WO2021073382A1 - Registration method and apparatus - Google Patents

Abstract

Disclosed are a registration method and apparatus. The method comprises: an initial AMF sending first routing information to a target AMF by means of an RAN, wherein after the target AMF receives the first routing information, the target AMF can acquire, from the initial AMF, the context of a UE, the security context of the UE, the NAS security context of the UE, etc. by means of an SCP. The context of the UE is a new NAS security context established between the UE and the initial AMF, and the target AMF can acquire the new NAS security context, thereby avoiding the failure of UE registration and ensuring the success of UE registration.

Description

注册方法及装置Registration method and device

本申请要求于2019年10月13日提交中国专利局、申请号为201910970524.6以及于2019年11月11日提交中国专利局、申请号为201911097204.0、申请名称为“注册方法及装置”的中国专利申请的优先权，其全部内容通过引用结合在本申请中。This application requires that it be submitted to the Chinese Patent Office on October 13, 2019 with the application number 201910970524.6 and on November 11, 2019, the Chinese patent application with the application number 201911097204.0 and the application name "Registration Method and Apparatus" The priority of, the entire content of which is incorporated in this application by reference.

技术领域Technical field

本申请涉及无线通信技术领域，尤其涉及一种注册方法及装置。This application relates to the field of wireless communication technology, and in particular to a registration method and device.

背景技术Background technique

标准第三代合作伙伴项目(3rd generation partnership project，3GPP)中定义了在第五代移动通信技术(5th-generation，5G)***中，用户设备(user equipment，UE)的注册流程。在注册过程中可能进行接入与移动管理功能网络功能(access and mobility management function，AMF)重定向。The standard third generation partnership project (3rd generation partnership project, 3GPP) defines the registration process of user equipment (UE) in the fifth-generation mobile communication technology (5th-generation, 5G) system. During the registration process, access and mobility management function (access and mobility management function, AMF) may be redirected.

一般的，用户设备注册流程可如下所示：用户设备首先发送注册请求给初始AMF(initial AMF)，该初始AMF认证该用户设备，并获取该用户设备的上下文，包括安全上下文，如果有的话；该初始AMF可发起非接入层(non-access stratum，NAS)安全模式控制流程，以建立该用户设备与该初始AMF之间的NAS安全上下文。在该初始AMF不能服务该用户设备的情况下，该初始AMF可进行NAS重定向(NAS reroute)，即该初始AMF获取可服务该用户设备的目标AMF(target AMF)的信息，并向该目标AMF发送从该用户设备处接收到的注册请求消息。当该初始AMF不能直接将该注册请求消息发送给该目标AMF时，该初始AMF，通过(无线)接入网络((Radio)Access Network,(R)AN)将该注册请求消息发送给该目标AMF，从而完成AMF重定向。Generally, the user equipment registration process can be as follows: the user equipment first sends a registration request to the initial AMF (initial AMF), the initial AMF authenticates the user equipment, and obtains the context of the user equipment, including the security context, if any ; The initial AMF can initiate a non-access stratum (non-access stratum, NAS) security mode control process to establish a NAS security context between the user equipment and the initial AMF. In the case that the initial AMF cannot serve the user equipment, the initial AMF can perform NAS redirection (NAS reroute), that is, the initial AMF obtains the information of the target AMF (target AMF) that can serve the user equipment and sends it to the target The AMF sends the registration request message received from the user equipment. When the initial AMF cannot directly send the registration request message to the target AMF, the initial AMF sends the registration request message to the target through the (Radio) Access Network ((R) AN) AMF, thereby completing AMF redirection.

然而，通过上述方法，由于该用户设备与该初始AMF之间已经建立了NAS安全上下文，而目标AMF不能获取该NAS安全上下文，因此会导致该用户设备注册失败，无法接入网络。However, with the above method, since the NAS security context has been established between the user equipment and the initial AMF, and the target AMF cannot obtain the NAS security context, the user equipment registration fails and cannot access the network.

发明内容Summary of the invention

本申请实施例提供一种注册方法及装置，可有效避免UE注册失败，无法接入网络的情况。The embodiments of the present application provide a registration method and device, which can effectively avoid the situation that the UE fails to register and cannot access the network.

第一方面，本申请实施例提供一种注册方法，包括：In the first aspect, an embodiment of the present application provides a registration method, including:

初始接入管理功能AMF确定通过接入网设备进行非接入层NAS重定向；The initial access management function AMF determines the non-access layer NAS redirection through the access network equipment;

所述初始AMF发送第一路由信息，所述第一路由信息用于指示目标AMF从所述初始AMF中获取终端设备的相关信息；The initial AMF sends first routing information, where the first routing information is used to instruct the target AMF to obtain related information of the terminal device from the initial AMF;

在所述目标AMF接收到所述第一路由信息的情况下，所述初始AMF接收第一服务请求，所述第一服务请求用于请求所述终端设备的相关信息；In a case where the target AMF receives the first routing information, the initial AMF receives a first service request, and the first service request is used to request related information of the terminal device;

所述初始AMF发送所述第一服务请求的响应，所述第一服务请求的响应中包括所述终端设备的相关信息。The initial AMF sends a response to the first service request, and the response to the first service request includes related information of the terminal device.

在一种可能的实现方式中，所述终端设备的相关信息包括以下任意一种或多种信息：所述终端设备的上下文、所述终端设备的安全上下文、所述终端设备的NAS安全上下文或所述 初始AMF与所述终端设备建立的NAS安全上下文。In a possible implementation, the relevant information of the terminal device includes any one or more of the following information: the context of the terminal device, the security context of the terminal device, the NAS security context of the terminal device, or The NAS security context established by the initial AMF and the terminal device.

在一种可能的实现方式中，第一路由信息中包括所述初始AMF的路由信息。In a possible implementation manner, the first routing information includes routing information of the initial AMF.

在一种可能的实现方式中，所述第一服务请求中包括所述第一路由信息和所述终端设备的标识信息。In a possible implementation manner, the first service request includes the first routing information and the identification information of the terminal device.

在一种可能的实现方式中，所述初始AMF向目标AMF发送第一路由信息包括：In a possible implementation manner, the initial AMF sending the first routing information to the target AMF includes:

在满足以下条件中的任意一种或多种条件的情况下，所述初始AMF向目标AMF发送第一路由信息；When any one or more of the following conditions are met, the initial AMF sends first routing information to the target AMF;

所述初始AMF和所述终端设备进行了NAS消息的安全交互；The initial AMF and the terminal device perform a secure interaction of NAS messages;

所述初始AMF和所述终端设备成功地进行了NAS安全模式控制流程；The initial AMF and the terminal device have successfully performed the NAS security mode control process;

所述初始AMF和所述终端设备成功地进行了NAS SMC；The initial AMF and the terminal device successfully performed NAS SMC;

所述初始AMF和所述终端设备建立了新的NAS安全上下文；The initial AMF and the terminal device establish a new NAS security context;

所述初始AMF和所述终端设备成功地进行了主认证；The initial AMF and the terminal device have successfully performed the master authentication;

所述初始AMF和所述终端设备激活了NAS安全；The initial AMF and the terminal device activate NAS security;

所述初始AMF接收到水平K _AMF推衍指示； The initial AMF receives a horizontal K _AMF derivation instruction;

所述初始AMF选择了新的安全算法。The initial AMF selects a new security algorithm.

第二方面，本申请实施例提供一种注册方法，包括：In the second aspect, an embodiment of the present application provides a registration method, including:

在初始接入管理功能AMF确定通过接入网设备进行非接入层NAS重定向的情况下，目标接入管理功能AMF接收第一路由信息，所述第一路由信息用于指示所述目标AMF从所述初始AMF中获取终端设备的相关信息；In the case that the initial access management function AMF determines to perform non-access stratum NAS redirection through the access network device, the target access management function AMF receives first routing information, and the first routing information is used to indicate the target AMF Acquiring relevant information of the terminal device from the initial AMF;

所述目标AMF发送第一服务请求，所述第一服务请求用于请求所述终端设备的相关信息；The target AMF sends a first service request, and the first service request is used to request related information of the terminal device;

所述目标AMF接收所述第一服务请求的响应，所述第一服务请求的响应中包括所述终端设备的相关信息。The target AMF receives a response to the first service request, and the response to the first service request includes related information of the terminal device.

第三方面，本申请实施例提供一种注册方法，包括：In the third aspect, an embodiment of the application provides a registration method, including:

初始接入管理功能AMF确定通过接入网设备进行非接入层NAS重定向；The initial access management function AMF determines the non-access layer NAS redirection through the access network equipment;

所述初始AMF向通信代理功能发送第一信息，所述第一信息中包括终端设备的相关信息；The initial AMF sends first information to the communication agent function, and the first information includes relevant information of the terminal device;

所述初始AMF向目标AMF发送第二路由信息，所述第二路由信息用于指示所述目标AMF从通信代理功能中获取所述终端设备的相关信息。The initial AMF sends second routing information to the target AMF, where the second routing information is used to instruct the target AMF to obtain the relevant information of the terminal device from the communication proxy function.

第四方面，本申请实施例提供一种注册方法，包括：In a fourth aspect, an embodiment of the present application provides a registration method, including:

在初始接入管理功能AMF确定通过接入网设备进行非接入层NAS重定向的情况下，目标AMF接收第二路由信息；In the case where the initial access management function AMF determines to perform non-access layer NAS redirection through the access network device, the target AMF receives the second routing information;

所述目标AMF根据所述第二路由信息向通信代理功能发送第二服务请求，所述第二服务请求用于请求所述终端设备的相关信息，且所述通信代理功能中存储有所述终端设备的相关信息；The target AMF sends a second service request to the communication proxy function according to the second routing information, the second service request is used to request related information of the terminal device, and the communication proxy function stores the terminal Information about the equipment;

所述AMF接收所述通信代理功能发送的第二服务请求的响应，所述第二服务请求的响应中包括所述终端设备的相关信息。The AMF receives a response to a second service request sent by the communication proxy function, and the response to the second service request includes related information of the terminal device.

第五方面，本申请实施例提供一种注册方法，包括：In the fifth aspect, an embodiment of the present application provides a registration method, including:

初始接入管理功能AMF确定通过接入网设备进行非接入层NAS重定向；The initial access management function AMF determines the non-access layer NAS redirection through the access network equipment;

所述初始AMF向通信代理功能发送第二信息，所述第二信息中包括终端设备的相关信 息和第三路由信息，所述第三路由信息包括目标AMF的路由信息，且所述第二信息用于指示所述通信代理功能向目标AMF发送所述终端设备的相关信息。The initial AMF sends second information to the communication proxy function, the second information includes related information of the terminal device and third routing information, the third routing information includes routing information of the target AMF, and the second information It is used to instruct the communication agent function to send the relevant information of the terminal device to the target AMF.

第六方面，本申请实施例提供一种注册方法，包括：In a sixth aspect, an embodiment of the present application provides a registration method, including:

在初始接入管理功能AMF确定通过接入网设备进行非接入层NAS重定向的情况下；目标接入管理功能AMF接收通信代理功能发送的第二信息，所述第二信息中包括终端设备的相关信息和第三路由信息，所述第三路由信息包括目标AMF的路由信息，且所述第二信息用于指示所述通信代理功能向目标AMF发送所述终端设备的相关信息。In the case where the initial access management function AMF determines to perform non-access stratum NAS redirection through the access network device; the target access management function AMF receives the second information sent by the communication proxy function, and the second information includes the terminal device The third routing information includes the routing information of the target AMF, and the second information is used to instruct the communication proxy function to send the related information of the terminal device to the target AMF.

第七方面，本申请实施例提供一种用于注册的装置，包括处理器和收发器，所述处理器与所述收发器耦合，所述处理器用于执行如第一方面至第六方面任意一项所述的相应的方法，所述收发器用于执行如第一方面至第六方面任意一项所述的相应的方法。In a seventh aspect, an embodiment of the present application provides an apparatus for registration, including a processor and a transceiver, the processor is coupled to the transceiver, and the processor is configured to execute any of the first to sixth aspects. According to the corresponding method described in one item, the transceiver is used to execute the corresponding method described in any one of the first aspect to the sixth aspect.

第八方面，本申请实施例提供一种用于注册的装置，包括处理器、存储器和收发器，所述存储器用于存储计算机执行指令，所述处理器用于执行所述存储器存储的计算机执行指令，以使得所述装置执行如第一方面至第六方面任一项所述的相应的方法。In an eighth aspect, an embodiment of the present application provides an apparatus for registration, including a processor, a memory, and a transceiver. The memory is used to store computer-executable instructions, and the processor is used to execute the computer-executable instructions stored in the memory. , So that the device executes the corresponding method according to any one of the first aspect to the sixth aspect.

第九方面，本申请实施例提供一种计算机可读存储介质，所述计算机可读存储介质用于存储指令，当所述指令被执行时，使如第一方面至第六方面任一项所述的方法被实现。In a ninth aspect, an embodiment of the present application provides a computer-readable storage medium, which is used to store instructions. When the instructions are executed, they are as described in any one of the first aspect to the sixth aspect. The described method is implemented.

第十方面，本申请实施例提供一种计算机程序产品，所述计算机程序产品包括指令，当所述指令被执行时，使如第一方面至第六方面任一项所述的方法被实现。In a tenth aspect, an embodiment of the present application provides a computer program product, the computer program product includes instructions, and when the instructions are executed, the method according to any one of the first aspect to the sixth aspect is realized.

附图说明Description of the drawings

图1是本申请实施例提供的一种网络架构示意图；FIG. 1 is a schematic diagram of a network architecture provided by an embodiment of the present application;

图2是本申请实施例提供的一种注册方法的流程示意图；FIG. 2 is a schematic flowchart of a registration method provided by an embodiment of the present application;

图3是本申请实施例提供的一种注册方法的流程示意图；FIG. 3 is a schematic flowchart of a registration method provided by an embodiment of the present application;

图4是本申请实施例提供的一种注册方法的流程示意图；FIG. 4 is a schematic flowchart of a registration method provided by an embodiment of the present application;

图5是本申请实施例提供的一种注册方法的流程示意图；FIG. 5 is a schematic flowchart of a registration method provided by an embodiment of the present application;

图6是本申请实施例提供的一种注册方法的流程示意图；FIG. 6 is a schematic flowchart of a registration method provided by an embodiment of the present application;

图7是本申请实施例提供的一种注册方法的流程示意图；FIG. 7 is a schematic flowchart of a registration method provided by an embodiment of the present application;

图8是本申请实施例提供的一种用于注册的装置的结构示意图。FIG. 8 is a schematic structural diagram of an apparatus for registration provided by an embodiment of the present application.

具体实施方式Detailed ways

本申请的说明书和权利要求书及所述附图中的术语“第一”、“第二”、“第三”和“第四”等是用于区别不同对象，而不是用于描述特定顺序。此外，术语“包括”和“具有”以及它们任何变形，意图在于覆盖不排他的包含。例如包含了一系列步骤或单元的过程、方法、***、产品或设备没有限定于已列出的步骤或单元，而是可选地还包括没有列出的步骤或单元，或可选地还包括对于这些过程、方法、产品或设备固有的其它步骤或单元。The terms "first", "second", "third" and "fourth" in the specification and claims of the application and the drawings are used to distinguish different objects, rather than describing a specific order . In addition, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusions. For example, a process, method, system, product, or device that includes a series of steps or units is not limited to the listed steps or units, but optionally includes unlisted steps or units, or optionally also includes Other steps or units inherent in these processes, methods, products or equipment.

在本文中提及“实施例”意味着，结合实施例描述的特定特征、结构或特性可以包含在本申请的至少一个实施例中。在说明书中的各个位置出现该短语并不一定均是指相同的实施例，也不是与其它实施例互斥的独立的或备选的实施例。本领域技术人员显式地和隐式地理解的是，本文所描述的实施例可以与其它实施例相结合。Reference to "embodiments" herein means that a specific feature, structure, or characteristic described in conjunction with the embodiments may be included in at least one embodiment of the present application. The appearance of the phrase in various places in the specification does not necessarily refer to the same embodiment, nor is it an independent or alternative embodiment mutually exclusive with other embodiments. Those skilled in the art clearly and implicitly understand that the embodiments described herein can be combined with other embodiments.

“多个”是指两个或两个以上。“和/或”，描述关联对象的关联关系，表示可以存在三种关系，例如，A和/或B，可以表示：单独存在A，同时存在A和B，单独存在B这三种情况。 字符“/”一般表示前后关联对象是一种“或”的关系。"Multiple" means two or more. "And/or" describes the association relationship of the associated objects, indicating that there can be three types of relationships, for example, A and/or B, which can mean: A alone exists, A and B exist at the same time, and B exists alone. The character "/" generally indicates that the associated objects before and after are in an "or" relationship.

本申请提供的注册方法可以应用于各类通信***中，例如长期演进(long term evolution，LTE)***，也可以是第五代(5G)通信***，还可以是LTE与5G混合架构***、也可以是5G新无线(new radio，NR)***，以及未来通信发展中出现的新的通信***，如6G***等。The registration method provided in this application can be applied to various communication systems, such as long-term evolution (LTE) systems, fifth-generation (5G) communication systems, LTE and 5G hybrid architecture systems, or It can be a 5G new radio (NR) system, and a new communication system that will appear in the future communication development, such as a 6G system.

以下将以图1为例介绍本申请实施例所涉及的术语。The following will take FIG. 1 as an example to introduce the terms involved in the embodiments of the present application.

图1是本申请实施例提供的一种网络架构示意图，图1中所涉及的各个部分如下所示：Fig. 1 is a schematic diagram of a network architecture provided by an embodiment of the present application. The various parts involved in Fig. 1 are as follows:

终端设备110，也可称为用户设备(user equipment，UE)、终端等。终端设备是一种具有无线收发功能的设备，可以经(无线)接入网络((radio)access network，(R)AN)120中的接入网设备与一个或多个核心网(core network，CN)进行通信。可以部署在陆地上，包括室内或室外、手持、穿戴或车载；也可以部署在水面上，如轮船上等；还可以部署在空中，例如部署在飞机、气球或卫星上等。终端设备可以是手机(mobile phone)、平板电脑(Pad)、带无线收发功能的电脑、虚拟现实(virtual reality，VR)终端设备、增强现实(augmented reality，AR)终端设备、工业控制(industrial control)中的无线终端、无人驾驶(self driving)中的无线终端、远程医疗(remote medical)中的无线终端、智能电网(smart grid)中的无线终端、运输安全(transportation safety)中的无线终端、智慧城市(smart city)中的无线终端、智慧家庭(smart home)中的无线终端等等。The terminal device 110 may also be referred to as user equipment (UE), terminal, and so on. A terminal device is a device with a wireless transceiver function. It can be connected to one or more core networks (core networks) via the (radio) access network ((radio) access network, (R) AN) 120 access network equipment, CN) to communicate. It can be deployed on land, including indoor or outdoor, handheld, wearable, or vehicle-mounted; it can also be deployed on the water, such as on a ship, and it can also be deployed in the air, such as on an airplane, balloon, or satellite. Terminal devices can be mobile phones, tablets, computers with wireless transceiver functions, virtual reality (VR) terminal devices, augmented reality (AR) terminal devices, industrial control (industrial control) Wireless terminals in ), wireless terminals in self-driving, wireless terminals in remote medical, wireless terminals in smart grid, and wireless terminals in transportation safety , Wireless terminals in smart cities, wireless terminals in smart homes, etc.

(无线)接入网络((radio)access network，(R)AN)120，用于为特定区域的授权用户设备提供入网功能，并能够根据用户设备的级别，业务的需求等使用不同质量的传输隧道。如(R)AN可管理无线资源，为用户设备提供接入服务，进而完成控制信息和/或数据信息在用户设备和核心网(core network，CN)之间的转发。本申请实施例中的接入网设备是一种为终端设备提供无线通信功能的设备，也可称为网络设备。如该接入网设备可以包括：5G***中的下一代基站节点(next generation node basestation，gNB)、长期演进(long term evolution，LTE)中的演进型节点B(evolved node B，eNB)、无线网络控制器(radio network controller，RNC)、节点B(node B，NB)、基站控制器(base station controller，BSC)、基站收发台(base transceiver station，BTS)、家庭基站(例如，home evolved nodeB，或home node B，HNB)、基带单元(base band unit，BBU)、传输点(transmitting and receiving point，TRP)、发射点(transmitting point，TP)、小基站设备(pico)、移动交换中心，或者未来网络中的网络设备等。可理解，本申请实施例对接入网设备的具体类型不作限定。在不同无线接入技术的***中，具备接入网设备功能的设备的名称可能会有所不同。(Radio) access network ((radio) access network, (R) AN) 120, used to provide network access functions for authorized user equipment in a specific area, and can use different quality transmissions according to the level of user equipment, service requirements, etc. tunnel. For example, the (R)AN can manage radio resources, provide access services for user equipment, and complete the forwarding of control information and/or data information between the user equipment and the core network (CN). The access network device in the embodiment of the present application is a device that provides a wireless communication function for terminal devices, and may also be referred to as a network device. For example, the access network equipment may include: next generation node base station (gNB) in 5G system, evolved node B (evolved node B, eNB) in long term evolution (LTE), wireless Network controller (radio network controller, RNC), node B (node B, NB), base station controller (BSC), base transceiver station (BTS), home base station (for example, home evolved nodeB) , Or home node B (HNB), base band unit (BBU), transmission point (transmitting and receiving point, TRP), transmission point (TP), small base station equipment (pico), mobile switching center, Or network equipment in the future network. It can be understood that the embodiment of the present application does not limit the specific type of the access network device. In systems with different wireless access technologies, the names of devices with access network device functions may be different.

用户面功能(user plane function，UPF)网络功能130，用于分组路由和转发以及用户面数据的服务质量(quality of service，QoS)处理等。The user plane function (UPF) network function 130 is used for packet routing and forwarding, quality of service (QoS) processing of user plane data, and so on.

数据网络(data network，DN)网络功能140，用于提供传输数据的网络。The data network (DN) network function 140 is used to provide a data transmission network.

接入管理功能(access and mobility management function，AMF)网络功能150，主要用于移动性管理和接入管理等，可以用于实现移动性管理实体(mobility management entity，MME)功能中除会话管理之外的其它功能，例如，合法监听以及接入授权/鉴权等功能。可理解，以下简称AMF网络功能为AMF。本申请实施例中，AMF可包括初始AMF(initialAMF)，原AMF(oldAMF)和目标AMF(targetAMF)。例如，该初始AMF可理解为该次注册中第一个处理UE注册请求的AMF，该初始AMF由(R)AN选择，但是该初始AMF不一定能为该UE服务，原AMF可理解为UE上一次注册到网络时服务UE的AMF，目标AMF可理解为 UE重新注册后，为该UE服务的AMF。Access and mobility management function (AMF) network function 150, mainly used for mobility management and access management, etc., can be used to implement mobility management entity (mobility management entity, MME) functions except session management Other functions, such as lawful interception and access authorization/authentication functions. It can be understood that the AMF network function is hereinafter referred to as AMF for short. In the embodiment of the present application, AMF may include initial AMF (initialAMF), original AMF (oldAMF) and target AMF (targetAMF). For example, the initial AMF can be understood as the first AMF to process the UE registration request in this registration. The initial AMF is selected by the (R)AN, but the initial AMF may not necessarily serve the UE. The original AMF can be understood as the UE The AMF that served the UE during the last registration to the network, the target AMF can be understood as the AMF that served the UE after the UE re-registered.

会话管理功能(session management function，SMF)160，主要用于会话管理、用户设备的网络互连协议(internet protocol，IP)地址分配和管理、选择可管理用户平面功能、策略控制和收费功能接口的终结点以及下行数据通知等。The session management function (SMF) 160 is mainly used for session management, network interconnection protocol (IP) address allocation and management of user equipment, selection of manageable user plane functions, policy control and charging function interfaces End point and downlink data notification, etc.

策略控制网络功能170，如策略控制功能(policy control function，PCF)，用于指导网络行为的统一策略框架，为控制面功能(例如AMF，SMF网络功能等)提供策略规则信息等。The policy control network function 170, such as a policy control function (PCF), is a unified policy framework used to guide network behavior, and provides policy rule information for control plane functions (such as AMF, SMF network functions, etc.).

认证服务器功能(authentication server function，AUSF)180，用于鉴权服务、产生密钥实现对用户设备的双向鉴权，支持统一的鉴权框架。The authentication server function (authentication server function, AUSF) 180 is used for authentication services, generating keys to realize two-way authentication of user equipment, and supporting a unified authentication framework.

统一数据管理(unified data management，UDM)网络功能190，可用于处理用户设备标识，接入鉴权，注册以及移动性管理等。可理解，以下简称UDM网络功能为UDM。The unified data management (UDM) network function 190 can be used to process user equipment identification, access authentication, registration, and mobility management. It can be understood that the UDM network function is hereinafter referred to as UDM for short.

应用功能(application function，AF)1100，用于进行应用影响的数据路由，接入网络开放功能，与策略框架交互进行策略控制等。The application function (AF) 1100 is used for data routing affected by applications, access to network opening functions, and interaction with the policy framework for policy control.

网络切片选择功能(network slice selection function，NSSF)，可用于确定网络切片实例，选择AMF网络功能等等。The network slice selection function (network slice selection function, NSSF) can be used to determine network slice instances, select AMF network functions, and so on.

网络存储网络功能，如包括网络注册功能(network repository function，NRF)，可用于维护网络中所有网络功能服务的实时信息。Network storage network functions, such as network repository function (NRF), can be used to maintain real-time information of all network functions and services in the network.

通信代理功能：是与公共陆地移动网络(public land mobile network，PLMN)中的所有AMFs都可以进行通信的网络功能或网络实体。具体的，通信代理功能，可以是5G标准中定义的网络功能中能够与PLMN中的所有AMFs都可以通信的网络功能，比如服务通信代理(service communication proxy，SCP或者SeCoP)、NSSF、NRF、UDSF、UDR、AUSF、UDM等，也可以是一个新增的网络功能或网络实体等等，本申请实施例对于该通信代理功能不作限定。为方便说明，本申请实施例中以SCP为例来说明本申请实施例提供的注册方法，SCP可用于提供间接通信、代理发现、消息寻址和发送到目标网络功能/网络服务、通信安全等功能。Communication agent function: It is a network function or network entity that can communicate with all AMFs in the public land mobile network (PLMN). Specifically, the communication proxy function can be a network function that can communicate with all AMFs in the PLMN among the network functions defined in the 5G standard, such as service communication proxy (SCP or SeCoP), NSSF, NRF, UDSF , UDR, AUSF, UDM, etc., may also be a newly-added network function or network entity, etc. The embodiment of the present application does not limit the communication agent function. For the convenience of description, SCP is taken as an example to illustrate the registration method provided in the embodiments of this application. SCP can be used to provide indirect communication, proxy discovery, message addressing and sending to target network functions/network services, communication security, etc. Features.

本申请实施例中的移动性管理网络功能可以是图1所示的AMF网络功能150，也可以是未来通信***中的具有上述AMF网络功能150的其他网络功能。或者，本申请中的移动性管理网络功能还可以是长期演进(long term evolution，LTE)中的移动性管理实体(mobility management entity，MME)等。The mobility management network function in the embodiment of the present application may be the AMF network function 150 shown in FIG. 1, or may be other network functions having the aforementioned AMF network function 150 in the future communication system. Alternatively, the mobility management network function in this application may also be a mobility management entity (MME) in long term evolution (LTE), etc.

为方便说明，本申请实施例中以移动性管理网络功能为AMF网络功能150为例进行说明。进一步地，将AMF网络功能150简称为AMF，将终端设备110称为UE，即本申请实施例中后文所描述的AMF均可替换为移动性管理网络功能，UE均可替换为终端设备。For convenience of description, in the embodiments of the present application, the mobility management network function is the AMF network function 150 as an example for description. Further, the AMF network function 150 is referred to as AMF for short, and the terminal device 110 is referred to as the UE. That is, the AMF described later in the embodiments of the present application can be replaced with a mobility management network function, and the UE can be replaced with a terminal device.

图1中示出的网络架构(例如5G网络架构)采用基于服务的架构，传统网元功能(或网络功能)基于网络功能虚拟化(network function virtualization，NFV)技术拆分成若干个自包含、自管理、可重用的网络功能服务模块，通过灵活定义服务模块集合，可以实现定制化的网络功能重构，对外通过统一的服务调用接口组成业务流程。图1中示出的网络架构示意图可以理解为一种非漫游场景下基于服务的5G网络架构示意图。对于漫游场景，本申请实施例同样适用。The network architecture shown in Figure 1 (such as the 5G network architecture) adopts a service-based architecture. The traditional network element functions (or network functions) are split into several self-contained, self-contained, network functions based on network function virtualization (NFV) technology. Self-management and reusable network function service modules can realize customized network function reconstruction through flexible definition of service module collections, and form business processes through a unified service call interface externally. The schematic diagram of the network architecture shown in FIG. 1 can be understood as a schematic diagram of a service-based 5G network architecture in a non-roaming scenario. For roaming scenarios, the embodiments of this application are also applicable.

可理解，以上说介绍的术语在不同的领域或不同的标准中，可能有不同的名称，因此不应将以上所示的名称理解为对本申请实施例的限定。上述网络功能或者功能既可以是硬件设备中的网络元件，也可以是在专用硬件上运行软件功能，或者是平台(例如，云平台)上实 例化的虚拟化功能。It is understandable that the terms introduced above may have different names in different fields or different standards. Therefore, the names shown above should not be construed as limiting the embodiments of the present application. The aforementioned network function or function can be either a network element in a hardware device, a software function running on dedicated hardware, or a virtualized function instantiated on a platform (for example, a cloud platform).

图2是本申请实施例提供的一种注册方法的流程示意图，该注册方法可应用于图1所示的网络架构，如图2所示，该注册方法包括：Fig. 2 is a schematic flowchart of a registration method provided by an embodiment of the present application. The registration method can be applied to the network architecture shown in Fig. 1. As shown in Fig. 2, the registration method includes:

201、UE向初始AMF(initial AMF)发送注册请求(registration request，RR)消息，该RR消息中包括用户隐藏标识符(subscriber concealed identifier，SUCI)，或者5G全球唯一临时终端设备标识(5th generation globally unique temporary user equipment identity，5G-GUTI)。以及初始AMF接收该RR消息。201. The UE sends a registration request (RR) message to the initial AMF (initial AMF). The RR message includes a subscriber concealed identifier (SUCI) or a 5G global unique temporary terminal device identifier (5th generation globally). unique temporary user equipment identity, 5G-GUTI). And the initial AMF receives the RR message.

例如，UE中没有非接入层(nonaccess stratum，NAS)安全上下文，则RR消息中包括SUCI和明文的IEs。该明文IEs中不包括UE请求的网络切片选择辅助信息(requested network slice selection assitance information，requested NSSAI)。For example, if there is no non-access stratum (NAS) security context in the UE, the RR message includes SUCI and plaintext IEs. The plaintext IEs do not include the network slice selection assistance information (requested network slice selection assistance information, requested NSSAI) requested by the UE.

又例如，UE中有NAS安全上下文，则RR消息中可包括5G-GUTI、明文的IEs和NAS容器(NAS container)。该NAS container中是加密的完整的RR消息，且该NAS container中包括requested NSSAI。UE对该RR消息进行完整性保护。For another example, if there is a NAS security context in the UE, the RR message may include 5G-GUTI, plaintext IEs, and NAS container. The NAS container contains the encrypted complete RR message, and the NAS container includes the requested NSSAI. The UE performs integrity protection on the RR message.

应理解，该NAS安全上下文为UE上一次注册到网络时，和原AMF之间建立的NAS安全上下文。It should be understood that the NAS security context is the NAS security context established between the UE and the original AMF when the UE registered to the network last time.

可理解，在RR消息中包括5G-GUTI时，该注册方法还包括202和203所示的操作；在RR消息中包括SUCI时，该注册方法不包括202和203所示的操作。It is understandable that when the RR message includes 5G-GUTI, the registration method also includes the operations shown in 202 and 203; when the RR message includes SUCI, the registration method does not include the operations shown in 202 and 203.

202、初始AMF调用或请求原AMF(old AMF)提供的第一服务操作(如称为Namf_Communication_UEContextTransfer服务操作)，该Namf_Communication_UEContextTransfer服务操作可用于请求UE上下文。该Namf_Communication_UEContextTransfer中包括初始AMF接收到的RR消息。202. The initial AMF calls or requests the first service operation provided by the original AMF (old AMF) (for example, the Namf_Communication_UEContextTransfer service operation), and the Namf_Communication_UEContextTransfer service operation can be used to request the UE context. The Namf_Communication_UEContextTransfer includes the RR message received by the initial AMF.

应理解，本申请实施例中所涉及的UE向初始AMF发送RR消息，表示的是UE向(R)AN发送RR消息，(R)AN再将RR消息发送给初始AMF，由于在该步骤中(R)AN起到透传的作用，为了描述的简洁在本申请实施例中和/或附图中可直接描述为UE向初始AMF发送RR消息。It should be understood that the UE involved in the embodiment of this application sends an RR message to the initial AMF, which means that the UE sends an RR message to the (R)AN, and the (R)AN sends the RR message to the initial AMF. The (R) AN plays a role of transparent transmission. For brevity of description, it can be directly described as the UE sending an RR message to the initial AMF in the embodiments of this application and/or in the drawings.

本申请实施例中，调用某个网络功能提供的某个服务操作，也可以理解为请求该网络功能提供的该某个服务操作。接收到该某个服务操作的调用，也可以理解为接收到该某个服务操作的请求。In the embodiment of the present application, invoking a certain service operation provided by a certain network function can also be understood as requesting the certain service operation provided by the network function. Receiving the call of the certain service operation can also be understood as receiving the request of the certain service operation.

203、原AMF接收用于请求UE上下文的服务操作的调用或请求，验证接收到的该服务操作请求中包括的RR消息的完整性。原AMF在验证该RR消息完整性成功的情况下，向初始AMF发送Namf_Communication_UEContextTransfer Response(如称为第一服务操作的响应)，该响应中携带UE上下文，包括UE安全上下文。203. The original AMF receives the call or request for requesting the service operation of the UE context, and verifies the integrity of the RR message included in the received service operation request. When the original AMF successfully verifies the integrity of the RR message, it sends Namf_Communication_UEContextTransfer Response (for example, the response of the first service operation) to the initial AMF, and the response carries the UE context, including the UE security context.

可选的，UE安全上下文包括以下任意一项或多项：Optionally, the UE security context includes any one or more of the following:

AMF密钥(K _AMF)，5G中的密钥集标识符(ngKSI)； AMF key (K _AMF ), the key set identifier (ngKSI) in 5G;

下行NAS计数(downlink NAS count)和上行NAS计数(uplink NAS count)；Downlink NAS count (downlink NAS count) and uplink NAS count (uplink NAS count);

安全算法；该安全算法包括完整性保护算法和加密算法，为原AMF选择的、和UE之间使用的完整性保护算法和加密算法；Security algorithm: The security algorithm includes integrity protection algorithm and encryption algorithm, the integrity protection algorithm and encryption algorithm used between the original AMF and the UE;

UE安全能力(UE security capabilities)，即UE上实现的加密算法的和完整性保护算法的标识符集；UE security capabilities (UE security capabilities), that is, the identifier set of the encryption algorithm and the integrity protection algorithm implemented on the UE;

水平K _AMF推衍指示(KeyAMFHDerivationInd指示)；该KeyAMFHDerivationInd指示用 于指示K _AMF是经过水平K _AMF推衍而生成的。 Horizontal K _AMF derivation indication (KeyAMFHDerivationInd indication); the KeyAMFHDerivationInd indication is used to indicate that K _AMF is derived from horizontal K _AMF.

应理解，在本申请中，原AMF应根据本地策略确定是否进行水平K _AMF推衍。如果原AMF根据本地策略不进行水平K _AMF推衍，则原AMF应在Namf_Communication_UEContextTransfer Response中UE和原AMF之间使用的K _AMF。在本申请中，将UE和原AMF之间使用的该K _AMF称之为旧的K _AMF。如果原AMF根据本地策略进行水平K _AMF推衍，则原AMF使用旧的K _AMF作为输入密钥，将NAS计数(NAS Count)等参数作为输入参数，生成新的K _AMF，在本申请中将新的密钥称之为水平推衍的K _AMF。原AMF应在Namf_Communication_UEContextTransfer Response中包括水平推衍的K _AMF和KeyAMFHDerivationInd指示。 It should be understood that in this application, the original AMF should determine whether to perform horizontal K _AMF derivation according to local strategies. If the original level K _AMF AMF without derivation according to local policy, the original K _AMF AMF should be used between the UE and the original Namf_Communication_UEContextTransfer Response AMF. _{In this application, the K AMF} used between the UE and the original AMF is referred to as the old K _AMF . If the original horizontal AMF _AMF derivation K according to the local policy, then the original _AMF AMF uses as input the old key K, the count NAS (NAS the Count) and other parameters as input parameters to generate a new K _AMF, in the present application The new key is called horizontally derived K _AMF . The original AMF shall include the horizontally derived K _AMF and KeyAMFHDerivationInd indications in the Namf_Communication_UEContextTransfer Response.

204、初始AMF发起主认证primary authentication流程。204. The initial AMF initiates a primary authentication process.

例如，RR消息中包括SUCI，则初始AMF发起主认证，以进行认证和密钥协商。For example, if the RR message includes SUCI, the initial AMF initiates the master authentication for authentication and key negotiation.

又例如，RR消息中包括5G-GUTI，且初始AMF从原AMF处获取UE上下文失败，则初始AMF发起主认证。又例如，RR消息中包括5G-GUTI，并且初始AMF获取UE上下文成功，则初始AMF可根据本地策略来确定是否进行主认证。For another example, if the RR message includes 5G-GUTI, and the initial AMF fails to obtain the UE context from the original AMF, the initial AMF initiates the primary authentication. For another example, if the RR message includes 5G-GUTI, and the initial AMF successfully obtains the UE context, the initial AMF can determine whether to perform the primary authentication according to the local policy.

205、初始AMF发送非接入层安全模式命令(nonaccessstratumsecuritymodecommand,NAS SMC)消息给UE，该NAS SMC消息可用于建立UE和初始AMF之间的NAS安全上下文，且该NAS SMC消息有完整性保护。205. The initial AMF sends a non-access stratum security mode command (NAS SMC) message to the UE. The NAS SMC message can be used to establish a NAS security context between the UE and the initial AMF, and the NAS SMC message has integrity protection.

可选的，该初始AMF发送NAS SMC消息的情况包括：Optionally, the situation where the initial AMF sends the NAS SMC message includes:

a)初始AMF从原AMF处接收到旧的K _AMF，并且初始AMF根据本地策略决定使用该接收到的旧的K _AMF，但是确定不使用接收到的安全算法，而是选择与接收到的安全算法不同的安全算法； a) Initial AMF received from the primary to the old K AMF _AMF, AMF and the initial use of the old K _AMF received according to the local policy decision, it determines the received security algorithm is not used, and instead select the received security Different security algorithms;

b)、初始AMF从原AMF处接收到水平推衍的K _AMF和KeyAMFHDerivationInd指示，并且初始AMF根据本地策略决定使用从原AMF处接收到的水平推衍的K _AMF； b) The initial AMF receives the horizontally derived K _AMF and KeyAMFHDerivationInd indications from the original AMF, and the initial AMF decides to use the horizontally derived K _AMF received from the original AMF according to the local policy;

c)、初始AMF和UE进行了主认证。c) The initial AMF and UE have performed the master authentication.

可选的，该NAS SMC消息中可包括用于指示UE发送完整的初始NAS消息的指示信息。Optionally, the NAS SMC message may include indication information for instructing the UE to send a complete initial NAS message.

在初始AMF从原AMF处接收到水平K _AMF推衍指示(keyAmfHDerivationInd指示)的情况下，初始AMF可在NAS SMC消息中包括值设置为1的K_AMF_change_flag指示，即该NAS SMC消息中可包括值设置为1的K_AMF_change_flag指示。 In the case that the initial AMF receives the horizontal K _AMF derivation indication (keyAmfHDerivationInd indication) from the original AMF, the initial AMF may include the K_AMF_change_flag indication with the value set to 1 in the NAS SMC message, that is, the NAS SMC message may include the value setting A K_AMF_change_flag indication of 1.

206、UE接收NAS SMC消息，验证该NAS SMC消息的完整性。且在验证成功的情况下，向初始AMF发送非接入层安全模式完成(non access stratum security mode complete，NAS SMP)消息。初始AMF接收该NAS SMP消息。206. The UE receives the NAS SMC message, and verifies the integrity of the NAS SMC message. And in the case of successful verification, a non-access stratum security mode complete (NAS SMP) message is sent to the initial AMF. The initial AMF receives the NAS SMP message.

若UE在NAS SMC消息中接收到值为1的K_AMF_change_flag，则UE先进行水平KAMF推衍，生成水平推衍的K _AMF和NAS加密密钥和NAS完整性保护密钥，称之为NAS keys。然后UE使用生成的NAS完整性保护密钥对NAS SMC的完整性进行验证。 If the UE receives a K_AMF_change_flag with a value of 1 in the NAS SMC message, the UE first performs horizontal KAMF derivation to generate horizontally derived K _AMF and NAS encryption keys and NAS integrity protection keys, which are called NAS keys. Then the UE uses the generated NAS integrity protection key to verify the integrity of the NAS SMC.

若UE在NAS SMC消息中接收到指示UE发送完整的初始NAS消息的指示信息，则UE在NAS SMP消息中携带完整的初始NAS消息(即RR消息)，完整的RR消息中包括requested NSSAI。If the UE receives the indication information in the NAS SMC message that instructs the UE to send a complete initial NAS message, the UE carries the complete initial NAS message (ie RR message) in the NAS SMP message, and the complete RR message includes the requested NSSAI.

UE和初始AMF成功地完成NAS安全模式控制流程(即包括205和206)后，UE和初始AMF之间建立了一个NAS安全上下文，本申请中称为新的NAS安全上下文。该新的NAS安全上下文，与UE和原AMF之间建立的NAS安全上下文(本申请中称为旧的NAS安全上 下文)不相同。After the UE and the initial AMF successfully complete the NAS security mode control process (that is, including 205 and 206), a NAS security context is established between the UE and the initial AMF, which is referred to as a new NAS security context in this application. The new NAS security context is different from the NAS security context established between the UE and the original AMF (referred to as the old NAS security context in this application).

207、在初始AMF需要根据UE的订阅信息来确定是否进行NAS重定向(NAS reroute)，并且原AMF没有提供UE的网络切片选择订阅信息的情况下，初始AMF调用UDM提供的第二服务操作(如称之为Numd_SDM_Get服务操作)，用于请求UE的网络切片选择订阅数据。UDM发送第二服务操作的响应(如称为Numd_SDM_Get Response)，响应初始AMF的第二服务操作(如称之为Numd_SDM_Get服务操作)的调用。207. When the initial AMF needs to determine whether to perform NAS reroute according to the subscription information of the UE, and the original AMF does not provide the UE's network slice selection subscription information, the initial AMF invokes the second service operation provided by the UDM ( For example, it is called Numd_SDM_Get service operation), which is used to request the network slice of the UE to select subscription data. The UDM sends the response of the second service operation (for example, called Numd_SDM_Get Response), and responds to the call of the second service operation of the initial AMF (for example, called the Numd_SDM_Get service operation).

应理解，在本申请中，NAS重定向、AMF重定向、和NAS重转、NAS reroute表示相同的流程，可交互使用。It should be understood that in this application, NAS redirection, AMF redirection, and NAS retransmission and NAS reroute represent the same process and can be used interchangeably.

208、在初始AMF不能服务requested NSSAI中某些或者全部S-NSSAI(s)的情况下，初始AMF调用NSSF提供的第三服务操作，(如称为Nnssf_NSSelection_Get服务操作)。NSSF返回响应第三服务操作的响应(如称为Nnssf_NSSelection_Get Response)，并在该响应中携带可服务requestedNSSAI的AMF集(AMF set)或者AMF的地址列表。208. In the case that the initial AMF cannot service some or all of the S-NSSAI(s) in the requested NSSAI, the initial AMF invokes the third service operation provided by the NSSF (for example, it is called the Nnssf_NSSelection_Get service operation). The NSSF returns a response in response to the third service operation (for example, called Nnssf_NSSelection_Get Response), and carries the AMF set (AMF set) or AMF address list that can serve the requested NSSAI in the response.

209、初始AMF确定进行NAS重定向(或称之为NAS reroute)。初始AMF调用原AMF的第四服务操作(如称为Namf_Communication_RegistrationStatusUpdate服务操作)，用于通知原AMF，UE在初始AMF处的注册失败。原AMF应当作从未接收到初始AMF在第2步中发送的用于请求UE上下文的服务操作的调用或请求。209. The initial AMF determines to perform NAS redirection (or NAS reroute). The initial AMF calls the fourth service operation of the original AMF (for example, called Namf_Communication_RegistrationStatusUpdate service operation) to notify the original AMF that the UE registration at the initial AMF fails. The original AMF should make a call or request for the service operation requesting UE context sent in step 2 from the original AMF that has never been received.

210、在初始AMF确定进行NAS重定向，且初始AMF没有目标AMF的地址的情况下，初始AMF调用NRF的第五服务操作(如称为Nnrf_NFDiscovery_Request服务操作)，该Nnrf_NFDiscovery_Request服务操作用于获取目标AMF的地址。该NRF发送该第五服务操作的响应，其中包括目标AMF的地址。210. When the initial AMF determines to perform NAS redirection, and the initial AMF does not have the address of the target AMF, the initial AMF invokes the fifth service operation of the NRF (for example, called the Nnrf_NFDiscovery_Request service operation), and the Nnrf_NFDiscovery_Request service operation is used to obtain the target AMF the address of. The NRF sends the response of the fifth service operation, which includes the address of the target AMF.

211、在初始AMF，根据本地策略和订阅信息，确定通过(R)AN将NAS消息重定向给目标AMF(即NAS reroute via(R)AN)的情况下，初始AMF向RAN发送重定向NAS消息(reroute NAS message)。该reroute NAS message中包括完整的RR消息。211. In the case where the initial AMF determines that the NAS message is redirected to the target AMF (ie NAS reroute via (R)AN) through the (R)AN according to the local policy and subscription information, the initial AMF sends the redirect NAS message to the RAN (reroute NAS message). The reroute NAS message includes a complete RR message.

可选的，该reroute NAS message中还可包括NSSF提供的信息。RAN发送初始UE消息(initial UE message)给目标AMF。initial UE message中包括完整的RR消息和NSSF提供的信息。NSSF提供的信息可用于指示发生了由于切片而产生的重NAS定向(NAS reroute)。Optionally, the reroute NAS message may also include information provided by NSSF. The RAN sends an initial UE message (initial UE message) to the target AMF. The initial UE message includes the complete RR message and the information provided by the NSSF. The information provided by NSSF can be used to indicate the occurrence of NAS reroute due to slicing.

可选的，该初始AMF，还可根据本地策略和订阅信息，确定将NAS消息(即RR消息)直接发送给目标AMF(即direct NAS reroute)，则初始AMF调用目标AMF提供的N1消息通知Namf_Communication_N1MessgeNotify服务操作，并在该Namf_Communication_N1MessgeNotify服务操作中携带完整的注册请求消息和UE上下文，UE上下文中包括UE安全上下文。Optionally, the initial AMF can also determine to send the NAS message (i.e. RR message) directly to the target AMF (i.e. direct NAS reroute) according to the local policy and subscription information, and the initial AMF calls the N1 message provided by the target AMF to notify Namf_Communication_N1MessgeNotify Service operation, and carry a complete registration request message and UE context in the Namf_Communication_N1MessgeNotify service operation, and the UE context includes the UE security context.

可理解，以上所示的注册方法仅为一种示例，在具体实现中，可能还包括其他步骤，或者以上所示的各个消息或信息还包括其他名称等等，本申请实施例对于以上注册方法不作限定。It is understandable that the registration method shown above is only an example. In a specific implementation, other steps may be included, or each message or information shown above may also include other names, etc. The embodiments of the present application are relevant to the above registration methods. Not limited.

在图2所示的注册方法的流程示意图中，在初始AMF确定通过RAN发起NAS重定向，且在NAS重定向之前，由于初始AMF和UE之间进行了NAS消息的安全交互(或者说，初始AMF和UE之间成功地进行了NAS SMC流程)，即UE和初始AMF之间建立了新的NAS安全上下文，因此UE只会接受基于该新的NAS安全上下文保护的NAS消息。进一步的，目标AMF在接收到initial UE message中的RR消息后，由于目标AMF没有该新的NAS安全上下文，因此目标AMF向UE发送的NAS消息没有使用该新的NAS安全上下文进行保护， 由此最终会导致注册失败。In the flowchart diagram of the registration method shown in Figure 2, the initial AMF determines to initiate NAS redirection through the RAN, and before the NAS redirection, because the initial AMF and the UE perform the security interaction of NAS messages (or, the initial A NAS SMC process is successfully performed between the AMF and the UE), that is, a new NAS security context is established between the UE and the initial AMF, so the UE will only accept NAS messages protected based on the new NAS security context. Further, after the target AMF receives the RR message in the initial UE message, since the target AMF does not have the new NAS security context, the NAS message sent by the target AMF to the UE is not protected by the new NAS security context. Eventually it will cause the registration to fail.

应理解，在本申请中，初始AMF和UE进行了NAS消息的安全交互、初始AMF和UE之间成功地进行了NAS SMC流程、初始AMF和UE激活了NAS安全、初始AMF和UE之间成功地进行了NAS安全模式控制流程、初始AMF和UE激活了加密和完整性保护，和初始AMF和UE之间建立了NAS安全上下文、初始AMF和UE之间建立了新的NAS安全上下文、UE激活了NAS安全、和UE激活了NAS加密和NAS完整性保护，可表示相同的意思，可交互使用。其中，NAS安全模式控制流程可为图2所示的步骤205和步骤206的流程。It should be understood that in this application, the initial AMF and the UE have performed the security interaction of the NAS message, the initial AMF and the UE have successfully performed the NAS SMC process, the initial AMF and the UE have activated NAS security, and the initial AMF and the UE have successfully The NAS security mode control process is carried out, the initial AMF and UE activate encryption and integrity protection, the NAS security context is established between the initial AMF and the UE, the new NAS security context is established between the initial AMF and the UE, and the UE is activated. If NAS security is enabled, NAS encryption and NAS integrity protection are activated with the UE, which can mean the same thing and can be used interactively. Among them, the NAS security mode control process may be the process of step 205 and step 206 shown in FIG. 2.

本申请实施例提供了一种注册方法，用于解决注册失败。以下将结合附图对本申请实施例所提供的注册方法进行描述。The embodiment of the application provides a registration method for solving registration failure. The registration method provided by the embodiments of the present application will be described below with reference to the accompanying drawings.

图3是本申请实施例提供的一种注册方法的流程示意图，如图3所示，该注册方法包括：Fig. 3 is a schematic flowchart of a registration method provided by an embodiment of the present application. As shown in Fig. 3, the registration method includes:

可理解，对于图3中的301至310的具体实现方式可参考前述实施例201-210的描述，如可参考图2所示的注册方法，这里不再详述。It can be understood that, for the specific implementation manners of 301 to 310 in FIG. 3, reference may be made to the description of the foregoing embodiments 201-210. For example, reference may be made to the registration method shown in FIG.

311、初始AMF确定通过(R)AN将NAS消息重定向给目标AMF(即NAS reroute via(R)AN)；该初始AMF通过(R)AN向目标AMF发送第一路由信息，如该初始AMF向(R)AN发送第一路由信息，该(R)AN接收该初始AMF发送的该第一路由信息。311. The initial AMF determines to redirect the NAS message to the target AMF through the (R)AN (that is, NAS reroute via (R)AN); the initial AMF sends the first routing information to the target AMF through the (R)AN, such as the initial AMF The first routing information is sent to the (R)AN, and the (R)AN receives the first routing information sent by the initial AMF.

本申请实施例中，该第一路由信息用于指示目标AMF从初始AMF中获取UE上下文或UE的安全上下文或UE的NAS安全上下文或初始AMF与UE建立的NAS安全上下文。In the embodiment of the present application, the first routing information is used to instruct the target AMF to obtain the UE context or the security context of the UE or the NAS security context of the UE or the NAS security context established by the initial AMF and the UE from the initial AMF.

可选的，该第一路由信息还用于指示以下任意一种或多种：Optionally, the first routing information is further used to indicate any one or more of the following:

目标AMF通过服务通信代理(SCP)从初始AMF中获取UE上下文或UE的安全上下文或UE的NAS安全上下文或初始AMF与UE建立的NAS安全上下文；The target AMF obtains the UE context or the security context of the UE or the NAS security context of the UE or the NAS security context established by the initial AMF and the UE from the initial AMF through the serving communication agent (SCP);

初始AMF和UE进行了NAS消息的安全交互；Initially, AMF and UE conducted a secure exchange of NAS messages;

初始AMF和UE成功地进行了主认证；The initial AMF and UE successfully performed the master authentication;

初始AMF接收到水平K _AMF推衍指示(keyAMFHDerivationInd指示)； The initial AMF receives the level K _AMF derivation indication (keyAMFHDerivationInd indication);

初始AMF选择了与从原AMF处接收到的安全算法不同的安全算法；The initial AMF selected a different security algorithm from the security algorithm received from the original AMF;

作为示例，该初始AMF可以根据本地策略和订阅信息来确定通过(R)AN将NAS消息发送给目标AMF。As an example, the initial AMF may determine to send the NAS message to the target AMF through the (R)AN according to the local policy and subscription information.

示例的，该初始AMF向(R)AN发送重定向NAS消息(reroute NAS message)，该reroute NAS message中包括该第一路由信息。(R)AN接收该reroute NAS message。For example, the initial AMF sends a redirect NAS message (reroute NAS message) to the (R)AN, and the reroute NAS message includes the first routing information. (R) AN receives the reroute NAS message.

可选的，该第一路由信息可包括以下任意一种或者多种：初始AMF的路由信息、UE上下文的路由信息、UE安全上下文的路由信息、UE NAS安全上下文的路由信息、UE新的NAS安全上下文的路由信息、当前安全上下文的路由信息、用于请求UE上下文的服务请求的路由信息、用于请求UE安全上下文的服务请求的路由信息、用于请求UE NAS安全上下文的服务请求的路由信息、用于请求当前安全上下文的路由信息、用于请求UE的新的NAS安全上下文的路由信息。例如，该第一路由信息可包括以下任意一项或多项：初始AMF的终点地址(end point address)、初始AMF的互联网协议(internet protocol，IP)地址、初始AMF的实例标识(instance ID)、初始AMF的AMF集标识(AMF set ID)、初始AMF的全球唯一AMF标识(Globally Unique AMF Identifier，GUAMI)、初始AMF提供的用于UE上下文的服务实例标识(service instance ID)、初始AMF的服务实例集标识(service set ID)、第一5G-GUTI等。该第一5G-GUTI可为初始AMF为UE分配的5G-GUTI。可理解，该第一路由信息还可能包括其他的可用于寻址初始AMF、或UE上下文、或UE的安全上下文、或UE 的NAS安全上下文或初始AMF与UE建立的NAS安全上下文或当前安全上下文的信息，本申请不做限制。Optionally, the first routing information may include any one or more of the following: routing information of the initial AMF, routing information of the UE context, routing information of the UE security context, routing information of the UE NAS security context, and the new NAS of the UE The routing information of the security context, the routing information of the current security context, the routing information of the service request for requesting the UE context, the routing information of the service request for requesting the UE security context, the routing information of the service request for requesting the UE NAS security context Information, routing information used to request the current security context, and routing information used to request a new NAS security context of the UE. For example, the first routing information may include any one or more of the following: the end point address of the initial AMF, the internet protocol (IP) address of the initial AMF, and the instance ID of the initial AMF The AMF set ID of the initial AMF (AMF set ID), the Globally Unique AMF Identifier (GUAMI) of the initial AMF, the service instance ID (service instance ID) provided by the initial AMF for the UE context, and the initial AMF Service instance set ID (service set ID), first 5G-GUTI, etc. The first 5G-GUTI may be the 5G-GUTI allocated to the UE by the initial AMF. It is understandable that the first routing information may also include other addresses that can be used to address the initial AMF, or the UE context, or the security context of the UE, or the NAS security context of the UE, or the NAS security context established by the initial AMF and the UE or the current security context. The information of this application is not restricted.

可选的，初始AMF可通过一些条件来判断是否通过(R)AN向目标AMF发送第一路由信息。例如，初始AMF判断出满足以下条件中的任意一种或多种时，该初始AMF通过(R)AN向目标AMF发送第一路由信息：Optionally, the initial AMF may determine whether to send the first routing information to the target AMF through the (R)AN through some conditions. For example, when the initial AMF determines that any one or more of the following conditions is satisfied, the initial AMF sends the first routing information to the target AMF through (R)AN:

初始AMF和UE进行了NAS消息的安全交互；Initially, AMF and UE conducted a secure exchange of NAS messages;

初始AMF和UE成功地进行了NAS安全模式控制流程；The initial AMF and UE successfully carried out the NAS security mode control process;

初始AMF和UE成功地进行了NAS SMC；The initial AMF and UE successfully performed NAS SMC;

初始AMF和UE建立了新的NAS安全上下文；The initial AMF and UE establish a new NAS security context;

初始AMF和UE成功地进行了主认证；The initial AMF and UE successfully performed the master authentication;

初始AMF和UE激活了NAS安全；NAS security is activated by the initial AMF and UE;

初始AMF接收到水平K _AMF推衍指示(keyAMFHDerivationInd指示)； The initial AMF receives the level K _AMF derivation indication (keyAMFHDerivationInd indication);

初始AMF选择了新的安全算法。The initial AMF chose a new security algorithm.

可选的，该初始AMF为该UE分配一个5G-GUTI。Optionally, the initial AMF allocates a 5G-GUTI to the UE.

可选的，该初始AMF通过(R)AN向目标AMF发送第一5G-GUTI，如初始AMF在注册请求消息中包括该第一5G-GUTI，该初始AMF向(R)AN发送重定向NAS消息(reroute NAS message)，该reroute NAS message中包括携带该第一个5G-GUTI的注册请求消息。Optionally, the initial AMF sends the first 5G-GUTI to the target AMF through the (R)AN. If the initial AMF includes the first 5G-GUTI in the registration request message, the initial AMF sends a redirect NAS to the (R)AN A message (reroute NAS message), the reroute NAS message includes a registration request message carrying the first 5G-GUTI.

312、(R)AN向目标AMF发送接收到的第一路由信息，该目标AMF接收该(R)AN发送的该第一路由信息。312. The (R)AN sends the received first routing information to the target AMF, and the target AMF receives the first routing information sent by the (R)AN.

示例的，(R)AN接收初始AMF发送的包括该第一路由信息的reroute NAS message，(R)AN向目标AMF发送initial UE message，该initial UE message包括第一路由信息。目标AMF接收该initial UE message。For example, the (R)AN receives the rerouteNAS message that includes the first routing information sent by the initial AMF, and the (R)AN sends the initial UE message to the target AMF, and the initial UE message includes the first routing information. The target AMF receives the initial UE message.

示例的，(R)AN接收初始AMF发送的reroute NAS message，该reroute NAS message中包括携带第一5G-GUTI的注册请求消息，(R)AN向目标AMF发送initial UE message，该initial UE message中包括携带第一5G-GUTI的注册请求消息。For example, the (R)AN receives the reroute NAS message sent by the initial AMF, and the reroute NAS message includes a registration request message carrying the first 5G-GUTI, and the (R)AN sends an initial UE message to the target AMF. The initial UE message includes Including the registration request message carrying the first 5G-GUTI.

313、目标AMF根据该第一路由信息向服务通信代理(SCP)发送第一服务请求，该SCP接收该目标AMF发送的该第一服务请求。313. The target AMF sends a first service request to a service communication agent (SCP) according to the first routing information, and the SCP receives the first service request sent by the target AMF.

应理解，在本申请中，一个网络功能A调用另一个网络功能B的某服务操作、一个网络功能A向另一个网络功能B某服务请求、一个网络功能A请求另一个网络功能B的某服务操作，均表示相同的意思，可以交互使用。It should be understood that in this application, a network function A calls a certain service operation of another network function B, a network function A requests a certain service from another network function B, and a network function A requests a certain service of another network function B. Operation means the same meaning and can be used interactively.

本申请实施例中，该第一服务请求可用于请求UE上下文或UE的安全上下文或UE的NAS安全上下文或初始AMF与UE建立的NAS安全上下文或当前UE上下文或UE新的NAS安全上下文。In the embodiment of the present application, the first service request may be used to request the UE context or the UE's security context or the UE's NAS security context or the NAS security context established by the initial AMF and the UE or the current UE context or the UE's new NAS security context.

可选的，该第一服务请求中可包括接收到的第一路由信息和UE的标识信息。Optionally, the first service request may include the received first routing information and UE identification information.

可选的，该第一服务请求中可包括接收到的注册请求中携带的第一5G-GUTI。Optionally, the first service request may include the first 5G-GUTI carried in the received registration request.

可选的，该第一服务请求中可包括接收到的注册请求中携带的第一5G-GUTI以及初始AMF的路由信息。该初始AMF的路由信息，是目标AMF根据接收到的第一5G-GUTI，确定的初始AMF的路由信息，比如包括初始AMF的AMF集标识(AMF set ID)、或初始AMF的全球唯一AMF标识(globally Unique AMF identifier，GUAMI)。Optionally, the first service request may include the routing information of the first 5G-GUTI and the initial AMF carried in the received registration request. The routing information of the initial AMF is the routing information of the initial AMF determined by the target AMF according to the first 5G-GUTI received, such as the AMF set ID of the initial AMF or the globally unique AMF ID of the initial AMF (Globally Unique AMF identifier, GUAMI).

由于reroute NAS message中可包括RR消息，因此上述第一服务请求中包括的UE的标 识信息可包括目标AMF接收到的RR消息中的UE的标识。该UE的标识信息可以是SUPI、或者5G-GUTI、或者SUCI。Since the reroute NAS message may include an RR message, the identification information of the UE included in the first service request may include the identification of the UE in the RR message received by the target AMF. The identification information of the UE may be SUPI, or 5G-GUTI, or SUCI.

可选的，在步骤313之前，步骤312之后，图3所示的注册方法还包括：Optionally, before step 313 and after step 312, the registration method shown in FIG. 3 further includes:

317、目标AMF从原AMF中获取UE上下文或UE的安全上下文或UE的NAS安全上下文或UE与原AMF之间建立的安全上下文，如目标AMF可通过Namf_Communication_UEContextTransfer向原AFM请求UE上下文，以及该原AMF可通过Namf_Communication_UEContextTransfer response向目标AMF发送UE上下文或UE的安全上下文或UE的NAS安全上下文或UE和原AMF之间建立的安全上下文。317. The target AMF obtains the UE context or the security context of the UE or the NAS security context of the UE or the security context established between the UE and the original AMF from the original AMF. For example, the target AMF can request the UE context from the original AFM through Namf_Communication_UEContextTransfer, and the original AMF The UE context or the security context of the UE or the NAS security context of the UE or the security context established between the UE and the original AMF can be sent to the target AMF through Namf_Communication_UEContextTransfer response.

在目标AMF从原AMF中获取到UE上下文、或UE的安全上下文、或UE的NAS安全上下文、或UE与原AMF之间建立的安全上下文的情况下，上述第一服务请求中所包括的UE的标识信息还可包括目标AMF从原AMF中获取到的UE上下文中包括的UE的标识。例如，该UE的标识可以是SUPI、或者5G-GUTI、或者SUCI。In the case that the target AMF obtains the UE context, or the security context of the UE, or the NAS security context of the UE, or the security context established between the UE and the original AMF from the original AMF, the UE included in the above-mentioned first service request The identification information of may also include the identification of the UE included in the UE context obtained by the target AMF from the original AMF. For example, the identity of the UE may be SUPI, or 5G-GUTI, or SUCI.

314、SCP向初始AMF发送该第一服务请求，该初始AMF接收该SCP发送的该第一服务请求。314. The SCP sends the first service request to the initial AMF, and the initial AMF receives the first service request sent by the SCP.

应理解，本申请实施例中，SCP接收到该第一服务请求后，可根据该第一服务请求中所包括的第一路由信息向初始AMF发送该第一服务请求。例如，该第一路由信息中可包括初始AMF的路由信息，由此，该SCP可有效得知向哪个AMF来请求UE上下文或UE的安全上下文或UE的NAS安全上下。It should be understood that, in this embodiment of the application, after receiving the first service request, the SCP may send the first service request to the initial AMF according to the first routing information included in the first service request. For example, the first routing information may include the routing information of the initial AMF, so that the SCP can effectively know which AMF to request the UE context or the security context of the UE or the NAS security context of the UE.

示例的，SCP接收到该第一服务请求后，SCP可根据接收到的第一路由信息找到初始AMF，并将该第一服务请求发送给初始AMF。For example, after the SCP receives the first service request, the SCP can find the initial AMF according to the received first routing information, and send the first service request to the initial AMF.

示例的，SCP接收到该第一服务请求后，SCP可根据接收到的第一5G-GUTI找到初始AMF，并该第一服务请求发送给初始AMF。For example, after the SCP receives the first service request, the SCP can find the initial AMF according to the received first 5G-GUTI, and send the first service request to the initial AMF.

示例的，SCP接收到该第一服务请求后，SCP可根据接收到的该初始AMF的路由信息找到初始AMF，并该第一服务请求发送给初始AMF。For example, after the SCP receives the first service request, the SCP can find the initial AMF according to the received routing information of the initial AMF, and send the first service request to the initial AMF.

315、初始AMF向SCP发送第一服务请求的响应，该第一服务请求的响应中包括UE上下文、或UE安全上下文、或UE的NAS安全上下文、或初始AMF与UE建立的NAS安全上下文、或当前安全上下文。该SCP接收该初始AMF发送的第一服务请求的响应。315. The initial AMF sends a response to the first service request to the SCP, where the response of the first service request includes the UE context, or the UE security context, or the NAS security context of the UE, or the NAS security context established by the initial AMF and the UE, or The current security context. The SCP receives the response to the first service request sent by the initial AMF.

示例的，初始AMF根据接收到的UE的标识信息获取与该标识信息对应的UE上下文、或UE安全上下文、或UE的安全上下文、或UE的NAS安全上下文、或初始AMF与UE建立的NAS安全上下文、或当前安全上下文，并向SCP发送第一服务请求的响应，该第一服务请求的响应中包括UE上下文、或UE安全上下文、或UE的NAS安全上下文、或初始AMF与UE建立的NAS安全上下文、或当前安全上下文。For example, the initial AMF obtains the UE context, or the UE security context, or the UE security context, or the UE's NAS security context, or the NAS security established by the initial AMF and the UE according to the received UE identification information. Context, or current security context, and send a response to the first service request to the SCP. The response to the first service request includes the UE context, or the UE security context, or the UE’s NAS security context, or the NAS established by the initial AMF and the UE Security context, or current security context.

可理解，第一服务请求用于请求UE上下文时，该第一服务请求的响应中可包括UE上下文；第一服务请求用于请求UE的安全上下文时，该第一服务请求的响应中可包括UE安全上下文；第一服务请求用于请求UE的NAS安全上下时，该第一服务请求的响应中可包括UE的NAS安全上下文；第一服务请求用于请求初始AMF与UE建立的NAS安全上下文时，该第一服务请求的响应中可包括该初始AMF与UE建立的NAS安全上下文。第一服务请求用于请求初始当前安全上下文时，该第一服务请求的响应中可包括当前安全上下文。It is understandable that when the first service request is used to request the UE context, the response of the first service request may include the UE context; when the first service request is used to request the security context of the UE, the response of the first service request may include UE security context; when the first service request is used to request the NAS security of the UE, the response of the first service request may include the NAS security context of the UE; the first service request is used to request the NAS security context established by the initial AMF and the UE At this time, the response of the first service request may include the NAS security context established by the initial AMF and the UE. When the first service request is used to request the initial current security context, the response of the first service request may include the current security context.

作为一种可能的实施方式，初始AMF向SCP发送第一服务请求的响应之前，初始AMF决定是否进行水平K _AMF推演。可理解，本申请中，水平K _AMF推演与水平K _AMF推衍表示相 同的意思，在本申请中可交互使用(或替换)。 As a possible implementation manner, before the initial AMF sends a response to the first service request to the SCP, the initial AMF decides whether to perform horizontal K _AMF deduction. It is understandable that in this application, the horizontal K _AMF deduction and the horizontal K _AMF deduction have the same meaning, and can be used interchangeably (or replaced) in this application.

如果初始AMF决定不进行水平K _AMF推演，则初始AMF向目标AMF或者SCP发送当前的安全上下文，包括当前的K _AMF；应理解在本申请中，初始AMF向目标AMF发送当前的安全上下文，即初始AMF通过SCP向目标AMF发送当前的安全上下文。 If the initial AMF decides not to perform horizontal K _AMF deduction, the initial AMF sends the current security context to the target AMF or SCP, including the current K _AMF ; it should be understood that in this application, the initial AMF sends the current security context to the target AMF, that is The initial AMF sends the current security context to the target AMF through the SCP.

如果初始AMF决定进行水平K _AMF推演，则初始AMF根据当前K _AMF生成新的K _AMF或新的安全上下文或新的NAS安全上下文，初始AMF向目标AMF或者SCP发送新的K _AMF或新的安全上下文或新的NAS安全上下文，并且初始AMF向目标AMF发送水平K _AMF推演指示。该水平K _AMF推演指示可称为keyAmfHDerivationInd。 If the initial AMF decides to perform horizontal K _AMF deduction, the initial AMF generates a new K _AMF or a new security context or a new NAS security context _{based on the current K AMF , and the initial AMF sends a new K AMF} or new security to the target AMF or SCP Context or a new NAS security context, and the initial AMF sends a horizontal K _AMF deduction instruction to the target AMF. This level K _AMF deduction instruction can be called keyAmfHDerivationInd.

可选地，该第一服务请求的响应包括当前安全上下文或新的K _AMF或新的安全上下文或水平K _AMF推演指示。可选地，初始AMF可以通过除上述第一服务请求的响应之外的消息向目标AMF或SCP发送UE的安全上下文，包括当前安全上下文或新的K _AMF或新的安全上下文或水平K _AMF推演指示，本申请对于初始AMF如何向目标AMF发送UE的安全上下文的具体方式并不限制。 Optionally, the response of the first service request includes the current security context or the new K _AMF or the new security context or the level K _AMF deduction indication. Optionally, the initial AMF may send the security context of the UE to the target AMF or SCP through a message other than the response to the first service request, including the current security context or the new K _AMF or the new security context or the horizontal K _AMF deduction Instructed, this application does not limit the specific manner of how the initial AMF sends the security context of the UE to the target AMF.

初始AMF决定是否进行水平K _AMF推演可以是以下三种方式中的任意一种： The initial AMF decision whether to perform horizontal K _AMF deduction can be any of the following three ways:

方式一：初始AMF不进行水平K _AMF推演，即初始AMF发送当前的安全上下文给目标AMF； Method 1: The initial AMF does not perform horizontal K _AMF deduction, that is, the initial AMF sends the current security context to the target AMF;

方式二：初始AMF根据本地策略判断是否进行水平K _AMF推演，即初始AMF根据本地策略确定进行水平K _AMF推演，或，初始AMF根据本地策略确定不进行水平K _AMF推演； Method 2: The initial AMF determines whether to perform the horizontal K _AMF deduction according to the local strategy, that is, the initial AMF determines the horizontal K _AMF deduction according to the local strategy, or the initial AMF determines not to perform the horizontal K _AMF deduction according to the local strategy;

方式三：初始AMF根据第四预设条件判断是否进行水平K _AMF推演，即如果初始AMF判断第四预设条件满足，则初始AMF不进行水平K _AMF推演。也就是说，初始AMF发送当前安全上下文给目标AMF；如果初始AMF判断第四预设条件不满足，则初始AMF根据本地策略判断是否进行水平K _AMF推演，即初始AMF根据本地策略确定进行水平K _AMF推演，或初始AMF根据本地策略确定不进行水平K _AMF推演。其中第四预设条件为以下条件中的任意一种或者几种： Manner 3: The initial AMF judges whether to perform horizontal K _AMF deduction according to the fourth preset condition, that is, if the initial AMF judges that the fourth preset condition is satisfied, the initial AMF does not perform horizontal K _AMF deduction. That is, the initial AMF sends the current security context to the target AMF; if the initial AMF judges that the fourth preset condition is not met, the initial AMF judges whether to perform the level K _AMF deduction according to the local policy, that is, the initial AMF determines the level K according to the local policy _AMF deduction, or the initial AMF determines not to perform horizontal K _AMF deduction based on local strategies. The fourth preset condition is any one or more of the following conditions:

初始AMF和UE之间进行了NAS消息的安全交互；初始AMF和UE之间成功进行了NAS SMC；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下文；UE和初始AMF之间进行了主认证；初始AMF选择了与原AMF选择的安全算法不同的安全算法；初始AMF使用了从原AMF处接收到的由水平K _AMF推演后生成的K _AMF；初始AMF从原AMF处接收到水平K _AMF推演指示，并且初始AMF决定使用从原AMF处接收到的K _AMF。 The security exchange of NAS messages is carried out between the initial AMF and the UE; the NAS SMC is successfully carried out between the initial AMF and the UE; the security association is established between the UE and the initial AMF; the security protection is activated between the UE and the initial AMF; A new NAS security context is established between the initial AMF; the primary authentication is performed between the UE and the initial AMF; the initial AMF selects a security algorithm that is different from the security algorithm selected by the original AMF; the initial AMF uses the one received from the original AMF generated after the horizontal derivation K K _{AMF AMF;} AMF initially received from the old place to level K AMF _AMF deduction indicated, and the initial decision to use K AMF _AMF AMF received from the original place.

316、SCP向目标AMF发送接收到的UE上下文、或UE的安全上下文、或UE的NAS安全上下文、或初始AMF与UE建立的NAS安全上下文、或当前安全上下文，该目标AMF接收该SCP发送的UE上下文、或UE安全上下文、或UE的NAS安全上下文、或初始AMF与UE建立的NAS安全上下文、或当前安全上下文。316. The SCP sends the received UE context, or the security context of the UE, or the NAS security context of the UE, or the NAS security context established by the initial AMF and the UE, or the current security context to the target AMF, and the target AMF receives the information sent by the SCP. The UE context, or the UE security context, or the NAS security context of the UE, or the NAS security context established by the initial AMF and the UE, or the current security context.

可理解，SCP向目标AMF发送UE上下文时，该目标AMF可接收该SCP发送的UE上下文；SCP向目标AMF发送UE安全上下文时，该目标AMF可接收该SCP发送的UE安全上下文；SCP向目标AMF发送UE的NAS安全上下文时，该目标AMF可接收该SCP发送的UE的NAS安全上下文；SCP向目标AMF发送初始AMF与UE建立的NAS安全上下文时，该目标AMF可接收该SCP发送的初始AMF与UE建立的NAS安全上下文。SCP向目标AMF发送当前安全上下文时，该目标AMF可接收该SCP发送的当前安全上下文。It is understandable that when the SCP sends the UE context to the target AMF, the target AMF can receive the UE context sent by the SCP; when the SCP sends the UE security context to the target AMF, the target AMF can receive the UE security context sent by the SCP; When the AMF sends the NAS security context of the UE, the target AMF can receive the NAS security context of the UE sent by the SCP; when the SCP sends the NAS security context established by the initial AMF and the UE to the target AMF, the target AMF can receive the initial sent by the SCP. NAS security context established by AMF and UE. When the SCP sends the current security context to the target AMF, the target AMF can receive the current security context sent by the SCP.

示例的，该SCP在接收到包括UE上下文、或UE的安全上下文、或UE的NAS安全上下文、或初始AMF与UE建立的NAS安全上下文、或当前安全上下文的第一服务请求的响应之后，SCP可将接收到的UE上下文、或UE安全上下文、或UE的NAS安全上下文、或初始AMF与UE建立的NAS安全上下文、或当前上下文包括在第一服务请求的响应中，发给目标AMF。也就是说，SCP可向目标AMF发送第一服务请求的响应，该第一服务请求的响应中包括UE上下文、或UE的安全上下文、或UE的NAS安全上下文、或初始AMF与UE建立的NAS安全上下文、或当前安全上下文。For example, after the SCP receives a response to the first service request including the UE context, or the security context of the UE, or the NAS security context of the UE, or the NAS security context established by the initial AMF and the UE, or the current security context, the SCP The received UE context, or UE security context, or NAS security context of the UE, or the NAS security context established by the initial AMF and the UE, or the current context may be included in the response of the first service request and sent to the target AMF. That is, the SCP may send a response to the first service request to the target AMF. The response to the first service request includes the UE context, or the UE’s security context, or the UE’s NAS security context, or the NAS established by the initial AMF and the UE. Security context, or current security context.

可选的，初始AMF在接收到第一服务请求之后，该初始AMF还可根据本地策略或本地配置，确定是否发起水平K _AMF推衍。如果确定发起水平K _AMF推衍，则初始AMF进行水平K _AMF推衍生成新的K _AMF，并向SCP发送该新的K _AMF，和水平K _AMF推衍指示，比如keyAMFHDerivationInd。进一步的，该SCP向该目标AMF发送该水平K _AMF推衍指示和新的K _AMF，由此目标AMF接收到该水平K _AMF推衍指示和该新的K _AMF之后，该目标AMF向UE发送NAS SMC消息，并在该NAS SMC消息中包括值为1的K_AMF_change_flag，用于指示UE进行水平K _AMF推衍。进一步的，在UE接收到该NAC SMC消息之后，根据值为1的K_AMF_change_flag进行水平K _AMF推衍，生成新的K _AMF，并可向该目标AMF发送NAS SMP消息。 Optionally, after the initial AMF receives the first service request, the initial AMF may also determine whether to initiate horizontal K _AMF derivation according to a local policy or local configuration. If it is determined to initiate the level K _AMF derivation, the initial AMF performs the level K _AMF derivation into a new K _AMF and sends the new K _AMF and a level K _AMF derivation instruction, such as keyAMFHDerivationInd, to the SCP. Further, the SCP sends the horizontal K _AMF derivation indication and the new K _AMF to the target AMF, and after the target AMF receives the horizontal K _AMF derivation indication and the new K _AMF , the target AMF sends the UE The NAS SMC message includes a K_AMF_change_flag with a value of 1 in the NAS SMC message, which is used to instruct the UE to derive the horizontal K _AMF . Further, after receiving the NAC SMC message, the UE performs horizontal K _AMF derivation according to the K_AMF_change_flag with a value of 1, to generate a new K _AMF , and can send a NAS SMP message to the target AMF.

目标AMF接收到第一服务请求的响应或上述安全上下文之后，(即目标AMF接收到初始AMF通过SCP发送的安全上下文之后)，或者目标AMF从原AMF接收到UE上下文之后(及图中的317之后)，目标AMF执行以下选项中的任意一种：After the target AMF receives the response to the first service request or the aforementioned security context, (that is, after the target AMF receives the security context sent by the initial AMF through SCP), or after the target AMF receives the UE context from the original AMF (and 317 in the figure) After), the target AMF executes any of the following options:

选项一：目标AMF不进行主认证，或，目标AMF使用接收到的K _AMF或安全上下文。 Option 1: The target AMF does not perform primary authentication, or the target AMF uses the received K _AMF or security context.

应理解目标AMF不进行主认证，或，目标AMF使用接收到的K _AMF或安全上下文，是指该目标AMF跳过主认证，进行注册流程中的其他流程。该目标AMF基于接收到的K _AMF或安全上下文保护第三消息，并将该第三消息发送给UE。具体地，该目标AMF根据接收到的K _AMF或安全上下文生成NAS加解密密钥和NAS完整性密钥，并采用生成的NAS加解密密钥和/或NAS完整性密钥对第三消息进行保护。在这种选项下，第三消息为不包括认证请求的任意N1消息。 It should be understood that the target AMF does not perform the main authentication, or the target AMF uses the received K _AMF or security context, which means that the target AMF skips the main authentication and performs other processes in the registration process. The target AMF protects the third message based on the received K _AMF or security context, and sends the third message to the UE. Specifically, the target AMF _{generates a NAS encryption and decryption key and a NAS integrity key according to the received K AMF} or security context, and uses the generated NAS encryption and decryption key and/or NAS integrity key to perform the third message protection. Under this option, the third message is any N1 message that does not include the authentication request.

在该实施例中，目标AMF不进行主认证，即目标AMF使用接收到的K _AMF或安全上下文。 In this embodiment, the target AMF does not perform primary authentication, that is, the target AMF uses the received K _AMF or security context.

选项二：目标AMF保护认证请求消息，和/或,目标AMF发送有安全保护的认证请求消息，和/或，目标AMF发送有安全保护的N1消息，包括认证请求消息。也就是目标AMF保护认证请求消息，并且目标AMF向UE发送有安全保护的认证请求消息，其中，目标AMF向UE发送有安全保护的认证请求消息可以理解为目标AMF向UE发送有安全保护的N1消息，该N1消息包括认证请求消息。Option 2: The target AMF protects the authentication request message, and/or the target AMF sends a security-protected authentication request message, and/or the target AMF sends a security-protected N1 message, including the authentication request message. That is, the target AMF protects the authentication request message, and the target AMF sends a security-protected authentication request message to the UE, where the target AMF sends a security-protected authentication request message to the UE can be understood as the target AMF sends a security-protected N1 to the UE Message, the N1 message includes an authentication request message.

应理解，目标AMF保护认证请求消息，即目标AMF基于接收到的K _AMF或安全上下文保护认证请求消息，发送有安全保护的认证请求消息。具体地，该目标AMF根据接收到的K _AMF或安全上下文生成NAS加解密密钥和NAS完整性密钥，并采用生成的NAS加解密密钥和/或NAS完整性密钥对认证请求消息进行保护,并发送有安全保护的认证请求消息。 It should be understood that the target AMF protects the authentication request message, that is, the target AMF sends an authentication request message with security protection _{based on the received K AMF or security context protection authentication request message.} Specifically, the target AMF _{generates a NAS encryption and decryption key and a NAS integrity key according to the received K AMF} or security context, and uses the generated NAS encryption and decryption key and/or NAS integrity key to perform the authentication request message Protection, and send a security-protected authentication request message.

应理解，目标AMF发送有安全保护的认证请求消息，即目标AMF基于接收到的K _AMF或安全上下文保护认证请求消息，发送有安全保护的认证请求消息。具体地，该目标AMF根据接收到的K _AMF或安全上下文生成NAS加解密密钥和NAS完整性密钥，并采用生成的 NAS加解密密钥和/或NAS完整性密钥对认证请求消息进行保护,并发送有安全保护的认证请求消息。 It should be understood that the target AMF sends a security-protected authentication request message, that is, the target AMF sends a security-protected authentication request message based on the received K _AMF or security context protection authentication request message. Specifically, the target AMF _{generates a NAS encryption and decryption key and a NAS integrity key according to the received K AMF} or security context, and uses the generated NAS encryption and decryption key and/or NAS integrity key to perform the authentication request message Protection, and send a security-protected authentication request message.

应理解，目标AMF发送有安全保护的N1消息，包括认证请求消息，即目标AMF基于接收到的K _AMF或安全上下文保护认证N1消息，发送有安全保护的N1消息。具体地，该目标AMF根据接收到的K _AMF或安全上下文生成NAS加解密密钥和NAS完整性密钥，并采用生成的NAS加解密密钥和/或NAS完整性密钥对N1消息进行保护,并发送有安全保护的N1消息。这里的N1消息包括认证请求消息。 It should be understood that the target AMF sends a security-protected N1 message, including an authentication request message, that is, the target AMF sends a security-protected N1 message based on the received K _AMF or security context protection authentication N1 message. Specifically, the target AMF _{generates a NAS encryption and decryption key and a NAS integrity key according to the received K AMF} or security context, and uses the generated NAS encryption and decryption key and/or NAS integrity key to protect the N1 message , And send a secure N1 message. The N1 message here includes an authentication request message.

选项三：目标AMF发送没有安全保护的认证请求消息，或目标AMF发起NAS SMC。Option 3: The target AMF sends an authentication request message without security protection, or the target AMF initiates a NAS SMC.

选项四：目标AMF不进行主认证；或目标AMF保护认证请求消息；或目标AMF发送有安全保护的N1消息，包括认证请求消息。Option 4: The target AMF does not perform primary authentication; or the target AMF protects the authentication request message; or the target AMF sends a security-protected N1 message, including the authentication request message.

应理解，在该实施例中，目标AMF不进行主认证，即，目标AMF使用接收到的K _AMF或安全上下文，是指该目标AMF跳过主认证，进行注册流程中的其他流程。在该实现方式下，该目标AMF基于接收到的K _AMF或安全上下文保护第三消息；具体地，该目标AMF根据接收到的K _AMF或安全上下文生成NAS加解密密钥和NAS完整性密钥，并采用生成的NAS加解密密钥和/或NAS完整性密钥对第三消息进行保护。在这种选项下，第三消息为不包括认证请求的任意N1消息。 It should be understood that, in this embodiment, the target AMF does not perform the main authentication, that is, the target AMF uses the received K _AMF or security context, which means that the target AMF skips the main authentication and performs other processes in the registration process. In this implementation, the target AMF _{protects the third message based on the received K AMF} or security context; specifically, the target AMF generates a NAS encryption and decryption key and a NAS integrity key _{according to the received K AMF or security context.} , And use the generated NAS encryption key and/or NAS integrity key to protect the third message. Under this option, the third message is any N1 message that does not include the authentication request.

目标AMF保护认证请求消息，即目标AMF基于接收到的K _AMF或安全上下文保护认证请求消息、并发送有安全保护的认证请求消息，具体地，该目标AMF根据接收到的K _AMF或安全上下文生成NAS加解密密钥和NAS完整性密钥，并采用生成的NAS加解密密钥和/或NAS完整性密钥对认证请求消息进行保护,并发送有安全保护的认证请求消息。 The target AMF protects the authentication request message, that is, the target AMF is based on the received K _AMF or security context protection authentication request message and sends a security protected authentication request message. Specifically, the target AMF is _{generated based on the received K AMF} or security context NAS encryption and decryption keys and NAS integrity keys, and the generated NAS encryption and decryption keys and/or NAS integrity keys are used to protect the authentication request message, and the authentication request message with security protection is sent.

作为选项一的一种可能的实现方式：该目标AMF接收到上述的第一服务请求的响应之后或目标AMF从原AMF接收到UE上下文之后(及图中的317之后)，则该目标AMF不进行主认证，或该目标AMF使用接收到的K _AMF或安全上下文。 As a possible implementation of option 1: after the target AMF receives the response to the first service request or after the target AMF receives the UE context from the original AMF (and after 317 in the figure), the target AMF does not Perform master authentication, or the target AMF uses the received K _AMF or security context.

作为选项一的另一种可能的实现方式：该目标AMF接收到上述的第一服务请求的响应之后或者目标AMF从原AMF接收到UE上下文之后(及图中的317之后)之后，判断是否发生AMF重定向或者通过RAN的非接入层重路由(NAS reroute via RAN)。如果发生AMF重定向或者通过RAN的非接入层重路由，则该目标AMF不进行主认证，或该目标AMF使用接收到的K _AMF或安全上下文。该目标AMF根据以下条件中的任意一种或多种来判断发生AMF重定向或者通过RAN的非接入层重路由； As another possible implementation of option one: after the target AMF receives the response of the first service request or after the target AMF receives the UE context from the original AMF (and after 317 in the figure), it is determined whether this occurs AMF redirection or NAS reroute via RAN. If AMF redirection or rerouting through the non-access layer of the RAN occurs, the target AMF does not perform primary authentication, or the target AMF uses the received K _AMF or security context. The target AMF determines whether AMF redirection occurs or rerouting through the non-access layer of the RAN according to any one or more of the following conditions;

目标AMF接收到的注册请求消息为没有完整性保护的完整的注册请求消息；目标AMF接收到完整的注册请求消息；目标AMF接收到没有完整性保护的注册请求消息；目标AMF接收到的初始UE消息中包括源到目标AMF信息重路由信元(Source to Target AMF Information Reroute IE)；目标AMF接收到的初始UE消息中包括网络切片选择辅助信息(network slice selection assistance information,NSSAI)；目标AMF接收到的初始UE消息中包括配置的网络切片选择辅助信息(configured network slice selection assistance information,configured NSSAI)和/或拒绝的切片网络切片选择辅助信息(rejected network slice selection assistance information,rejected NSSAI)；目标AMF接收到的第一路由信息。The registration request message received by the target AMF is a complete registration request message without integrity protection; the target AMF receives a complete registration request message; the target AMF receives a registration request message without integrity protection; the initial UE received by the target AMF The message includes source-to-target AMF information rerouting information element (Source to Target AMF Information Reroute IE); the initial UE message received by the target AMF includes network slice selection assistance information (NSSAI); the target AMF receives The received initial UE message includes configured network slice selection assistance information (configured network slice selection assistance information, configured NSSAI) and/or rejected network slice selection assistance information (rejected network slice selection assistance information, rejected NSSAI); target AMF The first routing information received.

作为选项一的又一种可能的实现方式：如果目标AMF接收到水平K _AMF推演指示(即目标AMF接收到初始AMF通过SCP发送的水平K _AMF推演指示，或目标AMF接收到的第一服务请求的响应中包括水平K _AMF推演指示，目标AMF接收到SCP发送的水平K _AMF推演指 示)，则该目标AMF根据水平K _AMF推演指示，不进行主认证，或使用接收到的K _AMF或安全上下文。 As another possible implementation of option one: if the target AMF receives the horizontal K _AMF deduction instruction (that is, the target AMF receives the horizontal K _AMF deduction instruction sent by the initial AMF through the SCP, or the first service request received by the target AMF The response includes the level K _AMF deduction instruction, the target AMF receives the level K _AMF deduction instruction sent by the SCP), then the target AMF will _{perform the master authentication according to the level K AMF} deduction instruction, or use the received K _AMF or security context .

否则，如果目标AMF没有接收上述水平K _AMF推演指示，则目标AMF可执行以下操作中的任意一种： Otherwise, if the target AMF does not receive the above level K _AMF deduction instruction, the target AMF can perform any one of the following operations:

操作一：目标AMF仍然不进行主认证，或使用接收到的K _AMF或安全上下文； Operation 1: The target AMF still does not perform master authentication, or uses the received K _AMF or security context;

操作二：目标AMF如果根据本地策略进行主认证，则目标AMF应基于接收到的K _AMF或安全上下文保护认证请求消息，并发送有安全保护的认证请求消息；目标AMF如果根据本地策略不进行主认证，则目标AMF应基于接收到的K _AMF或安全上下文保护N1消息，并发送有安全保护的N1消息； Operation 2: If the target AMF performs the master authentication according to the local policy, the target AMF should _{protect the authentication request message based on the received K AMF} or security context, and send the authentication request message with security protection; if the target AMF does not perform the master authentication according to the local policy Authentication, the target AMF should _{protect the N1 message based on the received K AMF} or security context, and send the N1 message with security protection;

操作三：目标AMF应基于接收到的K _AMF或安全上下文保护N1消息，包括认证请求消息，并发送有安全保护的N1消息，包括有安全保护的认证请求消息。 Operation 3: The target AMF should _{protect the N1 message, including the authentication request message, based on the received K AMF} or security context, and send the N1 message with security protection, including the authentication request message with security protection.

作为选项一的一种可能的实现方式：如果目标AMF接收到第十指示信息(即目标AMF接收到初始AMF通过SCP发送的第十指示信息，或目标AMF接收到的第一服务请求的响应中包括第十指示信息，目标AMF接收到SCP发送的第十指示信息)，则该目标AMF根据第十指示信息，不进行主认证，或，使用接收到的K _AMF或安全上下文。该第十指示信息用于指示目标AMF不进行主认证，或目标AMF使用接收到的K _AMF或安全上下文。 As a possible implementation of Option 1: If the target AMF receives the tenth indication information (that is, the target AMF receives the tenth indication information sent by the initial AMF through the SCP, or in the response to the first service request received by the target AMF Including the tenth indication information, the target AMF receives the tenth indication information sent by the SCP), then the target AMF does not perform primary authentication according to the tenth indication information, or uses the received K _AMF or security context. The tenth indication information is used to indicate that the target AMF does not perform primary authentication, or the target AMF uses the received K _AMF or security context.

在该实现方式下还包括在315，该初始AMF发送第一服务请求的响应之前，初始AMF确定向目标AMF或SCP发送第十指示信息。具体地，初始AMF判断第十预设条件满足时，初始AMF向目标AMF或SCP发送第十指示信息。相应地，目标AMF接收第十指示信息。可选地，初始AMF利用第一服务请求的响应向目标AMF或SCP发送第十指示信息。第十预设条件为以下条件中的任意一种或者多种：In this implementation manner, it also includes that at 315, before the initial AMF sends a response to the first service request, the initial AMF determines to send tenth indication information to the target AMF or SCP. Specifically, when the initial AMF determines that the tenth preset condition is satisfied, the initial AMF sends tenth indication information to the target AMF or SCP. Correspondingly, the target AMF receives the tenth indication information. Optionally, the initial AMF uses the response of the first service request to send tenth indication information to the target AMF or SCP. The tenth preset condition is any one or more of the following conditions:

初始AMF和UE之间进行了NAS消息的安全交互；初始AMF和UE之间成功进行了NAS SMC；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下文；初始AMF进行水平K _AMF推演；该UE和该初始AMF之间进行了主认证；该初始AMF选择了与原AMF选择的安全算法不同的安全算法；该初始AMF使用了从原AMF处接收到的由水平K _AMF推演后生成的K _AMF；初始AMF从原AMF处接收到水平K _AMF推演指示，并且初始AMF决定使用从原AMF处接收到的K _AMF。 The security exchange of NAS messages is carried out between the initial AMF and the UE; the NAS SMC is successfully carried out between the initial AMF and the UE; the security association is established between the UE and the initial AMF; the security protection is activated between the UE and the initial AMF; A new NAS security context is established between the initial AMF; the initial AMF performs horizontal K _AMF deduction; the UE and the initial AMF are authenticated; the initial AMF selects a security algorithm that is different from the security algorithm selected by the original AMF; the initial AMF uses K _AMF generated by the horizontal K _AMF deduced received from the old AMF at to; initial AMF received from the old AMF place to level K _AMF deduction indicated, and the initial AMF decided using the reception from the original AMF place to K _AMF .

当第十预设条件不满足时，初始AMF不向目标AMF或SCP发送第十指示信息。则目标AMF没有接收到第十指示信息。如果目标AMF没有接收到第十指示信息，则目标AMF可执行以下操作的任意一种：When the tenth preset condition is not met, the initial AMF does not send tenth indication information to the target AMF or SCP. Then the target AMF does not receive the tenth indication information. If the target AMF does not receive the tenth indication information, the target AMF can perform any one of the following operations:

操作一：如果目标AMF决定进行主认证，则目标AMF应发送没有安全保护的认证请求消息，或目标AMF应基于接收到的K _AMF或安全上下文保护认证请求消息、并发送有安全保护的认证请求消息； Operation 1: If the target AMF decides to perform primary authentication, the target AMF should send an authentication request message without security protection, or the target AMF should protect the authentication request message based on the received K _AMF or security context, and send a security-protected authentication request news;

操作二：如果目标AMF决定不进行主认证，则目标AMF发送没有安全保护的N1消息或目标AMF应基于接收到的K _AMF或安全上下文保护N1消息、并发送有安全保护的N1消息； Operation 2: If the target AMF decides not to perform the master authentication, the target AMF sends an N1 message without security protection or the target AMF shall protect the N1 message based on the received K _AMF or security context, and send the N1 message with security protection;

操作三：目标AMF应发送没有安全保护的N1消息，包括认证请求消息。Operation 3: The target AMF should send an N1 message without security protection, including an authentication request message.

操作四：目标AMF应基于接收到的K _AMF或安全上下文保护N1消息、并发送有安全保护的N1消息，包括认证请求消息。 Operation 4: The target AMF should _{protect the N1 message based on the received K AMF} or security context, and send the N1 message with security protection, including the authentication request message.

如果目标AMF没有接收到第十指示信息，则目标AMF还可执行以下操作的任意一种：If the target AMF does not receive the tenth indication information, the target AMF can also perform any of the following operations:

操作一：如果目标AMF决定进行主认证，且目标AMF没有接收到水平K _AMF推演指示，则目标AMF应发送没有安全保护的认证请求消息；或者目标AMF应基于接收到的K _AMF或安全上下文保护认证请求消息、并发送有安全保护的认证请求消息； Operation 1: If the target AMF decides to perform the master authentication and the target AMF does not receive the horizontal K _AMF deduction instruction, the target AMF should send an authentication request message without security protection; or the target AMF should be based on the received K _AMF or security context protection Authentication request message, and send a security-protected authentication request message;

操作二：如果目标AMF接收到水平K _AMF推演指示，则目标AMF应不进行主认证、或目标AMF使用接收到的K _AMF或安全上下文，或目标AMF应进行NAS SMC。 Operation 2: If the target AMF receives a horizontal K _AMF deduction instruction, the target AMF shall not perform the master authentication, or the target AMF shall use the received K _AMF or security context, or the target AMF shall perform the NAS SMC.

操作三：如果目标AMF决定进行主认证，则目标AMF应发送没有安全保护的认证请求消息。Operation 3: If the target AMF decides to perform the master authentication, the target AMF should send an authentication request message without security protection.

如果目标AMF没有接收到第十指示信息，则目标AMF还可以执行以下操作中的任意一种：If the target AMF does not receive the tenth indication information, the target AMF can also perform any of the following operations:

操作一：如果目标AMF决定进行主认证，且目标AMF没有接收到水平K _AMF推演指示，则目标AMF应基于接收到的K _AMF或安全上下文保护认证请求消息、并发送有安全保护的认证请求消息； Operation 1: If the target AMF decides to perform the main authentication and the target AMF does not receive the horizontal K _AMF deduction instruction, the target AMF should _{protect the authentication request message based on the received K AMF} or security context, and send a security-protected authentication request message ；

操作二：如果目标AMF决定进行主认证，且目标AMF接收到水平K _AMF推演指示，则目标AMF应发送没有安全保护的认证请求消息； Operation 2: If the target AMF decides to perform the master authentication, and the target AMF receives a level K _AMF deduction instruction, the target AMF should send an authentication request message without security protection;

第十指示信息还可以用于指示以下的任意一种或多种：The tenth indication information can also be used to indicate any one or more of the following:

初始AMF和UE之间进行了NAS消息的安全交互；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下文；初始AMF和UE之间成功进行了NAS SMC流程；初始AMF和UE进行主认证；初始AMF从原AMF处接收到水平K _AMF推演指示，并决定使用从原AMF处接收到的K _AMF或安全上下文；初始AMF进行了水平K _AMF推演；初始AMF生成了新的K _AMF；初始AMF选择了与原AMF选择的安全算法不同的安全算法；目标AMF不进行主认证流程；目标AMF跳过主认证流程进行注册中的其他流程；目标AMF使用接收到的K _AMF或安全上下文。 The security exchange of NAS messages is carried out between the initial AMF and the UE; a security association is established between the UE and the initial AMF; security protection is activated between the UE and the initial AMF; a new NAS security context is established between the UE and the initial AMF; The NAS SMC process is successfully carried out between the initial AMF and the UE; the initial AMF and the UE perform the primary authentication; the initial AMF receives the horizontal K _AMF deduction instruction from the original AMF, and decides to use the K _AMF or security context received from the original AMF ; The initial AMF performs horizontal K _AMF deduction; the initial AMF generates a new K _AMF ; the initial AMF selects a security algorithm that is different from the security algorithm selected by the original AMF; the target AMF does not perform the main authentication process; the target AMF skips the main authentication process Perform other processes in registration; the target AMF uses the received K _AMF or security context.

作为选项二的一种可能的实现方式：如果目标AMF接收第九指示信息(即目标AMF接收到初始AMF通过SCP发送的第九指示信息，或目标AMF接收到SCP发送的第九指示信息，或者目标AMF接收到的第一服务请求的响应中包括第九指示信息)，则当目标AMF决定进行主认证时，该目标AMF根据第九指示信息，应保护认证请求消息，具体地，目标AMF基于接收到的K _AMF或安全上下文保护认证请求消息，并发送有安全保护的认证请求消息,或者目标AMF根据第九指示信息应发送有安全保护的N1消息，包括认证请求消息。该第九指示信息用于指示目标AMF保护认证请求消息。 As a possible implementation of option two: if the target AMF receives the ninth indication information (that is, the target AMF receives the ninth indication information sent by the initial AMF through the SCP, or the target AMF receives the ninth indication information sent by the SCP, or The response to the first service request received by the target AMF includes the ninth indication information), when the target AMF decides to perform the primary authentication, the target AMF should protect the authentication request message according to the ninth indication information. Specifically, the target AMF is based on Receive the K _AMF or security context protection authentication request message and send the authentication request message with security protection, or the target AMF should send the N1 message with security protection according to the ninth instruction information, including the authentication request message. The ninth indication information is used to indicate the target AMF protection authentication request message.

在该实现方式下还包括在315，该初始AMF发送第一服务请求的响应之前，初始AMF确定向目标AMF或SCP发送第九指示信息。具体地，初始AMF判断第九预设条件满足时，初始AMF向目标AMF或SCP发送第九指示信息。相应地，目标AMF或SCP接收第九指示信息。可选地，初始AMF在第一服务请求的响应中包括第九指示信息。第九预设条件为以下条件中的任意一种或者多种：In this implementation manner, it also includes that at 315, before the initial AMF sends a response to the first service request, the initial AMF determines to send ninth indication information to the target AMF or SCP. Specifically, when the initial AMF determines that the ninth preset condition is satisfied, the initial AMF sends the ninth indication information to the target AMF or SCP. Correspondingly, the target AMF or SCP receives the ninth indication information. Optionally, the initial AMF includes ninth indication information in the response to the first service request. The ninth preset condition is any one or more of the following conditions:

初始AMF和UE之间进行了NAS消息的安全交互；初始AMF和UE之间成功进行了NAS SMC；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下文；该UE和该初始AMF之间进行了主认证；该初始AMF选择了与原AMF选择的安全算法不同的安全算法；该初始AMF使用了从原AMF处接收到的由水平K _AMF推演后生成的K _AMF。初始AMF从原AMF处接收到水平K _AMF推演 指示，并且初始AMF决定使用从原AMF处接收到的K _AMF。 The security exchange of NAS messages is carried out between the initial AMF and the UE; the NAS SMC is successfully carried out between the initial AMF and the UE; the security association is established between the UE and the initial AMF; the security protection is activated between the UE and the initial AMF; A new NAS security context is established between the initial AMF; the primary authentication is performed between the UE and the initial AMF; the initial AMF selects a security algorithm that is different from the security algorithm selected by the original AMF; the initial AMF uses the secondary AMF received at the horizontal K _AMF generated after deduction K _AMF. The initial AMF receives the horizontal K _AMF derivation instruction from the original AMF, and the initial AMF decides to use the K _AMF received from the original AMF.

在本申请中，初始AMF向目标AMF发送消息或信息或指示等，都表示初始AMF通过SCP向目标AMF发送消息或信息或指示等。In this application, the initial AMF sending messages or information or instructions to the target AMF all means that the initial AMF sends messages or information or instructions to the target AMF through the SCP.

当第九预设条件不满足时，初始AMF不向目标AMF或者SCP发送第九指示信息。则目标AMF没有接收到第九指示信息。如果目标AMF没有接收到第九指示信息，目标AMF可执行以下操作的任意一种：When the ninth preset condition is not met, the initial AMF does not send the ninth indication information to the target AMF or SCP. Then the target AMF does not receive the ninth indication information. If the target AMF does not receive the ninth indication information, the target AMF can perform any one of the following operations:

操作一：如果目标AMF决定进行主认证，则目标AMF应发送没有安全保护的认证请求消息；Operation 1: If the target AMF decides to perform master authentication, the target AMF should send an authentication request message without security protection;

操作二：如果目标AMF决定不进行主认证，则目标AMF发送没有安全保护的N1消息或目标AMF应基于接收到的K _AMF或安全上下文保护N1消息、并发送有安全保护的N1消息； Operation 2: If the target AMF decides not to perform the master authentication, the target AMF sends an N1 message without security protection or the target AMF shall protect the N1 message based on the received K _AMF or security context, and send the N1 message with security protection;

操作三：目标AMF应发送没有安全保护的N1消息，包括认证请求消息。Operation 3: The target AMF should send an N1 message without security protection, including an authentication request message.

操作四：如果目标AMF决定进行主认证，且目标AMF没有接收到水平K _AMF推演指示，则目标AMF应发送没有安全保护的认证请求消息，或目标AMF应基于接收到的K _AMF或安全上下文保护认证请求消息、并发送有安全保护的认证请求消息。 Operation 4: If the target AMF decides to perform primary authentication and the target AMF does not receive the level K _AMF deduction instruction, the target AMF should send an authentication request message without security protection, or the target AMF should be based on the received K _AMF or security context protection Authentication request message, and send a security-protected authentication request message.

操作五：如果目标AMF决定进行主认证，且目标AMF接收到水平K _AMF推演指示，则目标AMF应发送没有安全保护的认证请求消息。 Operation 5: If the target AMF decides to perform the master authentication, and the target AMF receives a horizontal K _AMF deduction instruction, the target AMF should send an authentication request message without security protection.

第九指示信息还可以用于指示以下的任意一种或多种：The ninth indication information can also be used to indicate any one or more of the following:

目标AMF应保护认证请求消息；目标AMF应发送有安全保护认证请求消息；目标AMF应保护认证请求消息；目标AMF应发送有安全保护的N1消息，包括认证请求消息。The target AMF should protect the authentication request message; the target AMF should send a security protection authentication request message; the target AMF should protect the authentication request message; the target AMF should send a security protected N1 message, including the authentication request message.

初始AMF和UE之间进行了NAS消息的安全交互；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下文；初始AMF和UE之间成功进行了NAS SMC流程；初始AMF和UE进行主认证；初始AMF从原AMF处接收到水平K _AMF推演指示，并决定使用从原AMF处接收到的K _AMF或安全上下文；初始AMF选择了与原AMF选择的安全算法不同的安全算法。 The security exchange of NAS messages is carried out between the initial AMF and the UE; a security association is established between the UE and the initial AMF; security protection is activated between the UE and the initial AMF; a new NAS security context is established between the UE and the initial AMF; The NAS SMC process is successfully carried out between the initial AMF and the UE; the initial AMF and the UE perform the primary authentication; the initial AMF receives the horizontal K _AMF deduction instruction from the original AMF, and decides to use the K _AMF or security context received from the original AMF ; The initial AMF selects a different security algorithm from the security algorithm selected by the original AMF.

作为选项二的一种可能的实现方式：该目标AMF接收到上述的第一服务请求的响应之后，判断是否发生AMF重定向或者通过RAN的非接入层重路由(也称为direct NAS reroute)。如果发生AMF重定向或者通过RAN的非接入层重路由，则当目标AMF决定进行主认证时，该目标AMF应保护认证请求消息，具体地，目标AMF基于接收到的K _AMF或安全上下文保护认证请求消息，并发送有安全保护的认证请求消息，或者目标AMF应发送有安全保护的N1消息，包括认证请求消息。该目标AMF根据以下条件中的任意一种或多种来判断发生AMF重定向或者通过RAN的非接入层重路由； As a possible implementation of option two: after the target AMF receives the response to the first service request, it determines whether AMF redirection or rerouting through the non-access layer of the RAN (also called direct NAS reroute) occurs. . If AMF redirection or rerouting through the non-access layer of the RAN occurs, when the target AMF decides to perform the primary authentication, the target AMF should protect the authentication request message. Specifically, the target AMF is based on the received K _AMF or security context protection Authentication request message and send a security-protected authentication request message, or the target AMF should send a security-protected N1 message, including the authentication request message. The target AMF determines whether AMF redirection occurs or rerouting through the non-access layer of the RAN according to any one or more of the following conditions;

目标AMF接收到的注册请求消息为没有完整性保护的完整的注册请求消息；目标AMF接收到完整的注册请求消息；目标AMF接收到没有完整性保护的注册请求消息；目标AMF接收到的初始UE消息中包括源到目标AMF信息重路由信元(Source to Target AMF Information Reroute IE)；目标AMF接收到的初始UE消息中包括网络切片选择辅助信息(network slice selection assistance information,NSSAI)；目标AMF接收到的初始UE消息中包括配置的网络切片选择辅助信息(configured network slice selection assistance information,configured NSSAI)和/或拒绝的切片网络切片选择辅助信息(rejected network slice selection assistance information,rejected NSSAI)；目标AMF接收到的第一路由信息。The registration request message received by the target AMF is a complete registration request message without integrity protection; the target AMF receives a complete registration request message; the target AMF receives a registration request message without integrity protection; the initial UE received by the target AMF The message includes source-to-target AMF information rerouting information element (Source to Target AMF Information Reroute IE); the initial UE message received by the target AMF includes network slice selection assistance information (NSSAI); the target AMF receives The received initial UE message includes configured network slice selection assistance information (configured network slice selection assistance information, configured NSSAI) and/or rejected network slice selection assistance information (rejected network slice selection assistance information, rejected NSSAI); target AMF The first routing information received.

作为选项二的另一种可能的实现方式：该目标AMF接收到上述的第一服务请求的响应之后或目标AMF从原AMF接收到UE上下文之后(及图中的317之后)，如果目标AMF决定进行主认证时，该目标AMF应保护认证请求消息，或者，目标AMF应发送有安全保护的N1消息，包括认证请求消息。目标AMF应保护认证请求消息，即目标AMF基于接收到的K _AMF或安全上下文保护认证请求消息，并发送有安全保护的认证请求消息；目标AMF应发送有安全保护的N1消息，即目标AMF基于接收到的K _AMF或安全上下文保护N1消息，并发送有安全保护的N1消息。 As another possible implementation of option two: after the target AMF receives the response to the first service request or after the target AMF receives the UE context from the original AMF (and after 317 in the figure), if the target AMF decides When performing primary authentication, the target AMF should protect the authentication request message, or the target AMF should send a security-protected N1 message, including the authentication request message. The target AMF should protect the authentication request message, that is, the target AMF protects the authentication request message based on the received K _AMF or security context, and sends the authentication request message with security protection; the target AMF should send the N1 message with security protection, that is, the target AMF is based on The received K _AMF or security context protects the N1 message, and sends the N1 message with security protection.

作为选项三的一种可能的实现方式：如果目标AMF接收到第八指示信息(即目标AMF接收到初始AMF通过SCP发送的第八指示信息，或，目标AMF接收到SCP发送的第八指示信息，或者目标AMF接收到的第一服务请求的响应中包括第八指示信息)，则当目标AMF决定进行主认证时，该目标AMF根据第八指示信息，应发送没有安全保护的认证请求消息，或者目标AMF应根据第八指示信息，发起NAS SMC。该第八指示信息，用于指示目标AMF发送没有安全保护的认证请求消息。第八指示信息可为水平K _AMF推演指示。 As a possible implementation of option three: if the target AMF receives the eighth indication information (that is, the target AMF receives the eighth indication information sent by the initial AMF through the SCP, or the target AMF receives the eighth indication information sent by the SCP , Or the response to the first service request received by the target AMF includes the eighth indication information), when the target AMF decides to perform primary authentication, the target AMF should send an authentication request message without security protection according to the eighth indication information, Or the target AMF should initiate a NAS SMC according to the eighth instruction information. The eighth indication information is used to instruct the target AMF to send an authentication request message without security protection. The eighth instruction information may be a horizontal K _AMF deduction instruction.

在该实现方式下还包括在315，该初始AMF调用目标AMF的第一服务请求的响应之前，初始AMF确定向目标AMF或SCP发送第八指示信息。具体地，初始AMF判断第八预设条件满足时，初始AMF向目标AMF或SCP发送第八指示信息。相应地，目标AMF接收第八指示信息。可选地，初始AMF利用第一服务请求的响应向目标AMF或SCP发送第八指示信息。第八预设条件为以下条件中的任意一种或者多种：初始AMF进行水平K _AMF推演，或初始AMF生成新的K _AMF。 In this implementation manner, it further includes that at 315, before the initial AMF invokes the response of the first service request of the target AMF, the initial AMF determines to send eighth indication information to the target AMF or SCP. Specifically, when the initial AMF determines that the eighth preset condition is satisfied, the initial AMF sends eighth indication information to the target AMF or SCP. Correspondingly, the target AMF receives the eighth indication information. Optionally, the initial AMF uses the response of the first service request to send eighth indication information to the target AMF or SCP. The eighth preset condition is any one or more of the following conditions: the initial AMF performs horizontal K _AMF deduction, or the initial AMF generates a new K _AMF .

当第八预设条件不满足时，初始AMF不向目标AMF或SCP发送第八指示信息。则目标AMF没有接收到第八指示信息。如果目标AMF没有接收到第八指示信息，目标AMF可执行以下操作的任意一种：When the eighth preset condition is not met, the initial AMF does not send eighth indication information to the target AMF or SCP. Then the target AMF does not receive the eighth indication information. If the target AMF does not receive the eighth indication information, the target AMF can perform any one of the following operations:

操作一：如果目标AMF决定进行主认证，则目标AMF应基于接收到的K _AMF或安全上下文保护认证请求消息，并发送有安全保护的认证请求信息。 Operation 1: If the target AMF decides to perform the master authentication, the target AMF should _{protect the authentication request message based on the received K AMF} or security context, and send the authentication request message with security protection.

操作二：如果目标AMF决定不进行主认证，则目标AMF应基于接收到的K _AMF或安全上下文保护N1消息、并发送有安全保护的N1消息； Operation 2: If the target AMF decides not to perform the master authentication, the target AMF should _{protect the N1 message based on the received K AMF} or security context, and send the N1 message with security protection;

操作三：目标AMF应基于接收到的K _AMF或安全上下文保护的N1消息，并发送有安全保护的N1消息，包括认证请求消息。 Operation 3: The target AMF should _{send the N1 message with security protection based on the received K AMF} or the N1 message protected by the security context, including the authentication request message.

第八指示信息还可以用于指示以下的任意一种或多种：The eighth indication information can also be used to indicate any one or more of the following:

初始AMF进行水平K _AMF推演；初始AMF生成新的K _AMF；目标AMF应发送没有安全保护的认证请求消息；目标AMF应发起NAS SMC。 The initial AMF performs horizontal K _AMF deduction; the initial AMF generates a new K _AMF ; the target AMF should send an authentication request message without security protection; the target AMF should initiate a NAS SMC.

作为选项四的一种可能的实现方式：如果目标AMF接收到水平K _AMF推演指示，则，目标AMF应不进行主认证，或目标AMF应使用接收到的K _AMF或安全上下文，或目标AMF发起NAS SMC。否则如果目标AMF没有接收到水平K _AMF推演指示，但是接收到第七指示信息，则： As a possible implementation of option four: if the target AMF receives a horizontal K _AMF deduction instruction, the target AMF should not perform master authentication, or the target AMF should use the received K _AMF or security context, or the target AMF initiates NAS SMC. Otherwise, if the target AMF does not receive the horizontal K _AMF deduction instruction, but receives the seventh instruction information, then:

目标AMF如果决定发起主认证，根据第七指示信息，目标AMF应发送有安全保护的认证请求消息，或者，If the target AMF decides to initiate the primary authentication, according to the seventh instruction information, the target AMF should send a security-protected authentication request message, or,

目标AMF根据第七指示信息，应发送有安全保护的N1消息，包括认证请求消息。According to the seventh instruction information, the target AMF should send a N1 message with security protection, including an authentication request message.

该第七指示信息，用于指示目标AMF发送有安全保护的认证请求消息，或目标AMF发送有安全保护的N1消息。The seventh indication information is used to instruct the target AMF to send a security-protected authentication request message, or the target AMF to send a security-protected N1 message.

在该实现方式下还包括在在315，该初始AMF发送第一服务请求的响应之前，初始AMF确定向目标AMF或SCP发送第七指示信息。具体地，初始AMF判断第七预设条件满足时，初始AMF向目标AMF或SCP发送第七指示信息。相应地，目标AMF接收第七指示信息。可选地，初始AMF利用第一服务请求的响应向目标AMF或SCP发送第七指示信息。第七预设条件为以下条件中的任意一种或多种：In this implementation manner, it also includes that before the initial AMF sends a response to the first service request at 315, the initial AMF determines to send seventh indication information to the target AMF or SCP. Specifically, when the initial AMF determines that the seventh preset condition is satisfied, the initial AMF sends the seventh indication information to the target AMF or SCP. Correspondingly, the target AMF receives the seventh indication information. Optionally, the initial AMF uses the response of the first service request to send seventh indication information to the target AMF or SCP. The seventh preset condition is any one or more of the following conditions:

初始AMF和UE之间进行了NAS消息的安全交互；初始AMF和UE之间成功进行了NAS SMC；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下文；该UE和该初始AMF之间进行了主认证；该初始AMF选择了与原AMF选择的安全算法不同的安全算法；该初始AMF使用了从原AMF处接收到的由水平K _AMF推演后生成的K _AMF；该初始AMF从原AMF处接收到水平K _AMF推演指示,并决定使用从原AMF处接收到的K _AMF或安全上下文。 The security exchange of NAS messages is carried out between the initial AMF and the UE; the NAS SMC is successfully carried out between the initial AMF and the UE; the security association is established between the UE and the initial AMF; the security protection is activated between the UE and the initial AMF; A new NAS security context is established between the initial AMF; the primary authentication is performed between the UE and the initial AMF; the initial AMF selects a security algorithm that is different from the security algorithm selected by the original AMF; the initial AMF uses the secondary AMF generated after deduction received at the horizontal K _AMF K _AMF; AMF initially received from the AMF the original level to derive an indication K _{AMF, AMF} or K and decided to use the security context received from AMF original place.

当第七预设条件不满足时，初始AMF不向目标AMF或SCP发送第七指示信息。则目标AMF没有接收到第七指示信息。如果第一AM没有接收到第七指示信息，也没有接收到水平K _AMF推演指示，则目标AMF可执行以下操作的任意一种： When the seventh preset condition is not met, the initial AMF does not send the seventh indication information to the target AMF or SCP. Then the target AMF does not receive the seventh indication information. If the first AM does not receive the seventh instruction information, nor does it receive the horizontal K _AMF deduction instruction, the target AMF can perform any one of the following operations:

操作一：如果目标AMF决定进行主认证，则目标AMF应基于接收到的K _AMF或安全上下文保护认证请求消息，并发送有安全保护的认证请求信息，或目标AMF发送没有安全保护的认证请求消息。 Operation 1: If the target AMF decides to perform the master authentication, the target AMF should _{protect the authentication request message based on the received K AMF} or security context, and send the authentication request message with security protection, or the target AMF sends the authentication request message without security protection .

操作二：如果目标AMF决定不进行主认证，则目标AMF应基于接收到的K _AMF或安全上下文保护N1消息、并发送有安全保护的N1消息，或目标AMF应发送没有安全保护的N1消息。 Operation 2: If the target AMF decides not to perform the master authentication, the target AMF should _{protect the N1 message based on the received K AMF} or security context and send the N1 message with security protection, or the target AMF should send the N1 message without security protection.

操作三：目标AMF应基于接收到的K _AMF或安全上下文保护的N1消息，并发送有安全保护的N1消息，包括认证请求消息。 Operation 3: The target AMF should _{send the N1 message with security protection based on the received K AMF} or the N1 message protected by the security context, including the authentication request message.

操作四：目标AMF应发送没有安全保护的N1消息，包括认证请求消息。Operation 4: The target AMF should send an N1 message without security protection, including an authentication request message.

第七指示信息还可以用于指示以下的任意一种或多种：The seventh indication information can also be used to indicate any one or more of the following:

初始AMF和UE之间进行了NAS消息的安全交互；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下文；初始AMF和UE之间成功进行了NAS SMC流程；初始AMF和UE进行主认证；初始AMF从原AMF处接收到水平K _AMF推演指示，并决定使用从原AMF处接收到的K _AMF或安全上下文；初始AMF选择了与原AMF选择的安全算法不同的安全算法；目标AMF应发送有安全保护的认证请求消息；目标AMF应保护认证请求消息；目标AMF应发送有安全保护的N1消息，包括认证请求消息。 The security exchange of NAS messages is carried out between the initial AMF and the UE; a security association is established between the UE and the initial AMF; security protection is activated between the UE and the initial AMF; a new NAS security context is established between the UE and the initial AMF; The NAS SMC process is successfully carried out between the initial AMF and the UE; the initial AMF and the UE perform the primary authentication; the initial AMF receives the horizontal K _AMF deduction instruction from the original AMF, and decides to use the K _AMF or security context received from the original AMF ; The initial AMF chooses a security algorithm that is different from the security algorithm selected by the original AMF; the target AMF should send a security-protected authentication request message; the target AMF should protect the authentication request message; the target AMF should send a security-protected N1 message, including authentication Request message.

作为选项四的另一种可能的实现方式：如果目标AMF接收到的第六指示信息和水平K _AMF推演指示，则目标AMF应不进行主认证，或目标AMF应使用接收到的K _AMF或安全上下文。否则如果目标AMF没有接收到水平K _AMF推演指示，但是接收到第六指示信息，则目标AMF如果决定发起主认证，根据第六指示信息，目标AMF应发送有安全保护的认证请求消息；或者， As another possible implementation of Option 4: If the target AMF receives the sixth instruction information and the level K _AMF deduction instruction, the target AMF should not perform the master authentication, or the target AMF should use the received K _AMF or security Context. Otherwise, if the target AMF does not receive the horizontal K _AMF deduction instruction, but receives the sixth instruction information, if the target AMF decides to initiate the primary authentication, according to the sixth instruction information, the target AMF should send an authentication request message with security protection; or,

目标AMF根据第六指示信息，应发送有安全保护的N1消息，N1消息包括认证请求消息。The target AMF should send a security-protected N1 message according to the sixth instruction information, and the N1 message includes an authentication request message.

该第六指示信息，用于指示目标AMF发送有安全保护的认证请求消息。The sixth indication information is used to instruct the target AMF to send an authentication request message with security protection.

在该实现方式下还包括在在315，该初始AMF发送第一服务请求的响应之前，初始AMF 确定向目标AMF或SCP发送第六指示信息。具体地，初始AMF判断第六预设条件满足时，初始AMF向目标AMF或SCP发送第六指示信息。相应地，目标AMF接收第六指示信息。可选地，初始AMF利用第一服务请求的响应向目标AMF或SCP发送第六指示信息。第六预设条件为以下条件中的任意一种或者多种：In this implementation manner, it also includes that before the initial AMF sends a response to the first service request at 315, the initial AMF determines to send sixth indication information to the target AMF or SCP. Specifically, when the initial AMF determines that the sixth preset condition is satisfied, the initial AMF sends the sixth indication information to the target AMF or SCP. Correspondingly, the target AMF receives the sixth indication information. Optionally, the initial AMF uses the response of the first service request to send the sixth indication information to the target AMF or SCP. The sixth preset condition is any one or more of the following conditions:

初始AMF和UE之间进行了NAS消息的安全交互；初始AMF和UE之间成功进行了NAS SMC；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下文；该UE和该初始AMF之间进行了主认证；该初始AMF选择了与原AMF选择的安全算法不同的安全算法；该初始AMF使用了从原AMF处接收到的由水平K _AMF推演后生成的K _AMF；该初始AMF从原AMF处接收到水平K _AMF推演指示,并决定使用从原AMF处接收到的K _AMF和安全上下文。 The security exchange of NAS messages is carried out between the initial AMF and the UE; the NAS SMC is successfully carried out between the initial AMF and the UE; the security association is established between the UE and the initial AMF; the security protection is activated between the UE and the initial AMF; A new NAS security context is established between the initial AMF; the primary authentication is performed between the UE and the initial AMF; the initial AMF selects a security algorithm that is different from the security algorithm selected by the original AMF; the initial AMF uses the secondary AMF generated after deduction received at the horizontal K _AMF K _AMF; AMF initially received from the AMF the original level to derive an indication K _{AMF, AMF} and K and decided to use the security context received from AMF original place.

当第六预设条件不满足时，初始AMF不向目标AMF或SCP发送第六指示信息。则目标AMF没有接收到第六指示信息。如果目标AMF没有接收到第六指示信息，但是接收到水平K _AMF推演指示，则目标AMF可执行以下操作的任意一种： When the sixth preset condition is not met, the initial AMF does not send the sixth indication information to the target AMF or SCP. Then the target AMF does not receive the sixth indication information. If the target AMF does not receive the sixth indication information, but receives the horizontal K _AMF derivation instruction, the target AMF can perform any one of the following operations:

操作一：如果目标AMF决定进行主认证，则目标AMF应发送没有安全保护的认证请求消息。Operation 1: If the target AMF decides to perform the master authentication, the target AMF should send an authentication request message without security protection.

操作二：如果目标AMF决定不进行主认证，则目标AMF应基于接收到的K _AMF或安全上下文保护N1消息、并发送有安全保护的N1消息，或目标AMF应发送没有安全保护的N1消息，或目标AMF发起NAS SMC； Operation 2: If the target AMF decides not to perform the master authentication, the target AMF should _{protect the N1 message based on the received K AMF} or security context and send the N1 message with security protection, or the target AMF should send the N1 message without security protection. Or the target AMF initiates NAS SMC;

操作三：目标AMF应发送没有安全保护的N1消息，包括认证请求消息。Operation 3: The target AMF should send an N1 message without security protection, including an authentication request message.

如果目标AMF没有接收到第六指示信息，也没有接收到水平K _AMF推演指示，则目标AMF可执行以下操作的任意一种： If the target AMF does not receive the sixth instruction information, nor does it receive the horizontal K _AMF deduction instruction, the target AMF can perform any one of the following operations:

操作一：如果目标AMF决定进行主认证，则目标AMF应发送没有安全保护的认证请求消息，或目标AMF应基于接收到的K _AMF或安全上下文保护认证请求消息、并发送有安全保护的认证消息。 Operation 1: If the target AMF decides to perform primary authentication, the target AMF should send an authentication request message without security protection, or the target AMF should protect the authentication request message based on the received K _AMF or security context, and send an authentication message with security protection .

操作二：如果目标AMF决定不进行主认证，则目标AMF应基于接收到的K _AMF或安全上下文保护N1消息、并发送有安全保护的N1消息，或目标AMF应发送没有安全保护的N1消息； Operation 2: If the target AMF decides not to perform the master authentication, the target AMF should _{protect the N1 message based on the received K AMF} or security context and send the N1 message with security protection, or the target AMF should send the N1 message without security protection;

操作三：目标AMF应发送没有安全保护的N1消息，包括认证请求消息。Operation 3: The target AMF should send an N1 message without security protection, including an authentication request message.

操作四：目标AMF应发送有安全保护的N1消息，包括认证请求消息。Operation 4: The target AMF should send a N1 message with security protection, including an authentication request message.

第六指示信息还可以用于指示以下的任意一种或多种：The sixth indication information can also be used to indicate any one or more of the following:

初始AMF和UE之间进行了NAS消息的安全交互；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下文；初始AMF和UE之间成功进行了NAS SMC流程；初始AMF和UE进行主认证；初始AMF从原AMF处接收到水平K _AMF推演指示，并决定使用接收到的K _AMF或安全上下文；初始AMF决定使用从原AMF处接收到的由水平K _AMF推演生成的K _AMF；初始AMF选择了与原AMF选择的安全算法不同的安全算法；目标AMF应发送有安全保护的认证请求消息；目标AMF应保护认证请求消息；目标AMF应发送有保护的N1消息，包括认证请求消息。 The security exchange of NAS messages is carried out between the initial AMF and the UE; a security association is established between the UE and the initial AMF; security protection is activated between the UE and the initial AMF; a new NAS security context is established between the UE and the initial AMF; The NAS SMC process is successfully carried out between the initial AMF and the UE; the initial AMF and the UE perform primary authentication; the initial AMF receives the horizontal K _AMF deduction instruction from the original AMF and decides to use the received K _AMF or security context; the initial AMF decides use received from the old AMF place by the horizontal K _AMF deduction generated K _AMF; initial AMF selected security algorithm original AMF select a different security algorithm; target AMF to be transmitted with a security authentication request message; target AMF be protected Authentication request message; the target AMF should send a protected N1 message, including the authentication request message.

该实施例中，如果SCP接收到初始AMF发送的第六指示信息，和/或，第七指示信息，和/或，第八指示信息，和/或，第九指示信息，和/或，第十指示信息，则SCP将接收到的第六指示信息，和/或，第七指示信息，和/或，第八指示信息，和/或，第九指示信息，和/或， 第十指示信息发送给目标AMF。可选地，SCP通过第一服务请求的响应发送第六指示信息，和/或，第七指示信息，和/或，第八指示信息，和/或，第九指示信息，和/或，第十指示信息。In this embodiment, if the SCP receives the sixth indication information sent by the initial AMF, and/or the seventh indication information, and/or the eighth indication information, and/or the ninth indication information, and/or the first Ten instruction information, the sixth instruction information that SCP will receive, and/or, seventh instruction information, and/or, eighth instruction information, and/or, ninth instruction information, and/or, tenth instruction information Sent to the target AMF. Optionally, the SCP sends the sixth indication information, and/or the seventh indication information, and/or the eighth indication information, and/or the ninth indication information, and/or the first service request in response to the first service request. Ten instructions.

一种可能的实现方式中，初始AMF通过RAN向目标AMF发送第六指示信息，和/或，第七指示信息，和/或，第八指示信息，和/或，第九指示信息，和/或，第十指示信息。具体的，初始AMF通过重定向NAS消息(reroute NAS message)中将第六指示信息，和/或，第七指示信息，和/或，第八指示信息，和/或，第九指示信息，和/或，第十指示信息，发送给RAN；RAN将接收到的第六指示信息，和/或，第七指示信息，和/或，第八指示信息，和/或，第九指示信息，和/或，第十指示信息通过初始UE消息(initial UE message)中发送给目标AMF。初始AMF在发送第六指示信息，和/或，第七指示信息，和/或，第八指示信息，和/或，第九指示信息，和/或，第十指示信息之前需要确定发送第六指示信息，和/或，第七指示信息，和/或，第八指示信息，和/或，第九指示信息，和/或，第十指示信息。初始AMF确定发送第六指示信息，和/或，第七指示信息，和/或，第八指示信息，和/或，第九指示信息，和/或，第十指示信息，见前面描述，这里不再赘述。In a possible implementation manner, the initial AMF sends the sixth indication information, and/or the seventh indication information, and/or the eighth indication information, and/or the ninth indication information to the target AMF through the RAN. Or, the tenth instruction message. Specifically, the initial AMF includes the sixth indication information, and/or the seventh indication information, and/or the eighth indication information, and/or the ninth indication information in the reroute NAS message, and /Or, the tenth indication information, sent to the RAN; the RAN will receive the sixth indication information, and/or, the seventh indication information, and/or, the eighth indication information, and/or, the ninth indication information, and /Or, the tenth indication information is sent to the target AMF in an initial UE message (initial UE message). The initial AMF needs to determine to send the sixth instruction information, and/or, the seventh instruction information, and/or, the eighth instruction information, and/or the ninth instruction information, and/or, the tenth instruction information before sending the sixth instruction information. Instruction information, and/or, seventh instruction information, and/or, eighth instruction information, and/or, ninth instruction information, and/or, tenth instruction information. The initial AMF determines to send the sixth instruction information, and/or, the seventh instruction information, and/or, the eighth instruction information, and/or, the ninth instruction information, and/or, the tenth instruction information, see the previous description, here No longer.

可选的，在图3所示的注册方法包括步骤317时，图3所示的方法还可包括：Optionally, when the registration method shown in FIG. 3 includes step 317, the method shown in FIG. 3 may further include:

318、目标AMF删除从原AMF中获取的UE上下文或UE的安全上下文或UE的NAS安全上下文。318. The target AMF deletes the UE context or the security context of the UE or the NAS security context of the UE obtained from the original AMF.

需要说明的是，目标AMF从原AMF中获取到的UE上下文或UE的安全上下文或UE的NAS安全上下文与从SCP中获取的是否相同，本申请实施例不作限定。It should be noted that whether the UE context or the security context of the UE or the NAS security context of the UE obtained by the target AMF from the original AMF is the same as the one obtained from the SCP is not limited in the embodiment of this application.

本申请实施例中，初始AMF通过RAN向目标AMF发送第一路由信息，该目标AMF接收到该第一路由信息后，可通过SCP从初始AMF处获取到UE上下文或UE安全上下文或UE的NAS安全上下文等。其中，该UE上下文即为UE与初始AMF之间建立的新的NAS安全上下文，由此目标AMF便可获取到该新的NAS安全上下文，从而避免了UE注册失败，保证UE注册成功。In the embodiment of this application, the initial AMF sends the first routing information to the target AMF through the RAN. After the target AMF receives the first routing information, it can obtain the UE context or the UE security context or the UE's NAS from the initial AMF through the SCP. Security context, etc. The UE context is the new NAS security context established between the UE and the initial AMF, so the target AMF can obtain the new NAS security context, thereby avoiding UE registration failure and ensuring UE registration success.

图4是本申请实施例提供的一种注册方法的流程示意图，如图4所示，该注册方法包括：Fig. 4 is a schematic flowchart of a registration method provided by an embodiment of the present application. As shown in Fig. 4, the registration method includes:

可理解，对于图4中的401至410的具体实现方式可参考图2中201-210所示描述，这里不再详述。It can be understood that, for the specific implementation manners of 401 to 410 in FIG. 4, reference may be made to the description shown in 201-210 in FIG. 2, which will not be described in detail here.

411、初始AMF确定通过(R)AN将NAS消息重定向给目标AMF(即NAS reroute via(R)AN；该初始AMF向(R)AN发送第一指示信息(indicator1)，(R)AN接收初始AMF发送的第一指示信息，该第一指示信息用于指示目标AMF从初始AMF中获取UE上下文或UE的安全上下文或UE的NAS安全上下文或初始AMF与UE建立的NAS安全上下文或当前安全上下文。411. The initial AMF determines to redirect the NAS message to the target AMF through the (R)AN (that is, NAS reroute via (R)AN; the initial AMF sends the first indication information (indicator1) to the (R)AN, and the (R)AN receives it. The first indication information sent by the initial AMF, the first indication information is used to instruct the target AMF to obtain the UE context or the UE security context or the UE NAS security context or the NAS security context established between the initial AMF and the UE or the current security from the initial AMF Context.

可选的，初始AMF向(R)AN发送重定向NAS消息(reroute NAS message)，该reroute NAS message中可包括第一指示信息。(R)AN接收该reroute NAS message。Optionally, the initial AMF sends a redirect NAS message (reroute NAS message) to the (R)AN, and the reroute NAS message may include the first indication information. (R) AN receives the reroute NAS message.

具体的，该第一指示信息还可用于指示以下任意一种或多种：Specifically, the first indication information may also be used to indicate any one or more of the following:

初始AMF和UE进行了NAS消息的安全交互；Initially, AMF and UE conducted a secure exchange of NAS messages;

初始AMF和UE成功地进行了NAS安全模式控制流程；The initial AMF and UE successfully carried out the NAS security mode control process;

初始AMF和UE成功地进行了NAS SMC；The initial AMF and UE successfully performed NAS SMC;

初始AMF和UE建立了新的NAS安全上下文；The initial AMF and UE establish a new NAS security context;

初始AMF和UE成功地进行了主认证；The initial AMF and UE successfully performed the master authentication;

初始AMF和UE激活了NAS安全；NAS security is activated by the initial AMF and UE;

初始AMF接收到水平K _AMF推衍指示(keyAMFHDerivationInd指示)； The initial AMF receives the level K _AMF derivation indication (keyAMFHDerivationInd indication);

初始AMF选择了新的安全算法；The initial AMF selected a new security algorithm;

(R)AN向目标AMF发送初始AMF的路由信息；(R) AN sends the routing information of the initial AMF to the target AMF;

(R)AN向目标AMF发送指示信息，该指示信息用于指示目标AMF从初始AMF处获取UE上下文、或指示目标AMF通过SCP从初始AMF处获取UE上下文。(R) AN sends indication information to the target AMF, the indication information is used to instruct the target AMF to obtain the UE context from the initial AMF, or to instruct the target AMF to obtain the UE context from the initial AMF through the SCP.

可选的，初始AMF还可通过一些条件来判断是否向(R)AN发送第一指示信息。例如，初始AMF判断满足以下条件中的一种或多种时，该初始AMF向(R)AN发送第一指示信息。Optionally, the initial AMF may also determine whether to send the first indication information to the (R)AN based on some conditions. For example, when the initial AMF determines that one or more of the following conditions are met, the initial AMF sends the first indication information to the (R)AN.

初始AMF和UE进行了NAS消息的安全交互；Initially, AMF and UE conducted a secure exchange of NAS messages;

初始AMF和UE成功地进行了NAS安全模式控制流程；The initial AMF and UE successfully carried out the NAS security mode control process;

初始AMF和UE成功地进行了NAS SMC；The initial AMF and UE successfully performed NAS SMC;

初始AMF和UE建立了新的NAS安全上下文；The initial AMF and UE establish a new NAS security context;

初始AMF和UE成功地进行了主认证；The initial AMF and UE successfully performed the master authentication;

初始AMF和UE激活了NAS安全；NAS security is activated by the initial AMF and UE;

初始AMF接收到水平K _AMF推衍指示(keyAMFHDerivationInd指示)； The initial AMF receives the level K _AMF derivation indication (keyAMFHDerivationInd indication);

初始AMF选择了新的安全算法。The initial AMF chose a new security algorithm.

412、(R)AN向目标AMF发送第四路由信息，该目标AMF接收该(R)AN发送的该第四路由信息。412. The (R)AN sends fourth routing information to the target AMF, and the target AMF receives the fourth routing information sent by the (R)AN.

该第四路由信息可包括初始AMF的路由信息，比如包括初始AMF的终点地址(end point address)、初始AMF的互联网协议(internet protocol，IP)地址、初始AMF的实例标识(instance ID)、初始AMF的AMF集标识(AMF set ID)、初始AMF的全球唯一AMF标识(Globally Unique AMF Identifier，GUAMI)等。该第四路由信息还包括其他的可用于进行初始AMF路由的信息，本申请不做限制。The fourth routing information may include the routing information of the initial AMF, such as the end point address of the initial AMF, the internet protocol (IP) address of the initial AMF, the instance ID of the initial AMF, and the initial AMF. The AMF set ID (AMF set ID) of the AMF, the Globally Unique AMF Identifier (GUAMI) of the initial AMF, etc. The fourth routing information also includes other information that can be used for initial AMF routing, which is not limited in this application.

可选的，(R)AN可向目标AMF发送initial UE message，该initialUEmessage中包括第四路由信息。目标AMF接收该initial UE message。Optionally, the (R)AN may send an initial UE message to the target AMF, and the initial UE message includes the fourth routing information. The target AMF receives the initial UE message.

可选地，(R)AN判断是否向目标AMF发送该第四路由信息。例如，当(R)AN接收到初始AMF发送的第一指示信息，则(R)AN向目标AMF发送该第四路由信息。Optionally, the (R)AN determines whether to send the fourth routing information to the target AMF. For example, when the (R)AN receives the first indication information sent by the initial AMF, the (R)AN sends the fourth routing information to the target AMF.

413、目标AMF根据该第四路由信息向服务通信代理(SCP)发送第三服务请求，该SCP接收该目标AMF发送的该第三服务请求。413. The target AMF sends a third service request to a service communication agent (SCP) according to the fourth routing information, and the SCP receives the third service request sent by the target AMF.

可选的，该第三服务请求中包括目标AMF接收到的第四路由信息和UE的标识信息。Optionally, the third service request includes the fourth routing information received by the target AMF and the identification information of the UE.

由于initialUE message中可包括RR消息，因此上述第三服务请求中包括的UE的标识信息可包括目标AMF接收到的RR消息中的UE的标识。该UE的标识信息可以是SUPI、或者5G-GUTI、或者SUCI。Since the initialUE message may include the RR message, the UE identification information included in the third service request may include the UE identification in the RR message received by the target AMF. The identification information of the UE may be SUPI, or 5G-GUTI, or SUCI.

可选的，在步骤413之前，步骤412之后，图4所示的注册方法还包括：Optionally, before step 413 and after step 412, the registration method shown in FIG. 4 further includes:

417、目标AMF从原AMF中获取UE上下文或UE的安全上下文或UE的NAS安全上下文或UE和原AMF之间建立的安全上下文，如目标AMF可通过Namf_Communication_UEContextTransfer向原AFM请求UE上下文，以及该原AMF可通过Namf_Communication_UEContextTransfer response向目标AMF发送UE上下文或UE的安全上下文或UE的NAS安全上下文或UE和原AMF之间建立的安全上下文。417. The target AMF obtains the UE context or the security context of the UE or the NAS security context of the UE or the security context established between the UE and the original AMF from the original AMF. For example, the target AMF can request the UE context from the original AFM through Namf_Communication_UEContextTransfer, and the original AMF The UE context or the security context of the UE or the NAS security context of the UE or the security context established between the UE and the original AMF can be sent to the target AMF through Namf_Communication_UEContextTransfer response.

在目标AMF从原AMF中获取到UE上下文、或UE的安全上下文、或UE的NAS安全 上下文、或UE与原AMF之间建立的安全上下文的情况下，上述第一服务请求中所包括的UE的标识信息还可包括目标AMF从原AMF中获取到的UE上下文中包括的UE的标识。例如，该UE的标识可以是SUPI、或者5G-GUTI、或者SUCI。In the case that the target AMF obtains the UE context, or the security context of the UE, or the NAS security context of the UE, or the security context established between the UE and the original AMF from the original AMF, the UE included in the above-mentioned first service request The identification information of may also include the identification of the UE included in the UE context obtained by the target AMF from the original AMF. For example, the identity of the UE may be SUPI, or 5G-GUTI, or SUCI.

414、SCP向初始AMF发送该第三服务请求，该初始AMF接收该SCP发送的该第三服务请求。414. The SCP sends the third service request to the initial AMF, and the initial AMF receives the third service request sent by the SCP.

415、初始AMF向SCP发送第三服务请求的响应，该第三服务请求的响应中包括UE上下文、或UE安全上下文、或UE的NAS安全上下文、或初始AMF与UE建立的NAS安全上下文、或当前上下文。该SCP接收该初始AMF发送的第三服务请求的响应。415. The initial AMF sends a response to the third service request to the SCP, and the response of the third service request includes the UE context, or the UE security context, or the NAS security context of the UE, or the NAS security context established by the initial AMF and the UE, or The current context. The SCP receives the response to the third service request sent by the initial AMF.

416、SCP向目标AMF发送接收到的UE上下文、或UE的安全上下文、或UE的NAS安全上下文、或初始AMF与UE建立的NAS安全上下文、或当前上下文，该目标AMF接收该SCP发送的UE上下文、或UE安全上下文、或UE的NAS安全上下文、或初始AMF与UE建立的NAS安全上下文、或当前上下文。416. The SCP sends the received UE context, or the security context of the UE, or the NAS security context of the UE, or the NAS security context established by the initial AMF and the UE, or the current context to the target AMF, and the target AMF receives the UE sent by the SCP. Context, or UE security context, or UE's NAS security context, or NAS security context established by the initial AMF and UE, or current context.

417、可选的，目标AMF从原AMF中获取UE上下文或UE的安全上下文或UE的NAS安全上下文或UE和原AMF之间建立的安全上下文，如目标AMF可通过Namf_Communication_UEContextTransfer向原AFM请求UE上下文，以及该原AMF可通过Namf_Communication_UEContextTransfer response向目标AMF发送UE上下文或UE的安全上下文或UE的NAS安全上下文或UE和原AMF之间建立的安全上下文。417. Optionally, the target AMF obtains the UE context or the security context of the UE or the NAS security context of the UE or the security context established between the UE and the original AMF from the original AMF. For example, the target AMF can request the UE context from the original AFM through Namf_Communication_UEContextTransfer, And the original AMF can send the UE context or the security context of the UE or the NAS security context of the UE or the security context established between the UE and the original AMF to the target AMF through Namf_Communication_UEContextTransfer response.

418、目标AMF删除从原AMF中获取的UE上下文或UE的安全上下文或UE的NAS安全上下文。418. The target AMF deletes the UE context or the UE security context or the UE's NAS security context obtained from the original AMF.

需要说明的是，目标AMF从原AMF中获取到的UE上下文或UE的安全上下文或UE的NAS安全上下文与从SCP中获取的是否相同，本申请实施例不作限定。It should be noted that whether the UE context or the security context of the UE or the NAS security context of the UE obtained by the target AMF from the original AMF is the same as the one obtained from the SCP is not limited in the embodiment of this application.

图5是本申请实施例提供的一种注册方法的流程示意图，如图5所示，该注册方法包括：Fig. 5 is a schematic flowchart of a registration method provided by an embodiment of the present application. As shown in Fig. 5, the registration method includes:

可理解，对于图5中的501至510的具体实现方式可参考图2所示201到210的注册方法，这里不再详述。It can be understood that, for the specific implementation manners of 501 to 510 in FIG. 5, reference may be made to the registration methods of 201 to 210 shown in FIG. 2, which will not be described in detail here.

511、初始AMF确定通过(R)AN将NAS消息重定向给目标AMF(即NAS reroute via(R)AN)；该初始AMF向SCP发送第一信息；该SCP接收该初始AMF发送的第一信息。511. The initial AMF determines to redirect the NAS message to the target AMF through the (R)AN (that is, NAS reroute via(R)AN); the initial AMF sends the first information to the SCP; the SCP receives the first information sent by the initial AMF .

例如，该第一信息中包括UE的标识信息和UE上下文，或者For example, the first information includes UE identification information and UE context, or

该第一信息中包括UE的标识信息和UE的安全上下文，或者The first information includes the identification information of the UE and the security context of the UE, or

该第一信息中包括UE的标识信息和UE的NAS安全上下文，或者The first information includes the identification information of the UE and the NAS security context of the UE, or

该第一信息中包括UE的标识信息、以及初始AMF与UE建立的NAS安全上下文，或者The first information includes the identification information of the UE and the NAS security context established by the initial AMF and the UE, or

该第一信息中包括UE的标识信息、以及当前安全上下文。The first information includes the identification information of the UE and the current security context.

其中，UE的标识信息可以是UE的SUCI，或SUPI，或5G-GUTI等等。Among them, the identification information of the UE may be the SUCI, or SUPI, or 5G-GUTI of the UE, and so on.

可选地，该UE的标识信息为初始AMF接收到的注册请求消息中携带的SUCI或者5G-GUTI。Optionally, the identification information of the UE is SUCI or 5G-GUTI carried in the registration request message received by the initial AMF.

可选的，该初始AMF还可根据一些条件来判断是否需要向SCP发送该第一信息。如初始AMF判断满足以下条件中的一种或多种时，初始AMF向SCP发送第一信息。Optionally, the initial AMF may also determine whether the first information needs to be sent to the SCP based on some conditions. If the initial AMF determines that one or more of the following conditions are met, the initial AMF sends the first information to the SCP.

初始AMF和UE进行了NAS消息的安全交互；Initially, AMF and UE conducted a secure exchange of NAS messages;

初始AMF和UE成功地进行了NAS安全模式控制流程；The initial AMF and UE successfully carried out the NAS security mode control process;

初始AMF和UE成功地进行了NAS SMC；The initial AMF and UE successfully performed NAS SMC;

初始AMF和UE建立了新的NAS安全上下文；The initial AMF and UE establish a new NAS security context;

初始AMF和UE成功地进行了主认证；The initial AMF and UE successfully performed the master authentication;

初始AMF和UE激活了NAS安全；NAS security is activated by the initial AMF and UE;

初始AMF接收到水平K _AMF推衍指示(keyAMFHDerivationInd指示)； The initial AMF receives the level K _AMF derivation indication (keyAMFHDerivationInd indication);

初始AMF选择了新的安全算法。The initial AMF chose a new security algorithm.

可选的，初始AMF向SCP发送第一信息之前，该初始AMF还可根据本地策略或本地配置，来确定是否进行水平K _AMF推衍。在初始AMF确定进行水平K _AMF推衍的情况下，该初始AMF可进行水平K _AMF推衍生成新的K _AMF。进一步的，该初始AMF还可向SCP发送该新的K _AMF，和水平K _AMF推衍指示，比如keyAMFHDerivationInd。 Optionally, before the initial AMF sends the first information to the SCP, the initial AMF may also determine whether to perform horizontal K _AMF derivation according to a local policy or local configuration. In the case where the initial AMF determines that the level K _{AMF is} derived, the initial AMF can be _{derived from the level K AMF} into a new K _AMF . Further, the initial AMF can also send the new K _AMF and a horizontal K _AMF derivation instruction, such as keyAMFHDerivationInd, to the SCP.

作为一种可能的实施方式，初始AMF向SCP发送第一信息之前，初始AMF决定是否进行水平K _AMF推演。 As a possible implementation manner, before the initial AMF sends the first information to the SCP, the initial AMF decides whether to perform horizontal K _AMF deduction.

如果初始AMF决定不进行水平K _AMF推演，则初始AMF向目标AMF或者SCP发送当前的安全上下文，包括当前的K _AMF；应理解在本申请中，初始AMF向目标AMF发送当前的安全上下文，即初始AMF通过SCP向目标AMF发送当前的安全上下文。 If the initial AMF decides not to perform horizontal K _AMF deduction, the initial AMF sends the current security context to the target AMF or SCP, including the current K _AMF ; it should be understood that in this application, the initial AMF sends the current security context to the target AMF, that is The initial AMF sends the current security context to the target AMF through the SCP.

如果初始AMF决定进行水平K _AMF推演，则初始AMF根据当前K _AMF生成新的K _AMF或新的安全上下文或新的NAS安全上下文，初始AMF向目标AMF或者SCP发送新的K _AMF或新的安全上下文或新的NAS安全上下文，并且初始AMF向目标AMF发送水平K _AMF推演指示。该水平K _AMF推演指示可称为keyAmfHDerivationInd。 If the initial AMF decides to perform horizontal K _AMF deduction, the initial AMF generates a new K _AMF or a new security context or a new NAS security context _{based on the current K AMF , and the initial AMF sends a new K AMF} or new security to the target AMF or SCP Context or a new NAS security context, and the initial AMF sends a horizontal K _AMF deduction instruction to the target AMF. This level K _AMF deduction instruction can be called keyAmfHDerivationInd.

可选地，初始AMF在第一信息包括当前安全上下文或新的K _AMF或新的安全上下文或水平K _AMF推演指示；可选地，初始AMF可以通过除上述第一信息之外的消息向目标AMF或SCP发送UE的安全上下文，包括当前安全上下文或新的K _AMF或新的安全上下文或水平K _AMF推演指示，本申请对于初始AMF如何向目标AMF发送UE的安全上下文的具体方式并不限制。 Optionally, the initial AMF includes the current security context or new K _AMF or new security context or level K _AMF deduction indication in the first information; optionally, the initial AMF may send the target to the target through a message other than the above-mentioned first information. AMF or SCP sends the security context of the UE, including the current security context or new K _AMF or new security context or level K _AMF deduction instructions. This application does not limit how the initial AMF sends the UE's security context to the target AMF. .

初始AMF决定是否进行水平K _AMF推演可以是以下三种方式中的任意一种： The initial AMF decision whether to perform horizontal K _AMF deduction can be any of the following three ways:

方式一：初始AMF不进行水平K _AMF推演，即初始AMF发送当前的安全上下文给目标AMF； Method 1: The initial AMF does not perform horizontal K _AMF deduction, that is, the initial AMF sends the current security context to the target AMF;

方式二：初始AMF根据本地策略判断是否进行水平K _AMF推演，即初始AMF根据本地策略确定进行水平K _AMF推演，或，初始AMF根据本地策略确定不进行水平K _AMF推演； Method 2: The initial AMF determines whether to perform the horizontal K _AMF deduction according to the local strategy, that is, the initial AMF determines the horizontal K _AMF deduction according to the local strategy, or the initial AMF determines not to perform the horizontal K _AMF deduction according to the local strategy;

方式三：初始AMF根据第四预设条件判断是否进行水平K _AMF推演，即如果初始AMF判断第四预设条件满足，则初始AMF不进行水平K _AMF推演，也就是，初始AMF发送当前安全上下文给目标AMF；如果初始AMF判断第四预设条件不满足，则初始AMF根据本地策略判断是否进行水平K _AMF推演，即初始AMF根据本地策略确定进行水平K _AMF推演，或初始AMF根据本地策略确定不进行水平K _AMF推演。其中第四预设条件为以下条件中的任意一种或者几种： Method 3: The initial AMF judges whether to perform horizontal K _AMF deduction according to the fourth preset condition, that is, if the initial AMF judges that the fourth preset condition is satisfied, the initial AMF does not perform horizontal K _AMF deduction, that is, the initial AMF sends the current security context For the target AMF; if the initial AMF determines that the fourth preset condition is not met, the initial AMF determines whether to perform horizontal K _AMF deduction according to the local strategy, that is, the initial AMF determines the level K _AMF deduction according to the local strategy, or the initial AMF determines the level K AMF deduction based on the local strategy No horizontal K _AMF deduction is performed. The fourth preset condition is any one or more of the following conditions:

初始AMF和UE之间进行了NAS消息的安全交互；初始AMF和UE之间成功进行了NAS SMC；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下文；UE和初始AMF之间进行了主认证；初始AMF选择了与原AMF选择的安全算法不同的安全算法；初始AMF使用了从原AMF处接收到的由水平K _AMF推演后生成的K _AMF；初始AMF从原AMF处接收到水平K _AMF推演指示，并且初始AMF决定使用从原AMF处接收到的K _AMF； The security exchange of NAS messages is carried out between the initial AMF and the UE; the NAS SMC is successfully carried out between the initial AMF and the UE; the security association is established between the UE and the initial AMF; the security protection is activated between the UE and the initial AMF; A new NAS security context is established between the initial AMF; the primary authentication is performed between the UE and the initial AMF; the initial AMF selects a security algorithm that is different from the security algorithm selected by the original AMF; the initial AMF uses the one received from the original AMF after deduction generated by the horizontal K _AMF K _AMF; AMF initially received from the old place to level K AMF _AMF deduction indicated, and the initial decision to use K AMF _AMF AMF received from the original;

在本申请中，当前安全上下文包括当前NAS安全上下文。当前NAS安全上下文包括当前K _AMF。初始AMF根据当前K _AMF生成新的K _AMF，也称为推演的K _AMF。初始AMF根据当前K _AMF生成新的安全上下文，也称为推演的安全上下文。初始AMF根据当前K _AMF生成新的NAS安全上下文，也称为推演的NAS安全上下文,包括推演的K _AMF。初始AMF根据当前K _AMF生成的新的安全上下文包括初始AMF根据当前K _AMF生成的新的NAS安全上下文。水平K _AMF推演指示也称为K _AMF水平推演指示，用于指示生成新的K _AMF，或水平K _AMF推演。 In this application, the current security context includes the current NAS security context. The current NAS security context includes the current K _AMF . Generating a new initial AMF _AMF the current K K _AMF, also referred to as a deduction K _AMF. The initial AMF generates a new security context based on the current K _AMF , which is also called a deduced security context. The initial AMF generates a new NAS security context based on the current K _AMF , which is also called the deduced NAS security context, including the deduced K _AMF . Initial AMF comprising the new security context of the current generated by the initial K _AMF AMF the new NAS security context of the currently generated K _AMF. The level K _AMF deduction instruction is also called the K _AMF level deduction instruction, which is used to instruct the generation of a new K _AMF , or the level K _AMF deduction.

一种可能的实现方式中，该初始AMF发送第一信息之前，初始AMF确定向目标AMF或SCP发送第二十指示信息。具体地，初始AMF判断第二十预设条件满足时，初始AMF向目标AMF或SCP发送第二十指示信息。相应地，目标AMF或SCP接收第二十指示信息。可选地，初始AMF利用第一信息向目标AMF或SCP发送第二十指示信息。第二十预设条件为以下条件中的任意一种或者多种：In a possible implementation manner, before the initial AMF sends the first information, the initial AMF determines to send the twentieth indication information to the target AMF or SCP. Specifically, when the initial AMF determines that the twentieth preset condition is satisfied, the initial AMF sends twentieth indication information to the target AMF or SCP. Correspondingly, the target AMF or SCP receives the twentieth indication information. Optionally, the initial AMF uses the first information to send twentieth indication information to the target AMF or SCP. The twentieth preset condition is any one or more of the following conditions:

初始AMF和UE之间进行了NAS消息的安全交互；初始AMF和UE之间成功进行了NAS SMC；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下文；初始AMF进行水平K _AMF推演；该UE和该初始AMF之间进行了主认证；该初始AMF选择了与原AMF选择的安全算法不同的安全算法；该初始AMF使用了从原AMF处接收到的由水平K _AMF推演后生成的K _AMF；初始AMF从原AMF处接收到水平K _AMF推演指示，并且初始AMF决定使用从原AMF处接收到的K _AMF。 The security exchange of NAS messages is carried out between the initial AMF and the UE; the NAS SMC is successfully carried out between the initial AMF and the UE; the security association is established between the UE and the initial AMF; the security protection is activated between the UE and the initial AMF; A new NAS security context is established between the initial AMF; the initial AMF performs horizontal K _AMF deduction; the UE and the initial AMF are authenticated; the initial AMF selects a security algorithm that is different from the security algorithm selected by the original AMF; the initial AMF uses K _AMF generated by the horizontal K _AMF deduced received from the old AMF at to; initial AMF received from the old AMF place to level K _AMF deduction indicated, and the initial AMF decided using the reception from the original AMF place to K _AMF .

一种可能的实现方式下，该初始AMF发送第一信息之前，初始AMF确定向目标AMF或SCP发送第十九指示信息。具体地，初始AMF判断第十九预设条件满足时，初始AMF向目标AMF或SCP发送第十九指示信息。相应地，目标AMF或SCP接收第十九指示信息。可选地，初始AMF在第一信息中包括第十九指示信息。第十九预设条件为以下条件中的任意一种或者多种：In a possible implementation manner, before the initial AMF sends the first information, the initial AMF determines to send the nineteenth indication information to the target AMF or SCP. Specifically, when the initial AMF determines that the nineteenth preset condition is satisfied, the initial AMF sends the nineteenth indication information to the target AMF or SCP. Correspondingly, the target AMF or SCP receives the nineteenth indication information. Optionally, the initial AMF includes nineteenth indication information in the first information. The nineteenth preset condition is any one or more of the following conditions:

初始AMF和UE之间进行了NAS消息的安全交互；初始AMF和UE之间成功进行了NAS SMC；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下文；该UE和该初始AMF之间进行了主认证；该初始AMF选择了与原AMF选择的安全算法不同的安全算法；该初始AMF使用了从原AMF处接收到的由水平K _AMF推演后生成的K _AMF。初始AMF从原AMF处接收到水平K _AMF推演指示，并且初始AMF决定使用从原AMF处接收到的K _AMF。 The security exchange of NAS messages is carried out between the initial AMF and the UE; the NAS SMC is successfully carried out between the initial AMF and the UE; the security association is established between the UE and the initial AMF; the security protection is activated between the UE and the initial AMF; A new NAS security context is established between the initial AMF; the primary authentication is performed between the UE and the initial AMF; the initial AMF selects a security algorithm that is different from the security algorithm selected by the original AMF; the initial AMF uses the secondary AMF received at the horizontal K _AMF generated after deduction K _AMF. The initial AMF receives the horizontal K _AMF derivation instruction from the original AMF, and the initial AMF decides to use the K _AMF received from the original AMF.

一种可能的实现方式下，该初始AMF发送第一信息之前，初始AMF确定向目标AMF或SCP发送第十八指示信息。具体地，初始AMF判断第十八预设条件满足时，初始AMF向目标AMF或SCP发送第十八指示信息。相应地，目标AMF接收第十八指示信息。可选地，初始AMF利用第一信息向目标AMF或SCP发送第十八指示信息。第十八预设条件为以下条件中的任意一种或者多种：初始AMF进行水平K _AMF推演，或初始AMF生成新的K _AMF。第十八指示信息可为水平K _AMF推演指示。 In a possible implementation manner, before the initial AMF sends the first information, the initial AMF determines to send the eighteenth indication information to the target AMF or SCP. Specifically, when the initial AMF determines that the eighteenth preset condition is satisfied, the initial AMF sends the eighteenth indication information to the target AMF or SCP. Correspondingly, the target AMF receives the eighteenth indication information. Optionally, the initial AMF uses the first information to send the eighteenth indication information to the target AMF or SCP. The eighteenth preset condition is any one or more of the following conditions: the initial AMF performs horizontal K _AMF deduction, or the initial AMF generates a new K _AMF . The eighteenth instruction information may be a horizontal K _AMF deduction instruction.

一种可能的实现方式下，该初始AMF发送第一信息之前，初始AMF确定向目标AMF或SCP发送第十七指示信息。具体地，初始AMF判断第十七预设条件满足时，初始AMF向目标AMF或SCP发送第十七指示信息。相应地，目标AMF接收第十七指示信息。可选地，初始AMF利用第一信息向目标AMF或SCP发送第十七指示信息。第十七预设条件为以下条件中的任意一种或多种：In a possible implementation manner, before the initial AMF sends the first information, the initial AMF determines to send the seventeenth indication information to the target AMF or SCP. Specifically, when the initial AMF determines that the seventeenth preset condition is satisfied, the initial AMF sends the seventeenth indication information to the target AMF or SCP. Correspondingly, the target AMF receives the seventeenth indication information. Optionally, the initial AMF uses the first information to send the seventeenth indication information to the target AMF or SCP. The seventeenth preset condition is any one or more of the following conditions:

初始AMF和UE之间进行了NAS消息的安全交互；初始AMF和UE之间成功进行了NAS SMC；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下文；该UE和该初始AMF之间进行了主认证；该初始AMF选择了与原AMF选择的安全算法不同的安全算法；该初始AMF使用了从原AMF处接收到的由水平K _AMF推演后生成的K _AMF；该初始AMF从原AMF处接收到水平K _AMF推演指示,并决定使用从原AMF处接收到的K _AMF或安全上下文。 The security exchange of NAS messages is carried out between the initial AMF and the UE; the NAS SMC is successfully carried out between the initial AMF and the UE; the security association is established between the UE and the initial AMF; the security protection is activated between the UE and the initial AMF; A new NAS security context is established between the initial AMF; the primary authentication is performed between the UE and the initial AMF; the initial AMF selects a security algorithm that is different from the security algorithm selected by the original AMF; the initial AMF uses the secondary AMF generated after deduction received at the horizontal K _AMF K _AMF; AMF initially received from the AMF the original level to derive an indication K _{AMF, AMF} or K and decided to use the security context received from AMF original place.

一种可能的实现方式下，该初始AMF发送第一信息之前，初始AMF确定向目标AMF或SCP发送第十六指示信息。具体地，初始AMF判断第十六预设条件满足时，初始AMF向目标AMF或SCP发送第十六指示信息。相应地，目标AMF接收第十六指示信息。可选地，初始AMF利用第一信息向目标AMF或SCP发送第十六指示信息。第十六预设条件为以下条件中的任意一种或者多种：In a possible implementation manner, before the initial AMF sends the first information, the initial AMF determines to send the sixteenth indication information to the target AMF or SCP. Specifically, when the initial AMF determines that the sixteenth preset condition is satisfied, the initial AMF sends the sixteenth indication information to the target AMF or SCP. Correspondingly, the target AMF receives the sixteenth indication information. Optionally, the initial AMF uses the first information to send the sixteenth indication information to the target AMF or SCP. The sixteenth preset condition is any one or more of the following conditions:

初始AMF和UE之间进行了NAS消息的安全交互；初始AMF和UE之间成功进行了NAS SMC；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下文；该UE和该初始AMF之间进行了主认证；该初始AMF选择了与原AMF选择的安全算法不同的安全算法；该初始AMF使用了从原AMF处接收到的由水平K _AMF推演后生成的K _AMF；该初始AMF从原AMF处接收到水平K _AMF推演指示,并决定使用从原AMF处接收到的K _AMF和安全上下文。 The security exchange of NAS messages is carried out between the initial AMF and the UE; the NAS SMC is successfully carried out between the initial AMF and the UE; the security association is established between the UE and the initial AMF; the security protection is activated between the UE and the initial AMF; A new NAS security context is established between the initial AMF; the primary authentication is performed between the UE and the initial AMF; the initial AMF selects a security algorithm that is different from the security algorithm selected by the original AMF; the initial AMF uses the secondary AMF generated after deduction received at the horizontal K _AMF K _AMF; AMF initially received from the AMF the original level to derive an indication K _{AMF, AMF} and K and decided to use the security context received from AMF original place.

上述第二十指示信息用于指示以下的任意一种或多种：The above twentieth indication information is used to indicate any one or more of the following:

初始AMF和UE之间进行了NAS消息的安全交互；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下文；初始AMF和UE之间成功进行了NAS SMC流程；初始AMF和UE进行主认证；初始AMF从原AMF处接收到水平K _AMF推演指示，并决定使用从原AMF处接收到的K _AMF或安全上下文；初始AMF进行了水平K _AMF推演；初始AMF生成了新的K _AMF；初始AMF选择了与原AMF选择的安全算法不同的安全算法；目标AMF不进行主认证流程；目标AMF跳过主认证流程进行注册中的其他流程；目标AMF使用接收到的K _AMF或安全上下文。 The security exchange of NAS messages is carried out between the initial AMF and the UE; a security association is established between the UE and the initial AMF; security protection is activated between the UE and the initial AMF; a new NAS security context is established between the UE and the initial AMF; The NAS SMC process is successfully carried out between the initial AMF and the UE; the initial AMF and the UE perform the primary authentication; the initial AMF receives the horizontal K _AMF deduction instruction from the original AMF, and decides to use the K _AMF or security context received from the original AMF ; The initial AMF performs horizontal K _AMF deduction; the initial AMF generates a new K _AMF ; the initial AMF selects a security algorithm that is different from the security algorithm selected by the original AMF; the target AMF does not perform the main authentication process; the target AMF skips the main authentication process Perform other processes in registration; the target AMF uses the received K _AMF or security context.

上述第十九指示信息用于指示以下的任意一种或多种：The above nineteenth instruction information is used to indicate any one or more of the following:

目标AMF应保护认证请求消息；目标AMF应发送有安全保护认证请求消息；目标AMF应保护认证请求消息；目标AMF应发送有安全保护的N1消息，包括认证请求消息；初始AMF和UE之间进行了NAS消息的安全交互；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下文；初始AMF和UE之间成功进行了NAS SMC流程；初始AMF和UE进行主认证；初始AMF从原AMF处接收到水平K _AMF推演指示，并决定使用从原AMF处接收到的K _AMF或安全上下文；初始AMF选择了与原AMF选择的安全算法不同的安全算法。 The target AMF should protect the authentication request message; the target AMF should send a security protection authentication request message; the target AMF should protect the authentication request message; the target AMF should send a security protected N1 message, including the authentication request message; the initial AMF and the UE The security interaction of NAS messages is established; the security association is established between the UE and the initial AMF; the security protection is activated between the UE and the initial AMF; a new NAS security context is established between the UE and the initial AMF; the initial AMF and the UE are successful The NAS SMC process is carried out; the initial AMF and the UE perform the master authentication; the initial AMF receives the horizontal K _AMF deduction instruction from the original AMF, and decides to use the K _AMF or security context received from the original AMF; the initial AMF chooses the original AMF The security algorithm selected by AMF is different from the security algorithm.

上述第十八指示信息用于指示以下的任意一种或多种：The above-mentioned eighteenth indication information is used to indicate any one or more of the following:

初始AMF进行水平K _AMF推演；初始AMF生成新的K _AMF；目标AMF应发送没有安全保护的认证请求消息；目标AMF应发起NAS SMC。 The initial AMF performs horizontal K _AMF deduction; the initial AMF generates a new K _AMF ; the target AMF should send an authentication request message without security protection; the target AMF should initiate a NAS SMC.

上述第十七指示信息用于指示以下的任意一种或多种：The above seventeenth indication information is used to indicate any one or more of the following:

初始AMF和UE之间进行了NAS消息的安全交互；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下文；初始AMF和UE之间成功进行了NAS SMC流程；初始AMF和UE进行主认证；初始 AMF从原AMF处接收到水平K _AMF推演指示，并决定使用从原AMF处接收到的K _AMF或安全上下文；初始AMF选择了与原AMF选择的安全算法不同的安全算法；目标AMF应发送有安全保护的认证请求消息；目标AMF应保护认证请求消息；目标AMF应发送有安全保护的N1消息，包括认证请求消息。 The security exchange of NAS messages is carried out between the initial AMF and the UE; a security association is established between the UE and the initial AMF; security protection is activated between the UE and the initial AMF; a new NAS security context is established between the UE and the initial AMF; The NAS SMC process is successfully carried out between the initial AMF and the UE; the initial AMF and the UE perform the primary authentication; the initial AMF receives the horizontal K _AMF deduction instruction from the original AMF, and decides to use the K _AMF or security context received from the original AMF ; The initial AMF chooses a security algorithm that is different from the security algorithm selected by the original AMF; the target AMF should send a security-protected authentication request message; the target AMF should protect the authentication request message; the target AMF should send a security-protected N1 message, including authentication Request message.

上述第十六指示信息用于指示以下的任意一种或多种：The above-mentioned sixteenth indication information is used to indicate any one or more of the following:

初始AMF和UE之间进行了NAS消息的安全交互；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下文；初始AMF和UE之间成功进行了NAS SMC流程；初始AMF和UE进行主认证；初始AMF从原AMF处接收到水平K _AMF推演指示，并决定使用接收到的K _AMF或安全上下文；初始AMF决定使用从原AMF处接收到的由水平K _AMF推演生成的K _AMF；初始AMF选择了与原AMF选择的安全算法不同的安全算法；目标AMF应发送有安全保护的认证请求消息；目标AMF应保护认证请求消息；目标AMF应发送有保护的N1消息，包括认证请求消息。 The security exchange of NAS messages is carried out between the initial AMF and the UE; a security association is established between the UE and the initial AMF; security protection is activated between the UE and the initial AMF; a new NAS security context is established between the UE and the initial AMF; The NAS SMC process is successfully carried out between the initial AMF and the UE; the initial AMF and the UE perform primary authentication; the initial AMF receives the horizontal K _AMF deduction instruction from the original AMF and decides to use the received K _AMF or security context; the initial AMF decides use received from the old AMF place by the horizontal K _AMF deduction generated K _AMF; initial AMF selected security algorithm original AMF select a different security algorithm; target AMF to be transmitted with a security authentication request message; target AMF be protected Authentication request message; the target AMF should send a protected N1 message, including the authentication request message.

可理解，步骤511可在步骤507之后，以及步骤512之前的任何位置，本申请实施例对于步骤511具体在哪个步骤之前或之后不作限定。It is understandable that step 511 can be any position after step 507 and before step 512, and the embodiment of the present application does not limit which step 511 is specifically before or after step 511.

作为示例，该初始AMF可以根据本地策略和订阅信息来确定通过(R)AN将NAS消息发送给目标AMF。As an example, the initial AMF may determine to send the NAS message to the target AMF through the (R)AN according to the local policy and subscription information.

512、初始AMF通过(R)AN向目标AMF发送第二路由信息，如初始AMF向(R)AN发送第二路由信息，该(R)AN接收该初始AMF发送的第二路由信息。512. The initial AMF sends the second routing information to the target AMF through the (R)AN. For example, the initial AMF sends the second routing information to the (R)AN, and the (R)AN receives the second routing information sent by the initial AMF.

本申请实施例中，该第二路由信息用于指示目标AMF从SCP中获取UE上下文或UE的安全上下文或UE的NAS安全上下文或初始AMF与UE建立的NAS安全上下文或当前安全上下文。In the embodiment of the present application, the second routing information is used to instruct the target AMF to obtain the UE context or the security context of the UE or the NAS security context of the UE or the NAS security context established by the initial AMF and the UE or the current security context from the SCP.

示例的，初始AMF向(R)AN发送第二路由信息，比如初始AMF向(R)AN发送reroute NAS message，该reroute NAS message中可包括第二路由信息。(R)AN接收该reroute NAS message。For example, the initial AMF sends the second routing information to the (R)AN, for example, the initial AMF sends a reroute NAS message to the (R)AN, and the reroute NAS message may include the second routing information. (R) AN receives the reroute NAS message.

可选的，该第二路由信息还用于指示以下任意一种或多种：Optionally, the second routing information is also used to indicate any one or more of the following:

目标AMF从服务通信代理(SCP)中获取UE上下文或UE的安全上下文或UE的NAS安全上下文或初始AMF与UE建立的NAS安全上下文或当前安全上下文；The target AMF obtains the UE context or the security context of the UE or the NAS security context of the UE or the NAS security context established by the initial AMF and the UE or the current security context from the serving communication agent (SCP);

初始AMF和UE进行了NAS消息的安全交互；Initially, AMF and UE conducted a secure exchange of NAS messages;

初始AMF和UE成功地进行了主认证；The initial AMF and UE successfully performed the master authentication;

初始AMF接收到水平K _AMF推衍指示(keyAMFHDerivationInd指示)； The initial AMF receives the level K _AMF derivation indication (keyAMFHDerivationInd indication);

初始AMF选择了新的安全算法；The initial AMF selected a new security algorithm;

初始AMF将UE上下文或UE的安全上下文或UE的NAS安全上下文或初始AMF与UE建立的NAS安全上下文或当前安全上下文发送给了SCP；The initial AMF sends the UE context or the security context of the UE or the NAS security context of the UE or the NAS security context established by the initial AMF and the UE or the current security context to the SCP;

该第二路由信息可包括以下任意一种或者多种：SCP的路由信息、UE上下文的路由信息、UE安全上下文的路由信息、UE NAS安全上下文的路由信息、当前安全上下文的路由信息、用于请求UE上下文的服务请求的路由信息、用于请求UE安全上下文的服务请求的路由信息、用于请求UE NAS安全上下文的服务请求的路由信息、用于请求当前安全上下文的服务请求的路由信息。例如，该第二路由信息可包括以下任意一项或多项：SCP的终点地址(end point address)、SCP的互联网协议(internet protocol，IP)地址、SCP的实例标识(instance ID)、SCP的集标识(SCP set ID)、SCP的服务实例标识(service instance ID)、SCP的服务实例集 标识(service set ID)等。可理解，该第二路由信息还可能包括其他的可用于寻址初始SCP、或UE上下文、或UE安全上下文、或UE NAS安全上文或初始AMF与UE建立的NAS安全上下文或当前安全上下文的信息，本申请不做限制。The second routing information may include any one or more of the following: routing information of the SCP, routing information of the UE context, routing information of the UE security context, routing information of the UE NAS security context, routing information of the current security context, The routing information of the service request requesting the UE context, the routing information of the service request requesting the UE security context, the routing information of the service request requesting the UE NAS security context, and the routing information of the service request requesting the current security context. For example, the second routing information may include any one or more of the following: SCP's endpoint address (endpoint address), SCP's internet protocol (IP) address, SCP's instance ID (instance ID), SCP's Set ID (SCP set ID), SCP's service instance ID (service instance ID), SCP's service instance set ID (service set ID), etc. It is understandable that the second routing information may also include other information that can be used to address the initial SCP, or the UE context, or the UE security context, or the UE NAS security context, or the NAS security context established by the initial AMF and the UE or the current security context. Information, this application is not restricted.

本申请中，对初始AMF如何获取SCP的终点地址(end point address)、SCP的互联网协议(internet protocol，IP)地址、SCP的实例标识(instance ID)、SCP的SCP集标识(SCP set ID)、SCP的用于请求UE上下文的服务实例标识(service instance ID)、SCP的用于请求UE安全上下文的服务实例标识(service instance ID)、SCP的用于请求UE的NAS安全上下文的服务实例标识(service instance ID)、SCP的用于请求UE当前安全上下文的服务实例标识(service instance ID)、SCP的服务实例集标识(service set ID)等不做限制。In this application, how the initial AMF obtains the end point address of the SCP (end point address), the Internet protocol (IP) address of the SCP, the instance ID of the SCP, and the SCP set ID of the SCP , SCP's service instance ID used to request UE context, SCP's service instance ID used to request UE security context (service instance ID), SCP's service instance ID used to request UE's NAS security context (service instance ID), SCP's service instance ID (service instance ID) used to request the UE's current security context, SCP's service instance set ID (service set ID), etc. are not restricted.

可选的，初始AMF可通过一些条件来判断是否通过(R)AN向目标AMF发送第二路由信息。例如，在满足以下条件中的任意一种或多种时，该初始AMF可通过(R)AN向目标AMF发送第二路由信息：Optionally, the initial AMF may determine whether to send the second routing information to the target AMF through the (R)AN through some conditions. For example, when any one or more of the following conditions are met, the initial AMF can send the second routing information to the target AMF through the (R)AN:

初始AMF和UE进行了NAS消息的安全交互；Initially, AMF and UE conducted a secure exchange of NAS messages;

初始AMF和UE成功地进行了NAS安全模式控制流程；The initial AMF and UE successfully carried out the NAS security mode control process;

初始AMF和UE成功地进行了NAS SMC；The initial AMF and UE successfully performed NAS SMC;

初始AMF和UE建立了新的NAS安全上下文；The initial AMF and UE establish a new NAS security context;

初始AMF和UE成功地进行了主认证；The initial AMF and UE successfully performed the master authentication;

初始AMF和UE激活了NAS安全；NAS security is activated by the initial AMF and UE;

初始AMF接收到水平K _AMF推衍指示(keyAMFHDerivationInd指示)； The initial AMF receives the level K _AMF derivation indication (keyAMFHDerivationInd indication);

初始AMF选择了新的安全算法；The initial AMF selected a new security algorithm;

初始AMF向SCP发送了UE上下文或UE安全上下文或UE的NAS安全上下文。The initial AMF sends the UE context or the UE security context or the UE's NAS security context to the SCP.

513、(R)AN向目标AMF发送第二路由信息，该目标AMF接收该第二路由信息。513. (R) AN sends second routing information to the target AMF, and the target AMF receives the second routing information.

可选的，(R)AN也可向目标AMF发送initial UE message，该initial UE message中包括第二路由信息。目标AMF接收该initial UE message。Optionally, the (R)AN may also send an initial UE message to the target AMF, and the initial UE message includes the second routing information. The target AMF receives the initial UE message.

514、目标AMF根据第二路由信息，向SCP发送第二服务请求，该SCP接收该第二服务请求。514. The target AMF sends a second service request to the SCP according to the second routing information, and the SCP receives the second service request.

本申请实施例中，该第二服务请求可用于请求UE上下文或UE安全上下文或UE的NAS安全上下文或初始AMF与UE建立的NAS安全上下文或当前安全上下文。该第二服务请求中可包括UE的标识信息。由于initial UE message中可包括RR消息，因此该UE的标识信息可包括目标AMF接收到的initial UE message消息中包括的RR消息中的UE的标识信息。该UE的标识信息可以是SUPI、或SUCI、或5G-GUTI。In the embodiment of the present application, the second service request may be used to request the UE context or the UE security context or the NAS security context of the UE or the NAS security context established by the initial AMF and the UE or the current security context. The second service request may include the identification information of the UE. Since the initial UE message may include the RR message, the identification information of the UE may include the UE identification information in the RR message included in the initial UE message received by the target AMF. The identification information of the UE may be SUPI, or SUCI, or 5G-GUTI.

可选的，在步骤514之前，步骤512之后，图5所示的注册方法还包括：Optionally, before step 514 and after step 512, the registration method shown in FIG. 5 further includes:

516、目标AMF从原AMF中获取UE上下文或UE的安全上下文或UE的NAS安全上下文，如目标AMF可通过Namf_Communication_UEContextTransfer向原AFM请求UE上下文或UE的安全上下文或UE的NAS安全上下文，以及该原AMF可通过Namf_Communication_UEContextTransfer response向目标AMF发送UE上下文或UE的安全上下文或UE的NAS安全上下文。516. The target AMF obtains the UE context or the UE's security context or the UE's NAS security context from the original AMF. For example, the target AMF can request the UE context or the UE's security context or the UE's NAS security context from the original AFM through Namf_Communication_UEContextTransfer, and the original AMF The UE context or the security context of the UE or the NAS security context of the UE can be sent to the target AMF through Namf_Communication_UEContextTransfer response.

在目标AMF从原AMF中获取到UE上下文或UE的安全上下文或UE的NAS安全上下文或的情况下，上述第二服务请求中所包括的UE的标识信息还可包括从原AMF中获取到的UE上下文或UE的安全上下文或UE的NAS安全上下文中包括的UE的标识。例如，该UE 的标识可以是SUPI、或者5G-GUTI、或者SUCI。In the case that the target AMF obtains the UE context or the security context of the UE or the NAS security context of the UE from the original AMF, the identification information of the UE included in the second service request may also include information obtained from the original AMF. The identity of the UE included in the UE context or the security context of the UE or the NAS security context of the UE. For example, the identity of the UE may be SUPI, or 5G-GUTI, or SUCI.

515、该SCP向目标AMF发送UE上下文、或UE安全上下文、或UE的NAS安全上下文、或初始AMF与UE建立的NAS安全上下文或当前安全上下文；目标AMF接收UE上下文、或UE安全上下文、或UE的NAS安全上下文、或初始AMF与UE建立的NAS安全上下文或当前安全上下文。515. The SCP sends the UE context, or the UE security context, or the NAS security context of the UE, or the NAS security context established by the initial AMF and the UE or the current security context to the target AMF; the target AMF receives the UE context or the UE security context, or The NAS security context of the UE, or the NAS security context established by the initial AMF and the UE, or the current security context.

示例的，该SCP根据接收到的第二服务请求中包括的UE的标识信息，找到UE上下文、或UE安全上下文、或UE的NAS安全上下文、或初始AMF与UE建立的NAS安全上下文、或当前上下文，并将其向目标AMF发送。Exemplarily, the SCP finds the UE context, or the UE security context, or the NAS security context of the UE, or the NAS security context established by the initial AMF and the UE, or the current UE identification information included in the received second service request. Context and send it to the target AMF.

示例的，该SCP向目标AMF发送第二服务请求的响应，并在该第二服务请求的响应中包括UE上下文、或UE安全上下文、或UE的NAS安全上下文、或初始AMF与UE建立的NAS安全上下文、或当前安全上下文、或初始AMF与UE建立的新的NAS安全上下文、或当前安全上下文。For example, the SCP sends a response to the second service request to the target AMF, and the response to the second service request includes the UE context, or the UE security context, or the NAS security context of the UE, or the NAS established by the initial AMF and the UE. The security context, or the current security context, or the new NAS security context established by the initial AMF and the UE, or the current security context.

可选的，在初始AMF向SCP发送该新的K _AMF，和水平K _AMF推衍指示，比如keyAMFHDerivationInd的情况下，该SCP还可将该水平K _AMF推衍指示和该新的K _AMF发送给目标AMF，由此目标AMF接收到该水平K _AMF推衍指示和新的K _AMF之后，该目标AMF向UE发送NAS SMC消息，并在该NAS SMC消息中包括值为1的K_AMF_change_flag，用于指示UE进行水平K _AMF推衍。进一步的，在UE接收到该NAC SMC消息之后，根据值为1的K_AMF_change_flag，进行水平K _AMF推衍生产新的K _AMF，并可向该目标AMF发送NAS SMP消息。 Optionally, when the initial AMF sends the new K _AMF and the level K _AMF derivation instruction to the SCP, such as keyAMFHDerivationInd, the SCP may also send _{the level K AMF} derivation instruction and the new K _{AMF to the SCP} The target AMF. After the target AMF receives the horizontal K _AMF derivation indication and the new K _AMF , the target AMF sends a NAS SMC message to the UE, and the NAS SMC message includes a K_AMF_change_flag with a value of 1 to indicate The UE performs horizontal K _AMF derivation. Further, after the UE receives the NAC SMC message, according to the K_AMF_change_flag with a value of 1, the horizontal K _{AMF is} derived to generate a new K _AMF , and a NAS SMP message can be sent to the target AMF.

如果SCP接收到初始AMF发送的第二十指示信息，和/或第十九指示信息，和/或第十八指示信息，和/或第十七指示信息，和/或第十六指示信息，SCP将接收到的第二十指示信息，和/或第十九指示信息，和/或第十八指示信息，和/或第十七指示信息，和/或第十六指示信息发送给目标AMF。可选地，SCP通过第二服务请求的响应将第二十指示信息，和/或第十九指示信息，和/或第十八指示信息，和/或第十七指示信息，和/或第十六指示信息发送给目标AMF。If the SCP receives the twentieth instruction information, and/or the nineteenth instruction information, and/or the eighteenth instruction information, and/or the seventeenth instruction information, and/or the sixteenth instruction information sent by the initial AMF, SCP sends the received twentieth instruction information, and/or nineteenth instruction information, and/or eighteenth instruction information, and/or seventeenth instruction information, and/or sixteenth instruction information to the target AMF . Optionally, the SCP sends the twentieth instruction information, and/or the nineteenth instruction information, and/or the eighteenth instruction information, and/or the seventeenth instruction information, and/or the seventh instruction information through the response of the second service request Sixteen instructions are sent to the target AMF.

目标AMF接收到第二服务请求的响应之后，或者目标AMF从原AMF处接收到UE的安全上下文(即图中的516)之后，目标AMF执行以下选项中的任意一种：After the target AMF receives the response to the second service request, or after the target AMF receives the UE's security context (that is, 516 in the figure) from the original AMF, the target AMF executes any of the following options:

选项一：目标AMF不进行主认证，或，目标AMF使用接收到的K _AMF或安全上下文。 Option 1: The target AMF does not perform primary authentication, or the target AMF uses the received K _AMF or security context.

应理解目标AMF不进行主认证，或，目标AMF使用接收到的K _AMF或安全上下文，是指该目标AMF跳过主认证，进行注册流程中的其他流程。该目标AMF基于接收到的K _AMF或安全上下文保护第三消息，并将该第三消息发送给UE。具体地，该目标AMF根据接收到的K _AMF或安全上下文生成NAS加解密密钥和NAS完整性密钥，并采用生成的NAS加解密密钥和/或NAS完整性密钥对第三消息进行保护。在这种选项下，第三消息为不包括认证请求的任意N1消息。 It should be understood that the target AMF does not perform the main authentication, or the target AMF uses the received K _AMF or security context, which means that the target AMF skips the main authentication and performs other processes in the registration process. The target AMF protects the third message based on the received K _AMF or security context, and sends the third message to the UE. Specifically, the target AMF _{generates a NAS encryption and decryption key and a NAS integrity key according to the received K AMF} or security context, and uses the generated NAS encryption and decryption key and/or NAS integrity key to perform the third message protection. Under this option, the third message is any N1 message that does not include the authentication request.

在该实施例中，目标AMF不进行主认证，即目标AMF使用接收到的K _AMF或安全上下文。 In this embodiment, the target AMF does not perform primary authentication, that is, the target AMF uses the received K _AMF or security context.

选项二：目标AMF保护认证请求消息，和/或,目标AMF发送有安全保护的认证请求消息，和/或，目标AMF发送有安全保护的N1消息，包括认证请求消息。也就是目标AMF保护认证请求消息，并且目标AMF向UE发送有安全保护的认证请求消息，其中，目标AMF向UE发送有安全保护的认证请求消息可以理解为目标AMF向UE发送有安全保护的N1消 息，该N1消息包括认证请求消息。Option 2: The target AMF protects the authentication request message, and/or the target AMF sends a security-protected authentication request message, and/or the target AMF sends a security-protected N1 message, including the authentication request message. That is, the target AMF protects the authentication request message, and the target AMF sends a security-protected authentication request message to the UE, where the target AMF sends a security-protected authentication request message to the UE can be understood as the target AMF sends a security-protected N1 to the UE Message, the N1 message includes an authentication request message.

应理解，目标AMF保护认证请求消息，即目标AMF基于接收到的K _AMF或安全上下文保护认证请求消息、并发送有安全保护的认证请求消息，具体地，该目标AMF根据接收到的K _AMF或安全上下文生成NAS加解密密钥和NAS完整性密钥，并采用生成的NAS加解密密钥和/或NAS完整性密钥对认证请求消息进行保护,并发送有安全保护的认证请求消息。 It should be understood that the target AMF protects the authentication request message, that is, the target AMF _{sends a security-protected authentication request message based on the received K AMF} or security context protection authentication request message. Specifically, the target AMF is based on the received K _AMF or The security context generates a NAS encryption and decryption key and a NAS integrity key, and uses the generated NAS encryption and decryption key and/or NAS integrity key to protect the authentication request message, and sends a security-protected authentication request message.

应理解，目标AMF发送有安全保护的认证请求消息，即目标AMF基于接收到的K _AMF或安全上下文保护认证请求消息、并发送有安全保护的认证请求消息，具体地，该目标AMF根据接收到的K _AMF或安全上下文生成NAS加解密密钥和NAS完整性密钥，并采用生成的NAS加解密密钥和/或NAS完整性密钥对认证请求消息进行保护,并发送有安全保护的认证请求消息。 It should be understood that the target AMF sends a security-protected authentication request message, that is, the target AMF is based on the received K _AMF or security context protection authentication request message and sends a security-protected authentication request message. Specifically, the target AMF is based on the received K AMF or security context protection authentication request message. Generate NAS encryption and decryption keys and NAS integrity keys from the K _AMF or security context, and use the generated NAS encryption and decryption keys and/or NAS integrity keys to protect the authentication request message, and send a securely protected authentication Request message.

应理解，在本实施例中，目标AMF发送有安全保护的N1消息，包括认证请求消息，即目标AMF基于接收到的K _AMF或安全上下文保护认证N1消息、并发送有安全保护的N1消息，具体地，该目标AMF根据接收到的K _AMF或安全上下文生成NAS加解密密钥和NAS完整性密钥，并采用生成的NAS加解密密钥和/或NAS完整性密钥对N1消息进行保护,并发送有安全保护的N1消息。这里的N1消息包括认证请求消息。 It should be understood that, in this embodiment, the target AMF sends a security-protected N1 message, including an authentication request message, that is, the target AMF _{authenticates the N1 message based on the received K AMF} or security context protection, and sends a security-protected N1 message, Specifically, the target AMF _{generates a NAS encryption and decryption key and a NAS integrity key according to the received K AMF} or security context, and uses the generated NAS encryption and decryption key and/or NAS integrity key to protect the N1 message , And send a secure N1 message. The N1 message here includes an authentication request message.

选项三：目标AMF发送没有安全保护的认证请求消息，或目标AMF发起NAS SMC。Option 3: The target AMF sends an authentication request message without security protection, or the target AMF initiates a NAS SMC.

选项四：目标AMF不进行主认证；或目标AMF保护认证请求消息；或目标AMF发送有安全保护的N1消息，包括认证请求消息。Option 4: The target AMF does not perform primary authentication; or the target AMF protects the authentication request message; or the target AMF sends a security-protected N1 message, including the authentication request message.

应理解，在该实施例中，目标AMF不进行主认证，即，目标AMF使用接收到的K _AMF或安全上下文，是指该目标AMF跳过主认证，进行注册流程中的其他流程。在该实现方式下，该目标AMF基于接收到的K _AMF或安全上下文保护第三消息；具体地，该目标AMF根据接收到的K _AMF或安全上下文生成NAS加解密密钥和NAS完整性密钥，并采用生成的NAS加解密密钥和/或NAS完整性密钥对第三消息进行保护。在这种选项下，第三消息为不包括认证请求的任意N1消息。 It should be understood that, in this embodiment, the target AMF does not perform the main authentication, that is, the target AMF uses the received K _AMF or security context, which means that the target AMF skips the main authentication and performs other processes in the registration process. In this implementation, the target AMF _{protects the third message based on the received K AMF} or security context; specifically, the target AMF generates a NAS encryption and decryption key and a NAS integrity key _{according to the received K AMF or security context.} , And use the generated NAS encryption key and/or NAS integrity key to protect the third message. Under this option, the third message is any N1 message that does not include the authentication request.

目标AMF保护认证请求消息，即目标AMF基于接收到的K _AMF或安全上下文保护认证请求消息、并发送有安全保护的认证请求消息，具体地，该目标AMF根据接收到的K _AMF或安全上下文生成NAS加解密密钥和NAS完整性密钥，并采用生成的NAS加解密密钥和/或NAS完整性密钥对认证请求消息进行保护,并发送有安全保护的认证请求消息。 The target AMF protects the authentication request message, that is, the target AMF is based on the received K _AMF or security context protection authentication request message and sends a security protected authentication request message. Specifically, the target AMF is _{generated based on the received K AMF} or security context NAS encryption and decryption keys and NAS integrity keys, and the generated NAS encryption and decryption keys and/or NAS integrity keys are used to protect the authentication request message, and the authentication request message with security protection is sent.

作为选项一的一种可能的实现方式：该目标AMF接收到上述的第二服务请求的响应之后或目标AMF从原AMF处接收到安全上下文之后，则该目标AMF不进行主认证，或该目标AMF使用接收到的K _AMF或安全上下文。 As a possible implementation of option one: after the target AMF receives the response to the second service request or after the target AMF receives the security context from the original AMF, the target AMF does not perform the master authentication, or the target AMF AMF uses the received K _AMF or security context.

作为选项一的另一种可能的实现方式：该目标AMF接收到上述的第二服务请求的响应之后，判断是否发生AMF重定向或者通过RAN的非接入层重路由(NAS reroute via RAN)。如果发生AMF重定向或者通过RAN的非接入层重路由，则该目标AMF不进行主认证，或该目标AMF使用接收到的K _AMF或安全上下文。该目标AMF根据以下条件中的任意一种或多种来判断发生AMF重定向或者通过RAN的非接入层重路由； As another possible implementation manner of option one: after the target AMF receives the response to the second service request, it determines whether AMF redirection or NAS reroute via RAN occurs. If AMF redirection or rerouting through the non-access layer of the RAN occurs, the target AMF does not perform primary authentication, or the target AMF uses the received K _AMF or security context. The target AMF determines whether AMF redirection occurs or rerouting through the non-access layer of the RAN according to any one or more of the following conditions;

目标AMF接收到的注册请求消息为没有完整性保护的完整的注册请求消息；目标AMF接收到完整的注册请求消息；目标AMF接收到没有完整性保护的注册请求消息；目标AMF接收到的初始UE消息中包括源到目标AMF信息重路由信元(Source to Target AMF Information Reroute IE)；目标AMF接收到的初始UE消息中包括网络切片选择辅助信息 (network slice selection assistance information,NSSAI)；目标AMF接收到的初始UE消息中包括配置的网络切片选择辅助信息(configured network slice selection assistance information,configured NSSAI)和/或拒绝的切片网络切片选择辅助信息(rejected network slice selection assistance information,rejected NSSAI)；目标AMF接收到的第一路由信息。The registration request message received by the target AMF is a complete registration request message without integrity protection; the target AMF receives a complete registration request message; the target AMF receives a registration request message without integrity protection; the initial UE received by the target AMF The message includes source-to-target AMF information rerouting information element (Source to Target AMF Information Reroute IE); the initial UE message received by the target AMF includes network slice selection assistance information (NSSAI); the target AMF receives The received initial UE message includes configured network slice selection assistance information (configured network slice selection assistance information, configured NSSAI) and/or rejected network slice selection assistance information (rejected network slice selection assistance information, rejected NSSAI); target AMF The first routing information received.

作为选项一的又一种可能的实现方式：如果目标AMF接收到水平K _AMF推演指示(即目标AMF接收到初始AMF通过SCP发送的水平K _AMF推演指示，或目标AMF接收到的第二服务请求的响应中包括水平K _AMF推演指示，目标AMF接收到SCP发送的水平K _AMF推演指示)，则该目标AMF根据水平K _AMF推演指示，不进行主认证，或使用接收到的K _AMF或安全上下文。 As another possible implementation of Option 1: If the target AMF receives a horizontal K _AMF deduction instruction (that is, the target AMF receives the horizontal K _AMF deduction instruction sent by the initial AMF through the SCP, or the second service request received by the target AMF The response includes the level K _AMF deduction instruction, the target AMF receives the level K _AMF deduction instruction sent by the SCP), then the target AMF will _{perform the master authentication according to the level K AMF} deduction instruction, or use the received K _AMF or security context .

否则，如果目标AMF没有接收上述水平K _AMF推演指示，则目标AMF可执行以下操作中的任意一种： Otherwise, if the target AMF does not receive the above level K _AMF deduction instruction, the target AMF can perform any one of the following operations:

操作一：目标AMF仍然不进行主认证，或使用接收到的K _AMF或安全上下文； Operation 1: The target AMF still does not perform master authentication, or uses the received K _AMF or security context;

操作二：目标AMF如果根据本地策略进行主认证，则目标AMF应基于接收到的K _AMF或安全上下文保护认证请求消息，并发送有安全保护的认证请求消息；目标AMF如果根据本地策略不进行主认证，则目标AMF应基于接收到的K _AMF或安全上下文保护N1消息，并发送有安全保护的N1消息； Operation 2: If the target AMF performs the master authentication according to the local policy, the target AMF should _{protect the authentication request message based on the received K AMF} or security context, and send the authentication request message with security protection; if the target AMF does not perform the master authentication according to the local policy Authentication, the target AMF should _{protect the N1 message based on the received K AMF} or security context, and send the N1 message with security protection;

操作三：目标AMF应基于接收到的K _AMF或安全上下文保护N1消息，包括认证请求消息，并发送有安全保护的N1消息，包括有安全保护的认证请求消息。 Operation 3: The target AMF should _{protect the N1 message, including the authentication request message, based on the received K AMF} or security context, and send the N1 message with security protection, including the authentication request message with security protection.

作为选项一的一种可能的实现方式：如果目标AMF接收到第二十指示信息(即目标AMF接收到初始AMF通过SCP发送的第二十指示信息，或目标AMF接收到的第二服务请求的响应中包括第二十指示信息，目标AMF接收到SCP发送的第二十指示信息)，则该目标AMF根据第二十指示信息，不进行主认证，或，使用接收到的K _AMF或安全上下文。该第二十指示信息用于指示目标AMF不进行主认证，或目标AMF使用接收到的K _AMF或安全上下文。 As a possible implementation of Option 1: If the target AMF receives the twentieth indication information (that is, the target AMF receives the twentieth indication information sent by the initial AMF through the SCP, or the second service request received by the target AMF The response includes the twentieth indication information, and the target AMF receives the twentieth indication information sent by the SCP), then the target AMF does not perform primary authentication according to the twentieth indication information, or uses the received K _AMF or security context . The twentieth indication information is used to indicate that the target AMF does not perform primary authentication, or the target AMF uses the received K _AMF or security context.

如果目标AMF没有接收到第二十指示信息，则目标AMF可执行以下操作的任意一种：If the target AMF does not receive the twentieth indication information, the target AMF can perform any one of the following operations:

操作一：如果目标AMF决定进行主认证，则目标AMF应发送没有安全保护的认证请求消息，或目标AMF应基于接收到的K _AMF或安全上下文保护认证请求消息、并发送有安全保护的认证请求消息； Operation 1: If the target AMF decides to perform primary authentication, the target AMF should send an authentication request message without security protection, or the target AMF should protect the authentication request message based on the received K _AMF or security context, and send a security-protected authentication request news;

操作二：如果目标AMF决定不进行主认证，则目标AMF发送没有安全保护的N1消息或目标AMF应基于接收到的K _AMF或安全上下文保护N1消息、并发送有安全保护的N1消息； Operation 2: If the target AMF decides not to perform the master authentication, the target AMF sends an N1 message without security protection or the target AMF shall protect the N1 message based on the received K _AMF or security context, and send the N1 message with security protection;

操作三：目标AMF应发送没有安全保护的N1消息，包括认证请求消息。Operation 3: The target AMF should send an N1 message without security protection, including an authentication request message.

操作四：目标AMF应基于接收到的K _AMF或安全上下文保护N1消息、并发送有安全保护的N1消息，包括认证请求消息。 Operation 4: The target AMF should _{protect the N1 message based on the received K AMF} or security context, and send the N1 message with security protection, including the authentication request message.

如果目标AMF没有接收到第二十指示信息，则目标AMF还可执行以下操作的任意一种：If the target AMF does not receive the twentieth indication information, the target AMF can also perform any of the following operations:

操作一：如果目标AMF决定进行主认证，且目标AMF没有接收到水平K _AMF推演指示，则目标AMF应发送没有安全保护的认证请求消息；或者目标AMF应基于接收到的K _AMF或安全上下文保护认证请求消息、并发送有安全保护的认证请求消息； Operation 1: If the target AMF decides to perform the master authentication and the target AMF does not receive the horizontal K _AMF deduction instruction, the target AMF should send an authentication request message without security protection; or the target AMF should be based on the received K _AMF or security context protection Authentication request message, and send a security-protected authentication request message;

操作二：如果目标AMF接收到水平K _AMF推演指示，则目标AMF应不进行主认证、或目标AMF使用接收到的K _AMF或安全上下文，或目标AMF应进行NAS SMC。 Operation 2: If the target AMF receives a horizontal K _AMF deduction instruction, the target AMF shall not perform the master authentication, or the target AMF shall use the received K _AMF or security context, or the target AMF shall perform the NAS SMC.

操作三：如果目标AMF决定进行主认证，则目标AMF应发送没有安全保护的认证请求 消息。Operation 3: If the target AMF decides to perform the master authentication, the target AMF should send an authentication request message without security protection.

如果目标AMF没有接收到第二十指示信息，则目标AMF还可以执行以下操作中的任意一种：If the target AMF does not receive the twentieth indication information, the target AMF can also perform any of the following operations:

操作一：如果目标AMF决定进行主认证，且目标AMF没有接收到水平K _AMF推演指示，则目标AMF应基于接收到的K _AMF或安全上下文保护认证请求消息、并发送有安全保护的认证请求消息； Operation 1: If the target AMF decides to perform the main authentication and the target AMF does not receive the horizontal K _AMF deduction instruction, the target AMF should _{protect the authentication request message based on the received K AMF} or security context, and send a security-protected authentication request message ；

操作二：如果目标AMF决定进行主认证，且目标AMF接收到水平K _AMF推演指示，则目标AMF应发送没有安全保护的认证请求消息； Operation 2: If the target AMF decides to perform the master authentication, and the target AMF receives a level K _AMF deduction instruction, the target AMF should send an authentication request message without security protection;

作为选项二的一种可能的实现方式：如果目标AMF接收第十九指示信息(即目标AMF接收到初始AMF通过SCP发送的第十九指示信息，或目标AMF接收到SCP发送的第十九指示信息，或者目标AMF接收到的第二服务请求的响应中包括第十九指示信息)，则当目标AMF决定进行主认证时，该目标AMF根据第十九指示信息，应保护认证请求消息，具体地，目标AMF基于接收到的K _AMF或安全上下文保护认证请求消息，并发送有安全保护的认证请求消息,或者目标AMF根据第十九指示信息应发送有安全保护的N1消息，包括认证请求消息。该第十九指示信息用于指示目标AMF保护认证请求消息。 As a possible implementation of option two: if the target AMF receives the nineteenth indication information (that is, the target AMF receives the nineteenth indication information sent by the initial AMF through the SCP, or the target AMF receives the nineteenth indication sent by the SCP Information, or the response to the second service request received by the target AMF includes the nineteenth indication information), when the target AMF decides to perform primary authentication, the target AMF should protect the authentication request message according to the nineteenth indication information. Locally, the target AMF is based on the received K _AMF or security context protection authentication request message and sends a security-protected authentication request message, or the target AMF should send a security-protected N1 message according to the nineteenth instruction information, including the authentication request message . The nineteenth indication information is used to indicate the target AMF protection authentication request message.

初始AMF和UE之间进行了NAS消息的安全交互；初始AMF和UE之间成功进行了NAS SMC；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下文；该UE和该初始AMF之间进行了主认证；该初始AMF选择了与原AMF选择的安全算法不同的安全算法；该初始AMF使用了从原AMF处接收到的由水平K _AMF推演后生成的K _AMF。初始AMF从原AMF处接收到水平K _AMF推演指示，并且初始AMF决定使用从原AMF处接收到的K _AMF。 The security exchange of NAS messages is carried out between the initial AMF and the UE; the NAS SMC is successfully carried out between the initial AMF and the UE; the security association is established between the UE and the initial AMF; the security protection is activated between the UE and the initial AMF; A new NAS security context is established between the initial AMF; the primary authentication is performed between the UE and the initial AMF; the initial AMF selects a security algorithm that is different from the security algorithm selected by the original AMF; the initial AMF uses the secondary AMF received at the horizontal K _AMF generated after deduction K _AMF. The initial AMF receives the horizontal K _AMF derivation instruction from the original AMF, and the initial AMF decides to use the K _AMF received from the original AMF.

如果目标AMF没有接收到第十九指示信息，目标AMF可执行以下操作的任意一种：If the target AMF does not receive the nineteenth indication information, the target AMF can perform any of the following operations:

操作一：如果目标AMF决定进行主认证，则目标AMF应发送没有安全保护的认证请求消息；Operation 1: If the target AMF decides to perform master authentication, the target AMF should send an authentication request message without security protection;

操作二：如果目标AMF决定不进行主认证，则目标AMF发送没有安全保护的N1消息或目标AMF应基于接收到的K _AMF或安全上下文保护N1消息、并发送有安全保护的N1消息； Operation 2: If the target AMF decides not to perform the master authentication, the target AMF sends an N1 message without security protection or the target AMF shall protect the N1 message based on the received K _AMF or security context, and send the N1 message with security protection;

操作三：目标AMF应发送没有安全保护的N1消息，包括认证请求消息。Operation 3: The target AMF should send an N1 message without security protection, including an authentication request message.

操作四：如果目标AMF决定进行主认证，且目标AMF没有接收到水平K _AMF推演指示，则目标AMF应发送没有安全保护的认证请求消息，或目标AMF应基于接收到的K _AMF或安全上下文保护认证请求消息、并发送有安全保护的认证请求消息。 Operation 4: If the target AMF decides to perform primary authentication and the target AMF does not receive the level K _AMF deduction instruction, the target AMF should send an authentication request message without security protection, or the target AMF should be based on the received K _AMF or security context protection Authentication request message, and send a security-protected authentication request message.

操作五：如果目标AMF决定进行主认证，且目标AMF接收到水平K _AMF推演指示，则目标AMF应发送没有安全保护的认证请求消息。 Operation 5: If the target AMF decides to perform the master authentication, and the target AMF receives a horizontal K _AMF deduction instruction, the target AMF should send an authentication request message without security protection.

作为选项二的一种可能的实现方式：该目标AMF接收到上述的第二服务请求的响应之后，判断是否发生AMF重定向或者通过RAN的非接入层重路由(也称为direct NAS reroute)。如果发生AMF重定向或者通过RAN的非接入层重路由，则当目标AMF决定进行主认证时，该目标AMF应保护认证请求消息，具体地，目标AMF基于接收到的K _AMF或安全上下文保护认证请求消息，并发送有安全保护的认证请求消息，或者目标AMF应发送有安全保护的N1消息，包括认证请求消息。该目标AMF根据以下条件中的任意一种或多种来判断发生AMF重定向或者通过RAN的非接入层重路由； As a possible implementation of option two: after the target AMF receives the response to the second service request, it determines whether AMF redirection or rerouting through the non-access layer of the RAN (also called direct NAS reroute) occurs. . If AMF redirection or rerouting through the non-access layer of the RAN occurs, when the target AMF decides to perform the primary authentication, the target AMF should protect the authentication request message. Specifically, the target AMF is based on the received K _AMF or security context protection Authentication request message and send a security-protected authentication request message, or the target AMF should send a security-protected N1 message, including the authentication request message. The target AMF determines whether AMF redirection occurs or rerouting through the non-access layer of the RAN according to any one or more of the following conditions;

目标AMF接收到的注册请求消息为没有完整性保护的完整的注册请求消息；目标AMF接收到完整的注册请求消息；目标AMF接收到没有完整性保护的注册请求消息；目标AMF接收到的初始UE消息中包括源到目标AMF信息重路由信元(Source to Target AMF Information Reroute IE)；目标AMF接收到的初始UE消息中包括网络切片选择辅助信息(network slice selection assistance information,NSSAI)；目标AMF接收到的初始UE消息中包括配置的网络切片选择辅助信息(configured network slice selection assistance information,configured NSSAI)和/或拒绝的切片网络切片选择辅助信息(rejected network slice selection assistance information,rejected NSSAI)；目标AMF接收到的第一路由信息。The registration request message received by the target AMF is a complete registration request message without integrity protection; the target AMF receives a complete registration request message; the target AMF receives a registration request message without integrity protection; the initial UE received by the target AMF The message includes source-to-target AMF information rerouting information element (Source to Target AMF Information Reroute IE); the initial UE message received by the target AMF includes network slice selection assistance information (NSSAI); the target AMF receives The received initial UE message includes configured network slice selection assistance information (configured network slice selection assistance information, configured NSSAI) and/or rejected network slice selection assistance information (rejected network slice selection assistance information, rejected NSSAI); target AMF The first routing information received.

作为选项二的另一种可能的实现方式：该目标AMF接收到上述的第二服务请求的响应之后，如果目标AMF决定进行主认证时，该目标AMF应保护认证请求消息，或者，目标AMF应发送有安全保护的N1消息，包括认证请求消息。目标AMF应保护认证请求消息，即目标AMF基于接收到的K _AMF或安全上下文保护认证请求消息，并发送有安全保护的认证请求消息；目标AMF应发送有安全保护的N1消息，即目标AMF基于接收到的K _AMF或安全上下文保护N1消息，并发送有安全保护的N1消息。 As another possible implementation of option two: after the target AMF receives the response to the second service request, if the target AMF decides to perform the primary authentication, the target AMF should protect the authentication request message, or the target AMF should Send N1 messages with security protection, including authentication request messages. The target AMF should protect the authentication request message, that is, the target AMF protects the authentication request message based on the received K _AMF or security context, and sends the authentication request message with security protection; the target AMF should send the N1 message with security protection, that is, the target AMF is based on The received K _AMF or security context protects the N1 message, and sends the N1 message with security protection.

作为选项三的一种可能的实现方式：如果目标AMF接收到第十八指示信息(即目标AMF接收到初始AMF通过SCP发送的第十八指示信息，或，目标AMF接收到SCP发送的第十八指示信息，或者目标AMF接收到的第二服务请求的响应中包括第十八指示信息)，则当目标AMF决定进行主认证时，该目标AMF根据第十八指示信息，应发送没有安全保护的认证请求消息，或者目标AMF应根据第十八指示信息，发起NAS SMC。该第十八指示信息，用于指示目标AMF发送没有安全保护的认证请求消息。第十八指示信息可为水平K _AMF推演指示。 As a possible implementation of option three: if the target AMF receives the eighteenth indication information (that is, the target AMF receives the eighteenth indication information sent by the initial AMF through the SCP, or the target AMF receives the tenth indication sent by the SCP Eighteenth instruction information, or the response to the second service request received by the target AMF includes the eighteenth instruction information), when the target AMF decides to perform the primary authentication, the target AMF should send no security protection according to the eighteenth instruction information Or the target AMF should initiate the NAS SMC according to the eighteenth instruction information. The eighteenth indication information is used to instruct the target AMF to send an authentication request message without security protection. The eighteenth instruction information may be a horizontal K _AMF deduction instruction.

如果目标AMF没有接收到第十八指示信息，目标AMF可执行以下操作的任意一种：If the target AMF does not receive the eighteenth indication information, the target AMF can perform any of the following operations:

操作一：如果目标AMF决定进行主认证，则目标AMF应基于接收到的K _AMF或安全上下文保护认证请求消息，并发送有安全保护的认证请求信息。 Operation 1: If the target AMF decides to perform the master authentication, the target AMF should _{protect the authentication request message based on the received K AMF} or security context, and send the authentication request message with security protection.

操作二：如果目标AMF决定不进行主认证，则目标AMF应基于接收到的K _AMF或安全上下文保护N1消息、并发送有安全保护的N1消息； Operation 2: If the target AMF decides not to perform the master authentication, the target AMF should _{protect the N1 message based on the received K AMF} or security context, and send the N1 message with security protection;

操作三：目标AMF应基于接收到的K _AMF或安全上下文保护的N1消息，并发送有安全保护的N1消息，包括认证请求消息。 Operation 3: The target AMF should _{send the N1 message with security protection based on the received K AMF} or the N1 message protected by the security context, including the authentication request message.

第十八指示信息还可以用于指示以下的任意一种或多种：The eighteenth indication information can also be used to indicate any one or more of the following:

初始AMF进行水平K _AMF推演；初始AMF生成新的K _AMF；目标AMF应发送没有安全保护的认证请求消息；目标AMF应发起NAS SMC。 The initial AMF performs horizontal K _AMF deduction; the initial AMF generates a new K _AMF ; the target AMF should send an authentication request message without security protection; the target AMF should initiate a NAS SMC.

作为选项四的一种可能的实现方式：如果目标AMF接收到水平K _AMF推演指示，则，目标AMF应不进行主认证，或目标AMF应使用接收到的K _AMF或安全上下文，或目标AMF发起NAS SMC。否则如果目标AMF没有接收到水平K _AMF推演指示，但是接收到第十七指示信息，则： As a possible implementation of option four: if the target AMF receives a horizontal K _AMF deduction instruction, the target AMF should not perform master authentication, or the target AMF should use the received K _AMF or security context, or the target AMF initiates NAS SMC. Otherwise, if the target AMF does not receive the horizontal K _AMF deduction instruction, but receives the seventeenth instruction information, then:

目标AMF如果决定发起主认证，根据第十七指示信息，目标AMF应发送有安全保护的认证请求消息，或者，If the target AMF decides to initiate the primary authentication, according to the seventeenth instruction information, the target AMF should send a security-protected authentication request message, or,

目标AMF根据第十七指示信息，应发送有安全保护的N1消息，包括认证请求消息。According to the seventeenth instruction information, the target AMF should send a security-protected N1 message, including an authentication request message.

该第十七指示信息，用于指示目标AMF发送有安全保护的认证请求消息，或目标AMF发送有安全保护的N1消息。The seventeenth indication information is used to instruct the target AMF to send a security-protected authentication request message, or the target AMF to send a security-protected N1 message.

如果第一AM没有接收到第十七指示信息，也没有接收到水平K _AMF推演指示，则目标AMF可执行以下操作的任意一种： If the first AM does not receive the seventeenth instruction information, nor does it receive the horizontal K _AMF deduction instruction, the target AMF can perform any one of the following operations:

操作一：如果目标AMF决定进行主认证，则目标AMF应基于接收到的K _AMF或安全上下文保护认证请求消息，并发送有安全保护的认证请求信息，或目标AMF发送没有安全保护的认证请求消息。 Operation 1: If the target AMF decides to perform the master authentication, the target AMF should _{protect the authentication request message based on the received K AMF} or security context, and send the authentication request message with security protection, or the target AMF sends the authentication request message without security protection .

操作二：如果目标AMF决定不进行主认证，则目标AMF应基于接收到的K _AMF或安全上下文保护N1消息、并发送有安全保护的N1消息，或目标AMF应发送没有安全保护的N1消息。 Operation 2: If the target AMF decides not to perform the master authentication, the target AMF should _{protect the N1 message based on the received K AMF} or security context and send the N1 message with security protection, or the target AMF should send the N1 message without security protection.

操作三：目标AMF应基于接收到的K _AMF或安全上下文保护的N1消息，并发送有安全保护的N1消息，包括认证请求消息。 Operation 3: The target AMF should _{send the N1 message with security protection based on the received K AMF} or the N1 message protected by the security context, including the authentication request message.

操作四：目标AMF应发送没有安全保护的N1消息，包括认证请求消息。Operation 4: The target AMF should send an N1 message without security protection, including an authentication request message.

作为选项四的另一种可能的实现方式：如果目标AMF接收到的第十六指示信息和水平K _AMF推演指示，则目标AMF应不进行主认证，或目标AMF应使用接收到的K _AMF或安全上下文。否则如果目标AMF没有接收到水平K _AMF推演指示，但是接收到第十六指示信息，则目标AMF如果决定发起主认证，根据第十六指示信息，目标AMF应发送有安全保护的认证请求消息；或者， As another possible implementation of Option 4: If the target AMF receives the sixteenth instruction information and the level K _AMF deduction instruction, the target AMF should not perform the master authentication, or the target AMF should use the received K _AMF or Security context. Otherwise, if the target AMF does not receive the horizontal K _AMF deduction instruction, but receives the sixteenth instruction information, if the target AMF decides to initiate the primary authentication, according to the sixteenth instruction information, the target AMF should send an authentication request message with security protection; or,

目标AMF根据第十六指示信息，应发送有安全保护的N1消息，N1消息包括认证请求消息。The target AMF should send a security-protected N1 message according to the sixteenth instruction information, and the N1 message includes an authentication request message.

该第十六指示信息，用于指示目标AMF发送有安全保护的认证请求消息。The sixteenth indication information is used to instruct the target AMF to send a security-protected authentication request message.

如果目标AMF没有接收到第十六指示信息，但是接收到水平K _AMF推演指示，则目标AMF可执行以下操作的任意一种： If the target AMF does not receive the sixteenth instruction information, but receives the horizontal K _AMF deduction instruction, the target AMF can perform any one of the following operations:

操作一：如果目标AMF决定进行主认证，则目标AMF应发送没有安全保护的认证请求消息。Operation 1: If the target AMF decides to perform the master authentication, the target AMF should send an authentication request message without security protection.

操作二：如果目标AMF决定不进行主认证，则目标AMF应基于接收到的K _AMF或安全上下文保护N1消息、并发送有安全保护的N1消息，或目标AMF应发送没有安全保护的N1消息，或目标AMF发起NAS SMC； Operation 2: If the target AMF decides not to perform the master authentication, the target AMF should _{protect the N1 message based on the received K AMF} or security context and send the N1 message with security protection, or the target AMF should send the N1 message without security protection. Or the target AMF initiates NAS SMC;

操作三：目标AMF应发送没有安全保护的N1消息，包括认证请求消息。Operation 3: The target AMF should send an N1 message without security protection, including an authentication request message.

如果目标AMF没有接收到第十六指示信息，也没有接收到水平K _AMF推演指示，则目标AMF可执行以下操作的任意一种： If the target AMF does not receive the sixteenth instruction information, nor does it receive the horizontal K _AMF deduction instruction, the target AMF can perform any one of the following operations:

操作一：如果目标AMF决定进行主认证，则目标AMF应发送没有安全保护的认证请求消息，或目标AMF应基于接收到的K _AMF或安全上下文保护认证请求消息、并发送有安全保护的认证消息。 Operation 1: If the target AMF decides to perform primary authentication, the target AMF should send an authentication request message without security protection, or the target AMF should protect the authentication request message based on the received K _AMF or security context, and send an authentication message with security protection .

操作二：如果目标AMF决定不进行主认证，则目标AMF应基于接收到的K _AMF或安全上下文保护N1消息、并发送有安全保护的N1消息，或目标AMF应发送没有安全保护的N1消息； Operation 2: If the target AMF decides not to perform the master authentication, the target AMF should _{protect the N1 message based on the received K AMF} or security context and send the N1 message with security protection, or the target AMF should send the N1 message without security protection;

操作三：目标AMF应发送没有安全保护的N1消息，包括认证请求消息。Operation 3: The target AMF should send an N1 message without security protection, including an authentication request message.

操作四：目标AMF应发送有安全保护的N1消息，包括认证请求消息。Operation 4: The target AMF should send a N1 message with security protection, including an authentication request message.

第十六指示信息还可以用于指示以下的任意一种或多种：The sixteenth indication information can also be used to indicate any one or more of the following:

初始AMF和UE之间进行了NAS消息的安全交互；UE和初始AMF之间建立了安全关联；UE和初始AMF之间激活了安全保护；UE和初始AMF之间建立了新的NAS安全上下 文；初始AMF和UE之间成功进行了NAS SMC流程；初始AMF和UE进行主认证；初始AMF从原AMF处接收到水平K _AMF推演指示，并决定使用接收到的K _AMF或安全上下文；初始AMF决定使用从原AMF处接收到的由水平K _AMF推演生成的K _AMF；初始AMF选择了与原AMF选择的安全算法不同的安全算法；目标AMF应发送有安全保护的认证请求消息；目标AMF应保护认证请求消息；目标AMF应发送有保护的N1消息，包括认证请求消息。 The security exchange of NAS messages is carried out between the initial AMF and the UE; a security association is established between the UE and the initial AMF; security protection is activated between the UE and the initial AMF; a new NAS security context is established between the UE and the initial AMF; The NAS SMC process is successfully carried out between the initial AMF and the UE; the initial AMF and the UE perform primary authentication; the initial AMF receives the horizontal K _AMF deduction instruction from the original AMF and decides to use the received K _AMF or security context; the initial AMF decides use received from the old AMF place by the horizontal K _AMF deduction generated K _AMF; initial AMF selected security algorithm original AMF select a different security algorithm; target AMF to be transmitted with a security authentication request message; target AMF be protected Authentication request message; the target AMF should send a protected N1 message, including the authentication request message.

可选的，在图5所示的注册方法包括步骤516时，图5所示的方法还可包括：Optionally, when the registration method shown in FIG. 5 includes step 516, the method shown in FIG. 5 may further include:

517、目标AMF删除从原AMF获取的UE上下文或UE的安全上下文或UE的NAS安全上下文。517. The target AMF deletes the UE context or the security context of the UE or the NAS security context of the UE obtained from the original AMF.

需要说明的是，目标AMF从原AMF中获取到的UE上下文或UE的安全上下文或UE的NAS安全上下文与从SCP中获取的是否相同，本申请实施例不作限定。It should be noted that whether the UE context or the security context of the UE or the NAS security context of the UE obtained by the target AMF from the original AMF is the same as the one obtained from the SCP is not limited in the embodiment of this application.

本申请实施例中，初始AMF通过向SCP发送第一信息，该第一信息中包括UE上下文或UE安全上下文或UE的NAS安全上下文或初始AMF与UE建立的NAS安全上下文或当前UE安全上下文，可使得该初始AMF在通过(R)AN向目标AMF发送第二路由信息之后，该目标AMF可直接从SCP中获取UE上下文或UE安全上下文或UE的NAS安全上下文或初始AMF与UE建立的NAS安全上下文或当前安全上下文。其中，该UE的NAS安全上下文即为UE与初始AMF之间建立的NAS安全上下文，由此目标AMF便可获取到NAS安全上下文，从而避免了目标AMF注册失败，保证目标AMF能够注册成功。In the embodiment of the present application, the initial AMF sends first information to the SCP, and the first information includes the UE context or the UE security context or the NAS security context of the UE or the NAS security context established by the initial AMF and the UE or the current UE security context, After the initial AMF sends the second routing information to the target AMF through the (R)AN, the target AMF can directly obtain the UE context or the UE security context or the NAS security context of the UE or the NAS established by the initial AMF and the UE from the SCP. Security context or current security context. Wherein, the NAS security context of the UE is the NAS security context established between the UE and the initial AMF, so the target AMF can obtain the NAS security context, thereby avoiding registration failure of the target AMF and ensuring that the target AMF can register successfully.

图6是本申请实施例提供的一种注册方法的流程示意图，如图6所示，该注册方法包括：Fig. 6 is a schematic flowchart of a registration method provided by an embodiment of the present application. As shown in Fig. 6, the registration method includes:

可理解，对于图6中的601至610的具体实现方式可参考图2中201-210所示的注册方法，这里不再详述。It can be understood that for the specific implementation of 601 to 610 in FIG. 6, reference may be made to the registration method shown in 201-210 in FIG. 2, which will not be described in detail here.

611、初始AMF确定通过(R)AN将NAS消息重定向给目标AMF(即NAS reroute via(R)AN)；初始AMF向SCP发送第三信息；该SCP接收该初始AMF发送的第三信息。611. The initial AMF determines to redirect the NAS message to the target AMF through the (R)AN (that is, NAS reroute via (R)AN); the initial AMF sends third information to the SCP; the SCP receives the third information sent by the initial AMF.

例如，该第三信息中包括UE的标识信息和UE上下文，或者For example, the third information includes UE identification information and UE context, or

该第三信息中包括UE的标识信息和UE的安全上下文，或者The third information includes the identification information of the UE and the security context of the UE, or

该第三信息中包括UE的标识信息和UE的NAS安全上下文，或者The third information includes the identification information of the UE and the NAS security context of the UE, or

该第三信息中包括UE的标识信息、以及初始AMF与UE建立的NAS安全上下文，或者The third information includes the identification information of the UE and the NAS security context established by the initial AMF and the UE, or

该第三信息中包括UE的标识信息、以及当前安全上下文。The third information includes the identification information of the UE and the current security context.

其中，UE的标识信息可以是UE的SUCI，或SUPI，或5G-GUTI等等。Among them, the identification information of the UE may be the SUCI, or SUPI, or 5G-GUTI of the UE, and so on.

可选地，该UE的标识信息为初始AMF接收到的注册请求消息中携带的SUCI或者5G-GUTI。Optionally, the identification information of the UE is SUCI or 5G-GUTI carried in the registration request message received by the initial AMF.

可选的，该初始AMF还可根据一些条件来判断是否需要向SCP发送该第三信息。如可在满足以下条件中的一种或多种时，初始AMF向SCP发送第三信息：Optionally, the initial AMF may also determine whether the third information needs to be sent to the SCP based on some conditions. If one or more of the following conditions can be met, the initial AMF sends the third information to the SCP:

初始AMF和UE进行了NAS消息的安全交互；Initially, AMF and UE conducted a secure exchange of NAS messages;

初始AMF和UE成功地进行了NAS安全模式控制流程；The initial AMF and UE successfully carried out the NAS security mode control process;

初始AMF和UE成功地进行了NAS SMC；The initial AMF and UE successfully performed NAS SMC;

初始AMF和UE建立了新的NAS安全上下文；The initial AMF and UE establish a new NAS security context;

初始AMF和UE成功地进行了主认证；The initial AMF and UE successfully performed the master authentication;

初始AMF和UE激活了NAS安全；NAS security is activated by the initial AMF and UE;

初始AMF接收到水平K _AMF推衍指示(keyAMFHDerivationInd指示)； The initial AMF receives the level K _AMF derivation indication (keyAMFHDerivationInd indication);

初始AMF选择了新的安全算法。The initial AMF chose a new security algorithm.

可选的，初始AMF向SCP发送第三信息之前，该初始AMF还可根据本地策略或本地配置，来确定是否进行水平K _AMF推衍。在初始AMF确定进行水平K _AMF推衍的情况下，该初始AMF进行水平K _AMF推衍可生成新的K _AMF。进一步的，该初始AMF还可向SCP发送该新的K _AMF，和水平K _AMF推衍指示，比如keyAMFHDerivationInd。 Optionally, before the initial AMF sends the third information to the SCP, the initial AMF may also determine whether to perform horizontal K _AMF derivation according to a local policy or local configuration. In the case where the initial AMF determines to perform the horizontal K _AMF derivation, the initial AMF performs the horizontal K _AMF derivation to generate a new K _AMF . Further, the initial AMF can also send the new K _AMF and a horizontal K _AMF derivation instruction, such as keyAMFHDerivationInd, to the SCP.

可理解，步骤611可在步骤607之后，以及步骤612之前的任何位置，本申请实施例对于步骤611具体在哪个步骤之前或之后不作限定。It is understandable that step 611 can be any position after step 607 and before step 612, and the embodiment of the present application does not limit which step 611 is before or after.

612、初始AMF通过(R)AN向目标AMF发送第二指示信息，即初始AMF向(R)AN发送第二指示信息，该(R)AN接收该第二指示信息。612. The initial AMF sends the second indication information to the target AMF through the (R)AN, that is, the initial AMF sends the second indication information to the (R)AN, and the (R)AN receives the second indication information.

该第二指示信息可用于指示目标AMF从SCP中获取UE上下文或UE的安全上下文或UE的NAS安全上下文或初始AMF与UE建立的NAS安全上下文或当前安全上下文。可选的，该第二指示信息还可用于指示以下一种或多种：The second indication information may be used to instruct the target AMF to obtain the UE context or the UE's security context or the UE's NAS security context or the NAS security context established by the initial AMF and the UE or the current security context from the SCP. Optionally, the second indication information may also be used to indicate one or more of the following:

初始AMF和UE进行了NAS消息的安全交互；Initially, AMF and UE conducted a secure exchange of NAS messages;

初始AMF和UE成功地进行了NAS安全模式控制流程；The initial AMF and UE successfully carried out the NAS security mode control process;

初始AMF和UE成功地进行了NAS SMC；The initial AMF and UE successfully performed NAS SMC;

初始AMF和UE建立了新的NAS安全上下文；The initial AMF and UE establish a new NAS security context;

初始AMF和UE成功地进行了主认证；The initial AMF and UE successfully performed the master authentication;

初始AMF和UE激活了NAS安全；NAS security is activated by the initial AMF and UE;

初始AMF接收到水平K _AMF推衍指示(keyAMFHDerivationInd指示)； The initial AMF receives the level K _AMF derivation indication (keyAMFHDerivationInd indication);

初始AMF选择了新的安全算法；The initial AMF selected a new security algorithm;

初始AMF向SCP发送了UE上下文或UE的安全上下文或UE的NAS安全上下文或初始AMF与UE建立的NAS安全上下文。The initial AMF sends the UE context or the security context of the UE or the NAS security context of the UE or the NAS security context established by the initial AMF and the UE to the SCP.

可选的，初始AMF还可通过一些条件来判断是否向目标AMF发送第二指示信息。例如，在满足以下条件中的一种或多种时，该初始AMF可向目标AMF发送第二指示信息。Optionally, the initial AMF may also determine whether to send the second indication information to the target AMF based on some conditions. For example, when one or more of the following conditions are met, the initial AMF may send second indication information to the target AMF.

初始AMF和UE进行了NAS消息的安全交互；Initially, AMF and UE conducted a secure exchange of NAS messages;

初始AMF和UE成功地进行了NAS安全模式控制流程；The initial AMF and UE successfully carried out the NAS security mode control process;

初始AMF和UE成功地进行了NAS SMC；The initial AMF and UE successfully performed NAS SMC;

初始AMF和UE建立了新的NAS安全上下文；The initial AMF and UE establish a new NAS security context;

初始AMF和UE成功地进行了主认证；The initial AMF and UE successfully performed the master authentication;

初始AMF和UE激活了NAS安全；NAS security is activated by the initial AMF and UE;

初始AMF接收到水平KAMF推衍指示(keyAMFHDerivationInd指示)；The initial AMF receives the horizontal KAMF derivation indication (keyAMFHDerivationInd indication);

初始AMF选择了新的安全算法；The initial AMF selected a new security algorithm;

初始AMF向SCP发送了UE上下文或UE的安全上下文或UE的NAS安全上下文或初始AMF与UE建立的NAS安全上下文或当前安全上下文。The initial AMF sends the UE context or the security context of the UE or the NAS security context of the UE or the NAS security context established by the initial AMF and the UE or the current security context to the SCP.

可选地，初始AMF向(R)AN发送reroute NAS message，并在该reroute NAS message中包括该第二指示信息。(R)AN接收该reroute NAS message。Optionally, the initial AMF sends a reroute NAS message to the (R)AN, and includes the second indication information in the reroute NAS message. (R) AN receives the reroute NAS message.

613、RAN将该第二指示信息发送给目标AMF，目标AMF接收该第二指示信息。613. The RAN sends the second indication information to the target AMF, and the target AMF receives the second indication information.

可选地，(R)AN向目标AMF发送initial UE message，该initial UE message中包括接收到的该第二指示信息。目标AMF接收该initial UE message。Optionally, the (R)AN sends an initial UE message to the target AMF, and the initial UE message includes the received second indication information. The target AMF receives the initial UE message.

614、目标AMF根据该第二指示信息，向SCP发送第五服务请求，该SCP接收该第五 服务请求。614. The target AMF sends a fifth service request to the SCP according to the second indication information, and the SCP receives the fifth service request.

本申请实施例中，该第五服务请求可用于请求UE上下文或UE的安全上下文或UE的NAS安全上下文或初始AMF与UE建立的NAS安全上下文或当前安全上下文。该第五服务请求中可包括UE的标识信息。由于接收到的initialUE message中可包括RR消息，因此该UE的标识信息可包括目标AMF接收到的initialUE message消息中包括的RR消息中的UE的标识信息。该UE的标识信息可以是SUPI、或SUCI、或5G-GUTI。In the embodiment of the present application, the fifth service request may be used to request the UE context or the security context of the UE or the NAS security context of the UE or the NAS security context established by the initial AMF and the UE or the current security context. The fifth service request may include the identification information of the UE. Since the received initialUE message may include an RR message, the identification information of the UE may include the identification information of the UE in the RR message included in the initialUE message received by the target AMF. The identification information of the UE may be SUPI, or SUCI, or 5G-GUTI.

可选的，在步骤613之前，步骤612之后，图6所示的注册方法还包括：Optionally, before step 613 and after step 612, the registration method shown in FIG. 6 further includes:

616、目标AMF从原AMF中获取UE上下文或UE的安全上下文或UE的NAS安全上下文，如目标AMF可通过Namf_Communication_UEContextTransfer向原AFM请求UE上下文或UE的安全上下文或UE的NAS安全上下文，以及该原AMF可通过Namf_Communication_UEContextTransfer response向目标AMF发送UE上下文或UE的安全上下文或UE的NAS安全上下文。616. The target AMF obtains the UE context or the UE's security context or the UE's NAS security context from the original AMF. For example, the target AMF can request the UE context or the UE's security context or the UE's NAS security context from the original AFM through Namf_Communication_UEContextTransfer, and the original AMF The UE context or the security context of the UE or the NAS security context of the UE can be sent to the target AMF through Namf_Communication_UEContextTransfer response.

在目标AMF从原AMF中获取到UE上下文或UE的安全上下文或UE的NAS安全上下文的情况下，上述第五服务请求中所包括的UE的标识信息还可包括从原AMF中获取到的UE上下文或UE的安全上下文或UE的NAS安全上下文中包括的UE的标识。例如，该UE的标识可以是SUPI、或者5G-GUTI、或者SUCI。In the case that the target AMF obtains the UE context or the security context of the UE or the NAS security context of the UE from the original AMF, the UE identification information included in the fifth service request may also include the UE obtained from the original AMF The context or the UE's security context or the UE's NAS security context includes the identity of the UE. For example, the identity of the UE may be SUPI, or 5G-GUTI, or SUCI.

具体的，目标AMF接收到第二指示信息后，可有UE上下文或UE的安全上下文或UE的NAS安全上下文或当前安全上下文的SCP，从而向SCP发送第五服务请求。作为示例，目标AMF寻址到有UE上下文或UE的安全上下文或UE的NAS安全上下文的SCP的具体方法，可包括目标AMF可根据本次策略和/或本次配置信息获取该SCP的路由信息，或者目标AMF从其他网络功能或者网络实体(比如NRF)上获取该SCP的信息等等，本申请实施例对于如何找到SCP的方法不作限定。Specifically, after receiving the second indication information, the target AMF may have the UE context or the security context of the UE or the NAS security context of the UE or the SCP of the current security context, so as to send the fifth service request to the SCP. As an example, the specific method for the target AMF to address the SCP with the UE context or the UE's security context or the UE's NAS security context may include that the target AMF can obtain the routing information of the SCP according to the current policy and/or the current configuration information , Or the target AMF obtains the SCP information from other network functions or network entities (such as NRF), etc. The embodiment of the present application does not limit the method of how to find the SCP.

615、SCP根据UE的标识信息获取与该标识信息对应的UE上下文、或UE的安全上下文、或UE的NAS安全上下文、或初始AMF与UE建立的NAS安全上下文或当前安全上下文，向目标AMF发送第五服务请求响应，该第五服务请求响应中包括UE上下文、或UE的安全上下文、或UE的NAS安全上下文、或初始AMF与UE建立的NAS安全上下文，该目标AMF接收该第五服务请求响应。615. The SCP obtains the UE context corresponding to the identification information, or the security context of the UE, or the NAS security context of the UE, or the NAS security context established by the initial AMF and the UE or the current security context according to the identification information of the UE, and sends it to the target AMF A fifth service request response. The fifth service request response includes the UE context, or the security context of the UE, or the NAS security context of the UE, or the NAS security context established by the initial AMF and the UE, and the target AMF receives the fifth service request response.

可选的，在初始AMF向SCP发送该新的K _AMF，和水平KAMF推衍指示，比如keyAMFHDerivationInd的情况下，该SCP还可将该水平K _AMF推衍指示和该新的K _AMF发送给目标AMF，由此目标AMF接收到该水平K _AMF推衍指示和新的K _AMF之后，该目标AMF向UE发送NAS SMC消息，并在该NAS SMC消息中包括值为1的K_AMF_change_flag，用于指示UE进行水平K _AMF推衍。进一步的，在UE接收到该NAC SMC消息之后，可向该目标AMF发送NAS SMP消息。 Optionally, in the case where the initial AMF sends the new K _AMF and the level KAMF derivation instruction to the SCP, such as keyAMFHDerivationInd, the SCP may also _{send the level K AMF} derivation instruction and the new K _AMF to the target AMF, after the target AMF receives the level K _AMF derivation indication and the new K _AMF , the target AMF sends a NAS SMC message to the UE, and the NAS SMC message includes a K_AMF_change_flag with a value of 1, which is used to instruct the UE Perform horizontal K _AMF derivation. Further, after receiving the NAC SMC message, the UE may send a NAS SMP message to the target AMF.

可选的，在图6所示的注册方法包括步骤616时，图6所示的方法还可包括：Optionally, when the registration method shown in FIG. 6 includes step 616, the method shown in FIG. 6 may further include:

617、目标AMF删除从原AMF获取的UE上下文或UE的安全上下文或UE的NAS安全上下文。617. The target AMF deletes the UE context or the security context of the UE or the NAS security context of the UE obtained from the original AMF.

需要说明的是，目标AMF从原AMF中获取到的UE上下文或UE的安全上下文或UE的NAS安全上下文与从SCP中获取的是否相同，本申请实施例不作限定。It should be noted that whether the UE context or the security context of the UE or the NAS security context of the UE obtained by the target AMF from the original AMF is the same as the one obtained from the SCP is not limited in the embodiment of this application.

图7是本申请实施例提供的一种注册方法的流程示意图，如图7所示，该注册方法包括：FIG. 7 is a schematic flowchart of a registration method provided by an embodiment of the present application. As shown in FIG. 7, the registration method includes:

可理解，对于图7中的701至710的具体实现方式可图2所示的201-210的注册方法，这里不再详述。It can be understood that the specific implementation of 701 to 710 in FIG. 7 can be the registration method 201-210 shown in FIG. 2, which will not be described in detail here.

711、初始AMF确定通过SCP进行NAS重定向。初始AMF通过SCP向目标AMF发送第二信息，该第二信息包括完整的注册请求信息，UE相关信息和第三路由信息。即初始AMF向SCP发送该第二信息，该SCP接收该第二信息。其中，该UE相关信息包括UE上下文、或UE安全上下文、或UE的NAS安全上下文、或初始AMF与UE建立的NAS安全上下文或当前UE上下文。711. The initial AMF determines to perform NAS redirection through the SCP. The initial AMF sends second information to the target AMF through the SCP. The second information includes complete registration request information, UE-related information, and third routing information. That is, the initial AMF sends the second information to the SCP, and the SCP receives the second information. Wherein, the UE-related information includes UE context, or UE security context, or UE's NAS security context, or the NAS security context established by the initial AMF and the UE or the current UE context.

本申请实施例中，该第三路由信息可以包括目标AMF的路由信息。例如，该第三路由信息可包括以下任意一项或多项：目标AMF的终点地址(end point address)、目标AMF的互联网协议(internet protocol，IP)地址、目标AMF的实例标识(instance ID)、目标AMF的AMF集标识(AMF set ID)、目标AMF的全球唯一AMF标识(Globally Unique AMF Identifier，GUAMI)、目标AMF提供的用于UE上下文的服务实例标识(service instance ID)、目标AMF的服务实例集标识(service set ID)等。可理解，该第三路由信息还可能包括其他的可用于寻址目标AMF的信息，本申请不做限制。In the embodiment of the present application, the third routing information may include routing information of the target AMF. For example, the third routing information may include any one or more of the following: the end point address of the target AMF, the internet protocol (IP) address of the target AMF, and the instance ID of the target AMF , The AMF set ID of the target AMF, the globally unique AMF Identifier (GUAMI) of the target AMF, the service instance ID provided by the target AMF for the UE context, and the service instance ID of the target AMF Service instance set ID (service set ID), etc. It is understandable that the third routing information may also include other information that can be used to address the target AMF, which is not limited in this application.

可选的，初始AMF向SCP发送第二信息之前，该初始AMF还可根据本地策略或本地配置，来确定是否进行水平K _AMF推衍。在初始AMF确定进行水平K _AMF推衍的情况下，该初始AMF进行水平K _AMF推衍可生成新的K _AMF。进一步的，该初始AMF还可向SCP发送该新的K _AMF，和水平密钥K _AMF推衍指示，比如keyAMFHDerivationInd指示。 Optionally, before the initial AMF sends the second information to the SCP, the initial AMF may also determine whether to perform horizontal K _AMF derivation according to a local policy or local configuration. In the case where the initial AMF determines to perform the horizontal K _AMF derivation, the initial AMF performs the horizontal K _AMF derivation to generate a new K _AMF . Further, the initial AMF may also send the new K _AMF and the horizontal key K _AMF derivation instruction to the SCP, such as the keyAMFHDerivationInd instruction.

可选的，初始AMF根据本地策略和订阅信息确定通过SCP进行NAS重定向。Optionally, the initial AMF determines to perform NAS redirection through SCP according to the local policy and subscription information.

可选地，在初始AMF确定不能进行直接NAS重定向或确定需要通过(R)AN的NAS重定向时，而初始AMF判断满足以下条件中的一种或者几种满足时，初始AMF可确定通过SCP进行NAS重定向：Optionally, when the initial AMF determines that direct NAS redirection cannot be performed or that NAS redirection through (R)AN is required, and the initial AMF determines that one or more of the following conditions are met, the initial AMF may determine that SCP performs NAS redirection:

初始AMF和UE进行了NAS消息的安全交互；Initially, AMF and UE conducted a secure exchange of NAS messages;

初始AMF和UE成功地进行了NAS安全模式控制流程；The initial AMF and UE successfully carried out the NAS security mode control process;

初始AMF和UE成功地进行了NAS SMC；The initial AMF and UE successfully performed NAS SMC;

初始AMF和UE建立了新的NAS安全上下文；The initial AMF and UE establish a new NAS security context;

初始AMF和UE成功地进行了主认证；The initial AMF and UE successfully performed the master authentication;

初始AMF和UE激活了NAS安全；NAS security is activated by the initial AMF and UE;

初始AMF接收到水平KAMF推衍指示(keyAMFHDerivationInd指示)；The initial AMF receives the horizontal KAMF derivation indication (keyAMFHDerivationInd indication);

初始AMF选择了新的安全算法；The initial AMF selected a new security algorithm;

712、SCP向目标AMF发送第二信息，目标AMF接收该第二信息。712. The SCP sends the second information to the target AMF, and the target AMF receives the second information.

SCP接收到初始AMF发送的完整的RR消息、UE相关信息和第三路由信息之后，根据第三路由信息找到目标AMF，并向目标AMF发送接收到的完整的RR消息和UE相关信息。After receiving the complete RR message, UE-related information, and third routing information sent by the initial AMF, the SCP finds the target AMF according to the third routing information, and sends the received complete RR message and UE-related information to the target AMF.

可选的，在初始AMF向SCP发送该新的K _AMF，和水平K _AMF推衍指示，比如keyAMFHDerivationInd的情况下，该SCP还可将该水平K _AMF推衍指示和该新的K _AMF发送给目标AMF，由此目标AMF接收到该水平K _AMF推衍指示和新的K _AMF之后，该目标AMF向UE发送NAS SMC消息，并在该NAS SMC消息中包括值为1的K_AMF_change_flag，用于指示UE进行水平K _AMF推衍。进一步的，在UE接收到该NAC SMC消息之后，可向该目标AMF发送NAS SMP消息。 Optionally, when the initial AMF sends the new K _AMF and the level K _AMF derivation instruction to the SCP, such as keyAMFHDerivationInd, the SCP may also send _{the level K AMF} derivation instruction and the new K _{AMF to the SCP} The target AMF. After the target AMF receives the horizontal K _AMF derivation indication and the new K _AMF , the target AMF sends a NAS SMC message to the UE, and the NAS SMC message includes a K_AMF_change_flag with a value of 1 to indicate The UE performs horizontal K _AMF derivation. Further, after receiving the NAC SMC message, the UE may send a NAS SMP message to the target AMF.

图7所示流程还可选地包括步骤713和714。The process shown in FIG. 7 optionally further includes steps 713 and 714.

713、目标AMF从原AMF中获取UE上下文或UE的安全上下文或UE的NAS安全上下文，如目标AMF可通过Namf_Communication_UEContextTransfer向原AFM请求UE上下文或UE的安全上下文或UE的NAS安全上下文，以及该原AMF可通过Namf_Communication_UEContextTransfer response向目标AMF发送UE上下文或UE的安全上下文或UE的NAS安全上下文。713. The target AMF obtains the UE context or the UE's security context or the UE's NAS security context from the original AMF. For example, the target AMF can request the UE context or the UE's security context or the UE's NAS security context from the original AFM through Namf_Communication_UEContextTransfer, and the original AMF The UE context or the security context of the UE or the NAS security context of the UE can be sent to the target AMF through Namf_Communication_UEContextTransfer response.

714、目标AMF删除从原AMF获取的UE上下文或UE的安全上下文或UE的NAS安全上下文。714. The target AMF deletes the UE context or the UE security context or the UE's NAS security context obtained from the original AMF.

需要说明的是，目标AMF从原AMF中获取到的UE上下文或UE的安全上下文或UE的NAS安全上下文与从初始AMF中获取的是否相同，本申请实施例不作限定。It should be noted that whether the UE context or the security context of the UE or the NAS security context of the UE obtained by the target AMF from the original AMF is the same as the one obtained from the initial AMF is not limited in this embodiment of the application.

本申请实施例中，初始AMF通过向SCP发送第二信息，该第二信息中可包括完整的注册请求信息，UE相关信息和第三路由信息，可使得目标AMF从SCP获取UE上下文、或UE安全上下文、或UE的NAS安全上下文、或初始AMF与UE建立的NAS安全上下文等等信息，从而保证目标AMF能够注册成功。In the embodiment of this application, the initial AMF sends second information to the SCP, which may include complete registration request information, UE-related information, and third routing information, so that the target AMF can obtain the UE context or UE from the SCP. Information such as the security context, or the NAS security context of the UE, or the NAS security context established by the initial AMF and the UE, so as to ensure that the target AMF can be successfully registered.

需要说明的是，本申请中所有的实施例，也可以将SCP换成其他的网络功能或者网络实体，比如NSSF。It should be noted that in all the embodiments in this application, the SCP can also be replaced with other network functions or network entities, such as NSSF.

需要说明的是，本申请实施例对于英文名称的大小写不作限定，如Namf_Communication_UEContextTransfer，也可以为NAMF_Communication_UEContextTransfer等。It should be noted that the embodiment of the application does not limit the case of the English name, such as Namf_Communication_UEContextTransfer, or NAMF_Communication_UEContextTransfer.

可理解，以上各个实施例各有侧重，其中一个实施例中未详细描述的实现方式可参考其他实施例，这里不再一一赘述。进一步的，本文中描述的各个实施例可以为独立的方案，也可以根据内在逻辑进行组合，这些方案都落入本申请的保护范围中。It can be understood that each of the above embodiments has its own focus, and for an implementation that is not described in detail in one of the embodiments, reference may be made to other embodiments, which will not be repeated here. Further, the various embodiments described herein may be independent solutions, or may be combined according to internal logic, and these solutions fall within the protection scope of the present application.

上述主要从各个交互的角度对本申请实施例提供的方案进行了介绍。可以理解的是，各个网元或网络功能，例如初始AMF、目标AMF和原AMF等等，为了实现上述功能，其包含了执行各个功能相应的硬件结构和/或软件模块。本领域技术人员应该可以意识到，结合本文中所公开的实施例描述的各示例的单元及方法步骤，本申请能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行，取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能，但是这种实现不应认为超出本申请的范围。The foregoing mainly introduces the solutions provided by the embodiments of the present application from the perspective of each interaction. It can be understood that each network element or network function, such as the initial AMF, the target AMF, and the original AMF, etc., in order to realize the above functions, includes hardware structures and/or software modules corresponding to each function. Those skilled in the art should be aware that, in combination with the units and method steps of the examples described in the embodiments disclosed herein, the present application can be implemented in the form of hardware or a combination of hardware and computer software. Whether a certain function is executed by hardware or computer software-driven hardware depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.

本申请实施例可以根据上述方法示例对各个网元或网络功能进行功能模块的划分，例如，可以对应各个功能划分各个功能模块，也可以将两个或两个以上的功能集成在一个处理模块中。上述集成的模块既可以使用硬件的形式实现，也可以使用软件功能模块的形式实现。The embodiments of the present application can divide each network element or network function into functional modules according to the above method examples. For example, each functional module can be divided corresponding to each function, or two or more functions can be integrated into one processing module. . The above-mentioned integrated modules can be implemented in the form of hardware or software function modules.

如图8所示为本申请实施例提供的一种用于注册的装置80，用于实现上述方法中。作为示例，该用于注册的装置80可为初始AMF、或目标AMF、或原AMF；作为示例，该用于注册的装置80还可为(R)AN即网络设备；作为示例，该用于注册的装置还可为SCP；作为示例，该用于注册的装置还可为终端设备等等。也就是说，该用于注册的装置可为实现图2-图7所示的注册方法中所涉及到的相关装置。可选的，该装置还可以为芯片***。本申请实施例中，芯片***可以由芯片构成，也可以包含芯片和其他分立器件。装置80包括至少一个处理器820，用于实现本申请实施例提供的方法中相关网元或网络功能的功能。作为示例，装置80还可以包括收发器810。在本申请实施例中，收发器可用于通过传输介质和其它设备 进行通信。As shown in FIG. 8, an apparatus 80 for registration provided by an embodiment of the application is used to implement the above method. As an example, the device 80 for registration may be the initial AMF, or the target AMF, or the original AMF; as an example, the device 80 for registration may also be (R)AN, or network equipment; as an example, the device 80 may be The registered device may also be an SCP; as an example, the registered device may also be a terminal device and so on. In other words, the device used for registration may be a related device involved in implementing the registration method shown in FIGS. 2-7. Optionally, the device may also be a chip system. In the embodiments of the present application, the chip system may be composed of chips, or may include chips and other discrete devices. The device 80 includes at least one processor 820, which is configured to implement functions of related network elements or network functions in the method provided in the embodiments of the present application. As an example, the device 80 may also include a transceiver 810. In the embodiment of the present application, the transceiver can be used to communicate with other devices through the transmission medium.

可选的，装置80还可以包括至少一个存储器830，用于存储程序指令和/或数据。存储器830和处理器820耦合。本申请实施例中的耦合是装置、单元或模块之间的间接耦合或通信连接，可以是电性，机械或其它的形式，用于装置、单元或模块之间的信息交互。处理器820可能和存储器830协同操作。处理器820可能执行存储器830中存储的程序指令。至少一个存储器中的至少一个可以包括于处理器中。Optionally, the device 80 may further include at least one memory 830 for storing program instructions and/or data. The memory 830 and the processor 820 are coupled. The coupling in the embodiments of the present application is an indirect coupling or communication connection between devices, units or modules, and may be in electrical, mechanical or other forms, and is used for information exchange between devices, units or modules. The processor 820 may cooperate with the memory 830 to operate. The processor 820 may execute program instructions stored in the memory 830. At least one of the at least one memory may be included in the processor.

可理解，在不同的网元或网络功能实体中，可能有的不包括存储器，因此本申请实施例对于该用于注册的装置中是否包括存储器不作限定。It can be understood that in different network elements or network functional entities, some may not include a memory, so the embodiment of the present application does not limit whether the device for registration includes a memory.

本申请实施例中不限定上述收发器810、处理器820以及存储器830之间的具体连接介质。本申请实施例在图8中以存储器830、处理器820以及收发器810之间通过总线840连接，总线在图8中以粗线表示，其它部件之间的连接方式，仅是进行示意性说明，并不引以为限。所述总线可以分为地址总线、数据总线、控制总线等。为便于表示，图8中仅用一条粗线表示，但并不表示仅有一根总线或一种类型的总线。The embodiment of the present application does not limit the specific connection medium between the foregoing transceiver 810, the processor 820, and the memory 830. In the embodiment of the present application, the memory 830, the processor 820, and the transceiver 810 are connected by a bus 840 in FIG. 8. The bus is represented by a thick line in FIG. 8. The connection mode between other components is only for schematic illustration. , Is not limited. The bus can be divided into an address bus, a data bus, a control bus, and so on. For ease of representation, only one thick line is used in FIG. 8, but it does not mean that there is only one bus or one type of bus.

可选的，处理器可以包括基带处理器和中央处理器(central processing unit，CPU)，基带处理器主要用于对通信协议以及通信数据进行处理，CPU主要用于对整个装置进行控制，执行软件程序，处理软件程序的数据。可选的，该处理器还可以是网络处理器(network processor，NP)或者CPU和NP的组合。处理器还可以进一步包括硬件芯片。上述硬件芯片可以是专用集成电路(application-specific integrated circuit，ASIC)，可编程逻辑器件(programmable logic device，PLD)或其组合。上述PLD可以是复杂可编程逻辑器件(complex programmable logic device，CPLD)，现场可编程逻辑门阵列(field-programmable gate array，FPGA)，通用阵列逻辑(generic array logic,GAL)或其任意组合。存储器可以包括易失性存储器或非易失性存储器，或可包括易失性和非易失性存储器两者。其中，非易失性存储器可以是只读存储器(read-only memory，ROM)、可编程只读存储器(programmable ROM，PROM)、可擦除可编程只读存储器(erasable PROM，EPROM)、电可擦除可编程只读存储器(electrically EPROM，EEPROM)或闪存。易失性存储器可以是随机存取存储器(random access memory，RAM)，其用作外部高速缓存。通过示例性但不是限制性说明，许多形式的RAM可用，例如静态随机存取存储器(static RAM，SRAM)、动态随机存取存储器(dynamic RAM，DRAM)、同步动态随机存取存储器(synchronous DRAM，SDRAM)、双倍数据速率同步动态随机存取存储器(double data rate SDRAM，DDR SDRAM)、增强型同步动态随机存取存储器(enhanced SDRAM，ESDRAM)、同步连接动态随机存取存储器(synchlink DRAM，SLDRAM)和直接内存总线随机存取存储器(direct rambus RAM，DR RAM)等等。Optionally, the processor may include a baseband processor and a central processing unit (CPU). The baseband processor is mainly used to process communication protocols and communication data, and the CPU is mainly used to control the entire device and execute software. Programs, which process the data of software programs. Optionally, the processor may also be a network processor (network processor, NP) or a combination of CPU and NP. The processor may further include a hardware chip. The aforementioned hardware chip may be an application-specific integrated circuit (ASIC), a programmable logic device (PLD), or a combination thereof. The above-mentioned PLD may be a complex programmable logic device (CPLD), a field-programmable gate array (FPGA), a generic array logic (GAL) or any combination thereof. The memory may include volatile memory or non-volatile memory, or may include both volatile and non-volatile memory. Among them, the non-volatile memory can be read-only memory (ROM), programmable read-only memory (programmable ROM, PROM), erasable programmable read-only memory (erasable PROM, EPROM), and electrically available Erase programmable read-only memory (electrically EPROM, EEPROM) or flash memory. The volatile memory may be random access memory (RAM), which is used as an external cache. By way of exemplary but not restrictive description, many forms of RAM are available, such as static random access memory (static RAM, SRAM), dynamic random access memory (dynamic RAM, DRAM), and synchronous dynamic random access memory (synchronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous connection dynamic random access memory (synchlink DRAM, SLDRAM) ) And direct memory bus random access memory (direct rambus RAM, DR RAM) and so on.

本申请实施例还提供一种计算机存储介质，其中，该计算机存储介质可存储有程序，该程序执行时包括上述方法实施例中记载的任何一种注册方法的部分或全部步骤。An embodiment of the present application also provides a computer storage medium, wherein the computer storage medium may store a program, and the program includes part or all of the steps of any registration method recorded in the above method embodiment when the program is executed.

需要说明的是，对于前述的各方法实施例，为了简单描述，故将其都表述为一系列的动作组合，但是本领域技术人员应该知悉，本申请并不受所描述的动作顺序的限制，因为依据本申请，某些步骤可以采用其他顺序或者同时进行。其次，本领域技术人员也应该知悉，说明书中所描述的实施例均属于优选实施例，所涉及的动作和模块并不一定是本申请所必须的。It should be noted that for the foregoing method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, but those skilled in the art should know that this application is not limited by the described sequence of actions. Because according to this application, some steps can be performed in other order or at the same time. Secondly, those skilled in the art should also know that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily required by this application.

在上述实施例中，对各个实施例的描述都各有侧重，某个实施例中没有详述的部分，可以参见其他实施例的相关描述。In the above-mentioned embodiments, the description of each embodiment has its own focus. For parts that are not described in detail in an embodiment, reference may be made to related descriptions of other embodiments.

在本申请所提供的几个实施例中，应该理解到，所揭露的装置，可通过其它的方式实现。 例如，以上所描述的装置实施例仅仅是示意性的，例如所述单元的划分，仅仅为一种逻辑功能划分，实际实现时可以有另外的划分方式，例如多个单元或组件可以结合或者可以集成到另一个***，或一些特征可以忽略，或不执行。另一点，所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口，装置或单元的间接耦合或通信连接，可以是电性或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed device may be implemented in other ways. For example, the device embodiments described above are merely illustrative, for example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or may be Integrate into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical or other forms.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的，作为单元显示的部件可以是或者也可以不是物理单元，即可以位于一个地方，或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.

另外，在本申请各个实施例中的各功能单元可以集成在一个处理单元中，也可以是各个单元单独物理存在，也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现，也可以采用软件功能单元的形式实现。In addition, the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.

所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时，可以存储在一个计算机可读取存储器中。基于这样的理解，本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来，该计算机软件产品存储在一个存储器中，包括若干指令用以使得一台计算机设备(可为个人计算机、服务器或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储器包括：U盘、只读存储器(ROM，Read-Only Memory)、随机存取存储器(RAM，Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable memory. Based on this understanding, the technical solution of the present application essentially or the part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a memory. A number of instructions are included to enable a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned memory includes: U disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disk or optical disk and other media that can store program codes.

本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成，该程序可以存储于一计算机可读存储器中，存储器可以包括：闪存盘、只读存储器(英文：Read-Only Memory，简称：ROM)、随机存取器(英文：Random Access Memory，简称：RAM)、磁盘或光盘等。Those of ordinary skill in the art can understand that all or part of the steps in the various methods of the above-mentioned embodiments can be completed by a program instructing relevant hardware. The program can be stored in a computer-readable memory, and the memory can include: a flash disk , Read-only memory (English: Read-Only Memory, abbreviation: ROM), random access device (English: Random Access Memory, abbreviation: RAM), magnetic disk or optical disk, etc.

以上对本申请实施例进行了详细介绍，本文中应用了具体个例对本申请的原理及实施方式进行了阐述，以上实施例的说明只是用于帮助理解本申请的方法及其核心思想；同时，对于本领域的一般技术人员，依据本申请的思想，在具体实施方式及应用范围上均会有改变之处，综上上述，本说明书内容不应理解为对本申请的限制。The embodiments of the application are described in detail above, and specific examples are used in this article to illustrate the principles and implementation of the application. The descriptions of the above embodiments are only used to help understand the methods and core ideas of the application; at the same time, for Persons of ordinary skill in the art, based on the ideas of this application, will have changes in the specific implementation and the scope of application. In summary, the content of this specification should not be construed as a limitation to this application.

在本发明的保护范围之内。因此，本发明的保护范围应以所述权利要求的保护范围为准。Within the protection scope of the present invention. Therefore, the protection scope of the present invention should be subject to the protection scope of the claims.

Claims (14)

1. 一种注册方法，其特征在于，包括：A registration method, characterized in that it includes:

   初始接入管理功能AMF确定通过接入网设备进行非接入层NAS重定向；The initial access management function AMF determines the non-access layer NAS redirection through the access network equipment;

   所述初始AMF发送第一路由信息，所述第一路由信息用于指示目标AMF从所述初始AMF中获取终端设备的相关信息；The initial AMF sends first routing information, where the first routing information is used to instruct the target AMF to obtain related information of the terminal device from the initial AMF;

   在所述目标AMF接收到所述第一路由信息的情况下，所述初始AMF接收第一服务请求，所述第一服务请求用于请求所述终端设备的相关信息；In a case where the target AMF receives the first routing information, the initial AMF receives a first service request, and the first service request is used to request related information of the terminal device;

   所述初始AMF发送所述第一服务请求的响应，所述第一服务请求的响应中包括所述终端设备的相关信息。The initial AMF sends a response to the first service request, and the response to the first service request includes related information of the terminal device.
2. 根据权利要求1所述的方法，其特征在于，所述终端设备的相关信息包括以下任意一种或多种信息：所述终端设备的上下文、所述终端设备的安全上下文、所述终端设备的NAS安全上下文或所述初始AMF与所述终端设备建立的NAS安全上下文。The method according to claim 1, wherein the related information of the terminal device includes any one or more of the following information: the context of the terminal device, the security context of the terminal device, the security context of the terminal device NAS security context or NAS security context established by the initial AMF and the terminal device.
3. 根据权利要求1或2所述的方法，其特征在于，第一路由信息中包括所述初始AMF的路由信息。The method according to claim 1 or 2, wherein the first routing information includes routing information of the initial AMF.
4. 根据权利要求1-3任一项所述的方法，其特征在于，所述第一服务请求中包括所述第一路由信息和所述终端设备的标识信息。The method according to any one of claims 1 to 3, wherein the first service request includes the first routing information and identification information of the terminal device.
5. 根据权利要求1-4任一项所述的方法，其特征在于，所述初始AMF向目标AMF发送第一路由信息包括：The method according to any one of claims 1-4, wherein the initial AMF sending the first routing information to the target AMF comprises:

   在满足以下条件中的任意一种或多种条件的情况下，所述初始AMF向目标AMF发送第一路由信息；When any one or more of the following conditions are met, the initial AMF sends first routing information to the target AMF;

   所述初始AMF和所述终端设备进行了NAS消息的安全交互；The initial AMF and the terminal device perform a secure interaction of NAS messages;

   所述初始AMF和所述终端设备成功地进行了NAS安全模式控制流程；The initial AMF and the terminal device have successfully performed the NAS security mode control process;

   所述初始AMF和所述终端设备成功地进行了NAS SMC；The initial AMF and the terminal device successfully performed NAS SMC;

   所述初始AMF和所述终端设备建立了新的NAS安全上下文；The initial AMF and the terminal device establish a new NAS security context;

   所述初始AMF和所述终端设备成功地进行了主认证；The initial AMF and the terminal device have successfully performed the master authentication;

   所述初始AMF和所述终端设备激活了NAS安全；The initial AMF and the terminal device activate NAS security;

   所述初始AMF接收到水平K _AMF推衍指示； The initial AMF receives a horizontal K _AMF derivation instruction;

   所述初始AMF选择了新的安全算法。The initial AMF selects a new security algorithm.
6. 一种注册方法，其特征在于，包括：A registration method, characterized in that it includes:

   在初始接入管理功能AMF确定通过接入网设备进行非接入层NAS重定向的情况下，目标接入管理功能AMF接收第一路由信息，所述第一路由信息用于指示所述目标AMF从所述初始AMF中获取终端设备的相关信息；In the case that the initial access management function AMF determines to perform non-access stratum NAS redirection through the access network device, the target access management function AMF receives first routing information, and the first routing information is used to indicate the target AMF Acquiring relevant information of the terminal device from the initial AMF;

   所述目标AMF发送第一服务请求，所述第一服务请求用于请求所述终端设备的相关信息；The target AMF sends a first service request, and the first service request is used to request related information of the terminal device;

   所述目标AMF接收所述第一服务请求的响应，所述第一服务请求的响应中包括所述终端设备的相关信息。The target AMF receives a response to the first service request, and the response to the first service request includes related information of the terminal device.
7. 一种注册方法，其特征在于，包括：A registration method, characterized in that it includes:

   初始接入管理功能AMF确定通过接入网设备进行非接入层NAS重定向；The initial access management function AMF determines the non-access layer NAS redirection through the access network equipment;

   所述初始AMF通信代理功能发送第一信息，所述第一信息中包括终端设备的相关信息；The initial AMF communication proxy function sends first information, and the first information includes relevant information of the terminal device;

   所述初始AMF向目标AMF发送第二路由信息，所述第二路由信息用于指示所述目标AMF从通信代理功能中获取所述终端设备的相关信息。The initial AMF sends second routing information to the target AMF, where the second routing information is used to instruct the target AMF to obtain the relevant information of the terminal device from the communication proxy function.
8. 一种注册方法，其特征在于，包括：A registration method, characterized in that it includes:

   在初始接入管理功能AMF确定通过接入网设备进行非接入层NAS重定向的情况下，目标AMF接收第二路由信息；In the case where the initial access management function AMF determines to perform non-access layer NAS redirection through the access network device, the target AMF receives the second routing information;

   所述目标AMF根据所述第二路由信息向通信代理功能发送第二服务请求，所述第二服务请求用于请求所述终端设备的相关信息，且所述通信代理功能中存储有所述终端设备的相关信息；The target AMF sends a second service request to the communication proxy function according to the second routing information, the second service request is used to request related information of the terminal device, and the communication proxy function stores the terminal Information about the equipment;

   所述AMF接收所述通信代理功能发送的第二服务请求的响应，所述第二服务请求的响应中包括所述终端设备的相关信息。The AMF receives a response to a second service request sent by the communication proxy function, and the response to the second service request includes related information of the terminal device.
9. 一种注册方法，其特征在于，包括：A registration method, characterized in that it includes:

   初始接入管理功能AMF确定通过接入网设备进行非接入层NAS重定向；The initial access management function AMF determines the non-access layer NAS redirection through the access network equipment;

   所述初始AMF向通信代理功能发送第二信息，所述第二信息中包括终端设备的相关信息和第三路由信息，所述第三路由信息包括目标AMF的路由信息，且所述第二信息用于指示所述通信代理功能向目标AMF发送所述终端设备的相关信息。The initial AMF sends second information to the communication proxy function, the second information includes related information of the terminal device and third routing information, the third routing information includes routing information of the target AMF, and the second information It is used to instruct the communication agent function to send the relevant information of the terminal device to the target AMF.
10. 一种注册方法，其特征在于，包括：A registration method, characterized in that it includes:

    在初始接入管理功能AMF确定通过接入网设备进行非接入层NAS重定向的情况下；目标接入管理功能AMF接收通信代理功能发送的第二信息，所述第二信息中包括终端设备的相关信息和第三路由信息，所述第三路由信息包括目标AMF的路由信息，且所述第二信息用于指示所述通信代理功能向目标AMF发送所述终端设备的相关信息。In the case where the initial access management function AMF determines to perform non-access stratum NAS redirection through the access network device; the target access management function AMF receives the second information sent by the communication proxy function, and the second information includes the terminal device The third routing information includes the routing information of the target AMF, and the second information is used to instruct the communication proxy function to send the related information of the terminal device to the target AMF.
11. 一种用于注册的装置，其特征在于，包括处理器和收发器，所述处理器与所述收发器耦合，所述处理器用于执行如权利要求1-10任意一项所述的相应的方法，所述收发器用于执行如权利要求1-10任意一项所述的相应的方法。A device for registration, comprising a processor and a transceiver, the processor is coupled to the transceiver, and the processor is configured to execute the corresponding device according to any one of claims 1-10 Method, the transceiver is used to execute the corresponding method according to any one of claims 1-10.
12. 一种用于注册的装置，其特征在于，包括处理器、存储器和收发器，所述存储器用于存储计算机执行指令，所述处理器用于执行所述存储器存储的计算机执行指令，以使得所述装置执行如权利要求1-10任一项所述的相应的方法。A device for registration, which is characterized by comprising a processor, a memory, and a transceiver. The memory is used to store computer-executable instructions, and the processor is used to execute the computer-executable instructions stored in the memory, so that the The device executes the corresponding method according to any one of claims 1-10.
13. 一种计算机可读存储介质，其特征在于，所述计算机可读存储介质用于存储指令，当所述指令被执行时，使如权利要求1-10任一项所述的方法被实现。A computer-readable storage medium, wherein the computer-readable storage medium is used to store instructions, and when the instructions are executed, the method according to any one of claims 1-10 is realized.
14. 一种计算机程序产品，其特征在于，所述计算机程序产品包括指令，当所述指令被执行时，使如权利要求1-10任一项所述的方法被实现。A computer program product, characterized in that the computer program product includes instructions, and when the instructions are executed, the method according to any one of claims 1-10 is realized.

Images