Abstract: The present disclosure relates to secondary authentication methods and apparatus. In one example method, a core network function entity obtains an identity of a first terminal device, where the identity of the first terminal device is an identity in a first network. The core network function entity sends the identity of the first terminal device to an authentication device in a second network, where the identity of the first terminal device is used to determine an identity used by the second network to perform secondary authentication on a first user, and the identity of the first user is different from the identity of the first terminal device.

Abstract: This application discloses a network authentication method, and a related device and system.

Abstract: An authentication method, apparatus, and device. The method includes sending, by a core network device, an authentication request message of a user to a data network device, where the authentication request message requests that the data network device perform identity authentication on the user, and receiving, by the core network device, an authentication response message sent by the data network device, where the authentication response message comprises first information, and the first information indicates user identity information of the user.

Abstract: Embodiments of this application provide a private key generation method and system, and a device. The method includes: receiving, by a terminal device, a first response message sent by a first network device, where the first response message includes at least a first sub-private key, and the first sub-private key is generated based on a first parameter set sent by a second network device; receiving, by the terminal device, a second response message sent by the second network device, where the second response message includes at least a second sub-private key, and the second sub-private key is generated based on a second parameter set sent by the first network device; and synthesizing, by the terminal device, a joint private key based on at least the first sub-private key and the second sub-private key.

Abstract: A key management method/apparatus (user equipment) are described. The key management includes encrypting user identity information based on a first public key. The user equipment sends a first user identity message to a first network device. The first user identity message includes the user identity information, an indication identifier that indicates whether the user identity information is encrypted, and a reference identifier for indexing the first public key. The first network device sends, to a second network device, a third user identity message including the user identity information and the reference identifier that indexes the first public key. Thus, when receiving the third user identity message, the second network device can determine the encrypted user identity information, according to a pre-stored mapping table including the first private key.

Abstract: Example communication methods and apparatus are described. One example communication method includes that user equipment (UE) sends an N1 message to a security anchor function (SEAF), where the N1 message carries a Diffie-Hellman (DH) public parameter or a DH public parameter index, the N1 message further carries an encrypted identifier of the UE, and the encrypted identifier is obtained by encrypting a permanent identifier of the UE and a first DH public key. The UE receives an authentication request that carries a random number and that is sent by the SEAF. The UE sends, to the SEAF, an authentication response used to respond to the authentication request, where the authentication response carries an authentication result calculated based on a root key and the random number.

Abstract: A system for transmission data protection includes user equipment (UE) and an access point. The access point sends a broadcast message that carries a public key for encryption. The UE receives and stores the public key for encryption. The UE obtains a global public key or a private key corresponding to the UE, and protects transmission data using the public key for encryption and the global public key or the private key corresponding to the UE.

Abstract: A key generation method includes a user plane network function and a terminal device obtain key update information sent by each other. The user plane network function updates, by using the obtained key update information, a sub-key derived from a permanent key, to obtain a new protection key. The terminal device updates, by using the obtained key update information, a sub-key derived from the permanent key, to obtain a new protection key. The terminal device and the user plane network function perform, by using the new protection key, security protection on user plane data transmitted between the terminal device and the user plane network function.

Abstract: This disclosure relates to a unified authentication method for a device to authenticate an operator provider network and a service provider network based on Identity-Based Cryptography where each of the device, operator provider network and service provider network has a different private key and a same Global Public Key (GPK) issued by a public key generator, the unified authentication method comprising: the device, generating and transmitting an authentication data package to the operator provider network, in response to receiving the authentication data package, determining a type of authentication based on the Authentication Type; the element of the operator provider network, in response to determining the first type of authentication, generating and transmitting a first Authentication Response Message to the device and transmitting the authentication data package to the element of the service provider network based on the SP_ID.

Abstract: This application discloses a mobile network authentication method, a terminal device, a server, and a network authentication entity. The method includes: receiving, by a first terminal device, a DH public key and a first ID that are sent by at least one second terminal device; sending a first message to a server, where the first message includes a DH public key of each second terminal device of the at least one second terminal device and a first ID of the second terminal device; receiving a second message sent by the server, where the second message includes a DH public key of the server and a second ID of the second terminal device that is generated by the server; and sending, by the first terminal device, the second ID of the second terminal device and the DH public key of the server to the second terminal device.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to optimize a guard band of a hardware resource. An example apparatus includes at least one storage device, and at least one processor to execute instructions to identify a phase of a workload based on an output from a machine-learning model, the phase based on a utilization of one or more hardware resources, and based on the phase, control a guard band of a first hardware resource of the one or more hardware resources.

Abstract: Embodiments of this application provide a pseudonym credential configuration method and apparatus. The method includes: receiving an identifier of a terminal device and information about N to-be-requested pseudonym credentials from the terminal device, sending N second request messages to a pseudonym credential generation server, and storing a tag of each second request message in association with the identifier of the terminal device in the registration server, so that the registration server can obtain, based on the tag, the identifier that is of the terminal device and that is associated with the tag; and generating N pseudonym credentials. The pseudonym credential generated in this application may enable a behavior investigation server to learn of a real identity of the terminal device.

Abstract: A key generation and distribution method is disclosed. The method includes receiving a first request from a first requestor, the first requestor comprising an identity of the first requestor; generating a new identity (ID) based on the identity of the first requestor; generating a secret key for the new ID with a predetermined pair of global keys, namely a Global Secret Key (GSK) and a Global Public Key (GPK); transmitting the new ID, secret key and the GPK to the first requestor; receiving a request from a second requestor, the request comprising a plurality of identities; generating an new ID for each of the plurality of identities; generating a secret key based on the IBC key generation algorithm for each of the plurality of new IDs; and transmitting the plurality of new IDs, secret keys corresponding to each of the plurality of IDs and the GPK to the second requestor.

Abstract: This application discloses a network authentication method, and a related device and system.

Abstract: Embodiments of the invention provide methods and apparatuses for session key generation, which use Diffie-Hellman procedure in both user equipment and network to prevent an attacker from breaking the session key by simply listening to signal exchanges passively when the attacker possesses credentials of a USIM card.

Abstract: A key distribution method is disclosed. In this method, a key request can be received by a key management system (KMS) from a mobile operator network element (MNO). The key request can carry a public key of UE. At least one PVT and one SSK can be allocated to the US based on an IBC ID. The at least one PVT and SSK can be encrypted based on the public key to generate ciphertext; and an object can be signed based on a preset digital signature private key (DSPK) to generate a digital signature. The object can include the public key and the ciphertext. Still, a signature validation public key associated with the DSPK can be determined and a key response can be returned to the MNO. The key response can carry the signature validation public key, the public key of the UE, the ciphertext, and the digital signature.

Abstract: This application discloses a private key generation method and system, and a device. The method includes: sending, by a first network device, a first request to a second network device, where the first request includes a first parameter set; receiving, by the first network device, a first response message returned by the second network device, where the first response message includes a first sub-private key and a second parameter set, the first sub-private key is generated based on the first parameter set, and the first sub-private key is generated for a terminal device; generating, by the first network device, a second sub-private key based on the second parameter set, where the second sub-private key is generated for the terminal device; and synthesizing, by the first network device, the first sub-private key and the second sub-private key into a joint private key according to a synthesis formula.

Abstract: A User Equipment (UE) for communicating directly with a core network is provided. The UE comprises: a first communication device; a second communication device; an authentication management module; a processor; a storage medium; instructions stored on the storage medium and executable by the processor to: perform a first authentication with the core network to obtain a security context; transmit a security context from the authentication management module to at least one of the first and second communication devices; and perform a second authentication for one of the first and second communication devices with the core network using the security context from the authentication management module to establish connection with the core network.

Abstract: Embodiments provide a network authentication method, and a related device and system. In this method, an access request sent by user equipment is received by a network authentication network element. The received access request includes identification information of the user equipment. It is then verified, by the network authentication network element, whether the identification information is valid. If the identification information is valid, a slice authentication network element corresponding to the user equipment is determined based on the identification information. The identification information can be then sent to the slice authentication network element corresponding to the user equipment. The identification information is used by the slice authentication network element corresponding to the user equipment to generate authentication data for the user equipment and initiate a user authentication request to the user equipment by using the authentication data.

Abstract: Embodiments of the present disclosure disclose a network authentication method, a relay node, and a related system. The system includes user equipment, a relay node, and a cellular network authentication network element. The user equipment is configured to send a first authentication message to the relay node; the relay node is configured to receive first authentication messages, and generate first encrypted information by using an aggregation algorithm based on first encrypted identifiers in the first authentication; the cellular network authentication network element is configured to receive a first aggregation message, and when verifying, by using the first encrypted information, that information in the first aggregation message is correct, send a first response message to the relay node; and the user equipment is configured to generate a session key between the user equipment and the cellular network authentication network element when verifying that information in the first response message is correct.