Search

EP-4738904-A1 - AUTHENTICATION METHOD, COMMUNICATION DEVICE, AND COMPUTER READABLE STORAGE MEDIUM

EP4738904A1EP 4738904 A1EP4738904 A1EP 4738904A1EP-4738904-A1

Abstract

Provided are an authentication method, a device, and a computer readable storage medium. The method is applied to UDM, and comprises: when a first AMF/SEAF fails to perform primary authentication on a terminal at present, sending a first message to a second AMF/SEAF, wherein the first message is used for instructing the second AMF/SEAF to perform primary authentication on the terminal; and when a second message sent by the second AMF/SEAF is received, sending a third message to the first AMF/SEAF, wherein the second message is used for indicating agreement to perform primary authentication on the terminal, and the third message is used for instructing the first AMF/SEAF to suspend the primary authentication on the terminal.

Inventors

  • LIU, PEILIN
  • YOU, SHILIN
  • LIU, Yuze
  • XING, Zhen
  • ZHANG, LEYI
  • MA, WEI
  • LIU, MIN

Assignees

  • ZTE Corporation

Dates

Publication Date
20260506
Application Date
20240329

Claims (20)

  1. An authentication method applied to a unified data management (UDM), characterized in that the method comprises: sending a first message to a second access and mobility management/security anchor function (AMF/SEAF) in a case where a first AMF/SEAF is currently unable to perform primary authentication on a terminal, wherein the first message is used to notify the second AMF/SEAF to perform primary authentication on the terminal; sending a third message the first AMF/SEAF in a case where a second message is received from the second AMF/SEAF, wherein the second message is used to indicate agreement to perform the primary authentication on the terminal, and the third message is used to instruct the first AMF/SEAF to suspend the primary authentication on the terminal.
  2. The method according to claim 1, wherein the third message includes: a timer parameter, and the timer parameter is used to set a duration for which the first AMF/SEAF suspends the primary authentication on the terminal.
  3. The method according to claim 1, further comprising: receiving a fourth message sent from the second AMF/SEAF, wherein the fourth message is used to indicate a result of the primary authentication performed by the second AMF/SEAF on the terminal.
  4. The method according to claim 3, further comprising: sending a fifth message to the first AMF/SEAF in a case where the fourth message is used to indicate that the primary authentication is successful, wherein the fifth message is used to indicate that the primary authentication is successful.
  5. The method according to claim 4, further comprises: receiving a sixth message sent from the first AMF/SEAF, wherein the sixth message is used to indicate that the first AMF/SEAF has reset an authentication suspension flag.
  6. The method according to claim 1, further comprising: sending an eighth message to the first AMF/SEAF and the second AMF/SEAF in a case where a seventh message sent from the second AMF/SEAF is received; the seventh message is used to indicate that the second AMF/SEAF is currently unable to perform the primary authentication on the terminal, and the eighth message includes information about an AMF/SEAF that suspends the primary authentication.
  7. The method according to claim 6, wherein the seventh message includes first information and/or second information, wherein the first information is used to indicate that the second AMF/SEAF has failed to authenticate the terminal and a failure reason, and the second information is used to indicate that the primary authentication on the terminal through the second AMF/SEAF is suspended.
  8. The method according to claim 1, further comprises: receiving a ninth message sent from the first AMF/SEAF, wherein the ninth message is used to request the primary authentication on the terminal; sending a tenth message to the first AMF/SEAF, wherein the tenth message is used to indicate agreement or refusal to perform the primary authentication on the terminal.
  9. The method according to claim 8, wherein the sending the tenth message to the first AMF/SEAF comprises: sending the tenth message to the first AMF/SEAF after a fourth message sent from the second AMF/SEAF is received, wherein the fourth message is used to indicate a result of the primary authentication on the terminal through the second AMF/SEAF.
  10. The method according to claim 9, wherein, in a case where the fourth message is used to indicate that the primary authentication is successful, the tenth message is used to indicate refusal to perform the primary authentication on the terminal; or, in a case where the fourth message is used to indicate that the primary authentication fails, the tenth message is used to indicate agreement to perform primary authentication on the terminal.
  11. An authentication method applied to a first AMF/SEAF, characterized in that the method comprises: receiving a third message sent from a UDM in a case where the first AMF/SEAF is currently unable to perform primary authentication on the terminal; the third message is used to instruct the first AMF/SEAF to suspend the primary authentication on the terminal.
  12. The method according to claim 11, further comprising: in response to the third message, setting a timer, wherein the timer is configured to count a suspension duration, and the suspension duration is a duration for which the first AMF/SEAF suspends the primary authentication on the terminal.
  13. The method according to claim 12, wherein the third message includes: a timer parameter, and the timer parameter is used to set the duration for which the first AMF/SEAF suspends the primary authentication on the terminal; the setting the timer comprises: setting the timer based on the timer parameter.
  14. The method according to claim 11, further comprising: receiving a fifth message sent from the UDM, wherein the fifth message is used to indicates that the primary authentication is successful.
  15. The method according to claim 14, further comprising: sending a sixth message to the UDM, wherein the sixth message is used to indicate that the first AMF/SEAF has reset an authentication suspension flag.
  16. The method according to claim 11, further comprises: receiving an eighth message sent from the first AMF/SEAF, wherein the eighth message includes information about an AMF/SEAF that suspends the primary authentication.
  17. The method according to claim 12, further comprising: sending a ninth message to the UDM in a case where the terminal has accessed and the timer expires, wherein the ninth message is used to request the primary authentication on the terminal; receiving a tenth message sent from the UDM, wherein the tenth message is used to indicate agreement or refusal to perform the primary authentication on the terminal.
  18. An authentication method applied to a second AMF/SEAF, characterized in that the method comprises: receiving a first message sent from a UDM, wherein the first message is used to notify the second AMF/SEAF to perform primary authentication on the terminal; sending a second message to the UDM to trigger the UDM to send a third message to a first AMF/SEAF in a case where the primary authentication on the terminal is supported; wherein the second message is used to indicate agreement to perform the primary authentication on the terminal; and the third message is used to instruct the first AMF/SEAF to suspend the primary authentication on the terminal.
  19. The method according to claim 18, further comprising: sending a fourth message to the UDM, wherein the fourth message is used to indicate a result of the primary authentication performed by the second AMF/SEAF on the terminal.
  20. The method according to claim 18, further comprising: sending a seventh message to the UDM in a case where the primary authentication on the terminal is not supported, wherein the seventh message is used to indicate that the second AMF/SEAF is currently unable to perform the primary authentication on the terminal; and receiving an eighth message sent from the UDM, wherein the eighth message includes information about an AMF/SEAF that suspends the primary authentication.

Description

The present disclosure claims a priority to Chinese Patent Application No. 202310986650.7, filed on August 4, 2023, the entire content of which is incorporated into the present disclosure by reference. TECHNICAL FIELD The present disclosure relates to the field of communication technologies, and in particular, to an authentication method, a communication apparatus, and a computer-readable storage medium. BACKGROUND During a home network-triggered primary authentication process, the access and mobility management function (AMF)/security anchor function (SEAF), upon receiving the authentication notification message from the unified data management (UDM), will determine whether to perform the primary authentication process based on the AMF/SEAF's own status. SUMMARY In an aspect, there is provided an authentication method, applied to a UDM. The authentication method includes: sending a first message is sent to a second AMF/SEAF in a case where a first AMF/SEAF is currently unable to perform primary authentication on a terminal, where the first message is used to notify the second AMF/SEAF to perform primary authentication on the terminal;sending a third message to the first AMF/SEAF in a case where a second message is received from the second AMF/SEAF, where the second message is used to indicate agreement to perform the primary authentication on the terminal, and the third message is used to instruct the first AMF/SEAF to suspend the primary authentication on the terminal. In another aspect, there is provided an authentication method, applied to a first AMF/SEAF. The authentication method includes: receiving a third message sent from a UDM in a case where the first AMF/SEAF is currently unable to perform primary authentication on the terminal; where the third message is used to instruct the first AMF/SEAF to suspend primary authentication on the terminal. In yet another aspect, there is provided an authentication method, applied to a second AMF/SEAF. The authentication method includes: receiving a first message sent from a UDM, where the first message is used to notify the second AMF/SEAF to perform primary authentication on the terminal;sending a second message to the UDM to trigger the UDM to send a third message to the first AMF/SEAF in a case where primary authentication on the terminal is supported, where the second message is used to indicate agreement to primary authentication on the terminal; and the third message is used to instruct the first AMF/SEAF to suspend primary authentication on the terminal. In yet another aspect, there is provided a communication apparatus. The communication apparatus includes a sending module; the sending module is configured to send a first message to the second AMF/SEAF in a case where the first AMF/SEAF is currently unable to perform primary authentication on the terminal, where the first message is used to notify the second AMF/SEAF to perform primary authentication on the terminal;the sending module is further configured to, in a case where a second message from the second AMF/SEAF is received, send a third message to the first AMF/SEAF, where the second message is used to indicate agreement to perform primary authentication on the terminal, and the third message is used to indicate the first AMF/SEAF to suspend primary authentication on the terminal. In yet another aspect, there is provided a communication apparatus. The communication apparatus includes a receiving module; the receiving module is configured to receive a third message sent from a UDM in a case where the first AMF/SEAF is currently unable to perform primary authentication on the terminal; the third message is used to instruct the first AMF/SEAF to suspend primary authentication on the terminal. In yet another aspect, there is provided a communication apparatus. The communication apparatus includes a receiving module and a sending module; the receiving module is configured to receive a first message sent from a UDM, where the first message is configured to notify a second AMF/SEAF to perform primary authentication on the terminal;the sending module is configured to send a second message to the UDM to trigger the UDM to send a third message to the first AMF/SEAF in a case where primary authentication on the terminal is supported; the second message is used to indicate agreement to perform primary authentication on the terminal; and the third message is used to instruct the first AMF/SEAF to suspend primary authentication on the terminal. In yet another aspect, there is provided an communication system. The communication system includes a UDM, a first AMF/SEAF and a second AMF/SEAF; the UDM sends a first message to the second AMF/SEAF in a case where the first AMF/SEAF is currently unable to perform primary authentication on the terminal, where the first message is used to notify the second AMF/SEAF to perform primary authentication on the terminal; the second AMF/SEAF sends a second message to the UDM i