Search

CN-122002287-A - Communication method and communication device

CN122002287ACN 122002287 ACN122002287 ACN 122002287ACN-122002287-A

Abstract

The application provides a communication method and a communication device. In the method, the terminal equipment uses the second identity to access the first network and sends first indication information to the first network under the condition that the terminal equipment determines that the first identity for accessing the first network cannot be generated. Therefore, under the condition that the terminal equipment cannot access the first network by using the anonymized identity obtained by processing the plaintext identity information in an encryption mode, the normal access of the terminal equipment to the network is realized, and the normal communication of the terminal equipment is ensured.

Inventors

  • LI HE
  • WU RONG
  • LEI AO

Assignees

  • 华为技术有限公司

Dates

Publication Date
20260508
Application Date
20241103

Claims (20)

  1. 1. A communication method applied to a terminal-side device, comprising: accessing a first network by using a second identity under the condition that the first identity which is used for accessing the first network cannot be generated is determined, wherein the first identity is anonymized identity obtained by processing plaintext identity information in an encryption mode, the second identity is identity which is obtained based on the plaintext identity information and is different from the first identity, and Transmitting first indication information to the first network, wherein the first indication information is used for indicating at least one of the following: the first identity cannot be generated; request some or all of the parameters used to generate the anonymized identity, or The reason for the failure to generate the first identity.
  2. 2. The method according to claim 1, wherein the method further comprises: A first parameter is received from the first network, the first parameter comprising some or all of the parameters used to generate the anonymized identity.
  3. 3. The method according to claim 2, wherein the method further comprises: generating an anonymized third identity according to the first parameter, and And accessing the first network by using the third identity.
  4. 4. A method according to claim 2 or 3, wherein said receiving said first parameter from said first network comprises: And receiving the first parameter from the first network through a user parameter updating UPU flow or a user configuration updating UCU flow.
  5. 5. The method according to any of claims 2-4, wherein the first parameter comprises one or more of a public key for encrypted communication between the terminal device and the first network, routing indication information, a protection mechanism identifier.
  6. 6. The method according to any of claims 1-5, wherein prior to sending the first indication information to the first network, the method further comprises: It is determined that the first identity for accessing the first network cannot be generated.
  7. 7. The method of claim 6, wherein the determining that the first identity for accessing the first network cannot be generated comprises: the terminal side equipment determines that the first network needs to be accessed; A first module in the terminal equipment requests a second module in the terminal side equipment to generate the first identity; The first module receiving an error response from the second module, and The first module determines that the second module cannot generate the first identity based on the error response.
  8. 8. The method of claim 7, wherein the method further comprises: the first module generates the second identity based on the plaintext identity information.
  9. 9. The method of claim 8, wherein the first module generating the second identity based on the plaintext identity information comprises: and the first module processes the plaintext identity information based on a null mechanism mode to generate the second identity.
  10. 10. The method according to claim 9, wherein the method further comprises: the first module obtains the plaintext identity information from the second module.
  11. 11. The method of claim 10, wherein the error response includes the plaintext identity information; The first module obtaining the plaintext identity information from the second module, comprising: the first module obtains the plaintext identity information from the error response.
  12. 12. The method according to any of the claims 7 to 11, characterized in that the first module is a mobile equipment ME and the second module is a global subscriber identity module USIM.
  13. 13. The method according to any of claims 1-12, wherein the plain identity information is a subscriber permanent identity SUPI.
  14. 14. The method according to any of claims 1-13, wherein accessing the first network using a second identity comprises: and sending an initial registration request message for requesting to access the first network to the first network, wherein the initial registration request message comprises the second identity.
  15. 15. The method of claim 14, wherein the sending the first indication information to the first network comprises: And sending NAS information with non-access stratum (NAS) security protection to the first network, wherein the NAS information comprises the first indication information.
  16. 16. The method of claim 14, wherein the NAS message is a non-access stratum security mode command NAS SMP message.
  17. 17. The method according to any of claims 1-16, wherein the second identity is identity information different from the first identity based on the plain text identity information, comprising: The first identity and the second identity are generated by different modules of the terminal device.
  18. 18. A communication method applied to a terminal-side device, comprising: Generating a second identity different from the first identity based on plaintext identity information if it is determined that the first identity cannot be generated for accessing the first network; The method comprises the steps of accessing a first network by using a second identity, wherein the first identity is an anonymized identity obtained by processing plaintext identity information in an encryption mode, and the second identity information comprises first indication information which is used for indicating at least one of the following items: the first identity cannot be generated; request some or all of the parameters used to generate the anonymized identity, or The reason for the failure to generate the first identity.
  19. 19. The method of claim 18, wherein the step of providing the first information comprises, The second identity is an identity which is different from the first identity and is obtained based on the plaintext identity information and the first identity, and the first identity is an identity which is outside the protection scheme identity specified by the empty mechanism.
  20. 20. A communication method applied to a terminal-side device, comprising: Accessing a second network by using plain identity information under the condition that a first identity for accessing the first network cannot be generated is determined, wherein the first identity is an anonymized identity obtained by processing the plain identity information in an encryption mode, and Transmitting first indication information to the second network, wherein the first indication information is used for indicating at least one of the following: the first identity cannot be generated; request some or all of the parameters used to generate the anonymized identity, or The reason for the failure to generate the first identity.

Description

Communication method and communication device Technical Field The present application relates to the field of wireless communication, and more particularly, to a communication method and a communication apparatus. Background In the field of communications, a terminal device may possess a plurality of different identities. In addition, the communication protocol often provides that the terminal device needs to use a specific identity to access the network in different scenes due to the requirement of interconnection and interworking. For example, in the fifth generation mobile communication technology (5th generation mobile communication technology,5G), the identity identifier of the terminal device includes a user hidden identifier (subscription concealed identifier, SUCI) and a user permanent identifier (subscription PERMANENT IDENTIFIER, SUPI). The SUPI can be simply understood as the true identity information of the terminal device, and SUCI is based on the identity authentication process of the identity network obtained after the encryption or anonymization of the SUPI, which plays an important role in SUCI. For example, when the terminal device attempts to access the network, the terminal device generally adopts an anonymized identity (e.g. SUCI) to authenticate to the network, so that an attacker cannot directly obtain the real identity information of the user, and the network security of the terminal device is improved. In the network access process of the terminal equipment, the anonymized identity is a necessary parameter carried in the initial registration request message. In some cases, the terminal device cannot obtain the related parameters (such as public key) for generating the anonymized identity, so that the terminal device cannot generate the anonymized identity, and further, the registration request message of the terminal device fails to generate, and the terminal device fails to access the network. At present, aiming at the problem that the terminal equipment fails to access the network because the terminal equipment cannot generate a specific identity mark, no processing mode exists. Disclosure of Invention The application provides a communication method and a communication device, which are used for ensuring that terminal equipment normally accesses the network under the condition that the terminal equipment cannot generate an encrypted identity. In a first aspect, a method of communication is provided. The method may be applied to the terminal-side device, that is, the method may be performed by the terminal-side device, or may be performed by a component (e.g., a chip or a chip system or a circuit or a communication module) in the terminal-side device, which is not limited in the present application. The application is described by taking terminal equipment as an example. The method may include: Accessing a first network by using a second identity under the condition that a first identity for accessing the first network cannot be generated is determined, wherein the first identity is an anonymized identity obtained by processing plaintext identity information in an encryption mode, the second identity is an identity which is different from the first identity and is obtained based on the plaintext identity information, and first indication information is sent to the first network, and the first indication information is used for indicating at least one of the following items that the first identity cannot be generated, a part or all of parameters for requesting to generate the anonymized identity are requested, or the reason that the first identity cannot be generated. According to the method, the terminal equipment uses the second identity to access the first network and sends first indication information to the first network under the condition that the first identity cannot be generated. The method provides that under the condition that the terminal equipment cannot access the first network by using the anonymized identity obtained by processing the plaintext identity information in an encryption mode, the second identity is used for accessing the first network, so that the terminal equipment can normally access the first network. The terminal device reports the first indication information to the first network, informs the first network of the abnormality of the terminal device and/or the reason of the abnormality, and can timely enable the first network to know that the terminal device is abnormal so that the first network can solve the abnormality of the terminal device in a corresponding mode, for example, the first network can send update parameters to the terminal device according to the first indication information so that the terminal device can use the update parameters to generate an anonymized identity. With reference to the first aspect, in some possible implementation manners, the second identity is identity information different from the first identity and obtained b