Abstract: In an embodiment a method includes receiving, by a policy control network element, first information from a first network element, wherein the first information comprises a group identifier and a data type corresponding to the group identifier, the group identifier indicating a group and the group comprising one or more terminal devices, and obtaining, by the policy control network element, first data based on the first information, wherein the first data is data corresponding to the data type.

Abstract: An authentication management function AUSF receives an authentication request message from an access and mobility management function AMF, where the authentication request message carries a subscription concealed identifier SUCI. The AUSF sends an authentication vector get request message to a unified data management UDM function, where the authentication vector get request message carries the SUCI. The AUSF receives an authentication vector get response message from the UDM, where the authentication vector get response message includes authentication and key management for application AKMA indication information. The AUSF generates, based on the AKMA indication information, an authentication and key management for application-key identifier based on a routing indicator RID in the SUCI.

Abstract: This application pertains to the field of communication technologies, and provides a communication method, apparatus, and system. In the method, when a remote device has established a first relay connection to a first relay device by using a first PC5 connection mechanism, for example, a user plane based mechanism or a control plane based mechanism, if the remote device expects to switch the relay connection, the remote device may establish a second relay connection to a second relay device by preferentially reusing a connection mechanism used before relay connection switching, namely, the first PC5 connection mechanism, to improve PC5 connection switching efficiency, reduce a switching delay, and ensure continuity of a first service obtained by the remote device from a network.

Abstract: A communication method includes deriving a first key. The first key is determined based on a second key by using a first parameter value. The second key is a master key. The first parameter value is a 1st parameter value in a first set. The first set includes a plurality of parameter values associated with a secondary node to which a first cell belongs. The parameter value is a secondary node counter value. The communication method also includes deriving a third key based on the first key. The third key is one or more of a user plane key or a control plane key. The third key is used to perform encryption or data integrity protection on one or more of data or signaling between a terminal device and the first cell.

Abstract: This application provides a communication method and apparatus. The method includes: A first terminal device derives a first key based on a first count value, where the first key is used to protect communication security between the first terminal device and a first secondary node after the first terminal device accesses the first secondary node. The first terminal device stores a second count value, where the second count value is equal to the first count value plus n, the second count value is used to derive a second key, and the second key is used to protect communication security between the first terminal device and a second secondary node when the first terminal device migrates from the first secondary node to the second secondary node.

Abstract: A communication method includes receiving, by a policy control network element executed by a processor, first information. The first information is service information or a traffic steering requirement. The traffic steering requirement includes at least one service function. The communication method also includes obtaining, by the policy control network element, first traffic steering policy information from a first network element based on the first information. The first traffic steering policy information indicates network elements corresponding to the at least one service function and a sequence in which service data passes through the network elements corresponding to the at least one service function.

Abstract: This application pertains to the field of communication technologies, and provides a communication method and apparatus, to avoid a security risk during cross-domain access. In the method, when a second network element in a second trust domain requests, in a cross-domain manner, a first network element in a first trust domain to provide a corresponding service, the first network element may perform end-to-end verification, that is, trigger verification on whether the second network element is trusted, so that the first network element provides the service for the second network element only when it is determined that the second network element is trusted. In this way, a security risk during cross-domain access can be avoided.

Abstract: Embodiments of this application provide a communication method and a communication apparatus. The communication method includes: A first network element receives, from an AMF, a first per UE per slice-maximum bit rate UE-Slice-MBR of a slice #1 of a terminal device, where the first UE-Slice-MBR is provided by a slice authentication, authorization, and accounting AAA server. The first network element determines a second UE-Slice-MBR based on the first UE-Slice-MBR, where the second UE-Slice-MBR is an authorized UE-Slice-MBR. The first network element sends a first data management message to a unified data repository network element UDR, where the first data management message includes the second UE-Slice-MBR. In this way, a UE-Slice-MBR can be more flexibly provided without exposing a network capability, to control use of a slice resource by UE, thereby improving user experience.

Abstract: A communications method and apparatus, where the method includes: sending, by a session management network element, first indication information when the session management network element determines, based on first information, to establish a first low-latency service flow for a session, wherein the first indication information is used to indicate to set the session to an always-on session. According to solutions of this application, when determining to establish the low-latency service flow, the session management network element flexibly indicates to a terminal apparatus to set the session to the always-on session. This avoids a resource waste caused by setting the session to the always-on session all the time, and avoids a transmission latency caused when the session is not set to the always-on session in time, such that resource utilization and transmission efficiency are improved.

Abstract: This application provides a communication method and apparatus. In the method, a first device determines a first quality of service parameter corresponding to a non-uncrewed aerial vehicle service of a terminal device, and sends the first quality of service parameter to a second device. The first quality of service parameter includes one or more of the following parameters: a first maximum bit rate corresponding to the non-uncrewed aerial vehicle service; a first priority indicating that a priority of a data flow of the non-uncrewed aerial vehicle service is lower than a priority of a data flow of an uncrewed aerial vehicle service; or a first identifier indicating a data flow of the non-uncrewed aerial vehicle service.

Abstract: A communication method includes triggering, by a first network element, device authentication on a terminal. The communication method also includes, in response to the device authentication on the terminal being successful, verifying, by the first network element based on a preset binding relationship, whether a device identifier of the terminal matches a user identity. The user identity identifies a user who uses the terminal to request a service from a network. The communication method further includes triggering, by the first network element based on a verification result, the network to determine whether to provide the service for the terminal.

Abstract: Embodiments of this application provide a communication method and apparatus. The method includes: A service discovery function network element receives a service discovery request message requesting to provide a network function network element of a first type; and when determining that a first certificate of a first network function network element of the first type is valid, the service discovery function network element sends a service discovery response message including identification information of the first network function network element.

Abstract: A method for determining a user plane security algorithm, a system, and an apparatus. The method may include: a second device selects a non-null user plane confidentiality protection algorithm based on a security capability of a first device and a security capability of the second device in a case in which user plane confidentiality protection between the second device and the first device is enabled and control plane confidentiality protection between the second device and the first device is not enabled. The second device sends a first message to the first device. The first message includes first algorithm indication information indicating the user plane confidentiality protection algorithm. Therefore, the first device can obtain the non-null user plane confidentiality protection algorithm. Embodiments can be adopted to determine an effective user plane confidentiality protection algorithm, for confidentiality protecting user plane data.

Abstract: This application provides a key management method, a device, and a system. The method includes: A terminal device sends a first application session establishment request message to a first application function network element, where the establishment request message carries identification information of a first key, and the first key is an authentication and key management for applications AKMA key. The terminal device receives a first authentication request message in a procedure of the re-authentication. The terminal device sends a response message for the first authentication request message in the procedure of the re-authentication. The terminal device receives a response message for the establishment request message. The terminal device derives a communication key between the terminal device and the first application function network element by using the first key.

Abstract: This application provides a method for controlling disorder of downlink data and an apparatus thereof. The method includes: A control plane network element determines to switch from a first user plane device to a second user plane device, and sends indication information to the second user plane device. The second user plane device buffers, according to the received indication information, downlink data received from a session anchor, and sends the buffered downlink data after reception of an end marker from the first user plane device.

Abstract: Embodiments of this application provide a communication method, a system, and an apparatus. The method includes: A network device obtains at least one piece of location information based on at least one piece of first information in a plurality of pieces of information, where each piece of information corresponds to at least one terminal, and one piece of first information corresponds to the at least one piece of location information; and the network device determines at least one first location range based on the location information, where a terminal in the first location range receives and sends information abnormally. In embodiments of this application, an area in which the information is abnormally received and sent may be determined by detecting the information by the network device, and information receiving and sending of the terminal in the abnormal area may be further restricted.

Abstract: Disclosed is an AMBR control method, device, and system, so that a quality of service (QoS) control mechanism can be used to control use of resources in a network slice by a terminal device. The method includes: a mobility management network element obtaining M pieces of single network slice selection assistance information (S-NSSAI) corresponding to a terminal device and a first slice-AMBR corresponding to each piece of S-NSSAI in the M pieces of S-NSSAI; and sending the M pieces of S-NSSAI and the first slice-AMBR corresponding to each piece of S-NSSAI to an access network device, where the first slice-AMBR corresponding to each piece of S-NSSAI is used to determine a second slice-AMBR corresponding to the S-NSSAI, and the second slice-AMBR corresponding to each piece of S-NSSAI is used to control an aggregate bit rate of non-guaranteed bit rate non-GBR QoS flows in a network slice indicated by the S-NSSAI.

Abstract: This application provides a communication system, method, and apparatus. The system is applied to implement authentication and key management for applications (AKMA) service-based data transmission between a terminal device and an application function network element. The system includes an AKMA anchor function network element and a network exposure function network element. The network exposure function network element obtains first identification information from a unified data management network element, where the first identification information is used to determine an authentication server function network element corresponding to the terminal device, and sends the first identification information to the AKMA anchor function network element. The AKMA anchor function network element obtains, from the unified data management network element based on the first identification information, identification information of the authentication server function network element corresponding to the terminal device.

Abstract: A secure communication method includes receiving, by a first network element, first information and a first signature from a network management network element. The first signature is generated based on a private key of the network management network element and the first information, and the first information is used to describe the first network element. The method also includes sending, by the first network element, the first information and the first signature to a certificate issuing network element. The first information is used to obtain a first certificate, and the first certificate is used to prove an identity of the first network element. The method further includes receiving, by the first network element, the first certificate from the certificate issuing network element.

Abstract: This application discloses a multicast session establishment method and a network device, and relates to the field of wireless communication technologies, to implement establishment of a multicast session based on a network architecture that has been deployed by an operator. In one example, when the multicast session is established, policy control, for example, quality of service QoS control, of the multicast session may be completed via a policy control network element or a session management network element in the network architecture that has been deployed by the operator.