calculation in a 5G communication network). These parameters are then used as input to encrypt the SUPI using the second security mechanism (e.g., ECIES) to obtain SUCI#1. Further, the 5G USIM can execute S315 to send SUCI#1 to the ME.

[0447] S320, ME uses the first security mechanism to encrypt SUCI#1, resulting in SUCI#2.

[0448] In some examples, the ME can pre-configure the computation parameters of the first security mechanism (e.g., the SUCI computation parameters of a future communication network). For example, setting the computation parameters of the first security mechanism may include a list of public keys for the first security mechanism, or an identifier for the first security mechanism, and so on.

[0449] In some possible implementations, ME can use SUCI#1 as the scheme input, and generate SUCI#2 using the first security mechanism and its public key.

[0450] In some possible implementations, the ME can determine that the 5G USIM belongs to a 5G communication network; in other words, the ME can determine that the 5G USIM card is a 5G network card. Furthermore, the ME can execute S320.

[0451] The following describes two possible methods by which ME determines whether a 5G USIM belongs to a 5G communication network. These are referred to as Method 1 and Method 2, respectively.

[0452] Method 1: ME can determine that the transmitter of SUCI#1 (i.e., 5GUSIM) belongs to the 5G communication network based on the HPLMN ID in SUCI#1, thereby triggering S320.

[0453] Method 2: ME can determine that the sender of the IMSI or SUPI (i.e., 5G USIM) belongs to the 5G communication network based on the MNC and MCC carried in the IMSI or SUPI returned by the 5G USIM, thereby triggering S320.

[0454] S330, ME sends a registration request to AMF. Correspondingly, AMF receives the registration request from ME.

[0455] The registration request can be used to register the 5G USIM. For example, the ME can send a registration request to the AMF via RAN forwarding.

[0456] For example, a registration request may include SUCI#2.

[0457] Optionally, the registration request includes first instruction information. Based on the first instruction information, the first network may determine to perform the following operations: first, use a first security mechanism to decrypt SUCI#2 to obtain SUCI#1; then, use a second security mechanism to decrypt SUCI#1 to obtain SUPI.

[0458] For example, the first indication information can be used to indicate that SUCI#2 was obtained by processing SUCI#1 using the first security mechanism; or, to indicate that SUCI#2 was obtained by a hybrid calculation of ME and 5G USIM; or, to indicate that SUCI#2 was obtained by calculating using the first security mechanism and the second security mechanism. Other descriptions of the first indication information can be found above, such as the relevant content in S235, and will not be repeated here.

[0459] In other examples, the first instruction information may not be carried in the registration request. For example, the first instruction information may be carried in other messages besides the registration request. Furthermore, the message carrying the first instruction information may be sent simultaneously with the registration request or may not be sent simultaneously; this application does not impose any limitations on this.

[0460] Optionally, the registration request includes a fourth indication. This fourth indication can be used to indicate that the SUCI calculation method be updated to ME. For example, the fourth indication can be used to indicate an update of the SUCI calculation method. Wherein, the 5G USIM has an indication configured for the SUCI calculation method, and the fourth indication can be used to request modification of the indication configured for the SUCI calculation method in the 5G USIM. As a specific example, the fourth indication can be used to request modification of the EF of the 5G USIM. UST The service n°125 is "unavailable".

[0461] Correspondingly, network elements on the network side can modify the SUCI calculation method indication configured in the 5G USIM based on the aforementioned fourth indication information. For example, they can modify the EF of the 5G USIM. UST The service n°125 is "unavailable".

[0462] In other examples, the fourth instruction information may not be carried in the registration request. For example, the fourth instruction information may be carried in other messages besides the registration request. Furthermore, the message carrying the fourth instruction information may be sent simultaneously with the registration request or may not be sent simultaneously; this application does not impose any limitations on this.

[0463] In other examples, the function of the fourth instruction information can be achieved through other information. For example, the first instruction information described above can achieve the function of the fourth instruction information; in other words, the fourth instruction information and the first instruction information can be considered as a single instruction information.

[0464] The following description uses an example where the fourth instruction differs from the first instruction. The fourth instruction can be either explicit or implicit. Examples of two possible implicit instructions are given below.

[0465] Optionally, the fourth indication information includes the ME's capability information. This ME capability information can indicate that the ME supports future communication protocols. In this way, network elements on the network side can determine whether the ME supports future communication protocols through the aforementioned capability information.

[0466] In other examples, the aforementioned ME capability information can be predefined or preconfigured. For instance, in future communication networks, the default sender of registration requests for network elements is an ME that supports the first security mechanism. In one possible scenario, only MEs supporting the first security mechanism can send registration requests to network elements in the future communication network (e.g., only MEs supporting future communication protocols can send registration requests to network elements in the future communication network, and all MEs supporting future communication protocols support the first security mechanism); in other words, MEs that do not support the first security mechanism (e.g., 5G MEs, 4G MEs, or other MEs supporting traditional communication networks) cannot send registration requests to network elements in the future communication network. Therefore, network elements in the future communication network can default to receiving registration requests from MEs that support the first security mechanism.

[0467] S332, the AMF sends a registration request to the second UDM. Correspondingly, the second UDM receives the registration request from the AMF.

[0468] S330 and S332 above can be understood as the AMF forwarding the registration request, enabling the second UDM to receive the registration request from the ME. The function and information carried by the registration request in S332 can be found in the description of S330, and will not be repeated here.

[0469] In addition, the registration request can also carry a routing indicator. This routing indicator can be obtained by the ME from the 5G USIM before the ME calculates SUCI#2 (i.e., the ME performs S320). SUCI#2 can carry the routing indicator in plaintext.

[0470] In some examples, the AMF can locate the UDM based on the routing instructions in SUCI#2. These routing instructions can be from traditional communication networks (e.g., 5G communication networks). It is understood that the aforementioned routing instructions are provided by 5GUSIM; therefore, these routing instructions are 5G communication network routing instructions (abbreviated as 5G routing instructions).

[0471] As an example, the AMF can send SUCI#2, including the routing instructions from the legacy communication network, to the first UDM in the legacy communication network (e.g., a 5G communication network) based on the routing instructions in the legacy communication network and the local default configuration. The above example... Figure 8 Not shown in the image.

[0472] As another example, the AMF can send SUCI#2, which includes the routing identifier in the traditional communication network, to a second UDM in a 5.5G communication network or a future communication network, based on the routing indication in the traditional communication network and a pre-stored mapping relationship (denoted as mapping relationship #1). Mapping relationship #1 can include the mapping relationship between the routing indication in the traditional communication network and the second UDM. For example, if the AMF does not store mapping relationship #1, it may route the routing indication in SUCI#2 to a network element in the traditional communication network that does not support the first security mechanism (e.g., the first UDM). In other words, the routing indication can be used to access a network element that does not support the first security mechanism (e.g., the first UDM). However, based on the above scheme, the AMF can, based on the locally stored mapping relationship #1, send SUCI#2, which might originally be routed to a network element that does not support the first security mechanism (e.g., the first UDM), to a second UDM that supports the first security mechanism.

[0473] S334, the second UDM uses the first security mechanism to decrypt SUCI#2 and obtain SUCI#1.

[0474] In some possible implementations, the second UDM can decrypt SUCI#2 using the first security mechanism based on the first instruction information in the registration request to obtain SUCI#1.

[0475] Regarding the decryption of SUCI#1, two possible implementations are introduced below, referred to as Decryption Example 1 and Decryption Example 2, respectively.

[0476] Decryption Example 1: The second UDM can store a list of 5G users' public keys and corresponding private keys, and it can support the security mechanisms of 5G communication networks (or, in this example, the second security mechanism). Thus, the second UDM can find the corresponding private key based on the public key identifier, and using the corresponding private key, based on the second security mechanism, decrypt SUCI#1 to obtain SUPI.

[0477] Decryption Example 2: The second UDM can send SUCI#1 to the corresponding 5G UDM (or, the first UDM). Specifically, based on the routing identifier in SUCI#1, the corresponding first UDM is found, and the first UDM decrypts SUCI#1. The following is combined with... Figure 8 The S336 and S338 will be introduced.

[0478] S336, the second UDM sends SUCI#1 to the first UDM.

[0479] For example, the second UDM can route SUCI#1 to the first UDM based on the HPLMN ID in SUCI#2 or SUCI#1 and the 5G routing indication. Specifically, the second UDM can determine that SUCI#1 obtained by the second UDM belongs to the 5G communication network based on the HPLMN ID in SUCI#2 or SUCI#1. The second UDM can then send SUCI#1 carrying a routing identifier and HPLMN ID to the first UDM. The routing identifier can be used to route SUCI#1 to the first UDM.

[0480] S338, the first UDM decrypts SUCI#1 to obtain SUPI.

[0481] For example, the first UDM can use the second security mechanism and the private key pre-stored by the first UDM (which corresponds to the public key under the second security mechanism) to decrypt SUCI#1 and obtain SUPI.

[0482] In some other possible implementations, the first UDM can be updated to support the first security mechanism and configured with a public / private key list for the first security mechanism. In this case, S332 described above can be replaced by the AMF sending a registration request to the first UDM. For example, the AMF can route the registration request to the first UDM based on the 5G routing indication in SUCI#2 carried in the registration request.

[0483] In addition, the above S334 can be replaced by: the first UDM using the private key corresponding to the public key of the first security mechanism to decrypt SUCI#2 based on the algorithm of the first security mechanism to obtain SUCI#1; and using the private key corresponding to the public key of the second security mechanism to decrypt SUCI#1 based on the second security mechanism to obtain SUPI.

[0484] In some examples, the first UDM can determine, based on the first indication information carried in the registration request sent by the AMF, that the aforementioned SUCI#2 can be decrypted twice, using the first security mechanism and the second security mechanism respectively, to obtain SUPI. In other examples, the first UDM can determine that SUCI#2 is generated by a 5G USIM based on the HPLMN ID in SUCI#2, and determine that SUCI#2 uses the first security mechanism based on the protection mechanism identifier in SUCI#2, thus determining that after decrypting SUCI#2 to obtain SUCI#1, a second decryption is required to obtain SUPI.

[0485] Based on the two possible decryption examples above, SUCI#1 is decrypted, and the network side can obtain SUPI, thereby executing S340.

[0486] S340 performs the authentication process and establishes a secure connection between 5G USIM, ME and future communication networks.

[0487] UDM (e.g., first UDM, or second UDM) can generate authentication vectors based on SUPI for subsequent identity authentication processes, establishing a secure connection between 5G USIM, ME and future communication networks.

[0488] Furthermore, if the network side receives a fourth instruction message (instructing the SUCI calculation method to be updated to ME), or receives an implicit instruction to update the SUCI calculation method to ME, or if the aforementioned second instruction message also has the function of instructing the SUCI calculation method to be updated to ME, then the network side may optionally execute S350, S352, and S354. These will be described below.

[0489] S350, the second UDM triggers the sending of computer update information to the ME. This computer update information is used to modify the computer of the SUCI in the 5G USIM to the ME. Correspondingly, the ME receives the computer update information.

[0490] In some possible implementations, the second UDM can trigger a process to modify the calculation method of SUCI in the 5G USIM to ME based on information in the registration request.

[0491] Optionally, the registration request in S332 includes display indication information for updating the SUCI computer to ME (e.g., a second indication information having the function of indicating that the SUCI computer is updated to ME, or a fourth indication information). In this way, the second UDM can trigger the process of updating the SUCI computer to ME based on the aforementioned display indication information.

[0492] Optionally, the registration request in S332 includes the ME's capability information and SUCI#2. Thus, the second UDM can trigger the process of updating the SUCI calculation method to the ME based on the ME's capability information and SUCI#1. For example, the second UDM can determine that the ME supports future communication protocols based on the aforementioned capability information. The second UDM can determine that the USIM supports 5G communication protocols, or in other words, determine that the USIM is a 5G USIM, based on the home network identifier or protection mechanism identifier in SUCI#2.

[0493] The above scheme can also be understood as follows: the second UDM can determine that the SUCI#2 sent by the ME uses the second security mechanism of the 5G network to calculate the SUCI (or, the ME failed to use the first security mechanism to protect the SUPI), thereby triggering the process of updating the SUCI calculation party to the ME, so that the SUCI can be calculated by the ME that supports the first security mechanism.

[0494] Optionally, the registration request in S332 includes SUCI#2. The second UDM can determine whether the USIM supports the 5G communication protocol, or in other words, determine whether the USIM is a 5G USIM, by using the home network identifier or protection mechanism identifier in SUCI#2. In the future, network elements in the communication network can default to the ME as the sender of the registration request, thereby triggering the process of updating the SUCI calculation party to the ME.

[0495] For example, the process of changing the computer of SUCI in a 5G USIM to ME can be implemented through processes such as UPU, UCU, or OTA, and this application does not limit it. For example, computer update information can also be carried in a security mode command (SMC) message, a registration accept message, or a message with NAS security protection.

[0496] In the case where the process of modifying the SUCI calculation method in the 5G USIM to ME is implemented through UPU or UCU, S350 may include: the second UDM sending calculation method update information to the ME. In other words, the calculation method update information may be sent by the second UDM.

[0497] When the process of changing the SUCI calculation method in the 5G USIM to ME is implemented via OTA, S350 may include: a second UDM triggering the OTA server to send calculation method update information to the ME. In other words, the calculation method update information can be sent by the OTA server. Specifically, the UDM can send a request to the OTA server, and the OTA server, based on the request, sends the calculation method update information to the ME.

[0498] In some examples, the computer update information includes SUCI computation indication update information. This SUCI computation indication update information can be used to change the SUCI computer to ME. For example, this SUCI computation indication update information can instruct the ME to change the EF in the 5G USIM. UST The service n°125 is either "unavailable" or has a value of "0".

[0499] Optionally, the computational update information may also include information on SUCI calculation parameter updates. For example, the SUCI calculation parameter update information may include updated calculation parameters for the first security mechanism. For example, the updated parameters may include at least one of the following: an updated protection mechanism, an updated public key, an updated public key identifier, or other information.

[0500] Optionally, the computational update information also includes updated routing instructions. This allows the ME to use the updated routing instructions.

[0501] In other examples, the routing indication can be reused from the existing routing indication, so the information on the updated SUCI calculation parameters mentioned above may not include the updated routing indication.

[0502] The execution entity in S350 described above can also be replaced by the first UDM instead of the second UDM. That is, the second UDM determines that it is triggered to send computational update information to the ME, and this application is not limited to this. Furthermore, if the computational update information also includes information on updated SUCI computation parameters, the second UDM may be configured with updated computation parameters for the first security mechanism, thereby carrying the updated computation parameters in the computational update information. In other examples, the second UDM may not have stored the updated computation parameters for the first security mechanism. The second UDM can request the updated computation parameters for the first security mechanism from the first UDM, thereby carrying the updated computation parameters in the computational update information.

[0503] S352, the ME sends a first command to the 5G USIM. This first command can be used to modify the calculation method of SUCI in the 5G USIM to that of the ME. Correspondingly, the 5G USIM receives the first command from the ME and, according to the first command, modifies the calculation method of SUCI in the 5G USIM to that of the ME.

[0504] For example, 5G USIM can modify EF based on the first command. UST The service n°125 in the value is "unavailable" or has a value of "0". For example, the above modification can be performed using the UPDATE BINARY operation.

[0505] S354, the ME sends a second command to the 5G USIM. This second command can be used to update the SUCI calculation parameters. Correspondingly, the 5G USIM receives the second command from the ME and updates the parameters used in the 5G USIM for calculating the SUCI according to the second command.

[0506] The second command may carry updated security parameters. For example, the information for updating the SUCI calculation parameters of S350 may include updated calculation parameters of the first security mechanism. These updated calculation parameters may include at least one of the following: an updated protection mechanism, an updated protection mechanism identifier, an updated public key, an updated public key identifier, or other information. The second command may accordingly carry at least one of the above information.

[0507] In some possible implementations, 5G USIM can be based on a second command to EF. SUCI_Calc_Info Perform an UPDATE BINARY operation on the file, writing the updated security parameters.

[0508] In some examples, 5G USIM can be deployed on existing EF (Engineering Framework). SUCI_Calc_Info Add updated security parameters to the file. In other words, the updated EF... SUCI_Calc_Info The file may include existing SUCI calculation parameters for the second security mechanism, as well as SUCI calculation parameters for the first security mechanism (i.e., updated security parameters). For example, if the SUCI calculation parameter update information for S350 also includes SUCI calculation parameters for the second security mechanism, then the second command can instruct the 5G USIM to retain EF. SUCI_Calc_Info Based on the existing SUCI calculation parameters of the second security mechanism in the document, updated security parameters (i.e., SUCI calculation parameters of the first security mechanism) are added.

[0509] In other examples, 5G USIM can transmit EF. SUCI_Calc_Info The existing SUCI calculation parameters in the file have been replaced with updated security parameters. In other words, the 5G USIM can cover EF. SUCI_Calc_Info The file already contains SUCI calculation parameters. For example, if the updated SUCI calculation parameters for S350 only include updated security parameters, the second command can instruct the 5GUSIM to use the updated security parameters, overriding EF. SUCI_Calc_Info The SUCI calculation parameters for the second security mechanism already present in the document.

[0510] Optionally, the second command can also be used to update the routing indication. The 5G USIM can update the routing indication based on the second command.

[0511] This application does not limit the execution order of S352 and S354. For example, the first command and the second command can be sent simultaneously or separately. The first command can be sent before the second command or after the second command.

[0512] In addition, S350, S352, and S354 are also optional operations. Method 300 may include at least one of S350, S352, or S354, or may not include S350, S352, and S354.

[0513] For example, at some point after S350, S352, and S354 are executed, or at some point after S350 and S352 are executed, the UE (including 5G USIM and ME) needs to recalculate SUCI, and the ME can execute S370.

[0514] S370, ME uses the first security mechanism to process SUPI, resulting in SUCI#3.

[0515] In some possible implementations, ME can be updated based on the configuration of S354 (e.g., EF). UST The service n°124 in EF is "available". UST The service n°125 in the system is "unavailable", and SUPI is used to calculate SUCI#3. For example, the ME can request relevant parameters for calculating SUCI#3 from the 5G USIM (e.g., the security parameters updated in S354), encrypt the SUPI based on the first security mechanism, and obtain SUCI#3.

[0516] During the matching and use of ME and 5G USIM, if the 5G USIM is configured to calculate SUCI by the USIM, the SUCI#1 obtained by the 5G USIM based on the traditional second security mechanism may be insufficiently secure (e.g., it is difficult to resist quantum attacks). Based on the above scheme, without modifying the logic of 5G USIM calculating SUCI, ME can use a first security mechanism with higher security strength to encrypt SUCI#1 to obtain SUCI#2. SUCI#2 can provide a higher level of security (e.g., it can resist quantum attacks) for user identity privacy protection.

[0517] In addition, the network side can trigger the modification of SUCI calculation parties and the distribution of new parameters through the instruction information of ME, or through the capability information of ME and the home network of USIM, so that ME can provide a higher level of security protection for user identity and privacy during subsequent access processes.

[0518] Figure 9 This is a schematic flowchart illustrating a communication method 400 provided in an embodiment of this application. Some nodes involved in method 400 can be found in the description of method 200, and will not be repeated here. It is understood that method 400 may also involve other nodes; for example, information sent from the terminal device to the network side may require forwarding by an access network device. Therefore, method 400 also involves access network devices. For the sake of brevity, the specific descriptions of other nodes will not be repeated here. Furthermore, the descriptions of some terms involved in method 400 can be found in the description of method 200, and will not be repeated here.

[0519] The following is combined Figure 9 This section introduces the various operations of method 400.

[0520] S410, the first module in the terminal-side device obtains plaintext identity information and a first secret from the second module in the terminal-side device.

[0521] The aforementioned terminal-side device may include a first module and a second module. The first module may support a first security mechanism, and the second module may support a second security mechanism. The first security mechanism differs from the second security mechanism, and the security strength of the first security mechanism may be higher than that of the second security mechanism.

[0522] For example, the first module may obtain plaintext identity information and the first secret from the second module simultaneously, or they may not obtain them simultaneously. This application does not limit the order in which the first module obtains the plaintext identity information and the first secret.

[0523] As an example, the first module can obtain plaintext identity information during the initialization process of the second module. See section 6 of the glossary for details; further explanation is omitted here.

[0524] For example, the first secret may be obtained by the second module according to the second security mechanism. For instance, the second module can use the second security mechanism to encrypt its private key and the home network's public key to obtain the first secret. Taking ECIES as an example, the second module can use its ECC temporary private key and the public key allocated by the home network to perform key exchange (e.g., DH key exchange) to obtain the first secret.

[0525] As an example of a first module obtaining a first secret from a second module, the first module sends a request message to the second module requesting the first secret. The second module can then send the calculated first secret back to the first module based on the request message.

[0526] In some examples, the request information is carried in a first message, which requests the second module to provide a hidden identity identifier. Taking a 5G communication system as an example, the first message can be called a GET IDENTITY command. In future communication systems, the first message may still be called a GET IDENTITY command, or it may have other names; this application does not limit this.

[0527] In some possible implementations, the second module can perform protection of the plaintext identity information based on the first message, thereby obtaining the first secret. For example, the second module can process the plaintext identity information using a second security mechanism based on the first message to obtain the fifth hidden identity identifier.

[0528] In obtaining the fifth hidden identity, the second module can obtain the first secret. Specifically, the first secret can be used to derive a key, which can be used to encrypt and / or fully preserve plaintext identity information, thereby obtaining the mechanism output; the second module can use the above mechanism output to construct the fifth hidden identity.

[0529] Furthermore, the second module can send a fifth hidden identity identifier to the first module based on the first message, and send the first secret to the second module based on the request information in the first message.

[0530] In other examples, the request message can be carried in a message other than the first message. As an example, the request message can be sent before or after the first message, or it can be sent simultaneously with the first message.

[0531] In this terminal device, the default computation method for the hidden identity identifier is the second module. In some possible implementations, before the first module obtains the first secret from the second module, the first module needs to know that the default computation method for the hidden identity identifier is the second module. The following describes a possible example of the first module knowing that the default computation method for the hidden identity identifier is the second module.

[0532] For example, the configuration information of the default computing party for the hidden identity can be stored in the second module. For instance, during the process of the first module executing the initialization process of the second module, the first module can request the configuration information of the second module to learn that the default computing party for the hidden identity is the second module.

[0533] Furthermore, the first module can request the first secret from the second module based on the information that "the default calculation party for the hidden identity is the second module"; the second module can obtain the first secret and send it to the first module.

[0534] S415, the first module uses the first security mechanism to obtain the second secret.

[0535] As an example, the first module can use a first security mechanism to encapsulate the public key corresponding to the first security mechanism and output a second secret. For example, the first security mechanism identifier may include one or more protection mechanism identifiers of the PQC algorithm. The first module in the terminal device can select one of the protection mechanism identifiers from the first security mechanism identifiers, use the public key (pk) corresponding to the protection mechanism identifier as the input to the PQC encapsulation (Encaps) algorithm, and output ciphertext (ct) and a shared secret (ss). The above process can also be represented as Encaps(pk) = ct, ss. The ss mentioned above can be used as the second secret.

[0536] The public key corresponding to the first security mechanism can be pre-configured in the first module. In this way, the first module can execute S415 based on the locally configured public key.

[0537] S420, the first module performs key deduction based on the first secret and the second secret to obtain the first key.

[0538] As an example, the first module can take the first secret and the second secret together as input to the KDF to derive a key (denoted as the first key) for protection (e.g., encryption and / or integrity protection).

[0539] S425, the first module uses the first key to process the plaintext identity information to obtain the fourth hidden identity identifier.

[0540] As an example, the first module can use the first key mentioned above to encrypt and secure the plaintext identity information, obtaining ciphertext and a MAC tag. The first module can then use the ciphertext ct obtained in S415, the ciphertext ciphertext obtained in S425, and the MAC tag to construct the output of the mechanism for the fourth hidden identity. Furthermore, the first module can combine this information with the home network identifier, routing indication, and plaintext identity information type obtained from the second module to obtain the fourth hidden identity.

[0541] In some possible implementations, method 400 further includes: the first module obtaining a fifth hidden identity identifier from the second module; the first module determining second security mechanism indication information based on the first security mechanism indication information in the fifth hidden identity identifier. Further, S425 includes: the first module carrying the second security mechanism indication information in a fourth hidden identity identifier.

[0542] As an example, the aforementioned first security indication information can be used to indicate the security mechanism (e.g., the second security mechanism) upon which the fifth hidden identity is based. In some examples, the first module can determine the second security mechanism indication information based on the aforementioned first security indication information and the identifier of the second security protection mechanism selected by the first module (e.g., the protection mechanism identifier corresponding to the public key used by the first module to obtain the first secret in S415). This second security mechanism indication information can be used to indicate the protection mechanism identifier upon which the fourth hidden identity is based. For example, the identifiers of the various hybrid mechanisms in Table 2. Thus, the network side can determine the public key and corresponding private key required to decrypt the fourth hidden identity based on the second security mechanism indication information.

[0543] S430, the first module sends the fourth hidden identity identifier to the first network, the fourth hidden identity identifier being used to access the first network. Correspondingly, a network element (e.g., a second network element) in the first network receives the fourth hidden identity identifier.

[0544] The second hidden identity can be used to access the first network. For example, the first network can generate an authentication vector based on the fourth hidden identity to authenticate the terminal device, thereby establishing a secure connection between the terminal device and the first network.

[0545] The fourth hidden identity identifier can be carried in the third registration request message. The third registration request message is used to request access to the first network, or in other words, the third registration request message can be used to request registration of the terminal device. The first network can authenticate the terminal device based on the fourth hidden identity identifier in the third registration request message.

[0546] The specific process of generating the authentication vector based on the fourth hidden identity will be discussed later, for example, the relevant content of S445, which will not be elaborated here.

[0547] In some examples, prior to S430, method 400 further includes: the terminal device determining that it requests access to a first network. For example, the first module can obtain network selection-related parameters (e.g., including a network selection priority list) from the second module to perform network selection. Ultimately, the terminal device can select the first network.

[0548] For example, the first network can be a traditional communication network (e.g., a 3G, 4G, or 5G communication network) or a future communication network (e.g., a 5.5G communication network, or a communication network after 5G), and this application does not limit it. The first network may include a first network element (e.g., an access and mobility management function) and a second network element (e.g., a UDM, SIDF, or other network element). As an example, the terminal-side device can send a fourth hidden identity identifier to the first network element, and the first network element can forward the fourth hidden identity identifier to the terminal-side device. The specific process is similar to S232 and will not be described in detail here.

[0549] S440, the second network element decrypts the fourth hidden identity identifier to obtain the plaintext identity information of the terminal device.

[0550] The second network element can be a network element in the first network. The first network can be a traditional communication network, a 5.5G communication network, or a future communication network.

[0551] For example, the second network element supports the first security mechanism and stores the private key corresponding to the public key of the first security mechanism.

[0552] In some possible implementations, S440 includes S441, S442, S443, and S444. These are described below.

[0553] S441, the second network element obtains the third secret.

[0554] For example, the third secret may be obtained under the second security mechanism. In some possible cases, the third secret is the same as the aforementioned first secret.

[0555] For ease of understanding, assume that the network to which the second module belongs is the third network, which is a traditional communication network (e.g., 3G, 4G, or 5G communication network). In the case where the second network element is a network element in a future communication network, the following describes two possible examples of how the second network element obtains the third secret.

[0556] As an example, if the second network element stores the public key and the corresponding private key of the second security mechanism, and the second network element supports the second security mechanism, the second network element can use the second security mechanism to process the public key and the corresponding private key to obtain the third secret.

[0557] As another example, where the second network element does not store the public key and / or corresponding private key of the second security mechanism, in one example, the second network element corresponds to one or more network elements in the third network that support the second security mechanism (denoted as the fourth network element). The fourth network element can support the second security mechanism and stores the public key and corresponding private key of the second security mechanism. The first network element can communicate with the fourth network element. Thus, the second network element can send a request to the fourth network element. In response to the request from the second network element, the fourth network element can process the public key and the corresponding private key using the second security mechanism to obtain the third secret, and then send the third secret to the second network element.

[0558] For example, the fourth network element can be a network element in the home network (i.e., the third network) of the second module, such as the UDM, SIDF, or data storage network element in the aforementioned home network.

[0559] S442, the second network element uses the first security mechanism to obtain the fourth secret.

[0560] As an example, the second network element can use the first security mechanism to decapsulate the private key corresponding to the first security mechanism and output the fourth secret. For example, the first security mechanism identifier may include one or more protection mechanism identifiers of the PQC algorithm. The second network element can use the private key (sk) corresponding to the protection mechanism identifier carried by the fourth hidden identity as one input to the PQC decapsulation algorithm, and the ciphertext ct carried by the fourth hidden identity as another input to the above PQC decapsulation algorithm, outputting the shared secret (ss). The above process can also be expressed as Decaps(sk, ct) = ss. The above ss can be used as the fourth secret. In some possible cases, the fourth secret is the same as the aforementioned second secret.

[0561] The private key corresponding to the first security mechanism mentioned above can be pre-configured in the second network element. In this way, the second network element can execute S422 based on the locally configured private key.

[0562] S443, the second network element performs key deduction based on the third secret and the fourth secret to obtain the second key.

[0563] As an example, the second network element can use the third and fourth secrets together as inputs to the KDF to derive a key (denoted as the second key) for deprotection (e.g., decryption and / or integrity verification). In some possible cases, the second key is the same as the aforementioned first key.

[0564] S444, the second network element uses the second key to decrypt the fourth hidden identity identifier and obtain the plaintext identity information of the terminal device.

[0565] As an example, the second network element can use the second key to decrypt the ciphertext in the fourth hidden identity identifier to obtain the plaintext identity information of the terminal device.

[0566] S445, the second network element generates an authentication vector based on the plaintext identity information of the terminal device.

[0567] For ease of understanding, assume that the network to which the second module belongs is the third network, which is a traditional communication network (e.g., 3G, 4G, or 5G communication network). In the case where the second network element is the first network element in a 5.5G communication network or a future communication network, two possible examples of how this second network element generates the authentication vector are described below.

[0568] In some examples, the second network element can store the subscription information of users in the third network. In this way, the second network element can generate an authentication vector based on plaintext identity information and the subscription information of users in the third network stored in the second network element.

[0569] In other examples, the second network element may not store the subscription information of users of the third network. The second network element may communicate with one or more network elements (denoted as the fourth network element) in the home network (i.e., the third network) that store the subscription information of users of the third network.

[0570] As an example, the second network element can send the plaintext identity information to the aforementioned fourth network element in the third network, and the fourth network element can generate an authentication vector based on the plaintext identity information and the subscription information stored in the fourth network element.

[0571] As another example, the second network element requests the fourth network element to provide the user's subscription information. After the second network element obtains the user's subscription information from the fourth network element, the second network element can generate an authentication vector based on the plaintext identity information and the subscription information stored by the fourth network element.

[0572] The following describes the conditions that trigger the first module to perform hybrid encryption, that is, to execute at least one of the above S410, S415, S420 or S425.

[0573] In some possible implementations, prior to S410, S415, S420, or S425, method 400 further includes: the first module determining that it supports the first security mechanism and the second module does not support the first security mechanism.

[0574] In some examples, the first module determines that it supports the first security mechanism, including: the first module determines that it supports the first security mechanism based on its capability information.

[0575] In some examples, the first module determines that the second module does not support the first security mechanism, including: the first module determines whether the second module supports the first security mechanism based on the plaintext identity information and / or the fifth hidden identity identifier. This description is similar to the judgment methods 1 to 3 under S215, except that in S215 the first module uses the first hidden identity identifier, while here it can be replaced with the fifth hidden identity identifier; details will not be elaborated further.

[0576] The following is an example of triggering the second network element's hybrid decryption to hide the identity identifier.

[0577] In some possible implementations, method 400 also includes S435 before S440.

[0578] S435, the first module sends a third indication message to the second network element. Correspondingly, the second network element receives the third indication message.

[0579] Optionally, the third indication information is used to indicate that the fourth hidden identity was obtained by processing the plaintext identity information using the first secret and the second secret. Alternatively, the third indication information is used to indicate that the fourth hidden identity was obtained by processing the plaintext identity information using multiple secrets (e.g., two secrets). Alternatively, the third indication information is used to indicate that the fourth hidden identity was obtained by processing the plaintext identity information using two security mechanisms. Alternatively, the third indication information is used to indicate that the fourth hidden identity requires decryption using two security mechanisms.

[0580] In some examples, the third instruction information may be carried in the same or different messages as the fourth hidden identity. When the message carried by the third instruction information is the same as the message carried by the fourth hidden identity, for example, the message may be a third registration request message. When the message carried by the third instruction information is different from the message carried by the fourth hidden identity, the two messages may be sent simultaneously or not, and this application does not impose any limitations on this.

[0581] In some possible implementations, S440 includes: in response to the third instruction information, the second network element decrypts the fourth hidden identity identifier to obtain the plaintext identity information of the terminal device.

[0582] In addition, in some possible implementations, method 400 also includes a process that triggers the network to modify the default computer of the hidden identity, which is similar to S325, S240, S250, S260 and S270, and will not be described in detail here.

[0583] Figure 10 This is a schematic flowchart of a communication method 500 provided in an embodiment of this application. Method 300 can be a possible specific implementation of method 200. In method 300, it is assumed that the second module is a 5G USIM. The 5G USIM does not support the first security mechanism but supports the second security mechanism, which can be a security mechanism used in the 5G communication system to protect plaintext identity information. For ease of understanding, the following description takes the first module as an ME that supports the first security mechanism. After the 5G USIM card is installed in the ME, the ME can request the 5G USIM to provide a first secret, and use the first secret and a second secret determined by the ME to process the plaintext identity information, thereby obtaining a fourth hidden identity identifier with a higher security level.

[0584] The description of the nodes involved in Method 500 is the same as the description of nodes in Method 300, and will not be repeated here. For ease of understanding and description, some terms involved in Method 300 are introduced below.

[0585] Hidden identity. Hidden identity can be in 5G communication systems or in future communication systems beyond 5G. In 5G communication systems, the hidden identity can be SUCI, for example, see Section 3 of the Terminology Explanation. Figure 3 and Figure 4 In future communication systems, the Hidden Identity Token (SUCI) may retain the name SUCI or may have other names; this application does not limit this. Furthermore, in future communication networks, the structure of the Hidden Identity Token may be consistent with or different from the structure of SUCI in 5G communication systems; this application does not limit this.

[0586] For ease of understanding and description, the following description uses SUCI as an example of a hidden identity. Accordingly, the fourth hidden identity can be denoted as SUCI#4, and the fifth hidden identity can be denoted as SUCI#5.

[0587] Plaintext identity information. Plaintext identity information can be plaintext identity information in 5G communication systems or in future communication systems after 5G. In 5G communication systems, plaintext identity information can be SUPI, for example, see Section 2 of the Terminology Explanation. In future communication systems, plaintext identity information may retain the name SUPI or may have other names; this application does not limit this. Furthermore, in future communication networks, the structure of plaintext identity information may be consistent with or different from the structure of SUPI in 5G communication systems; this application does not limit this.

[0588] For ease of understanding and description, the following description will use the plaintext identity information SUPI as an example.

[0589] Other terms can be found in the description of Method 200, and will not be repeated here. The following section combines... Figure 10 This section introduces the various operations of method 500.

[0590] S505, ME confirms request for access to a future communication network.

[0591] Prior to S505, method 500 also included: the ME performing the acquisition of the user identifier (e.g., IMSI, SUPI, or other identifier) ​​from the 5G USIM. Further details are available in the description of S305 and will not be repeated here.

[0592] In S510, the ME sends a GET IDENTITY command to the 5G USIM. Correspondingly, the 5G USIM receives the GET IDENTITY command from the ME.

[0593] Optionally, the identity acquisition command includes a secret request message (or, a request message). This secret request message can be used to request the first secret of the 5G USIM (denoted as, secret 1).

[0594] Secret 1 can also be referred to as the temporary shared key of the 5G USIM. The 5G USIM can use a key exchange algorithm on the ECC temporary private key and the public key allocated by HN stored in the USIM to obtain Secret 1. Secret 1 can be used for key deduction to obtain the temporary encryption key (EK), ICB, and temporary integrity protection key (MK) for encrypting SUPI in the USIM card.

[0595] Optionally, the aforementioned secret request information may be carried in other messages besides the identity acquisition command; this application is not limited in this regard. Furthermore, the message carrying the secret request information may be sent simultaneously with or at different times from the identity acquisition command; this application is not limited in this regard.

[0596] Other descriptions of S310 are not detailed here.

[0597] S515, the 5G USIM sends SUCI (denoted as SUCI#5) and secret 1 to the ME. Correspondingly, the ME receives SUCI#5 and secret 1 from the 5G USIM.

[0598] For a description of 5G USIM generation and SUCI#5 transmission, please refer to S315, which will not be repeated here.

[0599] In some possible implementations, S515 includes: in response to a secret request message, the 5G USIM sends secret 1 to the ME.

[0600] Among them, SUCI#5 and Secret 1 can be sent simultaneously or at different times; they can be carried in the same message or in different messages, and this application does not limit this.

[0601] S520, ME uses a first security mechanism (e.g., the protection mechanism of the PQC algorithm) and secret 1 to encrypt SUPI, resulting in SUCI#4.

[0602] The ME can pre-configure the SUCI computation parameters for the first security mechanism. For example, the SUCI computation parameters for the first security mechanism may include the public key list of the PQC algorithm, or the protection mechanism of the PQC algorithm, and so on.

[0603] In some possible implementations, the ME can use the PQC algorithm to encapsulate the key, obtaining the ciphertext (ct) and the ME's second secret (denoted as secret2). The ME can then use secret1 and secret2 as input parameters to the key derivation function (KDF). For example, secret1 and secret2 can be concatenated and input into the KDF. As one example, secret1 can be concatenated before secret2; as another example, secret1 can be concatenated after secret2.

[0604] After ME inputs secret 1 and secret 2 into KDF, it outputs EK, ICB, and MK generated by the hybrid mechanism. This hybrid mechanism can be understood as a protection mechanism that combines traditional cryptographic algorithms with post-quantum cryptographic algorithms.

[0605] Furthermore, the ME can use SUPI as a scheme input, and perform encryption and integrity protection using the EK, ICB, and MK generated by the aforementioned hybrid mechanism to generate a scheme output. The ME can use this scheme output to construct SCUI#4. For example, the scheme output also includes the temporary public key used by the first module during cryptographic negotiation, and the ciphertext ct generated during PQC algorithm encapsulation. As an example, the temporary public key used by the first module during cryptographic negotiation can be obtained by the ME from the scheme output of SUCI#5. The ciphertext ct generated during PQC algorithm encapsulation can be obtained by the ME during local key encapsulation.

[0606] Other descriptions of S320 are not detailed here.

[0607] S530, the ME sends a registration request to the AMF. Correspondingly, the AMF receives the registration request from the ME.

[0608] The registration request can be used to register the 5G USIM. For example, the ME can send a registration request to the AMF via RAN forwarding.

[0609] For example, a registration request may include SUCI#4.

[0610] Optionally, the registration request includes third indication information. Based on the third indication information, the UDM can determine to perform the following operation: decrypt SUCI#4 using a hybrid mechanism of PQC algorithm and traditional cryptographic algorithms to obtain SUPI.

[0611] For example, the third indication information can be used to indicate that SUCI#4 is encrypted using a hybrid mechanism of conventional and post-quantum algorithms for SUPI; or, to indicate that SUCI#4 is calculated using a hybrid mechanism of ME and 5G USIM; or, to indicate that SUCI#4 is calculated using a post-quantum cryptographic algorithm and a conventional cryptographic algorithm for 5G communication networks. Other descriptions of the third indication information are given in the aforementioned S430 and will not be repeated here.

[0612] In other examples, the third instruction information may not be carried in the registration request. For example, the third instruction information may be carried in other messages besides the registration request. Furthermore, the message carrying the third instruction information may be sent simultaneously with the registration request or may not be sent simultaneously; this application does not impose any limitations on this.

[0613] Optionally, the registration request includes second indication information. This second indication information can be used to indicate that the SUCI calculation method be updated to ME. For example, the second indication information can be used to indicate an update of the SUCI calculation method. Wherein, the 5G USIM has an indication of the SUCI calculation method configured, and the second indication information can be used to request modification of the indication of the SUCI calculation method configured in the 5G USIM. As a specific example, the second indication information can be used to request modification of the EF of the 5G USIM. UST The service n°125 is either "unavailable" or has a value of 0.

[0614] Correspondingly, network elements on the network side can modify the SUCI calculation method indication configured in the 5G USIM based on the aforementioned second indication information. For example, they can modify the EF of the 5G USIM. UST The service n°125 is either "unavailable" or has a value of 0.

[0615] In other examples, the second instruction information may not be carried in the registration request. For example, the second instruction information may be carried in other messages besides the registration request. Furthermore, the message carrying the second instruction information may be sent simultaneously with the registration request or may not be sent simultaneously; this application does not impose any limitations on this.

[0616] In other examples, the function of the second instruction information can be achieved through other information. In other words, the registration request can implicitly instruct the SUCI calculation method to be updated to ME. For example, see the relevant content in S330 above.

[0617] For other descriptions, please refer to S330, which will not be repeated here.

[0618] S532, the AMF sends a registration request to the second UDM. Correspondingly, the second UDM receives the registration request from the AMF.

[0619] The above S530 and S532 can be understood as the AMF forwarding the registration request so that the second UDM receives the registration request from the ME.

[0620] In addition, the registration request can also carry a routing indicator. This routing indicator can be obtained by the ME from the 5G USIM before the ME calculates SUCI#4 (i.e., before the ME performs S520). The SUCI#4 can carry the routing indicator in plaintext.

[0621] It is understood that the aforementioned routing indication is provided by the 5G USIM; therefore, it is a routing indication for the 5G communication network (referred to as the 5G routing indication). The AMF can pre-store the correspondence between the 5G routing indication and the second UDM. Thus, the AMF can determine to send the registration request to the aforementioned second UDM based on the 5G routing indication in SUCI#4 carried in the registration request, i.e., determine to execute the aforementioned S532. Other descriptions can be found in S332, and will not be repeated here.

[0622] S534, the second UDM (e.g., a UDM in a 5.5G or future communication network) uses a hybrid mechanism of post-quantum cryptography and traditional cryptography to decrypt SUCI#4 and obtain SUPI.

[0623] In some possible implementations, the second UDM can use the PQC algorithm to decrypt the ciphertext ct in the mechanism output of SUCI#4 based on the third instruction information in the registration request, to obtain secret 1. It can then use the private key of the traditional cryptographic algorithm and the temporary public key (eph pk) in the mechanism output of SUCI#4 to perform key negotiation to obtain secret 2. Then, based on KDF and secret 1 and secret 2, EK, ICB and MK are derived.

[0624] The following describes two possible implementations of S534, referred to as Decryption Example 3 and Decryption Example 4, respectively.

[0625] Decryption Example 3: The second UDM can store information such as the public key list of 5G users. Furthermore, the second UDM can obtain the private key of the 5G communication network (e.g., the private key of the home network corresponding to the aforementioned 5G USIM, or in other words, the private key corresponding to the public key of the 5G USIM), and can support traditional cryptographic algorithms. Thus, the second UDM can use the public key of the 5G USIM and its corresponding private key to perform key negotiation in traditional cryptographic algorithms to obtain the secret on the 5G network side (denoted as Secret 3). Theoretically, Secret 3 is consistent with the aforementioned Secret 1.

[0626] The second UDM can use a post-quantum cryptography algorithm to decapsulate the private key and ciphertext ct of the post-quantum cryptography algorithm to obtain the shared secret (denoted as secret 4). In theory, secret 4 is consistent with the aforementioned secret 2.

[0627] The second UDM can use secret 3 and secret 4 as inputs to the KDF to obtain the keys EK, ICB and MK for decryption.

[0628] The second UDM uses keys EK, ICB, and MK to perform integrity verification and decryption on SUCI#4, obtaining SUPI.

[0629] Decryption Example 4: The second UDM can request the 5G UDM (or, the first UDM) to provide the aforementioned secret 3. Furthermore, the second UDM can generate secret 4, and based on secrets 3 and 4, decrypt SUCI#4 to obtain SUPI. See Decryption Example 3 for details, which will not be repeated here.

[0630] In some other possible implementations, the first UDM can be updated to support post-quantum cryptography and configured with a list of public keys for post-quantum cryptography.

[0631] Thus, the above S532 can be replaced by: the AMF sending a registration request to the first UDM. For example, the AMF can route the registration request to the first UDM based on the 5G routing indication in SUCI#4 carried in the registration request.

[0632] Furthermore, the above S534 can be replaced by: the first UDM using post-quantum cryptography and traditional cryptography to decrypt SUCI#4 and obtain SUPI. The above process is similar to decryption example 3, except that the executing entity is replaced by the first UDM, and the details will not be repeated.

[0633] Based on the above example, SUCI#4 is decrypted, and the network side can obtain SUPI, thereby executing S540.

[0634] The S540 performs the authentication process and establishes a secure connection between the 5G USIM, ME, and future communication networks.

[0635] UDM (e.g., first UDM, or second UDM) can generate authentication vectors based on SUPI for subsequent identity authentication processes, establishing a secure connection between 5G USIM, ME and future communication networks.

[0636] As an example of the second UDM generating the authentication vector, the second UDM may store the subscription data of the 5G USIM (e.g., K used to generate the authentication vector); or, the second UDM may invoke the relevant functions of the 5G communication network to obtain the aforementioned subscription data; or, the second UDM may instruct the first UDM to generate the authentication vector.

[0637] Furthermore, if the network side receives a second instruction (instructing the SUCI calculation method to be updated to ME), or receives an implicit instruction to update the SUCI calculation method to ME, the network side can execute S350, S352, and S354. Details will not be elaborated further.

[0638] For example, at some point after S350, S352 and S354 are executed, or at some point after S350 and S352 are executed, the UE (including 5G USIM and ME) needs to recalculate SUCI, and optionally the ME can execute S570.

[0639] In S570, the ME uses the first security mechanism to process SUPI and obtain SUCI. For details, please refer to the relevant content of S520 or S360, which will not be repeated here.

[0640] The following, combined with Figures 11 to 14 This application provides a detailed description of the communication device provided in the embodiments. The descriptions of the device embodiments correspond to the descriptions of the method embodiments; therefore, for content not described in detail, please refer to the above method embodiments. For the sake of brevity, some content will not be repeated.

[0641] This application embodiment can divide the communication device into functional modules according to the above method example. For example, each function can be divided into its own functional modules, or two or more functions can be integrated into one processing module. The integrated modules can be implemented in hardware, software, or a combination of both. The module division in this application embodiment is illustrative and only represents one logical functional division; other division methods may be used in actual implementation. The following description uses the division of functional modules according to each function as an example.

[0642] Figure 11 This is an exemplary block diagram of the communication device 1000 provided in the embodiments of this application.

[0643] like Figure 11 As shown, for example, the communication device 1000 may include a chip system 1010, a memory 1020, a bus 1030, a power management module 1040, or a transceiver 1050, etc.

[0644] The chip system 1010 can be an integrated circuit chip with signal processing capabilities. In implementation, each step of the above method can be completed through integrated logic circuits in the hardware of the chip system 1010 or through software instructions.

[0645] By way of example and not limitation, the chip system 1010 may include circuitry or chips responsible for signal processing (such as a modem chip, also known as a baseband chip, or a system-on-chip (SoC) chip or system-in-package (SIP) chip containing a modem core).

[0646] Optionally, the chip system 1010 may also include a memory (such as a cache) for storing instructions and data. In some embodiments, the memory in the chip system 1010 is a cache memory. This memory can store instructions or data that the chip system 1010 has just used or that are used repeatedly. If the chip system 1010 needs to use the instruction or data again, it can directly retrieve it from the memory. This avoids repeated accesses, reduces the waiting time of the chip system 1010, and thus improves the efficiency of the system.

[0647] In some embodiments, the chip system 1010 may include one or more interfaces. Interfaces may include an inter-integrated circuit (I2C) interface, an inter-integrated circuit sound (I2S) interface, a pulse code modulation (PCM) interface, a universal asynchronous receiver / transmitter (UART) interface, a mobile industry processor interface (MIPI), a general-purpose input / output (GPIO) interface, a subscriber identity module (SIM) interface, and / or a universal serial bus (USB) interface, etc.

[0648] The memory 1020 may include random access memory (RAM) and read-only memory (ROM). The memory 1020 may store computer-readable, computer-executable code, including instructions that, when executed, cause the processor to perform the various functions described in this application.

[0649] Optionally, the code may include instructions for implementing various aspects of the embodiments of this application, such as instructions for processing the first hidden identity using the first security mechanism to obtain a second hidden identity. The code may be stored in a non-transitory computer-readable medium such as system memory or other types of memory. In some cases, the code may not be directly executable by the chip system 1010, but may enable a computer (e.g., at compile and execution time) to perform the functions described in this application. In some cases, the memory 1020 may contain a basic I / O system that controls basic hardware or software operations, such as interaction with peripheral components or devices.

[0650] For example, the chip system 1010 executes various functional applications and data processing of the communication device 1000 by running instructions stored in the memory 1020. For instance, when the communication device 1000 transfers files with other devices (which may also be terminals or access network devices), the chip system 1010 of the communication device 1000 can call the computer-executable program code stored in the memory 1020 to implement the communication method provided in the embodiments of this application.

[0651] In addition, the memory 1020 can be integrated into the chip system 1010 or independent of the chip system 1010.

[0652] For example, bus 1030 may be USB for supporting communication between various parts of communication device 1000.

[0653] The power management module 1040 is used to receive charging input from the charger. Optionally, the power management module 1040 can also supply power to the communication device 1000 while charging it (e.g., the battery module of the communication device 1000). By way of example and not limitation, the power management module 1040 can also supply power to other devices besides the communication device 1000.

[0654] Transceiver 1050 can communicate bidirectionally via one or more antennas, a wired link, or a wireless link. For example, transceiver 1050 can represent a wireless transceiver and can communicate bidirectionally with another wireless transceiver. Transceiver 1050 may also include a modem for modulating packets and providing the modulated packets to the antenna for transmission, and for demodulating packets received from the antenna. Transceiver 1050 may include a receiver and a transmitter, the receiver performing the function of receiving information and the transmitter performing the function of transmitting information.

[0655] In some cases, a wireless device may include a single antenna. However, in other cases, a device may have more than one antenna, such as... Figure 11 Antennas 1 and 2 shown may be capable of simultaneously transmitting or receiving multiple wireless transmissions. Exemplarily, antennas 1 and 2 are used to transmit and receive electromagnetic wave signals. Each antenna in communication device 1000 can be used to cover one or more communication frequency bands. Different antennas can also be multiplexed to improve antenna utilization. For example, antenna 1 can be multiplexed as a diversity antenna for a wireless local area network. In some other embodiments, the antennas can be used in conjunction with a tuning switch. Communication device 1000 can transfer files to other devices via wireless communication functions.

[0656] In one design, the communication device 1000 may correspond to the terminal-side device in the above method embodiments.

[0657] The device 1000 can implement the steps or processes corresponding to those executed by the terminal-side device in the above method embodiments. The transceiver 1050 can be used to execute transmission and reception related operations of the terminal-side device in the above method embodiments, such as executing step S220 of the above method embodiments. The chip system 1010 can be used to execute processing related operations of the terminal-side device in the above method embodiments, such as S250.

[0658] In another design, the communication device 1000 may correspond to the first network element in the above method embodiment.

[0659] The device 1000 can implement the steps or processes corresponding to the first network element in the above method embodiment, wherein the transceiver 1050 can be used to perform the transmission and reception related operations of the first network element in the above method embodiment; the chip system 1010 can be used to perform the processing related operations of the first network element in the above method embodiment.

[0660] In another design, the communication device 1000 may correspond to the second network element in the above method embodiment.

[0661] The device 1000 can implement the steps or processes corresponding to the second network element in the above method embodiment, wherein the transceiver 1050 can be used to perform the transmission and reception related operations of the second network element in the above method embodiment; the chip system 1010 can be used to perform the processing related operations of the second network element in the above method embodiment.

[0662] In a design where the communication device 1000 corresponds to a terminal device, the communication device 1000 may include, for example: Figure 11 The short-range communication module 1064, sensor 1061, display 1062, or camera 1063 shown are examples of such modules.

[0663] The short-range communication module 1064 may include modules that support short-range communication, such as Wi-Fi and Bluetooth.

[0664] For example, sensor 1061 may include pressure sensor, gyroscope sensor, barometric pressure sensor, magnetic sensor, accelerometer, distance sensor, proximity sensor, fingerprint sensor, temperature sensor, touch sensor, ambient light sensor, bone conduction sensor, etc.

[0665] For example, the display 1062 is used to display images, videos, etc. The display includes a display panel. The display panel can be a liquid crystal display (LCD), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode (AMOLED), a flexible light-emitting diode (FLED), a mini light-emitting diode (LED), a microLED, a microOLED, a quantum dot light-emitting diode (QLED), etc. For example, in this embodiment, the display can be used to display the interface required by the communication device 1000. For example, the communication device 1000 implements the display function through a graphics processing unit (GPU), a display, and an application processor. The GPU is a microprocessor for image processing, connected to the display and the application processor. The GPU is used to perform mathematical and geometric calculations and for graphics rendering. The chip system 1010 may include one or more GPUs that execute program instructions to generate or change display information.

[0666] For example, camera 1063 is used to acquire images, videos, etc.

[0667] Understandable, Figure 11 The structure shown does not constitute a specific limitation on the communication device 1000. The specific structure of the terminal equipment and / or access network equipment can be referred to Figure 11 As shown. In some embodiments, the communication device 1000 may also include a... Figure 11 This could mean having more or fewer components, combining some components, separating some components, or having different component arrangements. Or, Figure 11 Some of the components shown can be implemented in hardware, software, or a combination of software and hardware. Terminal devices and / or access network devices can be implemented in… Figure 11 The components were added or removed based on the given structure.

[0668] Figure 12 This is a schematic block diagram of the communication device 2000 provided in the embodiments of this application.

[0669] like Figure 12 As shown, the communication device 2000 may include a baseband unit 2010, which can communicate with external devices via a cellular radio frequency (RF) transceiver 2020 (e.g., if the communication device 2000 is a terminal device, the baseband unit 2010 can communicate with access network devices via the cellular RF transceiver 2020; or, if the communication device 2000 is an access network device, the baseband unit 2010 can communicate with terminal devices and / or core network devices via the cellular RF transceiver 2020).

[0670] By way of example, baseband unit 2010 may include computer-readable medium / memory. Baseband unit 2010 may be responsible for general processing, including the execution of software stored on computer-readable medium / memory. When executed by baseband unit 2010, the software causes baseband unit 2010 to perform the various functions described above. Computer-readable medium / memory may also be used to store data manipulated by baseband unit 2010 when executing the software.

[0671] Optionally, the baseband unit 2010 further includes a receiving unit 2011, a management unit 2012, and a transmitting unit 2013. When the communication device 2000 is applied to a terminal, the management unit 2012 may include one or more of these components. Figure 12 The sub-units shown are as follows. For example, a hidden identity calculation sub-unit, which can be used to perform the operation of calculating a hidden identity in the above method embodiments. The units within the management unit 2011 can be stored in a computer-readable medium / memory and / or configured as hardware within the baseband unit 2010. The receiving unit 2011 and the transmitting unit 2013 can be referred to as transceiver units.

[0672] When the communication device 2000 is used to implement the functions of the terminal in the above method embodiments, the receiving unit 2011 is used to perform the receiving step of the terminal, the sending unit 2013 is used to perform the sending step of the terminal, and the management unit 2012 is used to perform the processing step of the terminal.

[0673] For example, when the communication device 2000 is used to implement the functions of the terminal-side device (or the first module in the terminal-side device) in the above-described method embodiments, the receiving unit 2011 is used to obtain a first hidden identity identifier from the second module in the terminal-side device. The first hidden identity identifier is a hidden identity identifier obtained by the second module using a second security mechanism to process plaintext identity information. The terminal-side device includes the first module and the second module. The first module supports the first security mechanism, and the second module supports the second security mechanism. The first security mechanism is different from the second security mechanism, and the security strength of the first security mechanism is higher than that of the second security mechanism. The management unit 2012 is also used to use the first security mechanism to process the first hidden identity identifier to obtain a second hidden identity identifier. The sending unit 2013 is used to send the second hidden identity identifier to the first network, and the second hidden identity identifier is used to access the first network.

[0674] For example, when the device 2000 is used to perform Figures 7 to 10 When the method is in use, the receiving unit 2011 can be used to execute the step of receiving information in the method; the management unit 2012 can be used to execute the processing step in the method; and the sending unit 2013 can be used to execute the step of sending information in the method.

[0675] When the communication device 2000 is used to implement the function of the first network element in the above method embodiments, the receiving unit 2011 is used to perform the receiving step of the first network element, the sending unit 2013 is used to perform the sending step of the first network element, and the management unit 2012 is used to perform the processing step of the first network element.

[0676] For example, when the communication device 2000 is used to implement the function of the first network element in the above method embodiments, the receiving unit 2011 is used to receive a second hidden identity identifier from the terminal-side device. The second hidden identity identifier includes the routing indication, which is used to access a third network element, and the third network element does not support the first security mechanism. Based on the mapping relationship, the second hidden identity identifier is sent to the second network element. The first network element is configured with a mapping relationship between the routing indication and the second network element, and the second network element supports the first security mechanism.

[0677] For example, when the device 2000 is used to perform Figures 7 to 10 When the method is in use, the receiving unit 2011 can be used to execute the step of receiving information in the method; the management unit 2012 can be used to execute the processing step in the method; and the sending unit 2013 can be used to execute the step of sending information in the method.

[0678] When the communication device 2000 is used to implement the function of the second network element in the above method embodiments, the receiving unit 2011 is used to perform the receiving step of the second network element, the sending unit 2013 is used to perform the sending step of the second network element, and the management unit 2012 is used to perform the processing step of the second network element.

[0679] For example, when the communication device 2000 is used to implement the function of the second network element in the above method embodiments, the receiving unit 2011 is used to receive a second hidden identity identifier and a first indication information from the terminal-side device. The first indication information is used to indicate that the second hidden identity identifier is obtained by processing the first hidden identity identifier using a first security mechanism. In response to the first indication information, the management unit 2012 is used to process the second hidden identity identifier using the first security mechanism to obtain the first hidden identity identifier. The management unit 2012 is also used to generate an authentication vector based on the first hidden identity identifier. The first hidden identity identifier is used to determine the plaintext identity information of the terminal-side device. The plaintext identity information is used to generate the authentication vector. The plaintext identity information is obtained by processing the first hidden identity identifier using a second security mechanism.

[0680] For example, when the device 2000 is used to perform Figures 7 to 10 When the method is in use, the receiving unit 2011 can be used to execute the step of receiving information in the method; the management unit 2012 can be used to execute the processing step in the method; and the sending unit 2013 can be used to execute the step of sending information in the method.

[0681] When the communication device 2000 is used to implement the functions of the terminal-side device in the above method embodiments, the receiving unit 2011 is used to execute the receiving step of the terminal-side device, the sending unit 2013 is used to execute the sending step of the terminal-side device, and the management unit 2012 is used to execute the processing step of the terminal-side device.

[0682] For example, when the communication device 2000 is used to implement the functions of the terminal-side device (or the first module in the terminal-side device) in the above-described method embodiments, the receiving unit 2011 is used to obtain plaintext identity information from the second module in the terminal-side device and to obtain a first secret, which is obtained by the second module according to a second security mechanism; wherein, the terminal-side device includes the first module and the second module, the first module supports the first security mechanism, the second module supports the second security mechanism, the first security mechanism is different from the second security mechanism, and the security strength of the first security mechanism is higher than that of the second security mechanism; the management unit 2012 is used to obtain the second secret using the first security mechanism; the management unit 2012 is also used to perform key deduction based on the first secret and the second secret to obtain a first key; the management unit 2012 is also used to process the plaintext identity information using the first key to obtain a fourth hidden identity identifier; the sending unit 2013 sends the fourth hidden identity identifier to the first network, which is used to access the first network.

[0683] For example, when the device 2000 is used to perform Figures 7 to 10 When the method is in use, the receiving unit 2011 can be used to execute the step of receiving information in the method; the management unit 2012 can be used to execute the processing step in the method; and the sending unit 2013 can be used to execute the step of sending information in the method.

[0684] For a more detailed description of the receiving unit 2011, the management unit 2012, and the sending unit 2013, please refer to the relevant descriptions in the above method embodiments, which will not be repeated here.

[0685] As an example and not a limitation, the chip system in this application is as follows: Figure 13 As shown, Figure 13 This is a schematic block diagram of the chip system 3000 provided in the embodiments of this application. The chip system includes, but is not limited to, a modem chip, also known as a baseband chip, or a system-on-chip (SoC) chip or a system-in-package (SIP) chip containing a modem core.

[0686] from Figure 13 As can be seen, the chip system (or processing system) includes a processor 3010, a memory 3020, and an input / output interface 3030.

[0687] The processor 3010 can be a processing circuit in a chip system (including at least one processor, such as...). Figure 13 (Shown as processor 1 and processor 2, etc.). Processor 3010 can be coupled to memory 3020, calling instructions in memory 3020, so that the chip system can implement the methods and functions of the various embodiments of this application. Input / output interface 3030 can be an input / output circuit in the chip system, outputting information processed by the chip system, or inputting data or signaling information to be processed into the chip system for processing.

[0688] As one approach, the chip system is used to implement the operations performed by the terminal-side device or the first network element in the various method embodiments described above.

[0689] For example, the processor 3010 is used to implement the processing-related operations performed by the terminal-side device or the first network element in the above method embodiments, as described in the foregoing embodiments; the input / output interface 3030 is used to implement the sending and / or receiving-related operations performed by the terminal-side device or the first network element in the above method embodiments, as described in the foregoing embodiments.

[0690] As an example and not a limitation, the chip system in this application is as follows: Figure 14 As shown, Figure 14 This is a schematic block diagram of the chip system 4000 provided in the embodiments of this application.

[0691] from Figure 14 As can be seen, the chip system (or processing system) includes an input / output interface 4010 and logic circuitry 4020. The input / output interface 4010 can be an input / output circuit within the chip system, outputting processed information or inputting data or signaling information to be processed for processing. For details, please refer to the description in the foregoing embodiments, for example, performing... Figures 7 to 10 The embodiment described above; the logic circuit 4020 is used to execute the communication method described above, and can be referred to the description in the foregoing embodiment for details.

[0692] As one approach, the chip system is used to implement the operations performed by the terminal-side device, the first network element, or the second network element in the various method embodiments described above.

[0693] For example, logic circuit 4020 is used to implement processing-related operations performed by the terminal-side device, the first network element, or the second network element in the above method embodiments; input / output interface 4010 is used to implement sending and / or receiving-related operations performed by the terminal-side device, the first network element, or the second network element in the above method embodiments.

[0694] This application also provides a computer-readable storage medium storing computer instructions for implementing the methods executed by the device in the above-described method embodiments.

[0695] For example, when the computer program is executed by the computer, it enables the computer to implement the methods executed by the terminal-side device, the first network element, or the second network element in the various embodiments of the above methods.

[0696] This application also provides a computer program product comprising instructions which, when executed by a computer, implement the methods performed by a terminal-side device, a first network element, or a second network element in the above-described method embodiments.

[0697] This application also provides a communication system, including at least two of a terminal-side device, a first network element, or a second network element.

[0698] The explanations and beneficial effects of the relevant contents in any of the devices provided above can be found in the corresponding method embodiments provided above, and will not be repeated here.

[0699] Those skilled in the art will recognize that the units and algorithm steps of the various examples described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.

[0700] Those skilled in the art will understand that, for the sake of convenience and brevity, the specific working processes of the systems, devices, and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be repeated here.

[0701] In the several embodiments provided in this application, it should be understood that the disclosed systems, apparatuses, and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative; for instance, the division of units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be through some interfaces; the indirect coupling or communication connection between apparatuses or units may be electrical, mechanical, or other forms.

[0702] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.

[0703] In addition, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit.

[0704] If the aforementioned functions are implemented as software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or a portion of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

[0705] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.

Claims

1. A communication method, characterized in that, The method includes: The first module in the terminal-side device obtains a first hidden identity identifier from the second module in the terminal-side device. The first hidden identity identifier is a hidden identity identifier obtained by the second module using a second security mechanism to process plaintext identity information. The terminal-side device includes the first module and the second module. The first module supports the first security mechanism, and the second module supports the second security mechanism. The first security mechanism is different from the second security mechanism, and the security strength of the first security mechanism is higher than that of the second security mechanism. The first module uses the first security mechanism to process the first hidden identity identifier and obtain the second hidden identity identifier; The first module sends the second hidden identity identifier to the first network, and the second hidden identity identifier is used to access the first network.

2. The method according to claim 1, characterized in that, Before the first module uses the first security mechanism to process the first hidden identity identifier and obtain the second hidden identity identifier, the method further includes: The first module determines that it supports the first security mechanism, and the second module does not support the first security mechanism.

3. The method according to claim 2, characterized in that, The first module determines that it supports the first security mechanism, and the second module does not support the first security mechanism, including: The first module determines whether the second module supports the first security mechanism based on the home network identifier in the first hidden identity identifier or the home network identifier in the plaintext identity information. The first module determines whether the second module supports the first security mechanism based on the first security mechanism indication information in the first hidden identity identifier, wherein the first security mechanism indication information is used to indicate the security mechanism that generates the first hidden identity identifier.

4. The method according to any one of claims 1 to 3, characterized in that, The method further includes: The first module sends a first indication message to the first network, the first indication message being used to indicate that the second hidden identity was obtained by processing the first hidden identity using the first security mechanism.

5. The method according to claim 4, characterized in that, The first indication information is also used to trigger the first network to change the default calculation method for hiding the identity identifier to the first module.

6. The method according to claim 5, characterized in that, The method further includes: The first module receives a second indication from the first network, the second indication being used to instruct the default calculation method for hiding the identity to be changed to the first module.

7. The method according to claim 6, characterized in that, The method further includes: In response to the second indication information, the first module obtains a third hidden identity identifier, which is a hidden identity identifier obtained by the first module in processing the plaintext identity information according to the first security mechanism; The first module sends the third hidden identity identifier to the second network, and the third hidden identity identifier is used to access the second network.

8. The method according to any one of claims 1 to 7, characterized in that, The second hidden identity is carried in the first registration request message, which is used to request access to the first network.

9. The method according to claim 8, characterized in that, The first instruction information is carried in the first registration request message.

10. The method according to any one of claims 1 to 9, characterized in that, The first module is the mobile device ME, and the second module is the global user identity module USIM.

11. The method according to any one of claims 1 to 10, characterized in that, The plaintext identity information is either the User Permanent Identity Item (SUPI) or the International Mobile Subscriber Identity (IMSI).

12. A communication method, characterized in that, The method is applied to a first network element, which is configured with a mapping relationship between a routing indication and a second network element, and the second network element supports a first security mechanism. The method includes: Receive a second hidden identity identifier from a terminal-side device, the second hidden identity identifier including the routing indication, the routing indication being used to access a third network element, the third network element not supporting the first security mechanism; Based on the mapping relationship, the second hidden identity identifier is sent to the second network element.

13. A communication method, characterized in that, The method is applied to a second network element, and the method includes: Receive a second hidden identity identifier and a first indication information from a terminal-side device, wherein the first indication information is used to indicate that the second hidden identity identifier was obtained by processing the first hidden identity identifier using a first security mechanism; In response to the first indication information, the second hidden identity identifier is processed using the first security mechanism to obtain the first hidden identity identifier; Based on the first hidden identity identifier, an authentication vector is generated; Wherein, the first hidden identity identifier is used to determine the plaintext identity information of the terminal device, the plaintext identity information is used to generate the authentication vector, and the plaintext identity information is obtained by processing the first hidden identity identifier using a second security mechanism.

14. The method according to claim 13, characterized in that, The method further includes: Based on the first instruction information, a second instruction information is sent to the terminal-side device, the second instruction information being used to instruct the default calculation method for hiding the identity identifier to be modified to the first module.

15. A communication method, characterized in that, The method includes: The first module in the terminal-side device obtains plaintext identity information and a first secret from the second module in the terminal-side device. The first secret is obtained by the second module according to the second security mechanism. The terminal-side device includes the first module and the second module. The first module supports the first security mechanism, and the second module supports the second security mechanism. The first security mechanism is different from the second security mechanism, and the security strength of the first security mechanism is higher than that of the second security mechanism. The first module uses the first security mechanism to obtain the second secret; The first module performs key deduction based on the first secret and the second secret to obtain the first key; The first module uses the first key to process the plaintext identity information to obtain the fourth hidden identity identifier; The first module sends the fourth hidden identity identifier to the first network, and the fourth hidden identity identifier is used to access the first network.

16. The method according to claim 15, characterized in that, Before the first module processes the plaintext identity information using the first key to obtain the fourth hidden identity identifier, the method further includes: The first module determines that it supports the first security mechanism, and the second module does not support the first security mechanism.

17. The method according to claim 16, characterized in that, The first module determines that it supports the first security mechanism, and the second module does not support the first security mechanism, including: The first module determines whether the second module supports the first security mechanism based on the home network identifier in the fifth hidden identity identifier or the home network identifier in the plaintext identity information. The first module determines whether the second module supports the first security mechanism based on the first security mechanism indication information in the fifth hidden identity identifier, wherein the first security mechanism indication information is used to indicate the security mechanism that generates the first hidden identity identifier; The fifth hidden identity identifier is obtained by the second module processing the plaintext identity information according to the second security mechanism.

18. The method according to any one of claims 15 to 17, characterized in that, The method further includes: A third indication message is sent to the first network, the third indication message being used to indicate that the fourth hidden identity is obtained by processing the plaintext identity information using the first secret and the second secret.

19. The method according to any one of claims 15 to 18, characterized in that, Before the first module obtains the first secret, the method further includes: The first module sends a request message to the second module. The request message is used to request the first secret. The request message is carried in a first message. The first message is used to request the second module to provide a hidden identity identifier.

20. The method according to any one of claims 15 to 19, characterized in that, The method further includes: The first module obtains the fifth hidden identity identifier from the second module, which is obtained by the second module processing the plaintext identity information according to the second security mechanism; The first module determines the second security mechanism indication information based on the first security mechanism indication information in the fifth hidden identity identifier; The first module uses the first key to process the plaintext identity information to obtain a fourth hidden identity identifier, including: The first module carries the security mechanism indication information in the fourth hidden identity identifier.

21. A communication method, characterized in that, The method is applied to a second network element, and the method includes: Receive a fourth hidden identity identifier from the terminal device; Obtain a third secret, which is obtained according to the second security mechanism; Use the first security mechanism to obtain the fourth secret; Based on the third secret and the fourth secret, a key derivation is performed to obtain the second key; The second key is used to decrypt the fourth hidden identity identifier to obtain the plaintext identity information of the terminal device. An authentication vector is generated based on the plaintext identity information.

22. The method according to claim 21, characterized in that, The method further includes: Receive a third indication information from the terminal device, the third indication information being used to indicate that the fourth hidden identity identifier is obtained by processing the plaintext identity information using two secrets; The step of using the second key to decrypt the fourth hidden identity identifier to obtain the plaintext identity information of the terminal device includes: In response to the third instruction information, the second key is used to decrypt the fourth hidden identity identifier to obtain the plaintext identity information of the terminal device.

23. A communication device, characterized in that, It includes at least one module or at least one unit, said at least one module or at least one unit being used to perform the method of any one of claims 1 to 22.

24. A communication device, characterized in that, include: At least one processor, the at least one processor being configured to execute a computer program or instructions to cause the method of any one of claims 1 to 22 to be performed.

25. The communication device according to claim 24, characterized in that, The communication device further includes a memory for storing the computer program or the instructions.

26. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program or instructions that, when executed, cause the method of any one of claims 1 to 22 to be performed.

27. A computer program product, characterized in that, Includes a computer program or instructions, which, when executed, implement the method as described in any one of claims 1 to 22.