WO2025256452A1 - Communication method and apparatus - Google Patents

Abstract

A communication method and apparatus, belonging to the technical field of communications. The method comprises: receiving first information from a first attester, the first information comprising a first signature and first evidence, the first signature being used for verifying the validity of the first evidence, the first evidence being obtained by attesting a first network element, attesters on which the first signature is based comprising M attesters, the M attesters being used for attesting the first network element, the M attesters comprising the first attester, and M being an integer greater than 1; and, on the basis of keys of the M attesters, verifying the first signature and the first evidence. A signature received by a verifier is obtained on the basis of the M attesters. The verifier may verify the signature and the evidence on the basis of the above-described keys of the M attesters. As a result, errors caused by failures or maliciousness of a single attester are prevented, thereby improving the security of remote attestation.

Description

Communication methods and devices

This application claims priority to Chinese Patent Application No. 202410765502.7, filed on June 13, 2024, entitled "Communication Method and Apparatus", the entire contents of which are incorporated herein by reference.

Technical Field

This application relates to the field of communication technology, and more specifically, to a communication method and apparatus.

Background Technology

The number of systems or devices, such as embedded systems, cyber-physical systems, and Internet of Things devices, has increased dramatically, expanding the attack surface for attackers.

Remote attestation (RA) technology can be used to verify the security of these systems or devices, thereby determining whether they have been compromised. The entities performing RA can include an attester and a verifier. The verifier can request the attester to measure the system or device to obtain evidence. Based on this evidence, the verifier can then verify the security of the system or device.

However, how to improve the security of remote authentication is an urgent problem to be solved.

Summary of the Invention

This application provides a communication method and apparatus that can improve the security of remote proof by using signatures obtained from multiple measurers.

Firstly, a communication method is provided. The entity executing the method provided in the first aspect can be a first verifier. Unless otherwise specified, the first verifier in this application can refer to the network device itself (e.g., access network device, core network device, or management plane device), a component within the network device (e.g., processor, chip, or chip system), or a logical module or software capable of implementing all or part of the network device's functions. For ease of description, the following description uses the first verifier as an example.

The method includes: receiving first information from a first measurer, the first information including a first signature and a first evidence, the first signature being used to verify the validity of the first evidence, the first evidence being obtained by measuring a first network element, the measurer on which the first signature is based including M measurers, the M measurers being used to measure the first network element, the M measurers including the first measurer, and M being an integer greater than 1; and verifying the first signature and the first evidence according to the keys of the M measurers.

Those skilled in the art will understand that if evidence is not signed, or if the signature is based on only one measurand, the security of remote proof will be reduced in the event of a failure or malicious intent on the part of that measurand. Based on the above scheme, the signature received by the verifier is based on M measurands. The verifier can verify the signature and the evidence using the keys of these M measurands, avoiding errors caused by the failure or malicious intent of a single measurand, thereby improving the security of remote proof. Furthermore, the M measurands can measure the same network element; that is, the M measurands participating in the signing can measure the same network element. Compared to schemes that sequentially receive and verify the signatures of each measurand, in the above scheme, the verifier only needs to perform one reception and verification to achieve remote proof. Therefore, the above scheme improves the efficiency of remote proof.

In some implementations, the method further includes sending a first request to the first metric, the first request being used to request measurement of the first network element.

Based on the above scheme, the first request can be sent to the first measurement subject. Compared to the scheme of sending measurement requests to multiple measurement subjects, the above scheme can reduce signaling overhead.

In some implementations, the method further includes: sending a first request to N measurands, the first request being used to request measurement of the first network element, the N measurands belonging to a first group, the first group including P measurands, the P measurands being used to measure the first network element, the P measurands including the M measurands, N being an integer greater than or equal to 2 and less than or equal to P, and P being an integer greater than or equal to M.

Based on the above scheme, the first verifier can send a first request to multiple measurands. In the event of a single point of failure, i.e., when one measurand cannot respond, other measurands besides the one that has the single point of failure can respond based on the first request, thereby ensuring the smooth progress of remote proof.

In some implementations, the method further includes: sending a second request to at least one second metric, the second request being used to request measurement of the first network element. Sending the first request to the first metric may include: sending the first request to the first metric if a first condition is met. Alternatively, sending the first request to N metrics may include: sending the first request to all N metrics if the first condition is met. The first condition includes: the first verifier receiving rejection information from each of the at least one second metric, and/or, the first verifier not receiving a response from the at least one second metric within a predetermined time period.

Based on the above scheme, in this embodiment of the application, after sending a measurement request to one or more measurement users, if the measurement user does not respond within a predetermined time period and/or refuses, the request can be sent to other measurement users (e.g., the first measurement user or N measurement users) to avoid the failure of some measurement users affecting the remote proof process, thereby increasing the resilience of the remote proof.

In some implementations, the first request is used to indicate a threshold value that indicates the minimum number of measurands on which the first signature is based.

Based on the above scheme, the first request can be used to indicate a threshold value, so that the measurand that receives the first request can determine the minimum number of measurands on which the signature is based, thus avoiding the failure to pass verification due to the number of measurands on which the first signature is based not meeting the threshold value, thereby improving the quality of the signature, that is, increasing the probability of the signature being successfully verified.

In some implementations, the method further includes: determining the first measurand based on the identifier of the first network element and the first association relationship, wherein the first association relationship includes the association relationship between the identifier of the first group and/or the identifiers of P measurands and the identifier of the first network element, the first group includes the P measurands, the P measurands are used to measure the first network element, the P measurands include the M measurands, and P is an integer greater than or equal to M.

Alternatively, the method may further include: determining the N measurands based on the identifier of the first network element and the first association relationship.

Based on the above scheme, the first verifier can quickly determine the measurer to send the first request based on the first association, thereby reducing the processing latency of finding the measurer.

In some implementations, the method further includes receiving second information from a key management network element or an orchestration management network element, the second information being used to indicate the first association.

In some implementations, the method further includes: sending a third request to the key management network element, the third request being used to request the keys of the M measurands; and receiving third information from the key management network element, the third information being used to indicate the keys of the M measurands.

Based on the above scheme, the first verifier can request the key required for this verification from the key management network element. On the one hand, the key is stored by a dedicated network element, which improves the security of the key; on the other hand, the first verifier does not need to save the key in advance, saving the first verifier's storage costs.

In some implementations, the third request includes the identifier of the first measurand and/or the identifier of the first group, wherein the first group includes P measurands used to measure the first network element, and the P measurands include the M measurands, where P is an integer greater than or equal to M.

Based on the above scheme, the third request may include the identifier of the sender of the first information, and/or the identifier of the group to which the sender of the first information belongs. In this way, the key management network element can determine the keys for the M measurers to be fed back to the first verifier based on the identifiers carried in the third request.

In some implementations, verifying the first signature and the first evidence based on the keys of the M measurands includes: verifying whether the number of measurands on which the first signature is based is greater than or equal to a threshold value, the threshold value indicating the minimum number of measurands on which the first signature is based; verifying whether the first signature is valid if the number of measurands on which the first signature is based is greater than or equal to the threshold value; and verifying whether the first evidence is valid if the first signature is valid.

Based on the above scheme, the first verifier can verify whether the measurer on which the first signature is based meets the threshold requirement. If the threshold requirement is not met, no further verification is performed on the first signature or the first evidence, thereby reducing verification overhead. When the threshold is set low, the first signature does not need to be based on all measurers in the first group, thus saving the overhead of measurer signing. When the threshold is set high, the first signature needs to be based on a larger number of measurers in the first group, thereby improving the security of remote verification.

In some implementations, the first network element includes or is applied to a virtualized network function (VNF).

Based on the above scheme, the first validator can evaluate the registration status of the VNF to improve the security of the VNF.

Secondly, a communication method is provided. The subject executing the method provided in this application can be a first measuring agent. Unless otherwise specified, the first measuring agent in this application can refer to the network device itself (e.g., access network device, core network device, or management plane device), a component within the network device (e.g., processor, chip, or chip system), or a logical module or software capable of implementing all or part of the network device's functions. For ease of description, the following description uses the first measuring agent as an example.

The method includes: determining first evidence based on a first network element; determining a first signature based on the keys of M measurers and the first evidence, wherein the M measurers are used to measure the first network element, the M measurers include the first measurer, M is an integer greater than 1, and the first signature is used to verify the validity of the first evidence; and sending first information to a first verifier, wherein the first information includes the first signature and the first evidence.

In some implementations, the M measurands may also include a third measurand, and the method may further include receiving fourth information from the third measurand, the fourth information being used to indicate the key of the third measurand.

Based on the above scheme, the third measurer can send its key to the first measurer, thereby assisting the first measurer in signing using the keys of M measurers.

In some implementations, the method further includes sending a fourth request to the third measurer, the fourth request being used to request the third measurer's key.

Based on the above scheme, the first measurand can send a request to the third measurand, thereby triggering the third measurand to send its key to the first measurand.

In some implementations, the fourth request includes at least one of the first evidence, measurement information, or the first signature; wherein the measurement information is used to indicate measurement content and/or measurement strategy.

Based on the above scheme, the third evaluator can verify the information carried in the fourth request to determine whether to send the third evaluator's key to the first evaluator. This scheme avoids the third evaluator providing its key to the first evaluator when the first evaluator's security is low, thereby further improving the security of remote proof.

In some implementations, the method further includes receiving fifth information from a key management network element, the fifth information being used to indicate the keys of the M measurands.

Based on the above scheme, the keys used to determine the M measurands for the first signature can be indicated by the key management network element, thus eliminating the need to obtain the keys of other measurands through interaction. Therefore, the above scheme can reduce the latency of determining the first signature, thereby reducing the latency of remote proof.

In some implementations, the method further includes receiving a first request from the first verifier, the first request being used to request measurement of the first network element.

In some implementations, the first request is used to indicate a threshold value that indicates the minimum number of measurands on which the first signature is based.

Thirdly, a communication method is provided. The implementing entity of the method provided in this application can be a key management network element. Unless otherwise specified, the key management network element in this application can refer to the network device itself (e.g., access network device, core network device, or management plane device), a component within the network device (e.g., processor, chip, or chip system), or a logical module or software capable of implementing all or part of the network device's functions. For ease of description, the following description uses a key management network element as an example.

The method includes: receiving a third request from a first verifier, the third request being used to request the keys of M measurators, the keys of the M measurators being used to verify a first signature and a first piece of evidence, the first signature being used to verify the validity of the first piece of evidence, the first piece of evidence being obtained by measuring a first network element, the M measurators being used to measure the first network element, M being an integer greater than 1; and sending third information to the first verifier, the third information being used to indicate the keys of the M measurators.

In some implementations, the third request includes the identifier of the first measurand and/or the identifier of the first group, wherein the first group includes P measurands used to measure the first network element, the P measurands include the M measurands, where P is an integer greater than or equal to M, and the M measurands include the first measurand.

In some implementations, the method further includes sending a fifth message to a first measurand, the fifth message indicating the keys of the M measurands, including the first measurand.

In some implementations, the method further includes: sending second information to the first verifier, the second information being used to indicate a first association relationship, wherein the first association relationship includes the association relationship between the identifier of the first group and/or the identifiers of P measurands and the identifier of the first network element, the first group including the P measurands, the P measurands being used to measure the first network element, the P measurands including the M measurands, where P is an integer greater than or equal to M.

In some implementations, the method further includes receiving sixth information from the orchestration management network element, the sixth information being used to indicate the first association.

In some implementations, the method further includes sending a fifth request to the orchestration management network element, the fifth request being used to request the first association.

In some implementations, the method further includes: determining the keys of the M measurands based on the third request and the second association, wherein the second association includes the identifier of the first group and/or the association between the identifiers of the P measurands and the identifier of the first key group, the first group includes the P measurands, the P measurands are used to measure the first network element, the P measurands include the M measurands, and P is an integer greater than or equal to M.

Based on the above scheme, the key management network element can determine the keys of M measurands according to the second association relationship, thereby reducing the latency of finding the keys of M measurands.

Fourthly, a communication method is provided. The implementing entity of the method provided in this application can be a third-party measurement agent. Unless otherwise specified, the third-party measurement agent in this application can refer to the network device itself (e.g., access network device, core network device, or management plane device), a component within the network device (e.g., processor, chip, or chip system), or a logical module or software capable of implementing all or part of the functions of the network device. For ease of description, the following description uses a third-party measurement agent as an example.

The method includes: generating fourth information, which indicates the key of the third measurer; and sending the fourth information to the first measurer.

In some implementations, the method further includes receiving a fourth request from the first metronome, the fourth request being used to request the key of the third metronome.

In some implementations, the fourth request includes at least one of the first evidence, measurement information, or the first signature; wherein the measurement information is used to indicate measurement content and/or measurement strategy.

Fifthly, a communication device is provided, including processing circuitry (or a processor) and an input/output interface (also referred to as an interface circuit), the input/output interface being used for inputting and/or outputting signals, the processing circuitry being used to perform the first aspect and any possible method of the first aspect, or the processing circuitry being used to perform the second aspect and any possible method of the second aspect, or the processing circuitry being used to perform the third aspect and any possible method of the third aspect, or the processing circuitry being used to perform the fourth aspect and any possible method of the fourth aspect.

In some implementations, the processing circuit is used to communicate with other devices through the interface circuit and to perform the first aspect and any possible method of the first aspect, or to perform the second aspect and any possible method of the second aspect, or to perform the third aspect and any possible method of the third aspect, or to perform the fourth aspect and any possible method of the fourth aspect.

Sixthly, a communication device is provided. This communication device may include units or modules for performing the functions of the communication device.

In some implementations, the communication device may include modules, units, or means for performing the methods/operations/steps/actions described in the first aspect and any possible implementation of the first aspect. These modules, units, or means may be hardware circuits, software, or a combination of hardware circuits and software.

Optionally, the communication device includes a processing unit and a transceiver unit. The transceiver unit can be used to receive first information from a first measurer, the first information including a first signature and a first evidence, the first signature being used to verify the validity of the first evidence, the first evidence being obtained by measuring a first network element, the measurer on which the first signature is based including M measurers, the M measurers being used to measure the first network element, the M measurers including the first measurer, and M being an integer greater than 1; the processing unit can be used to verify the first signature and the first evidence according to the keys of the M measurers.

In some implementations, the transceiver unit is also used to: send a first request to the first metric, the first request being used to request measurement of the first network element.

In some implementations, the transceiver unit is further configured to: send a first request to N measurands, the first request being used to request measurement of the first network element, the N measurands belonging to a first group, the first group including P measurands, the P measurands being used to measure the first network element, the P measurands including the M measurands, N being an integer greater than or equal to 2 and less than or equal to P, and P being an integer greater than or equal to M.

In some implementations, the transceiver unit is also used to: send a second request to at least one second metric, the second request being used to request measurement of the first network element.

Specifically, the transceiver unit is used to send the first request to the first measurand when the first condition is met.

Alternatively, the transceiver unit is specifically used to: send the first request to the N measurands when the first condition is met.

The first condition includes: the first verifier receiving rejection information from each of the at least one second measurer, and/or the first verifier not receiving a response from the at least one second measurer within a predetermined time period.

In some implementations, the first request is used to indicate a threshold value that indicates the minimum number of measurands on which the first signature is based.

In some implementations, the processing unit is further configured to: determine the first measurand based on the identifier of the first network element and the first association relationship, wherein the first association relationship includes the association relationship between the identifier of the first group and/or the identifiers of P measurands and the identifier of the first network element, the first group includes the P measurands, the P measurands are used to measure the first network element, the P measurands include the M measurands, and P is an integer greater than or equal to M.

Alternatively, the processing unit may also be configured to: determine the N measurands based on the identifier of the first network element and the first association relationship.

In some implementations, the transceiver unit is also used to: receive second information from a key management network element or an orchestration management network element, the second information being used to indicate the first association relationship.

In some implementations, the transceiver unit is also configured to: send a third request to the key management network element, the third request being used to request the keys of the M measurands; and receive third information from the key management network element, the third information being used to indicate the keys of the M measurands.

In some implementations, the third request includes the identifier of the first measurand and/or the identifier of the first group, wherein the first group includes P measurands used to measure the first network element, and the P measurands include the M measurands, where P is an integer greater than or equal to M.

In some implementations, the processing unit is specifically used to: verify whether the number of measurands on which the first signature is based is greater than or equal to a threshold value, the threshold value being used to indicate the minimum number of measurands on which the first signature is based; if the number of measurands on which the first signature is based is greater than or equal to the threshold value, verify whether the first signature is valid; if the first signature is valid, verify whether the first evidence is valid.

In some implementations, the first network element includes or is applied to the VNF.

In some implementations, the communication device may include modules, units, or means for performing the methods/operations/steps/actions described in the second aspect and any possible implementation of the second aspect. These modules, units, or means may be hardware circuits, software, or a combination of hardware circuits and software.

Optionally, the communication device includes a processing unit and a transceiver unit. The processing unit can be used to determine a first piece of evidence based on a first network element; determine a first signature based on the keys of M measurers and the first piece of evidence, wherein the M measurers are used to measure the first network element, and the M measurers include the first measurer, where M is an integer greater than 1, and the first signature is used to verify the validity of the first piece of evidence; the transceiver unit can be used to send first information to a first verifier, wherein the first information includes the first signature and the first piece of evidence.

In some implementations, the M measurands also include a third measurand, and the transceiver unit is further configured to: receive fourth information from the third measurand, the fourth information being used to indicate the key of the third measurand.

In some implementations, the transceiver unit is also used to send a fourth request to the third measurand, the fourth request being used to request the key of the third measurand.

In some implementations, the fourth request includes at least one of the first evidence, measurement information, or the first signature; wherein the measurement information is used to indicate measurement content and/or measurement strategy.

In some implementations, the transceiver unit is also used to: receive fifth information from the key management network element, which is used to indicate the keys of the M measurands.

In some implementations, the transceiver unit is also used to: receive a first request from the first verifier, the first request being used to request measurement of the first network element.

In some implementations, the first request is used to indicate a threshold value that indicates the minimum number of measurands on which the first signature is based.

In some implementations, the communication device may include modules, units, or means for performing the methods/operations/steps/actions described in the third aspect and any possible implementation of the third aspect. These modules, units, or means may be hardware circuits, software, or a combination of hardware circuits and software.

Optionally, the communication device includes a processing unit and a transceiver unit. The transceiver unit can be used to receive a third request from a first verifier, the third request being for the keys of M measurers, the keys of the M measurers being used to verify a first signature and a first piece of evidence, the first signature being used to verify the validity of the first piece of evidence, the first piece of evidence being obtained by measuring a first network element, the M measurers being used to measure the first network element, where M is an integer greater than 1; the transceiver unit can also be used to send third information to the first verifier, the third information being used to indicate the keys of the M measurers.

In some implementations, the third request includes the identifier of the first measurand and/or the identifier of the first group, wherein the first group includes P measurands used to measure the first network element, the P measurands include the M measurands, where P is an integer greater than or equal to M, and the M measurands include the first measurand.

In some implementations, the transceiver unit is also used to: send fifth information to the first measurand, the fifth information being used to indicate the keys of the M measurands, the M measurands including the first measurand.

In some implementations, the transceiver unit is further configured to: send second information to the first verifier, the second information being used to indicate a first association relationship, wherein the first association relationship includes the association relationship between the identifier of the first group and/or the identifiers of P measurands and the identifier of the first network element, the first group including the P measurands, the P measurands being used to measure the first network element, the P measurands including the M measurands, where P is an integer greater than or equal to M.

In some implementations, the transceiver unit is also used to: receive sixth information from the orchestration management network element, the sixth information being used to indicate the first association relationship.

In some implementations, the transceiver unit is also used to: send a fifth request to the orchestration management network element, the fifth request being used to request the first association relationship.

In some implementations, the processing unit is further configured to: determine the keys of the M measurands based on the third request and the second association, wherein the second association includes the identifier of the first group and/or the association between the identifiers of the P measurands and the identifier of the first key group, the first group includes the P measurands, the P measurands are used to measure the first network element, the P measurands include the M measurands, and P is an integer greater than or equal to M.

In some implementations, the communication device may include modules, units, or means for performing the methods/operations/steps/actions described in the fourth aspect and any possible implementation of the fourth aspect, which may be hardware circuits, software, or a combination of hardware circuits and software.

Optionally, the communication device includes a processing unit and a transceiver unit. The processing unit can be used to generate fourth information, which indicates the key of the third measurer; the transceiver unit can be used to send the fourth information to the first measurer.

In some implementations, the transceiver unit is also configured to: receive a fourth request from the first metronome, the fourth request being used to request the key of the third metronome.

In some implementations, the fourth request includes at least one of the first evidence, measurement information, or the first signature; wherein the measurement information is used to indicate measurement content and/or measurement strategy.

In a seventh aspect, a computer-readable storage medium is provided, on which a computer program or instructions are stored, which, when executed, cause the first aspect and any possible method of the first aspect to be performed (or implemented), or cause the second aspect and any possible method of the second aspect to be performed (or implemented), or cause the third aspect and any possible method of the third aspect to be performed (or implemented), or cause the fourth aspect and any possible method of the fourth aspect to be performed (or implemented).

Eighthly, a computer program product is provided, comprising a computer program or instructions that, when executed, cause the first aspect and any possible method of the first aspect to be performed (or implemented), or cause the second aspect and any possible method of the second aspect to be performed (or implemented), or cause the third aspect and any possible method of the third aspect to be performed (or implemented), or cause the fourth aspect and any possible method of the fourth aspect to be performed (or implemented).

A ninth aspect provides a communication device, including a processor configured to execute (or implement) any of the possible methods of the first aspect, or any of the possible methods of the second aspect, or any of the possible methods of the third aspect, or any of the possible methods of the fourth aspect, by executing a computer program (or computer-executable instructions) stored in a memory, and/or by logic circuitry.

In one possible implementation, the device also includes a memory. In another possible implementation, the processor and memory are integrated together. In yet another possible implementation, the memory is located outside the communication device. The processor may include one or more processors.

In one possible implementation, the communication device further includes a communication interface for communicating with other devices, such as transmitting or receiving data and/or signals. Exemplarily, the communication interface may be a transceiver, circuit, bus, module, or other type of communication interface.

In one implementation, the communication device described in the fifth, sixth, or ninth aspects can be a chip or a chip system.

In a tenth aspect, a chip is provided, including a processor for calling a computer program or computer instructions in a memory to cause any of the implementations of the first aspect to be executed (or implemented), or to cause any of the implementations of the second aspect to be executed (or implemented), or to cause any of the implementations of the third aspect to be executed (or implemented), or to cause any of the implementations of the fourth aspect to be executed (or implemented).

In some implementations, the processor is coupled to the memory via an interface.

Eleventhly, a communication system is provided, including a first verifier and a key management network element, wherein the first verifier is used to perform the first aspect and any possible implementation thereof, and the key management network element is used to perform the third aspect and any possible implementation thereof.

In some implementations, the communication system also includes a first measurand, which performs the second aspect described above and any possible implementation thereof.

In some implementations, the communication system also includes a third measurer, which performs the fourth aspect described above and any possible implementation thereof.

The description of the beneficial effects of any of the second to eleventh aspects can be referred to the description of the beneficial effects of the first aspect.

Attached Figure Description

Figure 1 is a schematic diagram of the network architecture of a communication system.

Figure 2 is a schematic flowchart of a remote proof method.

Figure 3 shows a schematic diagram of the architecture of network functions virtualization (NFV).

Figure 4 is a schematic diagram of the architecture of NFV based on remote proof.

Figure 5 is a schematic flowchart of a communication method provided in an embodiment of this application.

Figure 6 is a schematic flowchart of another communication method provided in an embodiment of this application.

Figure 7 is a schematic flowchart of another communication method provided in an embodiment of this application.

Figure 8 is a schematic flowchart of another communication method provided in an embodiment of this application.

Figure 9 is a schematic block diagram of a communication device according to an embodiment of this application.

Figure 10 is a schematic block diagram of another communication device according to an embodiment of this application.

Detailed Implementation

The technical solutions in this application will now be described with reference to the accompanying drawings.

In this application, unless otherwise specified or in case of logical conflict, the terminology and/or descriptions of different embodiments are consistent and can be referenced by each other. Technical features in different embodiments can be combined to form new embodiments based on their inherent logical relationships.

In this application, "at least one" means one or more, and "more than one" means two or more. "And/or" describes the relationship between related objects, indicating that three relationships can exist. For example, A and/or B can mean: A alone, A and B simultaneously, or B alone, where A and B can be singular or plural. In the textual description of this application, the character "/" generally indicates that the preceding and following related objects are in an "or" relationship. "At least one of the following" or similar expressions refer to any combination of these items, including any combination of single or plural items. For example, at least one of a, b, and c can mean: a, or, b, or, c, or, a and b, or, a and c, or, b and c, or, a, b, and c. Here, a, b, and c can be single or multiple.

In this application, the terms "first," "second," and various numerical designations (e.g., #1, #2, etc.) indicate distinctions made for ease of description and are not intended to limit the scope of the embodiments of this application. For example, they may distinguish different messages, rather than describing a specific order or sequence. It should be understood that such descriptions can be interchanged where appropriate to describe solutions other than those in the embodiments of this application.

In this application, descriptions such as "when," "under the circumstances," and "if" all refer to the fact that the device will take corresponding actions under certain objective circumstances. They are not time-limited, nor do they require the device to perform a judgment action during implementation, nor do they imply any other limitations.

In this application, "instruction" or "for instruction" can include both direct and indirect instruction. When describing instruction information as being used to instruct A, it may include whether the instruction information directly or indirectly instructs A, but does not necessarily mean that the instruction information carries A.

The indication methods involved in the embodiments of this application should be understood to cover various methods that enable the party to be indicated to obtain the information to be indicated. The information to be indicated can be sent as a whole or divided into multiple sub-information and sent separately. Moreover, the sending period and/or sending time of these sub-information can be the same or different. This application does not limit the sending method, for example.

The "instruction information" in the embodiments of this application can be an explicit instruction, that is, a direct instruction through signaling, or an instruction obtained by combining other rules or parameters with the parameters indicated by the signaling, or by deduction. It can also be an implicit instruction, that is, an instruction obtained based on rules or relationships, or based on other parameters, or by deduction. This application does not specifically limit it in this regard.

In this application, "protocol" can refer to standard protocols in the field of communications, such as 5G protocols, NR protocols, and related protocols applied in future communication systems; this application does not limit this term. "Predefined" can include predefined terms, such as protocol definitions. "Preconfiguration" can be implemented by pre-storing corresponding codes, tables, or other means that can be used to indicate relevant information in the device; this application does not limit the implementation method.

In this application, "communication" can also be described as "data transmission," "information transmission," "data processing," etc. "Transmission" includes "sending" and "receiving." For example, transmission can be uplink transmission, such as a terminal device sending a signal to a network device; transmission can also be downlink transmission, such as a network device sending a signal to a terminal device; transmission can also be sidelink transmission, such as a terminal device sending a signal to another terminal device. For example, "transmission" can be air interface level transmission, or it can be signal transmission from a chip input (I)/output (O) port, rather than air interface level transmission.

In this application, terms such as "message," "information," "signal," or "information element (IE)" can be used interchangeably. There are no restrictions on the name of the message or information, as long as it can achieve the corresponding function.

"Sending information to XX (device)" can be understood as the destination of the information being that device. This can include sending information directly or indirectly to that device. "Receiving information from XX (device), or receiving information from XX (device)" can be understood as the source of the information being that device. This can include receiving information directly or indirectly from that device. Information may undergo necessary processing between the source and destination, such as format changes, but the destination can understand the valid information from the source. Similar expressions in this application can be understood in a similar way, and will not be repeated here. Furthermore, "sending" can also be understood as the "output" of the chip interface, and "receiving" can also be understood as the "input" of the chip interface. In other words, "sending" or "receiving" can occur between devices, for example, between network devices and terminal devices via an air interface. "Sending" or "receiving" can also occur within a device, for example, between components, modules, chips, software modules, or hardware modules within the device via a bus, wiring, or interface.

In this application, terms such as "exemplarily" and "for example" are used to indicate examples, illustrations, or descriptions to present concepts in a specific manner. Any embodiment or design described as an "example" in this application should not be construed as being more preferred or advantageous than other embodiments or designs. In the embodiments of this application, the terms "of," "corresponding (relevant)," "corresponding," and "associate" may sometimes be used interchangeably, and it should be noted that their intended meanings are consistent unless their distinctions are emphasized.

In this application, configuration can be signaling configuration or can be described as configuring signaling. For example, signaling configuration includes configuration using signaling sent by network devices, which can be radio resource control (RRC) messages, downlink control information (DCI) messages, or system information blocks (SIBs). Another example is signaling configuration between network devices. These network devices can include access network devices, core network devices, or management plane devices, etc. Optionally, signaling configuration can also be configured to terminal devices or network devices using pre-configured signaling, or configured to terminal devices or network devices through pre-configuration. Here, pre-configuration means defining or configuring the values of corresponding parameters in advance using a protocol, and storing them in the terminal device or network device during communication. The pre-configured messages can be modified or updated when the terminal device or network device is connected to the network.

This application will present various aspects, embodiments, or features relating to systems that may include multiple devices, components, modules, etc. Each system may include devices, components, modules, etc., other than those illustrated, and/or may not include all and all of the devices, components, modules, etc. discussed in conjunction with the accompanying drawings.

The business scenarios described in the embodiments of this application are for the purpose of more clearly illustrating the technical solutions of the embodiments of this application, and do not constitute a limitation on the technical solutions provided in the embodiments of this application. As those skilled in the art will know, with the emergence of new business scenarios, the technical solutions provided in the embodiments of this application are also applicable to similar technical problems.

In the various embodiments of this application, the sequence number of each process does not imply the order of execution. The execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of this application. The terms "comprising," "including," "having," and their variations all mean "including but not limited to," unless otherwise specifically emphasized.

To facilitate understanding of the embodiments of this application, the concepts and technologies that may be involved in the embodiments will be briefly introduced first.

Network functions virtualization (NFV). As an example, NFV can be formed by decoupling the network functions of a traditional type of communication device from the physical device and then running them as software on a commercial off-the-shelf (COTS). As another example, NFV can deploy the communication technology (CT) services of a traditional communication device onto a virtual entity by borrowing virtualization technologies from internet technology (IT) to implement virtual instances (VIs). Exemplarily, a virtual entity can be a virtual machine (VM), a container, or any other possible virtualized functional entity; this application does not specifically limit this.

A Virtualized Network Function (VNF), also known as a Virtualized Network Element, can be a software application that provides network functions. For example, a network function can be file sharing, directory services, or Internet Protocol (IP) configuration. A VNF can be software providing network services, utilizing the infrastructure provided by Network Function Virtualization Infrastructure (NFVI) deployed on virtual machines, containers, or physical machines. In contrast to VNFs, traditional hardware-based network elements can be called Physical Network Functions (PNFs). VNFs and PNFs can be networked individually or in combination to form a service chain. For example, a VNF can be deployed on one or more VIs. A VI can be a generalized concept; for example, a VI can refer to any virtualization scheme such as a virtual machine (VM) or a container, and this application is not limited in this regard. A VNF can consist of multiple lower-level components. Optionally, a VNF can be deployed on multiple VMs. Each VM can host a virtualized network function component (VNFC).

Alternatively, a VNF can also be deployed on a VM.

The VNF in this application embodiment can be or be applied to access and mobility management function (AMF) network elements, session management function (SMF) network elements, policy control function (PCF) network elements, unified data management (UDM) network elements, user plane function (UPF) network elements, and can also be network exposure function (NEF) network elements, application function (AF) network elements, network slice selection function (NSSF) network elements, authentication server function (AUSF) network elements, network repository function (NRF) network elements, unified data repository (UDR) network elements, etc., and this application embodiment is not limited to these.

An element manager system (EMS) can be used to perform traditional fault, configuration, accounting, performance, security, and FCAPS (Fault, Configuration, Accounting, Performance, Security, and FCAPS) management functions for VNFs. An EMS can exist independently or as a VNF with EMS functionality. In some examples, there can be a one-to-one correspondence between an EMS and a VNF.

Network Functions Virtualization Infrastructure (NFVI) can be a set of resources used to host and connect virtual functions. NFVI can include infrastructure components on a platform. NFVI can virtualize physical resources into virtual resources for use by VNFs. For example, NFVI can include a virtualization layer, hypervisor, container management system, physical device switches, compute, or storage, etc. As another example, NFVI can be a cloud data center that includes servers, a hypervisor, an operating system (OS), VMs, containers, virtual switches, and network resources.

An attester can be used in conjunction with a verifier to perform trust measurements on network elements. The attester performs integrity measurements on the target system to be proven and generates a set of statements called evidence. For example, the attester can measure resources (e.g., VMs), applications (APPs), or hardware within the network element to obtain evidence. The attester can then verify the obtained evidence. Evidence may include configuration information of the network element and virtual machines, such as software version, software name, or vendor information. Exemplarily, the attester can be a root of trust, such as a virtual root of trust, or a security chip, such as a trusted platform module (TPM) or a hardware security module (HSM). The specific form of the attester is not limited in this application; it can also take other forms, such as direct memory access (DMA).

A verifier is an entity that performs verification on evidence from a network element. For example, a verifier can complete the verification and return a result, or sign and send a credential. This application does not limit the specific method of verification. For example, the verifier can perform verification locally based on pre-configuration, or it can perform verification on a remote server. The verifier can be an independently configured network element, or it can be a function of the management plane, such as the verification function of cloud management (or "cloud management") in NFVI, or a network element used by an operator to provide verification services in a roaming domain. For example, cloud management can be management, automation, and orchestration (MANO).

A network function (NF) consumer can be a network element located in a trusted domain. An NF consumer may request to establish a service connection with another network element due to service requirements. For example, an NF consumer can be a network element that requires remote authentication credentials. For instance, an NF consumer can be a visited public land mobile network (VPLMN) AMF or a VPLMN UPF, or a VNF in the NFV domain, etc. This application does not limit the specific form of the NF consumer.

A relying party can be called a network element relying party. For example, a relying party can be a network element that needs to verify the configuration information of other network elements. For instance, a network element relying party could be an NRF (Network Request Framework).

The profile and attestation check function (PACF) can be used to configure network elements for checking and attestation. For example, the PACF can be an interface network element used to interact or communicate with the validator. One possible scenario is that other network elements may be unable to send information to the validator. One possible reason for this scenario is the cross-domain deployment of the validator.

Management, automation, and network orchestration (MANO) can provide a framework for managing NFV infrastructure and provisioning new VNFs. MANO can be an integration of comprehensive management and scheduling of network services. For example, MANO may include a virtualized infrastructure manager (VIM), a virtualized network function manager (VNFM), or a network function virtualization orchestrator (NFVO), etc.

Virtual Infrastructure Management (VIM) can be used to manage NFVI. For example, VIM can be used to provide management of infrastructure-layer virtualized resources (such as virtual computing resources, storage resources, or network resources) (e.g., resource reservation or allocation), monitor the status of virtual resources, report virtual resource faults, or provide virtualized resource pools for upper-layer applications. For instance, VIM can be used for cloud platform management, responsible for hardware management, VM deployment, VM coordination, and scheduling.

The Virtual Network Function Manager (VNFM) can be used to manage the lifecycle of VNFs, such as bringing them online, taking them offline, monitoring their status, initializing VNF instances, scaling up VNF instances, scaling down VNF instances, or terminating VNF instances. For example, the VNFM can manage VNFs based on VNF descriptors (VNFDs). The VNFM can be responsible for network element lifecycle management. Basic capabilities of the VNFM can include adding, deleting, querying, or modifying network elements or VMs, etc.

A Network Function Virtualization Orchestrator (NFVO) provides a global view of network service (NS) lifecycles and resources. VNF lifecycle management includes a series of management operations from VNF instance creation to termination, such as VNF instantiation, VNF instance scaling (e.g., expansion or reduction), VNF instance healing, VNF instance updates, and VNF instance termination. NFVO can coordinate NS lifecycle management, VNF lifecycle management (potentially requiring VNFM support), NFVI resource management (potentially requiring VIM support), network service descriptor (NSD) management, VNFD management, and virtualized network function forwarding graph (VNFFG) management, ensuring optimized configuration of required resources and connections. NFVO can also be used to deploy new network services, VNF forwarding tables, VNF packages, and more. NFVO can operate based on a network service descriptor (NSD). The NSD can contain service chains, NFVs, or performance goals. For example, NFVO can be used to manage the deployment of network services.

For example, NFVO, VNFM, and VIM can belong to the MANO architecture of an NFV system.

The technical solutions of this application can be applied to various communication systems, including but not limited to: ^5th generation (5G) mobile communication systems such as Long Term Evolution (LTE) systems and New Radio (NR) systems, Narrow Band Internet of Things (NB-IoT) systems, Enhanced Machine-Type Communication (eMTC) systems, Enhanced Mobile Broadband (eMBB) systems, Ultra Reliable Low Latency Communications (URLLC) systems, satellite communication systems, LTE-machine-to-machine (LTE-M) systems, or systems that evolve after 5G, such as Future Mobile Communication systems.

The technical solutions in this application will now be described with reference to the accompanying drawings.

Figure 1 is a schematic diagram of a network architecture for a communication system. Exemplarily, this network architecture may include access network equipment and a core network. The access network can be used to implement functions related to radio access. For example, the access network may include access network equipment. The core network may include one or more core network equipment. These one or more core network equipment may include at least one network function (NF). Exemplarily, at least one NF may include at least one of the following: Network Capability Openness (NEF) element, Network Storage Function (NRF) element, Application Function (AF) element, Policy Control Function (PCF) element, Unified Data Management (UDM) element, Access and Mobility Management Function (AMF) element, Session Management Function (SMF) element, User Plane Function (UPF) element, Authentication Service Function (AUSF) element, Network Slice Selection Function (NSSF) element, Network Slice Authentication and Authorization Function (NSSAAF) element, or a data network (DN) connecting to an operator's network.

Terminal devices can be any device with wireless transceiver capabilities. They can be deployed on land, including indoors or outdoors, handheld, wearable, or vehicle-mounted; on water (such as ships); and in the air (e.g., on airplanes, balloons, and satellites). Terminal devices can communicate with the core network via a radio access network (RAN), exchanging voice and/or data with the RAN. Terminal devices can be mobile phones, tablets, computers with wireless transceiver capabilities, mobile internet devices (MIDs), point-of-sale (POS) machines, customer-premises equipment (CPEs), light user equipment (UEs), reduced-capability UEs (REDCAP UEs), wearable devices, multimedia devices, streaming media devices, virtual reality (VR) terminal devices, augmented reality (AR) terminal devices, and industrial control devices. Wireless terminals in various fields include autonomous driving, remote medical care, smart grids, transportation safety, smart cities, smart homes, and flying equipment (e.g., intelligent robots, hot air balloons, drones, drone controllers, etc.). The embodiments of this application do not limit the application scenarios. Terminal devices may also be called user equipment (UE), mobile stations, and remote stations. Terminal devices can also be vehicle devices, such as vehicle-mounted devices, vehicle-mounted modules, vehicle-mounted chips, on-board units (OBU), or telematics boxes (T-BOX). The embodiments of this application do not limit the specific technologies, device forms, or names used in the terminal devices. Terminal devices can be mobile devices that support satellite-to-ground air interfaces. Terminal devices can access satellite networks through air interfaces and initiate services such as making calls and accessing the internet.

Access network equipment can be any device in a network used to connect terminal devices to a wireless network. Access network equipment can be a node in a radio access network, also known as a base station, or a radio access network (RAN) device node (or device). For ease of description, RAN is sometimes used below to refer to radio access network equipment. Access network equipment can include evolved base stations (NodeBs or eNBs or e-NodeBs) in long-term evolution (LTE) systems or evolved LTE-Advanced (LTE-A) systems, such as traditional macro base stations (eNBs) and micro base stations (eNBs) in heterogeneous network scenarios. It can also include next-generation node Bs (gNBs) in 5G or NR systems, or radio network controllers (RNCs) and transmission reception points. Access network devices include, but are not limited to, points (TRPs), home base stations (e.g., home-evolved NodeBs, or home Node Bs, HNBs), baseband units (BBUs), baseband pools (BBU pools), or wireless fidelity (WiFi) access points (APs), or centralized units (CUs) and distributed units (DUs) in cloud radio access networks (Cloud RAN) systems. In scenarios where access network devices include separate deployments of CUs and DUs, the CU supports protocols such as radio resource control (RRC), packet data convergence protocol (PDCP), and service data adaptation protocol (SDAP); the DU primarily supports radio link control (RLC), media access control (MAC), and physical layer protocols. Access network equipment can provide wireless access services. For example, access network equipment can schedule wireless resources for terminal devices that need to access the network. It can also provide reliable wireless transmission protocols and/or data encryption protocols.

In different systems, CU (or CU-CP and CU-UP), DU, or radio unit (RU) may have different names, but those skilled in the art will understand their meaning. For example, in an open-radio access network (O-RAN) system, CU can also be called O-CU (open CU), DU can also be called O-DU, CU-CP can also be called O-CU-CP, CU-UP can also be called O-CU-UP, and RU can also be called O-RU. For ease of description, this application uses CU, CU-CP, CU-UP, DU, and RU as examples. Any of the units among CU (or CU-CP, CU-UP), DU, and RU in this application can be implemented through software modules, hardware modules, or a combination of software modules and hardware modules.

In this embodiment, the terminal device may include the aforementioned access network device. For example, in a security protection activation process involving the decoupling of the control plane and the user plane, the terminal device may include the aforementioned access network device.

Network capability open elements can expose some network functions to applications in a controlled manner. In 5G communication systems, network capability open elements can be Network Capability Open Functions (NEF). In future communication systems, network capability open elements may still be NEF elements, or they may have other names; this application is not limited to these.

Network storage function (NRF) network elements are primarily used for registration, discovery, and status detection of network elements, the services they provide, and their functions. NRF network elements enable automated management, selection, and scalability of network function services, and allow each network function to discover services provided by other network functions. In 5G communication systems, NRF network elements may be network storage functions (NRFs). In future communication systems, NRF network elements may remain NRF network elements or have other names; this application does not limit this.

Application function network elements can be used to convey application-side requests to the network side. For example, requests may include Quality of Service (QoS) requirements or user state event subscriptions. Application function network elements can provide various application service data to the control plane network elements of the operator's communication network, or obtain network data and control information from the control plane network elements of the communication network. In 5G communication systems, application function network elements can be application functions (AFs). In future communication systems, application function network elements may still be AF network elements, or they may have other names; this application is not limited to any particular name. For example, application function network elements can also be called application servers or service servers. Furthermore, application function network elements can be deployed on the operator's network or deployed by a third party.

Network slice authentication and authorization network elements can be used for network slice authentication and authorization. For example, network slice authentication and authorization network elements can interact with authentication, authorization, and accounting servers (AAA-S) through authentication, authorization, and accounting proxies (AAA-P). In 5G communication systems, application function network elements can be network slice specific authentication and authorization functions (NSSAAF). In future communication systems, network slice authentication and authorization network elements can still be NSSAAF network elements, or they can have other names; this application is not limited to these.

Policy control function network elements, also known as policy control network elements, are used to formulate and manage policies for the entire network (e.g., 5G networks). Policy control network elements can include policy control functions, charging policy control functions, etc. They can generate and maintain QoS flow control policies, network slicing policies, mobility management policies, charging policies, UE access policies, etc. Policy control network elements can dynamically generate and adjust policies based on the operator's service needs and network status, and distribute these policies to relevant network elements such as access and mobility management network elements, session management network elements, and user plane function network elements to guide their behavior. Furthermore, policy control network elements can receive QoS requirements from application function network elements and translate them into corresponding policies. In 5G communication systems, policy control network elements can be policy control functions (PCF). In future communication systems, policy control network elements may remain PCF network elements or have other names; this application is not limited to these.

A unified data management network element is primarily used to manage and store user data (or subscription information) from terminal devices. This includes, for example, user identity information, authentication information, subscription information, and policy information. The unified data management network element can provide user data query and update services to other network elements. It supports user authentication, authorization, and key management functions. Furthermore, the unified data management network element can update and synchronize user data according to the policies of policy control network elements. In 5G communication systems, the unified data management network element can be a unified data management (UDM) element. In future communication systems, the unified data management network element may still be a UDM element, or it may have other names; this application is not limiting.

Access and mobility management (AMF) network elements, also known as access and mobility management function (AMF) network elements, are primarily used for terminal attachment and tracking area update procedures in mobile networks. AMF network elements can provide non-access stratum (NAS) messages, complete registration management, connection management, reachability management, allocate tracking area lists (TA lists), grant access authorization, authenticate, and manage mobility, and transparently route session management (SM) messages to session management network elements. In 5G communication systems, AMF network elements can be access and mobility management functions (AMF). In future communication systems, AMF network elements may remain AMF network elements or have other names; this application is not limited to these names.

Session management network elements, also known as session management function network elements, can be used for session and bearer management in mobile networks, such as session establishment, modification, and release. Specific functions include allocating and managing Internet Protocol (IP) addresses for the UE, and selecting user plane function network elements that provide packet forwarding capabilities. For example, a session management network element can select a suitable user plane function network element for the UE based on the UE's request and the policy control information of the policy control network element, establish a session with that user plane function network element, and generate QoS rules and charging rules. Session management network elements can control the data forwarding and processing behavior of user plane function network elements. In 5G communication systems, the session management network element can be a Session Management Function (SMF). In future communication systems, the session management network element may still be an SMF network element, or it may have other names; this application is not limited to these.

The authentication service function network element is mainly used to perform security authentication of the terminal. In 5G communication systems, the authentication service function network element can be an Authentication Service Function (AUSF). In future communication systems, the authentication service function network element can still be an AUSF network element, or it can have other names. This application does not limit this.

The network slice selection function network element is mainly used to select network slices for terminals. In 5G communication systems, the network slice selection function network element can be the Network Slice Selection Function (NSSF). In future communication systems, the network slice selection function network element can still be the NSSF network element, or it can have other names. This application does not limit this.

User plane function network elements (MPFs) can be used to process user packets, such as forwarding and billing. Furthermore, MPFs can handle user plane data packet routing, forwarding, QoS flow processing, threshold control, traffic monitoring, authentication, data packet detection, and reporting. MPFs can also manage UE IP addresses and core network (CN) tunnel information. Located in the 5G core network user plane, MPFs provide high-speed, efficient, and flexible data transmission services to the UE. In addition, MPFs can perform data packet filtering, traffic shaping, and billing according to control plane instructions, enabling fine-grained management and control of user data flows. MPFs can connect to access network equipment via the N3 interface and to the data network via the N6 interface, thus enabling data transmission between the UE and the external data network. MPFs can also be referred to as Protocol Data Unit (PDU) session anchors (PSAs). In 5G communication systems, user plane function network elements can be user plane functions (UPF). In future communication systems, user plane function network elements can still be UPF network elements, or they can have other names. This application does not limit this.

Data networks are primarily used to provide data transmission services for terminal devices. Data networks can be private networks, such as local area networks (LANs), public data networks (PDNs), such as the Internet, or dedicated networks jointly deployed by operators, such as configured IP multimedia core network subsystems (IMS) services. Data networks can also originate from third parties.

In the architecture shown in Figure 1, the interface names and functions between the various network elements are as follows:

1. N1: The interface between AMF and UE, which can be used to transmit QoS control rules to UE, etc.

2. N2: The interface between AMF and (R)AN, which can be used to transmit radio bearer control information from the core network side to the RAN.

3. N3: The interface between RAN and UPF, used to transmit uplink or downlink user plane data between RAN and UPF.

4. N4: The interface between SMF and UPF, which can be used to transmit information between the control plane and the user plane, including the distribution of forwarding rules, QoS control rules, traffic statistics rules, etc. from the control plane to the user plane, as well as the reporting of information from the user plane.

5. N6: The interface between UPF and DN, used to transmit uplink or downlink user data streams between UPF and DN.

6. The service-oriented interfaces Nnssf, Nnef, Nnrf, Npcf, Nudm, Naf, Nnssaaf, Nausf, Namf, and Nsmf can be service-oriented interfaces provided by the above-mentioned NSSF, NEF, NRF, PCF, UDM, AF, NSSAAF, AUSF, AMF, and SMF network elements, respectively, and are used to call the corresponding service-oriented operations.

The aforementioned network element or function can be a network component in a hardware device, a software function running on dedicated hardware, or a virtualization function instantiated on a platform (e.g., a cloud platform). Optionally, the aforementioned network element or function can be implemented by one device, multiple devices working together, or a functional module within a single device; this application embodiment does not specifically limit this.

The naming conventions described above are defined solely for the purpose of distinguishing different functions and should not be construed as limiting the scope of this application. This application does not preclude the possibility of using other naming conventions in 5G networks and other future networks. For example, in future communication systems, some or all of the aforementioned network terminology may be retained from 5G, or other names may be used. The interface names between the various network elements in Figure 1 are merely examples; in specific implementations, the interface names may be different, and this application does not impose any specific limitations on them. Furthermore, the names of the messages (or signaling) transmitted between the aforementioned network elements are also merely examples and do not constitute any limitation on the function of the messages themselves.

The term "network element" can also be referred to as an entity, device, apparatus, or module, etc., and this application does not specifically limit it. Furthermore, in this application, for ease of understanding and explanation, the description of "network element" is omitted in some descriptions. For example, the PCF network element is abbreviated as PCF. In this case, "PCF" should be understood as PCF network element or PCF entity. The following omits descriptions of the same or similar cases.

Figure 2 is a schematic flowchart of a remote proof method 200. Method 200 achieves RA through the interaction between the verifier and the measurer. Method 200 is described below with reference to Figure 2.

S210, the verifier sends a challenge message to the measurand. Correspondingly, the measurand receives the challenge message from the verifier.

In this system, the measurer and the verifier can be separated. For example, the measurer can be deployed on one side of the system or device mentioned above, while the verifier can be deployed remotely.

For example, the challenge message may carry a request message. This request message is used to request the measurement provider to perform the measurement. For instance, the request message may be used to request the measurement provider to perform the measurement on the aforementioned system or device. The challenge message may also carry a unique nonce corresponding to this measurement. This nonce can be used by the measurement provider for measurement purposes.

S220, the measurer performs the measurement.

For example, the measurer can obtain the evidence required for measurement from the aforementioned system or device based on the challenge message. For instance, the measurer can obtain programs or files within these systems or devices and calculate hash values corresponding to these programs or files based on random numbers.

S230, the measurer sends a response message to the verifier. Correspondingly, the verifier receives the response message from the measurer.

For example, the response message can be used to indicate that the measurement is complete. For instance, the response message can carry the hash value described above. Or, for another example, the response message can carry the random number described above.

S240, the verifier performs the verification.

For example, the verifier can determine whether the random number carried in the response message matches the random number uniquely corresponding to this metric carried in the challenge message. If the two random numbers do not match, the verifier can determine that the verification has failed. If the two random numbers match, the verifier can proceed with further verification.

For example, further verification by the verifier may include comparing the hash value in the response message with a preset hash value for the aforementioned system or device. If the hash value in the response message matches the preset hash value, it indicates that the program or software of these systems or devices has not been tampered with, and thus the verifier can determine that these systems or devices are trusted devices, i.e., the verification passes. If the hash value in the response message differs from the preset hash value, it indicates that the program or software of these systems or devices may have been tampered with, and thus the verifier can determine that these systems or devices are untrusted devices, i.e., the verification fails. In some possible implementations, in the event of verification failure, these systems or devices can be reset or erased.

Figure 3 illustrates the architecture of NFV. The NFV system 300 can run on a server, which may include a processor, hard disk, memory, system bus, etc., similar to a general computer architecture. The server's functionality can be implemented by a single physical device or by a cluster of multiple physical devices. This application does not limit this. Furthermore, the NFV system 300 can be implemented through various networks, such as data center networks, service provider networks, or local area networks (LANs). As shown in Figure 3, the NFV system 300 may include: NFV-MANO 128, NFVI 130, one or more VNFs 108 (e.g., VNF 1, VNF 2, VNF 3), one or more element management (EM) systems 122 (e.g., EM 1, EM 2, EM 3), service, VNF and infrastructure description 126, and one or more operation support systems (OSS) and/or business support systems (BSS) 124. One EM 122 may correspond to one EMS, or multiple EMs 122 may correspond to one EMS; this application does not limit this.

For example, MANO 128 may include NFVO 102, one or more VNFM 104, and one or more VIM 106.

For example, NFVI 130 may include a hardware resource layer, a virtualization layer, or a virtual resource layer.

The hardware resource layer may include computing hardware 112, storage hardware 114, or network hardware 116. The virtual resource layer may include virtual computing 110 (e.g., a virtual machine), virtual storage 118, or a virtual network 120. The computing hardware 112 may be a dedicated processor or a general-purpose processor used to provide processing and computing functions. The storage hardware 114 provides storage capacity, which may be provided by the storage hardware 114 itself (e.g., the local memory of a server) or provided via a network (e.g., a server connecting to a network storage device via a network). The network hardware 116 may be a switch, router, and/or other network devices, and may be used to enable communication between multiple devices, which may be connected wirelessly or via wired connections.

The virtualization layer in NFVI 130 can be used to abstract hardware resources from the hardware resource layer, decoupling the VNF 108 from the physical layer to which the hardware resources belong, and providing virtual resources to the VNF. The virtualization layer can also be called a hypervisor or a container management system.

The virtual resource layer may include virtual computing 110, virtual storage 118, or virtual network 120. Virtual computing 110 and virtual storage 118 can provide virtual resources to VNF 108 in the form of virtual machines or other virtual containers; for example, one or more VNFs 108 can be deployed on one or more virtual machines. The virtualization layer forms virtual network 120 through abstract network hardware 116. Virtual network 120, such as a virtual switch, can be used to enable communication between multiple virtual machines or between multiple other types of virtual containers hosting VNFs.

For example, OSS/BSS124 can be provided to telecommunications operators with comprehensive network management and service operation functions, including network management (such as fault monitoring, network information collection, etc.), billing management, and customer service management.

For example, MANO 128 can be used to monitor and manage VNF 108 and NFVI 130. NFVO 102 can communicate with one or more VNFM 104 to make resource-related requests, send configuration information to VNFM 104, and collect status information of VNF 108. Additionally, NFVO 102 can communicate with VIM 106 to allocate resources and/or reserve and exchange configuration and status information for virtualized hardware resources. VNFM 104 can be used to manage one or more VNFs 108, performing various management functions such as initializing, updating, querying, and/or terminating VNFs 108. VIM 106 can be used to control and manage the interaction between VNF 108, computing hardware 112, storage hardware 114, network hardware 116, virtual computing 110, virtual storage 118, or virtual network 120. For example, VIM 106 can be used to perform resource allocation operations to VNF 108. VNFM 104 and VIM 106 can communicate with each other to exchange virtualization hardware resource configuration and status information.

NFVI 130 comprises hardware and software that together establish a virtualization environment for deploying, managing, and executing VNF 108. In other words, the hardware resource layer and the virtual resource layer are used to provide virtual resources, such as virtual machines and/or other forms of virtual containers, to VNF 108.

As shown in Figure 3, VNFM 104 can communicate with VNF 108 and EM 122 to perform VNF lifecycle management and exchange configuration/state information. VNF 108 can be a virtualization of at least one network function that was previously provided by a physical network device. One or more VNF 108s can be deployed on a virtual machine (or other form of virtual container). EM 122 can be used to manage one or more VNFs.

The above description of the functions of each module is intended to help those skilled in the art better understand the embodiments of this application, and is not intended to limit the scope of the embodiments of this application. This application does not exclude the possibility that the modules listed above may perform other functions, or that modules may be added or removed in the above NFV system.

For example, the above architecture can be applied to a Cloud RAN system. For instance, a Cloud RAN system may include the above architecture. As another example, a Cloud RAN system may include one or more VNFs. A Cloud RAN system can refer to implementing RAN functions through a general-purpose computing platform (rather than a dedicated hardware platform) and managing the virtualization of RAN functions based on cloud-native principles. For example, RAN cloudification can begin with running certain 5G RAN network functions in containers through a general-purpose hardware platform. This general-purpose hardware platform can include a commercial off-the-shelf (COTS) platform. For example, the control plane and user plane of the central unit are first cloudified, followed by the latency-sensitive radio processing functions in the distributed units. During RAN cloudification, the Cloud RAN system can employ leading technologies to become the foundation for 5G openness and enable 5G innovation. For example, the RAN cloudification process may include COTS hardware, cloud-native architecture, management, orchestration and automation, or RAN programmability. For example, for COTS hardware (including accelerators), suitable hardware platforms and environments can be selected. For example, for cloud-native architectures, cloud-native technologies such as Kubernetes can be used, along with development operations (DevOps) principles, to deploy RAN functions as microservices on bare-metal servers using container technology. For example, for management, orchestration, and automation, end-to-end service lifecycle management can be achieved across the Cloud RAN system, transport, 5G core network, and underlying cloud infrastructure. For example, for RAN programmability, non-RAN functions can be deployed in virtualized systems to add new functionality and value.

This application does not specify the exact name of Cloud RAN. For example, Cloud RAN can also be called Virtualized RAN (vRAN), Cloud RAN, Cloud RAN, or other names.

Figure 4 is a schematic diagram of the architecture of NFV based on remote proof. The following section, in conjunction with Figure 4, introduces a possible method for implementing remote proof in NFV.

S1, the dependent VNF determines to measure the untrusted VNF.

For example, the untrusted VNF is about to be instantiated. Before instantiation, the VNF can make requests to dependent VNFs. For example, the AMF can be an untrusted VNF, and the AMF can send request information to dependent VNFs (e.g., NRFs). This request information can be used to request the NF's configuration file. For example, this request information can be or be carried in an NF management registration request message. For example, the NF management registration request message can be an Nnrf_NF Management_NF Register request message.

S2, the dependent VNF can send a challenge message to the PACF.

S3, PACF can convert the challenge message from the ^3rd generation partnership project (3GPP) protocol to the European Telecommunications Standards Institute (ETSI) protocol, thereby sending the challenge message to the verifier.

S4, the verifier sends a challenge message to the measurand, which can be used to request the measurand to initiate a measurement of the VNF.

S5, the measurer measures the operational status of the VNF to obtain evidence.

For example, evidence could be a set of statements about the target environment. These statements could be used to reveal the operational status, health, configuration, or structure that are security-related. In one possible implementation, evidence could be a measurer's hash of the current VNF file.

S6, the measurer sends evidence to the verifier.

S7, the verifier obtains the proof result based on the evidence.

For example, the proof result can be used by the dependent VNF to determine the degree to which it trusts a particular metric and allows the VNF measured by that metric to access certain data or perform certain operations. Optionally, the verifier can pre-configure a reference value that can be used to compare the evidence. For example, the reference value could be the hash value of a pre-configured VNF file. The verifier compares the evidence with the reference value to determine whether the VNF is in a normal operating state, i.e., whether the VNF's operating logic is functioning correctly because the VNF file has not been tampered with.

S8, the verifier sends information to PACF indicating the proof result.

S9, PACF can convert information indicating the proof results between the ETSI and 3GPP protocols.

S10, PACF can send information indicating the proof result to the dependent party.

S11, the dependent party can decide whether to accept the request initiated by the unverified VNF based on the proof results.

Figure 4 illustrates the security shortcomings of remote proof schemes. For example, the measurer may experience a single point of failure or may act maliciously, reducing the security of remote proof.

Therefore, how to improve the security of remote authentication is an urgent problem to be solved.

Figure 5 is a schematic flowchart of a communication method 500 provided in an embodiment of this application. Those skilled in the art will understand that without signing, or if the signing is based solely on a single measurer, the security of remote proof will be reduced in the event of a malfunction or malicious intent on the part of that measurer. In method 500, the signature received by the verifier is based on multiple measurers, thereby improving the security of remote proof. Optional operations in method 500 are shown in dashed lines in Figure 5. Method 500 will be described below with reference to Figure 5.

S510, the first verifier receives the first information from the first measurer. Correspondingly, the first measurer sends the first information to the first verifier.

The first verifier may include one or more verifiers. For example, the first verifier may be a functional module or chip in NFV-MANO, as shown in Figure 4. Another example is a cloud network function. However, this application is not limited to this. On the one hand, the first verifier may not be limited to the NFV system, but may also be a verifier in other systems; on the other hand, the first verifier may not be limited to functional modules or chips, but may also be a chip system or a complete device.

The first attester may include one or more attesters. Exemplarily, the first attester may be a functional module or chip in an NFVI, as shown in Figure 4. However, this application is not limited to this. On the one hand, the first attester may not be limited to an NFV system, but may also be an attester in other systems; on the other hand, the first attester may not be limited to a functional module or chip, but may also be a chip system or a complete device. The first attester may or may not have received a request from the first verifier beforehand, but the first attester is the attester that sends information to the first verifier, that is, it responds to the first verifier. Therefore, the first attester can also be called a responding attester.

In some possible implementations, the first information includes a first signature and/or first evidence. Optionally, the first signature is used to verify the validity of the first evidence. Optionally, the measurands on which the first signature is based include M measurands. M can be an integer greater than 1, and the M measurands may include the first measurand. For example, the first signature may be obtained based on the keys of the M measurands. Another example is that the first signature may be obtained by signing the first evidence according to the keys of the M measurands. Here, the M measurands can be used to measure the first network element.

Optionally, the first information may also include a measurement log and/or a random number. The measurement log can be used to indicate the measurement process. For example, the first evidence may be determined based on multiple pieces of evidence, and the measurement log can record the process of determining the first evidence. The random number may be provided by the first verifier and used to uniquely identify this measurement. Optionally, the first information may also include attestation identity key (AIK) certificate information. This AIK certificate information can be used to indicate the AIK certificate of the first verifier. Exemplarily, at least one of the AIK certificate information, the first evidence, the random number, or the first evidence may belong to measurement quotation information. Exemplarily, the first verifier can verify the validity of the AIK certificate, and if the AIK certificate is valid, verify whether the first evidence is valid.

For example, the first information may be carried in a response message, but this application is not limited to this; the first information may also be carried in other messages. This application does not limit the specific name of the first information; the first information may also be called response information, remote authentication response, or other names.

For example, the first network element can be a VNF, such as the unverified VNF in Figure 4. However, this application is not limited to this, and the first network element can be applied to other network elements. For example, a PNF. Another example is a network element in a communication system, such as access network equipment or terminal equipment. Furthermore, this application does not limit the specific name of the first network element; for example, the first network element can also be called an unverified network element, an untrusted network element, or other names.

Those skilled in the art will understand that although the technical problem addressed in this application arises within the context of an NFV system, the embodiments of this application are not limited to implementation within NFV systems, nor are the technical problems they can solve limited to those within NFV systems. For example, the embodiments of this application can also be applied to other systems to improve the security of remote authentication in other systems.

For example, the first evidence may include the platform configuration register (PCR). Optionally, the first evidence is obtained by measuring the first network element. For example, the first evidence may be obtained by a first measurer measuring the first network element, but this application is not limited to this. For example, the first evidence may also be obtained by other measurers measuring the first network element. Furthermore, the first evidence may be obtained by multiple measurers measuring the first network element. The first evidence can also be used to verify the trustworthiness, trust status, or security of the first network element, etc.

The measurer on which the first signature is based can be understood as the measurer who participated in the first signature, the key on which the first signature is based, the key of the measurer on which the first signature is based, the key of the measurer applied to the first signature, or the key applied to the first signature, etc.

In this context, the M measurement operators are used to measure the first network element. This can be understood as meaning that each of the M measurement operators has the capability to measure the first network element, but it is not equivalent to all of the M measurement operators having already measured the first network element. In some examples, all M measurement operators measure the first network element. For example, the first evidence is obtained by the M measurement operators measuring the first network element. In other examples, some of the M measurement operators (e.g., the first measurement operator) measure the first network element. For example, the first evidence may be obtained by the first measurement operator measuring the first network element. Furthermore, this application does not limit the M measurement operators to only measuring the first network element and not other network elements. For example, the first measurement operator can measure the first network element and also measure other network elements.

In some possible implementations, when the first measurer measures the first network element, its identifier is a first identifier, and/or the first measurer belongs to a first group; when the first measurer measures another network element (e.g., the second network element), its identifier is a second identifier, and/or the first measurer belongs to a second group. The first identifier and the second identifier can be different or the same. The first group and the second group can also be different or the same. If the first identifier and the second identifier are different, the above scheme can also be understood as the first measurer using different identifiers when measuring different network elements.

Optionally, the M measurators belong to a first group, which corresponds to the first network element. Each measurator in the first group has the ability to measure the first network element. In other words, each measurator in the first group is used to measure the first network element. For ease of description, let's assume that the number of measurators in the first group is P, where P is an integer greater than or equal to M. The P measurators include the M measurators.

For example, the M measurants can be M trusted roots. Such a scenario can also be called a distributed trusted root collaboration scenario, in which different trusted roots can be used to verify the security, trustworthiness, or trusted state of the same network element.

S520, the first verifier verifies the first signature and the first evidence based on the keys of the M measurators.

Optionally, the first verifier can verify the validity of the first signature based on the keys of the M measurers. Furthermore, if the first signature is valid, the first verifier can verify the validity of the first evidence.

For example, the keys of the M measurers can be the public keys of the M measurers. Furthermore, this application does not limit the specific method of verifying the first signature or first evidence based on the keys of the M measurers. For example, the first verifier can verify the validity of the first signature based on the generation method of the first signature and the keys of the M measurers. The generation method of the first signature can be found in the description below.

This application does not specify the exact name of the first signature, which may also be referred to as the group signature, group signature information, or other names.

Those skilled in the art will understand that if evidence is not signed, or if the signature is based on only one measurand, the security of remote proof will be reduced in the event of a failure or malicious intent on the part of that measurand. Based on the above scheme, the signature received by the verifier is based on M measurands. The verifier can verify the signature and the evidence using the keys of these M measurands, avoiding errors caused by the failure or malicious intent of a single measurand, thereby improving the security of remote proof. Furthermore, the M measurands can measure the same network element; that is, the M measurands participating in the signing can measure the same network element. Compared to schemes that sequentially receive and verify the signatures of each measurand, in the above scheme, the verifier only needs to perform one reception and verification to achieve remote proof. Therefore, the above scheme improves the efficiency of remote proof.

Unless otherwise specified, the first device in this application may refer to the network device itself (e.g., access network device, core network device, or management plane device), a component in the network device (e.g., processor, chip, or chip system), or a logic module or software that can implement all or part of the functions of the network device. For ease of description, the first device will be used as an example below.

For example, management plane equipment may include VNFM, VIM, or operations, administration, and management (OAM), etc.

In one possible implementation, method 500 further includes: S530, the first verifier sends eighth information to the first device. Correspondingly, the first device receives the eighth information from the first verifier.

For example, the first device may include or be applied to: PACF, dependent party, security edge protection proxy (SEPP), or other devices. For instance, the first device may also be any module or component of an NF or RAN that uses verification results (or measurement results).

The eighth piece of information can be used to indicate the verification result. For example, if the first evidence is valid, the verification result can indicate that the first network element is valid. Conversely, if the first evidence is invalid, the verification result can indicate that the first network element is invalid. This application does not limit the specific name of the eighth piece of information; it can also be called a measurement response message or other names.

In some possible implementations, method 500 also includes S540 and/or S550.

S540, the first authenticator sends a third request to the key management network element. Correspondingly, the key management network element receives the third request from the first authenticator.

For example, a key management network element may include or be applied to: a certificate authority (CA) and/or a key generation center (KGC), etc. This application does not limit the specific name of the key management network element; for example, it may also be called a network element, a key network element, or have other names. For example, a key management network element may be a cloud network function. However, this application is not limited in this respect; a key management network element may also be a chip or a complete device.

Optionally, the third request is used to request the keys of the M measurands. For example, the keys of the M measurands may include the public keys of the M measurands. This application does not limit the specific name of the third request; it may also be called a key request, public key request, group public key request, or other names.

In some other possible implementations, method 500 may not include S540. For example, the key management network element may send indication information of the keys of the M measurands to the first verifier periodically, rather than based on a request. As another example, the keys of the M measurands may be pre-configured, predefined, or generated according to predefined (or pre-configured) rules.

Optionally, the third request includes the identifier (identity, identification, or identifier, ID) of the first measurand and/or the identifier of the first group, wherein the first group includes P measurands used to measure the first network element, and the P measurands include the M measurands, where P is an integer greater than or equal to M.

The identifier of the first measurer may include an identifier (e.g., #01), the IP address, MAC address, or other information of the first measurer.

Based on the above scheme, the third request may include the identifier of the sender of the first information, and/or the identifier of the group to which the sender of the first information belongs. In this way, the key management network element can determine the keys for the M measurers to be fed back to the first verifier based on the identifiers carried in the third request.

Optionally, the third request includes the identifiers of one or more of the P measurands. For example, the third request may include the identifiers of all the P measurands. Alternatively, the third request may include the identifiers of some of the P measurands. The third request may or may not carry the identifier of the first measurand. In other words, the third request may or may not carry the identifier of the sender of the first information.

In some possible implementations, S540 is triggered by the first message. For example, S540 includes: in response to the first message, the first verifier sends a third request to the key management network element.

Based on the above scheme, the first verifier can request the key required for this verification from the key management network element. On the one hand, the key is stored by a dedicated network element, which improves the security of the key; on the other hand, the first verifier does not need to save the key in advance, saving the first verifier's storage costs.

S550, the first authenticator receives the third information from the key management network element. Correspondingly, the key management network element sends the third information to the first authenticator.

Optionally, the third information is used to indicate the keys of the M measurers. The third information can be direct information, for example, it can include information about the keys of the M measurers. The third information can also be indirect information, for example, the first verifier can determine the keys of the M measurers based on the third information.

The third piece of information can indicate only the keys of the M measurands, or it can indicate the keys of the P measurands, or in other words, it can indicate the keys of all measurands in the first group. It is understood that the keys of the P measurands include the keys of the M measurands. For example, the keys of the M measurands can include the public keys of the M measurands. The keys of the P measurands can include the public keys of the P measurands.

Next, we will introduce the case where the third information only indicates the keys of M measurers.

In some examples, the key management network element can determine the keys for M measurands based on pre-configured or pre-defined rules.

For example, the key management network element pre-configures or predefines the association between the keys of the first validator and M measurands. Upon receiving a request from the first validator, the key management network element can determine the keys of the M measurands.

For example, the key management network element pre-configures or predefines the association between the identifier of the first measurand and the keys of the M measurands. If the third request includes the identifier of the first measurand, the key management network element can determine the keys of the M measurands; or, if the third request includes the identifier of the first group, the key management network element can determine that the first measurand exists in the first group, or determine that the identifier of the first group corresponds to the identifier of the first measurand, thereby determining the keys of the M measurands.

For example, the key management network element pre-configures or predefines the association between the identifier of the first group and the keys of the M measurands. If the third request includes the identifier of the first group, the key management network element can determine the keys of the M measurands; or, if the third request includes the identifier of the first measurand, the key management network element can determine that the first measurand belongs to the first group, or determine that the identifier of the first group corresponds to the identifier of the first measurand, thereby determining the keys of the M measurands.

The association between the identifier of the first group and the identifier of the first measurer can also be classified as a third association. For example, the third association can further include the association between the identifier of the first group and other measurers. For instance, the third association could include the association between the identifier of the first group and the identifiers of the P measurers within the first group.

In some possible implementations, method 500 further includes: S560, the key management network element determines the keys of the M measurands based on the third request and the second association.

The second association relationship may include the association relationship between the identifier of the first group and the identifier of the first key group (hereinafter referred to as association relationship 1), or the association relationship between the identifiers of the P measurers and the identifier of the first key group (hereinafter referred to as association relationship 2), or the second association relationship may include the association relationship between the identifier of the first group, the identifiers of the P measurers and the identifier of the first key group (hereinafter referred to as association relationship 3).

The first key set may include the keys of P measurers in the first group. For example, the first key set may include the public keys of P measurers. In some possible implementations, the first key set corresponds to a first network element. For example, each key in the first key set may be used only to sign evidence obtained by measuring the first network element. For example, if the first measurer obtains evidence by measuring other network elements (e.g., the second network element), the first measurer does not use the keys in the first key set to sign the evidence, but instead uses the keys in other key sets (e.g., the second key set) to sign the evidence. In other possible implementations, each key in the first key set may be used to sign evidence obtained by the measurer from any network element.

For example, if the third request includes the identifier of the first group, the key management network element can determine the identifier of the first key group based on the third request and the third association, and then determine the keys of the M measurands in the first key group according to predefined or preconfigured rules. For instance, if the second association includes association 1 or association 3, the key management network element can directly determine the identifier of the first key group based on the third request and the second association. As another example, if the second association includes association 2, the key management network element can determine the identifier of the first key group based on the third request, the third association, and the second association.

For example, if the third request includes the identifier of the first measurand, the key management network element can determine the identifier of the first key group based on the third request and the third association, and then determine the keys of the M measurands in the first key group according to predefined or preconfigured rules. For instance, if the second association includes association 2 or association 3, the key management network element can directly determine the identifier of the first key group based on the third request and the second association. As another example, if the second association includes association 1, the key management network element can determine the identifier of the first key group based on the third request, the third association, and the second association.

As mentioned earlier, the third information can also indicate the keys of the P measurands, or in other words, the keys of all measurands in the first group. The scheme for indicating the keys of the P measurands using the third information is described below.

In some examples, the key management network element can determine the keys for P measurands based on pre-configured or pre-defined rules.

For example, the key management network element pre-configures or predefines the association between the keys of the first validator and P measurands. Upon receiving a request from the first validator, the key management network element can determine the keys of the P measurands.

For example, the key management network element pre-configures or predefines the association between the identifier of the first measurand and the keys of P measurands. If the third request includes the identifier of the first measurand, the key management network element can determine the keys of the P measurands; or, if the third request includes the identifier of the first group, the key management network element can determine that the first measurand exists in the first group, or determine that the identifier of the first group corresponds to the identifier of the first measurand, thereby determining the keys of the P measurands.

For example, the key management network element pre-configures or pre-defines the association between the identifier of the first group and the keys of P measurands. If the third request includes the identifier of the first group, the key management network element can determine the keys of the P measurands; or, if the third request includes the identifier of the first measurand, the key management network element can determine that the first measurand belongs to the first group, or determine that the identifier of the first group corresponds to the identifier of the first measurand, thereby determining the keys of the P measurands.

The association between the identifier of the first group and the identifier of the first measurer can also be classified as a third association. For example, the third association can further include the association between the identifier of the first group and other measurers. For instance, the third association could include the association between the identifier of the first group and the identifiers of the P measurers within the first group.

Based on the above scheme, the key management network element can determine the keys of M measurands according to the second association relationship, thereby reducing the latency of finding the keys of M measurands.

In some possible implementations, method 500 further includes: S570, the key management network element determines the keys of the P measurands based on the third request and the second association.

For example, if the third request includes the identifier of the first group, the key management network element can determine the identifier of the first key group based on the third request and the third association, and then determine the keys of the P measurands in the first key group. See the previous examples for further details.

For example, if the third request includes the identifier of the first measurand, the key management network element can determine the identifier of the first key group based on the third request and the third association, and then determine the keys of the P measurands in the first key group according to predefined or preconfigured rules. See the previous examples for further details.

The aforementioned third association can be pre-configured or pre-defined by the key management network element, or it can be received by the key management network element from other network elements (e.g., orchestration management network elements). For example, the orchestration management network element can be MANO, VNFM, VIM, or other network elements. This application does not limit the orchestration management network element to network elements in NFV systems; it can also be network elements in other communication systems, such as core network elements. This application does not limit the specific name of the orchestration management network element; for example, the orchestration management network element can also be called a network element or other names.

For example, the orchestration management network element may include or be applied to VNFM. For instance, after instantiation, VNFM may send information indicating a third association to the key management network element. Alternatively, the key management network element may send information requesting a third association to VNFM. Based on this request, VNFM may send information indicating the third association to the key management network element. For example, through the instantiation step, VNFM may orchestrate VM1-VM7 into the same VNF instance, where VM1-VM3 are located in the same physical device as measurer 1 (denoted as Att1), VM2-VM5 are located in the same physical device as measurer 2 (Att2), and VM6-VM7 are located in the same physical device as measurer 3 (denoted as Att3). For example, VNFM may determine that the third association is that Att1, Att2, and Att3 correspond to group 1. Alternatively, VNFM may determine that Att1, Att2, and Att3 belong to the same group.

A single measurer can be assigned to multiple groups. For example, Att1 can be in group 1 or group 2. When Att1 is in group 1, its identifier is identifier 1. When Att1 is in group 2, its identifier is identifier 2. Group 1 corresponds to VNF1, and group 2 corresponds to VNF2. Thus, when Att1 measures VNF1, the identifier of the group to which Att1 belongs is the identifier of group 1, and Att1's identifier is identifier 1. When Att1 measures VNF2, the identifier of the group to which Att1 belongs is the identifier of group 2, and Att1's identifier is identifier 2.

The aforementioned second association can be pre-configured or pre-defined by the key management network element, or it can be determined by the key management network element when generating the keys of each measurand in the first group, or it can be determined by the key management network element at any time after generating the keys of each measurand in the first group.

In some possible implementations, S520 includes: a first verifier verifying whether the number of measurands on which the first signature is based is greater than or equal to a threshold value; if the number of measurands on which the first signature is based is greater than or equal to the threshold value, the first verifier verifying whether the first signature is valid; if the first signature is valid, the first verifier verifying whether the first evidence is valid.

Optionally, the threshold value is used to indicate the minimum number of measurands on which the first signature is based.

Optionally, the threshold value indicates the minimum number of measurers on which the signature corresponding to the first network element is based. That is, the threshold value can be applied to the first network element. The signature corresponding to the first network element can include a first signature. The signature corresponding to the first network element can be understood as a signature of the evidence obtained by measuring the first network element. However, this application is not limited to this, and the threshold value can also be applied to more network elements, including the first network element.

Optionally, the threshold value indicates the minimum number of measurands on which the signature of the first measurand is based. That is, the threshold value can be specific to the first measurand. The signature of the first measurand may include a first signature. The signature of the first measurand can be understood as a signature in which the first measurand participates. However, this application is not limited to this, and the threshold value can also be specific to more measurands, including the first measurand.

Optionally, the threshold value indicates the minimum number of measurands on which the signature verified by the first validator is based. That is, the threshold value can be specific to the first validator. The signature verified by the first validator may include the first signature. However, this application is not limited to this, and the threshold value may also be specific to more validators, including the first validator.

This application does not limit the form in which the threshold value is represented. The threshold value can be a positive integer, a percentage, a fraction, a decimal, or other forms. For example, assuming that the first group has 3 measurers, the threshold value can be a positive integer, such as 1, 2, or 3; the threshold value can be a percentage, such as 33%, 66%, or 100%; the threshold value can be a fraction, such as 1/3, 2/3, or 1; the threshold value can be a decimal, such as 0.33, 0.66, or 1.

This application does not limit the method for determining the threshold value. As an example, the threshold value can be pre-configured or predefined. As another example, the threshold value can be determined by the first verifier. For example, the first verifier can determine the threshold value based on the security level of the first network element or the first metric. For example, a higher threshold value indicates a lower security level, while a lower threshold value indicates a higher security level. As another example, the first verifier can determine the threshold value based on threshold value indication information. This threshold value indication information can come from the first device. That is, the first device can send threshold value indication information to the first verifier. Exemplarily, the first device can include or be applied to: PACF, dependent party, SEPP, or other devices. For example, the first device can also be any module or component of an NF or RAN that uses the verification result (or measurement result).

For example, the threshold value indication information sent by the first device may only indicate a threshold value in percentage, fraction, or decimal form, and the first verifier can determine a threshold value in positive integer form based on this threshold value indication information. For instance, in some scenarios, the first device may not know the specific number of measurers in the first group, and thus only indicate a threshold value in percentage, fraction, or decimal form; while the first verifier may know the specific number of measurers in the first group, and thus determine a threshold value in positive integer form based on the indication from the first device.

For example, the first verifier may send a threshold value indication to the first measurer, enabling the first measurer to determine the minimum number of measurers on which the first signature is based, thereby improving the quality of the first signature, i.e., increasing the probability that the first signature will be successfully verified.

For example, the threshold value is denoted as Q. The following example uses Q as a positive integer. Those skilled in the art will understand that the following example is not intended to limit the threshold value to only positive integers. The threshold value in the embodiments of this application can also be in other forms, which are just examples and will not be repeated here.

Optionally, Q is a positive integer less than or equal to P. For example, if M ≥ Q, the first verifier can determine that the number of measurands on which the first signature is based is greater than or equal to a threshold value, and thus continue verifying whether the first signature and the first evidence are valid. Alternatively, if M < Q, the first verifier can determine that the number of measurands on which the first signature is based does not meet the threshold value, and thus determine that the first signature verification has failed. In some possible implementations, if the first verifier determines that the number of measurands on which the first signature is based does not meet the threshold value, it can stop verification, determine that the first network element verification has failed, and thus reduce verification overhead.

This application does not specify the exact name of the first signature, which may also be referred to as the threshold signature, threshold signature information, or other names.

The public keys of the M measurers can also be called threshold signature public keys. The private key of the first measurer can also be called threshold signature private keys.

Based on the above scheme, the first verifier can verify whether the measurer on which the first signature is based meets the threshold requirement. If the threshold requirement is not met, no further verification is performed on the first signature or the first evidence, thereby reducing verification overhead. When the threshold is set low, the first signature does not need to be based on all measurers in the first group, thus saving the overhead of measurer signing. When the threshold is set high, the first signature needs to be based on a larger number of measurers in the first group, thereby improving the security of remote verification.

Method 500 has been introduced above with reference to Figure 5. Method 500 can be understood as the verification phase in remote proof. Optionally, remote proof also includes a measurement phase. Some schemes for the measurement phase are introduced below with reference to Figure 6.

Figure 6 is a schematic flowchart of another communication method 600 provided in an embodiment of this application. Method 600 can be combined with method 500. Optional operations in method 600 are shown in dashed lines in Figure 6. Method 600 will be described below with reference to Figure 6.

S610, the first measurer determines the first evidence based on the first network element.

In some possible implementations, S610 includes: a first measurer measuring a first network element to obtain first evidence. That is, the first evidence can be obtained by the first measurer measuring the first network element.

In some other possible implementations, S610 includes: a first measurer determining first evidence based on evidence from at least one measurer. Wherein, at least one measurer belongs to a first group. Exemplarily, at least one measurer may be one of the M measurers who participated in the signing. Wherein, the evidence from at least one measurer may include evidence obtained by at least one measurer measuring the first network element respectively. Wherein, at least one measurer may include the first measurer, or may not include the first measurer. That is, the first evidence determined by the first measurer may be based on at least one measurer including itself, or may be based on at least one measurer other than itself. This application does not limit this.

In some possible implementations, the first metric may receive evidence from at least one of the aforementioned metric providers. For example, the at least one metric may include metric provider A, and the first metric may receive evidence from metric provider A, which may be obtained by metric provider A measuring the first network element.

In some possible implementations, the first measurement agent may send a request message to at least one of the aforementioned measurement agents, which can be used to request evidence. For example, the at least one measurement agent may include measurement agent A, and the first measurement agent may send a request message to measurement agent A, which can be used to request evidence from measurement agent A. Measurement agent A may measure the first network element based on the request message, obtain evidence, and send the evidence back to the first measurement agent.

S620, the first measurer determines the first signature based on the keys of the M measurers and the first evidence.

In some possible implementations, the first measurer can determine the first signature based on at least one of the public keys of the M measurers, the private key of the first measurer, or a random number. The random number can be provided by the first verifier.

For example, the public key of the first measurer can be denoted as public key (pk)1, and the private key of the first measurer can be denoted as private key (sk)1. The public keys of the measurers other than the first measurer among the M measurers are denoted as pk2, ..., _pkM . For example, the first measurer can determine the first signature based on sk1, pk1, pk2, ..., _pkM and a random number (nonce) using the threshold elliptic curve digital signature algorithm.

In some possible implementations, after S620, method 600 also includes S510. That is, the first measurer can send first information to the first verifier.

Below, in conjunction with S630, S635, and S640, we will introduce some exemplary ways for the first metronome to obtain the keys of the M metronomes.

S630, the first measurand receives the fourth information from the third measurand. Correspondingly, the third measurand sends the fourth information to the first measurand.

The third measurer can be one of the M measurers. For example, the third measurer can belong to the first group and be one of the P measurers in the first group.

Optionally, the fourth information is used to indicate the key of the third measurer. For example, the fourth information is used to indicate the public key of the third measurer.

The fourth information can be direct indication information; for example, it may include information about the third measurer's key. The fourth information can also be indirect indication information; for example, the first verifier can determine the third measurer's key based on the fourth information.

In some possible implementations, the third measurer is any of the M measurers other than the first measurer. That is, the third measurer and the first measurer together form the M measurers. For example, if M ≥ 3, the first measurer can receive fourth information from multiple third measurers. In other possible implementations, the third measurer is any of the M measurers other than the first measurer. For example, the first measurer can receive fourth information from the third measurer, and can also receive key information from other measurers (denoted as the remaining measurers) among the M measurers other than the first and third measurers. This key information is used to indicate the key of the remaining measurers. If M = 3, there is only one remaining measurer, and the key information can come from that remaining measurer. If M ≥ 3, there are multiple remaining measurers, and the key information can come from different remaining measurers, each indicating the key of the remaining measurer that sent the key information.

Based on the above scheme, the third measurer can send its key to the first measurer, thereby assisting the first measurer in signing using the keys of M measurers.

The above-mentioned S630 can be executed proactively by the third measurement agent, or it can be executed by the third measurement agent based on a request. The request on which the third measurement agent is based can come from the first measurement agent (see S635 for example), or it can come from other network elements (e.g., the first verifier).

For example, the first validator can send measurement requests to multiple measurers, including a third measurer. The third measurer can determine the first measurer based on a consensus algorithm, or it can determine the first measurer according to pre-configured or predefined rules. The third measurer can send the aforementioned fourth information to the first measurer. That is, even if the third measurer does not receive a request from the first measurer, it can still send the fourth information indicating its key to the first measurer.

In the case of request-based execution in S630, the method further includes: S635, the first measurand sends a fourth request to the third measurand. Correspondingly, the third measurand receives the fourth request from the first measurand.

The fourth request is used to request the key of the third measurand. In some possible implementations, S630 includes: in response to the fourth request, the third measurand sends a fourth message to the first measurand.

Based on the above scheme, the first measurand can send a request to the third measurand, thereby triggering the third measurand to send its key to the first measurand.

In some possible implementations, the fourth request includes at least one of the first evidence, measurement information, or the first signature. In some possible implementations, method 600 further includes: the third measurer determining, based on the fourth request, whether to provide its own key.

Measurement information can be used to indicate how the measurement was performed. For example, measurement information can allow a third-party measurer to know how the evidence was generated, thereby determining whether to provide the third-party measurer's key. Exemplarily, this measurement information is used to indicate the content of the measurement and/or the measurement strategy.

For example, the measurement content can indicate the object being measured. For example, a first network element. For example, the measurement content can include the identifier of the first network element (e.g., VNF ID).

If the fourth request includes measurement information, and the measurement information indicates the measurement content, the third measurement agent can examine the measurement content to determine whether to provide its key. For example, if the first network element is a measurement object permitted by the third measurement agent, the third measurement agent can determine to provide the key, i.e., execute S630. Alternatively, the third measurement agent can check other conditions used to determine whether to execute S630 (e.g., measurement policy). For example, if the first network element is not a measurement object permitted by the third measurement agent, the third measurement agent can determine not to provide the key (or refuse to provide the key), i.e., not execute S630.

For example, the measurement strategy can indicate the measurement strategy. For instance, the measurement strategy may include at least one of: collecting data from the startup state of the first network element, collecting data from the running state of the first network element, having low security requirements, or having high security requirements.

If the fourth request includes measurement information, and the measurement information indicates a measurement policy, the third measurement agent can check the measurement policy to determine whether to provide its key. For example, if collecting data from the startup state of the first network element is a measurement policy allowed by the third measurement agent, then the third measurement agent can determine to provide the key, i.e., execute S630. Alternatively, the third measurement agent can check other conditions used to determine whether to execute S630 (e.g., measurement content). As another example, if collecting data from the running state of the first network element is a measurement policy not allowed by the third measurement agent, then the third measurement agent can determine not to provide the key (or refuse to provide the key), i.e., not execute S630. Exemplarily, based on security requirements, the third measurement agent can determine whether to verify the first measurement agent. For example, if the security requirements are high, the third measurement agent can verify the first measurement agent; for example, the third measurement agent can request the first measurement agent to provide evidence and verify the evidence provided by the first measurement agent. As another example, if the security requirements are low, the third measurement agent may not verify the first measurement agent. For example, in cases where security requirements are low, the third measurer may trust the first measurer to determine whether to execute S630, or the third measurer may examine other conditions used to determine whether to execute S630 (e.g., first evidence).

If the fourth request includes the first evidence, the third measurer can examine the first evidence to determine whether to provide its key. For example, the third measurer can measure the first network element to obtain the second evidence. The third measurer can compare the first and second evidence, and if the first and second evidence are highly consistent, determine to execute S630. Alternatively, the third measurer can examine other conditions used to determine whether to execute S630 (e.g., measurement information).

For example, the first signature can be used to protect the integrity of the message (i.e., the fourth request) and to allow other measurers (e.g., a third measurer) to verify the source of the message.

If the fourth request includes the first signature, the third measurer can check the first signature to determine whether its key should be provided. For example, if the third measurer verifies that the first signature is valid, it can determine to execute S630. Alternatively, the third measurer can check other conditions used to determine whether to execute S630 (e.g., measurement information). As another example, if the third measurer verifies that the first signature is invalid, it can determine not to execute S630.

As previously stated, the fourth request may include at least one of the first evidence, measurement information, or the first signature. The third measurer may verify the information carried in the fourth request, or may request information not carried in the fourth request from the first measurer. For example, the fourth request may include measurement information but not the first evidence. However, the measurement information indicates a measurement strategy with high security requirements. In this case, the third measurer may request the first measurer to provide the first evidence, or the third measurer may directly refuse to provide its own key.

The third evaluator may verify all the information carried in the fourth request, some of the information carried in the fourth request, or none of the information carried in the fourth request. For example, if the fourth request includes the first evidence and the measurement information, the third evaluator may verify both the first evidence and the measurement information, or only one of the first evidence or the measurement information, or may not verify either the first evidence or the measurement information.

This application does not limit the specific name of the fourth request; for example, the fourth request may also be called a signature request or other names.

Based on the above scheme, the fourth request may include at least one of the first evidence, measurement information, or the first signature. The third measurer can verify the information carried in the fourth request to determine whether to send the third measurer's key to the first measurer. This scheme avoids the third measurer providing its key to the first measurer when the first measurer's security is low, thereby further improving the security of remote proof.

The above, in conjunction with S630 and S635, describes an exemplary method for the first measurer to obtain the keys of M measurers. The following, in conjunction with S640, describes another exemplary method.

S640, the first measurand receives the fifth information from the key management network element. Correspondingly, the key management network element transmits the fifth information to the first measurand.

Optionally, the fifth information is used to indicate the keys of the M measurers. The fifth information can be direct information, for example, it may include information about the keys of the M measurers. The fifth information can also be indirect information, for example, the first verifier can determine the keys of the M measurers based on the fifth information. The fifth information may include the encrypted keys of the M measurers.

The fifth piece of information, used to indicate the keys of the M measurands, can include: the fifth piece of information indicating only the keys of the M measurands, and not the keys of other measurands besides the M measurands; or it can include: the fifth piece of information indicating both the keys of the M measurands and the keys of other measurands besides the M measurands. For example, the fifth piece of information can be used to indicate the keys of P measurands. In this way, the first measurand can filter out the keys of the M measurands from the keys of the P measurands, thereby executing S620.

For example, the keys of the M measurands may include the public keys of the M measurands and the private key of the first measurand. The keys of the P measurands may include the public keys of the P measurands and the private key of the first measurand.

For example, the fifth message may be carried in the AIK issuance response, but this application is not limited to this, and the fifth message may also be carried in other messages.

In some possible implementations, the key management network element can generate or look up the keys of M measurands based on the second association and/or the third association, thereby performing S640.

Based on the above scheme, the keys used to determine the M measurands for the first signature can be indicated by the key management network element, thus eliminating the need to obtain the keys of other measurands through interaction. Therefore, the above scheme can reduce the latency of determining the first signature, thereby reducing the latency of remote proof.

Below, we introduce some exemplary schemes for the first verifier to trigger the measurer to execute the measurement process.

S650, the first verifier receives the seventh message from the first device. Correspondingly, the first device sends the seventh message to the first verifier.

The seventh piece of information can be used to request measurement. For example, the seventh piece of information can be used to request measurement of the first network element. Optionally, the seventh piece of information includes the identifier of the first network element, such as the VNF ID. This application does not limit the specific name of the seventh piece of information; it can also be called a measurement request message or other names.

In response to the seventh message, the first verifier sends a first request to measure the first network element. Specifically, this may include one of steps S660, S662, or S664.

S660, the first verifier sends a first request to the first measurer. Correspondingly, the first measurer receives the first request from the first verifier.

Optionally, the first request is used to request measurement of the first network element. Optionally, S660 includes: in response to the seventh information, the first verifier sends the first request to the first metric.

This application does not specify the exact name of the first request, which may also be referred to as a measurement request, a remote proof request, or other names.

Based on the above scheme, the first request can be sent to the first measurement subject. Compared to the scheme of sending measurement requests to multiple measurement subjects, the above scheme can reduce signaling overhead.

S662, the first verifier sends a first request to the fourth measurer. Correspondingly, the fourth measurer receives the first request from the first verifier.

Optionally, S662 includes: in response to the seventh message, the first verifier sends a first request to the fourth measurer.

The fourth measurer can be any one of the P measurers in the first group. The first measurer and the fourth measurer can be different or the same.

The measurer requested by the first validator and the measurer responding to the request can be different. For example, the fourth measurer can select the measurer responding to the request (e.g., the first measurer) based on the first request and through a consensus algorithm.

Based on the above scheme, the first verifier sends a first request to any one of the measurers in the first group. As long as one measurer responds, it can be considered a response from the first group. In this way, the verification (or measurement) requester (e.g., the first device) does not know the identity of the specific measurer that responded, thereby protecting the privacy of the measurers.

S664, the first verifier sends a first request to N measurers. Correspondingly, the N measurers receive the first request from the first verifier.

Optionally, S664 includes: in response to the seventh message, the first verifier sends a first request to the N measurators.

Among them, the N measurers belong to the first group, where N is an integer greater than or equal to 2 and less than or equal to P.

In some examples, N metrics may include M metrics. In other examples, N metrics may partially overlap with M metrics. For example, the fifth metric in the N metrics may not belong to the M metrics, and the sixth metric in the M metrics may not belong to the N metrics.

In some examples, the N measurers may include the first measurer. In other examples, the N measurers do not include the first measurer.

In some possible implementations, N measurands can use a consensus algorithm to elect a responding measurand (e.g., the first measurand). The elected measurand may be one of the N measurands or may not belong to any of the N measurands.

In other possible implementations, each of the N measurands independently performs the following operations: measures the first network element to obtain evidence; obtains a signature based on the evidence and a key; and sends information indicating the evidence and/or the signature to the first verifier. The signature of the evidence can be based on the key of only one measurand or on the keys of multiple measurands. That is, some or all of the N measurands can execute the above-described scheme performed by the first measurand. For example, some or all of the N measurands can interact with other measurands to collect the keys of multiple measurands, thereby determining the signature based on the keys of multiple measurands and the evidence. As another example, some or all of the N measurands can receive instruction information on the keys of multiple measurands from the key management network element, thereby determining the signature based on the keys of multiple measurands and the evidence. Exemplarily, the fifth measurand among the aforementioned N measurands can execute the scheme performed by the first measurand, except that the fifth measurand does not sign based on the keys of M measurands, but rather based on the keys of multiple measurands, including the fifth measurand itself.

Based on the above scheme, the first verifier can send a first request to multiple measurands. In the event of a single point of failure, i.e., when one measurand cannot respond, other measurands besides the one that has the single point of failure can respond based on the first request, thereby ensuring the smooth progress of remote proof.

Optionally, the first request includes a nonce. This nonce can be used to ensure the freshness of the measurement results.

In some possible implementations, the first request is used to indicate a threshold value. For example, the first request may carry indication information of the threshold value.

Based on the above scheme, the first request can be used to indicate a threshold value, so that the measurand that receives the first request can determine the minimum number of measurands on which the signature is based, thereby improving the quality of the signature, that is, increasing the probability that the signature will be successfully verified.

In some possible implementations, before step S660, the method further includes: S670, whereby the first verifier determines the first metric based on the identifier of the first network element and the first association relationship.

For example, the identifier of the first network element may come from the seventh information.

The first association relationship may include at least one of the following: the association relationship between the identifier of the first group and the identifier of the first network element (denoted as association relationship 4), the association relationship between the identifiers of P measurands and the identifier of the first network element (denoted as association relationship 5), or the association relationship between the identifier of the first group, the identifiers of P measurands and the identifier of the first network element (denoted as association relationship 6).

For example, when the first association includes association 4, the key management network element can determine the first measurer based on association 4 and the third association. When the first association includes association 5, the key management network element can determine the first measurer based on association 5. When the first association includes association 6, the key management network element can determine the first measurer based on association 6.

"Determining the first measurer" can include selecting a first measurer. For example, selecting a first measurer from P measurers in a first group. "Determining the first measurer" can also include determining the address of the first measurer, and then sending a first request to the first measurer based on that address.

In some possible implementations, before step S660, the method further includes: S672, whereby the first verifier determines the fourth measurer based on the identifier of the first network element and the first association relationship.

For example, when the first association includes association 4, the key management network element can determine the fourth measurer based on association 4 and the third association. When the first association includes association 5, the key management network element can determine the fourth measurer based on association 5. When the first association includes association 6, the key management network element can determine the fourth measurer based on association 6.

Specifically, "determining the fourth measurer" may include selecting a fourth measurer. For example, selecting a fourth measurer from P measurers in a first group. "Determining the fourth measurer" may also include determining the address of the fourth measurer, and then sending a first request to the fourth measurer based on that address.

In some possible implementations, before step S664, the method further includes: S674, where the first verifier determines N measurants based on the identifier of the first network element and the first association relationship.

For example, when the first association includes association 4, the key management network element can determine N measurement users based on association 4 and the third association. When the first association includes association 5, the key management network element can determine N measurement users based on association 5. When the first association includes association 6, the key management network element can determine N measurement users based on association 6.

"Determining N measurants" can include selecting N measurants. For example, selecting N measurants from P measurants in a first group. "Determining N measurants" can also include determining the addresses of the N measurants, and then sending a first request to the N measurants based on those addresses.

Based on the above scheme, the first verifier can quickly determine the measurer to send the first request based on the first association, thereby reducing the processing latency of finding the measurer.

The aforementioned first association relationship may be pre-configured or pre-defined in the first authenticator, or it may be received by the first authenticator from other network elements (e.g., orchestration management network element or key management network element).

In one possible implementation, method 600 further includes S680, whereby the first validator receives second information from a key management network element or an orchestration management network element. Correspondingly, the key management network element or the orchestration management network element sends the second information to the first validator.

Optionally, the second information is used to indicate the first association. The second information can be direct indication information, for example, the second information may include information about the first association. The second information can also be indirect indication information, for example, the first verifier can determine the first association based on the second information.

In other words, the first validator can obtain the first association from the key management network element. Alternatively, the first validator can obtain the first association from the orchestration management network element.

The aforementioned first association relationship can be pre-configured or pre-defined in the key management network element, or it can be received by the key management network element from other network elements (e.g., orchestration management network element).

Optionally, prior to S680, method 600 further includes: the first verifier sending a sixth request to the key management network element or the orchestration management network element, the sixth request being used to request the first association relationship.

In some possible implementations, method 600 further includes: S690, the key management network element receives sixth information from the orchestration management network element. Correspondingly, the orchestration management network element sends the sixth information to the key management network element.

Optionally, the sixth information is used to indicate the first association. The sixth information can be direct information, for example, it can include information about the first association. The sixth information can also be indirect information, for example, the first verifier can determine the first association based on the sixth information.

As an example, after S690, the first validator can receive the aforementioned second information from the key management network element. Optionally, before receiving the second information from the key management network element, the first validator can also send the aforementioned sixth request to the key management network element.

As another example, although the key management network element can obtain the first association, the first validator may not need to obtain the first association from the key management network element. For example, the first validator may receive the aforementioned second information from the orchestration management network element. Optionally, before receiving the second information from the orchestration management network element, the first validator may also send the aforementioned sixth request to the orchestration management network element.

In one possible implementation, prior to S690, method 600 further includes: S692, whereby the key management network element sends a fifth request to the orchestration management network element. Correspondingly, the orchestration management network element receives the fifth request from the key management network element.

Optionally, the fifth request is used to request the first association.

For example, the orchestration management network element may include or be applied to the VNFM. For instance, after instantiation, the VNFM may send the aforementioned sixth information to the key management network element, and/or send the aforementioned second information to the first validator. As another example, the VNFM may send the aforementioned sixth information to the key management network element based on the aforementioned fifth request, and/or the VNFM may send the aforementioned second information to the first validator based on the aforementioned sixth request.

In some possible implementations, method 600 may sequentially include: S650, S670, S660, S610, S635, S630, and S620. In other possible implementations, method 600 may sequentially include: S650, S672, S662, S610, S635, S630, and S620. In still other possible implementations, method 600 may sequentially include: S650, S674, S664, S610, S635, S630, and S620.

In some possible implementations, method 600 may include: S650, S670, S660, S610, and S620. Optionally, method 600 may also include S640. In other possible implementations, method 600 may include: S650, S672, S662, S610, and S620. Optionally, method 600 may also include S640. In still other possible implementations, method 600 may include: S650, S674, S664, S610, and S620. Optionally, method 600 may also include S640.

Method 600, as described above with reference to Figure 6, can be understood as the measurement phase in remote proof. Optionally, remote proof also includes a key configuration phase. Several schemes for the key configuration phase are described below with reference to Figure 7. It is understood that the key configuration phase, measurement phase, and verification phase mentioned in this application are merely for ease of understanding; these three phases can be executed separately (the execution order is not limited) or simultaneously. For example, when the first device sends the seventh information to the first verifier, the key configuration phase may have already been completed, may not have started, or may be in progress. If the key configuration phase is incomplete, the first verifier sends a first request to the first measurement device. The first measurement device may be unable to complete the signature due to the lack of key configuration. In this case, the first measurement device can initiate the key configuration phase scheme. The first measurement device can also initiate the key configuration phase scheme if the key configuration phase is incomplete.

Figure 7 is a schematic flowchart of another communication method 700 provided in an embodiment of this application. Method 700 can be combined with method 500 or method 600. Optional operations in method 700 are shown in dashed lines in Figure 7. Method 700 will be described below with reference to Figure 7.

In some possible implementations, method 700 may include S710 or S712.

S710 establishes a secure connection between the key management network element and the first measurer.

S712, the key management network element establishes a secure connection with some or all of the P measurands in the first group.

In the above S712, some or all of the P measurands include the first measurand. The following description uses the establishment of a secure connection between the key management network element and the first measurand as an example. The process of establishing secure connections between other measurands and the key management network element can be found in the following description.

Establishing a secure connection may involve endorsement key (EK) certificates and AIK certificates. The EK certificate can be pre-configured in the first measurement unit (TMU). For example, the EK certificate can be pre-configured in the first TMU through hardware flashing or software pre-installation. The specific pre-configuration method depends on the security capabilities of the first TMU. The EK certificate can be understood as a long-term certificate or root certificate and can be verified by key management network elements. The EK certificate can also be referred to as the TPM's EK certificate.

An AIK certificate is a session certificate used for measurement, which may be applied for by the first measurement provider for a single measurement (e.g., a measurement triggered by the first request mentioned above). Optionally, an AIK certificate may be used for multiple measurements. Optionally, an expiration policy for the AIK certificate may be pre-configured in the first measurement provider, which can be used to indicate the number of times the AIK certificate is used for measurement. For example, the number of times the AIK certificate is used for measurement is X, where X is a positive integer. When the number of times the AIK certificate is used for measurement reaches X, the AIK certificate becomes invalid.

The following section, in conjunction with S1-S7, describes the process of establishing a secure connection between the key management network element and the first measurand.

S1, the first measurer can generate an AIK signing request.

S2, the first measurer can encrypt the AIK signing request using the public key provided by the key management network element.

S3, the first measurer can send an AIK signing request to the key management network element. Correspondingly, the key management network element receives the AIK signing request from the first measurer.

The AIK signing request may include request information and an EK certificate. The request information can be used to request the key management network element to issue an AIK certificate.

S4, the key management network element, can verify AIK signing requests.

For example, the key management network element can check the validity (or legitimacy) of the EK certificate. If the EK certificate is valid, it determines that an AIK certificate will be issued. If the EK certificate is invalid, it determines that an AIK certificate will not be issued.

S5, the key management network element issues an AIK certificate to the first measurer, and the AIK certificate can be encrypted using the EK's public key.

S6, the key management network element can send the encrypted AIK certificate to the first measurement user. Correspondingly, the first measurement user receives the encrypted AIK certificate from the key management network element.

S7, the first measurer decrypts and saves the AIK certificate.

S720, the key management network element determines the first association relationship.

For example, the key management network element can determine the first association by executing S690 (or S690 and S692).

S730, the key management network element receives a key generation request from the first measurer.

S732, the key management network element receives key generation requests from some or all of the P measurands in the first group.

For example, when performing S710, method 700 may include S730; when performing S712, method 700 may include S732.

The key generation request may also be called an AIK generation request, a metric key generation request, or other names. This application does not limit the specific name of the key generation request.

S740, the key management network element generates keys.

For example, a key management network element can generate keys for some or all of the P measurands in the first group. The keys can include public and private keys.

For example, the key management network element may determine the identifier of the first signature group simultaneously with or after S740. The first signature group may include the keys of some or all of the P measurands in the first group.

For example, the key management network element can determine the second association.

As an example, the key management network element can generate a key for the measurer based on the measurer's AIK certificate. For instance, it can generate a key for the first measurer based on the first measurer's AIK certificate. As another example, the key management network element can generate a key by signing a key provided by the measurer. For instance, the first measurer can send a first public key and a first private key, which it generated, to the key management network element. The key management network element can then sign the first public key to generate a second public key and sign the first private key to generate a second private key. Furthermore, the key management network element can send the encrypted second public key and second private key to the first measurer.

S750, the key management network element sends key indication information to the first measurement subject. Correspondingly, the first measurement subject receives the key indication information from the key management network element.

Key indication information can be used to indicate the key. For example, key indication information may include the encrypted key. The first measurer decrypts the key based on the aforementioned indication information to obtain the key.

S752, the key management network element sends key instruction information to some or all of the P measurands in the first group. Correspondingly, some or all of the P measurands in the first group receive the key instruction information from the key management network element.

For example, when performing S730, method 700 may include S750; when performing S732, method 700 may include S752.

For example, suppose key indication information is sent to Att1, Att2, and Att3. The key indication information sent to Att1 indicates sk1 and pk1, where sk1 represents Att1's private key and pk1 represents Att1's public key. The key indication information sent to Att2 indicates sk2 and pk2, where sk2 represents Att2's private key and pk2 represents Att2's public key. The key indication information sent to Att3 indicates sk3 and pk3, where sk3 represents Att3's private key and pk3 represents Att3's public key.

Optionally, in S750 or S752, the key indication information sent to the first measurand can be third information. For example, the key management network element can generate or look up the private key of the first measurand and the public keys of the M measurands based on the third association. Further, the key management network element can send third information to the first measurand. This third information is used to indicate the keys of the M measurands. For example, the keys of the M measurands include the private key of the first measurand and the public keys of the M measurands.

In some possible implementations, there can be a relatively long interval between method 700 and methods 600 and 500. For example, the measurer's key does not need to be requested for every measurement; an expiration policy can be pre-configured, and a single measurement key request can be used to perform multiple measurements.

Figure 8 is a schematic flowchart of another communication method 800 provided in an embodiment of this application. Method 800 can be combined with method 500, method 600, or method 700. Optional operations in method 800 are shown in Figure 8 with dashed lines. Method 800 will be described below with reference to Figure 8.

S810, the first verifier sends a second request to at least one second measurer. Correspondingly, at least one second measurer receives the second request from the first verifier.

The second request is used to request measurement of the first network element. Further details regarding the second request can be found in the description of the first request above, and will not be repeated here.

Optionally, the second measurer belongs to the first group. In other words, each of the at least one second measurer mentioned above belongs to the first group.

For example, the second measurer may not belong to the aforementioned N measurers. The second measurer is different from the first measurer. However, this application does not limit whether the second measurer belongs to the M measurers. The second measurer may or may not belong to the M measurers. In other words, the second measurer may or may not participate in the generation process of the first signature.

S820, the first verifier sets the timer.

For example, the first verifier can set a timer according to a pre-configured duration. The start time of the timer can be the execution time of S810, or a certain time after S810 is executed.

S822, the first verifier receives rejection information from each of the at least one second measurer. Correspondingly, each of the at least one second measurer sends rejection information to the first verifier.

Optionally, the rejection information can be used to indicate a rejection response, a rejection metric, a rejection signature, or other forms of information. In this way, the first verifier can determine, based on the rejection information, that at least one second metric provider will not assist in completing the remote proof.

The first condition can be used to trigger the first verifier to send a first request to all other measurators except for at least one second measurator.

Optionally, the first condition includes: the first verifier receiving rejection information from each of the at least one second measurer, and/or the first verifier not receiving a response from the at least one second measurer within a predetermined time period.

In some examples, the predetermined time period can be indicated by the start and end times of the timer. In other examples, the predetermined time period can be indicated by the start time and preset duration of the timer.

If the first condition includes the first verifier receiving rejection information from each of the at least one second measurer, S820 may or may not be executed. If the first condition includes the first verifier not receiving a response from the at least one second measurer within a predetermined time period, S822 may or may not be executed. For example, the first verifier may choose not to receive rejection information from each of the at least one second measurer, or, after receiving rejection information from at least one second measurer, may ignore the rejection information.

This application does not specify the exact name of the first condition; the first condition may also be referred to as the local policy or other names.

Prior to S810, the first validator may have pre-configured or obtained a first association relationship from the key management network element (or orchestration management network element) to determine at least one second measurand, and then execute S810. Optionally, the first validator may cache the aforementioned first association relationship. In this way, the first validator can send a first request to one of the P measurands (e.g., the first measurand, the fourth measurand, or N measurands) based on the first association relationship.

Optionally, the first validator does not cache the aforementioned first association relationship to save storage space. Alternatively, the first validator does not configure or obtain the first association relationship from the key management network element (or orchestration management network element). The first validator can obtain the list of measurants for the first group from the key management network element (or orchestration management network element). The following description is based on S830-S850.

S830, the first validator sends a query request to the key management network element or the orchestration management network element. Correspondingly, the key management network element or the orchestration management network element receives the query request from the first validator.

Optionally, the query request may include the identifier of at least one second measurand.

S840, the key management network element or orchestration management network element determines the list of measurands.

Optionally, the list of measurands can be the list of measurands in the first group.

In some examples, the list of measurands for the first group may include the identifiers of P measurands. That is, the list of measurands for the first group includes the identifiers of all measurands in the first group.

In other examples, the list of measurands for the first group may include the identifiers of the measurands other than at least one of the P measurands. That is, the list of measurands for the first group does not include the identifiers of the measurands carried in the query request, i.e., the identifiers of the second measurands.

In some further examples, the list of measurants for the first group may include the identifiers of the first measurant, the fourth measurant, or N measurants. That is, the list of measurants for the first group includes the identifiers of the measurants for the recommendation request.

For example, the key management network element or the orchestration management network element can determine the list of measurands for the first group based on the query request and the first association relationship (or the third association relationship). For instance, the key management network element or the orchestration management network element can determine that the identifier of at least one second measurand corresponds to the identifier of the first group in the first association relationship, and the identifier of the first group corresponds to the identifiers of P measurands in the first group, thereby determining the list of measurands for the first group.

Optionally, the list of measurers can be a list of measurers from multiple groups. These multiple groups may include a first group.

S850, the key management network element or the orchestration management network element sends an instruction message for the measurand list to the first validator. Correspondingly, the first validator receives the instruction message for the measurand list from the key management network element or the orchestration management network element.

When the measurer list consists of multiple groups, the first verifier can determine the identifiers of the P measurers corresponding to the identifier of the first network element through the first association (or the first association and the third association), thereby filtering out the measurers from the P measurers in the measurer list. For example, the first verifier can filter out the first measurer, the fourth measurer, or N measurers.

Furthermore, the first verifier can execute S660, S662, or S664. That is, if the first condition is met, S660, S662, or S664 will be executed.

Based on the above scheme, in this embodiment of the application, after sending a measurement request to one or more measurement users, if the measurement user does not respond within a predetermined time period, and/or the measurement user refuses, a request can be sent to other measurement users (e.g., the first measurement user, the fourth measurement user, or N measurement users) to avoid the failure of some measurement users affecting the remote proof process, thereby increasing the resilience of the remote proof.

The following describes the apparatus embodiments corresponding to the method embodiments of this application. Only a brief description of the apparatus is provided below; for specific implementation steps and details, please refer to the preceding method embodiments.

To achieve the functions of the methods provided in this application, the communication device may include hardware structures and/or software modules, implementing the aforementioned functions in the form of hardware structures, software modules, or a combination of hardware structures and software modules. Whether a particular function is implemented in the form of hardware structures, software modules, or a combination of hardware structures and software modules depends on the specific application and design constraints of the technical solution.

Figure 9 is a schematic block diagram of a communication device 1000 according to an embodiment of this application. The communication device 1000 includes a processor 1010 and a communication interface 1020. Optionally, the processor 1010 and the communication interface 1020 can be interconnected via a bus. The communication device 1000 can be a first authenticator, a first measurer, a key management network element, or a third measurer.

Optionally, the communication device 1000 may further include a memory 1040. The memory 1040 includes, but is not limited to, random access memory (RAM), read-only memory (ROM), cache, erasable programmable read-only memory (EPROM), synchronous dynamic random access memory (SDRAM), hard disk drive (HDD), solid-state drive (SSD), or compact disc read-only memory (CD-ROM). The memory 1040 is used to store related instructions and/or data. The memory 1040 may be integrated with the processor 1010 or disposed separately.

Processor 1010 may include one or more of the following: a central processing unit (CPU), an application-specific integrated circuit (ASIC), a digital signal processor (DSP), a microprocessor unit (MPU), a microcontroller unit (MCU), a graphics processing unit (GPU), a field-programmable gate array (FPGA), an artificial intelligence processor (AI processor), or a neural processing unit (NPU). If processor 1010 is a CPU, it may be a single-core CPU or a multi-core CPU. However, this application is not limited in this respect; processor 1010 may also be one or more GPUs, or one or more tensor processing units (TPUs). Processor 1010 may be a signal processor, a chip, or other integrated circuit capable of implementing the methods of this application, or a portion of the circuitry within the aforementioned processor, chip, or integrated circuit used for processing functions. In addition, the communication interface 1020 can also be an input/output interface. Input/output interfaces are used for inputting or outputting signals or data, and can also be input/output circuits.

For example, the communication device 1000 is the first verifier, and the processor 1010 is configured to perform the following operations: receive first information from the first measurer, the first information including a first signature and a first evidence, the first signature being used to verify the validity of the first evidence, the first evidence being obtained by measuring a first network element, the measurer on which the first signature is based including M measurers, the M measurers being used to measure the first network element, the M measurers including the first measurer, M being an integer greater than 1; verify the first signature and the first evidence according to the keys of the M measurers.

For example, the communication device 1000 is the first measurer, and the processor 1010 is configured to perform the following operations: determine the first evidence based on the first network element; determine the first signature based on the keys of M measurers and the first evidence, wherein the M measurers are used to measure the first network element, the M measurers include the first measurer, M is an integer greater than 1, and the first signature is used to verify the validity of the first evidence; and send the first information to the first verifier, wherein the first information includes the first signature and the first evidence.

For example, the communication device 1000 is a key management network element, and the processor 1010 is configured to perform the following operations: receive a third request from a first verifier, the third request being for requesting the keys of M measurers, the keys of the M measurers being used to verify a first signature and a first piece of evidence, the first signature being used to verify the validity of the first piece of evidence, the first piece of evidence being obtained by measuring the first network element, the M measurers being used to measure the first network element, and M being an integer greater than 1; send third information to the first verifier, the third information being used to indicate the keys of the M measurers.

For example, the communication device 1000 is a third measurer, and the processor 1010 is configured to perform the following operations: generate fourth information, which is used to indicate the key of the third measurer; and send the fourth information to the first measurer.

The above description is for illustrative purposes only. The communication device 1000 is responsible for executing the methods or steps related to the first verifier, first measurer, key management network element, or third measurer in the aforementioned method embodiments.

In one possible implementation, the communication interface 1020 can be a transceiver. The transceiver may include a transmitter and a receiver, with the transmitter performing a transmission operation and the receiver performing a reception operation. For example, the processor 1010 is used to control the transceiver to receive and/or transmit signals.

In one possible implementation, the communication interface 1020 can also be a communication circuit, pins, input/output interfaces, bus, etc.

It should be noted that the communication device 1000 may include a transmitter but not a receiver. Alternatively, the communication device 1000 may include a receiver but not a transmitter. Specifically, it depends on whether the above-described scheme performed by the communication device 1000 includes both transmitting and receiving actions.

The above description is merely exemplary. For details, please refer to the methods illustrated in the above embodiments. The implementation of each operation in Figure 9 can also be found in the corresponding descriptions of the methods illustrated in Figures 5 to 8.

For example, the communication device 1000 can be used to execute the scheme shown in Figures 5 to 8.

For example, the communication device 1000 is the first verifier, and the communication interface 1020 can be used to receive first information, etc.

For example, the communication device 1000 is the first measuring entity, and the communication interface 1020 can be used to send first information, etc.

For example, the communication device 1000 is a key management network element, and the communication interface 1020 can be used to receive third requests, etc.

For example, the communication device 1000 is a third measuring agent, and the communication interface 1020 can be used to send fourth information, etc.

For details on other implementation methods, please refer to the detailed descriptions of the embodiments shown in Figures 5 to 8 above, which will not be repeated here. It should be understood that the specific processes by which each component performs the corresponding processes described above have been described in detail in the above method embodiments, and will not be repeated here for the sake of brevity.

Figure 10 is a schematic block diagram of another communication device 1100 according to an embodiment of this application. The communication device 1100 can be a first verifier, a first measurer, a key management network element, or a third measurer, or it can be a chip or module in the first verifier, the first measurer, the key management network element, or the third measurer, used to implement the methods involved in the embodiments shown in Figures 5 to 8. For details, please refer to the relevant descriptions in the above method embodiments.

The communication device 1100 includes a transceiver unit 1110. The transceiver unit 1110 will be described exemplarily below.

The transceiver unit 1110 may include a sending unit and a receiving unit. The sending unit is used to perform the sending action of the communication device, and the receiving unit is used to perform the receiving action of the communication device. For ease of description, the sending unit and the receiving unit are combined into one transceiver unit in this embodiment. This will be explained uniformly here and will not be repeated later. The transceiver unit 1110 can implement the corresponding communication functions. The transceiver unit 1110 may also be referred to as a communication interface or a communication module.

It should be noted that the communication device 1100 may include a transmitting unit but not a receiving unit. Alternatively, the communication device 1100 may include a receiving unit but not a transmitting unit. Specifically, it depends on whether the above-described scheme executed by the communication device 1100 includes both transmitting and receiving actions.

For example, the transceiver unit 1110 is used to receive first information, etc.

Optionally, the communication device 1100 may further include a processing unit 1120, which is used to perform the processing, coordination and other steps involved in the communication device 1100.

For example, the transceiver unit 1110 is used to send first information, etc.

Optionally, the communication device 1100 may further include a processing unit 1120, which is used to perform the processing, coordination and other steps involved in the communication device 1100.

For example, the transceiver unit 1110 is used to receive third requests, etc.

Optionally, the communication device 1100 may further include a processing unit 1120, which is used to perform the processing, coordination and other steps involved in the communication device 1100.

For example, the transceiver unit 1110 is used to send fourth information, etc.

Optionally, the communication device 1100 may further include a processing unit 1120, which is used to perform the processing, coordination and other steps involved in the communication device 1100.

The above description is for illustrative purposes only. The communication device 1100 will be responsible for executing the relevant methods or steps in the foregoing method embodiments.

Optionally, the communication device 1100 further includes a storage unit 1130 for storing programs or code for executing the aforementioned methods. Alternatively, the storage unit 1130 can store instructions and/or data, and the processing unit 1120 can read the instructions and/or data from the storage unit 1130 to enable the communication device 1100 to implement the aforementioned method embodiments. For example, the communication device 1100 can be used to execute the schemes shown in Figures 5 to 8.

For example, the transceiver unit 1110 can be used to receive first information from a first measurer, the first information including a first signature and a first evidence, the first signature being used to verify the validity of the first evidence, the first evidence being obtained by measuring a first network element, the measurer on which the first signature is based including M measurers, the M measurers being used to measure the first network element, the M measurers including the first measurer, M being an integer greater than 1; the processing unit 1120 can be used to verify the first signature and the first evidence according to the keys of the M measurers.

For example, the processing unit 1120 can be used to determine the first evidence based on the first network element; determine the first signature based on the keys of M measurers and the first evidence, wherein the M measurers are used to measure the first network element, the M measurers include the first measurer, M is an integer greater than 1, and the first signature is used to verify the validity of the first evidence; the transceiver unit 1110 can be used to send the first information to the first verifier, the first information including the first signature and the first evidence.

For example, the transceiver unit 1110 can be used to receive a third request from a first verifier, the third request being used to request the keys of M measurers, the keys of the M measurers being used to verify a first signature and a first piece of evidence, the first signature being used to verify the validity of the first piece of evidence, the first piece of evidence being obtained by measuring a first network element, the M measurers being used to measure the first network element, and M being an integer greater than 1; the transceiver unit 1110 can also be used to send third information to the first verifier, the third information being used to indicate the keys of the M measurers.

For example, the processing unit 1120 can be used to generate fourth information, which is used to indicate the key of the third measurer; the transceiver unit 1110 can be used to send the fourth information to the first measurer.

For details on other implementation methods, please refer to the detailed descriptions of the embodiments shown in Figures 5 to 8 above, which will not be repeated here. It should be understood that the specific processes by which each component performs the corresponding processes described above have been described in detail in the above method embodiments, and will not be repeated here for the sake of brevity.

When the communication device 1100 in Figure 9 is a chip, the communication interface 1120 can be a transceiver, input/output circuit, or communication interface of the chip. The processor 1110 can be a processor integrated on the chip, a microprocessor, or an integrated circuit. In the above method embodiments, the sending operations of the first verifier, the first measurer, the key management network element, or the third measurer can be understood as the chip's output, and the receiving operations of the first verifier, the first measurer, the key management network element, or the third measurer in the above method embodiments can be understood as the chip's input.

When the communication device 1100 in Figure 9 is a chip, the transceiver unit 1110 can be the transceiver, input/output circuit, or communication interface of that chip. The processing unit 1120 can be a processor, microprocessor, or integrated circuit integrated on the chip. In the above method embodiments, the sending operations of the first verifier, the first measurer, the key management network element, or the third measurer can be understood as the chip's output, and the receiving operations of the first verifier, the first measurer, the key management network element, or the third measurer in the above method embodiments can be understood as the chip's input.

This application also provides a chip, including a processor, for calling and executing instructions stored in a memory, causing a communication device on which the chip is mounted to perform the methods described in the examples above.

This application also provides another chip, including: an input interface, an output interface, and a processor, wherein the input interface, the output interface, and the processor are connected via an internal connection path, and the processor is used to execute code in a memory. When the code is executed, the processor is used to perform the methods in the examples described above. Optionally, the chip further includes a memory for storing computer programs or code.

This application also provides a processor for coupling with a memory for performing the methods and functions related to communication devices or encoding devices in any of the above embodiments.

In another embodiment of this application, a computer program product comprising a computer program or instructions is provided, wherein the method of the foregoing embodiments is implemented when the computer program product is run on a computer.

This application also provides a computer program that, when run on a computer, enables the implementation of the methods described in the foregoing embodiments.

In another embodiment of this application, a computer-readable storage medium is provided, which stores a computer program that, when executed by a computer, implements the methods described in the foregoing embodiments.

This application also provides a communication system including a first verifier and a key management unit. The first verifier and the key management unit are respectively used to execute the methods executed by the first verifier and the key management unit in the foregoing embodiments.

In some possible implementations, the communication system further includes a first measurand. The first measurand is used to execute the methods performed by the first measurand in the foregoing embodiments.

In some possible implementations, the communication system also includes a third measurand. The third measurand is used to execute the methods performed by the third measurand in the foregoing embodiments.

Those skilled in the art will recognize that the units and algorithm steps of the various examples described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.

Those skilled in the art will understand that, for the sake of convenience and brevity, the specific working processes of the systems, devices, and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be repeated here.

In the several embodiments provided in this application, it should be understood that the disclosed systems, apparatuses, and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative; for instance, the division of units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be through some interfaces; the indirect coupling or communication connection between apparatuses or units may be electrical, mechanical, or other forms.

The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.

In addition, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit.

If the aforementioned functions are implemented as software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or a portion of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.

Claims (32)

A communication method, characterized in that the method is applied to a first verifier, the method comprising: Receive first information from a first measurer. The first information includes a first signature and a first evidence. The first signature is used to verify the validity of the first evidence. The first evidence is obtained by measuring a first network element. The measurer on which the first signature is based includes M measurers. The M measurers are used to measure the first network element. The M measurers include the first measurer. M is an integer greater than 1. The first signature and the first evidence are verified based on the keys of the M measurers. The method according to claim 1, characterized in that the method further comprises: Send a first request to the first measurement provider, the first request being used to request measurement of the first network element; or... A first request is sent to N measurement users. The first request is used to request the measurement of the first network element. The N measurement users belong to a first group. The first group includes P measurement users. The P measurement users are used to measure the first network element. The P measurement users include the M measurement users. N is an integer greater than or equal to 2 and less than or equal to P. P is an integer greater than or equal to M. The method according to claim 2, characterized in that the method further comprises: Send a second request to at least one second metrician, the second request being used to request the measurement of the first network element; Sending the first request to the first measurand includes: If the first condition is met, send the first request to the first measurer; or... The step of sending the first request to N measurands includes: If the first condition is met, the first request is sent to the N measurants; The first condition includes: The first verifier receives rejection information from each of the at least one second measurer, and/or, The first verifier did not receive a response from the at least one second measurer within the predetermined time period. The method according to claim 2 or 3, wherein the first request is used to indicate a threshold value, the threshold value being used to indicate the minimum number of measurands on which the first signature is based. The method according to any one of claims 2 to 4, characterized in that the method further comprises: The first metric is determined based on the identifier of the first network element and the first association relationship; or, Based on the identifier of the first network element and the first association relationship, determine the N measurands; The first association relationship includes the association relationship between the identifier of the first group and/or the identifiers of the P measurands and the identifier of the first network element. The method according to claim 5, characterized in that the method further comprises: Receive second information from a key management network element or an orchestration management network element, the second information being used to indicate the first association relationship. The method according to any one of claims 1 to 6, characterized in that the method further comprises: A third request is sent to the key management network element, the third request being used to request the keys of the M measurands; Receive third information from the key management network element, the third information being used to indicate the keys of the M measurands. According to the method of claim 7, the third request includes the identifier of the first measurand and/or the identifier of the first group, wherein the first group includes P measurands, the P measurands are used to measure the first network element, the P measurands include the M measurands, and P is an integer greater than or equal to M. The method according to any one of claims 1 to 8, characterized in that, verifying the first signature and the first evidence based on the keys of the M measurers, comprises: Verify whether the number of measurands on which the first signature is based is greater than or equal to a threshold value, the threshold value being used to indicate the minimum number of measurands on which the first signature is based; If the number of measurants on which the first signature is based is greater than or equal to a threshold value, verify whether the first signature is valid; If the first signature is valid, verify whether the first evidence is valid. The method according to any one of claims 1 to 9 is characterized in that the first network element includes a Virtual Network Function (VNF). A communication method, characterized in that the method is applied to a first measurer, the method comprising: Based on the first network element, the first piece of evidence is determined; A first signature is determined based on the keys of M measurers and the first evidence. The M measurers are used to measure the first network element. The M measurers include the first measurer. M is an integer greater than 1. The first signature is used to verify the validity of the first evidence. Send a first message to the first verifier, the first message including the first signature and the first evidence. The method according to claim 11, wherein the M measurers further include a third measurer, and the method further includes: Receive fourth information from the third measurand, the fourth information being used to indicate the key of the third measurand. The method according to claim 12, characterized in that the method further comprises: A fourth request is sent to the third measurer, the fourth request being used to request the key of the third measurer. The method according to claim 13, wherein the fourth request includes at least one of the first evidence, measurement information, or the first signature; The measurement information is used to indicate the measurement content and/or measurement strategy. The method according to claim 11, characterized in that the method further comprises: Receive fifth information from the key management network element, the fifth information being used to indicate the keys of the M measurands. The method according to any one of claims 11 to 15, characterized in that the method further comprises: A first request is received from the first verifier, the first request being used to request measurement of the first network element. The method according to claim 16, wherein the first request is used to indicate a threshold value, the threshold value being used to indicate the minimum number of measurands on which the first signature is based. A communication method, characterized in that the method is applied to a key management network element, the method comprising: A third request is received from the first verifier. The third request is used to request the keys of M measurers. The keys of the M measurers are used to verify the first signature and the first evidence. The first signature is used to verify the validity of the first evidence. The first evidence is obtained by measuring the first network element. The first evidence is used to verify the validity of the first network element. The M measurers are used to measure the first network element, where M is an integer greater than 1. A third message is sent to the first verifier, the third message indicating the keys of the M measurers. According to the method of claim 18, the third request includes the identifier of the first measurand and/or the identifier of the first group, wherein the first group includes P measurands, the P measurands are used to measure the first network element, the P measurands include the M measurands, where P is an integer greater than or equal to M, and the M measurands include the first measurand. The method according to claim 18 or 19, characterized in that the method further comprises: A fifth message is sent to the first measurer, the fifth message indicating the keys of the M measurers, including the first measurer. The method according to any one of claims 18 to 20, characterized in that the method further comprises: Send a second message to the first verifier. The second message is used to indicate a first association relationship. The first association relationship includes the association relationship between the identifier of the first group and/or the identifiers of P measurands and the identifier of the first network element. The first group includes the P measurands. The P measurands are used to measure the first network element. The P measurands include the M measurands. P is an integer greater than or equal to M. The method according to claim 21, characterized in that the method further comprises: Receive sixth information from the orchestration management network element, the sixth information being used to indicate the first association relationship. The method according to claim 22, characterized in that the method further comprises: A fifth request is sent to the orchestration management network element, the fifth request being used to request the first association relationship. The method according to any one of claims 18 to 23, characterized in that the method further comprises: Based on the third request and the second association, the keys of the M measurands are determined, wherein the second association includes the identifier of the first group and/or the association between the identifiers of the P measurands and the identifier of the first key group, the first group includes the P measurands, the P measurands are used to measure the first network element, the P measurands include the M measurands, and P is an integer greater than or equal to M. A communication method, characterized in that the method is applied to a third-party measurer, the method comprising: Generate fourth information, which is used to indicate the key of the third measurer; The fourth message is sent to the first measurer. The method according to claim 25, characterized in that the method further comprises: A fourth request is received from the first metronome, the fourth request being for requesting the key of the third metronome. The method according to claim 26, wherein the fourth request includes at least one of first evidence, measurement information, or a first signature; The measurement information is used to indicate the measurement content and/or measurement strategy. A communication device, characterized in that it comprises at least one module or at least one unit, wherein the at least one module or at least one unit is used to perform the method of any one of claims 1 to 10, or the at least one module or at least one unit is used to perform the method of any one of claims 11 to 17, or the at least one module or at least one unit is used to perform the method of any one of claims 18 to 24, or the at least one module or at least one unit is used to perform the method of any one of claims 25 to 27. A communication device, characterized in that it comprises: a processor, the processor being configured to execute a computer program or instructions to cause the method of any one of claims 1 to 10 to be executed, or to cause the method of any one of claims 11 to 17 to be executed, or to cause the method of any one of claims 18 to 24 to be executed, or to cause the method of any one of claims 25 to 27 to be executed. The communication device according to claim 29 is characterized in that the communication device further includes a memory for storing the computer program or the instructions. A computer-readable storage medium, characterized in that a computer program or instructions are stored on the computer-readable storage medium, which, when the computer program or instructions are executed, cause the method of any one of claims 1 to 10 to be executed, or cause the method of any one of claims 11 to 17 to be executed, or cause the method of any one of claims 18 to 24 to be executed, or cause the method of any one of claims 25 to 27 to be executed. A computer program product, characterized in that it comprises a computer program or instructions, wherein when the computer program or instructions are executed, the method of any one of claims 1 to 10 is implemented, or the method of any one of claims 11 to 17 is implemented, or the method of any one of claims 18 to 24 is implemented, or the method of any one of claims 25 to 27 is implemented.