Abstract: This application provides a communication method and apparatus. In the method, a first device determines a first quality of service parameter corresponding to a non-uncrewed aerial vehicle service of a terminal device, and sends the first quality of service parameter to a second device. The first quality of service parameter includes one or more of the following parameters: a first maximum bit rate corresponding to the non-uncrewed aerial vehicle service; a first priority indicating that a priority of a data flow of the non-uncrewed aerial vehicle service is lower than a priority of a data flow of an uncrewed aerial vehicle service; or a first identifier indicating a data flow of the non-uncrewed aerial vehicle service.

Abstract: A communication method includes triggering, by a first network element, device authentication on a terminal. The communication method also includes, in response to the device authentication on the terminal being successful, verifying, by the first network element based on a preset binding relationship, whether a device identifier of the terminal matches a user identity. The user identity identifies a user who uses the terminal to request a service from a network. The communication method further includes triggering, by the first network element based on a verification result, the network to determine whether to provide the service for the terminal.

Abstract: Embodiments of this application provide a communication method and apparatus. The method includes: A service discovery function network element receives a service discovery request message requesting to provide a network function network element of a first type; and when determining that a first certificate of a first network function network element of the first type is valid, the service discovery function network element sends a service discovery response message including identification information of the first network function network element.

Abstract: A method for determining a user plane security algorithm, a system, and an apparatus. The method may include: a second device selects a non-null user plane confidentiality protection algorithm based on a security capability of a first device and a security capability of the second device in a case in which user plane confidentiality protection between the second device and the first device is enabled and control plane confidentiality protection between the second device and the first device is not enabled. The second device sends a first message to the first device. The first message includes first algorithm indication information indicating the user plane confidentiality protection algorithm. Therefore, the first device can obtain the non-null user plane confidentiality protection algorithm. Embodiments can be adopted to determine an effective user plane confidentiality protection algorithm, for confidentiality protecting user plane data.

Abstract: This application provides a key management method, a device, and a system. The method includes: A terminal device sends a first application session establishment request message to a first application function network element, where the establishment request message carries identification information of a first key, and the first key is an authentication and key management for applications AKMA key. The terminal device receives a first authentication request message in a procedure of the re-authentication. The terminal device sends a response message for the first authentication request message in the procedure of the re-authentication. The terminal device receives a response message for the establishment request message. The terminal device derives a communication key between the terminal device and the first application function network element by using the first key.

Abstract: This application provides a method for controlling disorder of downlink data and an apparatus thereof. The method includes: A control plane network element determines to switch from a first user plane device to a second user plane device, and sends indication information to the second user plane device. The second user plane device buffers, according to the received indication information, downlink data received from a session anchor, and sends the buffered downlink data after reception of an end marker from the first user plane device.

Abstract: Embodiments of this application provide a communication method, a system, and an apparatus. The method includes: A network device obtains at least one piece of location information based on at least one piece of first information in a plurality of pieces of information, where each piece of information corresponds to at least one terminal, and one piece of first information corresponds to the at least one piece of location information; and the network device determines at least one first location range based on the location information, where a terminal in the first location range receives and sends information abnormally. In embodiments of this application, an area in which the information is abnormally received and sent may be determined by detecting the information by the network device, and information receiving and sending of the terminal in the abnormal area may be further restricted.

Abstract: This application provides a communication system, method, and apparatus. The system is applied to implement authentication and key management for applications (AKMA) service-based data transmission between a terminal device and an application function network element. The system includes an AKMA anchor function network element and a network exposure function network element. The network exposure function network element obtains first identification information from a unified data management network element, where the first identification information is used to determine an authentication server function network element corresponding to the terminal device, and sends the first identification information to the AKMA anchor function network element. The AKMA anchor function network element obtains, from the unified data management network element based on the first identification information, identification information of the authentication server function network element corresponding to the terminal device.

Abstract: Disclosed is an AMBR control method, device, and system, so that a quality of service (QoS) control mechanism can be used to control use of resources in a network slice by a terminal device. The method includes: a mobility management network element obtaining M pieces of single network slice selection assistance information (S-NSSAI) corresponding to a terminal device and a first slice-AMBR corresponding to each piece of S-NSSAI in the M pieces of S-NSSAI; and sending the M pieces of S-NSSAI and the first slice-AMBR corresponding to each piece of S-NSSAI to an access network device, where the first slice-AMBR corresponding to each piece of S-NSSAI is used to determine a second slice-AMBR corresponding to the S-NSSAI, and the second slice-AMBR corresponding to each piece of S-NSSAI is used to control an aggregate bit rate of non-guaranteed bit rate non-GBR QoS flows in a network slice indicated by the S-NSSAI.

Abstract: A secure communication method includes receiving, by a first network element, first information and a first signature from a network management network element. The first signature is generated based on a private key of the network management network element and the first information, and the first information is used to describe the first network element. The method also includes sending, by the first network element, the first information and the first signature to a certificate issuing network element. The first information is used to obtain a first certificate, and the first certificate is used to prove an identity of the first network element. The method further includes receiving, by the first network element, the first certificate from the certificate issuing network element.

Abstract: This application discloses a multicast session establishment method and a network device, and relates to the field of wireless communication technologies, to implement establishment of a multicast session based on a network architecture that has been deployed by an operator. In one example, when the multicast session is established, policy control, for example, quality of service QoS control, of the multicast session may be completed via a policy control network element or a session management network element in the network architecture that has been deployed by the operator.

Abstract: This application provides a communication method and a communication apparatus. The method includes: A policy control function network element receives, from an application function network element, information about a first time window and information about a first parameter, where the first time window is a time window that is of data transfer of a first service, and the first parameter includes parameters of the data transfer of the first service. The policy control function network element determines the policies of the first service and then sends the policies to the application function network element. The information about each policy includes information about N time windows which are determined based on the information about the first time window and the information about the first parameter, and the N time windows are used to transmit or receive data of the first service.

Abstract: Embodiments of this application provide a communication method and a network element device. The method includes: A first network function network element obtains integrity-protected attestation information, where the attestation information includes an attestation result and range indication information associated with the attestation result; generates a service request message when determining that a service provided by a second network function network element is to be requested; and sends the service request message to the second network function network element, where the service request message includes the attestation information and an identifier of the first network function network element. The method disclosed in this application can prevent and mitigate a potential security risk faced by a network function in a mobile communication network, especially faced by a network function implemented in a software or virtualization manner.

Abstract: This application provides example key management methods and example communication apparatuses. In an example method, a terminal device obtains identification information of a first decryption network element in a local network. The terminal device obtains, based on the identification information and a mapping relationship, a first encryption key corresponding to the first decryption network element, where the mapping relationship indicates at least one decryption network element and an encryption key corresponding to each of the at least one decryption network element, and the at least one decryption network element includes the first decryption network element. The terminal device encrypts the user identity information by using the first encryption key, to obtain a hidden user identity. The terminal device sends a registration request to the local network through an access network device, where the registration request includes the hidden user identity.

Abstract: A communication method includes obtaining, by a communication apparatus, first information associated with at least one network. The first information includes an authentication mechanism supported by each of the at least one network. The communication method also includes obtaining, by the communication apparatus, a target authentication mechanism based on an authentication mechanism supported by the communication apparatus, the first information, and a network in which an application function (AF) is located. The at least one network included the network in which the AF is located. The communication method further includes establishing, by the communication apparatus, a secure communication connection to the AF by using the target authentication mechanism.

Abstract: A communications method and apparatus, where the method includes: sending, by a session management network element, first indication information when the session management network element determines, based on first information, to establish a first low-latency service flow for a session, wherein the first indication information is used to indicate to set the session to an always-on session. According to solutions of this application, when determining to establish the low-latency service flow, the session management network element flexibly indicates to a terminal apparatus to set the session to the always-on session. This avoids a resource waste caused by setting the session to the always-on session all the time, and avoids a transmission latency caused when the session is not set to the always-on session in time, such that resource utilization and transmission efficiency are improved.

Abstract: A communication method and apparatus are provided. The method includes: A network repository function network element receives a discovery request message including a type of a network element that requests to be discovered. The network repository function network element determines a second network element based on the type of the network element that requests to be discovered, and sends an identifier of a first dataset, a first token, and an identifier of the second network element to the first network element, where the first token authorizes the first network element to obtain the first dataset. According to the foregoing designs, the network repository function network element can provide, to the first network element, an identifier of a network element and information needed for obtaining the dataset, so that the first network element can determine, based on the dataset, whether to access the network element.

Abstract: A communication method and apparatus are provided. The method may include: A mobility management network element receives a transaction identifier of a remote terminal device and a name of a data network from a relay terminal device. The mobility management network element determines a subscription permanent identifier of the remote terminal device based on the transaction identifier, and then sends the subscription permanent identifier and the name of the data network to a session management network element. After receiving the subscription permanent identifier and the name of the data network, the session management network element determines, by using a data management network element based on the subscription permanent identifier and the name of the data network, whether to perform secondary authentication on the remote terminal device. Whether to perform secondary authentication on the remote terminal device can be determined by using the provided solution.

Abstract: This application provides a communication method and apparatus. A first mobility management function entity may receive event information from a unified data management function entity, where the event information indicates a first-type terminal event. Therefore, when a terminal apparatus is reachable, the first mobility management function entity may send, based on the event information, a terminal event report to an application function entity that subscribes to the first-type terminal event, thereby improving pertinence of sending the terminal event report.

Abstract: A communications method includes determining a session management function entity based on at least one of a data network name, slice information, and an application function service identifier, and sending a first message to the session management function entity, where the first message is used to subscribe to a terminal event, the first message includes service description information, and the service description information is used to indicate a service corresponding to the terminal event.