Abstract: Embodiments of this application disclose a network key processing system, including user equipment, a security anchor network element, and an access and mobility management network element, where the security anchor network element is configured to: obtain a first key parameter from a slice selection network element, where the first key parameter includes identifier information of N network slices; generate N slice-dedicated keys based on the first key parameter; and send the N slice-dedicated keys to the corresponding N network slices respectively; the access and mobility management network element is configured to: obtain the first key parameter, and send the first key parameter to the user equipment; and the user equipment is configured to: generate the N slice-dedicated keys for the N network slices based on the first key parameter, and access the N network slices based on the generated N slice-dedicated keys.

Abstract: Communication methods and apparatus are described. One communication method includes that user equipment (UE) sends an N1 message to a security anchor function (SEAF), where the N1 message carries a Diffie-Hellman (DH) public parameter or a DH public parameter index, the N1 message further carries an encrypted identifier of the UE, and the encrypted identifier is obtained by encrypting a permanent identifier of the UE and a first DH public key. The UE receives an authentication request that carries a random number and that is sent by the SEAF. The UE sends, to the SEAF, an authentication response used to respond to the authentication request, where the authentication response carries an authentication result calculated based on a root key and the random number.

Abstract: Embodiments of this application provide a network security management method and an apparatus. The method includes: receiving, by a first network device, a session request sent by a terminal device, where the session request is used to request establishment of a first session with a first data network, the session request includes first authentication information for the first session, and the first authentication information includes identifier information of the first data network; obtaining, by the first network device, second authentication information for a second session of the terminal device, where the second authentication information includes identifier information of a second data network to which the second session is connected; and if the identifier information of the first data network is the same as the identifier information of the second data network, authorizing the terminal device to establish the first session with the first data network.

Abstract: An authentication method, apparatus, and device. The method includes sending, by a core network device, an authentication request message of a user to a data network device, where the authentication request message requests that the data network device perform identity authentication on the user, and receiving, by the core network device, an authentication response message sent by the data network device, where the authentication response message comprises first information, and the first information indicates user identity information of the user.

Abstract: A key generation method includes a user plane network function and a terminal device obtain key update information sent by each other. The user plane network function updates, by using the obtained key update information, a sub-key derived from a permanent key, to obtain a new protection key. The terminal device updates, by using the obtained key update information, a sub-key derived from the permanent key, to obtain a new protection key. The terminal device and the user plane network function perform, by using the new protection key, security protection on user plane data transmitted between the terminal device and the user plane network function.

Abstract: Embodiments of this disclosure disclose an address generation method which includes: a first blockchain node generates a shared key based on a private key of a first blockchain node and a first public key of a second blockchain node, generates a temporary first public key address of the second blockchain node based on the shared key and first transaction content, and writes first transaction information into a blockchain, where the first transaction information includes a public key address of the first blockchain node, the first public key address, and first transaction content between the first blockchain node and the second blockchain node; and the first public key address needs to be verified by using the shared key, and a recipient may also generate the shared key by using a public key of the first blockchain node and a first private key of the second blockchain node, to verify the transaction information.

Abstract: Embodiments of this application provide a network security management method and an apparatus. The method includes: receiving, by a first network device, a session request sent by a terminal device, where the session request is used to request establishment of a first session with a first data network, the session request includes first authentication information for the first session, and the first authentication information includes identifier information of the first data network; obtaining, by the first network device, second authentication information for a second session of the terminal device, where the second authentication information includes identifier information of a second data network to which the second session is connected; and if the identifier information of the first data network is the same as the identifier information of the second data network, authorizing the terminal device to establish the first session with the first data network.

Abstract: A terminal device verification method and an apparatus are provided. The method includes: A first network device receives a first message from a first terminal device. Then, the first network device verifies a pairing relationship between the first terminal device and a second terminal device. After the verification on the pairing relationship between the first terminal device and the second terminal device succeeds, the first network device sends a second message to the first terminal device, where the second message include first indication information, and the first indication information is used to indicate a pairing result of the first terminal device and the second terminal device. The pairing relationship between the first terminal device and the second terminal device is verified, so that the first terminal device and the second terminal device can be securely paired, to improve use security of the first terminal device and the second terminal device.

Abstract: Embodiments of this application disclose a network key processing system, including user equipment, a security anchor network element, and an access and mobility management network element, where the security anchor network element is configured to: obtain a first key parameter from a slice selection network element, where the first key parameter includes identifier information of N network slices; generate N slice-dedicated keys based on the first key parameter; and send the N slice-dedicated keys to the corresponding N network slices respectively; the access and mobility management network element is configured to: obtain the first key parameter, and send the first key parameter to the user equipment; and the user equipment is configured to: generate the N slice-dedicated keys for the N network slices based on the first key parameter, and access the N network slices based on the generated N slice-dedicated keys.

Abstract: A pseudonym credential configuration method and apparatus are provided. The method includes: receiving an identifier of a terminal device and information about N to-be-requested pseudonym credentials from the terminal device, sending N second request messages to a pseudonym credential generation server, and storing a tag of each second request message in association with the identifier of the terminal device in the registration server, so that the registration server can obtain, based on the tag, the identifier that is of the terminal device and that is associated with the tag; and generating N pseudonym credentials. The pseudonym credential generated in this application may enable a behavior investigation server to learn of a real identity of the terminal device.

Abstract: This disclosure provide a vehicle control method. A first terminal device obtains first biometric information of a first user, generates a first key based on the first biometric information and identifier information of the first terminal device, and generates first verification information based on the first key. Further, the first terminal device sends the first verification information to an in-vehicle device. When successfully verifying the first verification information, the in-vehicle device controls a vehicle to start. If the first user loses the first terminal device, an unauthorized user that obtains the first terminal device cannot control the vehicle based on only the identifier information of the first terminal device. Because different users have different biometric information, a key generated by the first terminal device is different from the first key, and the in-vehicle device cannot control the vehicle to start. This improves vehicle security.

Abstract: A communication method and apparatus are provided. The method includes: Second user equipment sends a second message, first user equipment sends a first message to a network device in response to the second message, to request to perform identity verification on the second user equipment, and the network device verifies whether an identity of the second user equipment is valid, and sends, to the first user equipment, a verification result indicating whether the identity of the second user equipment is valid. Alternatively, the first user equipment sends a third message for request the second user equipment to reply with information used for remote identification, and the second user equipment replies with a fourth message, where the fourth message includes the information used for remote identification on the second user equipment, and the third message and the fourth message are encrypted by using corresponding keys.

Abstract: Embodiments of this application provide a network security management method and an apparatus. The method includes: receiving, by a first network device, a session request sent by a terminal device, where the session request is used to request establishment of a first session with a first data network, the session request includes first authentication information for the first session, and the first authentication information includes identifier information of the first data network; obtaining, by the first network device, second authentication information for a second session of the terminal device, where the second authentication information includes identifier information of a second data network to which the second session is connected; and if the identifier information of the first data network is the same as the identifier information of the second data network, authorizing the terminal device to establish the first session with the first data network.

Abstract: Embodiments of this application disclose a network key processing system, including user equipment, a security anchor network element, and an access and mobility management network element, where the security anchor network element is configured to: obtain a first key parameter from a slice selection network element, where the first key parameter includes identifier information of N network slices; generate N slice-dedicated keys based on the first key parameter; and send the N slice-dedicated keys to the corresponding N network slices respectively; the access and mobility management network element is configured to: obtain the first key parameter, and send the first key parameter to the user equipment; and the user equipment is configured to: generate the N slice-dedicated keys for the N network slices based on the first key parameter, and access the N network slices based on the generated N slice-dedicated keys.

Abstract: The disclosure provides a network authentication method, a network device, and a core network device, the network authentication method including: receiving, by a first network device, an access request message sent by a terminal device, where the access request message includes an identity of the terminal device; determining, by the first network device based on the identity of the terminal device, whether to allow authentication on the terminal device; if the first network device does not allow the authentication on the terminal device, sending, by the first network device, the identity of the terminal device to a core network device, so that the core network device performs network authentication based on the identity of the terminal device.

Abstract: Embodiments of the present invention disclose an identity authentication method, including: A first network device receives first authentication indication information from a first terminal device, wherein the first request carries first authentication indication information and a unmanned aerial system (UAS) identifier of the first terminal device, and sends the UAS identifier of the first terminal device to a second network device. The second network device performs UAS authentication on the first terminal device based on the UAS identifier, and sends a UAS authentication result of the first terminal device to the first network device. By implementing embodiments of this application, a terminal device manufactured by an unmanned aerial system device vendor that has not signed with an operator of a mobile communications network can be prevented from using the mobile communications network.

Abstract: A data transmission method, a related device, and a related system. The method includes: receiving, by a first access network device, a data packet (for example, small data) sent by user equipment (for example, an IoT device), where the data packet includes a first cookie and raw data; verifying, by the first access network device, the first cookie, to obtain a verification result; and processing, by the first access network device, the raw data based on the verification result. Implementation of embodiments can reduce load on a network side when a large quantity of user equipments need to perform communication, thereby increasing data transmission efficiency.

Abstract: The present disclosure relates to secondary authentication methods and apparatus. In one example method, a core network function entity obtains an identity of a first terminal device, where the identity of the first terminal device is an identity in a first network. The core network function entity sends the identity of the first terminal device to an authentication device in a second network, where the identity of the first terminal device is used to determine an identity used by the second network to perform secondary authentication on a first user, and the identity of the first user is different from the identity of the first terminal device.

Abstract: This application discloses a network authentication method, and a related device and system.

Abstract: This application provides a key distribution and authentication method, system, and an apparatus. The method includes: a service center server distributes different keys to terminal devices, and then the terminal devices perform mutual authentication with the network authentication server based on respective keys and finally obtain communication keys for communication between the terminal devices and a functional network element. This provides a method for establishing a secure communication channel for the terminal device, having a broad application range.