CN105873059A - United identity authentication method and system for power distribution communication wireless private network - Google Patents
United identity authentication method and system for power distribution communication wireless private network Download PDFInfo
- Publication number
- CN105873059A CN105873059A CN201610408013.1A CN201610408013A CN105873059A CN 105873059 A CN105873059 A CN 105873059A CN 201610408013 A CN201610408013 A CN 201610408013A CN 105873059 A CN105873059 A CN 105873059A
- Authority
- CN
- China
- Prior art keywords
- authentication
- identity certification
- terminal
- combined identity
- algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to a united identity authentication method and system for a power distribution communication wireless private network. The method comprises the following steps of acquiring a network access attachment request initiated by a terminal through a core network of the power distribution communication wireless private network, wherein the network access attachment request contains united identity authentication parameters of the terminal; transmitting an access request to a secondary authentication gateway by the core network after the terminal passes authentication certification; receiving a secondary authentication result of the secondary authentication gateway for the terminal according to the united identity authentication parameters by the core network; transmitting network access success information and carrying information to a base station and the terminal by the core network if the secondary authentication result is passing authentication; transmitting network access failure information to the terminal by the core network if the secondary authentication result is failing in authentication. Secondary authentication is performed when the terminal accesses the network, the safety performance of the power distribution communication wireless private network is effectively improved, and distribution communication wireless private network application requiring high real-time performance can be met.
Description
Technical field
The present invention relates to wireless private network field of communication security, particularly relate to a kind of power distribution communication wireless private network
Combined identity certification method and system.
Background technology
The certifiede-mail protocol scheme of suggestion, EPS-AKA it is organized in its standard document as 3GPP
(Evolved Packet System-Authentication and Key Agreement) is the core of LTE network safety
The heart and basis.EPS-AKA is that the 3G-AKA scheme from 3G network develops, and has continued and had recognized in the past
" challenge/response " flow process of card scheme, by between LTE user terminal (UE, User End) and network
Mutual authentication process, complete the negotiation of session key, carry out encrypted work for follow-up communication, it is provided that be logical
The safety guarantee of letter.
But, in the application of power distribution communication LTE wireless private network, EPS-AKA scheme yet suffer from as follows
Serious security breaches:
(1) enter with MME (Mobility Management Entity, mobile management entity) for the first time at UE
During row communication, or when MME cannot find the IMSI of correspondence from the S-TMSI (temporary identifications) of UE
(International Mobile Subscriber Identification Number, international mobile subscriber identity)
Time, network may require that UE sends IMSI.Owing to IMSI is to pass in wireless channel with plaintext version
Defeated, it is possible to can the person of being hacked intercept and capture, so being easy for IMSI to leak to assailant, such user is very
Easily tracked or attacked by pseudo-base station, and then the danger that initiation UE is positioned and follows the trail of, in some instances it may even be possible to
Cause the danger such as the illegal Network Active Attacks, the Denial of Service attack that cause because subscriber identity information is stolen
Event;
(2) between HSS (Home Subscriber Server, home signature user server) and MME
Key message such as SNID (service network identity), the AV (Ciphering Key group) of transmission are unprotected.
SNID, AV of plaintext transmission is likely to be ravesdropping and intercept and capture, and identification information included in it etc. is important
Data can become next step basis attacked of assailant;
(3) using symmetric key cryptography system due to LTE, transmission and the distribution of key can be along with in networks
Equipment increases and becomes complicated, and safety is also difficult to be maintained, it is impossible to meet next generation network to highly reliable
Property and the requirement of motility.
Currently for above-mentioned potential safety hazard, the application of power distribution communication LTE wireless private network, part have employed end and arrives
The safe enhanced scheme of the information encryption of end, i.e. by introducing encrypted card, network side introducing encryption in end side
Equipment, by the privately owned algorithm of private network, carries out safe encryption to business datum, it is achieved the peace of LTE transmission
Quan Xing, but have the disadvantage in that
(1) each business data packet is required for the encryption and decryption process through terminal and network, will be substantially
Increase propagation delay time, it is impossible to be applicable to the application scenarios the highest to requirement of real-time;
(2) all of business datum is required for processing through privacy device encryption and decryption, and privacy device easily becomes
The bottleneck of network;
(3) information encipherment scheme is encrypted just for business datum end to end, and unresolved LTE is wireless specially
The secure accessing problem of net, the most counterfeit terminal still can access LTE network, be still able to net after access
Network equipment produces to attack and threatens, such as attack privacy equipment;
(4) there is multiple implementation in business information encryption end to end, terminal needs carry out hardware and software and changes
Making, core net also likely to be present the workload of transformation, do not possess versatility, generalization is poor.Once encrypt
Scheme and algorithm are open, can face again and crack risk as 3GPP security architecture.
Summary of the invention
Based on this, for solving the problems of the prior art, the present invention provides a kind of power distribution communication wireless private network
Combined identity certification method and system, improve the security performance of power distribution communication wireless private network.
For achieving the above object, the embodiment of the present invention is by the following technical solutions:
The combined identity certification method of a kind of power distribution communication wireless private network, comprises the steps:
The core net of power distribution communication wireless private network obtains the networking attachment request that terminal is initiated, the described attachment that networks
Request includes the combined identity certification parameter of described terminal;
Described core net, after passing through the authentication of described terminal, sends to re-authentication gateway that access please
Ask;Described access request includes described combined identity certification parameter;
Described core net receives described re-authentication gateway according to described combined identity certification parameter to described terminal
Carry out the result of re-authentication;
Passing through if the result of described re-authentication is certification, the most described core net sends to base station and described terminal
Networking successful information and carrying information;
If the result of described re-authentication is authentification failure, the most described core net sends to network to described terminal and loses
Lose information.
The embodiment of the present invention also provides for the combined identity certification system of a kind of power distribution communication wireless private network, including two
Secondary authentication gateway, terminal and the processing system in being arranged on the core net of power distribution communication wireless private network;Described
Processing system includes:
Acquisition module, for obtaining the networking attachment request that terminal is initiated, the described attachment request that networks includes
The combined identity certification parameter of described terminal;
Authentication module, for carrying out authentication to described terminal;
Access request module, for after the authentication of described terminal passes through, sends to re-authentication gateway
Access request;Described access request includes described combined identity certification parameter;
Receiver module, is used for receiving described re-authentication gateway according to described combined identity certification parameter to described
Terminal carries out the result of re-authentication;
First notification module, for the result of described re-authentication be certification pass through time, to base station and described
Terminal sends networking successful information and carrying information.
Second notification module, for when the result of described re-authentication is authentification failure, sends out to described terminal
Send into net failure information.
The combined identity certification method of the power distribution communication wireless private network that the present invention provides and system, belong to access control
The safe enhancement techniques scheme in preparative layer face, the potential safety hazard existed for EPS-AKA and existing solution
Deficiency, carry out re-authentication when accessing terminal to network, be effectively increased the peace of power distribution communication wireless private network
Full performance, and the power distribution communication wireless private network application the highest to requirement of real-time can be met.It addition, this reality
Execute in example provide technical scheme with in prior art end to end information encipherment scheme there is no any conflict, can
Associating deployment.Technical scheme in the present embodiment does not change existing LTE architectural framework, need not to base station,
Equipment of the core network does large-scale redevelopment work, it is only necessary to terminal carries out simple software enhancing, thus possesses
Versatility, generalization is higher.Meanwhile, in the technical scheme provided in the present embodiment, recognized by identity federation
Card parameter achieves the associating to multiple terminal identity information (such as service terminal ID, MAC Address etc.)
Certification, supports the encryption to terminal identity information, and this AES is supported by private network only completely
Vertical exploitation and management, further enhancing the safety of power distribution communication wireless private network.
Accompanying drawing explanation
Fig. 1 is the Organization Chart of the power distribution communication wireless private network in the present invention;
Fig. 2 be the combined identity certification method of the power distribution communication wireless private network of the present invention in one embodiment
Schematic flow sheet;
Fig. 3 is sequential chart during combined identity certification success in the embodiment of the present invention;
Fig. 4 is sequential chart during combined identity certification failure in the embodiment of the present invention;
Fig. 5 is the online updating schematic flow sheet of combined identity certification algorithm in the embodiment of the present invention;
Fig. 6 is that in the embodiment of the present invention, re-authentication gateway carries out two according to combined identity certification parameter to terminal
The schematic flow sheet of secondary certification;
Fig. 7 be the combined identity certification system of the power distribution communication wireless private network of the present invention in one embodiment
Structural representation.
Detailed description of the invention
Below in conjunction with preferred embodiment and accompanying drawing, present disclosure is described in further detail.Obviously,
Embodiment described below is only used for explaining the present invention, rather than limitation of the invention.Based in the present invention
Embodiment, those of ordinary skill in the art obtained under not making creative work premise all its
His embodiment, broadly falls into the scope of protection of the invention.It should be noted that, for the ease of describing, in accompanying drawing
Illustrate only part related to the present invention rather than full content.
Fig. 1 is the Organization Chart of the power distribution communication wireless private network in the present invention, in FIG, re-authentication gateway
(Remote Authentication Dial In User Service, remote customer dialing authentication takes can to pass through Radius
Business) interface is connected with SAE-GW (System Architecture Evolution gateway).Fig. 2 is the power distribution communication of the present invention
The combined identity certification method of wireless private network schematic flow sheet in one embodiment, the method for the present embodiment
Can be performed by the core net of power distribution communication wireless private network.As in figure 2 it is shown, the distribution in the present embodiment leads to
The combined identity certification method of letter wireless private network comprises the following steps:
Step S110, the core net of power distribution communication wireless private network obtains the networking attachment request that terminal is initiated, institute
State the attachment request that networks and include the combined identity certification parameter of described terminal;
In the present embodiment, the core net of power distribution communication wireless private network includes HSS, MME, SAE-GW etc.
Network element.When terminal needs to access electric power main station system, need to access power distribution communication wireless network, therefore initiate
Network attachment request (Attach Request), and this networking attachment request is sent to core net by base station, this networking
Comprising the combined identity certification parameter of terminal in attachment request, this combined identity certification parameter is for this terminal
Carry out re-authentication.
In the optional embodiment of one, terminal is before initiating networking attachment request, by calling associating body
Part identifying algorithm obtains combined identity certification parameter.Wherein, combined identity certification algorithm can be by re-authentication net
Closing and provide and management, re-authentication gateway supports the connection for different terminal types, producer and operating system
The management of fit part identifying algorithm and download function, the most also support the renewal of combined identity certification algorithm.Connection
Fit part identifying algorithm contains terminal identity information and (includes International Mobile Equipment Identity code IMEI, international shifting
Dynamic user identification code IMSI, integrated circuit handset serial ICCID and user terminal MAC Address, industry
Business Termination ID number wait terminal identity information) combination selection and encryption function, accordingly, pass through identity federation
The combined identity certification parameter that identifying algorithm obtains is made up of terminal identity information, how to form and how to exist
Transmission over networks has all carried out encryption, to ensure the safety that data are transmitted.Combined identity certification algorithm
Support unified interface, call for terminal.
Will be unable to access power distribution communication wireless private network, terminal owing to not downloading the terminal of combined identity certification algorithm
Combined identity certification algorithm must be correctly configured and power distribution communication wireless private network could be normally accessed.In terminal first
When accessing power distribution communication wireless private network, when i.e. terminal sends networking attachment request first, there is following two mode
Initial configuration combined identity certification algorithm:
(1) terminal is used to dispatch from the factory pre-configured
Terminal is provided with combined identity certification algorithm in advance before dispatching from the factory, the combined identity certification that this is pre-configured with is calculated
Method is the combined identity certification algorithm of acquiescence, and terminal, when accessing power distribution communication wireless private network first, is called
The combined identity certification algorithm that this is pre-configured with obtains combined identity certification parameter.The identity federation being pre-configured with
Identifying algorithm can only extract international mobile subscriber identity IMSI and the International Mobile Equipment Identity code of terminal
IMEI the two terminal identity information, and carry out initial re-authentication in clear text manner, i.e. it is pre-configured with
Combined identity certification algorithm terminal identity information is not encrypted.Terminal access first power distribution communication without
Start the more new technological process of combined identity certification algorithm after line private network at once, obtain more in re-authentication gateway
The combined identity certification algorithm of safety.
(2) re-authentication gateway provides the combined identity certification algorithm off-line download function that terminal is first
Re-authentication gateway pushes combined identity certification algorithm by interface to terminal, and terminal off-line downloads secondary
The combined identity certification algorithm that authentication gateway provides, equally, accesses power distribution communication wireless private network first in terminal
After start the more new technological process of combined identity certification algorithm at once, obtain safer in re-authentication gateway
Combined identity certification algorithm.
Step S120, described core net is after passing through the authentication of described terminal, to re-authentication gateway
Send access request;Described access request includes described combined identity certification parameter;
After core net obtains the Attach Request that terminal sends, initiating terminal bi-directional authentification certification and safety
Encryption flow Authentication/Security.With reference to the combined identity certification success sequential chart shown in Fig. 3,
MME initiates UE, HSS bi-directional authentification certification, can refer to prior art as concrete authentication process,
It will not go into details herein.
After authentication passes through, core net sends access request Access-Request to re-authentication gateway;
Access request includes described combined identity certification parameter.
In the optional embodiment of one, with reference to shown in Fig. 3, core net sends to re-authentication gateway and visits
Ask that the process of request includes:
MME closes to send to SAE-GW (System Architecture Evolution gateway) and creates conversation request Create Session
Request, creates and comprises Deta bearer foundation request and the combined identity certification parameter of terminal in conversation request.
Then SAE-GW receives Create Session Request, it is thus achieved that the authentication parameter of terminal, and according to
The authentication parameter of terminal generates Access-Request, and Access-Request is sent to re-authentication net
Close.
Step S130, described core net receives described re-authentication gateway according to described combined identity certification parameter
Described terminal is carried out the result of re-authentication;Pass through if the result of described re-authentication is certification, then enter
Step S140;If the result of described re-authentication is authentification failure, then enter step S150;
The combined identity certification parameter that re-authentication gateway is uploaded according to terminal carries out re-authentication to terminal, and
Re-authentication result is fed back to core net.With reference to shown in Fig. 3, if certification is passed through, re-authentication gateway to
Core net replys Access-Accept;If authentification failure, then with reference to the combined identity certification failure shown in Fig. 4
Sequential chart, re-authentication gateway replys Access-Reject to core net.
Step S140, described core net sends networking successful information and carrying information to base station and described terminal;
After re-authentication passes through, core net sends networking successful information and carrying information to base station and terminal,
In the optional embodiment of one, with reference to shown in Fig. 3, after re-authentication passes through, SAE-GW completes number
According to the foundation of face carrying, reply Create Session Response to MME, Create Session Response
In comprise carrying information;MME sends Initial Context Setup Request/Attach Accept to base station,
Notifying base station and terminal networking successful information and carrying information, flow process afterwards is consistent with the description in 3GPP,
Final terminal is successfully accessed power distribution communication wireless private network, and hereafter terminal may have access to electric power main station system.
Step S150, described core net sends networking failure information to described terminal.
After re-authentication failure, core net sends networking failure information to terminal.Shown in reference Fig. 4,
SAE-GW notice MME carrying is set up unsuccessfully, and MME sends networking failure information to terminal.
The combined identity certification method of the power distribution communication wireless private network provided in the present embodiment, belongs to Access Control
The safe enhanced scheme of aspect, the potential safety hazard existed for EPS-AKA and the deficiency of existing solution,
Carry out re-authentication when LTE terminal access network, be effectively increased the safety of power distribution communication wireless private network
Can, and the power distribution communication wireless private network application the highest to requirement of real-time can be met.It addition, the present embodiment
The technical scheme of middle offer with in prior art end to end information encipherment scheme there is no any conflict, can combine
Dispose.Technical scheme in the present embodiment does not change existing LTE architectural framework, need not be to base station, core
Net equipment does large-scale redevelopment work, it is only necessary to terminal carries out simple software enhancing, thus possesses general
Property, generalization is higher.Meanwhile, the technical scheme support provided in the present embodiment is to multiple terminal identity information
The joint qualification of (such as service terminal ID, MAC Address etc.), supports the encryption to terminal identity information
Process, and this AES is supported, by power distribution communication wireless private network stand-alone development and management, to enter one completely
Step enhances the safety of private network.
In the optional embodiment of one, the identity federation of the power distribution communication wireless private network in the present embodiment is recognized
Card method, also provides for the online updating function of combined identity certification algorithm.With reference to shown in Fig. 5, connect in terminal
After entering power distribution communication wireless private network, send identifying algorithm by the data path set up to re-authentication gateway
Version querying request Version-Query, re-authentication gateway receives this identifying algorithm version querying request
After Version-Query, check the version information of combined identity certification algorithm, and to terminal feedback Query Result
Version-Query-Ack。
Terminal receives re-authentication gateway looking into according to identifying algorithm version querying request Version-Query feedback
Ask result Version-Query-Ack, if terminal judges to find the connection of redaction according to Version-Query-Ack
Fit part identifying algorithm, then from the combined identity certification algorithm of re-authentication gateway downloads redaction, then add
Carry the combined identity certification algorithm of redaction, and send version updating information to re-authentication gateway
Version-Notify.The version updating information Version-Notify record that re-authentication gateway sends according to terminal
The version information of the combined identity certification algorithm corresponding with terminal, and can be to terminal feedback
Version-Notify-Ack, notice terminal has updated the version information of corresponding combined identity certification algorithm.If
Terminal judges not find the combined identity certification algorithm of redaction according to Query Result, then re-authentication gateway is still
Keep the version information of original combined identity certification algorithm corresponding with terminal.
During the online updating of combined identity certification algorithm, if Version-Notify makes a mistake or loses
Lose, the combined identity certification algorithm step-out between terminal and re-authentication gateway will be there is, at terminal and secondary
During authentication gateway step-out, terminal uses new combined identity certification algorithm and combined identity certification parameter to network,
And the oldest combined identity certification algorithm of re-authentication gateway record, re-authentication failure can be caused.Pin
To this risk, re-authentication gateway also supports the synchronizing function of combined identity certification algorithm in the present embodiment,
Re-authentication gateway attempts the combined identity certification algorithm using this terminal to update after re-authentication failure
Try again certification, if certification is passed through, then records the version of the up-to-date combined identity certification algorithm of terminal
Information, it is ensured that Tong Bu with terminal.Concrete, in the optional embodiment of one, shown in reference Fig. 6,
The process that re-authentication gateway carries out re-authentication according to combined identity certification parameter to terminal includes:
After receiving access request, re-authentication gateway is according to the identity federation corresponding with terminal recorded
The version information of identifying algorithm determines the combined identity certification algorithm that described terminal is currently used.Then secondary is recognized
Terminal is entered by card gateway according to the combined identity certification algorithm that combined identity certification parameter and terminal are currently used
Row re-authentication.If certification is passed through, then reply Access-Accept to core net;If authentification failure, then two
Secondary authentication gateway is also replied not directly to core net, but the combined identity certification of check whether there is redaction is calculated
Method is issued, the most then use the combined identity certification algorithm of redaction and combined identity certification parameter to institute
State terminal to be authenticated;If it is not, then reply Access-Reject to core net.When the associating using redaction
Authentication algorithm and combined identity certification parameter are authenticated terminal and certification is passed through, then to core net
Reply Access-Accept, and update the version information of the combined identity certification algorithm corresponding with terminal;If
The most not authenticated, then reply Access-Reject to core net.Pass through above procedure, it is to avoid because of terminal
And during combined identity certification algorithm step-out between re-authentication gateway and the erroneous judgement caused, be effectively increased distribution
The reliability of communication wireless private network.
It should be noted that for aforesaid each method embodiment, in order to simplicity describes, it is all expressed as
A series of combination of actions, but those skilled in the art should know, and the present invention is not moved by described
The restriction of work order, because according to the present invention, some step can use other order or carry out simultaneously.
The combined identity certification method of the power distribution communication wireless private network according to the invention described above, the present invention also provides for
A kind of combined identity certification system of power distribution communication wireless private network, below in conjunction with the accompanying drawings and preferred embodiment to this
The combined identity certification system of the power distribution communication wireless private network of invention is described in detail.
Fig. 7 be the combined identity certification system of the power distribution communication wireless private network of the present invention in one embodiment
Structural representation.As it is shown in fig. 7, the combined identity certification system of the power distribution communication wireless private network in this embodiment
System, including in re-authentication gateway 100, terminal 200 and the core net being arranged on power distribution communication wireless private network
Processing system 300.Processing system 300 includes:
Acquisition module 31, for obtaining the networking attachment request that terminal 200 is initiated, the described attachment request that networks
Include the combined identity certification parameter of described terminal;
Authentication module 32, for carrying out authentication to terminal 200;
Access request module 33, for after the authentication of terminal 200 passes through, to re-authentication gateway 100
Send access request;Described access request includes described combined identity certification parameter;
Receiver module 34, is used for receiving re-authentication gateway 100 according to described combined identity certification parameter to end
End 200 carries out the result of re-authentication;
First notification module 35, for the result of re-authentication be certification pass through time, to base station and terminal 200
Send networking successful information and carrying information.
Second notification module 36, for when the result of re-authentication is authentification failure, sends to terminal 200
Networking failure information.
In the optional embodiment of one, access request module 33 includes the movement being arranged on described core net
Establishment conversation request sending module in management entity MME, and it is arranged on the system architecture of described core net
Establishment conversation request receiver module in evolution gateway SAE-GW and access request generation module.Create session
Request sending module creates conversation request for sending to System Architecture Evolution gateway, creates in conversation request and wraps
Request and combined identity certification parameter is set up containing Deta bearer.Create conversation request receiver module to be used for receiving
Create conversation request, it is thus achieved that authentication parameter.Access request generation module is for according to authentication parameter
Generate access request, and access request is sent to re-authentication gateway 100.
In the optional embodiment of one, with reference to shown in Fig. 7, terminal 200 includes that initial parameter obtains mould
Block 21, the combined identity certification that initial parameter acquisition module 21 off-line is downloaded re-authentication gateway 100 and provided is calculated
Method, obtains combined identity certification parameter according to combined identity certification algorithm;Or initial parameter acquisition module 21
Combined identity certification parameter is obtained by the combined identity certification algorithm being pre-configured with.
In the optional embodiment of one, referring now still to shown in Fig. 7, terminal 200 also includes:
Version querying request module 22, for after terminal 200 accesses power distribution communication wireless private network, by
The data path set up sends identifying algorithm version querying request to described re-authentication gateway 100;
Query Result receiver module 23, is used for receiving re-authentication gateway 100 according to identifying algorithm version querying
The Query Result of request feedback;
Download module 24, is used for when judging, according to Query Result, the combined identity certification algorithm finding redaction,
The combined identity certification algorithm of redaction is downloaded from re-authentication gateway 100;
Load feedback module 25, for loading the combined identity certification algorithm of redaction, and to re-authentication net
Close and send version updating information.Re-authentication gateway 100 is according to version updating information record and terminal 200 phase
The version information of corresponding combined identity certification algorithm.
In the optional embodiment of one, with reference to shown in Fig. 7, re-authentication gateway 100 includes:
Algorithm determines module 11, for calculating according to the combined identity certification corresponding with terminal 200 recorded
The version information of method determines the combined identity certification algorithm that terminal 200 is currently used;
Authentication module 12, for the associating body currently used according to combined identity certification parameter and terminal 200
Part identifying algorithm carries out re-authentication to terminal 200;
Check module 13, be used for when authentification failure, the combined identity certification algorithm of check whether there is redaction
Issue;The most then authentication module 12 uses combined identity certification algorithm and the combined identity certification of redaction
Parameter carries out re-authentication to terminal 200;
Information updating module 14, for when certification is passed through, updates the identity federation corresponding with terminal 200
The version information of identifying algorithm.
The combined identity certification system of above-mentioned power distribution communication wireless private network can perform what the embodiment of the present invention was provided
The combined identity certification method of power distribution communication wireless private network, possesses the corresponding functional module of execution method and useful
Effect.
Each technical characteristic of embodiment described above can combine arbitrarily, for making description succinct, the most right
The all possible combination of each technical characteristic in above-described embodiment is all described, but, if these skills
There is not contradiction in the combination of art feature, is all considered to be the scope that this specification is recorded.
Embodiment described above only have expressed the several embodiments of the present invention, and it describes more concrete and detailed,
But can not therefore be construed as limiting the scope of the patent.It should be pointed out that, for this area
For those of ordinary skill, without departing from the inventive concept of the premise, it is also possible to make some deformation and change
Entering, these broadly fall into protection scope of the present invention.Therefore, the protection domain of patent of the present invention should be with appended power
Profit requires to be as the criterion.
Claims (10)
1. the combined identity certification method of a power distribution communication wireless private network, it is characterised in that include walking as follows
Rapid:
The core net of power distribution communication wireless private network obtains the networking attachment request that terminal is initiated, the described attachment that networks
Request includes the combined identity certification parameter of described terminal;
Described core net, after passing through the authentication of described terminal, sends to re-authentication gateway that access please
Ask;Described access request includes described combined identity certification parameter;
Described core net receives described re-authentication gateway according to described combined identity certification parameter to described terminal
Carry out the result of re-authentication;
Passing through if the result of described re-authentication is certification, the most described core net sends to base station and described terminal
Networking successful information and carrying information;
If the result of described re-authentication is authentification failure, the most described core net sends to network to described terminal and loses
Lose information.
The combined identity certification method of power distribution communication wireless private network the most according to claim 1, its feature
Being, the described process to re-authentication gateway transmission access request includes:
Mobile management entity in described core net sends to System Architecture Evolution gateway and creates conversation request, institute
State and establishment conversation request comprises Deta bearer foundation request and described combined identity certification parameter;
Described System Architecture Evolution gateway receives described establishment conversation request, it is thus achieved that described authentication parameter;
Described System Architecture Evolution gateway generates described access request according to described authentication parameter, and by institute
State access request and be sent to described re-authentication gateway.
The combined identity certification method of power distribution communication wireless private network the most according to claim 1, its feature
It is, when described terminal initiates described networking attachment request first, obtains described associating in the following manner
Authentication parameter:
Described terminal off-line downloads the combined identity certification algorithm that described re-authentication gateway provides, according to described
Combined identity certification algorithm obtains described combined identity certification parameter;
Or described terminal obtains described combined identity certification by the combined identity certification algorithm being pre-configured with and joins
Number.
The combined identity certification method of power distribution communication wireless private network the most according to claim 3, its feature
It is, also includes:
Access after described power distribution communication wireless private network in described terminal, by the data path set up to described
Re-authentication gateway sends identifying algorithm version querying request;
Described terminal receives described re-authentication gateway looking into according to described identifying algorithm version querying request feedback
Ask result;
If described terminal judges to find the described combined identity certification algorithm of redaction according to described Query Result,
Then from the described combined identity certification algorithm of described re-authentication gateway downloads redaction;
The described combined identity certification algorithm of described terminal loads redaction, and send out to described re-authentication gateway
Send version updating information;Described re-authentication gateway is according to described version updating information record and described terminal phase
The version information of corresponding combined identity certification algorithm.
The combined identity certification method of power distribution communication wireless private network the most according to claim 4, its feature
Being, described re-authentication gateway carries out re-authentication according to described combined identity certification parameter to described terminal
Process include:
Described re-authentication gateway is according to the combined identity certification algorithm corresponding with described terminal recorded
Version information determines the combined identity certification algorithm that described terminal is currently used;
Described re-authentication gateway is according to the currently used connection of described combined identity certification parameter and described terminal
Fit part identifying algorithm carries out re-authentication to described terminal;
If authentification failure, the described combined identity certification of the most described re-authentication gateway check whether there is redaction
Algorithm is issued;
The most described re-authentication gateway uses the described combined identity certification algorithm of redaction and described
Described terminal is authenticated by combined identity certification parameter;If certification is passed through, then update relative with described terminal
The version information of the combined identity certification algorithm answered.
6. the combined identity certification system of a power distribution communication wireless private network, it is characterised in that include that secondary is recognized
Card gateway, terminal and the processing system in being arranged on the core net of power distribution communication wireless private network;Described process
System includes:
Acquisition module, for obtaining the networking attachment request that terminal is initiated, the described attachment request that networks includes
The combined identity certification parameter of described terminal;
Authentication module, for carrying out authentication to described terminal;
Access request module, for after the authentication of described terminal passes through, sends to re-authentication gateway
Access request;Described access request includes described combined identity certification parameter;
Receiver module, is used for receiving described re-authentication gateway according to described combined identity certification parameter to described
Terminal carries out the result of re-authentication;
First notification module, for the result of described re-authentication be certification pass through time, to base station and described
Terminal sends networking successful information and carrying information;
Second notification module, for when the result of described re-authentication is authentification failure, sends out to described terminal
Send into net failure information.
The combined identity certification system of power distribution communication wireless private network the most according to claim 6, its feature
Being, described access request module includes the establishment session being arranged in the mobile management entity of described core net
Request sending module, and it is arranged on the establishment conversation request in the System Architecture Evolution gateway of described core net
Receiver module and access request generation module;
Described establishment conversation request sending module creates conversation request for sending to System Architecture Evolution gateway,
Described establishment conversation request comprises Deta bearer and sets up request and described combined identity certification parameter;
Described establishment conversation request receiver module is used for receiving described establishment conversation request, it is thus achieved that described identity is recognized
Card parameter;
Described access request generation module is used for generating described access request according to described authentication parameter, and
Described access request is sent to described re-authentication gateway.
The combined identity certification system of power distribution communication wireless private network the most according to claim 6, its feature
Being, described terminal includes initial parameter acquisition module:
The combined identity certification that described initial parameter acquisition module off-line is downloaded described re-authentication gateway and provided is calculated
Method, obtains described combined identity certification parameter according to described combined identity certification algorithm;
Or described initial parameter acquisition module obtains described by the combined identity certification algorithm being pre-configured with
Fit part parameters for authentication.
The combined identity certification system of power distribution communication wireless private network the most according to claim 8, its feature
Being, described terminal also includes:
Version querying request module, after accessing described power distribution communication wireless private network in described terminal, passes through
The data path set up sends identifying algorithm version querying request to described re-authentication gateway;
Query Result receiver module, is used for receiving described re-authentication gateway and looks into according to described identifying algorithm version
Ask the Query Result of request feedback;
Download module, for judging to find the described combined identity certification of redaction according to described Query Result
During algorithm, from the described combined identity certification algorithm of described re-authentication gateway downloads redaction;
Load feedback module, for loading the described combined identity certification algorithm of redaction, and to described secondary
Authentication gateway sends version updating information;Described re-authentication gateway according to described version updating information record with
The version information of the combined identity certification algorithm that described terminal is corresponding.
The combined identity certification system of power distribution communication wireless private network the most according to claim 9, it is special
Levying and be, described re-authentication gateway includes:
Algorithm determines module, for according to the combined identity certification algorithm corresponding with described terminal recorded
Version information determine the combined identity certification algorithm that described terminal is currently used;
Authentication module, for the associating currently used according to described combined identity certification parameter and described terminal
Authentication algorithm carries out re-authentication to described terminal;
Checking module, for when authentification failure, the described combined identity certification of check whether there is redaction is calculated
Method is issued;The most described authentication module uses the described combined identity certification algorithm of redaction and described
Combined identity certification parameter carries out re-authentication to described terminal;
Information updating module, for when certification is passed through, updates the identity federation corresponding with described terminal and recognizes
The version information of card algorithm.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610408013.1A CN105873059A (en) | 2016-06-08 | 2016-06-08 | United identity authentication method and system for power distribution communication wireless private network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610408013.1A CN105873059A (en) | 2016-06-08 | 2016-06-08 | United identity authentication method and system for power distribution communication wireless private network |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105873059A true CN105873059A (en) | 2016-08-17 |
Family
ID=56649259
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610408013.1A Pending CN105873059A (en) | 2016-06-08 | 2016-06-08 | United identity authentication method and system for power distribution communication wireless private network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105873059A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107124715A (en) * | 2017-05-04 | 2017-09-01 | 国网江苏省电力公司电力科学研究院 | A kind of security protection performance assessment method suitable for electric power wireless private network terminal |
CN113079215A (en) * | 2021-04-08 | 2021-07-06 | 华北电力大学(保定) | Block chain-based wireless security access method for power distribution Internet of things |
CN114143788A (en) * | 2021-12-10 | 2022-03-04 | 广州热点软件科技股份有限公司 | Method and system for realizing authentication control of 5G private network based on MSISDN |
US11477242B2 (en) | 2017-07-20 | 2022-10-18 | Huawei International Pte. Ltd. | Network security management method, and apparatus |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101841814A (en) * | 2010-04-06 | 2010-09-22 | 中兴通讯股份有限公司 | Terminal authentication method and system |
CN102036236A (en) * | 2010-10-29 | 2011-04-27 | 深圳市爱贝信息技术有限公司 | Method and device for authenticating mobile terminal |
CN102083066A (en) * | 2009-11-26 | 2011-06-01 | 中兴通讯股份有限公司 | Unified safety authentication method and system |
CN104185178A (en) * | 2013-05-22 | 2014-12-03 | 中国人民解放军总参谋部第六十一研究所 | Method and device for authentication of mobile terminal |
CN104869121A (en) * | 2015-05-26 | 2015-08-26 | 杭州华三通信技术有限公司 | 802.1x-based authentication method and device |
-
2016
- 2016-06-08 CN CN201610408013.1A patent/CN105873059A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102083066A (en) * | 2009-11-26 | 2011-06-01 | 中兴通讯股份有限公司 | Unified safety authentication method and system |
CN101841814A (en) * | 2010-04-06 | 2010-09-22 | 中兴通讯股份有限公司 | Terminal authentication method and system |
CN102036236A (en) * | 2010-10-29 | 2011-04-27 | 深圳市爱贝信息技术有限公司 | Method and device for authenticating mobile terminal |
CN104185178A (en) * | 2013-05-22 | 2014-12-03 | 中国人民解放军总参谋部第六十一研究所 | Method and device for authentication of mobile terminal |
CN104869121A (en) * | 2015-05-26 | 2015-08-26 | 杭州华三通信技术有限公司 | 802.1x-based authentication method and device |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107124715A (en) * | 2017-05-04 | 2017-09-01 | 国网江苏省电力公司电力科学研究院 | A kind of security protection performance assessment method suitable for electric power wireless private network terminal |
CN107124715B (en) * | 2017-05-04 | 2020-04-21 | 国网江苏省电力公司电力科学研究院 | Safety protection performance evaluation method suitable for electric power wireless private network terminal |
US11477242B2 (en) | 2017-07-20 | 2022-10-18 | Huawei International Pte. Ltd. | Network security management method, and apparatus |
US11895157B2 (en) | 2017-07-20 | 2024-02-06 | Huawei International Pte. Ltd. | Network security management method, and apparatus |
CN113079215A (en) * | 2021-04-08 | 2021-07-06 | 华北电力大学(保定) | Block chain-based wireless security access method for power distribution Internet of things |
CN113079215B (en) * | 2021-04-08 | 2022-10-28 | 华北电力大学(保定) | Block chain-based wireless security access method for power distribution Internet of things |
CN114143788A (en) * | 2021-12-10 | 2022-03-04 | 广州热点软件科技股份有限公司 | Method and system for realizing authentication control of 5G private network based on MSISDN |
CN114143788B (en) * | 2021-12-10 | 2024-05-31 | 广州热点软件科技股份有限公司 | Method and system for realizing authentication control of 5G private network based on MSISDN |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10003965B2 (en) | Subscriber profile transfer method, subscriber profile transfer system, and user equipment | |
KR101485230B1 (en) | Secure multi-uim authentication and key exchange | |
KR101315670B1 (en) | Method for smart phone registration when accessing security authentication device and method for access authentication of registered smart phone | |
CN108880813B (en) | Method and device for realizing attachment process | |
EP2296392A1 (en) | Authentication method, re-certification method and communication device | |
CN102318386A (en) | Service-based authentication to a network | |
US20230328524A1 (en) | Non-3gpp device access to core network | |
CN110278084B (en) | eID establishing method, related device and system | |
US20240171982A1 (en) | Non-3gpp device acess to core network | |
US20160044505A1 (en) | Method to establish a secure voice communication using generic bootstrapping architecture | |
CN107612949B (en) | Wireless intelligent terminal access authentication method and system based on radio frequency fingerprint | |
EP3525503A1 (en) | Registering or authenticating user equipment to a visited public land mobile network | |
CN105873059A (en) | United identity authentication method and system for power distribution communication wireless private network | |
CN114765534A (en) | Private key distribution system based on national password identification cryptographic algorithm | |
CN106657045A (en) | Multi-network integrated security and authentication method and system | |
CN112235799B (en) | Network access authentication method and system for terminal equipment | |
CN101877852B (en) | User access control method and system | |
CN205693897U (en) | The secondary identity authorization system of LTE electric power wireless private network | |
CN106789013A (en) | Mutual trust and encipher-decipher method and device between a kind of door lock encryption chip and SDK | |
WO2012068801A1 (en) | Authentication method for mobile terminal and mobile terminal | |
CN113316141B (en) | Wireless network access method, sharing server and wireless access point | |
RU2779029C1 (en) | Access of a non-3gpp compliant apparatus to the core network | |
CN106790079A (en) | A kind of identity identifying method and its device of secure communication of network method | |
CN104053153A (en) | Wireless Mesh network access authentication method and system | |
CN116530119A (en) | Method, device and system for protecting serial numbers in wireless network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160817 |