Future 5th-generation (5G) mobile communications technology networks are developing toward diversified, broadband, comprehensive, and intelligent networks. With popularization of various user equipments (UE), mobile data traffic is explosively increased. To improve traffic transmission efficiency, the 5G network is also correspondingly improved in terms of interaction process. For example, in a 5G technology, when transmitting data in a network, UE does not need to verify security of the data between the UE and an access network (AN) device, the AN is used to forward data between the UE and a user plane gateway (UP-GW), and an operation of verifying security of the data is performed by the UE and the UP-GW in the network. To be specific, secure end-to-end data transmission between the UE and the UP-GW is protected.
FIG. 1 is a schematic diagram of a roaming process of a 5G network that is currently being researched. The roaming process is related to roaming between different public land mobile networks (PLMN). A home network (HPLMN) is a PLMN to which user equipment is homed, and a visited network (VPLMN) is a PLMN that the user equipment visits. Network elements required to perform the process include the UE, an AN, a session management device (SM), a UP-GW, a security policy control function (SPCF), and the like. For ease of distinguishment, a session management device SM in the visited network may be referred to as a V-SM, a session management device SM in the home network may be referred to as an H-SM, a user plane gateway UP-GW in the visited network may be referred to as a VUP-GW, and a user plane gateway UP-GW in the home network may be referred to as an HUP-GW. The roaming process is as follows:
Step 1: The UE sends a session establishment request to the session management device V-SM in the visited network.
Step 2: After receiving the session establishment request, the V-SM determines, based on information carried in the UE, the session management device H-SM that is in the home network and that is interconnected to the UE.
Step 3: The V-SM selects the user plane gateway VUP-GW in the visited network.
Step 4: The V-SM interacts with the selected VUP-GW to establish a user plane path.
Step S: The V-SM sends a session establishment request to the H-SM.
Step 6: The H-SM interacts with a security policy control function in the home network to obtain information required to establish a new session, for example, subscription data and service data.
Step 7: The H-SM determines to provide the access user plane gateway HUP-GW to the UE.
Step 8: The H-SM interacts with the HUP-GW to establish a user plane path.
Step 9: The H-SM sends a session establishment response to the V-SM.
Step 10: After receiving the session establishment response, the V-SM applies, to the AN, for a resource required to establish a session.
Step 11: The V-SM interacts, based on the obtained resource required to establish a session, with the VUP-GW to update the user plane path.
Step 12: The V-SM interacts with the UE to complete session establishment.
After performing the foregoing process, the UE establishes a new session (session) in the VPLMN. How to ensure secure transmission of data in the new session is a problem that is being researched by a person skilled in the art.