CN117614600A - Roaming cross-domain authentication method, system, equipment and terminal based on block chain - Google Patents
Roaming cross-domain authentication method, system, equipment and terminal based on block chain Download PDFInfo
- Publication number
- CN117614600A CN117614600A CN202311304823.9A CN202311304823A CN117614600A CN 117614600 A CN117614600 A CN 117614600A CN 202311304823 A CN202311304823 A CN 202311304823A CN 117614600 A CN117614600 A CN 117614600A
- Authority
- CN
- China
- Prior art keywords
- user
- network
- roaming
- blockchain
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 230000004044 response Effects 0.000 claims description 42
- 230000007246 mechanism Effects 0.000 claims description 15
- 230000000694 effects Effects 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 5
- 238000012795 verification Methods 0.000 claims description 5
- 230000000977 initiatory effect Effects 0.000 claims 1
- 238000004891 communication Methods 0.000 abstract description 11
- 230000006870 function Effects 0.000 description 24
- 230000008569 process Effects 0.000 description 13
- 230000009471 action Effects 0.000 description 6
- 238000004422 calculation algorithm Methods 0.000 description 6
- 238000013475 authorization Methods 0.000 description 4
- 230000008520 organization Effects 0.000 description 4
- 238000013459 approach Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 239000003795 chemical substances by application Substances 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 244000035744 Hura crepitans Species 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 239000000969 carrier Substances 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- GVVPGTZRZFNKDS-JXMROGBWSA-N geranyl diphosphate Chemical compound CC(C)=CCC\C(C)=C\CO[P@](O)(=O)OP(O)(O)=O GVVPGTZRZFNKDS-JXMROGBWSA-N 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000007493 shaping process Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/128—Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/24—Accounting or billing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention belongs to the technical field of cross-domain authentication, and particularly relates to a roaming cross-domain authentication method, system, equipment and terminal based on a blockchain, wherein a mobile operator serves as a node of a alliance chain, and identity authentication of a roaming user is performed by using a blockchain-based authentication and key negotiation protocol; and then the intelligent contracts are used for realizing data exchange and bill settlement between mobile operators, and the purpose of the intelligent contracts is to ensure the charging accuracy of the mobile operators by means of the transparent characteristic of the blockchain, realize quick payment reconciliation and reduce roaming fraud. The federation chain used by the system is equipped with channels that allow two or more nodes to join as a communication subnetwork, which can increase the scalability of the network. The intelligent contract is used for automatically executing bill settlement, so that the accuracy of fee settlement is improved, and roaming fraud is reduced; the adoption of the alliance chain provides better performance and also ensures the security and privacy.
Description
Technical Field
The invention belongs to the technical field of cross-domain authentication, and particularly relates to a roaming cross-domain authentication method, system, equipment and terminal based on a blockchain.
Background
Roaming is a very important function developed by the third generation partnership project (3 GPP) to provide mobile users with continuity of national and global cross-border services. Although researchers and industry have determined several roaming frameworks through authentication, authorization, and billing, roaming still has some key issues. In terms of security, a roaming user must be authenticated by a Serving Network (SN) through a Home Network (HN) before access. By this procedure, an illegal user can be prevented from accessing the network.
Blockchains were originally designed to introduce a decentralized financial ledger. It is a distributed ledger that can hold transactions and records in an immutable, trusted, secure and decentralized manner without the use of intermediaries or central authorities.
In reality, communication devices typically serve different carriers. However, due to the business interests, different operators have respective closed security domains and certificates cannot be mutually admitted. To enable secure communications between these closed domains, the underlying communication device must perform some cross-domain authentication operations. Most of the current schemes adopt a centralized network topology structure, and a trust relationship is established by highly depending on a trusted third party. Inevitably, it may face potential security threats such as single point failure and unfairness, not being suitable for establishing a centralized trusted third party or for letting a CA dominate. The advent of blockchains has provided new solutions for researchers. The distributed consensus nature of blockchains motivates researchers to use them to design mutual authentication systems between different domains.
Since the data exchange between the home network and the visited network is dependent on the third party clearing house, there is a long delay in the data exchange. The home operator pays the service operator for using the service according to the roaming agreement, but the home operator charges the roaming user only when receiving the service report. This process may lead to roaming fraud, causing significant economic loss to the mobile operator. Thus, research into solving roaming fraud and user privacy issues requires to start with both identity authentication and data exchange.
In 5G roaming requires the removal of intermediate international exchanges to improve profits and reduce fraud. Some challenges arise in implementation such as decentralization, transparency, interoperability, privacy and security. The distributed consensus nature of the blockchain provides a technical approach to solving these problems. The current authentication scheme based on the blockchain can effectively solve the security problems of identity data tampering, malicious rejection of authentication service provision, distributed denial of service (DDoS) attack and the like which are difficult to solve by the traditional centralized authentication method. However, they still have security problems such as fraudulent use of the identity of the legitimate device, lack of a real-name authentication mechanism to obtain the legitimate identity, and disclosure of private information in the blockchain. Therefore, a cross-domain authentication scheme with small calculation amount, low delay and high security is needed.
Through the above analysis, the problems and defects existing in the prior art are as follows: most PKI systems form a closed security domain, only accept certificates issued by their own certificate issuing authorities, and when a user needs to access services of other domains, the identity of the user cannot be identified generally, or the PKI system needs extremely complex operations to verify the identity of the user, which results in cross-domain authentication problems and also faces certificate management and key escrow problems. In existing roaming agreements, authentication and key exchange agreements in roaming services are merely mutual authentication between the roaming user and the visited network, and this process may be impersonated by an illegitimate user. Since the data exchange between the home network and the visited network is dependent on the data exchange, there is a long delay in the data exchange, which can lead to roaming fraud, causing significant losses to the home network. In addition, when using roaming services, the user is required to bind personal information into the operator's network. If the operator does not take sufficient security measures, the personal information of the user may be compromised, risking disclosure of the user's privacy.
Disclosure of Invention
Aiming at the problems existing in the prior art, the invention provides a roaming cross-domain authentication method, a system, equipment and a terminal based on a blockchain, which are used for solving the roaming fraud problem and protecting the privacy of a user.
The invention is realized in such a way that the roaming cross-domain authentication method based on the blockchain comprises the following steps:
s1, creating an intelligent contract: each home network creates its own smart contract and publishes its address to inform operators desiring to provide roaming services to HN subscribers;
s2, service discovery and identity authentication: when a roaming UE attempts to connect to a visited network, the network first attempts to find out if the UE is a visitor from another MNO; immediately after performing discovery, the identity of the user must be verified, and the user must be registered as a roaming user in the SN;
s3, bill settlement: the smart contract is responsible for specifying charging rules and triggering payments from HN to SN according to the specific consensus mechanism used by the blockchain network.
Further, in the creating an intelligent contract in S1, the intelligent contract is a program stored in the blockchain network and is composed of a set of rules created by a user; if the rules are satisfied, the contract will automatically be enforced by the consensus mechanism. The content of the smart contract is visible to all network users, thereby ensuring transparency;
each home network creates its own smart contract and publishes its address to inform operators desiring to provide roaming services to HN subscribers; all subsequent communications between the home network and the serving network are accomplished by invoking the function of this smart contract.
Further, in the service discovery and identity authentication of S2, when the roaming UE attempts to connect to the visited network, the network first attempts to discover whether the UE is a visitor from another MNO; operations occur on the blockchain and effectively generate new blocks specifying the new location of the user, identifiers of HNs and SNs, and discovery timestamps; after performing the discovery phase, the identity of the user must be verified immediately and the user must be registered as a roaming user in the SN; the system adopts an AKA protocol based on a blockchain to carry out identity authentication on the user, and the blockchain plays a role of a safety channel in the process; the end result is that the user is accepted or rejected by the SN. After registration is completed successfully, the access user can access the authorization service in the SN.
Further, the blockchain-based authentication and key agreement protocol has the following steps:
1) Initial request of SN:
SN generates a random number (R 1 ) And combines it with an identifier (ID SN ) Sending to a user;
2) Initial user response:
at this stage, the user calculates the sui:
randomly generating R 2 ;
For SUPI, R 1 、R 2 、ID SN The composed message is encrypted by using the public key of HN, and the encryption result is put into UI C ;
Creating a containment UI C And its HN Identifier (ID) HN ) Is a response message to the message;
then, the user sends the SUCI to the SN;
3) By SN registration request:
at the time of collectionUpon user response, SN calculates R 1 、ID SN 、ID HN And a hash value of the SUCI, representing a unique identifier of the authentication request in req_id; finally, the SN will be registered with the HN's smart contract with a transaction request, which will be composed of req_id, ID SN An identity verification request composed of SUCI and the HN is sent;
4) Forwarding the request to HN:
after receiving the request, the smart contract first looks up the authentication record by using the req_id to prevent duplicate attacks. If the incoming request is determined to be a new request, it is redirected to the HN agent. Otherwise, the request will be denied and the transaction will be resumed; at this stage, the primary purpose of the smart contracts is to prevent replay attacks from malicious SNs;
5) Responsive to HN registration
Upon receiving the response of the smart contract, the HN takes the following actions:
using an ID located at the SUCI HN Checking its identifier;
decrypting a UI with a private key of an HN C Obtaining SUPI, R 1 、R 2 、ID SN ;
Verifying req_id and ID SN 、R 1 、ID HN The hash results of the SUCI are equal;
if any of the above conditions is not met, the authentication process will stop; otherwise, HN continues to:
by combining R 1 ,R 2 Combining to produce O;
by inputting O and ID SN To f 1 Calculating an xMac of the message;
with O and ID SN For input, calculating xRes using a Challenge function;
hxRes is R 1 And xRes, a hash result;
by inputting O and ID SN To a key function to calculate K SEAF ;
An EK with double encryption is generated. Symmetrically encrypting the session key and the SUPI through xRES; then carrying out asymmetric encryption on the result and the public key of the SN;
creating a unique identifier, called res_id, for the response message by obtaining the hash results of hxRes and xMac;
since EK is obtained by encrypting user information by a key, SN can access user-related information only after authentication is successful;
finally, HN registers a transaction on the blockchain containing EK, xMac, hxRes, req _id and res_id using the corresponding smart contract function;
6) Response of SN to UE:
the SN receives the HN's response through the corresponding smart contract function, and then it redirects the xMac and hn_r parts to the user, and the SN saves the other parts to use them after receiving the response from the user;
7) Final response of user to SN:
the user takes the following actions when receiving the serial number response:
merging R 1 ,R 2 To calculate O;
using inputs O and ID SN Bond f of (2) 1 Creating a Mac;
then, the user checks the above Mac with the xMac received from the SN; if Mac and xMac are not matched, authentication fails; otherwise, responding to the fact that the user is not tampered, and accepting the identity verification;
using inputs O and ID SN Calculates Res by a challenge function;
using inputs O and ID SN Obtaining a session key by a key function of (a); finally, res is sent back to SN.
After receiving the user response, the SN calculates a hash of Res and compares it with hxRes; checking true to indicate that the user authenticates through the SN; now, the SN is able to decrypt the EK, first asymmetrically decrypting with its private key, then symmetrically decrypting with Res, obtaining K separately SEAF And SUPI. From now on, the user can use the established session key K SEAF Communicates with the SN.
Further, in the bill settlement described in S3, the blockchain network is used to record all the activities related to charging performed by the visiting subscriber, and when the roaming subscriber initiates a voice call or uses data traffic, it is recorded in the blockchain; also, when the call ends, the duration of the call or the amount of data consumed is stored; the smart contract is responsible for specifying charging rules and triggering payments from HN to SN according to the specific consensus mechanism used by the blockchain network.
Another object of the present invention is to provide a block chain based roaming cross domain authentication system, comprising:
an intelligent contract creation module: each home network creates its own smart contract and publishes its address to inform operators desiring to provide roaming services to HN subscribers;
service discovery and identity authentication module: when a roaming UE attempts to connect to a visited network, the network first attempts to find out if the UE is a visitor from another MNO; immediately after performing discovery, the identity of the user must be verified, and the user must be registered as a roaming user in the SN;
bill settlement module: the smart contract is responsible for specifying charging rules and triggering payments from HN to SN according to the specific consensus mechanism used by the blockchain network.
It is a further object of the present invention to provide a computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of the blockchain-based roaming cross domain authentication method.
It is another object of the present invention to provide a computer readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of the blockchain-based roaming cross-domain authentication method.
Another object of the present invention is to provide an information data processing terminal, where the information data processing terminal is configured to implement the block chain-based roaming cross-domain authentication system.
In combination with the technical scheme and the technical problems to be solved, the technical scheme to be protected has the following advantages and positive effects:
firstly, the invention aims to solve the problem of secure communication between HN and SN in the roaming authentication process, and simultaneously uses intelligent contracts to automatically execute bill settlement, and the transparency of the blockchain can ensure the accuracy of charge settlement between MNOs;
the invention aims to solve the problem of tracking users caused by synchronization or the attack of monitoring user activities caused by sequence number leakage, and the method is to replace sequence number parameters by adopting random numbers; furthermore, using blockchains to provide a secure channel for message exchanges for local and serving networks may increase user anonymity.
The invention aims to enable an untrusted mobile operator to perform point-to-point self-service transactions, and an intelligent contract agreement is adopted to promote a charging system and complete roaming bill settlement. The adoption of the alliance blockchain not only provides better performance in terms of network throughput and delay, but also ensures security and privacy due to the possibility of the alliance blockchain preventing the existence of anonymous nodes. The invention improves the visibility of the mobile operator to the activities of the user in the visited network, and realizes quick payment and reconciliation and reduces roaming fraud.
Secondly, the blockchain is used as a channel between the SN and the HN, so that the problem of safety communication between the HN and the SN in the roaming authentication process is solved; the unique identifier is added in the protocol, so that replay attack can be effectively prevented; the intelligent contract is used for automatically executing bill settlement, so that the accuracy of fee settlement is improved, and roaming fraud is reduced; the adoption of the alliance chain provides better performance and also ensures the security and privacy.
The invention adopts random numbers to replace serial number parameters, and can solve the problem of tracking users caused by synchronization or the user activity monitoring attack caused by serial number leakage; by using the alliance chain as a safety channel, the node can join the blockchain network after authentication and is used as a complete node, thereby preventing malicious users, ensuring the safety of the scheme and improving the anonymity of the users. Each authentication request is provided with a unique identifier to prevent replay attacks. The intelligent contract is used for realizing data exchange and bill settlement between mobile operators, so that the settlement accuracy is ensured, and the dependence on a third party organization is eliminated.
Thirdly, whether the technical scheme of the invention solves the technical problems that people want to solve all the time but fail to obtain success all the time is solved: researchers and industry have determined several roaming frameworks through authentication, authorization, and billing, but roaming still has some key issues. In terms of security, a roaming user must be authenticated to a serving network through a home network before access. By this procedure, an illegal user can be prevented from accessing the network. In fact, roaming services have many proposed user authentication and key exchange protocols. However, these protocols only focus on mutual authentication between the roaming user and the SN. Roaming requires the removal of intermediate international exchanges to improve profits and reduce fraud. Some challenges arise in implementation such as decentralization, transparency, interoperability, privacy and security.
Aiming at the safety problem of the existing cross-domain authentication scheme, the invention provides a cross-domain identity authentication system scheme based on a blockchain. Mainly for roaming scenarios. In the scheme, a alliance chain is adopted to store encryption information generated in the identity authentication process and bill information in the user roaming process. The roaming process is first performed by an authentication process in which the subscriber must go through the identity verification of the HN before using any services provided by the visited network, and then data exchange and billing settlement between mobile operators is accomplished using smart contracts.
The present solution provides more security control, including protection against malicious SN, replay attacks, and DoS attacks. The system adopts an improved identity authentication protocol based on the blockchain, adds the mobile operators into the alliance chain, uses the blockchain as a safety channel for communication between the mobile operators, and the channel defaults that only nodes added into the channel can obtain the distributed account book, and in addition, all messages between the participants are encrypted through a proper encryption algorithm. Therefore, other nodes which are not related to user authentication cannot acquire related user sensitive data, and user privacy is protected.
Aiming at the problems of long bill settlement time, roaming fraud and the like of a roaming architecture, the scheme adopts an intelligent contract agreement to promote a charging system and complete roaming bill settlement, and allows an untrusted mobile operator to execute point-to-point self-service transactions. After authentication is completed, the SN provides service for the user, after the service is finished, the SN can settle the bill information such as service time, generated cost and the like by calling the intelligent contract and HN on the blockchain, and then the bill is packed and written into the block. The use of licensed blockchains, such as super ledgers, not only provides better performance in terms of network throughput and delay, but also ensures security and privacy due to the possibility of the alliance blockchains preventing the presence of anonymous nodes, improves the visibility of mobile operators to their users' activities in the visited network, and achieves fast payment reconciliation and reduced roaming fraud.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a blockchain-based roaming cross-domain authentication method provided by an embodiment of the invention;
FIG. 2 is a flow chart of a blockchain-based roaming cross-domain authentication system provided by an embodiment of the invention;
FIG. 3 is a block chain based roaming architecture diagram according to an embodiment of the present invention
Fig. 4 is a hierarchical model diagram of a roaming system according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the following examples in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Aiming at the problems existing in the prior art, the invention provides a roaming cross-domain authentication method, a roaming cross-domain authentication system, roaming cross-domain authentication equipment and a roaming cross-domain authentication terminal based on a block chain, and the invention is described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the roaming cross-domain authentication method based on blockchain provided by the embodiment of the invention includes:
s1, creating an intelligent contract: each home network creates its own smart contract and publishes its address to inform an operator desiring to provide roaming services to Home Network (HN) subscribers;
s2, service discovery and identity authentication: when a roaming User Equipment (UE) attempts to connect to a visited network, the network first attempts to find out whether the UE is a visitor from another Mobile Network Operator (MNO); after performing discovery, the identity of the user must be verified immediately, and the user must be registered as a roaming user in a Service Network (SN);
s3, bill settlement: the smart contract is responsible for specifying charging rules and triggering payments from HN to SN according to the specific consensus mechanism used by the blockchain network.
As shown in fig. 2, the block chain-based roaming cross-domain authentication system provided by the embodiment of the invention includes:
an intelligent contract creation module: each home network creates its own smart contract and publishes its address to inform operators desiring to provide roaming services to HN subscribers;
service discovery and identity authentication module: when a roaming UE attempts to connect to a visited network, the network first attempts to find out if the UE is a visitor from another MNO; immediately after performing discovery, the identity of the user must be verified, and the user must be registered as a roaming user in the SN;
bill settlement module: the smart contract is responsible for specifying charging rules and triggering payments from HN to SN according to the specific consensus mechanism used by the blockchain network.
The blockchain-based authentication and key agreement protocol has the following steps:
1) Initial request of SN.
SN generates a random number (R 1 ) And combines it with an identifier (ID SN ) Is sent toAnd (5) a user.
2) Initial user response
At this stage, the user calculates a subscription hidden identifier sui according to algorithm 1:
random generation of random number R 2 ;
For the subscription permanent identifier (SUPI), R 1 、R 2 、ID SN The composed message is encrypted by using the public key of HN, and the encryption result is put into UI C ;
Creating a containment UI C And its HN Identifier (ID) HN ) Is provided.
The user then sends the SUCI to the SN.
Algorithm 1 user response to SN challenge
Input:ID SN ,R 1
1.Generate random numberR 2
2.UI C ←E PKHN (SUPI,R 1 ,R 2 ,I DSN )
3.SUCI←(UI C ,ID HN )
4.Send(SUCI)to the SN
3) Through SN registration request
After receiving the user response, SN calculates R 1 、ID SN 、ID HN And a hash value of the sui, the unique identifier of the authentication request is represented by req_id. Finally, the SN will be registered with the HN's smart contract with a transaction request, which will be composed of req_id, ID SN And the identity authentication request composed of the sui is sent to the HN.
Algorithm 2 SN registration request with Smart contract
Input:SUCI
1.req_id←h(ID SN ,R 1 ,ID HN ,SUCI)
2.The SN registers the transaction(req_id,ID SN ,SUCI)
4) Forwarding requests to HNs
After receiving the request, the smart contract first looks up the authentication record by using the req_id to prevent duplicate attacks. If the incoming request is determined to be a new request, it is redirected to the HN agent. Otherwise, the request will be denied and the transaction will be resumed. At this stage, the primary purpose of the smart contracts is to prevent replay attacks from malicious SNs.
5) Responsive to HN registration
Upon receiving the response of the smart contract, the HN takes the following actions:
using an ID located at the SUCI HN Checking its identifier;
decrypting a UI with a private key of an HN C Obtaining SUPI, R 1 、R 2 、ID SN ;
Verifying req_id and ID SN 、R 1 、ID HN The hash results of the sui are equal.
If any of the above conditions is not met, the authentication process will stop. Otherwise, HN continues to:
by combining R 1 ,R 2 Combining to produce O;
by inputting O and ID SN To f 1 A message authentication code xMac of the message is calculated;
with O and ID SN Calculating a challenge response xRes for the input using a challenge function;
hxRes is R 1 And xRes, a hash result;
by inputting O and ID SN To a key function to calculate the key K of the SEAF SEAF ;
The ciphertext EK with double encryption is generated. Symmetrically encrypting the session key and the SUPI through xRes; then carrying out asymmetric encryption on the result and the public key of the SN;
by obtaining the hash results of hxRes and xMax, a unique identifier, called res_id, is created for the response message.
Since EK is obtained by encrypting user information by a key, SN can access user-related information only after authentication is successful.
Finally, the HN registers a transaction on the blockchain containing EK, xMac, hxRes, req _id and res_id using the corresponding smart contract function.
Algorithm 3 response of HN to authentication request
Input:req_id,ID SN ,SUCI
1.Decode SUCIto obtain UI C and ID HN
2.(SUPI,R 1 ,R 2 ,ID SN )←D SKHN (UI C )
3.if(req_id≠h(ID HN ,ID SN ,R 1 ,SUCI))then abort
4.O←(R 1 ,R 2 )
5.xMac←f 1 (K,O,ID SN )
6.xRes←challenge(K,O,ID SN )
7.hxRes←h(R 1 ,xRes)
8.K SEAF ←keyseed(K,O,ID SN )
9.EK←E PKSN (ε xRes (K SEAT ,SUPI))
10.rex_id←h(hxRex,xMac,EK C )
11.HN registers the transaction(EK C ,xMac,hxRes,req_id,res_id)
6) Response of SN to UE
The SN receives the HN's response through the corresponding smart contract function. It then redirects the response hn_r portion of the xMac and HN to the user. The SN saves other parts to use them after receiving a response from the user.
7) User's final response to SN
The user takes the following actions when receiving the serial number response:
merging R 1 ,R 2 To calculate O;
input O and ID SN To function f 1 A Mac is created.
The user then checks the Mac above with the xca received from the SN. If Mac does not match xMac, then authentication fails. Otherwise, the authentication is accepted in response to not being tampered with.
Using inputs O and ID SN Calculates Res by a challenge function;
using inputs O and ID SN Is (are) keyThe function obtains the session key; finally, res is sent back to SN.
Algorithm 4 user response to sequence number
Input:xMac,HN_R
1.O←(R 1 ,R 2 )
2.if(xMac≠f 1 (K,O,ID SN ))then abort
3.Res←challenge(K,O,ID SN )
4.K SEAF ←keyseed(K,O,ID SN )
5.Send Res to the SN
After receiving the user response, the SN calculates a hash of Res and compares it to hxRes. Checking true indicates that the user is authenticated by the SN. Now, the SN is able to decrypt the EKI, first asymmetrically decrypting with its private key, then symmetrically decrypting with Res, obtaining K separately SEAF And SUPI. From now on, the user can use the established session key K SEAF Communicates with the SN.
The technical scheme of the invention is further described below with reference to specific embodiments.
The participants of the present invention have Users (UE), service Networks (SN), home Networks (HN), intelligent contracts (SC) for HN that need authentication. The UE refers to a smart phone and an internet of things device carried by a user, the HN is a Mobile Network Operator (MNO) responsible for registering a terminal user, and the SN refers to an MNO for the terminal to enter into a service area thereof to use roaming service.
First, a smart contract phase is created. Each home network creates its own smart contract and publishes its address to inform operators desiring to provide roaming services to HN subscribers.
Second, the service discovery and authentication phase. When a roaming UE attempts to connect to a visited network, the network first attempts to find out if the UE is a visitor from another MNO. Immediately after discovery is performed, the identity of the user must be verified, and the user must be registered as a roaming user in the SN.
Finally, bill settlement stage. The smart contract is responsible for specifying charging rules and triggering payments from HN to SN according to the specific consensus mechanism used by the blockchain network.
1. Creating smart contracts phase
Each home network creates its own smart contract and publishes its address to inform operators desiring to provide roaming services to HN subscribers. All subsequent communications between the home network and the serving network are accomplished by invoking the function of this smart contract. For example, the HN and SN may negotiate and establish a smart contract on the blockchain that is triggered when a transaction with ticket data is sent to a smart contract address. Then, when the transaction is validated and added to the blockchain, all consensus participants execute the contract code and trigger events according to the agreement terms written in the contract.
2. Service discovery and identity authentication phase
When a roaming UE attempts to connect to a visited network, the network first attempts to find out if the UE is a visitor from another MNO. After the discovery phase is performed, the identity of the user must be verified immediately and the user must be registered as a roaming user in the SN. Authentication of the user is performed using rules of the smart contract. And a alliance chain is used as a safety channel between the HN and the SN, and the nodes are all approved and checked, so that the risk of malicious nodes can be greatly reduced.
The identity authentication process comprises the following steps:
1) Stage 1 initial request of SN
The user enters the external network element and receives an authentication request to join the SN. This step is triggered after the terminal completes a Radio Resource Control (RRC) procedure with the gNB and sends a request message to the Mobility Management Entity (MME). SN generates a random number (R 1 ) And combines it with an identifier (ID SN ) And sending the message to the user.
2) Initial user response
At this stage, the user calculates the sui by:
randomly generating R 2 ;
For SUPI, R 1 、R 2 、ID SN The composed message is encrypted using the public key of the HN, and the encryption is combinedFruit put into UI C ;
Creating a containment UI C And its HN Identifier (ID) HN ) Is provided.
The user then sends the SUCI to the SN.
3) Through SN registration request
After receiving the user response, SN calculates R 1 、ID SN 、ID HN And a hash value of the sui, the unique identifier of the authentication request is represented by req_id. Finally, the SN will be registered with the HN's smart contract with a transaction request, which will be defined by req_if, ID SN And the identity authentication request composed of the sui is sent to the HN.
4) Forwarding requests to HNs
After receiving the request, the smart contract first looks up the authentication record by using the req_id to prevent duplicate attacks. If the incoming request is determined to be a new request, it is redirected to the HN agent. Otherwise, the request will be denied and the transaction will be resumed. At this stage, the primary purpose of the smart contracts is to prevent replay attacks from malicious SNs.
5) Responsive to HN registration
Upon receiving the response of the smart contract, the HN takes the following actions:
using an ID located at the SUCI HN Checking its identifier;
decrypting a UI with a private key of an HN C Obtaining SUPI, R 1 、R 2 、ID SN ;
Verifying req_id and ID SN 、R 1 、ID HN The hash results of the sui are equal.
If any of the above conditions is not met, the authentication process will stop. Otherwise, HN continues to:
by combining R 1 ,R 2 Combining to produce O;
by inputting O and ID SN To f 1 Calculating an xMac of the message;
with O and ID SN For input, calculating xRes using a challenge function;
hxRes is R 1 And xRes, a hash result;
by inputting O and ID SN To a key function to calculate K SEAF ;
An EK with double encryption is generated. Symmetrically encrypting the session key and the SUPI through xRES; then carrying out asymmetric encryption on the result and the public key of the SN;
by obtaining the hash results of hxRes and xMac, a unique identifier, called res_id, is created for the response message.
Since EK is obtained by encrypting user information by a key, SN can access user-related information only after authentication is successful.
Finally, the HN registers a transaction on the blockchain containing EK, xMax, hxRes, req _id and res_id using the corresponding smart contract function.
6) Response of SN to UE
The SN receives the HN's response through the corresponding smart contract function. It then redirects the xMax and hn_r portions to the user. The SN saves other parts to use them after receiving a response from the user.
7) User's final response to SN
The user takes the following actions when receiving the serial number response:
merging R 1 ,R 2 To calculate O;
using inputs O and ID SN Bond f of (2) 1 A Mac is created.
The user then checks the Mac above with xMax received from the SN. If Mac does not match xMac, then authentication fails. Otherwise, the authentication is accepted in response to not being tampered with.
Using inputs O and ID SN Calculates Res by the challenge function;
using inputs O and ID SN Obtaining a session key by a key function of (a); finally, res is sent back to SN.
After receiving the user response, the SN calculates a hash of Res and compares it to hxRes. Checking true indicates that the user is authenticated by the SN. Now, the SN is able to decrypt the EK, first asymmetrically decrypting with its private key, then symmetrically decrypting with Res, respectively obtainingObtaining K SEAF And SUPI. From now on, the user can use the established session key K SEAF Communicates with the SN.
3. Bill settlement stage
After authentication is completed, the SN provides service for the user, after the service is finished, the SN can settle the bill information such as service time, generated cost and the like by calling the intelligent contract and HN on the blockchain, and then the bill is packed and written into the block.
The blockchain network is also used to record all charging-related activities performed by the accessing user. For example, when a roaming user initiates a voice call or uses data traffic, it may be recorded in the blockchain. Also, when the call ends, the duration of the call or the amount of data consumed is stored. The smart contract is responsible for specifying charging rules and triggering payments from HN to SN according to the specific consensus mechanism used by the blockchain network. This approach completely eliminates reliance on third parties (e.g., information exchanges).
The effect of the application of the present invention will be described in detail with reference to security analysis.
The invention adopts random numbers to replace serial number parameters, and can solve the problem of tracking users caused by synchronization or the user activity monitoring attack caused by serial number leakage; by using the alliance chain as a safety channel, the node can join the blockchain network after authentication and is used as a complete node, thereby preventing malicious users, ensuring the safety of the scheme and improving the anonymity of the users. Each authentication request is provided with a unique identifier to prevent replay attacks. The intelligent contract is used for realizing data exchange and bill settlement between mobile operators, so that the settlement accuracy is ensured, and the dependence on a third party organization is eliminated.
An application embodiment of the present invention provides a computer device including a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of a blockchain-based roaming cross-domain authentication method.
An application embodiment of the present invention provides a computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of a blockchain-based roaming cross-domain authentication method.
The embodiment of the invention provides an information data processing terminal which is used for realizing a roaming cross-domain authentication system based on a block chain.
The implementation of the invention is divided into three parts, namely, intelligent contract creation, service discovery, identity authentication and bill settlement.
1. A smart contract is created. The home network creates its own smart contract and publishes its address to inform other operators desiring to provide roaming services to HN subscribers. All subsequent communications between the home network and the serving network are accomplished by invoking a function of this smart contract. For example, the HN and SN may negotiate and establish a smart contract on the blockchain that is triggered when a transaction with ticket data is sent to a smart contract address. Then, when the transaction is validated and added to the blockchain, all consensus participants execute the contract code and trigger an event according to the agreement terms written in the contract, e.g., the HN automatically pays to the SN according to the agreement.
2. Service discovery and identity authentication. When a roaming user equipment attempts to connect to a visited network, the network first attempts to find out whether the user equipment is a visitor from another mobile network operator; after the discovery is executed, the identity of the user must be verified immediately, and after the verification is successful, the user is registered as a roaming user in the service network; for example, when a user attempts to access a network of another security domain, the network discovers that the user is from the other security domain, a new block is formed on the blockchain specifying the user's new location, identifiers of HN and SN, and a discovery timestamp. And then, using a cross-domain authentication protocol to authenticate the identity of the user, registering the user as a roaming user in the SN after the authentication is successful, and enabling the access user to access the authorization service in the SN after the registration is successfully completed.
3. And (5) bill settlement. The blockchain network records all charging-related activities performed by the accessing user. After authentication is completed, the SN provides service for the user, after the service is finished, the SN can settle the bill information such as service time, generated cost and the like by calling the intelligent contract and HN on the blockchain, and then the bill is packed and written into the block. For example, when a roaming user initiates a voice call or uses data traffic, it may be recorded in the blockchain. Also, when the call ends, the duration of the call or the amount of data consumed is stored. The smart contract is responsible for specifying charging rules and triggering payments from HN to SN according to the specific consensus mechanism used by the blockchain network. This approach completely eliminates reliance on third parties (e.g., information exchanges).
In the present invention, an organization in two or more domains may establish trust relationships through the blockchain, while an organization joining the blockchain network requires permissions from other organizations. Thus, organizations joining blockchains trust each other, as do their domains. When two domains establish a trust relationship they trust entities that have authenticated to each other, so that entities can perform cross-domain identity authentication between the domains.
The roaming system in the present invention is abstracted into four implementation layers. The hierarchical model is composed of a network layer, a consensus layer, a contract layer and an application layer from bottom to top. The system encrypts data generated by the interaction of HN and SN, and the endorsement node packs the uploaded data into blocks according to the block generation strategy. After receiving the block, the submitting node checks each transaction in the block, checks whether the input and output of the transaction dependence accords with the state of the current block chain, and appends the block to the local block chain after the completion. The data cannot be changed after being uplinked. The user can perform related operations such as querying, downloading and the like on the required data according to the intelligent contracts created by the system.
The network layer is responsible for shaping the encrypted data and organizing the data blocks in time order to provide security and privacy for the blockchain network. And synchronizing the packaged blocks to nodes in the network.
The consensus layer ensures reliable data synchronization in point-to-point connections. In the roaming use case of the present invention, the system provides the network participants with the advantage of information sharing and peer-to-peer transactions between authorized organizations by forming a federated blockchain, relying on a licensed system. Furthermore, since the consensus mechanism in the system is semi-centralized, a higher processing throughput is provided. The federation chain Fabric is equipped with channels, like a communication subnetwork between two or more network members. These channels may increase the scalability of the network as the number of authorized users increases.
The contract layer relates to intelligent contracts deployed on a distributed virtual system. It provides a user-defined business logic aimed at automatically executing the contents of a smart contract between cross-authorized organizations according to an agreement defining the rules of the smart contract. Thereafter, the contract is installed in the blockchain network, and its self-executable nature may generate new transactions immediately after the new data is uploaded to the distributed ledger. These transactions processed by the smart contracts are added to the blockchain after validation by the consensus mechanism.
The application layer serves as a sandbox runtime environment and comprises functions of user registration, information transmission, information inquiry, bill settlement and the like.
It should be noted that the embodiments of the present invention can be realized in hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or special purpose design hardware. Those of ordinary skill in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such as provided on a carrier medium such as a magnetic disk, CD or DVD-ROM, a programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The device of the present invention and its modules may be implemented by hardware circuitry, such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, etc., or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., as well as software executed by various types of processors, or by a combination of the above hardware circuitry and software, such as firmware.
The foregoing is merely illustrative of specific embodiments of the present invention, and the scope of the invention is not limited thereto, but any modifications, equivalents, improvements and alternatives falling within the spirit and principles of the present invention will be apparent to those skilled in the art within the scope of the present invention.
Claims (10)
1. The roaming cross-domain authentication method based on the blockchain is characterized by comprising the following steps of: creating intelligent contracts, each local network creating its own intelligent contract and publishing its address to inform operators desiring to provide roaming services to their subscribers; performing service discovery and identity authentication, when a roaming user equipment tries to connect to a visited network, first discovering whether the equipment is a visitor to another mobile network operator, verifying the identity of the user, and registering the user as a roaming user in a serving network; bill settlement is performed through an intelligent contract that is responsible for setting charging rules and triggering payment from the home network to the serving network according to a consensus mechanism used by the blockchain network.
2. The method according to claim 1, wherein in the step of creating intelligent contracts, each local network created intelligent contract is a program stored in a blockchain network, and is composed of a set of user created rules, and when these rules are satisfied, the contracts will be automatically executed by a consensus mechanism, enabling an automated, human intervention free service.
3. The method according to claim 1, wherein in the step of service discovery and authentication, when the roaming user equipment attempts to connect to the visited network, it is first discovered whether the equipment is a visitor to another mobile network operator, this operation occurring on the blockchain and generating a new block specifying the new location of the user, the identifiers of the home network and the serving network, and the discovered time stamp; the system adopts a block chain based authentication and key agreement protocol to carry out identity authentication on the user.
4. The method of claim 1, wherein the blockchain-based authentication and key agreement protocol includes the steps of: an initial request of a service network generates a random number and sends the random number and an identifier to a user; initial user response, calculating and generating a response message; a registration request of a service network calculates a hash value and sends an identity verification request to a home network; forwarding the request to the home network, the intelligent contract preventing replay attacks; the registration response of the home network verifies the hash result, generates a session key and registers the transaction; the service network responds to the user equipment and redirects the response to the user equipment; and finally responding the service network by the user equipment, judging whether the authentication is successful or not and returning a session key.
5. The method according to claim 1, wherein in the step of billing, the blockchain network is used to record all charging related activities performed by the visiting user, including initiating a voice call or using data traffic, and duration of time at call end or amount of data consumed; the smart contract triggers payment from the home network to the services network according to the set charging rules.
6. The method of claim 1, wherein all intelligent contract, service discovery, identity authentication, bill settlement operations are performed on a blockchain.
7. A blockchain-based roaming cross-domain authentication system, comprising:
an intelligent contract creation module: each home network creates its own smart contract and publishes its address to inform operators desiring to provide roaming services to HN subscribers;
service discovery and identity authentication module: when a roaming UE attempts to connect to a visited network, the network first attempts to find out if the UE is a visitor from another MNO; immediately after performing discovery, the identity of the user must be verified, and the user must be registered as a roaming user in the SN;
bill settlement module: the smart contract is responsible for specifying charging rules and triggering payments from HN to SN according to the specific consensus mechanism used by the blockchain network.
8. A computer device comprising a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of the blockchain-based roaming cross-domain authentication method of any of claims 1-6.
9. A computer readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of the blockchain-based roaming cross-domain authentication method of any of claims 1-6.
10. An information data processing terminal for implementing the blockchain-based roaming cross-domain authentication system of claim 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311304823.9A CN117614600A (en) | 2023-10-10 | 2023-10-10 | Roaming cross-domain authentication method, system, equipment and terminal based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311304823.9A CN117614600A (en) | 2023-10-10 | 2023-10-10 | Roaming cross-domain authentication method, system, equipment and terminal based on block chain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117614600A true CN117614600A (en) | 2024-02-27 |
Family
ID=89952207
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311304823.9A Pending CN117614600A (en) | 2023-10-10 | 2023-10-10 | Roaming cross-domain authentication method, system, equipment and terminal based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117614600A (en) |
-
2023
- 2023-10-10 CN CN202311304823.9A patent/CN117614600A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Cremers et al. | Component-based formal analysis of 5G-AKA: Channel assumptions and session confusion | |
| Tuna et al. | A survey on information security threats and solutions for Machine to Machine (M2M) communications | |
| Nakhjiri et al. | AAA and network security for mobile access: radius, diameter, EAP, PKI and IP mobility | |
| TWI293844B (en) | A system and method for performing application layer service authentication and providing secure access to an application server | |
| US20190207762A1 (en) | Communication method, apparatus and system, electronic device, and computer readable storage medium | |
| Hojjati et al. | A blockchain-based authentication and key agreement (AKA) protocol for 5G networks | |
| RU2404520C2 (en) | Method for provision of signature key for digital signature, verification or coding of data, and also mobile terminal | |
| US9270700B2 (en) | Security protocols for mobile operator networks | |
| EP2767029B1 (en) | Secure communication | |
| CN109428874A (en) | Register method and device based on serviceization framework | |
| Xue et al. | A distributed authentication scheme based on smart contract for roaming service in mobile vehicular networks | |
| Hu et al. | Advances in security and payment methods for mobile commerce | |
| US8234497B2 (en) | Method and apparatus for providing secure linking to a user identity in a digital rights management system | |
| JP2023544529A (en) | Authentication methods and systems | |
| WO2019056971A1 (en) | Authentication method and device | |
| Sah et al. | A security management for cloud based applications and services with diameter-AAA | |
| Kara et al. | VoIPChain: A decentralized identity authentication in Voice over IP using Blockchain | |
| Zhao et al. | Operation and security considerations of federated learning platform based on compute first network | |
| WO2021099675A1 (en) | Mobile network service security management | |
| Gao et al. | Bc-aka: Blockchain based asymmetric authentication and key agreement protocol for distributed 5g core network | |
| Huang et al. | Design and verification of secure mutual authentication protocols for mobile multihop relay WiMAX networks against rogue base/relay stations | |
| Goswami et al. | An esim-based remote credential provisioning and authentication protocol for IoT devices in 5G cellular network | |
| CN117614600A (en) | Roaming cross-domain authentication method, system, equipment and terminal based on block chain | |
| Buccafurri et al. | Exploiting digital identity for mobility in fog computing | |
| Lei et al. | 5G security system design for all ages |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |