Search

EP-3826341-B1 - METHOD AND DEVICE FOR USE IN REGISTRATION

EP3826341B1EP 3826341 B1EP3826341 B1EP 3826341B1EP-3826341-B1

Inventors

  • DENG, Juan

Dates

Publication Date
20260506
Application Date
20200907

Claims (14)

  1. A method in a registration procedure with access and mobility management function, AMF, redirection, wherein the method comprises: receiving, by a first AMF (50, 60), a first security context from an initial AMF (30, 40), the method being characterised in that it comprises: if the first AMF (50, 60) receives no indication information of horizontal derivation performed on a first key from the initial AMF (30, 40) together with the first security context, wherein the first key is comprised in the first security context, and the first AMF (50, 60) determines to perform primary authentication, protecting, by the first AMF (50, 60), an authentication request message by using the first security context, and sending, by the first AMF (50, 60), the securely protected authentication request information.
  2. The method according to claim 1, further comprising: determining, by the initial AMF (30, 40), according to a local policy, whether to perform horizontal derivation on the first key; and if the initial AMF (30, 40) determines not to perform horizontal derivation on the first key, sending, by the initial AMF, the first security context to the first AMF (50, 60).
  3. The method according to claim 2, wherein the first security context is generated after authentication by the initial AMF (30, 40) and a user equipment, UE.
  4. The method according to claim 2, wherein the first security context is obtained by the initial AMF (30, 40) from a second AMF.
  5. The method according to any one of claims 2 to 4, wherein the method further comprises: if the initial AMF (30, 40) determines to perform horizontal derivation on the first key, sending, by the initial AMF (30, 40), the indication information of horizontal derivation performed on the first key to the first AMF (50, 60); and if the first AMF (50, 60) receives the indication information of horizontal derivation performed on the first key, performing, by the first AMF (50, 60), a non-access stratum security mode command, NAS SMC.
  6. The method according to any one of claims 2 to 4, wherein the method further comprises: if the initial AMF (30, 40) determines to perform horizontal derivation on a key, KAMF, sending, by the initial AMF (30, 40), a second security context to the first AMF (50, 60), wherein the second security context is obtained based on the first security context; and the performing, by the first AMF (50, 60), a NAS SMC comprises: performing, by the first AMF (50, 60), the NAS SMC by using the second security context.
  7. The method according to claim 6, wherein the second security context further comprises a second key derived from the first key.
  8. A first access and mobility management function, AMF (50), comprising: a receiving module (510) configured to receive a first security context from an initial AMF (30, 40); a processing module (520) configured to, if the first AMF (50, 60) receives no indication information of horizontal derivation performed on a first key from the initial AMF (30, 40) together with the first security context, wherein the first key is comprised in the first security context, and the first AMF (50, 60) determines to perform primary authentication, protect an authentication request message by using the first security context; and a sending module (530) configured to send the securely protected authentication request information.
  9. A system comprising the first AMF (50) according to claim 8 and an initial access and mobility management function, AMF (30), comprising a processing module (310) configured to determine, according to a local policy, whether to perform horizontal derivation on a first key; and a sending module (320) configured to send, if the processing module (310) determines not to perform horizontal derivation on the first key, a first security context to the first AMF (50).
  10. The system according to claim 9, wherein the first security context is generated after authentication by the initial AMF (30) and UE.
  11. The system according to claim 9, wherein the first security context is obtained by the initial AMF (30) from a second AMF.
  12. The system according to any one of claims 9 to 11, wherein sending module (320) of the initial AMF (30) is further configured to: if the processing module (310) of the initial AMF (30) determines to perform horizontal derivation on the first key, send the indication information of horizontal derivation performed on the first key to the first AMF (50); and the processing module (520) of the first AMF (50) is further configured to: if the indication information of horizontal derivation on the first key is received, perform a non-access stratum security mode command, NAS SMC.
  13. The system according to any one of claims 9 to 11, wherein sending module (320) of the initial AMF (30) is further configured to: if the processing module (310) of the initial AMF (30) determines to perform horizontal derivation on a key, KAMF, send a second security context to the first AMF (50), wherein the second security context is obtained based on the first security context; and the processing module (520) of the first AMF (50) is specifically configured to perform the NAS SMC by using the second security context.
  14. The system according to claim 13, wherein the second security context further comprises a second key derived from the first key.

Description

TECHNICAL FIELD This disclosure relates to the communications field, and more specifically, to a method, an apparatus and a system for registration. BACKGROUND The 5th generation (5th generation, 5G) communications protocol defines an access and mobility management function (access and mobility management function, AMF) redirection procedure of user equipment in a registration procedure. In the registration procedure, first, the user equipment sends, to a (radio) access network ((radio) access network, (R)AN), a registration request message that carries a 5G globally unique temporary user equipment identity (5th generation globally unique temporary user equipment identity, 5G-GUTI) or a subscriber concealed identifier (subscriber concealed identifier, SUCI) of the user equipment. Then, after receiving the registration request message of the user equipment, the (R)AN sends the registration request message to an initial AMF (initial AMF). The initial AMF finds, based on the 5G-GUTI, a second AMF (old AMF) that previously serves the user equipment, and obtains a context of the user equipment from the second AMF. The context of the user equipment includes a NAS security context of the user equipment. Finally, the initial AMF initiates AMF redirection based on some trigger conditions, to redirect to a first AMF. The first AMF (target AMF) may obtain the context of the user equipment from the initial AMF. Currently, in the AMF redirection procedure stipulated in the protocol, the initial AMF may directly forward the complete registration request message to the first AMF. In this case, if the first AMF sends an authentication request message to the user equipment, the user equipment may discard the authentication request message. Consequently, registration of the user equipment fails. WO 2021/093160 A1 discloses secure handling of registration in wireless communications. HUAWEI ET AL: "Registration failures in registration procedure with AMF reallocation"; 3GPP DRAFT; S3-192159, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE discloses the security flaws in the registration procedure with AMF reallocation. ERICSSON: "AMF reallocation and slicing"; 3GPP DRAFT; S3-192888_CR_33501 _AMF REALLOCATION AND SLICING, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE discloses key handling in mobility registration update. ERICSSON: "Discussion about the AMF re-allocation due to slicing"; 3GPP DRAFT; S3-192887_AMF-REALLOCATION-DISCUSSION-PAPER, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE discloses possible directions for the issue of the AMF reallocation due to slicing. SUMMARY The invention is set out in the appended set of claims. This disclosure provides a method, an apparatus and a system for registration. The method for registration is used in an AMF redirection scenario. When receiving, from an initial AMF, first indication information indicating to protect an authentication request message, a first AMF sends the protected authentication request message to user equipment. This prevents the user equipment from discarding the authentication request message, and increases a probability of successful registration of the user equipment. According to a first aspect, a method for registration is provided in accordance with claim 1. According to a second aspect, a first access and mobility management function, AMF, is provided in accordance with claim 8. BRIEF DESCRIPTION OF DRAWINGS FIG. 1 is a network architecture applicable to an embodiment of this application;FIG. 2 is a schematic diagram of a registration procedure during AMF redirection;FIG. 3A and FIG. 3B are a schematic flowchart of a method for registration according to an embodiment of this application;FIG. 4 is a schematic flowchart of another method for registration according to an embodiment of this application;FIG. 5 is a schematic diagram of an apparatus 10 for registration according to this application;FIG. 6 is a schematic structural diagram of user equipment 20 according to an embodiment of this application;FIG. 7 is a schematic diagram of an apparatus 30 for registration according to this application;FIG. 8 is a schematic structural diagram of an initial AMF 40 applicable to an embodiment of this application;FIG. 9 is a schematic diagram of an apparatus 50 for registration according to this application;FIG. 10 is a schematic structural diagram of a first AMF 60 applicable to an embodiment of this application; andFIG. 11A, FIG. 11B, and FIG. 11C are a schematic flowchart of still another method for registration according to an embodiment of this application. DESCRIPTION OF EMBODIMENTS The following describes technical solutions of this application with reference to the accompanying drawings. FIG. 1