CN111132167A - Method for 5G user terminal to access 5G network, user terminal equipment and medium - Google Patents

Method for 5G user terminal to access 5G network, user terminal equipment and medium Download PDF

Info

Publication number
CN111132167A
CN111132167A CN201911402313.9A CN201911402313A CN111132167A CN 111132167 A CN111132167 A CN 111132167A CN 201911402313 A CN201911402313 A CN 201911402313A CN 111132167 A CN111132167 A CN 111132167A
Authority
CN
China
Prior art keywords
temporary identity
user terminal
user
public key
hash value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911402313.9A
Other languages
Chinese (zh)
Other versions
CN111132167B (en
Inventor
路成业
王凌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Iallchain Co Ltd
Original Assignee
Iallchain Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Iallchain Co Ltd filed Critical Iallchain Co Ltd
Priority to CN201911402313.9A priority Critical patent/CN111132167B/en
Publication of CN111132167A publication Critical patent/CN111132167A/en
Application granted granted Critical
Publication of CN111132167B publication Critical patent/CN111132167B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W60/00Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Abstract

Embodiments of the present invention provide a method, a user terminal device, and a medium for accessing a 5G network to a 5G user terminal, where a 5G UE broadcasts a public key of its own temporary identity and a first hash value calculated based on the public key and registration time to a temporary identity registration server in a blockchain, and by establishing connection with the temporary identity registration server, sending the audio clip of the user dictating registration time, the screenshot picture of 5GUE screen time when the registration time is reached and the public key of 5G UE temporary identity as verification data to the temporary identity registration server, the temporary identity registration server verifies the first hash value in the first message according to the verification data and registers for the 5G UE after the verification is passed, therefore, the 5G UE can safely access the 5G network, and the public key submitted by the 5G UE is prevented from being replaced or tampered.

Description

Method for 5G user terminal to access 5G network, user terminal equipment and medium
Technical Field
The embodiment of the invention relates to the technical field of block chains, in particular to a method for accessing a 5G user terminal to a 5G network, user terminal equipment and a medium.
Background
In a standard 5G registration process, a SIM card is inserted into a 5G user terminal device (for short, 5G UE), the SIM card has a public key of an operator, or a shared key of the 5G UE and the operator, and any man in the middle cannot modify the built-in public key of the SIM card, so man in the middle attack cannot be performed, but in a scheme without the SIM card, when the 5G UE without the SIM card submits its own public key, a malicious man in the middle or a listener can easily replace the public key, and the operator cannot sense the public key, so all secret communications between the 5G UE and the operator may be monitored. Moreover, a user without a SIM card accessing the 5G network of the operator may also bring some security risks to the 5G network.
Disclosure of Invention
The embodiment of the invention provides a method for accessing a 5G user terminal into a 5G network, user terminal equipment and a medium, which are used for preventing a public key submitted by the 5G user terminal equipment without an SIM card from being tampered or replaced in the process of accessing the 5G network by the 5G user terminal equipment without the SIM card.
A first aspect of an embodiment of the present invention provides a method for accessing a 5G user terminal to a 5G network, where the method includes:
the method comprises the steps that 5G user terminal equipment broadcasts a first message in a block chain, wherein the first message comprises a public key corresponding to a temporary identity of the 5G user terminal equipment and a first hash value, and the first hash value is obtained by calculating the public key and a registration time input by a user;
the 5G user terminal equipment sends a registration application to a 5G base station of an operator appointed by a user, so that the 5G base station forwards the registration application to a notification Session Management Function (SMF), the SMF allocates a first IP address for the 5G user terminal equipment, and pushes a second IP address of the temporary identity registration server to the 5G user terminal equipment;
the 5G user terminal device sends verification data to a second IP address of the temporary identity registration server based on the first IP address, the verification data comprises the public key corresponding to the temporary identity, a voice fragment spoken by the user at the registration time and a screen capture picture of the 5G user terminal device, the screen capture picture comprises the registration time, so that the temporary identity registration server calculates a second hash value based on the public key and the registration time carried in the verification data, and the second hash value is matched with the first hash value;
when the first hash value and the second hash value are matched and consistent, the 5G user terminal equipment receives a public key of the temporary identity registration server returned by the temporary identity registration server;
the 5G user terminal equipment sends the identity information of the temporary identity of the 5G user terminal equipment to the temporary identity registration server so that the temporary identity registration server registers the temporary identity of the 5G user terminal equipment in the network of the operator;
and the 5G user terminal equipment accesses the 5G network of the operator after the registration is finished.
In one embodiment, before the 5G user terminal device broadcasts the first message in the blockchain, the method further comprises:
and searching the operator network of the current position, and outputting an operator network list to a user so that the user specifies the operator network to be accessed from the operator list.
In one embodiment, after the user specifies an operator network to access from the operator list, the method further comprises:
and generating a public key and a private key corresponding to the temporary identity.
In one embodiment, after generating the public key and the private key corresponding to the temporary identity, the method further includes:
outputting a prompt message to the user so that the user inputs an encrypted password according to the prompt message; and encrypting and storing the private key of the temporary identity according to the encrypted password.
In one embodiment, the first hash value in the first message and the public key of the temporary identity are signed by a private key corresponding to the temporary identity.
A second aspect of the embodiments of the present invention provides a 5G user terminal device, including a processor and a memory, where the memory stores instructions, and when the processor executes the instructions, the processor performs the following operations:
broadcasting a first message in a block chain, wherein the first message comprises a public key corresponding to the temporary identity of the 5G user terminal equipment and a first hash value, and the first hash value is obtained by calculating the hash value of the public key and the registration time input by a user;
sending a registration application to a 5G base station of an operator appointed by a user, enabling the 5G base station to forward the registration application to a notification Session Management Function (SMF), allocating a first IP address to the 5G user terminal equipment through the SMF, and pushing a second IP address of the temporary identity registration server to the 5G user terminal equipment;
sending verification data to a second IP address of the temporary identity registration server based on the first IP address, wherein the verification data comprises the public key corresponding to the temporary identity, a voice fragment spoken by the user at the registration time and a screen capture picture of the 5G user terminal device, and the screen capture picture comprises the registration time, so that the temporary identity registration server calculates a second hash value based on the public key and the registration time carried in the verification data and matches the second hash value with the first hash value;
when the first hash value and the second hash value are matched and consistent, receiving a public key of the temporary identity registration server returned by the temporary identity registration server;
sending identity information of a temporary identity of the temporary identity registration server to the temporary identity registration server so that the temporary identity registration server registers the temporary identity of the 5G user terminal equipment in the network of the operator;
and accessing the 5G network of the operator after the registration is completed.
In one embodiment, the processor, prior to broadcasting the first message in the blockchain, is further configured to:
and searching the operator network of the current position, and outputting an operator network list to a user so that the user specifies the operator network to be accessed from the operator list.
In one embodiment, the processor is further configured to, after the user specifies from the operator list an operator network to access:
and generating a public key and a private key corresponding to the temporary identity.
In one embodiment, after generating the public key and the private key corresponding to the temporary identity, the processor is further configured to:
outputting a prompt message to the user so that the user inputs an encrypted password according to the prompt message; and encrypting and storing the private key of the temporary identity according to the encrypted password.
A third aspect of embodiments of the present invention provides a computer-readable storage medium, which includes instructions that, when executed on a computer, cause the computer to perform the method of the first aspect.
In the embodiment of the invention, the 5G user terminal device calculates the hash value of the public key corresponding to the temporary identity of the user terminal device and the registration time input by the user to obtain the first hash value, broadcasts the first message carrying the first hash value and the public key of the temporary identity of the user terminal device into the block chain, simultaneously, the 5G user terminal device sends the registration application to the 5G base station of the operator appointed by the user, so that the 5G base station forwards the registration application to the notification session management function unit SMF, the SMF allocates the first IP address for the 5G user terminal device and pushes the second IP address of the temporary identity registration server to the 5G user terminal device, the 5G user terminal device sends the verification data to the second IP address of the temporary identity registration server according to the received first IP address, so that the temporary identity registration server sends the public key of the temporary identity of the 5G user terminal device carried in the verification data, and calculating a second hash value by the voice fragment of the user dictating the registration time and the screen shot picture of the 5G user terminal equipment at the registration time, if the first hash value is consistent with the second hash value, determining that the public key submitted by the 5G user terminal equipment is not replaced or tampered, and sending the public key to the 5G user terminal equipment by the temporary identity registration server, so that the 5G user terminal equipment can complete the registration process with the temporary identity registration server according to the public key of the temporary identity registration server, and can access the 5G network of the operator by the temporary identity after the registration is completed. In the scheme of the embodiment of the invention, as the attacker can not quickly generate the same voice segment and screenshot as the 5G user terminal equipment, the attacker can not replace or tamper the public key submitted by the 5G user terminal equipment into other public keys without finding the public keys, so that the public key improved by the 5G user terminal equipment can be prevented from being tampered or replaced, and the safety of the 5G user terminal equipment, particularly the 5G user terminal equipment without an SIM card, accessing the 5G network is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of a method for a 5G user terminal to access a 5G network according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a communication system according to an embodiment of the present application;
fig. 3 is a flowchart of a method for accessing a 5G user terminal to a 5G network according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a 5G user terminal device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "comprises" and "comprising," and any variations thereof, in the description and claims of this invention, are intended to cover non-exclusive inclusions, e.g., a process or an apparatus that comprises a list of steps is not necessarily limited to those structures or steps expressly listed but may include other steps or structures not expressly listed or inherent to such process or apparatus.
Fig. 1 is a flowchart of a method for accessing a 5G network by a 5G user terminal according to an embodiment of the present application, in which an attacker is assumed to be only able to implement an attack by replacing or tampering a public key. As shown in fig. 1, the method includes:
step 101, broadcasting a first message in a blockchain by the 5G user terminal device, wherein the first message comprises a public key corresponding to the temporary identity of the 5G user terminal device and a first hash value, and the first hash value is obtained by calculating the public key and the hash value of the registration time input by the user.
The 5G user terminal device referred to in this embodiment may access the block chain through a wireless network, such as WIFI. Or the 5G user terminal device may also access the block chain by using the SIM of the operator installed in the 5G user terminal device, at this time, the scheme related to this embodiment is that the 5G user terminal device accesses the network of another operator specified by the user, and the 5G user terminal device does not handle the SIM card of the operator.
The blockchain referred to in this embodiment is a blockchain maintained by multiple operators, a temporary identity registration server of each operator accesses the blockchain and records and maintains the latest public keys of all the operators in the blockchain, a 5G UE, an operator server, or other terminal devices may access the blockchain as nodes of the blockchain, and the blockchain may be used to record registration information of each node on the blockchain and transaction information between each node.
For example, fig. 2 is a schematic structural diagram of a communication system provided in an embodiment of the present application, and in the system shown in fig. 2, a device UE may be understood as a 5G user terminal device or a 5G UE referred to in this embodiment, an exemplary SIM card of an operator a is installed in the device UE, and the device UE accesses a block chain through a network of the operator a, and meanwhile, the operator a and other operators also serve as block chain nodes and are connected to the block chain. In fig. 2, the 5G base station gNB, the User plane network Function Unit (UPF), the Mobility Management Function unit (AMF), the unified data Management Unit (UDM), and the Session Management Function unit (SMF) are all network devices of the operator B that the User designates to Access, and the SIM card of the operator B is not installed in the 5G UE. The temporary identity registration server and a User Plane Function (UPF) of the operator B access the blockchain, and the temporary identity registration server records and maintains public keys of the operators in the blockchain.
After 5G UE is started, searching a 5G operator network at the current position, detecting whether an SIM card is installed in the local machine, inquiring whether a user accesses the 5G networks of other operators by a temporary identity after detecting the SIM card of the operator A, and if so, presenting the other operator networks to the user in a list form so that the user designates the operator network to be accessed from the list. In the scenario shown in fig. 2 the user specifies access to the 5G network of operator B.
Further, after the user selects the 5G network of operator B, the example 5G UE prompts the user to orally input the registration time and prompts the user to screen capture the time displayed on the screen when the registration time is reached (for example, after 30 seconds of the oral registration time), or the 5G user terminal device may also automatically monitor the registration time after the user inputs the registration time, and automatically screen capture the time displayed on the screen when the registration time is monitored, so as to obtain the screen capture picture.
Further, after obtaining the registration time dictated by the user, the 5G UE performs hash value calculation on the public key corresponding to the pre-generated temporary identity and the registration time to obtain a first hash value, and signs the public key corresponding to the temporary identity and the first hash value by using the private key corresponding to the temporary identity to obtain signature data, so that the signature data is carried in the first message and broadcasted to the block chain, so that the temporary identity registration server in the block chain obtains the first message.
Of course, the above is only an example of the scenario shown in fig. 2, and is not the only limitation of the present invention, for example, although in the scenario of fig. 2, the first message is broadcasted into the blockchain by the SIM card of the operator a, in other embodiments, the 5G UE may still access the blockchain through WIFI and broadcast the first message into the blockchain.
Step 102, the 5G user terminal device sends a registration application to a 5G base station of an operator specified by a user, so that the 5G base station forwards the registration application to a notification session management function unit SMF, allocates a first IP address to the 5G user terminal device through the SMF, and pushes a second IP address of the temporary identity registration server to the 5G user terminal device.
The 5G user terminal device may send a registration application to a 5G base station of an operator specified by a user while broadcasting the first message, or before broadcasting the first message, or after broadcasting the first message, where the registration application at least includes identification information of the 5G user terminal device, but is not limited to the identification information of the 5G user terminal device, for example, in some embodiments, the registration application may include an International Mobile Equipment Identity (IMEI) number of the 5G user terminal device, in other embodiments, in order to prevent leakage of the IMEI number, a hash value may be calculated for a public key of a Temporary Identity of the 5G user terminal device and the IMEI number, and the calculated hash value may be carried in the registration application as a Globally Unique Temporary UE Identity (Globally Unique Temporary UE Identity, GUTI).
Taking fig. 2 as an example, the method for the 5G user terminal device to send the registration application to the 5G base station of the operator specified by the user is as follows:
after the user in fig. 2 designates to access the 5G network of the operator B, the 5G user terminal device sends the registration application to the 5G base station gNB of the operator B designated to be accessed by the user, the gNB sends the registration application to the AMF, and the AMF detects that the registration application does not carry a user hidden Identifier (sui) (because the 5G user terminal device does not have the SIM card of the operator B, the SUCI in the operator B cannot be generated), does not initiate an authentication application to the UDM, but notifies the SMF to allocate the first IP address of the 5G user terminal device in the operator B for the 5G user terminal device, and sends the second IP address of the temporary identity registration server to the 5G user terminal device.
It should be understood that fig. 2 is merely an example for illustration and is not the only limitation of the present application.
103, the 5G user terminal device sends verification data to a second IP address of the temporary identity registration server based on the first IP address, where the verification data includes the public key corresponding to the temporary identity, the voice segment spoken by the user at the registration time, and a screen shot of the 5G user terminal device, where the screen shot includes the registration time, so that the temporary identity registration server calculates a second hash value based on the public key and the registration time carried in the verification data, and matches the second hash value with the first hash value.
Specifically, after obtaining the first IP address of the 5G user terminal device and the second IP address of the temporary identity registration server, the 5G user terminal device accesses the second IP address of the temporary identity registration server based on the first IP address of the 5G user terminal device, and establishes a connection with the temporary identity registration server. And after the temporary identity registration server successfully establishes the connection, prompting the 5G user terminal equipment to submit verification data. And after receiving the prompt of the temporary identity registration server, the 5G user terminal equipment submits the public key of the temporary identity, the voice fragment of the spoken registration time of the user and the screenshot of the display time after the registration time is reached to the temporary identity registration server in a plaintext manner by carrying the screenshot in the verification data. After the temporary identity registration server receives the verification data, firstly, the registration time is identified from the voice frequency band and the screen capture picture, whether the registration time in the voice frequency band and the screen capture picture is consistent or not is judged, if so, extracting the public key of the temporary identity of the 5G user terminal equipment from the verification data, verifying the digital signature in the first message through the public key, and if the verification is passed, comparing the public key in the first message with the public key in the verification data, if the public key and the public key in the verification data are consistent, extracting a first hash value from the first message, and calculates a second hash value according to the public key carried in the verification data and the registration time, if the second hash value is consistent with the first hash value, and if the condition indicates that the public key submitted by the 5G user terminal equipment is not tampered or replaced, the temporary identity registration server encrypts the public key of the temporary identity registration server through a first preset encryption algorithm and sends the encrypted public key to the 5G user terminal equipment.
And step 104, when the first hash value and the second hash value are matched and consistent, the 5G user terminal equipment receives the public key of the temporary identity registration server returned by the temporary identity registration server.
And after the 5G user terminal equipment receives the encrypted data returned by the temporary identity registration server, decrypting the encrypted data through the decryption algorithm corresponding to the first preset encryption algorithm to obtain the public key of the temporary identity registration server.
Step 105, the 5G user terminal device sends the identity information of its own temporary identity to the temporary identity registration server, so that the temporary identity registration server registers the temporary identity of the 5G user terminal device in the network of the operator.
Optionally, the 5G user terminal device may adopt a second encryption algorithm agreed with the temporary identity registration server in advance, encrypt the identity information of itself by using a public key of itself and/or a public key of the temporary identity registration server, and send the encrypted data to the temporary identity registration server, so that the temporary identity registration server registers for the 5G user terminal device based on the identity information sent by the 5G user terminal device, where the identity information of the 5G user terminal device may include at least one of the following information: the IMEI, GUTI, IMEI and/or GUTI hash value of the 5G user terminal equipment.
And 106, the 5G user terminal equipment accesses the 5G network of the operator after the registration is finished.
In this embodiment, the 5G user terminal device obtains a first hash value by performing hash value calculation on a public key corresponding to its temporary identity and registration time input by a user, broadcasts a first message carrying the first hash value and the public key of its temporary identity to a block chain, and simultaneously, the 5G user terminal device sends a registration application to a 5G base station of an operator specified by the user, so that the 5G base station forwards the registration application to a notification session management function unit SMF, the SMF allocates a first IP address to the 5G user terminal device, and pushes a second IP address of the temporary identity registration server to the 5G user terminal device, the 5G user terminal device sends verification data to a second IP address of the temporary identity registration server according to the received first IP address, so that the temporary identity registration server sends the public key of the temporary identity of the 5G user terminal device carried in the verification data, and calculating a second hash value by the voice fragment of the user dictating the registration time and the screen shot picture of the 5G user terminal equipment at the registration time, if the first hash value is consistent with the second hash value, determining that the public key submitted by the 5G user terminal equipment is not replaced or tampered, and sending the public key to the 5G user terminal equipment by the temporary identity registration server, so that the 5G user terminal equipment can complete the registration process with the temporary identity registration server according to the public key of the temporary identity registration server, and can access the 5G network of the operator by the temporary identity after the registration is completed. In the scheme of the embodiment of the invention, as the attacker can not quickly generate the same voice segment and screenshot as the 5G user terminal equipment, the attacker can not replace or tamper the public key submitted by the 5G user terminal equipment into other public keys without finding the public keys, so that the public key improved by the 5G user terminal equipment can be prevented from being tampered or replaced, and the safety of the 5G user terminal equipment, particularly the 5G user terminal equipment without an SIM card, accessing the 5G network is improved.
Fig. 3 is a flowchart of a method for a 5G user terminal to access a 5G network according to an embodiment of the present application, and as shown in fig. 3, on the basis of the foregoing embodiment, the method includes:
step 301, searching the operator network of the current position, and outputting an operator network list to the user, so that the user specifies the operator network to be accessed from the operator list.
Step 302, after the user specifies the operator network to be accessed from the operator list, a public key and a private key corresponding to the temporary identity are generated.
And 303, outputting a prompt message to the user so that the user inputs an encrypted password according to the prompt message, and encrypting and storing the private key of the temporary identity according to the encrypted password.
Step 304, the 5G user terminal device broadcasts a first message in the blockchain, where the first message includes a public key corresponding to the temporary identity of the 5G user terminal device and a first hash value, and the first hash value is obtained by performing hash value calculation on the public key and registration time input by the user.
Step 305, the 5G user terminal device sends a registration application to a 5G base station of an operator specified by a user, so that the 5G base station forwards the registration application to a notification session management function unit SMF, allocates a first IP address to the 5G user terminal device through the SMF, and pushes a second IP address of the temporary identity registration server to the 5G user terminal device.
Step 306, the 5G user terminal device sends verification data to a second IP address of the temporary identity registration server based on the first IP address, where the verification data includes the public key corresponding to the temporary identity, and the voice segment spoken by the user at the registration time and the screenshot picture of the 5G user terminal device, where the screenshot picture includes the registration time, so that the temporary identity registration server calculates a second hash value based on the public key and the registration time carried in the verification data, and matches the second hash value with the first hash value.
Step 307, when the first hash value and the second hash value are matched and consistent, the 5G user terminal device receives the public key of the temporary identity registration server returned by the temporary identity registration server.
Step 308, the 5G user terminal device sends the identity information of its own temporary identity to the temporary identity registration server, so that the temporary identity registration server registers the temporary identity of the 5G user terminal device in the network of the operator.
Step 309, the 5G user terminal device accesses the 5G network of the operator after the registration is completed.
In this embodiment, the 5G user terminal device obtains a first hash value by performing hash value calculation on a public key corresponding to its temporary identity and registration time input by a user, broadcasts a first message carrying the first hash value and the public key of its temporary identity to a block chain, and simultaneously, the 5G user terminal device sends a registration application to a 5G base station of an operator specified by the user, so that the 5G base station forwards the registration application to a notification session management function unit SMF, the SMF allocates a first IP address to the 5G user terminal device, and pushes a second IP address of the temporary identity registration server to the 5G user terminal device, the 5G user terminal device sends verification data to a second IP address of the temporary identity registration server according to the received first IP address, so that the temporary identity registration server sends the public key of the temporary identity of the 5G user terminal device carried in the verification data, and calculating a second hash value by the voice fragment of the user dictating the registration time and the screen shot picture of the 5G user terminal equipment at the registration time, if the first hash value is consistent with the second hash value, determining that the public key submitted by the 5G user terminal equipment is not replaced or tampered, and sending the public key to the 5G user terminal equipment by the temporary identity registration server, so that the 5G user terminal equipment can complete the registration process with the temporary identity registration server according to the public key of the temporary identity registration server, and can access the 5G network of the operator by the temporary identity after the registration is completed. In the scheme of the embodiment of the invention, as the attacker can not quickly generate the same voice segment and screenshot as the 5G user terminal equipment, the attacker can not replace or tamper the public key submitted by the 5G user terminal equipment into other public keys without finding the public keys, so that the public key improved by the 5G user terminal equipment can be prevented from being tampered or replaced, and the safety of the 5G user terminal equipment, particularly the 5G user terminal equipment without an SIM card, accessing the 5G network is improved.
Fig. 4 is a schematic structural diagram of a 5G user terminal device provided in an embodiment of the present application, and as shown in fig. 4, a device 40 includes a processor 41 and a memory 42, where the memory 42 stores instructions, and when the processor 41 executes the instructions, the following operations are performed:
broadcasting a first message in a block chain, wherein the first message comprises a public key corresponding to the temporary identity of the 5G user terminal equipment and a first hash value, and the first hash value is obtained by calculating the hash value of the public key and the registration time input by a user;
sending a registration application to a 5G base station of an operator appointed by a user, enabling the 5G base station to forward the registration application to a notification Session Management Function (SMF), allocating a first IP address to the 5G user terminal equipment through the SMF, and pushing a second IP address of the temporary identity registration server to the 5G user terminal equipment;
sending verification data to a second IP address of the temporary identity registration server based on the first IP address, wherein the verification data comprises the public key corresponding to the temporary identity, a voice fragment spoken by the user at the registration time and a screen capture picture of the 5G user terminal device, and the screen capture picture comprises the registration time, so that the temporary identity registration server calculates a second hash value based on the public key and the registration time carried in the verification data and matches the second hash value with the first hash value;
when the first hash value and the second hash value are matched and consistent, receiving a public key of the temporary identity registration server returned by the temporary identity registration server;
sending identity information of a temporary identity of the temporary identity registration server to the temporary identity registration server so that the temporary identity registration server registers the temporary identity of the 5G user terminal equipment in the network of the operator;
and accessing the 5G network of the operator after the registration is completed.
In one embodiment, the processor, prior to broadcasting the first message in the blockchain, is further configured to:
and searching the operator network of the current position, and outputting an operator network list to a user so that the user specifies the operator network to be accessed from the operator list.
In one embodiment, the processor is further configured to, after the user specifies from the operator list an operator network to access:
and generating a public key and a private key corresponding to the temporary identity.
In one embodiment, after generating the public key and the private key corresponding to the temporary identity, the processor is further configured to:
outputting a prompt message to the user so that the user inputs an encrypted password according to the prompt message; and encrypting and storing the private key of the temporary identity according to the encrypted password.
The device provided by this embodiment can execute the method of any of the above embodiments, and the execution manner and effect are similar, which are not described herein again.
Embodiments of the present invention also provide a computer-readable storage medium, which includes instructions that, when executed on a computer, cause the computer to perform the method provided in any of the above embodiments.
Finally, it should be noted that, as one of ordinary skill in the art will appreciate, all or part of the processes of the methods of the embodiments described above may be implemented by hardware related to instructions of a computer program, where the computer program may be stored in a computer-readable storage medium, and when executed, the computer program may include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), a Random Access Memory (RAM), or the like.
Each functional unit in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a separate product, may also be stored in a computer readable storage medium. The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
The above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. A method for accessing a 5G user terminal to a 5G network is characterized by comprising the following steps:
the method comprises the steps that 5G user terminal equipment broadcasts a first message in a block chain, wherein the first message comprises a public key corresponding to a temporary identity of the 5G user terminal equipment and a first hash value, and the first hash value is obtained by calculating the public key and a registration time input by a user;
the 5G user terminal equipment sends a registration application to a 5G base station of an operator appointed by a user, so that the 5G base station forwards the registration application to a notification Session Management Function (SMF), the SMF allocates a first IP address for the 5G user terminal equipment, and pushes a second IP address of the temporary identity registration server to the 5G user terminal equipment;
the 5G user terminal device sends verification data to a second IP address of the temporary identity registration server based on the first IP address, the verification data comprises the public key corresponding to the temporary identity, a voice fragment spoken by the user at the registration time and a screen capture picture of the 5G user terminal device, the screen capture picture comprises the registration time, so that the temporary identity registration server calculates a second hash value based on the public key and the registration time carried in the verification data, and the second hash value is matched with the first hash value;
when the first hash value and the second hash value are matched and consistent, the 5G user terminal equipment receives a public key of the temporary identity registration server returned by the temporary identity registration server;
the 5G user terminal equipment sends the identity information of the temporary identity of the 5G user terminal equipment to the temporary identity registration server so that the temporary identity registration server registers the temporary identity of the 5G user terminal equipment in the network of the operator;
and the 5G user terminal equipment accesses the 5G network of the operator after the registration is finished.
2. The method of claim 1, wherein the 5G user terminal device broadcasts the first message in a blockchain, and wherein the method further comprises:
and searching the operator network of the current position, and outputting an operator network list to a user so that the user specifies the operator network to be accessed from the operator list.
3. The method of claim 2, wherein after the user specifies an operator network to access from the operator list, the method further comprises:
and generating a public key and a private key corresponding to the temporary identity.
4. The method of claim 3, wherein after generating the public key and the private key corresponding to the temporary identity, the method further comprises:
outputting a prompt message to the user so that the user inputs an encrypted password according to the prompt message;
and encrypting and storing the private key of the temporary identity according to the encrypted password.
5. The method according to any of claims 1-3, wherein the first hash value in the first message and the public key of the temporary identity are signed with a private key corresponding to the temporary identity.
6. A 5G user terminal device comprising a processor and a memory, the memory having stored therein instructions that when executed by the processor perform the following:
broadcasting a first message in a block chain, wherein the first message comprises a public key corresponding to the temporary identity of the 5G user terminal equipment and a first hash value, and the first hash value is obtained by calculating the hash value of the public key and the registration time input by a user;
sending a registration application to a 5G base station of an operator appointed by a user, enabling the 5G base station to forward the registration application to a notification Session Management Function (SMF), allocating a first IP address to the 5G user terminal equipment through the SMF, and pushing a second IP address of the temporary identity registration server to the 5G user terminal equipment;
sending verification data to a second IP address of the temporary identity registration server based on the first IP address, wherein the verification data comprises the public key corresponding to the temporary identity, a voice fragment spoken by the user at the registration time and a screen capture picture of the 5G user terminal device, and the screen capture picture comprises the registration time, so that the temporary identity registration server calculates a second hash value based on the public key and the registration time carried in the verification data and matches the second hash value with the first hash value;
when the first hash value and the second hash value are matched and consistent, receiving a public key of the temporary identity registration server returned by the temporary identity registration server;
sending identity information of a temporary identity of the temporary identity registration server to the temporary identity registration server so that the temporary identity registration server registers the temporary identity of the 5G user terminal equipment in the network of the operator;
and accessing the 5G network of the operator after the registration is completed.
7. The apparatus of claim 6, wherein the processor, prior to broadcasting the first message in the blockchain, is further configured to:
and searching the operator network of the current position, and outputting an operator network list to a user so that the user specifies the operator network to be accessed from the operator list.
8. The apparatus of claim 7, wherein the processor, after the user specifies from the operator list an operator network to access, is further configured to:
and generating a public key and a private key corresponding to the temporary identity.
9. The device of claim 8, wherein the processor, after generating the public and private keys corresponding to the temporary identities, is further configured to:
outputting a prompt message to the user so that the user inputs an encrypted password according to the prompt message;
and encrypting and storing the private key of the temporary identity according to the encrypted password.
10. A computer-readable storage medium comprising instructions that, when executed on a computer, cause the computer to perform the method of any of claims 1-5.
CN201911402313.9A 2019-12-30 2019-12-30 Method for 5G user terminal to access 5G network, user terminal equipment and medium Active CN111132167B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911402313.9A CN111132167B (en) 2019-12-30 2019-12-30 Method for 5G user terminal to access 5G network, user terminal equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911402313.9A CN111132167B (en) 2019-12-30 2019-12-30 Method for 5G user terminal to access 5G network, user terminal equipment and medium

Publications (2)

Publication Number Publication Date
CN111132167A true CN111132167A (en) 2020-05-08
CN111132167B CN111132167B (en) 2023-04-14

Family

ID=70505856

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911402313.9A Active CN111132167B (en) 2019-12-30 2019-12-30 Method for 5G user terminal to access 5G network, user terminal equipment and medium

Country Status (1)

Country Link
CN (1) CN111132167B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116170801A (en) * 2023-04-25 2023-05-26 深圳市壹通道科技有限公司 5G message-based evidence-preserving and evidence-fixing application method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017201809A1 (en) * 2016-05-27 2017-11-30 宇龙计算机通信科技(深圳)有限公司 Communication method and system for terminal
CN108881296A (en) * 2018-07-24 2018-11-23 中国联合网络通信集团有限公司 Block chain real name identification method, device, equipment and storage medium
CN109413228A (en) * 2018-12-20 2019-03-01 全链通有限公司 IPv6 generation method and system based on block chain domain name system
US20190312877A1 (en) * 2016-12-23 2019-10-10 Cloudminds (Shenzhen) Robotics Systems Co., Ltd. Block chain mining method, device, and node apparatus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017201809A1 (en) * 2016-05-27 2017-11-30 宇龙计算机通信科技(深圳)有限公司 Communication method and system for terminal
US20190312877A1 (en) * 2016-12-23 2019-10-10 Cloudminds (Shenzhen) Robotics Systems Co., Ltd. Block chain mining method, device, and node apparatus
CN108881296A (en) * 2018-07-24 2018-11-23 中国联合网络通信集团有限公司 Block chain real name identification method, device, equipment and storage medium
CN109413228A (en) * 2018-12-20 2019-03-01 全链通有限公司 IPv6 generation method and system based on block chain domain name system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116170801A (en) * 2023-04-25 2023-05-26 深圳市壹通道科技有限公司 5G message-based evidence-preserving and evidence-fixing application method
CN116170801B (en) * 2023-04-25 2023-06-20 深圳市壹通道科技有限公司 5G message-based evidence-preserving and evidence-fixing application method

Also Published As

Publication number Publication date
CN111132167B (en) 2023-04-14

Similar Documents

Publication Publication Date Title
JP5739072B2 (en) System and method for encoding exchanges using a set of shared ephemeral key data
US9843575B2 (en) Wireless network authentication method and wireless network authentication apparatus
US20190199532A1 (en) Authentication method, authentication apparatus, and authentication system
WO2017028593A1 (en) Method for making a network access device access a wireless network access point, network access device, application server, and non-volatile computer readable storage medium
CN109345245B (en) Short message verification method, device, network and storage medium based on block chain
CN105634737B (en) Data transmission method, terminal and system
CN109922474B (en) Method for triggering network authentication and related equipment
CN111132305B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
US20230344626A1 (en) Network connection management method and apparatus, readable medium, program product, and electronic device
CN110933484A (en) Management method and device of wireless screen projection equipment
CN111148094B (en) Registration method of 5G user terminal, user terminal equipment and medium
US20230076147A1 (en) Method and apparatus for authenticating terminal, computer device and storage medium
CN111901795B (en) Access method, core network equipment and micro base station management server
CN111212426A (en) Terminal access method, terminal, micro base station and access system
CN105577619B (en) Client login method, client and system
CN111065101A (en) 5G communication information encryption and decryption method and device based on block chain and storage medium
CN111132149B (en) Registration method of 5G user terminal, user terminal equipment and medium
CN111093196B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
CN111132167B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
CN108243416B (en) User equipment authentication method, mobile management entity and user equipment
CN111132155B (en) 5G secure communication method, device and storage medium
CN111107550A (en) Dual-channel access registration method and device for 5G terminal equipment and storage medium
CN111148098A (en) 5G terminal equipment registration method, equipment and storage medium
CN111132156B (en) Registration method of 5G user terminal, user terminal equipment and medium
WO2018126791A1 (en) Authentication method and device, and computer storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 100191 1107c, 11 / F, Xueyuan international building, 1 Zhichun Road, Haidian District, Beijing

Applicant after: IALLCHAIN Co.,Ltd.

Address before: 100043 5158, 5 floor, 11 Shixing street, Shijingshan District, Beijing.

Applicant before: IALLCHAIN Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant