The Internet of Things (IoT) is an important application scenario of a 5th generation (5G) mobile communications technology. A terminal device on the IoT needs to perform network authentication when accessing a 5G network. FIG. 1A and FIG. 1B are a schematic diagram of interactions performed when a terminal device performs network authentication in the prior art. The authentication process is as follows:
Step S101: A terminal device sends a network access request to a mobility management entity (MME). Step S102: The MME sends a network access data request to a home subscriber server (HSS). Step S103: The HSS receives the network access data request and determines a symmetric key K corresponding to the terminal device, where the symmetric key is stored in the HSS; and then calculates authentication vectors based on the symmetric key K, where the authentication vectors include an authentication token (AUTNHSS), an expected response (XRES), and an access security management key (KASME). Step S104: The HSS sends the authentication vectors to the MME. Step S105: The MME receives and stores the authentication vectors. Step S106: The MME initiates a user authentication request to the terminal device, where the user authentication request includes a random number RAND, the AUTNHSS, and the KASME. Step S107: The terminal device receives the RAND and the AUTNHSS and performs an operation by using the authentication and key agreement (AKA) key derivation algorithm of a third generation mobile communications network of an evolved packet system (EPS), where input parameters for the operation include the symmetric key K, the RAND, a serving network (SN) identifier, and a sequence number (SQN) of the terminal device, and output parameters for the operation include a user-side authentication token AUTNUE, a response (RES), and a KASME. Step S108: When determining that the AUTNUE and the AUTNHSS are the same, the terminal device generates a session key for the terminal device and a network side based on the KASME. Step S109: The terminal device sends the RES obtained through the operation to the MME. Step S110: The MME receives the RES, and generates a session key between the network side and the terminal device based on the KASME when determining that the received RES is the same as the XRES in the authentication vectors.
A disadvantage in the prior art is that a large quantity of terminal devices on the IoT need to perform network authentication with the HSS. Therefore, the HSS needs to store a symmetric key and an SQN that are corresponding to each terminal device. This centralized storage causes severe load pressure on the HSS. In addition, the terminal device, the MME, and the HSS need to interact with each other to implement the network authentication process, which causes a problem that a network authentication chain is relatively long, thereby affecting network authentication efficiency.