EP4581790A1 - Method, device and system for checking the validity of a message - Google Patents

Abstract

The invention relates to a method, a device and a system for checking the validity of a message transmitted by a first function to a second function, the two functions contributing to instantiating a service in a communication network, the method being implemented in the second function, able to analyse a message comprising a signed digital credential, the signed credential comprising an identifier of a certification register of the communication network, an identifier of a certification entity and a validity parameter of a characteristic relating to the service of the first function, and comprising receiving the message comprising the signed digital credential associated with the characteristic of the first function relating to the service, obtaining a decryption datum from the certification register (Certif) determined based on the received identifier, and determining the validity of the received message.

Description

DESCRIPTION

Title of the invention: Method, device and system for checking the validity of a message

1. Technical field

The invention is implemented in a data infrastructure, this infrastructure possibly being instantiated by a plurality of actors involved in the provision of a communication service. The invention aims more specifically to ensure that a function (or module or device) of the infrastructure receiving a message from another function can ensure the conformity of the message, and subsequently of the transmitting function, to a set requirements specific to the communications infrastructure and service.

2. State of the art

According to known techniques, data infrastructures are known and in particular make it possible to provide a service to a client by relying on the contribution of one or more actors pooling resources such as functions (equipment, modules). The provision of the service requires the provision by the actors of data useful for the provision of services. Furthermore, communication networks are increasingly based on functions, including virtualized functions, possibly administered by distinct actors. Thus, for example, in fifth generation communication networks, network or value-added functions initially defined as unitary functions, for example implemented in specific equipment, are increasingly implemented by interconnecting functions. elements composing a unitary function. A network function is therefore increasingly in the form of a set of interconnected elementary functions communicating with each other. These elementary functions are also possibly managed by separate entities. Thus the network data analysis function, NWDAF (in English Network Data Analytics Function), which makes it possible in particular to collect data relating to a user, to a network function, or to a maintenance and management function, can be implemented using distributed software functions. The NWDAF function interacts with different entities of a communication network such as the AMF (Access and Mobility Function), SMF (Session Management Function), PCF (Policy Control Function), UDM (Unified) entities. Data Management) and AF (Application Function). This NWDAF entity, when structured into several functions elementary, also requires exchanges of messages between these elementary functions. Thus, as described in the documents 3GPP TS 29.520 version 17 of September 2020 and 3GPP TS 23.288 version 17 of March 2021, the NWDAF function can be broken down into an AnLF function (in English Analytics Logical Function) in charge of analysis and d data inference and the provision of statistics and an MTLF function (in English Model Training Logical Function) in charge of the instantiation and training of new training models for data analysis. In addition, particularly when the source of the data and the entity in charge of using an analysis result are not managed by the same actor, then the analysis data is transmitted between the functions via a NEF function. (in English Network Exposition Function). The elementary functions of an NWDAF can also interact with a DCCF function (in English Data Collection and Coordination Function) in charge of collecting data and coordinating data recipients, for example when several functions require the same data or when several NWDAF entities, possibly composed of distributed elementary functions, are deployed in a communication network.

In addition to the example of an NWDAF function requiring an exchange of messages between several functions of a communication network, it should be noted that mobile network access analysis functions of the SON type (in English Self Organizing Network) , the data analysis management functions of the mobile network MD AF (in English Management Data Analytic Function), the services for analyzing information collected on mobile network terminals by DCAF functions (in English Data Collection AF) can be implemented from elementary functions or modules requiring exchanges of messages between the modules and with other entities of a communication network such as the function or functions constituting an NWDAF function. Services based on storage and processing of data upon access (in English Edge Computing) represent another environment requiring exchanges between possible entities managed by distinct actors. Thus, an Edge Computing environment includes in particular Cloud functions EAS (in English Edge application Server), EES (in English Edge enabler Server), ECS (in English Edge configuration Server) and Cloud clients in the EEC terminal (in English Edge Enabler Client) and ACs (Client Application).

However, these exchanges of messages generated in particular by the distribution of elementary functions possibly managed by different actors, depending on the state of the art, are likely to not comply with specifications common to a data space and/or a communications network, or even not to comply with security requirements issued by a regulator and/or a communications network manager. It is not possible according to the techniques used today, for a function receiving a message from another function to ensure that the message received respects one or more requirements of the communication network and/or of a service including data is routed or processed by functions.

The object of the present invention is to provide improvements compared to the state of the art.

3. Presentation of the invention

The invention improves the situation using a method for checking the validity of a message sent by a first function to a second function, the two functions contributing to the instantiation of a service in a communication network, the method being implemented in the second function, capable of analyzing a message comprising a signed digital proof, the signed proof comprising an identifier of a certification register of the communication network, an identifier of an entity certification and a validity parameter of a characteristic relating to the service of the first function, and comprising:

- reception of the message including the signed digital proof associated with the characteristic of the first function relating to the service,

- obtaining from the certification register determined from the identifier received a decryption data associated with the identifier of the certification entity,

- a determination of the validity of the message received comprising:

- a verification of the signature and integrity of the digital proof signed by the certification entity using the decryption data obtained,

- a comparison of the validity parameter of the signed digital proof with a required value associated with the at least one characteristic.

A function of a communication network, which can also be called a module, equipment or virtualized instance, can contribute to the provision of a service in a communication network, such as an application service intended for a user or a network service, if it meets one or more requirements specific to the service in general, therefore also to the communication network, or even to the user. Thus, the function must obtain a signed digital proof from a certification entity, which can also be called a certificate, or proof or token, associated with a characteristic. of the function, guaranteeing that the characteristic is indeed approved by a certification entity and that the function can effectively contribute to the service. A function may require approval of several characteristics from one or more certification entities. Knowing that the other functions, with which the function exchanges messages for the implementation of the service, have no information on the approval received or not, the method allows them to be informed and allows them to effectively verify that the function having sent them a data message relating to the service, has obtained one or more certifications or approvals for all the characteristics requiring such certification. The process is particularly useful when the functions are managed by distinct actors and the functions have no other a priori means of finding out about their respective certifications. Thus, the two functions can exchange signed digital credentials via a file attached to a service-related data message, and the receiving function can verify this approval by comparing the data present in the file with reference values and by verifying signing the proof using decryption data obtained from a register managing the decryption data of the characteristics. This data makes it possible to verify the signature, the fact that the proof has not been modified and that values, for example binary elements or a sequence of numbers, concerning the characteristic conform to the values required for the message received from the first function, and subsequently the function, is validated. The receiving function, identified as the second function, must be able to unambiguously determine that a signed digital credential associated with a characteristic received from another function, the issuing function or the first function, is intrinsically linked to a certification of the characteristic by a certification entity of the communication network. The validity of the signature and the values of the signed digital credential implies the validity of the message comprising the signed digital credential given that the signed digital credential informs the receiving function about the certification of characteristics of the issuing function. The validity of the message sent by the first function also makes it possible to validate the first function by the second function. For a service developed by a chain of functions, the validation of messages step by step by the functions makes it possible to validate the chain, the functions involved, and therefore consecutively the service implemented.

According to one aspect of the invention, in the control method, the two functions are elementary modules of a communication network device. The method is particularly advantageous in a context where the two functions constitute two elements of a device or piece of equipment. In particular, if the two modules are virtualized functions and they are possibly administered by separate managers, the process makes it possible to guarantee that each module complies with a set of security, quality of service and location requirements. . and that the service implemented by the different modules corresponds to a service implemented by a corresponding physical device or equipment, comprising the different modules within the same physical entity.

According to another aspect of the invention, in the control method, the validity parameter of a characteristic is one or more parameters among the following parameters:

- a maximum date of validity of the signed proof,

- a parameter for non-revocation of the signed digital proof,

- an identifier of the characteristic.

Advantageously, the validity parameter of the signed digital proof may include a maximum date of validity of the signed digital proof and the first function, by comparing the maximum date and the reception date, may consider whether the message received is valid or not. The parameter can also be non-revocation information represented by a binary element. By comparing this binary element with a reference value, the second function can determine whether the credential is valid or not. The identifier of the characteristic, compared for example with an identifier obtained from a management entity, makes it possible to detect, for example, identity theft and not to validate the message if these identifiers do not correspond, for example.

According to another aspect of the invention, in the control method, the decryption data is a public decryption key associated with a private encryption key relating to the certification entity.

The digital credential can be signed with an encryption key associated with the certification entity having certified the characteristic corresponding to the signed digital credential. Thus, according to one example, the signed digital credential may be a hash encrypted with a private encryption key. The second function, using for example a public key associated with the private encryption key, can decrypt the hash and then determine whether the decrypted hash has the same value as the hash calculated by the second function and thus verify the signature and integrity of the supporting document. According to another aspect of the invention, in the control method, the determination of the validity of the data further comprises a revocation of the first function in the case where the signature and the integrity of the signed digital proof are not verified and/or the validity parameter of the signed digital credential is not equivalent to the required value.

In the case where the signature of the signed digital credential cannot be verified, because the value of the decrypted hash does not correspond to a value calculated by the second function, and/or if the integrity of the message received is not respected and/ or one of the values in the supporting document does not correspond to an expected value, the message is not validated. This may be due to a revoked certificate or because the first function sending the message is not what it says it is, and for example a function has impersonated another function. If one or more characteristics of the first function cannot be certified, then it is revoked and message exchanges with this function are interrupted.

According to another aspect of the invention, in the control method, said signed digital proof comprises location information of a revocation register, said revocation register being capable of recording validity information relating to a characteristic of the first function.

The signed digital proof can advantageously include location information, such as an IP address or a DNS name, from a revocation register, thus allowing the second function to be able to inquire from this register whether data is still valid. or if a certificate obtained by the first function from the certification entity is still valid and thus have up-to-date information on the capacity of the first function to continue sending and receiving messages associated with the service. The second function can also use this information to inform the revocation register about an invalid signed digital proof and subsequently about a certification of a characteristic to be renewed.

According to another aspect of the invention, in the control method, the characteristic relating to the service of the first function is one or more of the following characteristics:

- a safety feature of the first function,

- a conformity characteristic of the message with a data format of a specific function of the communication network,

- a localization characteristic of the first function, - a characteristic of consent of a user of the service for the exploitation of data relating to a user of the service, included in the message,

- a conformity characteristic of the first function with a rule determined by a regulatory entity of the communication network,

- an identification characteristic of a legal entity responsible for the first function.

For a function to conform to a service, a communications network, a user or a data space comprising a plurality of functions, it must possibly conform to a set of characteristics. The certification entity in charge of assigning a certificate for a characteristic may be specific or in charge of certifying a plurality of characteristics. In the latter case, the certification entity assigns respective certificates for a set of distinct characteristics. The characteristics can be imposed by a requirement of a user of the service, an external entity in charge for example of verifying the security of the implementation of the service, an organization for verifying message formats, an actor or an operator in charge of the management of the communications network and/or the provision of the service.

According to another aspect of the invention, in the control method, said determination of validity comprises the transmission to the certification register of the signed digital proof and an identifier of the first function, and the reception, at the following this transmission, of the decryption data associated with the certification entity.

The determination can advantageously include an exchange of messages between the second function and the certification register, allowing the second function to receive upon explicit request decryption data associated with the certification entity having certified the characteristic and possibly specific to the characteristic .

The different aspects of the control method which have just been described can be implemented independently of each other or in combination with each other. The invention also relates to a method of transmitting a message by a first function to a second function, the two functions contributing to the instantiation of a service in a communication network, the method being implemented in the first function, capable of attaching a signed digital proof to the message to be transmitted to the second function, the signed proof comprising an identifier of a certification register of the communication network, an identifier of an entity of certification and a validity parameter of a characteristic relating to the service of the first function, and comprising:

- obtaining the signed digital proof from the certification entity,

- an addition of the signed digital proof obtained to the message relating to the service to be transmitted to a second function,

- a transmission to the second function of the message including the added signed digital proof.

According to one aspect of the invention, the transmission method further comprises a transmission to the certification entity of a request for certification of the characteristic and in that the signed digital proof obtained includes certification information generated from encryption data associated with the certification entity.

The invention also relates to a device for checking the validity of a message sent by a first function to a second function, the two functions contributing to the instantiation of a service in a communication network, the instantiated device in the second function being able to analyze a message comprising a signed digital proof, the signed proof comprising an identifier of a certification register of the communication network, an identifier of a certification entity and a validity parameter of a characteristic relating to the service of the first function and comprising:

- a receiver, capable of receiving the message comprising the signed digital proof associated with the characteristic of the first function relating to the service,

- an obtaining module, capable of obtaining from the certification register determined from the identifier received from decryption data associated with the identifier of the certification entity,

- a determination module capable of determining the validity of the message (Mes) received comprising:

- a verification module, capable of verifying the signature and the integrity of the digital proof signed by the certification entity by means of the decryption data obtained and the identifier of the certification entity received,

- a comparator, capable of comparing the validity parameter of the signed digital proof with a required value associated with the at least one characteristic.

This device is capable of implementing in all its embodiments the control method described above. The invention also relates to a device for transmitting a message by a first function to a second function, the two functions contributing to the instantiation of a service in a communication network, the device implemented in the first function being able to attach to the message to be transmitted to the second function a signed digital proof, the signed proof comprising an identifier of a certification register of the communication network, an identifier of a certification entity and a validity parameter d 'a characteristic relating to the service of the first function, and comprising:

- an obtaining module, capable of obtaining the signed digital proof from the certification entity,

- an addition module, capable of adding the signed digital proof obtained to the message relating to the service to be transmitted to a second function,

- a transmitter, capable of transmitting to the second function of the message comprising the added signed digital proof.

This transmission device is capable of implementing in all its embodiments the transmission method which has been described above.

The invention also relates to a system for controlling the validity of a message sent by a first function to a second function, the two functions contributing to the instantiation of a service in a communication network, comprising

- a control device,

- a transmission device.

The invention also relates to computer programs comprising instructions for implementing the steps of the respective control and transmission methods which have just been described, when these programs are both executed by a processor and a recording medium readable respectively by a control device and a transmission device on which the computer programs are recorded.

The programs mentioned above may use any programming language, and be in the form of source code, object code, or intermediate code between source code and object code, such as in partially compiled form, or in n any other desirable shape.

The information carriers mentioned above can be any entity or device capable of storing the program. For example, a medium may include a storage means, such as a ROM, for example a CD ROM or a microelectronic circuit ROM, or even a magnetic recording means.

Such a storage means can for example be a hard disk, flash memory, etc. On the other hand, an information carrier may be a transmissible medium such as an electrical or optical signal, which may be carried via an electrical or optical cable, by radio or by other means. A program according to the invention can in particular be downloaded onto an Internet-type network.

Alternatively, an information carrier may be an integrated circuit in which a program is incorporated, the circuit being adapted to execute or to be used in executing the methods in question.

4. Brief description of the drawings

Other characteristics and advantages of the invention will appear more clearly on reading the following description of particular embodiments, given as simple illustrative and non-limiting examples, and the appended drawings, among which: [Fig 1] according to one aspect of the invention, describes a communication network in which the control method and the transmission method are instantiated.

[Fig 2] describes the implementation of the transmission method in a communications network according to one embodiment of the invention.

[Fig 3] describes the implementation of the control method according to one embodiment of the invention.

[Fig 4] describes a control device according to one embodiment of the invention.

[Fig 5] describes a transmission device according to one embodiment of the invention.

5. Description of embodiments

In the remainder of the description, embodiments of the invention are presented in a communications network. This network can be implemented to route communication data to fixed or mobile terminals and the network can be implemented from physical equipment and/or virtualized functions. This network can be used for the routing and/or processing of residential or business customer data.

We first refer to [Fig 1] which presents a communication network in which the control method and the transmission method are instantiated. The functions implemented by a mobile communications network operator (MNO) are as follows: - An NF function (Network Function) which can be any function of the mobile communication network ensuring the routing, processing or management of mobile network data, for example coming from or destined for a network user mobile. The NF function is for example a virtual function providing a routing, security, filtering function or even an application function in the mobile network. These functions can for example transmit data specific to a communication service to analysis functions such as the DCCF and NWDAF functions described below. Only one NF function is represented but the MNO network can include several NF functions.

The DCCF function (in English Data Collection Coordination Function) subscribes to the UDM/NRF/BSF (described below) to be notified of context information associated with a data flow to authorize the analysis and/or the collects data associated with a user (such as GDPR consent). This DCCF function collects and distributes data required by an NF function “consumer”. This function avoids multiple subscriptions of functions for identical data and the sending of notifications containing the same information.

- The UDM (Unified Data Management), NRF (Network Repository Function) and BSF (Binding Support Function) functions are respective functions for user management, management of NFs functions and session management in a mobile network communications.

- The MFAF function (Messaging Framework Adapter Function) applies the transfer policy defined by the DCCF. In one example, data consumers and data sources exchange data using the MFAF function.

The communications network also includes the following functions:

- An NWDAF function (in English Network Data Analytics Function) collects data from various functions, performs analyzes of the data collected in order to propose adaptations of the functions for the services implemented on a communications network.

- An ADRF function (Analytics Data Repository Function) is responsible for storing the collected data. It should be noted that the function can be decomposed into two functions, namely the MTLF function described below and the AnLF function (in English Analytical Logical Function) not shown in [Fig 1], This AnLF function is responsible for inferring a model, deriving data analyzes and exposing these analyzes to requesters of these analyzes .

- An MTLF function (in English Model Training Logical Function) responsible for training a model and provides new training methods.

- The communications network also includes certification entities CAF1, CAF2, CAF3, CAFn responsible for certifying the characteristics of the various functions mentioned above. Several certification entities are possibly deployed to certify a plurality of function characteristics. According to the example of [Fig 1], each certification entity certifies a characteristic and the entities CAF1, CAF2, CAF3, CAFn certify the respective characteristics Caractl, Caract2, Caract3, Caract4 associated with a communication service, the service being able to be an application service or a network service. The characteristics may correspond to characteristics of security, location, compliance with a rule determined by a regulatory entity, consent of a user to the exploitation of data from messages sent or received by this user, compliance with the conditions GDPR (in English General Data Protection Regulation), data storage conditions... The entities CAF1, CAF2, CAF3, CAFn can be managed by various entities and an entity can certify a plurality of characteristics. Thus each function of the network, as cited above, is certified by one or more certification entities CAF1, CAF2, CAF3 and CAFn when the function includes one or more of the characteristics Caractl, Caract2, Caract3, Caract4. This certification is particularly important when the functions are managed by different actors and when they contribute to the routing of data in a data space, in which a plurality of actors possibly contribute by making functions available. Thus each actor, who can be either an operator or a service provider or a regulatory entity, is guaranteed that the functions involved in the routing of data associated with a service respect a certain number of constraints and obligations. When a certification entity CAF1, CAF2, CAF3 and CAFn certifies a characteristic Caractl, Caract2, Caract3, Caract4 for a function among the functions NF, DCCF, MF AF, NRF, UDM, BSF, ADRF, NWDAF, MTLF, AnLF for a given service, following a request for said function, the certification entity issues to the function a signed digital proof associated with the characteristic for the service in question. Certain characteristics, notably security or even user consent, may be specific to a service while some are more generic and may be common for a plurality of services. The issuing function, once it has obtained the various signed digital credentials, for example by means of a private encryption key, associated with the service, will be able to attach them to the messages exchanged with the other functions so that the receiving functions of the messages, can check the validity of the message received. The message received by a receiving function may be a control message and may correspond to a message exchanged between functions of a “disaggregated” device, said functions preferably being virtualized.

The communications network also includes a Certif register of certificates, such as decryption data, associated with the characteristics, the register being updated by the different certification entities CAF1, CAF2, CAF3 and CAFn, makes it possible to certify a characteristic for a function or to update their certification. The Certif register includes up-to-date certificates and ensures availability of up-to-date certificates making it possible to determine the effective certifications of the different characteristics of functions contributing to a service in the communications network. A Certif certification register and a CAFn certification entity are separate entities. The Certif register includes the decryption data used to verify a signature of a signed digital credential assigned by the CAFn certification entity to a function of a communications network.

The signed digital credential transmitted by one function to another function may correspond to a certificate as held by the Certif registry or the signed digital credential may relate to a certificate, i.e. the certificate can be used to contribute to the verification of the message received, by verifying the signature of the digital credential and the integrity of the signed digital credential.

We then refer to [Fig 2] which describes the implementation of the transmission method in a communications network according to one embodiment of the invention. In this embodiment, the NF entity, which can be any type of function of a communications network, interacts and sends and/or receives messages from other functions of the communications network. In another example, the NF function may be replaced by a function from a disaggregated NWDAF, such as an AnLF function or an MTLF function, or it may be replaced by any function described in [Fig 1] .

The NF function, in order to be able to be integrated into the communication network and interact with the other functions of this network, must be certified, that is to say that different characteristics of the function must be verified depending on a service to be implemented in the communication network. Certain characteristics of the function are independent of this service while some of them are relative to the service to be instantiated. Thus, for example, the location of the function is most often independent of the service while a data format is linked to the service to be instantiated. We consider that a characteristic relates to a service even if the same characteristic can be common to several services. The service can be a communications network control service or a value-added service (voice, text, video).

In order to be certified for a service, the NF function requests, prior to the implementation of the service, a certification entity in charge of certifying that a characteristic of the NF function is compatible with the service and the communication network. Knowing that a plurality of characteristics are possibly to be certified, the NF function requests one or more certification entities associated respectively with distinct characteristics. Thus, the NF function requests the entities CAF1, CAF2, CAF3 and CAFn to certify four characteristics required for the implementation of a service. The CAF1, CAF2, CAF3 and CAFn certification entities can be managed by a single or several actors. For example, one certification entity can be managed by a regulatory entity and another can be managed by a security auditor. This certification is particularly useful when the functions likely to exchange messages are themselves managed by distinct actors and each actor must ensure the conformity of the functions of the other actors.

During a step El, the NF function, which according to this example is a disaggregated function of a NWDAF function, transmits a message requesting certification of a location characteristic to the CAF1 entity. The certification request message includes information relating to the location of the NF function, and possibly a service identifier, and in response to this request, the CAF1 entity carries out an audit during a step E2 to ensure that the location indicated by the NF function is indeed that indicated in the certification request. This audit may include the transmission and reception of several messages between the NF function and the CAFE entity. When the audit determines that the location of the NF function is validated and corresponds to a parameter of the service to be instantiated, then the entity CAF1 certifies the characteristic and transmits a certificate, necessary to attest to the conformity of this location characteristic, to a Certif certification register during a step E3. The certificate transmitted to the Certif register may correspond to a token (also called Token in English) and/or to a public decryption key corresponding to a private key associated with the CAF1 entity and possibly the characteristic. This certificate then makes it possible to certify a signed digital proof, comprising one or more parameters relating to a characteristic, transmitted by one function to another function during the exchange of messages relating to a communication service for which one or more characteristics are certified . According to another example, the certificate recorded in the Certif register corresponds to a public certificate containing a public security key. According to an example, the certificate is as shown below: Token: { "@context": [

"https://w.w3.org/2018/credent i al s/vl",

"https://www.w3.org/2018/credenti ls/examples/vl"

],

"id": "http://example.edu/credentials/3732",

"type": ["Ver if iableCredential", "UniversityDegreeCredential"], "issuer": "https://example.edu/issuers/14", "issuanceDate": "2010-01-01T19:23:24Z ", "credentialsubject": {

"id": "did: example: ebfeblf 712ebc6f lc276el2ec21", "degree": {

"type" : "BachelorDegree" , "name" : "Bachelor of Science and Arts" } } ,

The token contains

The address or certificate is registered "id": "http: // example.edu/credentials/3732",

- The type of certificate: [ "VerifiableCredential",

- The address of the identity of the certifier: “issuer”: “https: / / example . edu/ issuers / 14”,

When it was issued: "issuanceDate": "2010-01-01T19:23:24Z",

- The address or certificate is registered to prove the subject of the certificate here bachelor degree "type": "BachelorDegree", "name": "Bachelor of Science and Arts" In [Fig 2], a single Certif register is described but it is possible to have several certification registers, for example associated with distinct certification entities.

During a step E4, the Certif certification register certifies to the CAF1 entity the correct receipt and registration of the certificate received from said CAF1 entity by sending it an acknowledgment message.

During a step E5, the CAF1 entity transmits the signed digital proof of the certified characteristic to the NF function. This signed digital proof includes an identifier of the Certif certification register, an identifier of the CAF1 certification entity and one or more validity parameters of the location characteristic, the signed digital proof being signed with encryption data specific to the CAF1 certification entity and possibly the location characteristic.

Correspondingly, the NF function certifies a security-related characteristic for the service to be instantiated with the certification entity CAF2 during steps E’ 1 to E’5 corresponding to steps El to E5 cited above. According to an alternative, the entity CAF2 and the entity CAF1 are a single entity. The CAF2 entity is managed by an actor other than the one managing the CAF1 entity and aims to ensure that the NF function respects security constraints, for example in terms of supported security protocols and/or compliance with security constraints. confidentiality. If the NF function complies with the security conditions as prescribed by the CAF2 entity, in accordance with the requirements of the communication network in which the NF function is deployed and/or a contract signed with other actors for the instantiation of the service , she obtains signed digital proof relating to the security feature.

Correspondingly, the NF function requests certification during steps E”1 to E”5, corresponding to steps El to E5, a characteristic relating to compatibility with a specification of the communication network in which the service is to be instantiated. According to one example, the NF function obtains certification from the CAFn entity attesting to the compatibility of the NF function with a 3GPP Release 17 specification. The CAFn entity is according to this example an entity managed by an organization different from the entity administering the NF function. The NF function thus obtains during step E”5 a signed digital proof associated with the 3GPP Release 17 specification from the CAFn certification entity.

Once the NF function has received all the signed digital credentials associated with a service to be instantiated in the communication network, it adds during a step E6 these different digital supporting documents signed in a compliance document bringing together all the signed digital supporting documents received. If only one signed digital credential is obtained, the compliance document corresponds to the signed digital credential received.

Example of compliance document

{

"@context": [

"https://www.w3.org/2018/credentials/vl",

"https://www.w3.org/2018/credentials/examples/vl"

],

"type": "VerifiablePresentation",

"verifiableCredential": [{

"@context": [

"https://www.w3.org/2018/credentials/vl",

"https://www.w3.org/2018/credentials/examples/vl"

],

"id": "http://example.edu/credentials/1872",: registration address of the signed digital credential

"type": ["VerifiableCredential", "AlumniCredential"],

"issuer": "https://example.edu/issuers/565049",

"issuanceDate": "2010-01-01T19:23:24Z",

"credential Subject": {

"id": "did:example:ebfeblf712ebc6flc276el2ec21",: address allowing you to check whether the characteristic is compliant

"OP alumni: {

"id": "did:example:c276el2ec21ebfeblf712ebc6fl",

"name": [{

"value": "Example University",

"lang": "en"

}, {

"value": "University Example",

"lang": "fr"

}]

}

},

"proof ¹ : {: proof of validity of the signed digital proof obtained by the "type" function: "RsaSignature2018",: Type of encryption used for the digital proof

"created": "2017-06-18T21:19:1OZ",

"proofPurpose" : "assertionMethod",

"verificationMethod": "https://example.edU/issuers/565049#key-l",: Address allowing to retrieve the decryption data of 56049 (university) allowing to verify the signature

"jws":HeyJhbGciOiJSUzIlNiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0I119..T CYt5X sITJXlCxPCT8yAV-TVkffiq_PbChOMqsLfRoPsnsgw5WEuts01mq- pQy7UJiN5mgRxD-WUcX16d UEMGlv50aqzpqh4Qktb3rk- BuQy72IFLOqVOG_zS245- kronKb78cPN25DGlcTwLtjPAYuNzVB Ah4vGHSrQyHUdBBPM": signature of the digital receipt

}

}],

'proof': {

"type": "RsaSignature2018",

"created": "2018-09-14T21:19:10Z",

"proofPurpose" : "authentication",

"verificationMethod": "did:example:ebfeblf712ebc6flc276el2ec21#keys-l",

"challenge": ⁿ lf44d55f-fl61-4938-a659-f8026467fl26",

"domain": "4jt78h47fh47",

"jws":

"eyJhbGciOiJSUzIlNiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0I119..kTCYt5

Xs ITJ wLtjPAnK b78"

}: proof signed by the function issuing the signed digital proof }

During a step E7, the NF function transmits a message relating to the communication service to a DCCF type function. The message corresponds for example to a request message with a view to obtaining a plurality of information that the DCCF will have previously collected from other functions of the communication network. The NF function adds to the request message the conformity document that it will have created during step E6. Thus, thanks to this conformity document, the DCCF entity can verify the conformity of the characteristics of the NF function for all of the evaluated characteristics, present in the conformity document, and determine if the signed digital credentials are valid, if the NF function has had its characteristics certified, if a signature of a signed digital proof can be verified using a certificate held by the Certif certification register. The embodiment describes a message exchange between any NF function and a DCCF function but this mode is also valid for one or more message exchanges between functions of a data space, such as described in [Fig 1] ,

We then refer to [Fig 3] which describes the implementation of the control method according to one embodiment of the invention.

During a step E7, corresponding to step E7 of [Fig 2], the NF function transmits a request message, the request message corresponding to the instantiation of a communication service to the DCCF function in order to obtain user data as well as data session information from the service. The request message includes the signed digital receipts as obtained in accordance with the description in [Fig 2] above.

During a step E8, the DCCF function obtains from the Certif certification register, an identifier of which is possibly present in a signed digital proof received, one or more decryption data, associated with the certification entities having certified the characteristics, therefore associated with the characteristics of the NF function from which it has just received the request message. In order to check the validity of the message received during step E7, the DCCF function can obtain all the decryption data associated with the NF function by providing the Certif register with an identifier of the NF function (DNS name, URI address (in English Uniform Resource Identifier), IP address, decentralized identity (did)...), as well as an identifier of the certification entity having certified a characteristic, this identifier being present in the signed supporting documents received. In the case where the decryption data is specific to the NF function, in addition to the identifier of the entity having certified a characteristic, an identifier of the function can also be transmitted and if decryption data is associated with a service, an identifier of the service associated with the NF function can be transmitted in addition to the NF function identifier and the identifier of the certification entity. Obtaining can be carried out via an exchange of messages between the DCCF function and the Certif certification register, the message transmitted to the certification register comprising an identifier of the certification entity having attested to the validity of a characteristic, an identifier of the NF function and possibly an identifier of the service, and the reception in return, of decryption data specific to the certification entity having certified the characteristic of the service corresponding to the digital proof signed and associated with the NF function, thus allowing the DCCF function to validate the message received during step E7. According to one example, the DCCF function transmits to the Certif certification register the signed digital proof received from the NF function.

During a step E9, the DCCF function having obtained one (or more) decryption data associated with the certification entity and corresponding to the characteristic(s) is able to determine whether the message received is valid by validating or not the signed digital proofs received from the NF function during step E7. To perform this validation, the DCCF function verifies the signature and integrity of the signed digital credential using decryption data, such as a public key. According to one example, the signed digital credential includes proof signed using given encryption, such as a private key, specific to the certification entity having previously certified the characteristic in accordance with the exchanges in [fig 2], Using the decryption data corresponding to the encryption key used for the signature of the signed digital credential and the encryption of the proof, the DCCF function determines that the signature is valid if the information obtained using the decryption data is identical to the proof received in the signed digital credential. This operation also makes it possible to verify that the signed digital proof has not been modified and therefore that its integrity is valid. The DCCF function also compares parameters, such as parameters relating to the maximum validity date of the proof, a parameter for non-revocation of the signed proof, or even an identifier of the characteristic, to validate the message. These parameters are not necessarily quantified and can be verified by comparing them to reference values.

During a step E10, the DCCF function transmits a message to an NWDAF function in order to obtain statistical data relating to a communication service, the service possibly being identical to the service at the initiative of the request message transmitted by the NF function during step E7. The service can independently be a network service, for example to implement or modify a connectivity service and/or an application service (video, message, voice). The message transmitted during step E10 includes a conformity document, comprising one or more signed digital supporting documents, which the DCCF function has previously obtained from one or more certification entities.

During a step El i, the NWDAF function obtains from the Certif certification register a public key relating to a certification entity having certified a security characteristic, to the service and to a security characteristic of the DCCF function. According to one example, the NWDAF function transmits an identifier of the DCCF function and possibly of the security service, an identifier of the certification entity having certified the characteristic. During step E12, according to one of the methods indicated during step E9, the NWDAF function determines that the digital proof relating to the security characteristic for the service, signed by the certification entity is valid and therefore that the message received during step E10 is valid and therefore the DCCF function is certified. This verification was possible using the public key obtained during step El 1.

During step E13, following the message transmitted to the NWDAF entity during step E10, the DCCF entity receives a response message from the NWDAF entity. This message relating to the same service includes signed digital supporting documents relating to to characteristics of conformity of the NWDAF function with a 5G network and consent of a user for the exploitation of the data of the service concerning him, in a conformity document therefore comprising two signed digital proofs associated with the two characteristics. The signed digital credentials also include an address of a Revocation register, capable of recording validity information relating to the two characteristics of the NWDAF function cited above.

During a step E14, the DCCF function obtains from the Certif certification register a set of decryption data making it possible to verify the signed digital credentials relating to the NWDAF function, these data relating to certification entities for compliance with a 5G network and the consent of the user whose identifiers were present in the signed digital credentials, and characteristics/claims of conformance of the NWDAF function with a 5G network and consent of a user. It should be noted that the characteristics linked to the service may also relate to a location of the NWDAF function, compliance of the NWDAF function with a rule determined by a regulatory entity, for example in connection with data backup obligations or of use of user data, or to an identification characteristic of a legal entity in charge of the NWDAF function.

During step E15, the DCCF function determines that at least one signed digital credential received does not correspond to a certificate presented by the NWDAF. This can be explained because the signed digital proof is no longer valid, the validity deadline of the validity parameter being prior to receipt of the message from step E13, and/or the NWDAF function is not the function it claims to be and/or that at least one signed digital credential was modified when sending or processing it, this verification being carried out using decryption data relating to the certification entity having certified one or both of the characteristics cited above, this data being obtained during step E14. When several characteristics have given rise to several signed digital credentials, it is possible for the DCCF function to evaluate the impact of the revocation of a certificate or a signed digital credential to decide whether or not to validate the received message and consecutively to revoke or not the NWDAF function having issued several signed digital supporting documents.

The DCCF function decides that the NWDAF function is not compliant because one or more signed digital credentials are not valid and therefore not to validate the message received, which could compromise the service and possibly the communications network.

In the case where a revocation register address is present in the signed digital credential, the DCCF function can also transmit during an optional step El 6 a revocation subscription from the NWDAF function to the Revoc revocation register which allows the DCCF function to be notified in the event of revocation of a certificate associated with the NWDAF function and thus to decide to cut the service by blocking the message exchange between a function and the NWDAF function.

Optionally, in an exchange not shown in [Fig 3], a CAF function which periodically analyzes the certificates of conformity of the NFs functions can inform the Revoc revocation register of the revocation of the NWDAF function so, for example, that the Certif certification updates the management information for signed digital credentials, for example by deleting the decryption data associated with these certificates. The Certif registry can also request the certification entity associated with the signed proof to update the certification and subsequently the signed digital proof that it holds. The revocation of the NWDAF function also induces a breakdown in communication relating to the service, knowing that the non-certification of a function in a multi-actor data space can cause security problems.

During a step El 7, the DCCF function managed by a telecommunications operator transmits a message relating to a data storage service of a service to an ADRF function (in English Analytics Data Repository Function) managed by a service provider. The message transmitted by the DCCF function may include an identifier of the entity managing the DCCF function, for example of the operator of the communications network in which the DCCF function is deployed. The identifier may be derived from the DCCF address used to communicate with the ADRF or it may be an entity-specific identifier. Each function, managed by an entity separate from the other function, must ensure the compliance of the other function with regard to security characteristics, localization and compliance with GDPR rules. The DCCF function adds to the message relating to the service the signed digital credentials associated with the characteristics cited above previously obtained from certification entities, the signed digital credentials integrating hashes (in order to verify the non-repudiable nature of the message ). During a step El 8, the ADRF function obtains the Certifs certification data from the Certifs certification register. decryptions associated with these characteristics and the signed digital credentials of the DCCF function, this decryption data being in the form of public encryption keys or any other decryption parameter associated with the entities in charge of the respective certifications. The ADRF function includes the identifier of the certification entities from which it has received identifiers in the signed digital credentials and it can include the identifier of the entity managing the DCCF function if it has received it as well as an identifier of the DCCF function, which the function will have transmitted to it in the message transmitted during step E17, as well as possibly an identifier of the service (for example data storage) so that the Certif register transmits only the decryption data required for the DCCF function and possibly the service. During a step E19, the ADRF function determines whether the DCCF function having transmitted a message to it for data storage is indeed certified, that is to say that all of the characteristics required for communication between the two functions and possibly specific to a data space and/or to a regulator such as a public management office, have been certified and that the signed digital documents are still valid. If the ADRF function is able to decrypt the hashes received using the public keys obtained from the Certif registry, it has a guarantee that the received message has not been modified by recalculating the hash from the public key, and the validity parameters correspond to reference values, then the signed digital credentials are considered valid and the DCCF function is considered certified. In the case where the communication between the DCCF function and the ADRF function is bidirectional, the DCCF function can also ensure the certification of the ADRF function by implementing steps identical to steps E17 to E19. According to this example, the ADRF function can also add an identifier of the entity managing the ADRF function, for example of the service provider.

In the different exchanges indicated above between the functions but also between a function and the different registers, it is possible to add an identifier in a message sent to another entity (function or register). This identifier can be one or more identifiers including:

An identifier that owns the data and the results of analyzes possibly carried out by an entity other than the owner,

An identifier of the data storage provider that offers a service to orchestrate storage or analysis functions or virtual instances of these functions, an identifier of the software providers who develop the analytical models and services, involving an NWDAF function or a plurality of functions of an NWDAF function if this is decomposed.

An identifier of a customer, for example who gives their consent for the processing and analysis of data from a service concerning them.

During a step E20, and according to an example, the functions NF and DCCF, involved in the routing or processing of data from a service, transmit backup data (in English log) to a LOG recording register . This backup data may be timestamped, according to one example. According to one example, the messages transmitted during step E20 are alternately sent to the LOG register during each exchange of messages, once the functions have been certified, therefore following steps E9, E12. The LOG recording register can thus be used for an audit, particularly useful when functions such as the NF and DCCF functions are managed by separate entities, the data recorded in the LOG register can then be used as legal evidence. The message transmitted during step E20 includes one or more of the following information:

- The signed digital proof relating to a certification associated with a characteristic relating to the service,

- Proof of the determination of the validity of the conformity obtained by a function,

- An identifier of the function receiving the message including the signed digital proof added,

- An identifier of the function sending the message including the signed digital proof,

- Timestamp information for the transaction corresponding to the transmitted message, the message including the signed digital proof.

According to another embodiment, the conformity document comprising the set of signed digital supporting documents is not systematically transmitted between the different functions of the communication network but it is possible that a function transmits it to a single function, for example the DCCF, which ensures control of the validity of a message for a set of functions. Thus, functions can delegate the validity check to a third function to limit the signaling overhead generated by adding the conformance document to messages between the different functions. In this embodiment, it is necessary that the function to which the validity check is delegated is trustworthy and prior exchanges secure between the delegating functions and the proxy function, such as the DCCF, which ensures the check. The third function will then receive the signed digital credentials from the other functions and will validate them or not using the decryption data received from the Certif register. The third-party function will inform other functions of the validity of signed digital credentials relating to a given function.

The control method and the transmission method prove to be particularly relevant in a communications network or communications devices (NWDAF, NEF (in English Network Exposure Function), ADRF, etc.) are managed by different entities and these functions interact with functions external to the mobile network such as user terminals and/or application servers. The processes thus make it possible to certify that exchanges comply with a contract signed between the entities, with a regulation or a specification or even with the wishes of a user. Some of these functions transmit data (or information) relating to one or more communication services (audio, video, text, etc.) in messages intended for other functions in charge of processing, storing or storing them. aggregate for example. Knowing that services may have specific constraints, the signed digital credentials advantageously relate to a particular communication service or to a set of services having the same constraints. Thus, each function involved in the routing of this data (or information) relating to a service has the capacity to validate or not the signed digital credentials transmitted by another function of the communication network. In the particular case where the signed digital credential concerns a user's consent, and this consent is revoked leading to a revocation of the function transmitting the signed digital credential, then the data relating to the user is possibly deleted and the Message exchange between functions is interrupted following revocation.

An example implementation in a communications network where an NWDAF device is disaggregated is presented below:

In each request made by the following interfaces/services Nddcf, Nadrf, Nnwdaf, Nmfaf, Ndrf, Nnf, linking disaggregated NWDAF functions managed by different actors, the conformity presentation document “conformitydoc” must be added to the parameters of existing interfaces/services. The services described below must add the conformity doc in their parameter.

To minimize overload of the communications network and delays in signaling:

Nmfaf services should not contain the conformity document,

Only the exchanges in the control plan (via the DCCF) must present it and at least the following services and their responses so that each actor can present their documents via the Nardf interfaces/services and the Nnwdaf, Nmtlf, Ndccf, Nmtlf o The subscription services: StorageRequest, StorageSubscriptionRequest, Subscribe / Notify, RetrievalSubscribe) o Context exchange services Nddcf_ContextManagement (Register/ Update (request/response)

Each function receiving a “conformitydoc” compliance document must verify the validity of the “token” certificates (or signed digital supporting documents) present in this compliance document. The validity of the messages emitted by a function and subsequently the function is checked with the information recorded in the certification registers and more specifically by evaluating whether the proofs of the tokens of the conformity document and those calculated with the help of the public keys of the register CERTIF coincident, that is to say that there is a relationship between the proof of conformity and the certificate.

Proof of conformity may relate to the certificate obtained from a CAF registered in a certification register in accordance with the following options:

- A first function inserts a token which corresponds to a string of characters associated with claims in which several pieces of information can be concatenated (example of such data: a certificate (which can itself be a certificate address allowing a public key to be retrieved with a register, an expiration date, a CAF address (a certification entity), a signature (hash information).The proof of conformity is for example the hash information or the token.

The first function performs an operation calculating a checksum on a message to send, then encrypted with a private key of A this checksum (which gives an encrypted hash-A inserted in the token)

The second function, receiving the token and seeking to ensure the validity of a message sent by the first function, executes the following operations: o The second function also calculates the hash information of the message received which gives a hash- B o The second function decrypts the encrypted hash-A received using the public key of A corresponding to or included in the certificate received from the certification register and compares this decrypted hash-A to the hash-B value that it comes from calculate

In this case, the certificate obtained from the register relates to the token received since the public address ensures the equality of the decrypted hash-A and the hash-B, and therefore the validity of the message received with regard to the signature and integrity of the token.

If the verification of a certificate fails then the “conformity doc” is rejected and the message exchange service between functions cannot be performed.

According to another embodiment, the control and transmission methods can be implemented in a mobile access communication network SON (in English Self Organizing Network) where the functions exchange messages relating to a service. self-configuration and self-operation of the access network.

According to yet another embodiment, the control and transmission methods can be implemented between terminals and an information collection function on these terminals.

According to yet another embodiment, the control and transmission methods can be implemented in an Edge Computing type communication network, for example by adding the conformity document in the APIs transporting the profiles of the EAS Clouds (Edge application Server ) EES (Edge enabler Server), ECS (Edge configuration Server) and Cloud clients in the EEC (edge enabler client) terminal and AC (Application Client). The compliance document can also be added in the context descriptions associated with storage space providers (clouds) which are used by a mobile network for example to apply local policies and regulations to storage spaces. The control and transmission methods can be implemented in a communication architecture comprising several chained functions where each function in the chain can check the validity of a message sent by one of the nodes in the chain and received by the node verifying the validity thanks to the signed digital supporting documents present in the conformity document accompanying the message.

We then refer to [Fig 4] which presents a device 300 for checking the validity of a message according to one embodiment of the invention.

Such a control device can be implemented in a network or application function or in an elementary module of a device of a communication network, such as a 5G network. According to an alternative, the control device can be instantiated in a communication terminal such as a mobile terminal or access equipment of a fixed network.

For example, the control device 300 comprises a processing unit 330, equipped for example with a microprocessor pP, and controlled by a computer program 310, stored in a memory 320 and implementing the control method according to invention. Upon initialization, the code instructions of the computer program 310 are for example loaded into a RAM memory, before being executed by the processor of the processing unit 330. Such a control device 300 comprises:

- a receiver (301), capable of receiving the message (Mes) comprising the signed digital proof associated with the characteristic of the first function relating to the service,

- an obtaining module (302), capable of obtaining from the certification register (Certif) determined from the identifier received from decryption data associated with the identifier of the certification entity,

- a determination module (303) capable of determining the validity of the message (Mes) received comprising:

- a verification module, capable of verifying the signature and the integrity of the digital proof signed by the certification entity using the decryption data obtained,

- a comparator, capable of comparing the validity parameter of the signed digital proof with a required value associated with the at least one characteristic.

According to this example, the determination module 303 is represented by a single module but according to another example, the verification module and the comparator are two separate modules. We then refer to [Fig 5] which presents a transmission device 400 according to one embodiment of the invention.

Such a transmission device 400 can be implemented in a network or application function or in an elementary module of a device of a communication network, such as a 5G network. According to an alternative, the control device can be instantiated in a communication terminal such as a mobile terminal or access equipment of a fixed network.

For example, the transmission device 400 comprises a processing unit 430, equipped for example with a microprocessor pP, and controlled by a computer program 410, stored in a memory 420 and implementing the transmission method according to the invention. At initialization, the code instructions of the computer program 410 are for example loaded into a RAM memory, before being executed by the processor of the processing unit 430.

Such a transmission device 400 comprises:

- a module (401) for obtaining, capable of obtaining the signed digital proof from the certification entity,

- an addition module (402), capable of adding the signed digital proof obtained to the message relating to the service to be transmitted to a second function,

- a transmitter (403), capable of transmitting to the second function of the message (Mes) comprising the added signed digital proof.

Claims

1. Method for checking the validity of a message sent by a first function to a second function, the two functions contributing to the instantiation of a service in a communication network, the method being implemented in the second function, capable of analyzing a message comprising a signed digital proof, the signed proof comprising an identifier of a certification register of the communication network, an identifier of a certification entity and a validity parameter of a relative characteristic serving the first function, and comprising: - a reception (E7, E10) of the message (Mes) comprising the signed digital proof associated with the characteristic of the first function relating to the service, - obtaining (E8, El 1) from the certification register (Certif) determined from the identifier of the certification register received from decryption data associated with the identifier of the certification entity, - a determination (E9, E12) of the validity of the message (Mes) received comprising: - a verification of the signature and integrity of the digital proof signed by the certification entity using the decryption data obtained, - a comparison of the validity parameter of the signed digital proof with a required value associated with at least one characteristic. 2. Control method according to claim 1, in which the two functions are elementary modules of a communication network device. 3. Control method, according to claim 1 or claim 2, in which the validity parameter of a characteristic is one or more parameters among the following parameters: - a maximum date of validity of the signed proof, - a parameter for non-revocation of the signed digital proof, - an identifier of the characteristic, 4. Control method, according to one of claims 1 to 3, in which the decryption data is a public decryption key associated with a private encryption key relating to the certification entity. 5. Control method, according to one of claims 1 to 4, in which the determination of the validity of the data further comprises a revocation of the first function in the case where the signature and the integrity of the signed digital proof are not verified and/or the validity parameter of the signed digital credential is not equivalent to the required value. 6. Control method, according to one of claims 1 to 5, in which the signed digital proof further comprises location information of a revocation register, said revocation register being capable of recording validity information relating to a characteristic of the first function. 7. Control method, according to one of claims 1 to 6, in which the characteristic relating to the service of the first function is one or more of the following characteristics: - a safety feature of the first function, - a conformity characteristic of the message with a data format of a specific function of the communication network, - a localization characteristic of the first function, - a characteristic of consent of a user of the service for the exploitation of data relating to the user included in the message, - a conformity characteristic of the first function with a rule determined by a regulatory entity of the communication network, - an identification characteristic of a legal entity responsible for the first function. 8. Control method, according to one of claims 1 to 7, further comprising the transmission to the certification register of the signed digital proof and an identifier of the first function, and the reception, following this transmission, of the decryption data associated with the certification entity. 9. Method for transmitting a message by a first function to a second function, the two functions contributing to the instantiation of a service in a communication network, the method being implemented in the first function, capable of attaching a signed digital proof to the message to be transmitted to the second function, the signed proof comprising an identifier of a certification register of the communication network, an identifier of a certification entity and a validity parameter of a characteristic relating to the service of the first function, and comprising: - obtaining (E5, E’5, E”5) from the certification entity of the signed digital proof, - an addition (E6) of the signed digital proof obtained to the message relating to the service to be transmitted to a second function, - a transmission (E7) to the second function of the message including the signed digital proof added. 10. Transmission method further comprising a transmission to the certification entity of a request for certification of the characteristic and in that the signed digital proof obtained comprises certification information generated from encryption data associated with the certification entity. 11. Device (300) for checking the validity of a message sent by a first function to a second function, the two functions contributing to the instantiation of a service in a communication network, the device instantiated in the second function being able to analyze a message (Mes) comprising a signed digital proof, the signed proof comprising an identifier of a certification register of the communication network, an identifier of a certification entity and a validity parameter of a characteristic relating to the service of the first function and comprising: - a receiver (301), capable of receiving the message (Mes) comprising the signed digital proof associated with the characteristic of the first function relating to the service, - an obtaining module (302), capable of obtaining from the certification register (Certif) determined from the identifier of the certification register received from decryption data associated with the identifier of the certification entity , - a determination module (303) capable of determining the validity of the message (Mes) received comprising: - a verification module, capable of verifying the signature and the integrity of the digital proof signed by the certification entity using the decryption data obtained, - a comparator, capable of comparing the validity parameter of the signed digital proof with a required value associated with the at least one characteristic. 12. Device (400) for transmitting a message (Mes) by a first function to a second function, the two functions contributing to the instantiation of a service in a communication network, the device implemented in the first function being able to attach to the message to be transmitted to the second function a signed digital proof, the signed proof comprising an identifier of a certification register of the communication network, an identifier of a certification entity and a parameter of validity of a characteristic relating to the service of the first function, and comprising: - a module (401) for obtaining, capable of obtaining the signed digital proof from the certification entity, - an addition module (402), capable of adding the signed digital proof obtained to the message relating to the service to be transmitted to a second function, - a transmitter (403), capable of transmitting to the second function of the message comprising the added signed digital proof. System for checking the validity of a message sent by a first function to a second function, the two functions contributing to the instantiation of a service in a communication network, comprising - a control device according to claim 11, - a transmission device according to claim 12. Computer program, characterized in that it comprises the instructions for implementing the steps of the control method according to one of claims 1 to 8, when said program is executed by a processor Computer program, characterized in that it comprises the instructions for implementing the steps of the transmission method according to one of claims 9 or 10, when said program is executed by a processor.