Abstract: Embodiments of the present disclosure provide a network access authentication processing method and device. The method includes: receiving a confirmation message sent by user equipment, the confirmation message carrying a first signature token generated by the user equipment according to a first Privacy enhanced Mobile Subscriber Identifier (PMSI); verifying whether the first signature token is valid; and when the first signature token is invalid, obtaining the PMSI to perform network access authentication on the user equipment.

Abstract: This disclosure generally relates to encrypted communication between terminal devices and service applications via a communication network. Such encrypted communication may be based on various hierarchical levels of encryption keys that are generated and managed by the communication network. Such encrypted communication and key management may be provided by the communication network to the terminal devices as a service that can be subscribed to. The various levels of encryption keys may be managed to improve flexibility of the communication network and to reduce potential security breaches.

Abstract: A system and method of registration with AMF re-allocation. The system and method includes receiving, by an initial AMF from a wireless communication device via a RAN, a registration request comprising a first device identifier associated with the wireless communication device. The system and method includes determining, by the initial AMF, an identifier type associated with the first device identifier. The system and method includes generating, by the initial AMF, a reroute message comprising a second device identifier. The system and method includes originating, by the initial AMF to the wireless communication device, a security mode command message comprising a redirection criteria or an integrity negotiation algorithm, the security mode command message causes the wireless communication device to set the redirection criteria allowing the wireless communication device to accept a request message that is not integrity protected and return a security mode complete message to the initial AMF.

Abstract: This disclosure generally relates to encrypted communication between terminal devices and service applications via a communication network. Such encrypted communication may be based on various hierarchical levels of encryption keys that are generated and managed by the communication network. Such encrypted communication and key management may be provided by the communication network to the terminal devices as a service that can be subscribed to. The various levels of encryption keys may be managed to improve flexibility of the communication network and to reduce potential security breaches.

Abstract: This disclosure generally relates to encrypted communication between terminal devices and service applications via a communication network. Such encrypted communication may be based on various hierarchical levels of encryption keys that are generated and managed by the communication network. Such encrypted communication and key management may be provided by the communication network to the terminal devices as a service that can be subscribed to. The various levels of encryption keys may be managed to improve flexibility of the communication network and to reduce potential security breaches.

Abstract: Embodiments of the prevent invention provide a network access authentication method and device. The method comprises: receiving an authentication request message sent by a first serving network, wherein the authentication request message carries a user equipment pseudonym identifier generated by a user equipment; determining whether a local user equipment pseudonym identifier is asynchronous with the user equipment pseudonym identifier generated by the user equipment; and obtaining, if the determination result is yes, an encrypted international mobile subscriber identity (IMSI) to carry out network access authentication on the user equipment. The embodiments of the present invention can solve the problem that a network access process in the related art does not provide a processing method for the case where the user equipment pseudonym identifier in the user equipment is asynchronous with the user equipment pseudonym identifier in a home network.

Abstract: The present disclosure relates to a wireless communication method, systems and devices for a registration procedure. The wireless communication method for use in a wireless terminal includes determining a concealed identifier based on a permanent identifier and a check value. A message with the concealed identifier for a registration procedure is transmitted to a wireless network node.

Abstract: Embodiments of the prevent disclosure provide a network access authentication method and device. The method includes: receiving an authentication request message sent by a first serving network, the authentication request message carrying a user equipment alias identifier generated by user equipment; determining whether a local user equipment alias identifier is asynchronous with the user equipment alias identifier generated by the user equipment; and when the determination result is positive, obtaining an encrypted International Mobile Subscriber Identification Number IMSI for performing network access authentication on the user equipment.

Abstract: A system and method of registration with AMF re-allocation. The system and method includes receiving, by an initial AMF from a wireless communication device via a RAN, a registration request comprising a first device identifier associated with the wireless communication device. The system and method includes determining, by the initial AMF, an identifier type associated with the first device identifier. The system and method includes generating, by the initial AMF, a reroute message comprising a second device identifier. The system and method includes originating, by the initial AMF to the wireless communication device, a security mode command message comprising a redirection criteria or an integrity negotiation algorithm, the security mode command message causes the wireless communication device to set the redirection criteria allowing the wireless communication device to accept a request message that is not integrity protected and return a security mode complete message to the initial AMF.

Abstract: proviced is an authentication method based on a GBA, and the method includes: a BSF receives an initialization request message sent by a UE, wherein the initialization request message carries a first identifier of the UE, and the first identifier comprises at least one of the following: a SUCI, an identifier converted from the SUCI, and a TMPI associated with the subscriber identity; the BSF acquires an AV of the UE according to the first ID; the BSF completes GBA authentication with the UE according to the acquired AV. In this way, the privacy of the SUPI is protected for the UE, and the SUCI or the identifier converted from the SUCI is used to perform the bootstrapping process of the GBA, thereby improving the security of the GBA authentication process.

Abstract: Embodiments of the prevent disclosure provide a network access authentication method and device.

Abstract: The present disclosure discloses a near field communication discovery method, apparatus and system. Herein, the method includes: a discovery terminal receiving discovery information allocated by a network side to a discovered terminal, herein the discovery information includes a discovery identity, and the discovery information is transmitted by the network side to the discovered terminal; the discovery terminal performing paging or broadcasting using the discovery identity; and the discovery terminal receiving a response returned by the discovered terminal to determine that the discovered terminal is discovered.

Abstract: The present disclosure discloses a near field communication discovery method, apparatus and system. Herein, the method includes: a discovery terminal receiving discovery information allocated by a network side to a discovered terminal, herein the discovery information includes a discovery identity, and the discovery information is transmitted by the network side to the discovered terminal; the discovery terminal performing paging or broadcasting using the discovery identity; and the discovery terminal receiving a response returned by the discovered terminal to determine that the discovered terminal is discovered.

Abstract: The present invention discloses a home NodeB access method comprising: during initialization, a home NodeB access point selecting a home NodeB gateway connected to one of core networks which the home NodeB access point has right to access as a serving home NodeB gateway; the home NodeB access point registering in the serving home NodeB gateway, registering user information with the serving home NodeB gateway after receiving a non-access layer message sent from a user equipment, and forwarding the non-access layer message to the serving home NodeB gateway; and the serving home NodeB gateway forwarding the non-access layer message to a core network corresponding to a network access identifier of the user equipment according to the identifier after receiving the non-access layer message; and the core network interacting with the user equipment to complete access of the user equipment; so as to achieve share of the home NodeB.

Abstract: The present invention discloses an emergency service handover method which is applied in a single radio voice service system. A UE has established an emergency session between an IMS domain and an emergency call center via LTE/SAE network, wherein the emergency session is anchored to a service centralization and continuity application server, SCC AS, at a visited location. When MSC obtains information that the UE having established the emergency session needs to be switched to a CS domain, an enhanced MSC initiates a session establishment request to the visited SCC AS for performing a handover from the IMS domain to the CS domain on a service layer.

Abstract: A method for implementing call forwarding on user-determined user busy, including the following steps of: step 1: after receiving a session request routed by a CSCF from a calling side (401, 402), an IMS Circuit Switched Control Function (ICCF) on a called side establishing a call with a called terminal having IMS Centralized Service (ICS) capability (403), and then the called terminal ringing (410); step 2: sending, by the called terminal, a user-determined user busy message to the ICCF when a called user rejects the call (404); and step 3: notifying, by the ICCF, a Telecom Application Server (TAS) that the called terminal is in a user-determined user busy state (405), and the TAS initiating a procedure of call forwarding on user-determined user busy (406). A method for releasing the established media resources resources and session is also provided.

Abstract: A method for implementing a chairman side conference service of an IP Multimedia Subsystem centralized service is disclosed. A non ICS UE has contracted a conference service and is currently in calls with multiple UEs. The method for implementing the conference service when the non ICS UE serves as a chairman UE comprises: the chairman UE originating a conference setup request to an eMSC; after receiving the request, the eMSC sending a session request message for setting up the conference service to a conferencing server according to the address of the conferencing server to which the chairman UE belongs; the conferencing server returning a success response message to the eMSC; after receiving the response, the eMSC inviting the UEs, which are currently in calls with the chairman UE, to participate in the conference, and returning a conference setup success message to the chairman UE after the participation is successful.

Abstract: The present invention discloses a home NodeB access method comprising: during initialization, a home NodeB access point selecting a home NodeB gateway connected to one of core networks which the home NodeB access point has right to access as a serving home NodeB gateway; the home NodeB access point registering in the serving home NodeB gateway, registering user information with the serving home NodeB gateway after receiving a non-access layer message sent from a user equipment, and forwarding the non-access layer message to the serving home NodeB gateway; and the serving home NodeB gateway forwarding the non-access layer message to a core network corresponding to a network access identifier of the user equipment according to the identifier after receiving the non-access layer message; and the core network interacting with the user equipment to complete access of the user equipment; so as to achieve share of the home NodeB.

Abstract: A domain transferring method for the single radio voice call continuity, a UE accesses via an LTE/SAE network, and sets up an IMS session anchored at a VCC AS with a remote node; when an S-IWF receives a handover request used to transfer the session to make the session access from a CS domain, the method comprises: the LTE/SAE network sends a handover command to the UE, the UE sends a handover complete message to a target access device after receiving the handover command; after the UE sends the handover complete message, or after the S-IWF receives the handover complete message, a release session notification message is sent to a VCC AS; after receiving the session release notification message, the VCC AS releases the session resources of the session.

Abstract: The present invention discloses an emergency service handover method which is applied in a single radio voice service system. A UE has established an emergency session between an IMS domain and an emergency call center via LTE/SAE network, wherein the emergency session is anchored to a service centralization and continuity application server, SCC AS, at a visited location. When MSC obtains information that the UE having established the emergency session needs to be switched to a CS domain, an enhanced MSC initiates a session establishment request to the visited SCC AS for performing a handover from the IMS domain to the CS domain on a service layer.