A method of providing authentication at a communication device is provided. A primary authentication is run with a Trusted Non-3GPP Gateway Function TNGF node to obtain a TNGF Key (K.sub.TNGF). A re-authentication Root Key (rRK) is provided based on the TNGF key. A re-authentication Master Session Key (rMSK1) is derived based on the re-authentication Root Key. A security setup is performed with a Trusted Non-3GPP Access Point TNAP using the re-authentication Master Session Key. Related methods of performing authentication using a Trusted Non-3-GPP Gateway Function are also discussed.

According to one embodiment, a method for establishing a connection of a mobile terminal to a mobile radio communication network is described comprising a first common control plane function of a mobile radio communication network receiving a connection request from a mobile terminal; the first common control plane function authenticating the mobile terminal including generating an authentication context of the mobile terminal; the first common control plane function forwarding the connection request and transmitting the authentication context of the mobile terminal to a second common control plane function of the mobile radio communication network and the second common control plane function connecting the mobile terminal to the mobile radio communication network.

According to one embodiment, a method for establishing a connection of a mobile terminal to a mobile radio communication network is described comprising a first common control plane function of a mobile radio communication network receiving a connection request from a mobile terminal; the first common control plane function authenticating the mobile terminal including generating an authentication context of the mobile terminal; the first common control plane function forwarding the connection request and transmitting the authentication context of the mobile terminal to a second common control plane function of the mobile radio communication network and the second common control plane function connecting the mobile terminal to the mobile radio communication network.

A user equipment is configured to receive an extensible authentication protocol (EAP) request from a session management function (SMF) that serves as an EAP authenticator for secondary authentication of the user equipment. The secondary authentication is authentication of the user equipment in addition to primary authentication of the user equipment. The user equipment is also configured to, responsive to the EAP request, transmit an EAP response to the SMF.

A user equipment is configured to receive an extensible authentication protocol (EAP) request from a session management function (SMF) that serves as an EAP authenticator for secondary authentication of the user equipment. The secondary authentication is authentication of the user equipment in addition to primary authentication of the user equipment. The user equipment is also configured to, responsive to the EAP request, transmit an EAP response to the SMF.

One disclosure in the present specification provides a session management method performed by a session management function (SMF) node. The session management method may comprise: a step of transmitting, to a user plane function (UPF) node, a request message for discarding traffic buffering, when a notification of the detection of particular traffic associated with a wireless device has been received, and if additional authentication is required for the particular traffic; and a step of transmitting a message for triggering the wireless device to establish a new packet data unit (PDU) session, to an access and mobility management function (AMF) node.

One disclosure in the present specification provides a session management method performed by a session management function (SMF) node. The session management method may comprise: a step of transmitting, to a user plane function (UPF) node, a request message for discarding traffic buffering, when a notification of the detection of particular traffic associated with a wireless device has been received, and if additional authentication is required for the particular traffic; and a step of transmitting a message for triggering the wireless device to establish a new packet data unit (PDU) session, to an access and mobility management function (AMF) node.

A method is disclosed. The method comprising: receiving, by an access control sewer via a directory sewer from an authentication requestor, an authentication request comprising an account identifier, and information regarding a prior authentication method on the account identifier and a current authentication method for the account identifier associated with a transaction; performing, by the access control server, a risk analysis for the transaction based at least in part on the information and a threshold; authenticating, by the access control server, the user of the account identifier using the information, the account identifier, and a result of the risk analysis; modifying, by the access control server, an authentication response to include an authentication indicator, and transmitting, by the access control sewer, the authentication response to the authentication requestor.

Embodiments of this application provide a security authentication method and a related apparatus, applied to the field of short-range communication, and in particular, to cockpit domain communication. The method includes: A first node receives a first association request message from a second node, where the first association request message includes a first fresh parameter; and the first node obtains a first pre-shared key PSK, where the first PSK corresponds to an identity of the second node, the first PSK is a PSK generated based on a second fresh parameter from the second node and a third fresh parameter from the first node, and the first PSK is used to verify the identity of the second node. According to the embodiments of this application, communication security can be improved.

Embodiments of this application provide a security authentication method and a related apparatus, applied to the field of short-range communication, and in particular, to cockpit domain communication. The method includes: A first node receives a first association request message from a second node, where the first association request message includes a first fresh parameter; and the first node obtains a first pre-shared key PSK, where the first PSK corresponds to an identity of the second node, the first PSK is a PSK generated based on a second fresh parameter from the second node and a third fresh parameter from the first node, and the first PSK is used to verify the identity of the second node. According to the embodiments of this application, communication security can be improved.