CN110602024A - Secondary authentication method and system for user terminal, access and mobility management device - Google Patents
Secondary authentication method and system for user terminal, access and mobility management device Download PDFInfo
- Publication number
- CN110602024A CN110602024A CN201810605618.9A CN201810605618A CN110602024A CN 110602024 A CN110602024 A CN 110602024A CN 201810605618 A CN201810605618 A CN 201810605618A CN 110602024 A CN110602024 A CN 110602024A
- Authority
- CN
- China
- Prior art keywords
- user terminal
- authentication
- user
- data network
- party data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
Abstract
The invention discloses a user terminal secondary authentication method and system, and an access and mobility management device. The secondary authentication method of the user terminal comprises the following steps: and under the condition that the user terminal is registered in the 5G network, after the authentication of the user terminal is completed by the 5G network, the third-party data network server is informed to carry out authentication and authorization on the user terminal. The invention can inform the third party platform to carry out authentication in advance when the 5G terminal registers the network, and does not need to wait until the PDU is established when the service is initiated, thereby avoiding the waste of 5G network resources, finding the problem as soon as possible, ensuring the safety of the third party platform and improving the service experience.
Description
Technical Field
The invention relates to the field of mobile communication, in particular to a secondary authentication method and a secondary authentication system for a user terminal, and an access and mobility management device.
Background
The obvious difference between 5G and 4G is that the integration with the vertical industry is deeper, along with the deep cooperation of China telecommunication and national power grid, the development of power grid application based on the 5G network will present the trend of automation and intellectualization, and more unattended automatic information acquisition terminals will be provided.
Therefore, how to manage the third-party terminal and improve the safety and experience of the third-party terminal becomes a key.
Disclosure of Invention
The applicant found that: the 5G secondary authentication has a problem.
According to the definition of the current 3GPP standard, in order to further improve security, a procedure is added to 5G, which is specifically as follows:
1. when a user initiates a PDU (Protocol Data Unit) establishment request, a third-party DN (Data network) -AAA (Authentication, Authorization, Accounting) server is adopted to authenticate and authorize the PDU establishment request of the user.
2. However, for some special terminals (such as a power grid slicing terminal), only one PDU is accessed, and if PDU authentication and authorization fails, the terminal is always in a 5G registration state before the PDU authentication and authorization fails, so that not only is 5G network resources wasted, but also problems cannot be found in time, and services cannot be normally used.
In view of the above technical problems, the present invention provides a method and a system for secondary authentication of a user equipment, and an access and mobility management apparatus, which can avoid that the terminal still occupies network resources all the time when PDU authentication fails.
According to one aspect of the present invention, there is provided a secondary authentication method for a user terminal, including:
and under the condition that the user terminal is registered in the 5G network, after the authentication of the user terminal is completed by the 5G network, the third-party data network server is informed to carry out authentication and authorization on the user terminal.
In some embodiments of the present invention, after the 5G network completes authentication of the user terminal, the method for authenticating the user terminal secondarily further includes:
judging whether a user corresponding to the user terminal is a predetermined third-party data network user or not;
and under the condition that the user corresponding to the user terminal is a preset third-party data network user, executing the step of informing the third-party data network server to carry out authentication and authentication on the user terminal.
In some embodiments of the present invention, the method for secondary authentication of a user terminal further includes:
and configuring the third-party data network server information in advance.
In some embodiments of the present invention, the determining whether the user corresponding to the user terminal is a predetermined third-party data network user includes:
and judging whether the user corresponding to the user terminal is a predetermined third-party data network user or not based on at least one of the user subscription data, the data acquired from the network service presentation device and the local configuration data.
In some embodiments of the present invention, the method for secondary authentication of a user terminal further includes:
under the condition that the authentication of the third-party data network server to the user terminal is successful, the authentication is not required to be carried out again when the service is established subsequently;
and under the condition that the authentication of the third-party data network server to the user terminal fails, removing the 5G network from the user terminal, and issuing a removal reason.
In some embodiments of the present invention, the notifying the third party data network server to authenticate the user terminal includes:
the access and mobility management device informs the third party data network server to authenticate the user terminal.
In some embodiments of the present invention, the notifying the third party data network server to authenticate the user terminal includes:
the access and mobility management device informs the third-party data network server to authenticate the user terminal through the network service presentation device.
According to another aspect of the present invention, there is provided an access and mobility management apparatus comprising:
and the secondary authentication triggering module is used for informing the third-party data network server to carry out authentication and authorization on the user terminal after the 5G network finishes authentication and authorization on the user terminal under the condition that the user terminal is registered in the 5G network.
In some embodiments of the present invention, the access and mobility management apparatus is configured to perform an operation for implementing the secondary authentication method for a user equipment as described in any of the above embodiments.
According to another aspect of the present invention, there is provided an access and mobility management apparatus comprising:
a memory to store instructions;
a processor, configured to execute the instructions, so that the apparatus performs an operation to implement the secondary authentication method of the user terminal according to any of the above embodiments.
According to another aspect of the present invention, there is provided a computer readable storage medium storing computer instructions which, when executed by a processor, implement the secondary authentication method of a user terminal according to any one of the above embodiments.
According to another aspect of the present invention, there is provided a secondary authentication system for a user terminal, comprising a third party data network server, and an access and mobility management apparatus as described in any of the above embodiments.
The invention can inform the third party platform to carry out authentication in advance when the 5G terminal registers the network, and does not need to wait until the PDU is established when the service is initiated, thereby avoiding the waste of 5G network resources, finding the problem as soon as possible, ensuring the safety of the third party platform and improving the service experience.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic diagram of some embodiments of a secondary authentication method for a user terminal according to the present invention.
Fig. 2 is a schematic diagram of another embodiment of a secondary authentication method of a user terminal according to the present invention.
Fig. 3 is a schematic diagram of some embodiments of an access and mobility management apparatus of the present invention.
Fig. 4 is a schematic diagram of an access and mobility management apparatus according to another embodiment of the present invention.
Fig. 5 is a schematic diagram of access and mobility management apparatus according to further embodiments of the present invention.
Fig. 6 is a schematic diagram of some embodiments of a secondary authentication system of a user terminal according to the invention.
Fig. 7 is a schematic diagram of another embodiment of a secondary authentication system of a user terminal according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The relative arrangement of the components and steps, the numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
The applicant found that: in a related technical solution, a user terminal authentication method includes:
firstly, under the conditions of 5G terminal startup, AMF (Access and Mobility Management Function) replacement, periodicity and the like, 5G network registration is carried out, and 5G network authentication and authentication are completed.
Secondly, under the condition that a third party application of the 5G terminal is started or a third party platform issues a message to the 5G terminal, the 5G network triggers the establishment of the PDU of the corresponding application and starts the authentication and authentication of the corresponding PDU (one by one).
The applicant found that: for some special terminals (such as a power grid slicing terminal), only one PDU is accessed, and if PDU authentication and authorization fails, the user terminal is always in a 5G registration state before the PDU authentication and authorization fails, so that 5G network resources are wasted, problems cannot be found in time, and services cannot be normally used.
Based on this, the invention provides a secondary authentication method and system for a user terminal, which can directly start to perform third party DN authentication after the authentication of the terminal by the network is completed when the user terminal is registered in a 5G network, and the following description is provided by a specific embodiment.
Fig. 1 is a schematic diagram of some embodiments of a secondary authentication method for a user terminal according to the present invention. Preferably, this embodiment may be performed by the access and mobility management apparatus of the present invention. The method comprises the following steps:
and step 10, under the condition that the user terminal is registered in the 5G network, after the 5G network finishes authentication of the user terminal, notifying a third-party data network server to carry out authentication and authorization on the user terminal, wherein the user terminal can be a 5G terminal.
The user terminal secondary authentication method provided by the embodiment of the invention is a secondary authentication method for accessing a 5G terminal to a third-party network, and when the user terminal is registered in the 5G network, after the authentication and authorization of the 5G network on the user terminal are completed, the third-party DN authentication and authorization are directly started, so that the terminal can be prevented from always occupying network resources when the PDU authentication fails, and meanwhile, the problem can be found as early as possible, so that the service experience is improved.
Fig. 2 is a schematic diagram of another embodiment of a secondary authentication method of a user terminal according to the present invention. Preferably, this embodiment may be performed by the access and mobility management apparatus of the present invention. The method comprises the following steps:
step 20, pre-configuring the third party data network server information on the access and mobility management device AMF.
And step 21, performing 5G network registration to complete 5G network authentication and authentication under the conditions of starting up the 5G terminal, replacing the AMF or periodically and the like.
And step 22, judging whether the user corresponding to the user terminal is a predetermined third-party data network user. Executing step 24 under the condition that the user corresponding to the user terminal is a predetermined third-party data network user; otherwise, in case that the user corresponding to the user terminal is not the predetermined third party data network user, step 23 is executed.
In some embodiments of the present invention, step 22 may specifically include: and judging whether the user corresponding to the user terminal is a predetermined third-party data network user or not based on at least one of the user subscription data, the data acquired from the network service presentation device NEF and the local configuration data.
In some embodiments of the invention, the predetermined third party data network user may be an important third party platform business user or a friendly partner user.
Step 23, the network side and the 5G terminal continue to interact to complete the subsequent standard flow; after which no further steps of the present embodiment are performed.
In some embodiments of the present invention, step 23 may specifically include: under the condition that a third-party application of the 5G terminal is started or a third-party platform issues a message to the 5G terminal, the 5G network triggers the establishment of the PDU of the corresponding application and starts the authentication and the authentication of the corresponding PDU (one by one).
And step 24, informing the third-party data network server to carry out authentication and authorization on the user terminal.
In some embodiments of the present invention, the step 24 may comprise: the access and mobility management means inform the third party data network server (DN-AAA server) to authenticate the user terminal.
In other embodiments of the present invention, the step 24 may include: the access and mobility management device informs a third party data network server (DN-AAA server) to carry out authentication and authentication on the user terminal through the network service presentation device.
And step 25, under the condition that the authentication of the third-party data network server to the user terminal is successful, when the service is established subsequently, the authentication does not need to be carried out again.
Step 26, feeding back the definite information of 'illegal' and the like of the user terminal under the condition that the authentication and the certification of the third-party data network server to the user terminal are failed; and removing the 5G network from the user terminal and issuing a removal reason.
Compared with the technical scheme of the 3GPP standard, the embodiment of the invention can avoid the waste of 5G network resources under the condition of realizing the same authentication function, thereby improving the safety of a third-party platform and improving the user service experience.
The hardware aspect of the embodiment of the invention is not changed, only software configuration is needed, the AMF configures the information of the important third-party server in advance, and the AMF judges whether the user is an important third-party platform user, so that the third-party platform can be registered when the user terminal registers the 5G network.
The 5G is applied to a plurality of vertical industries and can perform authentication facing DN-AAA for the second time for an important third-party platform or a friendly partner in advance, thereby avoiding unnecessary resource waste, improving the platform safety and improving the service experience.
Fig. 3 is a schematic diagram of some embodiments of an access and mobility management apparatus of the present invention. As shown in fig. 3, the access and mobility management apparatus may include a secondary authentication triggering module 31, wherein:
and the secondary authentication triggering module 31 is configured to, under the condition that the user terminal is registered in the 5G network, notify the third-party data network server to perform authentication on the user terminal after the 5G network completes authentication on the user terminal.
The access and mobility management device provided by the embodiment of the invention can be used for secondary authentication of accessing the 5G terminal to the third-party network, and directly starts to carry out the third-party DN authentication after the authentication and authorization of the 5G network to the user terminal is completed when the user terminal is registered in the 5G network, so that the terminal can be prevented from always occupying network resources when the PDU authentication fails, and meanwhile, the problem can be found as early as possible, so that the service experience is improved.
In some embodiments of the present invention, the access and mobility management apparatus is configured to perform an operation for implementing the secondary authentication method of the user equipment according to any of the embodiments (for example, the embodiments in fig. 1 or fig. 2) described above.
Fig. 4 is a schematic diagram of an access and mobility management apparatus according to another embodiment of the present invention. Compared with the embodiment of fig. 3, in the embodiment of fig. 4, the access and mobility management apparatus may further include a third-party data configuration module 32, a subscriber identity module 33, a secondary authentication trigger module 31, a standard flow module 34, and a feedback module 35, where:
and the third-party data configuration module 32 is used for configuring the third-party data network server information in advance.
And the subscriber identification module 33 is configured to perform 5G network registration under the conditions that the 5G terminal is powered on, the AMF is replaced, or the like is periodic, and determine whether a subscriber corresponding to the subscriber terminal is a predetermined third-party data network subscriber after 5G network authentication of the subscriber terminal is completed.
And the secondary authentication triggering module 31 is configured to notify the third-party data network server to perform authentication on the user terminal when the user corresponding to the user terminal is a predetermined third-party data network user.
And the standard flow module 34 is configured to trigger the network side to continue interacting with the 5G terminal to complete a subsequent standard flow when the user corresponding to the user terminal is not the predetermined third-party data network user.
The feedback module 35 is configured to perform authentication again when a subsequent service is established under the condition that the authentication of the third-party data network server for the user terminal is successful; and under the condition that the authentication and the certification of the third-party data network server to the user terminal are failed, feeding back definite information such as 'illegal' of the user terminal; and removing the 5G network from the user terminal and issuing a removal reason.
Aiming at the problems that the current 5G terminal does not need to occupy 5G network resources because the authentication mechanism of a third party platform is carried out only when a third party PDU is established, the safety of the third party platform is reduced, and the service user plane time delay is increased, the embodiment of the invention provides a technical scheme that the authentication flow from the terminal to the third party platform is synchronously carried out when the 5G terminal carries out 5G network registration, so that the 5G network resources are not occupied before authentication is failed; meanwhile, problems can be found as early as possible, and the safety of a third-party platform is improved; meanwhile, the service delay can be reduced, and the service experience is improved.
Fig. 5 is a schematic diagram of access and mobility management apparatus according to further embodiments of the present invention. As shown in fig. 5, the access and mobility management means may comprise a memory 51 and a processor 52, wherein:
a memory 51 for storing instructions.
A processor 52, configured to execute the instructions, so that the apparatus performs an operation to implement the secondary authentication method of the user terminal according to any of the embodiments described above (for example, the embodiment of fig. 1 or fig. 2).
Compared with the technical scheme of the 3GPP standard, the embodiment of the invention can avoid the waste of 5G network resources under the condition of realizing the same authentication function, thereby improving the safety of a third-party platform and improving the user service experience.
The hardware aspect of the embodiment of the invention is not changed, only software configuration is needed, the AMF configures the information of the important third-party server in advance, and the AMF judges whether the user is an important third-party platform user, so that the third-party platform can be registered when the user terminal registers the 5G network.
The 5G is applied to a plurality of vertical industries and can perform authentication facing DN-AAA for the second time for an important third-party platform or a friendly partner in advance, thereby avoiding unnecessary resource waste, improving the platform safety and improving the service experience.
According to another aspect of the present invention, there is provided a computer-readable storage medium storing computer instructions, which when executed by a processor, implement the secondary authentication method of the user terminal according to any one of the embodiments (for example, the embodiments of fig. 1 or fig. 2) above.
Based on the computer-readable storage medium provided by the above embodiment of the present invention, when the user terminal is registered in the 5G network, after the authentication of the 5G network for the user terminal is completed, the third party DN authentication is directly started, so that it is possible to avoid that the terminal still occupies network resources all the time when the PDU authentication fails, and meanwhile, problems can be found as early as possible, so as to improve service experience.
Fig. 6 is a schematic diagram of some embodiments of a secondary authentication system of a user terminal according to the invention. As shown in fig. 6, the user terminal secondary authentication system may include a user terminal 61, a third party data network server 62, and an AMF (access and mobility management apparatus) 63, wherein:
and the access and mobility management device 63 is configured to, when the user terminal is registered in the 5G network, notify the third-party data network server to perform authentication and authorization on the user terminal after the 5G network completes authentication and authorization on the user terminal, where the user terminal may be a 5G terminal.
In some embodiments of the present invention, the access and mobility management means 63 may be an access and mobility management means as described in any of the embodiments above (e.g. any of the embodiments of fig. 3-5).
The user terminal secondary authentication system provided by the embodiment of the invention is a secondary authentication system for accessing a 5G terminal to a third-party network, and when the user terminal is registered in the 5G network, the authentication and authorization of the 5G network on the user terminal are completed, and then the third-party DN authentication and authorization are directly started, so that the situation that the terminal still occupies network resources all the time when the PDU authentication fails can be avoided, and meanwhile, the problem can be found as early as possible, and the service experience is improved.
Fig. 7 is a schematic diagram of another embodiment of a secondary authentication system of a user terminal according to the present invention. Compared with the embodiment of fig. 6, in the embodiment of fig. 7, the User terminal secondary Authentication system may further include an AUSF (Authentication server Function) 64, a NEF (Network service presentation Function) 65, an SMF (Session Management Function) 66, and an UPF (User plane Function) 67.
Fig. 7 is a schematic diagram of further embodiments of the user terminal secondary authentication method according to the present invention. As shown in fig. 7, the secondary authentication method for a user terminal may include:
step 71, configuring third party platform information and performing standard 5G network authentication.
In some embodiments of the present invention, as shown in fig. 7, step 71 may specifically include:
step 711, pre-configures the third party platform information of the 5G user on AMF63, for example: and configuring the third-party data network server information.
Step 712, when the 5G terminal 61 is powered on, AMF is replaced, or the like is periodic, the 5G terminal 61 sends a registration request to the AUSF64, where the registration request may include a registration type and a client Identifier, and the client Identifier may be at least one of SUPI (Subscriber Permanent Identifier), SUPI (Subscriber concealed Identifier), 5G-GUTI (global uniform temporal UE Identity), and the like.
In step 713, the AUSF64 and the 5G terminal 61 only perform the standard 5G network authentication and authentication procedure, where the AMF receives the subscription data of the user.
And 72, judging whether the terminal is a third-party data network user or not, and carrying out authentication on the 5G terminal by the third-party platform in advance.
In some embodiments of the present invention, as shown in fig. 7, step 72 may specifically include:
in step 721, it is determined whether the user corresponding to the ue is a predetermined third party data network user. If the user corresponding to the user terminal is a predetermined third-party data network user, performing step 722; otherwise, in case that the user corresponding to the user terminal is not the predetermined third party data network user, step 73 is executed.
In some embodiments of the present invention, step 721 may specifically include: and judging whether the user corresponding to the user terminal is a predetermined third-party data network user or not based on at least one of the user subscription data, the data acquired from the network service presentation device NEF and the local configuration data.
In some embodiments of the invention, the predetermined third party data network user may be an important third party platform business user or a friendly partner user.
And step 722, performing authentication and verification of the third-party platform on the 5G terminal in advance.
In some embodiments of the present invention, as shown in fig. 7, the step 722 may include:
step 7221, AMF63 directly informs the third party data network server (DN-AAA server) 62 that the user (5G terminal) is online; alternatively, AMF63 notifies DN-AAA server 62 that the user is online via NEF 65.
In step 7222, DN-AAA server 62 issues an authentication request to AMF63 or NEF65, along with associated information.
Step 7223, AMF63 or NEF65 forwards the authentication request to 5G terminal 61.
Step 7224, the 5G terminal 61 performs an authentication response.
In some embodiments of the present invention, when the authentication of the third-party data network server to the user terminal is successful, the authentication does not need to be performed again when the service is subsequently established.
In other embodiments of the present invention, when the authentication and authorization of the third-party data network server to the user terminal fails, explicit information such as "illegal" of the user terminal is fed back; and removing the 5G network from the user terminal and issuing a removal reason.
And 73, the network side and the 5G terminal continue to interact to complete the subsequent standard flow.
In some embodiments of the present invention, as shown in fig. 7, step 73 may specifically include:
in step 731, the 5G terminal 61 sends a PDU session setup request to the AMF 63.
At step 732, the AMF63 forwards the PDU session establishment request to the SMF66 so that the SMF66 forwards the PDU session establishment request to the third party DN-AAA server 62.
In step 733, the 5G terminal 61 performs standard secondary authentication (EAP authentication) with the quality control of the third party DN-AAA server 62.
Aiming at the problems that the current 5G terminal does not need to occupy 5G network resources because the authentication mechanism of a third party platform is carried out only when a third party PDU is established, the safety of the third party platform is reduced, and the service user plane time delay is increased, the embodiment of the invention provides a technical scheme that the authentication flow from the terminal to the third party platform is synchronously carried out when the 5G terminal carries out 5G network registration, so that the 5G network resources are not occupied before authentication is failed; meanwhile, problems can be found as early as possible, and the safety of a third-party platform is improved; meanwhile, the service delay can be reduced, and the service experience is improved.
The access and mobility management means described above may be implemented as a general purpose processor, a Programmable Logic Controller (PLC), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any suitable combination thereof, for performing the functions described herein.
Thus far, the present invention has been described in detail. Some details well known in the art have not been described in order to avoid obscuring the concepts of the present invention. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The description of the present invention has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the invention in the form disclosed. Many modifications and variations will be apparent to practitioners skilled in this art. The embodiment was chosen and described in order to best explain the principles of the invention and the practical application, and to enable others of ordinary skill in the art to understand the invention for various embodiments with various modifications as are suited to the particular use contemplated.
Claims (11)
1. A secondary authentication method for a user terminal is characterized by comprising the following steps:
and under the condition that the user terminal is registered in the 5G network, after the authentication of the user terminal is completed by the 5G network, the third-party data network server is informed to carry out authentication and authorization on the user terminal.
2. The method of claim 1, wherein after the 5G network completes authentication of the ue, the method further comprises:
judging whether a user corresponding to the user terminal is a predetermined third-party data network user or not;
and under the condition that the user corresponding to the user terminal is a preset third-party data network user, executing the step of informing the third-party data network server to carry out authentication and authentication on the user terminal.
3. The secondary authentication method of the user terminal according to claim 1 or 2, further comprising:
and configuring the third-party data network server information in advance.
4. The method according to claim 3, wherein the determining whether the user corresponding to the user terminal is a predetermined third-party data network user comprises:
and judging whether the user corresponding to the user terminal is a predetermined third-party data network user or not based on at least one of the user subscription data, the data acquired from the network service presentation device and the local configuration data.
5. The secondary authentication method of the user terminal according to claim 1 or 2, further comprising:
under the condition that the authentication of the third-party data network server to the user terminal is successful, the authentication is not required to be carried out again when the service is established subsequently;
and under the condition that the authentication of the third-party data network server to the user terminal fails, removing the 5G network from the user terminal, and issuing a removal reason.
6. The secondary authentication method of the user terminal according to claim 1 or 2, wherein the notifying the third party data network server to authenticate the user terminal comprises:
the access and mobility management device informs a third-party data network server to carry out authentication and authorization on the user terminal;
or the like, or, alternatively,
the access and mobility management device informs the third-party data network server to authenticate the user terminal through the network service presentation device.
7. An access and mobility management apparatus, comprising:
and the secondary authentication triggering module is used for informing the third-party data network server to carry out authentication and authorization on the user terminal after the 5G network finishes authentication and authorization on the user terminal under the condition that the user terminal is registered in the 5G network.
8. The access and mobility management device according to claim 7, wherein the access and mobility management device is configured to perform an operation of implementing the user terminal secondary authentication method according to any one of claims 1 to 6.
9. An access and mobility management apparatus, comprising:
a memory to store instructions;
a processor configured to execute the instructions to cause the apparatus to perform operations to implement the user terminal secondary authentication method according to any one of claims 1 to 6.
10. A computer-readable storage medium storing computer instructions which, when executed by a processor, implement the secondary authentication method for a user terminal according to any one of claims 1 to 6.
11. A user terminal secondary authentication system comprising a third party data network server and an access and mobility management arrangement according to any of claims 7-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810605618.9A CN110602024B (en) | 2018-06-13 | 2018-06-13 | Secondary authentication method and system for user terminal, access and mobility management device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810605618.9A CN110602024B (en) | 2018-06-13 | 2018-06-13 | Secondary authentication method and system for user terminal, access and mobility management device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110602024A true CN110602024A (en) | 2019-12-20 |
| CN110602024B CN110602024B (en) | 2021-12-21 |
Family
ID=68849568
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810605618.9A Active CN110602024B (en) | 2018-06-13 | 2018-06-13 | Secondary authentication method and system for user terminal, access and mobility management device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110602024B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111385794A (en) * | 2020-03-19 | 2020-07-07 | 中国电子科技集团公司第三十研究所 | Mobile communication network privacy protection method and system for industry users |
| WO2021244578A1 (en) * | 2020-06-03 | 2021-12-09 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for authentication and authorization |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1610319A (en) * | 2003-10-22 | 2005-04-27 | 华为技术有限公司 | Analytic switch-in processing method for selecting business in radio local area network |
| CN1794676A (en) * | 2005-08-12 | 2006-06-28 | 华为技术有限公司 | Method of user access radio communication network and radio network cut in control device |
| CN1801704A (en) * | 2004-12-31 | 2006-07-12 | 华为技术有限公司 | Method and system for user access core network |
| WO2010102545A1 (en) * | 2009-03-09 | 2010-09-16 | 华为技术有限公司 | Method, device and system for authentication |
| CN103067342A (en) * | 2011-10-20 | 2013-04-24 | 中兴通讯股份有限公司 | Equipment, system and method using extensible authentication protocol (EAP) to carry out external authentication |
| CN107548167A (en) * | 2016-06-29 | 2018-01-05 | 中兴通讯股份有限公司 | Control method, apparatus and system and the gateway of user equipment |
| US20180227871A1 (en) * | 2017-02-06 | 2018-08-09 | Industrial Technology Research Institute | User equipment registration method for network slice selection and network controller and network communication system using the same |
-
2018
- 2018-06-13 CN CN201810605618.9A patent/CN110602024B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1610319A (en) * | 2003-10-22 | 2005-04-27 | 华为技术有限公司 | Analytic switch-in processing method for selecting business in radio local area network |
| CN1801704A (en) * | 2004-12-31 | 2006-07-12 | 华为技术有限公司 | Method and system for user access core network |
| CN1794676A (en) * | 2005-08-12 | 2006-06-28 | 华为技术有限公司 | Method of user access radio communication network and radio network cut in control device |
| WO2010102545A1 (en) * | 2009-03-09 | 2010-09-16 | 华为技术有限公司 | Method, device and system for authentication |
| CN103067342A (en) * | 2011-10-20 | 2013-04-24 | 中兴通讯股份有限公司 | Equipment, system and method using extensible authentication protocol (EAP) to carry out external authentication |
| CN107548167A (en) * | 2016-06-29 | 2018-01-05 | 中兴通讯股份有限公司 | Control method, apparatus and system and the gateway of user equipment |
| US20180227871A1 (en) * | 2017-02-06 | 2018-08-09 | Industrial Technology Research Institute | User equipment registration method for network slice selection and network controller and network communication system using the same |
Non-Patent Citations (2)
| Title |
|---|
| HUAWEI.ET.AL: "TS 23.502: AF influenced PDU session establishment and DN authentication/authorization via NEF", 《3GPP TSG SA WG2 MEETING #122BIS S2-175780 SOPHIA ANTIPOLIS, FRANCE》 * |
| NOKIA: "EAP based secondary authentication by an external data network", 《3GPP TSG SA WG3 (SECURITY) MEETING #86 S3-170405177,NICE,FRANCE》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111385794A (en) * | 2020-03-19 | 2020-07-07 | 中国电子科技集团公司第三十研究所 | Mobile communication network privacy protection method and system for industry users |
| WO2021244578A1 (en) * | 2020-06-03 | 2021-12-09 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for authentication and authorization |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110602024B (en) | 2021-12-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111107543B (en) | Cellular service account transfer and authentication | |
| CN112566051B (en) | Method and apparatus for efficiently transferring multiple cellular ticket services | |
| CN112566050B (en) | Cellular service account transfer for an accessory wireless device | |
| JP5584354B2 (en) | Method and system for controlling a machine-type communication device for accessing a network | |
| CN106028331B (en) | Method and equipment for identifying pseudo base station | |
| WO2018000834A1 (en) | Wifi hotspot information modification method and device | |
| US9590987B2 (en) | Dynamic distribution of authentication sessions | |
| US9930556B2 (en) | Method for detecting coverage of target network, and apparatus | |
| CN111132305B (en) | Method for 5G user terminal to access 5G network, user terminal equipment and medium | |
| US11012852B2 (en) | Cellular service account transfer error recovery mechanisms | |
| CN106060034A (en) | Account login method and device | |
| CN113825121A (en) | Delaying delivery of eSIM to an auxiliary mobile wireless device subscribing to cellular wireless service | |
| CN110602024B (en) | Secondary authentication method and system for user terminal, access and mobility management device | |
| EP3648512A1 (en) | Method for processing session in wireless communication, and terminal device | |
| CN113841429B (en) | Communication network component and method for initiating slice specific authentication and authorization | |
| US9883402B2 (en) | Method, terminal and server for processing information, and communication method and system | |
| CN107548054B (en) | Master-slave equipment switching method of eSIM card, slave equipment and eSIM card management server | |
| CN107770035B (en) | Method and device for pushing offline notification | |
| CN111093196B (en) | Method for 5G user terminal to access 5G network, user terminal equipment and medium | |
| WO2022016519A1 (en) | Remote profile management method based on uicc | |
| EP3316608B1 (en) | A communication network and a method for establishing non-access stratum connections in a communication network | |
| CN110719607B (en) | Network congestion indication method, device and equipment | |
| CN114615665A (en) | Terminal authentication method, device and storage medium | |
| US8615269B2 (en) | Managing method and device for configuring base stations | |
| CN106658349B (en) | Method and system for automatically generating and updating shared secret key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |