CN112491829A - MEC platform identity authentication method and device based on 5G core network and block chain - Google Patents
MEC platform identity authentication method and device based on 5G core network and block chain Download PDFInfo
- Publication number
- CN112491829A CN112491829A CN202011272829.9A CN202011272829A CN112491829A CN 112491829 A CN112491829 A CN 112491829A CN 202011272829 A CN202011272829 A CN 202011272829A CN 112491829 A CN112491829 A CN 112491829A
- Authority
- CN
- China
- Prior art keywords
- authentication
- mec platform
- mec
- platform
- block chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 230000007246 mechanism Effects 0.000 claims abstract description 27
- 230000004044 response Effects 0.000 claims description 68
- 238000007726 management method Methods 0.000 claims description 41
- 238000012795 verification Methods 0.000 claims description 24
- 238000013523 data management Methods 0.000 claims description 22
- 238000004590 computer program Methods 0.000 claims description 13
- 230000011664 signaling Effects 0.000 claims description 6
- 238000013475 authorization Methods 0.000 claims description 3
- DJGAAPFSPWAYTJ-UHFFFAOYSA-M metamizole sodium Chemical compound [Na+].O=C1C(N(CS([O-])(=O)=O)C)=C(C)N(C)N1C1=CC=CC=C1 DJGAAPFSPWAYTJ-UHFFFAOYSA-M 0.000 claims 3
- 238000005516 engineering process Methods 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 30
- 101000904787 Homo sapiens Serine/threonine-protein kinase ATR Proteins 0.000 description 21
- 102100023921 Serine/threonine-protein kinase ATR Human genes 0.000 description 21
- 230000008569 process Effects 0.000 description 11
- 238000004846 x-ray emission Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 7
- 101100355601 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) RAD53 gene Proteins 0.000 description 4
- 101150016833 mec-3 gene Proteins 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000000977 initiatory effect Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- 238000000926 separation method Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 101100456536 Caenorhabditis elegans mec-2 gene Proteins 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The invention discloses an MEC platform identity authentication method and a device based on a 5G core network and a block chain, wherein the method comprises the steps of performing identity authentication on an MEC platform through a 5G authentication and key agreement authentication mechanism; marking the network address and the permanent equipment identifier information owned by the authenticated MEC platform; performing uplink management on the MEC platform passing the authentication through a block chain common identification mechanism, and storing the network address and the permanent equipment identifier information owned by the MEC platform into each node on the current block chain; the method, the device, the equipment and the computer storage medium of the embodiment can realize identity authentication of the MEC platform, synchronize and commonly identify the platform identification information passing the authentication based on the block chain technology, effectively realize identity authentication of the MEC platform, and effectively prevent the occurrence of falsifying and tampering events of IP addresses.
Description
Technical Field
The disclosure belongs to the technical field of 5G network communication, and particularly relates to an MEC platform identity authentication method and device based on a 5G core network and a block chain.
Background
When an MEC (Multi-access Edge Computing) platform accesses a 5G (5th Generation mobile networks or 5th Generation wireless systems, 5th-Generation, abbreviated as 5G, fifth Generation mobile communication technology) core network, authentication and authorization are required for the identity of the MEC platform, and the existing solutions are to connect a UPF (User Plane Function) and the MEC platform through an optical cable, and configure the same IP Address (Internet Protocol Address) for both ends to implement data forwarding. As shown in fig. 1, the IP address fields of the private networks where the MEC1 platform and the UPF are located are the same, and normal data exchange can be performed, while the IP address fields where the MEC2 platform and the UPF are located are different, and normal data exchange cannot be performed.
After introducing the MEC service, the MEC platform is deployed in an edge distributed manner, so that the data processing rate is improved, and meanwhile, the risk is brought to the safety of network data. In the actual application process, the network cannot effectively distinguish the authenticity of the MEC platform and cannot judge whether the IP address used by the MEC platform is the IP address allocated by the MEC platform; when the human supervision fails, phenomena of tampering and falsifying the IP address may occur. Therefore, when an illegal user tampers or falsely uses the IP address, the safety of the data is difficult to guarantee.
In view of this, the present disclosure is set forth.
Disclosure of Invention
The embodiment of the disclosure provides an MEC platform identity authentication method, an MEC platform identity authentication device and a computer storage medium based on a 5G core network and a block chain, which can protect each MEC platform IP address and prevent the MEC platform IP address from being maliciously tampered and falsely used.
In one aspect, an embodiment of the present disclosure provides an MEC platform identity authentication method based on a 5G core network and a blockchain, where the method includes:
performing identity authentication on the MEC platform through a 5G authentication and key negotiation authentication mechanism; marking the network address and the permanent equipment identifier information owned by the authenticated MEC platform;
and performing uplink management on the MEC platform passing the authentication through a block chain common identification mechanism, and storing the network address and the permanent equipment identifier information owned by the MEC platform into each node on the current block chain.
In one embodiment, the identity authentication of the MEC platform is performed through a 5G authentication and key agreement authentication mechanism, which comprises
The method comprises the steps that the MEC platform is connected with a security network element SEAF, the security network element SEAF initiates an authentication starting request to an authentication server, and the request comprises permanent equipment identifier information of the MEC platform, so that the authentication server requests the unified data management equipment to verify the authenticity of the permanent equipment identifier information;
after the permanent device identifier information is verified, the unified data management device creates an authentication vector to respond to the authentication server so that the authentication server interacts with the security network element SEAF, and identity authentication service is executed according to the authentication vector.
In one embodiment, the identity authentication of the MEC platform is performed through a 5G authentication and key agreement authentication mechanism, which specifically includes:
enabling the MEC platform to establish connection with a security network element SEAF, and sending information carrying a permanent equipment identifier of the current MEC platform to the security network element SEAF;
sending an authentication starting request to an authentication server through a security network element SEAF (secure access gateway), so that an authentication response request is sent to a unified data management device UDM (universal data management) or ARPF (unified data management) after an AUSF (autonomous AuSF) of the authentication server passes the service network authentication of the security network element SEAF; the starting authentication request and the authentication response request both contain the permanent equipment identifier information of the MEC platform, and the unified data management equipment UDM or ARPF verifies the authenticity of the permanent equipment identifier information.
In one embodiment, the identity authentication of the MEC platform is performed through a 5G authentication and key agreement authentication mechanism, and the method further includes:
after the permanent device identifier information is verified, the unified data management device UDM or ARPF creates a first authentication vector, responds to an authentication response request, sends the first authentication vector to an authentication server AUSF and indicates the authentication vector to be used for authentication and key agreement authentication; wherein the first authentication vector comprises a random number, an authentication token, an authentication response parameter and an authentication key;
the AUSF of the authentication server side stores authentication response parameters, calculates an anchor key according to the authentication key, generates a second authentication vector containing a random number, an authentication token and the anchor key, and sends the second authentication vector to the security network element SEAF;
the security network element SEAF sends request information at least containing the random number and the authentication token in the second authentication and authorization vector to the MEC platform, so that the platform sends the random number and the authentication token to the USIM for performing freshness verification on the authentication token, and the MEC platform deduces a response parameter, an authentication key and an anchor key and returns the response parameter, the authentication key and the anchor key to the authentication service end;
the authentication server judges an authentication result according to the comparison between the response parameter and the authentication response parameter; if the comparison is equal, the authentication is passed, otherwise, the authentication is failed.
In one embodiment, the marking of the network address and the permanent equipment identifier information owned by the authenticated MEC platform comprises
And enabling the MEC platform passing the authentication to acquire an authentication result and acquire an indication for marking the current public network address and the permanent equipment identifier information of the MEC platform, and marking to carry out uplink operation.
In one embodiment, the uplink management of the authenticated MEC platform through the blockchain consensus mechanism includes
And for the MEC platform passing the authentication, synchronizing the public network address and the permanent equipment identifier information distributed to the MEC platform as the identification information of the MEC platform to other MEC platforms in the network where the current platform is located for uplink management of the MEC platform.
In one embodiment, in performing uplink management on an authenticated MEC platform through a blockchain consensus mechanism, the uplink management includes:
generating a first transaction hash value of the current platform according to the authenticated permanent equipment identifier information of the MEC platform and the allocated public network address;
the MEC platform initiates an access request to the core network again so that the core network sends an authentication signaling to other MEC platforms on the block chain when receiving the access request and performs identity authentication on the MEC platform of the access request;
enabling other MEC platforms on the block chain to call the identification information of the MEC platform according to the public network address information contained in the current MEC platform access request, and generating a second hash value;
acquiring a second hash value and the first hash value, and comparing the two hash values, if the two hash values are equal, the verification is passed; otherwise, the verification fails.
In another aspect, an embodiment of the present disclosure provides an MEC platform identity authentication apparatus based on a 5G core network and a blockchain, the apparatus including,
the authentication management module is used for carrying out identity authentication on the MEC platform through a 5G authentication and key negotiation authentication mechanism; marking the network address and the permanent equipment identifier information owned by the authenticated MEC platform;
and the uplink management module is used for performing uplink management on the MEC platform passing the authentication through a block chain common identification mechanism and storing the network address and the permanent equipment identifier information owned by the MEC platform into each node on the current block chain.
In another aspect, an embodiment of the present disclosure provides an MEC platform identity authentication device based on a 5G core network and a blockchain, where the device includes: a processor and a memory storing computer program instructions;
the processor, when executing the computer program instructions, implements any one of the above 5G core network and blockchain MEC platform identity authentication methods.
In another aspect, an embodiment of the present disclosure provides a computer storage medium, where computer program instructions are stored on the computer storage medium, and when the computer program instructions are executed by a processor, the method for authenticating the identity of the MEC platform of the 5G core network and the blockchain is implemented as any one of the above.
The MEC platform identity authentication method, the MEC platform identity authentication device, the MEC platform identity authentication equipment and the computer storage medium of the 5G core network and the block chain in the embodiment of the disclosure can realize identity authentication of the MEC platform, and synchronize and commonly identify platform identification information passing authentication based on the block chain technology, thereby effectively realizing identity authentication of the MEC platform and effectively preventing the occurrence of falsifying and tampering events of IP addresses.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings needed to be used in the embodiments of the present disclosure will be briefly described below, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic diagram of a MEC platform provided by the prior art to access a 5G core network;
fig. 2 is a network topology diagram adopted in the MEC platform identity authentication method based on a 5G core network and a blockchain according to the embodiment of the present disclosure; wherein 2a is a schematic architecture diagram of a single MEC platform accessing a 5G core network; 2b is an interaction schematic diagram of multiple MEC platforms in the network accessing a 5G core network;
fig. 3 is a schematic flowchart illustrating a procedure of performing start-up authentication in the MEC platform identity authentication method based on a 5G core network and a blockchain according to the embodiment of the present disclosure;
fig. 4 is a schematic flowchart illustrating authentication execution in the MEC platform identity authentication method based on the 5G core network and the blockchain according to the embodiment of the present disclosure;
fig. 5 is a schematic flowchart illustrating uplink management performed in the MEC platform identity authentication method based on the 5G core network and the block chain according to the embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of an identity authentication apparatus of an MEC platform based on a 5G core network and a blockchain according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of an MEC platform identity authentication device based on a 5G core network and a blockchain according to another embodiment of the present disclosure.
Detailed Description
Features and exemplary embodiments of various aspects of the present disclosure will be described in detail below, and in order to make objects, technical solutions and advantages of the present disclosure more apparent, the present disclosure will be further described in detail below with reference to the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described herein are intended to be illustrative only and are not intended to be limiting of the disclosure. It will be apparent to one skilled in the art that the present disclosure may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present disclosure by illustrating examples of the present disclosure.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The utility model discloses a security of system and data can not be guaranteed, therefore this disclosure carries out identity authentication to MEC platform through 5G core network, then carries out unified management to MEC platform connected to UPF (User Plane Function) through block chain technique, realizes protection to IP address of each MEC platform, prevents MEC platform IP address from being maliciously tampered and falsely used, and guarantees normal use of application on each MEC platform.
Therefore, in order to solve the prior art problems, embodiments of the present disclosure provide a method, an apparatus, a device, and a computer storage medium for authenticating an identity of an MEC platform based on a 5G core network and a blockchain. First, an identity authentication method for a MEC platform based on a 5G core network and a blockchain provided in the embodiment of the present disclosure is described below.
Fig. 3 to 5 are schematic flow diagrams illustrating an MEC platform identity authentication method based on a 5G core network and a blockchain according to an embodiment of the present disclosure, where the method includes the following steps:
s001, performing identity authentication on the MEC platform through a 5G authentication and key agreement authentication mechanism; marking the network address and the permanent equipment identifier information owned by the authenticated MEC platform;
and S002, performing uplink management on the MEC platform passing the authentication through a block chain common identification mechanism, and storing the network address and the permanent equipment identifier information owned by the MEC platform into each node on the current block chain.
In the method provided in this embodiment, in combination with the network topology shown in fig. 2, the MEC platform performs interaction and authentication with the 5G core network through a UPF (User Plane Function), as shown in fig. 2 a. As shown in fig. 2b, each MEC platform is used as a block node, and the IP address allocated to the MEC platform and PEI (Permanent Equipment Identifier, which is equivalent to International Mobile Equipment Identity (IMEI) of 4G network) information of the MEC platform are used as identification information of the MEC platform, so as to perform consensus authentication on the chain and ensure that the identification information of the MEC platform is not tampered and falsely used.
The network element functions in the 5GC architecture shown in fig. 2a are explained as follows:
AF: application Function, Application layer functional entity.
AMF: access and Mobility Management Function entity; is the termination of the NG-RAN (Radio Access Network, Radio Access Network base station) signaling interface (N2), the termination of the NAS (non Access stratum) signaling (N1).
SMF: session Management Function, Session Management Function entity.
UPF: user Plane Function, User Plane functional entity.
PCF: policy Control Function, Policy Control Function.
NEF: network expose function, the Network exposes functional entities.
NRF: network connectivity Function, Network storage Function.
UDM: unified Data Management, Unified Data Management.
AUSF: authentication Server Function, Authentication Server network element.
NSSF: network Slice Selection Function, Network Slice Selection Function entity.
UE: user Equipment.
Specifically, in the method of this embodiment, during the identity Authentication process of the MEC platform through the Authentication and Key Agreement (5G-AKA) Authentication mechanism, first, the MAC Address (Media Access Control Address, which is translated into a Media Access Control Address, also called as a local area network Address, MAC Address, ethernet Address or physical Address) of the MEC platform device is converted into a decimal system, and then the decimal system is used as the PEI of the edge device for the identity Authentication of the edge device on the core network. Then
The authentication is initiated, as shown in fig. 3, comprising the steps of:
s101, enabling an MEC platform to establish connection with a SEcurity Network element (SEAF, SEcurity Anchor Function, SEcurity Anchor Network element for short, the same below), and enabling the MEC to send N1 message information carrying a permanent device identifier PEI of the MEC to the SEAF through an NEF (Network Exposure Function) Network element;
s102, when the security network element SEAF wants to start Authentication, the security network element SEAF sends a Nausf-MECAUCATHENTICATION-AUTHENTICATION Request message to an AUSF (Authentication Server Function) network element, namely, the security network element SEAF starts an Authentication starting Request to the AUSF to call Nausf-MECAUTHENTICATION service; wherein the request includes permanent device identifier information for the MEC platform;
s103, after receiving the Nausf-MECAUCAuthention-Autothenticate Request message, the AUSF checks whether the SEAF network element initiating the Request in the service network has the right to use the service network name in the Nausf-MECAUuthention-Autothenticate Request by comparing the service network name with the expected service network name; if the comparison is the same, the service network name is authorized to be used by the service network;
s104, the AUSF Network element sends the acquired permanent device identifier information PEI and SNN (Serving Network Name, Name of service Network) to a UDM (Unified Data Management) Network element or an ARPF (Authentication creation and Processing Function, Authentication Credential storage and Management) Network element by sending Authentication response Request information of Nudm _ MECATHENTICATION _ Get _ Request;
and S105, verifying the authenticity of the permanent device identifier PEI by the unified data management devices UDM/ARPF according to the information stored in the database.
Performing authentication is shown in fig. 4:
after the permanent device identifier information PEI passes the verification, the unified data management device creates a first authentication vector to respond to the authentication server so that the authentication server interacts with the security network element SEAF, and identity authentication service is executed according to the authentication vector. The method specifically comprises the following steps:
s201, after the permanent device identifier PEI passes verification, the UDM/ARPF establishes a 5G HE AV (5G Home Environment Authentication Vector ), namely a first Authentication Vector; when the UDM/ARPF generates an AV (Authentication Vector), the "separation bit" of the Authentication Management Field (i.e. Authentication Management Field, AMF for short) must be set to 1; UDM/ARPF creates 5G HE AV, which is generated by RAND (Random Challenge, Random number), AUTN (Authentication Token), XRES (authenticated Response, Authentication Response parameter), and KAUSF (Authentication key).
S202, the UDM/ARPF responds to the authentication Response request, the 5G HE AV is sent to the AUSF in the Nudm _ MECAThenticate _ Get Response message, and the 5G HE AV is indicated to be used for AKA authentication in the Nudm _ MECAThentication _ Get Response message;
s203.ausf stores Authentication response parameter XRES ″, and may calculate anchor key KSEAF according to Authentication key KAUSF, and replace Authentication response parameter XRES ″, by anchor key KSEAF, obtain 5G SE AV (SEcurity Authentication Vector), that is, a second Authentication Vector, which includes RAND (Random Challenge, Random number), AUTN (Authentication Token), and KSEAF (anchor key);
s204, AUSF sends Nausf-MECAUTHENTICATION-AUTHENTICATE response message to SEAF network element, wherein the response message carries 5G SE AV;
s205, the SEAF network element sends an Authentication _ Request Authentication Request message with Authentication parameters such as a random number RAND and a token AUTN to the MEC platform through NEF, the Authentication Request message can also comprise a parameter ngKSI (Key Set Identifier in 5G, 5G Key Set Identifier), the parameter is used for the MEC platform and the AMF (Access and Mobility Management Function, Access and Mobility Management Function, the AMF network element and the SEAF network element are together arranged in a physical device) to identify KAMF (Key derived from ME equipment and the SEAF network element of KSEAF) and partial local security context information created when the identity Authentication is successful, the SEAF network element can also comprise an ABTI-addressing down Between architecture, Anti-dimensional attack of different Architectures, and the conventional Set parameter is used for subsequently starting the dimension reduction protection of the security Function;
s206. the ME (Mobile Equipment) in the MEC platform can forward the received random number RAND and the token AUTN to the USIM (Universal Subscriber Identity Module) of the ME;
s207, after receiving the random number RAND and the token AUTN, the USIM firstly verifies the freshness of the token AUTN in the second authentication vector, after verification, the USIM calculates a RESponse RES (RESponse, RESponse parameter), and returns the RESponse RES, the stored confidentiality key CK and the integrity key IK to the ME, and the ME can deduce RES (encryption RESponse parameter), KAUSF and KSEAF according to the RES, the CK and the IK;
s208, during the Authentication, the ME checks whether the Authentication management field AMF parameter 'Authentication bit' of the token AUTN is 1, if so, the MEC platform returns RES to SEAF in an Authentication Response message sent by NAS (Non-Access Stratum);
s209, the SEAF network element sends the encrypted response parameter RES and the identifier PEI of the response together to the AUSF through a Nausf _ MECAUthentication _ Autothenticate Request message; after the AUSF of the home network receives a Nausf-MECAAuthentication-authentication request, firstly, judging whether a second authentication vector is expired, and if so, considering that the authentication fails; if not, comparing the encryption response parameter RES with the authentication response parameter XRES, and if the encryption response parameter RES and the authentication response parameter XRES are equal, determining that the identity authentication is successful by the AUSF;
s210, the AUSF informs the SEAF of the authentication result of the MEC platform in the home network by sending a Response message Nausf-MECAUTHENTICATION-Autothenticate Response to the SEAF network element;
s211, the SEAF network element sends a Nausf-MECAUthenationic-authentication Result message, the Result message informs the Result of the identity authentication of the MEC platform, and if the authentication is successful, the block chain module of the MEC platform is indicated to mark an IP address and an identifier PEI;
s212, if the identity authentication is successful, the block chain module in the MEC platform marks the current IP address and the identifier PEI for the information uplink operation.
By adopting a block chain mode, the risk problem that the IP address of the MEC platform is easy to be tampered and any MEC platform can falsely use the IP of other MEC platforms at will can be solved. The block chain is a distributed shared account book and a database based on cryptography and consensus algorithm, has the characteristics of decentralization, no tampering, trace remaining in the whole process, traceability, collective maintenance, public transparency and the like, and is matched with the distributed deployment condition of the MEC platform.
Therefore, in this embodiment, all MEC platforms successfully authenticated in the current network are uplink managed, each MEC platform is used as a block node, the IP address allocated by the MEC platform and the PEI information of the MEC platform are used as identification information of the MEC platform, and after the authenticated MEC platform obtains the authentication result, an indication for marking the current public network address and the permanent device identifier information of the MEC platform is obtained, and the indication is used for being sent to all other MEC platforms to synchronize the identification information and being stored in the other MEC platforms.
Specifically, as shown in fig. 5, when the authenticated MEC1 platform initiates a request to the core network again, performing uplink management on the authenticated MEC platform through the blockchain consensus mechanism includes:
s301, regarding the initial authentication of the 5G core network to the MEC1 platform as a transaction, and generating a first transaction Hash value MEC1Hash1 of the current MEC1 platform according to the authenticated identifier PEI and the allocated IP address;
s302, when the platform service of the authenticated MEC1 needs to use the allocated IP resource, the MEC1visit _ Request of the access Request needs to be initiated to the 5G core network again;
S303.5G the core network (5 GC for short) needs the block when receiving the access requestOther MEC platforms in the chain (i.e. MEC2, MEC3, MEC)…) Authenticate MEC1 that requested access at that time; namely, the 5G core network sends an MEC1Identification Verification _ Request authentication signaling to each other MEC platform to Request for identity authentication of the MEC platform of the access Request;
s304. the rest MEC platforms (namely MEC2, MEC3, MEC) on the chain…) Calling the identification information of the MEC platform according to the public network address information contained in the current MEC platform access request, and respectively generating second transaction Hash values MEC2Hash2, MEC3Hash3 and …
S305, comparing the first transaction Hash value MEC1Hash1 with second transaction Hash values MEC2Hash2, MEC3Hash3 and … generated by other MEC platforms, and feeding back a Verification result MEC1Identification Verification _ Response to a 5G core network one by one;
S306.5G the core network feeds back the access result MEC1 vision _ Response according to the verification result, if the verification result values in S305. are the same, it indicates that the information of MEC1 platform has not been tampered, the MEC1 platform is allowed to use the allocated resources again, the MEC1 platform service is normally performed, if the verification fails, the MEC1 platform needs to reinitiate the authentication flow to the core network.
The identity authentication of the edge computing platform MEC is realized through the 5G core network and the block chain technology, the permanent device identifier PEI and the IP address are stored in each node to be compared with the Hash value, the confidentiality is high, the identity authentication of the MEC platform is effectively realized, and the occurrence of falsifying and tampering events of the IP address is effectively prevented.
On the other hand, as shown in fig. 6, an embodiment of the present disclosure provides an MEC platform identity authentication apparatus based on a 5G core network and a blockchain, the apparatus including,
the authentication management module is used for carrying out identity authentication on the MEC platform through a 5G authentication and key negotiation authentication mechanism; marking the network address and the permanent equipment identifier information owned by the authenticated MEC platform;
and the uplink management module is used for performing uplink management on the MEC platform passing the authentication through a block chain common identification mechanism and storing the network address and the permanent equipment identifier information owned by the MEC platform into each node on the current block chain.
The authentication and certification management module is used for managing the processes of starting certification and executing certification, and implementing the steps S101 to S105 and S201 to S212 of the MEC platform identity certification based on the 5G core network and the block chain in the above embodiment of the present disclosure.
First, performing boot authentication, with reference to fig. 2-3, includes:
s101, enabling an MEC platform to be connected with a SEcurity Network element (SEAF), and enabling the MEC to send an N1 message carrying a permanent device identifier PEI of the MEC platform to the SEAF (SEcurity Anchor Function, SEcurity Anchor Network element, SEAF for short) through an NEF (Network Exposure Function) Network element;
s102, when the SEAF network element wishes to start authentication, the SEAF sends a Request message NausMecautionauthentication Request to an AUSF (authentication service) network element, namely, the SEAF initiates a starting authentication Request to call NausMecautionauthentication service; wherein the request includes permanent device identifier information for the MEC platform;
s103, after receiving the Nausf-MECAUCAuthention-Autothenticate Request message, the AUSF checks whether the SEAF network element initiating the Request in the service network has the right to use the service network name in the Nausf-MECAUuthention-Autothenticate Request by comparing the service network name with the expected service network name; if the comparison is the same, the service network name is authorized to be used by the service network;
s104, the AUSF Network element sends the acquired identifier PEI information and SNN (Serving Network Name) to an UDM (Unified Data Management)/ARPF (Authentication creation and Processing Function) Network element by sending a Nudm _ MECATHENTICATION _ Get request;
and S105, verifying the authenticity of the identifier PEI by the unified data management devices UDM/ARPF according to the information stored in the database.
Secondly, authentication is performed, refer to FIG. 4
After the permanent device identifier information PEI passes the verification, the unified data management device creates a first authentication vector to respond to the authentication server so that the authentication server interacts with the security network element SEAF, and identity authentication service is executed according to the authentication vector. The method specifically comprises the following steps:
s201, after the PEI passes the verification, the UDM/ARPF establishes a 5G HE AV (5G Home environmental Authentication Vector, 5G Home Environment Authentication Vector), namely a first Authentication Vector; when generating an AV (Authentication Vector), the "separation bit" of the Authentication Management Field (AMF) must be set to 1; UDM/ARPF creates 5G HE AV, which is generated by RAND (Random Challenge, Random number), AUTN (Authentication Token), XRES (authenticated Response, Authentication Response parameter), and KAUSF (Authentication key).
S202, the UDM/ARPF responds to the authentication response request, the 5G HE AV is sent to the AUSF in the Nudm _ MECAThenticate _ Get response, and the 5G HE AV is indicated to be used for AKA authentication in the Nudm _ MECAThenticate _ Get response;
s203.ausf stores Authentication response parameter XRES ″, and can calculate anchor key KSEAF according to Authentication key KAUSF, and replace XRES with anchor key KSEAF, to obtain 5G SE AV (secure Authentication Vector), i.e. a second Authentication Vector, which includes RAND (Random Challenge), AUTN (Authentication Token), and KSEAF (anchor key);
s204, AUSF sends Nausf-MECAUTHENTICATION-AUTHENTICATE response message to SEAF network element, wherein the response message carries 5G SE AV;
s205, the SEAF network element sends an Authentication _ Request Authentication Request message with Authentication parameters such as a random number RAND and a token AUTN to the MEC platform through NEF, wherein the Authentication Request message also comprises a parameter ngKSI (Key Set Identifier in 5G, 5G Key Set Identifier) which is used for the MEC platform and the AMF (Access and Mobility Management Function; the AMF network element and the SEAF network element are together in a physical device) to identify KAMF (ME and SEAF derived Key from KSEAF) and part of local security context information created when the identity Authentication is successful, and also comprises an ABBA parameter (Anti-biding down Between architecture attack prevention of different Architectures), and the conventional Set parameter is used for subsequently starting the dimensionality reduction protection of the security Function;
s206, the ME (Mobile Equipment) in the mec platform will forward the received random number RAND and token AUTN to the USIM (Universal Subscriber Identity Module);
s207, after receiving the random number RAND and the token AUTN, the USIM firstly verifies the freshness of AUTN in the second authentication vector, after verification, the USIM calculates a RESponse RES (RESponse parameter) and returns the RESponse parameter RES, the stored confidentiality key CK and the integrity key IK to the ME, and the ME can deduce RES (encrypted RESponse parameter), KAUSF and KSEAF according to the RESponse parameters RES, CK and IK;
s208, during the Authentication, the ME checks whether the Authentication management field AMF parameter 'Authentication bit' of the AUTN is 1, if so, the MEC platform returns the encrypted Response parameter RES to the SEAF network element through NAS (Non-Access Stratum) Authentication Response message;
s209, the SEAF network element sends the encrypted response parameter RES and the identifier PEI of the response together to the AUSF through a Nausf _ MECAUthentication _ Autothenticate Request message; after the AUSF of the home network receives a Nausf-MECAAuthentication-authentication Request message, firstly judging whether a second authentication vector is expired, and if so, considering that the authentication fails; if not, comparing the encryption response parameter RES with the authentication response parameter XRES, and if the encryption response parameter RES and the authentication response parameter XRES are equal, determining that the identity authentication is successful by the AUSF;
s210, the AUSF informs the SEAF network element of the authentication result of the MEC platform in the home network by sending a Nausf-MECAUTHENTICATION-Autothenticate Response message to the SEAF;
s211, the SEAF network element informs the Result of the identity authentication of the MEC platform through a Nausf-MECAUthenationic-authentication Result message, and if the authentication is successful, the SEAF network element indicates a block chain module of the MEC platform to mark an IP address and an identifier PEI;
s212, if the identity authentication is successful, the block chain module in the MEC platform marks the current IP and the identifier PEI for the information uplink operation.
The uplink management module carries out uplink management on all MEC platforms successfully authenticated in the current network, each MEC platform is used as a block node, the IP address allocated by the MEC platform and PEI information of the MEC platform are used as identification information of the MEC platform, and after the MEC platform passing the authentication obtains the authentication result, an indication for marking the current public network address and the permanent equipment identifier information of the MEC platform is obtained and used for sending the indication to all other MEC platforms to carry out synchronization of the identification information and storing the indication in other MEC platforms.
Specifically, when the authenticated MEC1 platform initiates a request to the core network again, the uplink management module performs uplink management on the authenticated MEC platform through the blockchain consensus mechanism, and executes the method steps S301 to S306 of the MEC platform identity authentication based on the 5G core network and the blockchain in the above embodiment, with reference to fig. 5, including:
s301, regarding the initial authentication of the 5G core network to the MEC1 platform as a transaction, and generating a first transaction Hash value MEC1Hash1 of the current MEC1 platform according to the authenticated identifier PEI and the allocated IP address;
s302, when the platform service of the authenticated MEC1 needs to use the allocated IP resource, the MEC1visit _ Request of the access Request needs to be initiated to the 5G core network again;
S303.5G when the core network (5 GC for short) receives the access request, it needs other MEC platforms (MEC 2, MEC3, MEC) on the block chain…) Authenticate MEC1 that requested access at that time; namely, the 5G core network sends an MEC1Identification Verification _ Request authentication signaling to each other MEC platform to Request for identity authentication of the MEC platform of the access Request;
s304. the rest MEC platforms (namely MEC2, MEC3, MEC) on the chain…) Calling the identification information of the MEC platform according to the public network address information contained in the current MEC platform access request, and respectively generating second transaction Hash values MEC2Hash2, MEC2Hash3 and …
S305, comparing the first transaction Hash value MEC1Hash1 with second transaction Hash values MEC2Hash, MEC3Hash, … generated by other MEC platforms, and feeding back a Verification result MEC1Identification Verification _ Response to a 5G core network one by one;
S306.5G the core network feeds back the access result MEC1 vision _ Response according to the verification result, if the verification result values in S305. are the same, it indicates that the information of MEC1 platform has not been tampered, the MEC1 platform is allowed to use the allocated resources again, the MEC1 platform service is normally performed, if the verification fails, the MEC1 platform needs to initiate the authentication flow to the core network again
In another aspect, as shown in fig. 7, an embodiment of the present disclosure provides an MEC platform identity authentication device based on a 5G core network and a blockchain, where the device includes: a processor and a memory storing computer program instructions;
the processor, when executing the computer program instructions, implements any one of the above 5G core network and blockchain MEC platform identity authentication methods.
Fig. 7 shows a hardware structure diagram of the MEC platform identity authentication device of the 5G core network and the blockchain provided by the embodiment of the present disclosure.
The MEC platform identity authentication device at the 5G core network and blockchain may include a processor 301 and a memory 302 storing computer program instructions.
In particular, the processor 301 may include a Central Processing Unit (CPU), or an Application Specific Integrated Circuit (ASIC), or may be configured to implement one or more Integrated circuits of the embodiments of the present disclosure.
The processor 301 reads and executes the computer program instructions stored in the memory 302 to implement any one of the methods for the identity authentication of the MEC platform of the 5G core network and the blockchain in the above embodiments.
In one example, the MEC platform identity authentication device of the 5G core network and the blockchain may further include a communication interface 303 and a bus 310. As shown in fig. 7, the processor 301, the memory 302, and the communication interface 303 are connected via a bus 310 to complete communication therebetween.
The communication interface 303 is mainly used for implementing communication between modules, apparatuses, units and/or devices in the embodiments of the present disclosure.
In another aspect, an embodiment of the present disclosure provides a computer storage medium, where computer program instructions are stored on the computer storage medium, and when the computer program instructions are executed by a processor, the method for authenticating the identity of the MEC platform of the 5G core network and the blockchain is implemented as any one of the above.
It is to be understood that this disclosure is not limited to the particular configurations and processes described above and shown in the drawings. A detailed description of known methods is omitted herein for the sake of brevity. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present disclosure are not limited to the specific steps described and illustrated, and those skilled in the art may make various changes, modifications, and additions or change the order between the steps after comprehending the spirit of the present disclosure.
The functional blocks shown in the above-described structural block diagrams may be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the present disclosure are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link. A "machine-readable medium" may include any medium that can store or transfer information. Examples of a machine-readable medium include electronic circuits, semiconductor memory devices, ROM, flash memory, Erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, Radio Frequency (RF) links, and so forth. The code segments may be downloaded via computer networks such as the internet, intranet, etc.
It should also be noted that the exemplary embodiments mentioned in this disclosure describe some methods or systems based on a series of steps or devices. However, the present disclosure is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, may be performed in an order different from the order in the embodiments, or may be performed several steps at the same time.
As described above, only the specific embodiments of the present disclosure are provided, and it can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system, the module and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. It should be understood that the scope of the present disclosure is not limited thereto, and any person skilled in the art can easily conceive of various equivalent modifications or substitutions within the technical scope of the present disclosure, and these modifications or substitutions should be covered within the scope of the present disclosure.
Claims (10)
1. An MEC platform identity authentication method based on a 5G core network and a block chain is characterized by comprising the following steps:
performing identity authentication on the MEC platform through a 5G authentication and key negotiation authentication mechanism; marking the network address and the permanent equipment identifier information owned by the authenticated MEC platform;
and performing uplink management on the MEC platform passing the authentication through a block chain common identification mechanism, and storing the network address and the permanent equipment identifier information owned by the MEC platform into each node on the current block chain.
2. The MEC platform identity authentication method based on 5G core network and block chain as claimed in claim 1, wherein the identity authentication of MEC platform through 5G authentication and key agreement authentication mechanism comprises
The method comprises the steps that the MEC platform is connected with a security network element SEAF, the security network element SEAF initiates an authentication starting request to an authentication server, and the request comprises permanent equipment identifier information of the MEC platform, so that the authentication server requests the unified data management equipment to verify the authenticity of the permanent equipment identifier information;
after the permanent device identifier information is verified, the unified data management device creates an authentication vector to respond to the authentication server so that the authentication server interacts with the security network element SEAF, and identity authentication service is executed according to the authentication vector.
3. The MEC platform identity authentication method based on the 5G core network and the block chain as claimed in claim 2, wherein the identity authentication of the MEC platform through the 5G authentication and key agreement authentication mechanism specifically comprises:
enabling the MEC platform to establish connection with a security network element SEAF, and sending information carrying a permanent equipment identifier of the current MEC platform to the security network element SEAF;
sending an authentication starting request to an authentication server through a security network element SEAF (secure access gateway), so that an authentication response request is sent to a unified data management device UDM (universal data management) or ARPF (unified data management) after an AUSF (autonomous AuSF) of the authentication server passes the service network authentication of the security network element SEAF; the starting authentication request and the authentication response request both contain the permanent equipment identifier information of the MEC platform, and the unified data management equipment UDM or ARPF verifies the authenticity of the permanent equipment identifier information.
4. The MEC platform identity authentication method based on 5G core network and block chain of claim 3, wherein the MEC platform is authenticated through 5G authentication and key agreement authentication mechanism, further comprising:
after the permanent device identifier information is verified, the unified data management device UDM or ARPF creates a first authentication vector, responds to the authentication response request, sends the first authentication vector to an authentication server AUSF and indicates the authentication vector to be used for authentication and key negotiation authentication; wherein the first authentication vector comprises a random number, an authentication token, an authentication response parameter and an authentication key;
the AUSF of the authentication server stores authentication response parameters, calculates an anchor key according to an authentication key, generates a second authentication vector containing the random number, the authentication token and the anchor key, and sends the second authentication vector to the security network element SEAF;
the security network element SEAF sends request information at least containing the random number and the authentication token in the second authentication and authorization vector to the MEC platform, so that the platform sends the random number and the authentication token to the USIM for performing freshness verification on the authentication token, and the MEC platform deduces a response parameter, an authentication key and an anchor key and returns the response parameter, the authentication key and the anchor key to the authentication service end;
the authentication server judges the authentication result according to the comparison between the response parameter and the authentication response parameter; if the comparison is equal, the authentication is passed, otherwise, the authentication fails.
5. The MEC platform identity authentication method based on 5G core network and block chain according to any one of claims 1-4, wherein the marking of the network address and the permanent device identifier information possessed by the authenticated MEC platform comprises
And enabling the MEC platform passing the authentication to acquire an authentication result and acquire an indication for marking the current public network address and the permanent equipment identifier information of the MEC platform, and marking to carry out uplink operation.
6. The method of any of claims 1-4, wherein the uplink management of the authenticated MEC platform is performed through a blockchain consensus mechanism, and specifically comprises performing uplink management on the authenticated MEC platform
And for the MEC platform passing the authentication, synchronizing the public network address and the permanent equipment identifier information distributed to the MEC platform as the identification information of the MEC platform to other MEC platforms in the network where the current platform is located for uplink management of the MEC platform.
7. The MEC platform identity authentication method based on 5G core network and blockchain of claim 6, wherein the uplink management of the MEC platform passing the authentication is performed through a blockchain consensus mechanism, and the uplink management comprises:
generating a first transaction hash value of the current platform according to the authenticated permanent equipment identifier information of the MEC platform and the allocated public network address;
the MEC platform initiates an access request to the core network again so that the core network sends an authentication signaling to other MEC platforms on the block chain when receiving the access request and performs identity authentication on the MEC platform of the access request;
enabling other MEC platforms on the block chain to call the identification information of the MEC platform according to the public network address information contained in the current MEC platform access request, and generating a second hash value;
acquiring a second hash value and the first hash value, comparing the two hash values, and if the two hash values are equal, passing the verification; otherwise, the verification fails.
8. An MEC platform identity authentication device based on a 5G core network and a block chain is characterized in that,
the authentication management module is used for carrying out identity authentication on the MEC platform through a 5G authentication and key negotiation authentication mechanism; marking the network address and the permanent equipment identifier information owned by the authenticated MEC platform;
and the uplink management module is used for performing uplink management on the MEC platform passing the authentication through a block chain common identification mechanism and storing the network address and the permanent equipment identifier information owned by the MEC platform into each node on the current block chain.
9. An MEC platform identity authentication device based on a 5G core network and a block chain, the device comprising: a processor and a memory storing computer program instructions;
the processor, when executing the computer program instructions, implements the 5G core network and blockchain MEC platform identity authentication method of any of claims 1-7.
10.A computer storage medium having stored thereon computer program instructions which, when executed by a processor, implement the method for 5G core network and blockchain MEC platform identity authentication according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011272829.9A CN112491829B (en) | 2020-11-13 | 2020-11-13 | MEC platform identity authentication method and device based on 5G core network and blockchain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011272829.9A CN112491829B (en) | 2020-11-13 | 2020-11-13 | MEC platform identity authentication method and device based on 5G core network and blockchain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112491829A true CN112491829A (en) | 2021-03-12 |
| CN112491829B CN112491829B (en) | 2023-04-28 |
Family
ID=74930592
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011272829.9A Active CN112491829B (en) | 2020-11-13 | 2020-11-13 | MEC platform identity authentication method and device based on 5G core network and blockchain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112491829B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113301022A (en) * | 2021-04-27 | 2021-08-24 | 西安理工大学 | Internet of things equipment identity security authentication method based on block chain and fog calculation |
| CN113438650A (en) * | 2021-06-10 | 2021-09-24 | 湖南天河国云科技有限公司 | Block chain-based network equipment authentication method and system |
| CN114650535A (en) * | 2022-03-02 | 2022-06-21 | 广州爱浦路网络技术有限公司 | SEEP mutual trust connection method, system, device and medium in 5G core network |
| CN114978741A (en) * | 2022-06-07 | 2022-08-30 | 中国电信股份有限公司 | Intersystem authentication method and system |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109299347A (en) * | 2018-11-16 | 2019-02-01 | 大唐高鸿信息通信研究院(义乌)有限公司 | A kind of academic information query method and system based on 5G framework and block chain |
| CN109327457A (en) * | 2018-11-09 | 2019-02-12 | 广州大学 | A kind of internet of things equipment identity identifying method and system based on block chain |
| CN109361688A (en) * | 2018-11-16 | 2019-02-19 | 大唐高鸿信息通信研究院(义乌)有限公司 | It is a kind of that card method and system are deposited based on 5G framework and block chain |
| CN110569643A (en) * | 2019-09-10 | 2019-12-13 | 腾讯科技(深圳)有限公司 | traffic management method and device based on block chain network |
| CN110730075A (en) * | 2019-09-11 | 2020-01-24 | 烨链(上海)科技有限公司 | Data processing method, device and system |
| CN111556089A (en) * | 2020-03-16 | 2020-08-18 | 西安电子科技大学 | Resource joint optimization method based on enabling block chain mobile edge computing system |
| CN111586017A (en) * | 2020-04-29 | 2020-08-25 | 北京邮电大学 | Method and device for authenticating communication user |
| US20200302431A1 (en) * | 2019-03-21 | 2020-09-24 | Verizon Patent And Licensing Inc. | System and method for allocating multi-access edge computing services |
| CN111866858A (en) * | 2019-04-29 | 2020-10-30 | 华为技术有限公司 | Registration method and communication device |
-
2020
- 2020-11-13 CN CN202011272829.9A patent/CN112491829B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109327457A (en) * | 2018-11-09 | 2019-02-12 | 广州大学 | A kind of internet of things equipment identity identifying method and system based on block chain |
| CN109299347A (en) * | 2018-11-16 | 2019-02-01 | 大唐高鸿信息通信研究院(义乌)有限公司 | A kind of academic information query method and system based on 5G framework and block chain |
| CN109361688A (en) * | 2018-11-16 | 2019-02-19 | 大唐高鸿信息通信研究院(义乌)有限公司 | It is a kind of that card method and system are deposited based on 5G framework and block chain |
| US20200302431A1 (en) * | 2019-03-21 | 2020-09-24 | Verizon Patent And Licensing Inc. | System and method for allocating multi-access edge computing services |
| CN111866858A (en) * | 2019-04-29 | 2020-10-30 | 华为技术有限公司 | Registration method and communication device |
| CN110569643A (en) * | 2019-09-10 | 2019-12-13 | 腾讯科技(深圳)有限公司 | traffic management method and device based on block chain network |
| CN110730075A (en) * | 2019-09-11 | 2020-01-24 | 烨链(上海)科技有限公司 | Data processing method, device and system |
| CN111556089A (en) * | 2020-03-16 | 2020-08-18 | 西安电子科技大学 | Resource joint optimization method based on enabling block chain mobile edge computing system |
| CN111586017A (en) * | 2020-04-29 | 2020-08-25 | 北京邮电大学 | Method and device for authenticating communication user |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113301022A (en) * | 2021-04-27 | 2021-08-24 | 西安理工大学 | Internet of things equipment identity security authentication method based on block chain and fog calculation |
| CN113301022B (en) * | 2021-04-27 | 2022-08-09 | 成都极略科技有限公司 | Internet of things equipment identity security authentication method based on block chain and fog calculation |
| CN113438650A (en) * | 2021-06-10 | 2021-09-24 | 湖南天河国云科技有限公司 | Block chain-based network equipment authentication method and system |
| CN113438650B (en) * | 2021-06-10 | 2024-05-03 | 湖南天河国云科技有限公司 | Network equipment authentication method and system based on block chain |
| CN114650535A (en) * | 2022-03-02 | 2022-06-21 | 广州爱浦路网络技术有限公司 | SEEP mutual trust connection method, system, device and medium in 5G core network |
| CN114978741A (en) * | 2022-06-07 | 2022-08-30 | 中国电信股份有限公司 | Intersystem authentication method and system |
| CN114978741B (en) * | 2022-06-07 | 2024-03-19 | 中国电信股份有限公司 | Inter-system authentication method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112491829B (en) | 2023-04-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112491829B (en) | MEC platform identity authentication method and device based on 5G core network and blockchain | |
| US11496320B2 (en) | Registration method and apparatus based on service-based architecture | |
| US7142851B2 (en) | Technique for secure wireless LAN access | |
| KR101044210B1 (en) | Certificate based authentication authorization accounting scheme for loose coupling interworking | |
| US8474020B2 (en) | User authentication method, wireless communication apparatus, base station, and account management apparatus | |
| CN101120534A (en) | System, method and devices for authentication in a wireless local area network (wlan) | |
| KR20050064119A (en) | Server certification validation method for authentication of extensible authentication protocol for internet access on user terminal | |
| JP2011141877A (en) | Authentication in communication system | |
| TW200934195A (en) | System and method of authenticating a context transfer from MME towards a legacy 3GPP system | |
| US20060174124A1 (en) | System and method for installing trust anchors in an endpoint | |
| CN111565169B (en) | Cloud edge authentication method under mobile edge computing architecture, electronic equipment and storage medium | |
| WO2018076377A1 (en) | Data transmission method, terminal, node device and system | |
| CN110351725B (en) | Communication method and device | |
| US8051464B2 (en) | Method for provisioning policy on user devices in wired and wireless networks | |
| CN112423299B (en) | Method and system for wireless access based on identity authentication | |
| WO2013163846A1 (en) | Mobile equipment authentication method, device and system | |
| CN112887979A (en) | Network access method and related equipment | |
| WO2005111826A1 (en) | Communication system | |
| CN105610667B (en) | The method and apparatus for establishing Virtual Private Network channel | |
| CN107295015B (en) | Traffic signal machine communication method | |
| KR100299058B1 (en) | Method for detecting terminal cloning using a call history count where a smart card is selected in mobile communication | |
| CN101742507B (en) | System and method for accessing Web application site for WAPI terminal | |
| CN110149215A (en) | Method for network authorization, device and electronic equipment | |
| CN113079503B (en) | Method and system for remotely downloading authentication application certificate | |
| CN115314278B (en) | Trusted network connection identity authentication method, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20231208 Address after: No. 220 Qingyuan Street, Shijiazhuang City, Hebei Province, 050011 Patentee after: China Mobile System Integration Co.,Ltd. Patentee after: China Mobile xiongan information and Communication Technology Co.,Ltd. Patentee after: CHINA MOBILE COMMUNICATIONS GROUP Co.,Ltd. Patentee after: China Mobile Information System Integration Co.,Ltd. Address before: 071700 No.88, South Aowei Road, Rongcheng County, Baoding City, Hebei Province Patentee before: China Mobile xiongan information and Communication Technology Co.,Ltd. Patentee before: China Mobile System Integration Co.,Ltd. Patentee before: CHINA MOBILE COMMUNICATIONS GROUP Co.,Ltd. |