Abstract: A signaling protection method, apparatus, and system prevents an NF from spoofing an NF of another PLMN under a shared SEPP to access a peer PLMN service, so that system security is improved. A first SEPP serving a first PLMN receives a third service request that is from an NF of the first PLMN and that is sent to an NF of a second PLMN. A second SEPP serves the second PLMN, and a connection that is between the first SEPP and the second SEPP and is for the first PLMN and the second PLMN includes first N32-f. The first SEPP determines a first PLMN identifier based on configuration information. The first SEPP determines a first N32-f context context identifier corresponding to the first PLMN identifier, where the first N32-f context identifier corresponds to the first N32-f.

Abstract: A method and an apparatus for performing verification using a shared key are disclosed. The method includes: receiving, by a first network element, a registration request message from a second network element, where the registration request message includes a user identifier, first network identifier information, and second network identifier information, the second network identifier information is obtained by processing the first network identifier information by using a shared key, and the shared key is a key used between the first network element and the second network element; verifying, by the first network element, the registration request message by using the shared key; and sending, by the first network element, a registration response message to the second network element. When receiving a registration request from a visited network, a home network verifies the registration request message by using a shared key, to avoid a spoofing attack from the visited network.

Abstract: Embodiments of this application disclose a trusted communication method. A core network device may detect, based on trusted policy information, whether a non-access stratum NAS message or user data that passes through the core network device is abnormal. When it is detected that the NAS message or the user data is abnormal, the NAS message or a service corresponding to the user data may be notified or blocked, and exception information notification signaling may be reported to a trusted control node (an independent network function entity, an existing control network element, or an existing management network element). In this way, the trusted control node can update the trusted policy information in a timely manner, or notify each network element to take a trusted protection operation. This effectively improves security of a communication system.

Abstract: Embodiments of this application provide a security protection method, a device, and a system, to improve data transmission security. The method includes: determining, by a terminal, a session management network element, or a mobility management network element, whether a security protection policy determined by an access network device is consistent with a user plane security policy delivered by the session management network element to the access network device; and if the security protection policy determined by the access network device is inconsistent with the user plane security policy delivered by the session management network element to the access network device, performing processing according to a preset policy.

Abstract: Embodiments of this application provide an authentication method, device, and system, to resolve problems of wastage of performance and memory resources that may be caused by remaining n?1 unused authentication vectors (AVs).

Abstract: Embodiments of this application relate to a service authorization method and system, and an apparatus. The method includes: A first NRF receives a first request requesting an access token for accessing service of a second NF in a second network from a first NF, where the first NF and the first NRF are located in a first network, and the first request includes SNPN information of the first network and/or the second network. The first NRF forwards the first request to a second NRF located in the second network. The second NRF generates an access token in response to the first request, where the access token includes the SNPN information of the first network and/or the second network. The second NRF sends the access token to the first NRF. The first NRF receives the access token and sends the access token to the first NF.

Abstract: A method and an apparatus for performing verification using a shared key are disclosed. The method includes: receiving, by a first network element, a registration request message from a second network element, where the registration request message includes a user identifier, first network identifier information, and second network identifier information, the second network identifier information is obtained by processing the first network identifier information by using a shared key, and the shared key is a key used between the first network element and the second network element; verifying, by the first network element, the registration request message by using the shared key; and sending, by the first network element, a registration response message to the second network element. When receiving a registration request from a visited network, a home network verifies the registration request message by using a shared key, to avoid a spoofing attack from the visited network.

Abstract: A method for analyzing experimental data related to quantum system by using neural network by an electronic device is provided. The method includes: generating a training dataset according to experimental data; performing one or more filtering operations on the training dataset to generate one or more filtered training datasets respectively corresponding to the filtering operations; training a first neural network and a second neural network by inputting the original and filtered training datasets; evaluating the first and the second neural network; obtaining one or more classification accuracies of the first and the second neural network; identifying the differences between pairs of classification accuracies; and determining impact level of each information preserved or removed by each of the filtering operations according to the differences.

Abstract: Example authentication methods, devices, and systems are provided, where those example can be used to verify validity of access location information of a next generation-residential gateway (NG-RG) in a fixed-mobile convergence architecture. One example method includes a network device receiving first link information that is used to represent an access location of a residential gateway, and the network device obtaining second link information of the residential gateway. When the first link information matches partial or all information of the second link information, or when the first link information matches partial or all information of one link information of the second link information, the network device verifies validity of the access location of the residential gateway.

Abstract: A method and an apparatus for performing verification using a shared key are disclosed. The method includes: receiving, by a first network element, a registration request message from a second network element, where the registration request message includes a user identifier, first network identifier information, and second network identifier information, the second network identifier information is obtained by processing the first network identifier information by using a shared key, and the shared key is a key used between the first network element and the second network element; verifying, by the first network element, the registration request message by using the shared key; and sending, by the first network element, a registration response message to the second network element. When receiving a registration request from a visited network, a home network verifies the registration request message by using a shared key, to avoid a spoofing attack from the visited network.

Abstract: Embodiments of this application relate to a registration method and apparatus to ensure that user equipment does not discard and processes a received authentication request message sent by a target AMF. In the registration method, an initial AMF sends indication information to the UE, or the target AMF sends, to the UE, the authentication request message that includes indication information, where the indication information is used to indicate the UE to delete an NAS security context. The UE deletes the NAS security context, processes the received authentication request message, and sends an authentication response message to the target AMF. Alternatively, the UE directly processes a received authentication request message without security protection, and sends an authentication response message to the target AMF.

Abstract: An authentication result update method and a communications apparatus, where the authentication result update method includes: determining that an authentication result of a terminal device in a first serving network needs to be updated; and sending a first service invocation request to an authentication server, where the first service invocation request is used to request to update the authentication result stored in a unified data management device, where visited network spoofing can be prevented after authentication is completed, and where network security can be improved.

Abstract: A communication method and a related product are provided. The communication method includes: When UE switches from a source slice to a target slice mutually exclusive with the source slice, both the UE and a target AMF serving the target slice can obtain a first AMF key Kamf_new. The first AMF key Kamf_new is different from a second AMF key Kamf, and the second AMF key Kamf is a key of a source AMF serving the source slice. According to the application communication security and effectiveness are significantly improved_in a mutually exclusive slice switching scenario.

Abstract: A vehicle-to-everything (V2X) abnormal behavior detection method applied to a vehicle communications system that includes a V2X sending terminal, a V2X receiving terminal, and a V2X server. The method includes that the V2X receiving terminal receives a V2X message from the V2X sending terminal. The V2X receiving terminal determines, according to an abnormal behavior detection policy, that the V2X message is an abnormal message. The V2X receiving terminal sends a report message including the V2X message to the V2X server.

Abstract: A terminal device location determining method and a device. A core network device obtains location information of a terminal device reported by the terminal device and location information reported by a first base station. The core network device determines whether the location information of the terminal device matches the location information reported by the first base station, and if the location information of the terminal device does not match the location information reported by the first base station, the core network device sends a reject message to the terminal device. By determining, through comparison, whether the location information of the terminal device reported by the terminal device matches the location information reported by the base station, it can be determined whether a location of the terminal device is incorrectly determined.

Abstract: A signaling attack prevention method and apparatus is provided. The signaling attack prevention method can include receiving a Diameter request message sent by a mobility management entity (MME) or a serving general packet radio service (GPRS) support node (SGSN); and determining whether the Diameter request message is received through a roaming interface. When the Diameter request message is received from the roaming interface, the signaling attack prevention method can include determining whether a characteristic parameter of the Diameter request message is valid; and if the characteristic parameter of the Diameter request message is invalid, the method can include discarding Diameter request message or returning, to the MME or the SGSN, a Diameter response message carrying an error code. In this way, a hacker can be effectively prevented from attacking an HSS or an edge node by using each attack path, and communication security is improved.

Abstract: Example authentication methods, devices, and systems are provided, where those example can be used to verify validity of access location information of a next generation-residential gateway (NG-RG) in a fixed-mobile convergence architecture. One example method includes a network device receiving first link information that is used to represent an access location of a residential gateway, and the network device obtaining second link information of the residential gateway. When the first link information matches partial or all information of the second link information, or when the first link information matches partial or all information of one link information of the second link information, the network device verifies validity of the access location of the residential gateway.

Abstract: Embodiments of this application provide a security protection method, a device, and a system, to improve data transmission security. The method includes: determining, by a terminal, a session management network element, or a mobility management network element, whether a security protection policy determined by an access network device is consistent with a user plane security policy delivered by the session management network element to the access network device; and if the security protection policy determined by the access network device is inconsistent with the user plane security policy delivered by the session management network element to the access network device, performing processing according to a preset policy.

Abstract: In a method for enabling a message receive end to quickly confirm a certificate status, a defined field of a certificate includes classification information of the certificate, and a defined field of a certificate revocation list includes classification information of a revoked certificate, so that the receive end can quickly narrow a searching or matching range in massive records of the certificate revocation list based on the classification information carried in the certificate of a transmit end.

Abstract: A signaling attack prevention method and apparatus, where the method includes receiving a general packet radio service (GPRS) Tunneling Protocol (GTP-C) message from a serving gateway (SGW), determining whether the GTP-C message is received from an eighth data interface (S8), determining whether a first characteristic parameter of the GTP-C message is valid when the GTP-C message is received from the S8 interface, where the first characteristic parameter includes at least one of an international mobile subscriber identity (IMSI) of a user, or an identifier of a message source end of the GTP-C message, and discarding the GTP-C message or returning, to the SGW, a GTP-C response message carrying an error code cause value when the first characteristic parameter of the GTP-C message is invalid.