CN114760090B - Communication security authentication method and device for electric power 5G network slice - Google Patents

Communication security authentication method and device for electric power 5G network slice Download PDF

Info

Publication number
CN114760090B
CN114760090B CN202210178412.9A CN202210178412A CN114760090B CN 114760090 B CN114760090 B CN 114760090B CN 202210178412 A CN202210178412 A CN 202210178412A CN 114760090 B CN114760090 B CN 114760090B
Authority
CN
China
Prior art keywords
slice
random
ciphertext
parameter
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210178412.9A
Other languages
Chinese (zh)
Other versions
CN114760090A (en
Inventor
吴鹏
姚继明
郭云飞
王玮
陈端云
林彧茜
虞跃
朱亮
方友旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Southeast University
Global Energy Interconnection Research Institute
State Grid Fujian Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Southeast University
Global Energy Interconnection Research Institute
State Grid Fujian Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Southeast University, Global Energy Interconnection Research Institute, State Grid Fujian Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202210178412.9A priority Critical patent/CN114760090B/en
Publication of CN114760090A publication Critical patent/CN114760090A/en
Application granted granted Critical
Publication of CN114760090B publication Critical patent/CN114760090B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Abstract

The invention discloses a communication security authentication method and a device for electric power 5G network slicing, wherein in the protocol authentication process, a user terminal Ui and a core network element management module AMF are used for matching a first ciphertext feature element which is the same as a first encryption key based on an exchangeable encryption algorithm, and decrypting the first ciphertext feature element to obtain a corresponding second ciphertext feature element. Finally, the core network element management module AMF decrypts again the slice provisioning scheme satisfying the set of slice request feature vectors based on the decrypted second ciphertext feature element. The deployment scheme in the embodiment of the invention is simple, does not need to use a PKI system, is beneficial to reducing data calculation and data transmission expenditure, reduces transmission delay and improves calculation and communication efficiency.

Description

Communication security authentication method and device for electric power 5G network slice
Technical Field
The invention relates to the technical field of 5G network slice communication, in particular to a communication security authentication method and device for a power 5G network slice.
Background
With the rapid development of a new round of mobile communication technology 5G, everything interconnection becomes possible, and compared with 4G and 5G, a brand new network architecture is adopted, so that bandwidth, millisecond-level delay and ultra-high density connection with the bandwidth of more than 10Gps are provided, and the large jump of network performance is realized. However, as the application of 5G network slicing is more and more widespread, meanwhile, the security of 5G network slicing becomes an important issue, and a flexible network slicing mechanism of 5G also brings new security threat, so that the conventional network security protection technology has difficulty in meeting the requirement of 5G. Therefore, a security mechanism of the 5G network slice in the process of communication of the object is required to be further enhanced, so as to prevent information leakage among the network slices, unauthorized access of the network slices, and illegal operation of illegal users on the network slices.
In the related art, in network slice authentication selection, information interaction is performed between a user equipment UI and a core network element AUSF, identity authentication work is performed through the core network element AUSF, a shared key is mutually negotiated, and data security of a network slice is ensured by using the shared key. Or, by means of the PKI authentication system, PKI is deployed through a user and public key certificates are applied, and the two modes are all required to complete shared public key encryption through a complex encryption algorithm, so that the communication authentication process is complex, the data calculation and data transmission cost is high, interaction with a plurality of security network elements is also required, and the transmission delay is influenced.
Disclosure of Invention
Therefore, the technical problem to be solved by the invention is to overcome the problems of complex communication authentication process, high data calculation and data transmission cost, interaction with a plurality of safety network elements and influence on transmission delay in the prior art, thereby providing the communication safety authentication method and device for the electric power 5G network slice.
According to a first aspect, an embodiment of the present invention provides a communication security authentication method for a power 5G network slice, which is used for a user terminal, and includes the following steps:
determining a slice request feature vector set according to service requirements and network characteristics;
Randomly generating random prime numbers, first random decryption parameters and first random encryption parameters to calculate a first encryption key to encrypt the slice request feature vector set;
generating a slice authentication request message based on the random prime numbers and a first encryption file encrypted by the first encryption key, and forwarding the slice authentication request message to a core network element management module through a base station;
receiving a slice authentication response message forwarded by the core network element management module through the base station, wherein the slice authentication response message is loaded with a second encryption file encrypted by a second encryption key obtained by calculation based on the random prime numbers, a second random decryption parameter and a second random encryption parameter, and a second slice authentication secret set of each slice provision scheme in a slice provision feature vector set, and the second slice authentication secret set comprises a plurality of second ciphertext feature elements;
calculating a first slice authentication ciphertext set for encrypting each second ciphertext feature element in the second slice authentication ciphertext set according to the first random encryption parameter and the second ciphertext feature element, wherein the first slice authentication ciphertext set comprises a plurality of first ciphertext feature elements;
Determining the same matching result between the first ciphertext feature element and the second encryption key by matching the two, wherein the same matching result is an encrypted ciphertext meeting a slice supply scheme of the slice request feature vector set;
and decrypting the same matching result based on the first random decryption parameter to obtain the second ciphertext feature element corresponding to the same matching result, and forwarding the decrypted second ciphertext feature element to the core network element management module through the base station, so that the core network element management module decrypts a slice supply scheme which is satisfied with the slice request feature vector set based on the second random decryption parameter.
In one embodiment, the random prime number, the first random decryption parameter, and the first random encryption parameter are randomly generated to calculate a first encryption key to encrypt the slice request feature vector set, calculated by the following formula:
PK Ui =SK Ui -1 modp-1;
wherein SK is Ui For the first random decryption parameter, SK Ui ∈Z p-2 Natural number, PK of (E) Ui For the first random encryption parameter, p is the random prime number, E Ui F for the first encryption key Ui A set of feature vectors is requested for the slice.
In one embodiment, a first slice authentication ciphertext set for encrypting each second ciphertext feature element in the second slice authentication ciphertext set is calculated according to the first random encryption parameter and the second ciphertext feature element, the first slice authentication ciphertext set comprising a plurality of first ciphertext feature elements, and is calculated by the following formula:
Wherein E is AMF ' authentication of the first cut-off secret corpus, E AMFl ' is the first ciphertext feature element, PK Ui For the first random encryption parameter, F AMFl Supplying the slice with the first slice supply scheme in the feature vector set, p being the random prime number, PK KMF E_AMFl is the first second cryptograph characteristic element for the second random encryption parameter.
In one embodiment, based on the first random decryption parameter, decrypting the same matching result to obtain the second ciphertext feature element corresponding thereto, and calculating by the following formula:
wherein E is EMFl For the first second ciphertext feature element, E AMFl ' is the first ciphertext feature element, SK Ui For the first random decryption parameter, SK Ui ∈Z p-2 P is the random prime number, F AMFl Provisioning the slice with the first slice provisioning scheme, PK, in the feature vector set AMF And the second random encryption parameter corresponding to the second random encryption parameter.
According to a second aspect, an embodiment of the present invention further provides a communication security authentication method for a power 5G network slice, which is used for a core network element management module, including the following steps:
receiving a slice authentication request message forwarded by a user terminal through a base station, wherein the slice authentication request message is loaded with a first encryption file formed by encrypting random prime numbers and a first encryption key;
Calculating a second encryption key for re-encrypting the first encrypted file according to the random prime numbers, the second random decryption parameters and the second random encryption parameters which are randomly generated;
determining a slice provisioning feature vector set for provisioning the slice request feature vector set, the slice provisioning feature vector set including a plurality of slice provisioning schemes;
calculating a second slice authentication secret set for encrypting each slice supply scheme in the slice supply feature vector set according to the second random encryption parameter, the random prime number and each slice supply scheme in the slice supply feature vector set, wherein the second slice authentication secret set comprises a plurality of second ciphertext feature elements;
generating a slice authentication response message based on a second encrypted file encrypted by the second slice authentication ciphertext set and the second encryption key, and forwarding the slice authentication response message to the user terminal through the base station, so that the same matching result of the first ciphertext feature element and the second encryption key is decrypted based on a first random decryption parameter, and the second ciphertext feature element corresponding to the same matching result is obtained;
And receiving the decrypted second ciphertext feature element forwarded by the user terminal through the base station, and decrypting a slice supply scheme meeting the slice request feature vector set based on the second random decryption parameter.
In one embodiment, a second encryption key for re-encrypting the first encrypted file is calculated based on the random prime numbers and a randomly generated second random decryption parameter, a second random encryption parameter, and is calculated by the following formula:
PK AMF =SK AMF -1 modp-1;
wherein PK AMF For the second random encryption parameter, SK AMF For the second random decryption parameter, SK AMF ∈Z p-2 P is the random prime number, E Ui ' is the second encryption key, E Ui F for the first encryption key Ui Requesting a feature vector set, PK, for the slice Ui Is the first random encryption parameter.
In one embodiment, a second slice authentication secret for encrypting each slice provisioning scheme in the slice provisioning feature vector set is calculated according to the second random encryption parameter, the random prime number, and each slice provisioning scheme in the slice provisioning feature vector set, by the following formula:
wherein E is AMF Authenticating the ciphertext for the second slice, E AMFl For the first second ciphertext feature element, F AMFl Provisioning scheme for the first slice, PK AMF And p is the random prime number for the second random encryption parameter.
In one embodiment, decrypting the slice provisioning scheme satisfied with the set of slice request feature vectors based on the second random decryption parameter is calculated by the following formula:
wherein F is AMFl Supply scheme for the first slice, E AMFl SK as the first second ciphertext feature element AMF For the second random decryption parameter, SK AMF ∈Z p-2 P is the random prime number.
According to a third aspect, the embodiment of the present invention further provides a computer readable storage medium, where computer instructions are stored, where the computer instructions are configured to cause the computer to perform the communication security authentication method of the power 5G network slice according to the first aspect or any implementation manner of the second aspect.
According to a fourth aspect, an embodiment of the present invention further provides a computer apparatus, including: the power 5G network slice communication security authentication method comprises a memory and a processor, wherein the memory and the processor are in communication connection, the memory stores computer instructions, and the processor executes the computer instructions, so that the communication security authentication method of the power 5G network slice in the first aspect or any implementation mode of the second aspect is executed.
The technical scheme of the invention has the following advantages:
the invention discloses a communication security authentication method and a device for electric power 5G network slicing, wherein in the protocol authentication process, a user terminal Ui and a core network element management module AMF are used for matching a first ciphertext feature element which is the same as a first encryption key based on an exchangeable encryption algorithm, and decrypting the first ciphertext feature element to obtain a corresponding second ciphertext feature element. Finally, the core network element management module AMF decrypts again the slice provisioning scheme satisfying the set of slice request feature vectors based on the decrypted second ciphertext feature element. The deployment scheme in the embodiment of the invention is simple, does not need to use a PKI system, is beneficial to reducing data calculation and data transmission expenditure, reduces transmission delay and improves calculation and communication efficiency.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the present invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a specific example of a communication security authentication method of a power 5G network slice in an embodiment of the present invention;
fig. 2 is a flowchart of another specific example of a communication security authentication method of a power 5G network slice in an embodiment of the present invention;
fig. 3 is a schematic diagram of communication authentication interaction among a base station, a user terminal, and a core network element management module in an embodiment of the present invention;
fig. 4 is a block diagram of a communication security authentication device for a power 5G network slice according to an embodiment of the present invention;
FIG. 5 is another block diagram of a communication security authentication device for power 5G network slice according to an embodiment of the present invention;
fig. 6 is a schematic hardware diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made apparent and fully in view of the accompanying drawings, in which some, but not all embodiments of the invention are shown. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the description of the present invention, it should be noted that the directions or positional relationships indicated by the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc. are based on the directions or positional relationships shown in the drawings, are merely for convenience of describing the present invention and simplifying the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and thus should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it should be noted that, unless explicitly specified and limited otherwise, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be either fixedly connected, detachably connected, or integrally connected, for example; can be mechanically or electrically connected; the two components can be directly connected or indirectly connected through an intermediate medium, or can be communicated inside the two components, or can be connected wirelessly or in a wired way. The specific meaning of the above terms in the present invention will be understood in specific cases by those of ordinary skill in the art.
In addition, the technical features of the different embodiments of the present invention described below may be combined with each other as long as they do not collide with each other.
The embodiment of the invention discloses a communication security authentication method for a power 5G network slice, which is used for a user terminal, wherein the user terminal can be a smart grid user terminal or other types of user terminals. The embodiment of the invention can be applied to the application scene of the 5G network slice electric power communication authentication of the intelligent power grid.
In smart grids, there are many low power users who are not suitable for using complex communication authentication schemes. The embodiment of the invention designs a new security authentication scheme based on a exchangeable encryption algorithm (Pohlig-hellman) aiming at the problem that the existing 5G network slice selection scheme has poor performance. The method comprises the steps of designing a safe and efficient slice selection scheme for a slice selection matching process of a user terminal Ui, a base station gNB and a core network element management module AMF in a 5G smart grid, wherein the safe and efficient slice selection scheme is used for protecting slice selection information privacy between the user terminal Ui and the core network element management module AMF; the user terminal Ui carries out secondary encryption on the slice set according to the received message, compares the two encrypted slices, and returns the correct encrypted slices to the core network element management module AMF through the base station gNB; and the core network element management module AMF receives the data and then performs secondary decryption to obtain a slice selected by the user terminal Ui. Therefore, the slice privacy data between the user terminal Ui and the core network element management module AMF are protected, so that the data cannot be exposed to third-party attackers.
Example 1
The communication security authentication method for the electric power 5G network slice disclosed by the embodiment of the invention is used for a user terminal, and as shown in fig. 1, comprises the following steps:
step S11: and determining a slice request feature vector set according to the service requirements and the network characteristics.
The slice in the embodiment of the invention can be a 5G network slice. The above service requirements are service conditions required by the user terminal for executing the service application. And the network characteristics are the characteristics of the slice such as speed, bandwidth, time delay, security level and the like. Based on rate and band of physical network resourcesFeatures such as width, time delay, security level, etc. are divided into a plurality of fine-grained network slices. Physical network resource pnr= { slice 1 ,slice 2 ,…,slice n DS, DS represents the default network slice. Each network slice i A group of different characteristic values are used for characterizing speed, bandwidth, time delay, security level and the like, and a vector S is used for determining the characteristic value of the speed, the bandwidth, the time delay, the security level and the like i F=(S i F 1 ,S i F 2 ,…,S i F t ) Representing (including t features) a network slice feature value numbered i.
For example: determining a slice request feature vector set as F according to service requirements and network characteristics Ui =(x 1 ,…,x j ,…,x t ) Wherein each element x j For a slice feature (e.g., delay, etc.), each element x j ∈F UE The slice request feature vector set contains t slice request feature elements.
In the embodiment of the invention, the core network element management module AMF hopes to obtain the slice selection data F requested by the user terminal Ui AMFl =F Ui ,F AMFl Slice feature data that may be provided for the core network element management module AMF.
Step S12: the random prime numbers, the first random decryption parameters, and the first random encryption parameters are randomly generated to calculate a first encryption key to encrypt the set of slice request feature vectors.
Where the random prime number may be represented by p, and the first random decryption parameter may be represented by SK Ui Representation, SK Ui ∈Z p-2 The first random encryption parameter may be PK Ui And (3) representing. In the embodiment of the invention, the user terminal Ui firstly initializes and generates the first random decryption parameter SK of the user terminal Ui Ui First random encryption parameter PK Ui With the first random decryption parameter SK Ui Corresponding, and pairing exists.
In one embodiment, in step S12, the random prime number, the first random decryption parameter and the first random encryption parameter are randomly generated to calculate the first encryption key to encrypt the slice request feature vector set, and the calculation is performed by the following formulas (1) and (2).
PK Ui =SK Ui -41 mod p-1; (1)
Wherein SK is Ui For the first random decryption parameter, SK Ui ∈Z p-2 Natural number, PK of (E) Ui For the first random encryption parameter, p is a random prime number, E Ui F as the first encryption key Ui A feature vector set is requested for a slice.
And (3) encrypting the slice request feature vector set expected by the user terminal Ui through the formulas (1) - (2) so as to ensure the safety of the slice feature data requested by the user terminal Ui and prevent the slice feature data from being leaked to a third-party attacker.
Step S13: and generating a slice authentication request message based on the random prime numbers and the first encrypted file encrypted by the first encryption key, and forwarding the slice authentication request message to the core network element management module through the base station.
Random prime numbers p, E Ui The encrypted first encrypted file is forwarded to the core network element management module AMF through the base station gNB by the slice authentication request message, so that the AMF performs secondary encryption on the first encrypted file.
Step S14: and receiving a slice authentication response message forwarded by the core network element management module through the base station, wherein the slice authentication response message is loaded with a second encryption file encrypted by a second encryption key obtained by calculation based on the random prime numbers, the second random decryption parameters and the second random encryption parameters, and a second slice authentication secret set of each slice supply scheme in the slice supply feature vector set, and the second slice authentication secret set comprises a plurality of second ciphertext feature elements.
The second encrypted file is the first encrypted file E by the core network element management module AMF Ui The key file for secondary encryption can be E Ui ' representation. The second slice authentication secret can be used with E AMF The representation is made of a combination of a first and a second color,
step S15: and calculating a first slice authentication ciphertext set for encrypting each second ciphertext characteristic element in the second slice authentication ciphertext set according to the first random encryption parameter and the second ciphertext characteristic element, wherein the first slice authentication ciphertext set comprises a plurality of first ciphertext characteristic elements.
In one embodiment, in step S15, a first slice authentication ciphertext set for encrypting each second ciphertext feature element in the second slice authentication ciphertext set is calculated according to the first random encryption parameter and the second ciphertext feature element, where the first slice authentication ciphertext set includes a plurality of first ciphertext feature elements, and is calculated according to the following formula (3).
Wherein E is AMF ' authentication of the secret corpus for the first cut, E aMFl ' is the first ciphertext feature element, PK Ui For the first random encryption parameter, F AMFl Supplying feature vectors to slices the first slice supply scheme, p is a random prime number, PK AMF Is the second random encryption parameter. In the embodiment of the invention, the second encryption is performed on each slice supply scheme corresponding to the encryption of the second ciphertext feature element sent by the core network element management module AMF.
Step S16: and determining the same matching result between the first ciphertext feature element and the second encryption key by matching the same matching result with the second encryption key, wherein the same matching result is the encrypted ciphertext of the slice supply scheme which is satisfied with the slice request feature vector set.
For example: the user terminal Ui receives the second encryption key E Ui ' and second slice authentication secret E AMF After that, for E AMF Each second ciphertext feature element of the code is subjected to secondary encryption to obtain The user terminal Ui then compares the second encryption key E Ui ' and first cut authentication ciphertext E AMF Each first ciphertext authentication element E in AMFl ', and find to satisfy E Ui ′=E AMFl ' element E AMFl ′。
Step S17: based on the first random decryption parameters, decrypting the same matching result to obtain a second ciphertext feature element corresponding to the same matching result, and forwarding the decrypted second ciphertext feature element to a core network element management module through a base station, so that the core network element management module decrypts a slice supply scheme which is satisfied with the slice request feature vector set based on the second random decryption parameters.
In one embodiment, based on the first random decryption parameter, the same matching result is decrypted to obtain a second ciphertext feature element corresponding thereto, which is calculated by the following formula (4).
Wherein E is AMFl For the first second ciphertext feature element, i.e. decrypting the second ciphertext feature element corresponding to the same match result, E EMFl ' is the first ciphertext feature element, SK Ui For the first random decryption parameter, SK Ui ∈Z p-2 Is a random prime number, F AMFl The first slice provisioning scheme in the set of slice provisioning feature vectors, i.e., the slice provisioning scheme that is satisfied with the set of slice request feature vectors, PK AMF And the second random encryption parameter corresponding to the second random encryption parameter.
In the protocol authentication process of the user terminal Ui and the core network element management module AMF, the embodiment of the invention is equivalent to the method based on a exchangeable encryption algorithm (Pohlig-hellman), namely (E) B (E A (X))=E A (E B (X)) to enable the user terminal Ui to securely encrypt the selected slice feature data, preventing the data from being exposed to third party attackers. And, in the embodiment of the inventionThe protocol authentication between the user terminal Ui and the core network element management module AMF has a simple deployment structure, does not need to deploy a PKI system, is beneficial to reducing data calculation and data transmission cost and transmission delay, and further can obviously improve the communication efficiency of the network physical communication.
Example 2
The embodiment of the invention also discloses a communication security authentication method of the electric power 5G network slice, which is used for a core network element management module, wherein the core network element management module can be represented by an AMF (advanced mobile radio module), as shown in fig. 2, and the method comprises the following steps:
Step S21: and receiving a slice authentication request message forwarded by the user terminal through the base station, wherein the slice authentication request message is loaded with a first encryption file formed by encrypting the random prime numbers and the first encryption key.
The first encryption key in the first encrypted file is represented by the above formula (2), that is The random prime number in the first encrypted file is p.
The core network element management module AMF receives a first encrypted file sent by the user terminal Ui so as to carry out secondary encryption on the first encrypted file.
Step S22: and calculating a second encryption key for re-encrypting the first encryption file according to the random prime numbers, the second random decryption parameters and the second random encryption parameters which are randomly generated.
The second random decryption parameter here may be SK AMF Representation, SK AMF ∈Z p-2 The second random encryption parameter may be PK AMF The second encryption key may be represented by E Ui ' representation. In the embodiment of the invention, the core network element management module AMF firstly initializes and generates the second random decryption parameter SK of the AMF AMF Second random encryption parameter PK AMF And a second random decryption parameter SK AMF Corresponding, and pairing exists. Core(s)The network element management module re-encrypts the first encrypted file to ensure that the content encrypted by the first encrypted file is safer.
In one embodiment, the step S22 calculates the second encryption key for re-encrypting the first encrypted file according to the random prime number, the second random decryption parameter, and the second random encryption parameter, and the second encryption key is calculated by the following formulas (5) - (6):
PK AMF =SK AMF -1 modp-1; (5)
wherein PK AMF For the second random encryption parameter, SK AMF For the second random decryption parameter,
SK AMF ∈Z p-2 is a random prime number, p is a random prime number, E Ui ' is the second encryption key, E Ui F as the first encryption key Ui Requesting feature vector sets for slices, PK Ui Is the first random encryption parameter.
Step S23: a slice provisioning feature vector set for provisioning the slice request feature vector set is determined, the slice provisioning feature vector set comprising a plurality of slice provisioning schemes.
For example: slice supply feature vector set F AMF ={F AMFl 1.ltoreq.l.ltoreq.n } as candidates for provisioning the user terminal Ui.
Step S24: and calculating a second slice authentication secret for encrypting each slice supply scheme in the slice supply feature vector set according to the second random encryption parameter, the random prime number and each slice supply scheme in the slice supply feature vector set, wherein the second slice authentication secret comprises a plurality of second ciphertext feature elements.
The second slice authentication secret can be used with E AMF And (3) representing.
In one embodiment, the step S24 calculates the second slice authentication secret for encrypting each slice provisioning scheme in the slice provisioning feature vector set according to the second random encryption parameter, the random prime number, and each slice provisioning scheme in the slice provisioning feature vector set, and calculates the second slice authentication secret by the following formula (7).
Wherein E is AMF Authenticating the ciphertext for the second slice, E AMFl For the first second ciphertext feature element, F AMFl Provisioning scheme for the first slice, PK AMF For the second random encryption parameter, p is a random prime number.
Step S25: and generating a slice authentication response message based on a second encrypted file formed by encrypting the second slice authentication secret set and the second encryption key, and forwarding the slice authentication response message to the user terminal through the base station, so that the same matching result of the first ciphertext feature element and the second encryption key is decrypted based on the first random decryption parameter, and a second ciphertext feature element corresponding to the same matching result is obtained.
The slice authentication response message here is loaded with E in the above formula (6) Ui ' and E in the above formula (7) AMF . Will E Ui ' and E AMF Is sent to the user terminal Ui, so that the user terminal Ui can decrypt the first ciphertext feature element E AMFk ' and E Ui ' same matching result, and decrypting the same matching result to obtain a second ciphertext feature element E corresponding to the same matching result AMFl
Step S26: and the receiving user terminal forwards the decrypted second ciphertext feature elements through the base station, and decrypts the slice supply scheme meeting the slice request feature vector set based on the second random decryption parameters.
For example: the user terminal Ui uses the first random decryption parameter K randomly generated by itself Ui Slice E which is found and meets the requirement of the user AMFl ' decryption: and E is combined with AMFl Returning to the core network element management module AMF, and then passing the E through the core network element management module AMF AMFk A slice provisioning scheme is decrypted that meets the requirements.
In one embodiment, the step S26 decrypts the slice provisioning scheme satisfied with the slice request feature vector set based on the second random decryption parameter, and calculates by the following formula (8):
wherein F is AMFk Supply scheme for the first slice, E AMFl SK as the first second ciphertext feature element AMF For the second random decryption parameter, SK AMF ∈Z p-2 P is a random prime number.
By executing the communication security authentication methods of the electric power 5G network slices in the embodiment 1 and the embodiment 2, the internet of things protocol security authentication between the user terminal Ui and the core network element management module AMF can be realized, so that slice characteristic data is prevented from being exposed to a third-party attacker, and F is finally satisfied AMFl =F Ui Is not limited. As shown in fig. 3, a schematic diagram of communication authentication interaction among the base station gNB, the user terminal UE, and the core network element management module AMF is clearly presented.
Therefore, in the communication security authentication method for the electric power 5G network slice in the embodiment of the invention, the core network element management module AMF calculates the second encryption key to encrypt the first encryption file and the second slice authentication secret set so as to perform authentication interaction with the user terminal Ui, thereby being beneficial to the user terminal Ui to match the first ciphertext feature element which is the same as the first encryption key, and decrypting the first ciphertext feature element to obtain the corresponding second ciphertext feature element. Finally, the core network element management module AMF decrypts again the slice provisioning scheme satisfying the set of slice request feature vectors based on the decrypted second ciphertext feature element. The deployment scheme in the embodiment of the invention is simple, does not need to use a PKI system, is beneficial to reducing data calculation and data transmission expenditure, reduces transmission delay and improves calculation and communication efficiency.
Example 3
The embodiment of the invention also discloses a communication security authentication device for authenticating the electric power 5G network slice, which is used for the user terminal, and as shown in fig. 4, comprises the following modules:
The slice request feature vector determining module 41 is configured to determine a slice request feature vector set according to the service requirement and the network characteristic.
A first encryption key calculation module 42 for randomly generating a random prime number, a first random decryption parameter, and a first random encryption parameter to calculate a first encryption key to encrypt the set of slice request feature vectors.
The slice authentication request message generating module 43 is configured to generate a slice authentication request message based on the random prime number and the first encrypted file encrypted by the first encryption key, and forward the slice authentication request message to the core network element management module through the base station;
the slice authentication response message receiving module 44 is configured to receive the slice authentication response message forwarded by the core network element management module through the base station, where the slice authentication response message is loaded with a second encrypted file encrypted by a second encryption key obtained by calculating based on the random prime number, the second random decryption parameter and the second random encryption parameter, and a second slice authentication secret set of each slice provision scheme in the slice provision feature vector set, where the second slice authentication secret set includes a plurality of second ciphertext feature elements;
a first slice authentication ciphertext set calculation module 45, configured to calculate a first slice authentication ciphertext set for encrypting each second ciphertext feature element in the second slice authentication ciphertext set according to the first random encryption parameter and the second ciphertext feature element, where the first slice authentication ciphertext set includes a plurality of first ciphertext feature elements;
The ciphertext matching module 46 is configured to determine, by matching the first ciphertext feature element with the second encryption key, a same matching result therebetween, where the same matching result is an encrypted ciphertext of the slice provisioning scheme that is satisfied by the slice request feature vector set;
the ciphertext decrypting module 47 is configured to decrypt the same matching result based on the first random decrypting parameter to obtain a second ciphertext feature element corresponding to the same matching result, and forward the decrypted second ciphertext feature element to the core network element management module via the base station, so that the core network element management module decrypts a slice supply scheme that is satisfied with the slice request feature vector set based on the second random decrypting parameter.
In one embodiment, the first encryption key calculation module 42 randomly generates a random prime number, a first random decryption parameter, and a first random encryption parameter to calculate a first encryption key to encrypt the set of slice request feature vectors, calculated by equations (1) - (2) above.
In one embodiment, the first slice authentication ciphertext calculation module 45 calculates a first slice authentication ciphertext for encrypting each second ciphertext feature element in the second slice authentication ciphertext according to the first random encryption parameter and the second ciphertext feature element, where the first slice authentication ciphertext set includes a plurality of first ciphertext feature elements, and is calculated according to the above formula (3).
In one embodiment, the ciphertext decrypting module 47 decrypts the same matching result based on the first random decrypting parameter to obtain a second ciphertext feature element corresponding thereto, as calculated by equation (4) above.
The embodiment of the invention also discloses a communication security authentication device for the electric power 5G network slice, which is used for a core network element management module, as shown in fig. 5, and comprises the following modules:
the slice authentication request message receiving module 51 is configured to receive a slice authentication request message forwarded by a user terminal through a base station, where the slice authentication request message is loaded with a first encrypted file encrypted by a random prime number and a first encryption key.
The second encryption key encryption module 52 is configured to calculate a second encryption key for re-encrypting the first encrypted file according to the random prime number and the randomly generated second random decryption parameter and the second random encryption parameter.
The slice provisioning feature vector determination module 53 is configured to determine a slice provisioning feature vector set for provisioning a slice request feature vector set, the slice provisioning feature vector set comprising a plurality of slice provisioning schemes.
The second slice authentication ciphertext calculation module 54 is configured to calculate a second slice authentication ciphertext for encrypting each slice provisioning scheme in the slice provisioning feature vector set according to the second random encryption parameter, the random prime number, and each slice provisioning scheme in the slice provisioning feature vector set, where the second slice authentication ciphertext includes a plurality of second ciphertext feature elements.
The slice authentication response message generating module 55 is configured to generate a slice authentication response message based on the second encrypted file encrypted by the second slice authentication ciphertext and the second encryption key, and forward the slice authentication response message to the user terminal through the base station, so that the same matching result of the first ciphertext feature element and the second encryption key is decrypted based on the first random decryption parameter, so as to obtain a second ciphertext feature element corresponding to the same matching result.
The second ciphertext feature element receiving module 56 is configured to receive the decrypted second ciphertext feature element forwarded by the user terminal via the base station, and decrypt a slice provisioning scheme that is satisfied with the slice request feature vector set based on the second random decryption parameter.
In one embodiment, the second encryption key encryption module 52 calculates a second encryption key for re-encrypting the first encrypted file based on the random prime numbers and the randomly generated second random decryption parameters, the second random encryption parameters, and is calculated by the above formulas (5) - (6).
In one embodiment, the second slice authentication secret calculation module 54 calculates the second slice authentication secret for encrypting each slice provisioning scheme in the slice provisioning feature vector set according to the second random encryption parameter, the random prime number, and each slice provisioning scheme in the slice provisioning feature vector set, by the above formula (7).
In one embodiment, the second ciphertext feature element receiving module 56 decrypts the slice provisioning scheme that is satisfied with the slice request feature vector set based on the second random decryption parameter, as calculated by equation (8) above.
Example 4
The embodiment of the present invention further provides a computer device, as shown in fig. 6, which may include a processor 61 and a memory 62, where the processor 61 and the memory 62 may be connected by a bus or other manners, and in fig. 6, the connection is exemplified by a bus.
The processor 61 may be a central processing unit (Central Processing Unit, CPU). Processor 61 may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or a combination of the above.
Memory 62 is a non-transitory computer readable storage medium that may be used to store non-transitory software programs, non-transitory computer executable programs, and modules. The processor 61 executes various functional applications of the processor and data processing, that is, implements the communication security authentication method of the power 5G network slice in the above-described embodiment, by running the non-transitory software programs, instructions, and modules stored in the memory 62. Memory 62 may include a storage program area that may store an operating system, at least one application program required for functionality, and a storage data area; the storage data area may store data created by the processor 61, etc. In addition, the memory 62 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 62 may optionally include memory located remotely from processor 61, which may be connected to processor 61 via a network. Examples of such networks include, but are not limited to, the power grid, the internet, an intranet, a local area network, a mobile communication network, and combinations thereof.
The one or more modules are stored in the memory 62, which when executed by the processor 61, perform the communication security authentication method of the power 5G network slice in the embodiment shown in the drawings.
The details of the computer device may be understood with reference to the corresponding related descriptions and effects of the embodiments shown in the drawings, which are not repeated herein.
It will be appreciated by those skilled in the art that implementing all or part of the above-described embodiment method may be implemented by a computer program to instruct related hardware, where the program may be stored in a computer readable storage medium, and the program may include the above-described embodiment method when executed. Wherein the storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a Flash Memory (Flash Memory), a Hard Disk (HDD), or a Solid State Drive (SSD); the storage medium may also comprise a combination of memories of the kind described above.
It is apparent that the above examples are given by way of illustration only and are not limiting of the embodiments. Other variations or modifications of the above teachings will be apparent to those of ordinary skill in the art. It is not necessary here nor is it exhaustive of all embodiments. While still being apparent from variations or modifications that may be made by those skilled in the art are within the scope of the invention.

Claims (10)

1. The communication security authentication method for the electric power 5G network slice is used for the user terminal and is characterized by comprising the following steps of:
determining a slice request feature vector set according to service requirements and network characteristics;
randomly generating random prime numbers, first random decryption parameters and first random encryption parameters to calculate a first encryption key to encrypt the slice request feature vector set;
generating a slice authentication request message based on the random prime numbers and a first encryption file encrypted by the first encryption key, and forwarding the slice authentication request message to a core network element management module through a base station;
receiving a slice authentication response message forwarded by the core network element management module through the base station, wherein the slice authentication response message is loaded with a second encryption file encrypted by a second encryption key obtained by calculation based on the random prime numbers, a second random decryption parameter and a second random encryption parameter, and a second slice authentication secret set of each slice provision scheme in a slice provision feature vector set, and the second slice authentication secret set comprises a plurality of second ciphertext feature elements;
calculating a first slice authentication ciphertext set for encrypting each second ciphertext feature element in the second slice authentication ciphertext set according to the first random encryption parameter and the second ciphertext feature element, wherein the first slice authentication ciphertext set comprises a plurality of first ciphertext feature elements;
Determining the same matching result between the first ciphertext feature element and the second encryption key by matching the two, wherein the same matching result is an encrypted ciphertext meeting a slice supply scheme of the slice request feature vector set;
and decrypting the same matching result based on the first random decryption parameter to obtain the second ciphertext feature element corresponding to the same matching result, and forwarding the decrypted second ciphertext feature element to the core network element management module through the base station, so that the core network element management module decrypts a slice supply scheme which is satisfied with the slice request feature vector set based on the second random decryption parameter.
2. The communication security authentication method of a power 5G network slice according to claim 1, wherein random prime numbers, first random decryption parameters, and first random encryption parameters are randomly generated to calculate a first encryption key to encrypt the slice request feature vector set, calculated by the following formula:
PK Ui =SK Ui -1 mod p-1;
wherein SK is Ui For the first random decryption parameter, SK Ui ∈Z p-2 Natural number, PK of (E) Ui For the first random encryption parameter, p is the random prime number, E Ui F for the first encryption key Ui A set of feature vectors is requested for the slice.
3. The communication security authentication method of a power 5G network slice according to claim 1, wherein a first slice authentication ciphertext set for encrypting each second ciphertext feature element in the second slice authentication ciphertext set is calculated according to the first random encryption parameter and the second ciphertext feature element, the first slice authentication ciphertext set including a plurality of first ciphertext feature elements, and is calculated by the following formula:
wherein E is AMF ' authentication of the first cut-off secret corpus, E AMFl ' is the first ciphertext feature element, PK Ui For the first random encryption parameter, F AMFl Supplying the slice with the first slice supply scheme in the feature vector set, p being the random prime number, PK AMF For the second random encryption parameter, E AMFl Is the first second ciphertext feature element.
4. The communication security authentication method of a power 5G network slice according to claim 1, wherein the same matching result is decrypted based on the first random decryption parameter to obtain the second ciphertext feature element corresponding thereto, and is calculated by the following formula:
wherein E is AMFl For the first second ciphertext feature element, E AMFl ' is the first ciphertext feature element, SK Ui For the first random decryption parameter, SK Ui ∈Z p-2 P is the random prime number, F AMFl Provisioning the slice with the first slice provisioning scheme, PK, in the feature vector set AMF And the second random encryption parameter corresponding to the second random encryption parameter.
5. The communication security authentication method for the electric power 5G network slice is used for a core network element management module and is characterized by comprising the following steps of:
receiving a slice authentication request message forwarded by a user terminal through a base station, wherein the slice authentication request message is loaded with a first encryption file formed by encrypting random prime numbers and a first encryption key;
calculating a second encryption key for re-encrypting the first encrypted file according to the random prime numbers, the second random decryption parameters and the second random encryption parameters which are randomly generated;
determining a slice provisioning feature vector set for provisioning the slice request feature vector set, the slice provisioning feature vector set including a plurality of slice provisioning schemes;
calculating a second slice authentication secret set for encrypting each slice supply scheme in the slice supply feature vector set according to the second random encryption parameter, the random prime number and each slice supply scheme in the slice supply feature vector set, wherein the second slice authentication secret set comprises a plurality of second ciphertext feature elements;
Generating a slice authentication response message based on a second encrypted file encrypted by the second slice authentication ciphertext set and the second encryption key, and forwarding the slice authentication response message to the user terminal through the base station, so that the same matching result of the first ciphertext feature element and the second encryption key is decrypted based on a first random decryption parameter, and the second ciphertext feature element corresponding to the same matching result is obtained;
and receiving the decrypted second ciphertext feature element forwarded by the user terminal through the base station, and decrypting a slice supply scheme meeting the slice request feature vector set based on the second random decryption parameter.
6. The communication security authentication method of a power 5G network slice according to claim 5, wherein the second encryption key for re-encrypting the first encrypted file is calculated according to the random prime number and a randomly generated second random decryption parameter, a second random encryption parameter, and is calculated by the following formula:
PK AMF =SK AMF -1 mod p-1;
wherein PK AMF For the second random encryption parameter, SK AMF For the second random decryption parameter, SK AMF ∈Z p-2 P is the random prime number, E Ui ' is the second encryption key, E Ui F for the first encryption key Ui Requesting a feature vector set, PK, for the slice Ui Is the first random encryption parameter.
7. The communication security authentication method of a power 5G network slice according to claim 5, wherein a second slice authentication secret for encrypting each slice provisioning scheme in the slice provisioning feature vector set is calculated from the second random encryption parameter, the random prime number, and each slice provisioning scheme in the slice provisioning feature vector set by the following formula:
wherein E is AMF For the second sliceAuthentication of the secret document, E AMFl For the first second ciphertext feature element, F AMFl Provisioning scheme for the first slice, PK AMF And p is the random prime number for the second random encryption parameter.
8. The communication security authentication method of a power 5G network slice according to claim 5, wherein decrypting the slice provisioning scheme satisfied with the slice request feature vector set based on the second random decryption parameter is calculated by the following formula:
wherein F is AMFl Supply scheme for the first slice, E AMFl SK as the first second ciphertext feature element AMF For the second random decryption parameter, SK AMF ∈Z p-2 P is the random prime number.
9. A computer-readable storage medium storing computer instructions for causing the computer to perform the communication security authentication method of the power 5G network slice according to any one of claims 1 to 8.
10. A computer device, comprising: a memory and a processor, the memory and the processor being communicatively connected to each other, the memory having stored therein computer instructions, the processor executing the computer instructions to perform the communication security authentication method of the power 5G network slice of any one of claims 1 to 8.
CN202210178412.9A 2022-02-25 2022-02-25 Communication security authentication method and device for electric power 5G network slice Active CN114760090B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210178412.9A CN114760090B (en) 2022-02-25 2022-02-25 Communication security authentication method and device for electric power 5G network slice

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210178412.9A CN114760090B (en) 2022-02-25 2022-02-25 Communication security authentication method and device for electric power 5G network slice

Publications (2)

Publication Number Publication Date
CN114760090A CN114760090A (en) 2022-07-15
CN114760090B true CN114760090B (en) 2023-07-28

Family

ID=82326266

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210178412.9A Active CN114760090B (en) 2022-02-25 2022-02-25 Communication security authentication method and device for electric power 5G network slice

Country Status (1)

Country Link
CN (1) CN114760090B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546181A (en) * 2012-01-09 2012-07-04 西安电子科技大学 Cloud storage encrypting and deciphering method based on secret key pool
WO2020060871A1 (en) * 2018-09-19 2020-03-26 Intel Corporation Protection of initial non-access stratum protocol message in 5g systems
WO2020208427A1 (en) * 2019-04-11 2020-10-15 Lg Electronics, Inc. Systems and methods for accelerated certificate provisioning
CN112752265A (en) * 2019-10-31 2021-05-04 华为技术有限公司 Access control method and device for network slice and storage medium
CN113840185A (en) * 2020-06-23 2021-12-24 中兴通讯股份有限公司 Multicast message processing method, OLT device, ONU device and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10075301B2 (en) * 2015-07-13 2018-09-11 Fujitsu Limited Relational encryption for password verification

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546181A (en) * 2012-01-09 2012-07-04 西安电子科技大学 Cloud storage encrypting and deciphering method based on secret key pool
WO2020060871A1 (en) * 2018-09-19 2020-03-26 Intel Corporation Protection of initial non-access stratum protocol message in 5g systems
WO2020208427A1 (en) * 2019-04-11 2020-10-15 Lg Electronics, Inc. Systems and methods for accelerated certificate provisioning
CN112752265A (en) * 2019-10-31 2021-05-04 华为技术有限公司 Access control method and device for network slice and storage medium
CN113840185A (en) * 2020-06-23 2021-12-24 中兴通讯股份有限公司 Multicast message processing method, OLT device, ONU device and storage medium

Also Published As

Publication number Publication date
CN114760090A (en) 2022-07-15

Similar Documents

Publication Publication Date Title
EP3493462B1 (en) Authentication method, authentication apparatus and authentication system
US10903987B2 (en) Key configuration method, key management center, and network element
US11431498B2 (en) Quantum-augmentable hybrid encryption system and method
CN111052672B (en) Secure key transfer protocol without certificate or pre-shared symmetric key
US8295488B2 (en) Exchange of key material
US9189632B2 (en) Method for protecting security of data, network entity and communication terminal
CN111342976B (en) Verifiable ideal on-grid threshold proxy re-encryption method and system
CN101600204B (en) File transmission method and system
CN107294937A (en) Data transmission method, client and server based on network service
EP3700245B1 (en) Communication method and device
JP7237200B2 (en) Parameter transmission method and device
CN105024807A (en) Data processing method and system
CN104243452A (en) Method and system for cloud computing access control
WO2018076798A1 (en) Method and apparatus for transmitting data
CN117546441A (en) Secure communication method and device, terminal equipment and network equipment
CN113141333B (en) Communication method, device, server, system and storage medium of network access device
CN114760090B (en) Communication security authentication method and device for electric power 5G network slice
CN112367329B (en) Communication connection authentication method, device, computer equipment and storage medium
CN110536287B (en) Forward safety implementation method and device
CN114745151B (en) Electric power 5G network slice authentication message matching method and device based on edge calculation
Arora et al. Handling Secret Key Compromise by Deriving Multiple Asymmetric Keys based on Diffie-Hellman Algorithm
CN111432404B (en) Information processing method and device
CN115941177A (en) Virtual server distributed key authentication system and method
CN111052779A (en) Communication method and communication device
Uysal A security framework for mobile communication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant