CN111132166A - 5G communication dual-channel access method, equipment and storage medium - Google Patents

5G communication dual-channel access method, equipment and storage medium Download PDF

Info

Publication number
CN111132166A
CN111132166A CN201911401800.3A CN201911401800A CN111132166A CN 111132166 A CN111132166 A CN 111132166A CN 201911401800 A CN201911401800 A CN 201911401800A CN 111132166 A CN111132166 A CN 111132166A
Authority
CN
China
Prior art keywords
channel
registration server
temporary identity
information
identity registration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911401800.3A
Other languages
Chinese (zh)
Inventor
董惠勤
任雪峰
路成业
王凌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Iallchain Information Technology Co ltd
Original Assignee
Jiangsu Iallchain Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Iallchain Information Technology Co ltd filed Critical Jiangsu Iallchain Information Technology Co ltd
Priority to CN201911401800.3A priority Critical patent/CN111132166A/en
Publication of CN111132166A publication Critical patent/CN111132166A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/15Setup of multiple wireless link connections

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention provides a 5G communication dual-channel access method, equipment and a storage medium. In the embodiment of the present invention, the 5G terminal device sends the first information to the temporary identity registration server through any one of the first channel and the second channel, and the temporary identity registration server sends the second information to the 5G terminal device through another one of the first channel and the second channel except for any one of the first channel and the second channel, so that a key obtained by the 5G terminal device according to the first random number generated by the 5G terminal device and the second information is the same as a key obtained by the temporary identity registration server according to the second random number generated by the temporary identity registration server and the first information, and the 5G terminal device and the temporary identity registration server can perform secure communication by using the same key. Since an attacker can only hijack the data in one channel at the same time and cannot hijack the data in the two channels, the secret key can be prevented from being leaked, and the safety of the 5G terminal equipment is improved.

Description

5G communication dual-channel access method, equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a 5G communication dual-channel access method, equipment and a storage medium.
Background
In the current 5G network, if a terminal device needs to access the 5G network, a user of the terminal device needs to go to a business office to handle a Subscriber Identity Module (SIM). The terminal equipment can perform bidirectional authentication with the 5G network equipment through the SIM card.
Therefore, if the 5G terminal device does not have the SIM card, the 5G terminal device cannot perform bidirectional authentication with the 5G network device. Therefore, the 5G terminal equipment without the SIM card is easily attacked by the pseudo base station, and certain potential safety hazard is brought to the 5G terminal equipment.
Disclosure of Invention
The embodiment of the invention provides a 5G communication dual-channel access method, equipment and a storage medium, which are used for preventing 5G terminal equipment without an SIM card from being attacked by a pseudo base station and improving the safety of the 5G terminal equipment.
In a first aspect, an embodiment of the present invention provides a 5G communication dual-channel access method, including:
the 5G terminal equipment and the temporary identity registration server negotiate a public parameter and an original root of the public parameter through a first channel or a second channel;
the 5G terminal equipment generates a first random number;
the 5G terminal device sends first information to the temporary identity registration server through any one of the first channel and the second channel, wherein the first information is a value obtained by taking a modulus of a first result with the original root as a base number and the first random number as an index;
the 5G terminal device receives, through another channel other than the any one channel of the first channel and the second channel, second information sent by the temporary identity registration server, where the second information is a value obtained by taking a modulus of the public parameter with a second result in which the original root is a base number and a second random number generated by the temporary identity registration server is an index;
and the 5G terminal equipment calculates a first key according to the first random number and the second information, wherein the first key is a value obtained by taking the second information as a base number and taking a third result with the first random number as an exponent to perform modulus on the public parameter.
In a second aspect, an embodiment of the present invention provides a 5G communication dual-channel access method, including:
the temporary identity registration server and the 5G terminal equipment negotiate a public parameter and an original root of the public parameter through a first channel or a second channel;
the temporary identity registration server generates a second random number;
the temporary identity registration server sends a second message to the 5G terminal device through any one of the first channel and the second channel, wherein the second message is a value obtained by taking a second result with the original root as a base number and a second random number generated by the temporary identity registration server as an index and taking a modulus of the public parameter;
the temporary identity registration server receives first information sent by the 5G terminal device through another channel except the any one channel in the first channel and the second channel, wherein the first information is a value obtained by taking a modulus of a first result with the original root as a base number and the first random number as an index to the public parameter;
and the temporary identity registration server calculates a second key by using the second random number and the first information, wherein the second key is a value obtained by taking the first information as a base number and taking a fourth result of which the second random number is an exponent as a modulus to the public parameter.
In a third aspect, an embodiment of the present invention provides a 5G terminal device, including:
negotiating a public parameter and an original root of the public parameter with a temporary identity registration server through a first channel or a second channel;
generating a first random number;
sending first information to the temporary identity registration server through any one of the first channel and the second channel, wherein the first information is a value obtained by taking a modulus of a first result with the original root as a base number and the first random number as an exponent;
receiving, by another channel other than the arbitrary one channel, of the first channel and the second channel, second information sent by the temporary identity registration server, where the second information is a value obtained by taking a modulus of the public parameter by a second result in which the original root is a base number and a second random number generated by the temporary identity registration server is an exponent;
and calculating a first key according to the first random number and the second information, wherein the first key is a value obtained by taking the second information as a base number and taking a third result with the first random number as an exponent to perform modulo on the public parameter.
In a fourth aspect, an embodiment of the present invention provides a temporary identity registration server, including:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
negotiating a common parameter and an original root of the common parameter with 5G terminal equipment through a first channel or a second channel;
generating a second random number;
sending a second message to the 5G terminal device through any one of the first channel and the second channel, where the second message is a value obtained by taking a modulus of the public parameter with a second result in which the original root is a base number and a second random number generated by the temporary identity registration server is an exponent;
receiving first information sent by the 5G terminal device through another channel except the any one channel in the first channel and the second channel, wherein the first information is a value obtained by taking a modulus of the common parameter by using a first result with the original root as a base number and the first random number as an exponent;
and calculating a second key through the second random number and the first information, wherein the second key is a value obtained by taking the first information as a base number and taking a fourth result with the second random number as an exponent to perform modulus on the public parameter.
In a fifth aspect, the present invention provides a computer-readable storage medium, on which a computer program is stored, the computer program being executed by a processor to implement the method of the first aspect or the second aspect.
The 5G communication dual-channel access method, the device and the storage medium provided by the embodiment of the invention have the advantages that the 5G terminal device and the temporary identity registration server communicate by adopting two channels, so that the 5G terminal device and the temporary identity registration server can mutually authenticate through the two channels, the 5G terminal device sends first information to the temporary identity registration server through any one of the first channel and the second channel, the temporary identity registration server sends second information to the 5G terminal device through the other one of the first channel and the second channel except any one of the first channel and the second channel, so that a key obtained by the 5G terminal device according to the first random number generated by the 5G terminal device and the second information is the same as a key obtained by the temporary identity registration server according to the second random number generated by the temporary identity registration server and the first information, and the 5G terminal device and the temporary identity registration server can carry out safe communication by adopting the same key . Since an attacker can only hijack the data in one channel at the same time and cannot hijack the data in the two channels, the secret key can be prevented from being leaked, 5G terminal equipment without an SIM card can be prevented from being attacked by a pseudo base station, and the safety of the 5G terminal equipment is improved.
Drawings
Fig. 1 is a schematic diagram of a communication system according to an embodiment of the present invention;
fig. 2 is a flowchart of a 5G communication dual-channel access method according to an embodiment of the present invention;
fig. 3 is a flowchart of a dual-channel access method for 5G communication according to another embodiment of the present invention;
fig. 4 is a schematic structural diagram of a 5G terminal device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a temporary identity registration server according to an embodiment of the present invention.
With the foregoing drawings in mind, certain embodiments of the disclosure have been shown and described in more detail below. These drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the concepts of the disclosure to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
The 5G communication dual-channel access method provided by the embodiment of the invention can be applied to the communication system shown in figure 1. As shown in fig. 1, the communication system includes: the mobile terminal includes 5G terminal equipment 11, a 5G new wireless base station 12, a User plane network element Function (UPF) 13, a network element 14, a Unified Data Management (UDM) Function 15, and a temporary identity registration server 16, where the network element 14 may include an Access and mobility Management Function (AMF) and a Session Management Function (SMF). In some embodiments, the AMF and SMF may be deployed in different devices, respectively. The 5G New Radio base station is a New Radio Access Technology (NR) base station (next generation Node B, gNB) of 5G.
It is to be understood that this is by way of illustration only. The temporary identity registration server can be one or a plurality of cloud servers, the cloud servers are a server cluster, a plurality of servers are similar to a universal computer framework, and the cloud servers comprise a processor, a hard disk, a memory, a system bus and the like. The 5G terminal device 11 is, for example, a smart phone, a tablet computer, or the like.
The embodiment of the invention provides a 5G communication dual-channel access method, aiming at solving the technical problems in the prior art.
The following describes the technical solutions of the present invention and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present invention will be described below with reference to the accompanying drawings.
Fig. 2 is a flowchart of a 5G communication dual-channel access method according to an embodiment of the present invention. The embodiment of the invention provides a 5G communication dual-channel access method aiming at the technical problems in the prior art, and the method comprises the following specific steps:
step 201, the 5G terminal device and the temporary identity registration server negotiate a common parameter and an original root of the common parameter through the first channel or the second channel.
Optionally, the 5G terminal device accesses the temporary identity registration server through another network, and establishes a first channel for communicating with the temporary identity registration server.
Optionally, the 5G terminal device establishes a second channel for communicating with the temporary identity registration server through a 5G new wireless base station and a user plane network element function UPF.
In this embodiment of the application, the 5G terminal device may access the temporary identity registration server through two channels, as shown in fig. 1, the first channel may be another network, and the another network may be a WIFI network or an operator network other than a target operator, for example, the 5G terminal device 11 may access the temporary identity registration server 16 through another network, and the corresponding access information may carry the identification information of the 5G terminal device 11.
The 5G terminal device may initiate the baseband module to search for wireless signals, e.g. 5G signals, of the target operator's 5G new wireless base station. As shown in fig. 1, the 5G terminal apparatus 11 can establish a communication connection with the 5G new radio base station 12 in accordance with the 5G signal of the 5G new radio base station 12.
Further, the 5G terminal device 11 transmits authentication information to the 5G new wireless base station 12, and the 5G new wireless base station 12 transmits the authentication information to the AMF. If the AMF determines that the 5G terminal device 11 does not have the SIM card according to the authentication information, the AMF notifies a User Plane network Function (UPF) 13, and forwards a message subsequently sent by the 5G terminal device 11 to the temporary identity registration server 16. Further, the 5G terminal device 11 establishes a second channel for communicating with the temporary identity registration server 16, where the second channel may be a channel formed by the 5G new radio base station 12 and a User Plane Function (UPF) 13, for example, the 5G terminal device 11 may access the temporary identity registration server 16 through the 5G new radio base station 12 and the User Plane Function (UPF) 13, and when the 5G terminal device 11 accesses the temporary identity registration server 16 through the second channel, the corresponding access information may carry the identification information of the 5G terminal device 11.
Optionally, the identification information of the 5G terminal device 11 sent by the 5G terminal device 11 to the temporary identity registration server 16 through the first channel is the same as the identification information of the 5G terminal device 11 sent by the 5G terminal device 11 to the temporary identity registration server 16 through the second channel.
In addition, the 5G terminal device 11 may also install an Application (APP) of a target operator. The APP may have address information for the temporary identity registration server 16 built in. Alternatively, the address information of the temporary identity registration server 16 may be input by the user.
Further, the 5G terminal device 11 and the temporary identity registration server 16 negotiate the public parameter p that can be disclosed and the original root a of the public parameter through the first channel or the second channel.
Step 202, the 5G terminal device generates a first random number.
For example, the 5G terminal device 11 generates the first random number x.
Step 203, the 5G terminal device sends first information to the temporary identity registration server through any one of the first channel and the second channel, where the first information is a value obtained by taking a modulus of the public parameter with a first result in which the original root is a base number and the first random number is an exponent.
Further, the 5G terminal device 11 generates first information, denoted as X, from the first random number X, where X is axMODp, wherein X is a first result a with the original root a as base number and the first random number X as exponentxThe value modulo the common parameter p. Further, the 5G terminal device 11 selects any one of the first channel and the second channel to send the first information X to the temporary identity registration server 16. For example, the 5G terminal device 11 sends the first information X to the temporary identity registration server 16 through a first channel.
Step 204, the 5G terminal device receives, through another channel except the any one channel of the first channel and the second channel, second information sent by the temporary identity registration server, where the second information is a value obtained by taking a modulus of the public parameter with a second result in which the original root is a base number and a second random number generated by the temporary identity registration server is an index.
In addition, the temporary identity registration server 16 may generate a second random number Y, and generate second information according to the second random number Y, where the second information is denoted as Y, and Y is denoted as ayMODp, wherein Y is a second result a with the original root a as base number and the second random number Y as exponentyThe value modulo the common parameter p. Further, the temporary identity registration server 16 transmits the second information Y to the 5G terminal device 11 through a second channel. So that the 5G terminal device 11 can receive the second information Y.
Step 205, the 5G terminal device calculates a first key according to the first random number and the second information, where the first key is a value obtained by taking the second information as a base number and taking a third result with the first random number as an exponent to modulo the common parameter.
The 5G terminal equipment 11 receives the second messageAfter Y is determined, a first key K1 is calculated according to the first random number x and the second information Y, and K1 is equal to YxMODp, K1, denotes a third result Y based on the second information Y and exponential to the first random number xxThe value modulo the common parameter p.
Optionally, the first secret key is the same as a second secret key calculated by the temporary identity registration server, and the second secret key is a value obtained by taking the first information as a base number and taking a fourth result with the second random number as an exponent to modulo the public parameter.
Similarly, the temporary identity registration server 16 may calculate a second key K2, K2 ═ X, according to the first information X and the second random number yyMODp, K2, denotes a fourth result X based on the first information X and exponential to the second random number yyThe value modulo the common parameter p. Wherein the first key K1 is the same as the second key K2.
At this time, the 5G terminal device 11 and the temporary identity registration server 16 respectively obtain the same key, i.e. the first key or the second key. The listener can obtain the first information X and the second information Y, and can not obtain the first random number X and the second random number Y, so that the listener can not obtain the common parameter p. Since the 5G terminal device 11 and the temporary identity registration server 16 employ two channels, the possibility of implementing man-in-the-middle attacks on both channels is very small.
The embodiment of the invention adopts two channels to communicate with the temporary identity registration server through the 5G terminal equipment, the 5G terminal equipment and the temporary identity registration server can carry out mutual authentication through two channels, the 5G terminal equipment sends first information to the temporary identity registration server through any one channel of the first channel and the second channel, the temporary identity registration server sends second information to the 5G terminal equipment through the other channel except any one channel of the first channel and the second channel, the key obtained by the 5G terminal device according to the first random number generated by the terminal device and the second information is the same as the key obtained by the temporary identity registration server according to the second random number generated by the terminal device and the first information, so that the 5G terminal device and the temporary identity registration server can use the same key for secure communication. Since an attacker can only hijack the data in one channel at the same time and cannot hijack the data in the two channels, the secret key can be prevented from being leaked, 5G terminal equipment without an SIM card can be prevented from being attacked by a pseudo base station, and the safety of the 5G terminal equipment is improved.
Fig. 3 is a flowchart of a dual-channel access method for 5G communication according to another embodiment of the present invention. On the basis of the foregoing embodiment, the 5G communication dual-channel access method provided in this embodiment specifically includes the following steps:
step 301, the temporary identity registration server and the 5G terminal device negotiate a common parameter and an original root of the common parameter through the first channel or the second channel.
In this embodiment of the application, the 5G terminal device may access the temporary identity registration server through two channels, as shown in fig. 1, the first channel may be another network, and the another network may be a WIFI network or an operator network other than a target operator, for example, the 5G terminal device 11 may access the temporary identity registration server 16 through another network, and the corresponding access information may carry the identification information of the 5G terminal device 11.
The 5G terminal device may initiate the baseband module to search for wireless signals, e.g. 5G signals, of the target operator's 5G new wireless base station. As shown in fig. 1, the 5G terminal apparatus 11 can establish a communication connection with the 5G new radio base station 12 in accordance with the 5G signal of the 5G new radio base station 12.
Further, the 5G terminal device 11 transmits authentication information to the 5G new wireless base station 12, and the 5G new wireless base station 12 transmits the authentication information to the AMF. If the AMF determines that the 5G terminal device 11 does not have the SIM card according to the authentication information, the AMF notifies a User Plane network Function (UPF) 13, and forwards a message subsequently sent by the 5G terminal device 11 to the temporary identity registration server 16. Further, the 5G terminal device 11 establishes a second channel for communicating with the temporary identity registration server 16, where the second channel may be a channel formed by the 5G new radio base station 12 and a User Plane Function (UPF) 13, for example, the 5G terminal device 11 may access the temporary identity registration server 16 through the 5G new radio base station 12 and the User Plane Function (UPF) 13, and when the 5G terminal device 11 accesses the temporary identity registration server 16 through the second channel, the corresponding access information may carry the identification information of the 5G terminal device 11.
Optionally, the identification information of the 5G terminal device 11 sent by the 5G terminal device 11 to the temporary identity registration server 16 through the first channel is the same as the identification information of the 5G terminal device 11 sent by the 5G terminal device 11 to the temporary identity registration server 16 through the second channel.
In addition, the 5G terminal device 11 may also install an Application (APP) of a target operator. The APP may have address information for the temporary identity registration server 16 built in. Alternatively, the address information of the temporary identity registration server 16 may be input by the user.
Further, the 5G terminal device 11 and the temporary identity registration server 16 negotiate the public parameter p that can be disclosed and the original root a of the public parameter through the first channel or the second channel.
Step 302, the temporary identity registration server generates a second random number.
In addition, the temporary identity registration server 16 may generate a second random number y.
Step 303, the temporary identity registration server sends a second message to the 5G terminal device through any one of the first channel and the second channel, where the second message is a value obtained by taking a modulus of the public parameter with a second result in which the original root is a base number and a second random number generated by the temporary identity registration server is an index.
The temporary identity registration server 16 generates second information according to the second random number Y, where the second information is denoted as Y, and Y is ayMODp, wherein Y is a second result a with the original root a as base number and the second random number Y as exponentyThe value modulo the common parameter p. Further, the temporary identity registration server 16 transmits the second information Y to the 5G terminal device 11 through a second channel. Thereby making 5G finalThe end device 11 may receive the second information Y.
Step 304, the temporary identity registration server receives, through another channel except the any one channel of the first channel and the second channel, first information sent by the 5G terminal device, where the first information is a value obtained by taking a modulus of the public parameter with a first result in which the original root is a base number and the first random number is an exponent.
For example, the 5G terminal device 11 generates the first random number x. Further, the 5G terminal device 11 generates first information, denoted as X, from the first random number X, where X is axMODp, wherein X is a first result a with the original root a as base number and the first random number X as exponentxThe value modulo the common parameter p. Further, the 5G terminal device 11 selects any one of the first channel and the second channel to send the first information X to the temporary identity registration server 16. For example, the 5G terminal device 11 sends the first information X to the temporary identity registration server 16 through a first channel.
Step 305, the temporary identity registration server calculates a second key according to the second random number and the first information, where the second key is a value obtained by taking the first information as a base number and taking a fourth result with the second random number as an exponent to modulo the public parameter.
The 5G terminal device 11 receives the second information Y, and calculates a first key K1, K1 being Y, based on the first random number x and the second information YxMODp, K1, denotes a third result Y based on the second information Y and exponential to the first random number xxThe value modulo the common parameter p.
Similarly, the temporary identity registration server 16 may calculate a second key K2, K2 ═ X, according to the first information X and the second random number yyMODp, K2, denotes a fourth result X based on the first information X and exponential to the second random number yyThe value modulo the common parameter p. Wherein the first key K1 is the same as the second key K2.
At this time, the 5G terminal device 11 and the temporary identity registration server 16 respectively obtain the same key, i.e. the first key or the second key. The listener can obtain the first information X and the second information Y, and can not obtain the first random number X and the second random number Y, so that the listener can not obtain the common parameter p. Since the 5G terminal device 11 and the temporary identity registration server 16 employ two channels, the possibility of implementing man-in-the-middle attacks on both channels is very small.
The embodiment of the invention adopts two channels to communicate with the temporary identity registration server through the 5G terminal equipment, the 5G terminal equipment and the temporary identity registration server can carry out mutual authentication through two channels, the 5G terminal equipment sends first information to the temporary identity registration server through any one channel of the first channel and the second channel, the temporary identity registration server sends second information to the 5G terminal equipment through the other channel except any one channel of the first channel and the second channel, the key obtained by the 5G terminal device according to the first random number generated by the terminal device and the second information is the same as the key obtained by the temporary identity registration server according to the second random number generated by the terminal device and the first information, so that the 5G terminal device and the temporary identity registration server can use the same key for secure communication. Since an attacker can only hijack the data in one channel at the same time and cannot hijack the data in the two channels, the secret key can be prevented from being leaked, 5G terminal equipment without an SIM card can be prevented from being attacked by a pseudo base station, and the safety of the 5G terminal equipment is improved.
Fig. 4 is a schematic structural diagram of a 5G terminal device according to an embodiment of the present invention. The 5G terminal device provided in the embodiment of the present invention may execute the processing procedure provided in the embodiment of the 5G communication dual-channel access method, and as shown in fig. 4, the 5G terminal device 40 includes: memory 41, processor 42, computer programs and communication interface 43; wherein the computer program is stored in the memory 41 and is configured to be executed by the processor 42 for: negotiating a public parameter and an original root of the public parameter with a temporary identity registration server through a first channel or a second channel; generating a first random number; sending first information to the temporary identity registration server through any one of the first channel and the second channel, wherein the first information is a value obtained by taking a modulus of a first result with the original root as a base number and the first random number as an exponent; receiving, by another channel other than the arbitrary one channel, of the first channel and the second channel, second information sent by the temporary identity registration server, where the second information is a value obtained by taking a modulus of the public parameter by a second result in which the original root is a base number and a second random number generated by the temporary identity registration server is an exponent; and calculating a first key according to the first random number and the second information, wherein the first key is a value obtained by taking the second information as a base number and taking a third result with the first random number as an exponent to perform modulo on the public parameter.
Optionally, the first secret key is the same as a second secret key calculated by the temporary identity registration server, and the second secret key is a value obtained by taking the first information as a base number and taking a fourth result with the second random number as an exponent to modulo the public parameter.
Optionally, the processor is further configured to: and accessing the temporary identity registration server through other networks, and establishing a first channel for communicating with the temporary identity registration server.
Optionally, the processor is further configured to: and establishing a second channel for communicating with the temporary identity registration server through the 5G new wireless base station and a user plane network element function UPF.
The 5G terminal device in the embodiment shown in fig. 4 may be configured to execute the technical solution of the method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 5 is a schematic structural diagram of a temporary identity registration server according to an embodiment of the present invention. The temporary identity registration server provided in the embodiment of the present invention may execute the processing procedure provided in the embodiment of the 5G communication dual-channel access method, and as shown in fig. 5, the temporary identity registration server 50 includes: memory 51, processor 52, computer programs and communication interface 53; wherein the computer program is stored in the memory 51 and is configured to be executed by the processor 52 for: negotiating a common parameter and an original root of the common parameter with 5G terminal equipment through a first channel or a second channel; generating a second random number; sending a second message to the 5G terminal device through any one of the first channel and the second channel, where the second message is a value obtained by taking a modulus of the public parameter with a second result in which the original root is a base number and a second random number generated by the temporary identity registration server is an exponent; receiving first information sent by the 5G terminal device through another channel except the any one channel in the first channel and the second channel, wherein the first information is a value obtained by taking a modulus of the common parameter by using a first result with the original root as a base number and the first random number as an exponent; and calculating a second key through the second random number and the first information, wherein the second key is a value obtained by taking the first information as a base number and taking a fourth result with the second random number as an exponent to perform modulus on the public parameter.
The temporary identity registration server in the embodiment shown in fig. 5 may be configured to execute the technical solution of the above method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
In addition, the embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the 5G communication dual-channel access method described in the foregoing embodiment.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (11)

1. A dual-channel access method for 5G communication is characterized by comprising the following steps:
the 5G terminal equipment and the temporary identity registration server negotiate a public parameter and an original root of the public parameter through a first channel or a second channel;
the 5G terminal equipment generates a first random number;
the 5G terminal device sends first information to the temporary identity registration server through any one of the first channel and the second channel, wherein the first information is a value obtained by taking a modulus of a first result with the original root as a base number and the first random number as an index;
the 5G terminal device receives, through another channel other than the any one channel of the first channel and the second channel, second information sent by the temporary identity registration server, where the second information is a value obtained by taking a modulus of the public parameter with a second result in which the original root is a base number and a second random number generated by the temporary identity registration server is an index;
and the 5G terminal equipment calculates a first key according to the first random number and the second information, wherein the first key is a value obtained by taking the second information as a base number and taking a third result with the first random number as an exponent to perform modulus on the public parameter.
2. The method of claim 1, wherein the first key is the same as a second key calculated by the temporary identity registration server, and wherein the second key is a value obtained by modulo the public parameter with a fourth result that takes the first information as a base number and takes the second random number as an exponent.
3. The method according to claim 1 or 2, characterized in that the method further comprises:
and the 5G terminal equipment accesses the temporary identity registration server through other networks and establishes a first channel for communication with the temporary identity registration server.
4. The method according to claim 1 or 2, characterized in that the method further comprises:
and the 5G terminal equipment establishes a second channel for communicating with the temporary identity registration server through a 5G new wireless base station and a user plane network element function UPF.
5. A dual-channel access method for 5G communication is characterized by comprising the following steps:
the temporary identity registration server and the 5G terminal equipment negotiate a public parameter and an original root of the public parameter through a first channel or a second channel;
the temporary identity registration server generates a second random number;
the temporary identity registration server sends a second message to the 5G terminal device through any one of the first channel and the second channel, wherein the second message is a value obtained by taking a second result with the original root as a base number and a second random number generated by the temporary identity registration server as an index and taking a modulus of the public parameter;
the temporary identity registration server receives first information sent by the 5G terminal device through another channel except the any one channel in the first channel and the second channel, wherein the first information is a value obtained by taking a modulus of a first result with the original root as a base number and the first random number as an index to the public parameter;
and the temporary identity registration server calculates a second key by using the second random number and the first information, wherein the second key is a value obtained by taking the first information as a base number and taking a fourth result of which the second random number is an exponent as a modulus to the public parameter.
6. A5G terminal device, comprising:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
negotiating a public parameter and an original root of the public parameter with a temporary identity registration server through a first channel or a second channel;
generating a first random number;
sending first information to the temporary identity registration server through any one of the first channel and the second channel, wherein the first information is a value obtained by taking a modulus of a first result with the original root as a base number and the first random number as an exponent;
receiving, by another channel other than the arbitrary one channel, of the first channel and the second channel, second information sent by the temporary identity registration server, where the second information is a value obtained by taking a modulus of the public parameter by a second result in which the original root is a base number and a second random number generated by the temporary identity registration server is an exponent;
and calculating a first key according to the first random number and the second information, wherein the first key is a value obtained by taking the second information as a base number and taking a third result with the first random number as an exponent to perform modulo on the public parameter.
7. The 5G terminal device according to claim 6, wherein the first key is the same as a second key calculated by the temporary identity registration server, and the second key is a value obtained by modulo the public parameter with a fourth result that takes the first information as a base number and takes the second random number as an exponent.
8. The 5G terminal device according to claim 6 or 7, wherein the processor is further configured to:
and accessing the temporary identity registration server through other networks, and establishing a first channel for communicating with the temporary identity registration server.
9. The 5G terminal device according to claim 6 or 7, wherein the processor is further configured to:
and establishing a second channel for communicating with the temporary identity registration server through the 5G new wireless base station and a user plane network element function UPF.
10. A temporary identity registration server, comprising:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
negotiating a common parameter and an original root of the common parameter with 5G terminal equipment through a first channel or a second channel;
generating a second random number;
sending a second message to the 5G terminal device through any one of the first channel and the second channel, where the second message is a value obtained by taking a modulus of the public parameter with a second result in which the original root is a base number and a second random number generated by the temporary identity registration server is an exponent;
receiving first information sent by the 5G terminal device through another channel except the any one channel in the first channel and the second channel, wherein the first information is a value obtained by taking a modulus of the common parameter by using a first result with the original root as a base number and the first random number as an exponent;
and calculating a second key through the second random number and the first information, wherein the second key is a value obtained by taking the first information as a base number and taking a fourth result with the second random number as an exponent to perform modulus on the public parameter.
11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-5.
CN201911401800.3A 2019-12-30 2019-12-30 5G communication dual-channel access method, equipment and storage medium Pending CN111132166A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911401800.3A CN111132166A (en) 2019-12-30 2019-12-30 5G communication dual-channel access method, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911401800.3A CN111132166A (en) 2019-12-30 2019-12-30 5G communication dual-channel access method, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN111132166A true CN111132166A (en) 2020-05-08

Family

ID=70505771

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911401800.3A Pending CN111132166A (en) 2019-12-30 2019-12-30 5G communication dual-channel access method, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111132166A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103118363A (en) * 2011-11-17 2013-05-22 中国电信股份有限公司 Method, system, terminal device and platform device of secret information transmission
CN110069918A (en) * 2019-04-11 2019-07-30 苏州同济区块链研究院有限公司 A kind of efficient double factor cross-domain authentication method based on block chain technology

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103118363A (en) * 2011-11-17 2013-05-22 中国电信股份有限公司 Method, system, terminal device and platform device of secret information transmission
CN110069918A (en) * 2019-04-11 2019-07-30 苏州同济区块链研究院有限公司 A kind of efficient double factor cross-domain authentication method based on block chain technology

Similar Documents

Publication Publication Date Title
US11296877B2 (en) Discovery method and apparatus based on service-based architecture
CN111669276B (en) Network verification method, device and system
US11582602B2 (en) Key obtaining method and device, and communications system
US8706085B2 (en) Method and apparatus for authenticating communication device
US12096207B2 (en) Network access authentication method and device
CN111050324B (en) 5G terminal equipment access method, equipment and storage medium
CN110944319B (en) 5G communication identity verification method, equipment and storage medium
CN106454821A (en) VSIM (virtual subscriber identity module) authentication method and apparatus
CN111083695B (en) 5G communication card-free access method, equipment and storage medium
CN106686591B (en) Method and device for accessing wireless network
CN111132165B (en) 5G communication card-free access method, equipment and storage medium based on block chain
CN111065101A (en) 5G communication information encryption and decryption method and device based on block chain and storage medium
CN103581154A (en) Authentication method and device in system of Internet of Things
CN111148098A (en) 5G terminal equipment registration method, equipment and storage medium
CN111132155B (en) 5G secure communication method, device and storage medium
CN109041036A (en) WIFI connection method and equipment
CN108243631B (en) Network access method and equipment
CN111083700A (en) 5G terminal equipment access method, equipment and storage medium based on block chain
CN109150807B (en) Voucher distribution method, user terminal, user contract signing authentication management unit and medium
EP3190856A2 (en) Communications method, device, and system
CN111132166A (en) 5G communication dual-channel access method, equipment and storage medium
CN107277935B (en) Bluetooth communication method, device and application system and equipment thereof
JP2017539132A (en) Terminal, server, and user identification system and method
CN111065092A (en) 5G communication information encryption and decryption method, equipment and storage medium
CN111404669B (en) Key generation method, terminal equipment and network equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20200508

WD01 Invention patent application deemed withdrawn after publication