In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.

In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.

A method and an apparatus for performing verification using a shared key are disclosed. The method includes: receiving, by a first network element, a registration request message from a second network element, where the registration request message includes a user identifier, first network identifier information, and second network identifier information, the second network identifier information is obtained by processing the first network identifier information by using a shared key, and the shared key is a key used between the first network element and the second network element; verifying, by the first network element, the registration request message by using the shared key; and sending, by the first network element, a registration response message to the second network element. When receiving a registration request from a visited network, a home network verifies the registration request message by using a shared key, to avoid a spoofing attack from the visited network.

A method and an apparatus for performing verification using a shared key are disclosed. The method includes: receiving, by a first network element, a registration request message from a second network element, where the registration request message includes a user identifier, first network identifier information, and second network identifier information, the second network identifier information is obtained by processing the first network identifier information by using a shared key, and the shared key is a key used between the first network element and the second network element; verifying, by the first network element, the registration request message by using the shared key; and sending, by the first network element, a registration response message to the second network element. When receiving a registration request from a visited network, a home network verifies the registration request message by using a shared key, to avoid a spoofing attack from the visited network.

A method for operating a wireless control device includes the starting up of a control circuit following the actuation, by a user, of a control unit coupled to an energy harvesting device to recharge an energy reserve which electrically powers the control device; the sending of a control message including a control command; the comparison of the elapsed time since the starting up of the control circuit with a first threshold value; when the elapsed time is greater than or equal to the first threshold value, the sending of a pairing request message to the electronic unit.

A method for operating a wireless control device includes the starting up of a control circuit following the actuation, by a user, of a control unit coupled to an energy harvesting device to recharge an energy reserve which electrically powers the control device; the sending of a control message including a control command; the comparison of the elapsed time since the starting up of the control circuit with a first threshold value; when the elapsed time is greater than or equal to the first threshold value, the sending of a pairing request message to the electronic unit.

This application provides a communication system, method, and apparatus, to resolve a prior-art problem that a terminal device does not know how to initiate a correct procedure to establish a communication connection to an application function AF to obtain a business service. A principle of the method is as follows: An AF sends a service mode supported by the AF to UE by using a core network. Therefore, before initiating a service to the AF, the UE can sense the service mode supported by the AF, and the UE initiates a correct connection establishment procedure to the AF based on the service mode supported by the AF.

Apparatuses, methods, and systems are disclosed for supporting remote unit reauthentication. One apparatus includes a network interface that receives a first authentication message for reauthenticating a remote unit and a processor that verifies a first domain-name. The first domain-name identifies a key management domain name and an associated gateway function holding a reauthentication security context. Here, the first authentication message includes a NAI containing a first username and the first domain-name. The processor validates the first authentication message using at least the first username and generates a second authentication message in response to successfully validating the first authentication message. Via the network interface, the processor responds to the first authentication message by sending the second authentication message.

Provided are a subscription data update method and apparatus, a node, and a storage medium, where the method includes: in a case where a first network function node determines that authentication and key management for applications (AKMA) subscription data of a user is updated, determining, by the first network function node, a second network function node storing an AKMA context of the user; sending, by the first network function node, a subscription data management notification message to the second network function node; and receiving, by the first network function node, a subscription data management notification response message sent by the second network function node; where the subscription data management notification response message is sent after the second network function node deletes the AKMA context of the user according to the subscription data management notification message.

Provided are a subscription data update method and apparatus, a node, and a storage medium, where the method includes: in a case where a first network function node determines that authentication and key management for applications (AKMA) subscription data of a user is updated, determining, by the first network function node, a second network function node storing an AKMA context of the user; sending, by the first network function node, a subscription data management notification message to the second network function node; and receiving, by the first network function node, a subscription data management notification response message sent by the second network function node; where the subscription data management notification response message is sent after the second network function node deletes the AKMA context of the user according to the subscription data management notification message.