Abstract: A data transmission method, a related device, and a related system. The method includes: receiving, by a first access network device, a data packet (for example, small data) sent by user equipment (for example, an IoT device), where the data packet includes a first cookie and raw data; verifying, by the first access network device, the first cookie, to obtain a verification result; and processing, by the first access network device, the raw data based on the verification result. Implementation of embodiments can reduce load on a network side when a large quantity of user equipments need to perform communication, thereby increasing data transmission efficiency.

Abstract: This disclosure provides a network authentication method, an apparatus, and a system. The method includes: receiving, by an authentication network element, a request to access a data network DN by UE; receiving a first authentication identifier of the UE and a second authentication identifier of the UE; and verifying, based on first binding information, whether the first authentication identifier of the UE and the second authentication identifier of the UE satisfy the first binding relationship, to obtain an authentication result, where the first binding information includes first binding relationships of one or more pairs of first authentication identifiers and second authentication identifiers, the first authentication identifier in the first binding information indicates an identifier used for authentication performed by the AUSF, and the second authentication identifier in the first binding information indicates an identifier used for authentication on access of the UE to the DN.

Abstract: Embodiments of this application provide a network security management method and an apparatus. The method includes: receiving, by a first network device, a session request sent by a terminal device, where the session request is used to request establishment of a first session with a first data network, the session request includes first authentication information for the first session, and the first authentication information includes identifier information of the first data network; obtaining, by the first network device, second authentication information for a second session of the terminal device, where the second authentication information includes identifier information of a second data network to which the second session is connected; and if the identifier information of the first data network is the same as the identifier information of the second data network, authorizing the terminal device to establish the first session with the first data network.

Abstract: This application provides a network slice allocation method, device, and system, including a terminal device, a first core network device, a second core network device, and a third core network device. The terminal device encrypts NSSAI and an ID of the terminal device to obtain encrypted information, and sends a slice access request message to the first core network device. The first core network device sends the encrypted information to the second core network device. The second core network device decrypts the encrypted information to obtain the NSSAI and the ID of the terminal device, generates an authentication vector, and sends the NSSAI and the authentication vector to the first core network device.

Abstract: The disclosure provides a network authentication method, a network device, and a core network device, the network authentication method including: receiving, by a first network device, an access request message sent by a terminal device, where the access request message includes an identity of the terminal device; determining, by the first network device based on the identity of the terminal device, whether to allow authentication on the terminal device; if the first network device does not allow the authentication on the terminal device, sending, by the first network device, the identity of the terminal device to a core network device, so that the core network device performs network authentication based on the identity of the terminal device.

Abstract: A key management method/apparatus (user equipment) are described. The key management includes encrypting user identity information based on a first public key. The user equipment sends a first user identity message to a first network device. The first user identity message includes the user identity information, an indication identifier that indicates whether the user identity information is encrypted, and a reference identifier for indexing the first public key. The first network device sends, to a second network device, a third user identity message including the user identity information and the reference identifier that indexes the first public key. Thus, when receiving the third user identity message, the second network device can determine the encrypted user identity information, according to a pre-stored mapping table including the first private key.

Abstract: This application provides a network authentication method, a network device, a terminal device, and a storage medium. In one aspect, in this application, a network device generates a symmetric key by itself, and generates a correct sequence number of a terminal device in real time by using a first sequence number. In other words, in this application, the network device does not need to store the symmetric key and the correct sequence number of the terminal device, but generates the symmetric key and the correct sequence number of the terminal device in real time. Therefore, storage load of an HSS in the prior art can be reduced.

Abstract: Embodiments of the present invention provide a session processing method and a device, and relate to the communications field. The method includes: receiving, by a data-network network element, a data network access request sent by a SMF, where the data network access request includes an identifier of user equipment UE and a session address to be used by the UE; sending, by the data-network network element, a response message to the SMF, where the response message instructs to allow the UE to access a data network, so that the SMF establishes a session of the UE; and detecting, by the data-network network element based on the session address or the identifier of the UE, that the session of the UE needs to be processed, generating a session processing request, and instructing, by using the session processing request, the SMF to process the session of the UE.

Abstract: Embodiments of this application provide a private key generation method and system, and a device. The method includes: receiving, by a terminal device, a first response message sent by a first network device, where the first response message includes at least a first sub-private key, and the first sub-private key is generated based on a first parameter set sent by a second network device; receiving, by the terminal device, a second response message sent by the second network device, where the second response message includes at least a second sub-private key, and the second sub-private key is generated based on a second parameter set sent by the first network device; and synthesizing, by the terminal device, a joint private key based on at least the first sub-private key and the second sub-private key.

Abstract: This application discloses a private key generation method and system, and a device. The method includes: sending, by a first network device, a first request to a second network device, where the first request includes a first parameter set; receiving, by the first network device, a first response message returned by the second network device, where the first response message includes a first sub-private key and a second parameter set, the first sub-private key is generated based on the first parameter set, and the first sub-private key is generated for a terminal device; generating, by the first network device, a second sub-private key based on the second parameter set, where the second sub-private key is generated for the terminal device; and synthesizing, by the first network device, the first sub-private key and the second sub-private key into a joint private key according to a synthesis formula.

Abstract: Embodiments of this application disclose a network key processing system, including user equipment, a security anchor network element, and an access and mobility management network element, where the security anchor network element is configured to: obtain a first key parameter from a slice selection network element, where the first key parameter includes identifier information of N network slices; generate N slice-dedicated keys based on the first key parameter; and send the N slice-dedicated keys to the corresponding N network slices respectively; the access and mobility management network element is configured to: obtain the first key parameter, and send the first key parameter to the user equipment; and the user equipment is configured to: generate the N slice-dedicated keys for the N network slices based on the first key parameter, and access the N network slices based on the generated N slice-dedicated keys.

Abstract: Embodiments provide a network authentication method, and a related device and system. In this method, an access request sent by user equipment is received by a network authentication network element. The received access request includes identification information of the user equipment. It is then verified, by the network authentication network element, whether the identification information is valid. If the identification information is valid, a slice authentication network element corresponding to the user equipment is determined based on the identification information. The identification information can be then sent to the slice authentication network element corresponding to the user equipment. The identification information is used by the slice authentication network element corresponding to the user equipment to generate authentication data for the user equipment and initiate a user authentication request to the user equipment by using the authentication data.

Abstract: A key distribution method is disclosed. In this method, a key request can be received by a key management system (KMS) from a mobile operator network element (MNO). The key request can carry a public key of UE. At least one PVT and one SSK can be allocated to the US based on an IBC ID. The at least one PVT and SSK can be encrypted based on the public key to generate ciphertext; and an object can be signed based on a preset digital signature private key (DSPK) to generate a digital signature. The object can include the public key and the ciphertext. Still, a signature validation public key associated with the DSPK can be determined and a key response can be returned to the MNO. The key response can carry the signature validation public key, the public key of the UE, the ciphertext, and the digital signature.

Abstract: This application discloses a mobile network authentication method, a terminal device, a server, and a network authentication entity. The method includes: receiving, by a first terminal device, a DH public key and a first ID that are sent by at least one second terminal device; sending a first message to a server, where the first message includes a DH public key of each second terminal device of the at least one second terminal device and a first ID of the second terminal device; receiving a second message sent by the server, where the second message includes a DH public key of the server and a second ID of the second terminal device that is generated by the server; and sending, by the first terminal device, the second ID of the second terminal device and the DH public key of the server to the second terminal device.

Abstract: In various embodiments, a method of controlling a station may be provided. The method may include receiving a first signal from an access point, the first signal including information indicating a time period. The method may further include deactivating the station after receiving the first signal and before expiry of the time period. The method may also include activating the station upon expiry of the time period.

Abstract: According to various embodiments, a radio communication device may be provided. The radio communication device may include: a transmitter configured to transmit a null data packet. The null data packet may include acknowledgement data indicating acknowledgements for a plurality of packets. The null data packet may include a cyclic redundancy check field configured to provide information based on which the null data packet or acknowledgements may be checked for errors. The null data packet may include further information based on which the acknowledgements may be checked for errors.

Abstract: The objective of the invention is to suppress, in a case of applying the RRH system in an environment having a plurality of cells (multi-cellular environment), the reduction of the throughput of the whole system. A base station, in the RRH system in which a plurality of antenna ports are dispersively placed in each of a plurality of cells, comprises: a selection unit that selects antenna ports, to which user terminals are to connect, from among the antenna ports of the cells in which the user terminals are existent; and a power setting unit that controls the transmission powers of the antenna ports. The selection unit and power setting unit set predetermined conditions for the target SINRs(t) of the user terminals and the transmission powers of the antenna ports, and select the antenna ports for the user terminals and control the transmission powers of the antenna ports such that the smallest one of the values of the SINRs of the user terminals of the plurality of cells is maximized.

Abstract: The present invention is directed to a compression device including an identifier determination circuit configured to determine a first identifier value identifying a first communication terminal of a network, and a second identifier value identifying a second communication terminal of the network; a differential determination circuit configured to determine a differential value based on a difference between the first identifier value and the second identifier value; and a compressed string generation circuit configured to insert the differential value into a compressed string. A compression method, a decompression device and a decompression method are also disclosed.

Abstract: The present invention is directed to a compression device including an identifier determination circuit configured to determine a first identifier value identifying a first communication terminal of a network, and a second identifier value identifying a second communication terminal of the network; a differential determination circuit configured to determine a differential value based on a difference between the first identifier value and the second identifier value; and a compressed string generation circuit configured to insert the differential value into a compressed string. A compression method, a decompression device and a decompression method are also disclosed.

Abstract: According to various embodiments, a communication method may be provided. The communication method may include: at least one of sending a first data unit including a physical layer (PHY) header or receiving a first data unit including a PHY header. The PHY header may include at least a field to indicate whether a response data unit is intended to follow the first data unit, and to indicate the type of the response data unit, when a response data unit is intended to follow the first data unit. The type of the response data unit may be used to estimate the duration of the response data unit.