CN111148098A - 5G terminal equipment registration method, equipment and storage medium - Google Patents
5G terminal equipment registration method, equipment and storage medium Download PDFInfo
- Publication number
- CN111148098A CN111148098A CN201911401799.4A CN201911401799A CN111148098A CN 111148098 A CN111148098 A CN 111148098A CN 201911401799 A CN201911401799 A CN 201911401799A CN 111148098 A CN111148098 A CN 111148098A
- Authority
- CN
- China
- Prior art keywords
- registration server
- temporary identity
- identity registration
- random number
- terminal equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000012795 verification Methods 0.000 claims description 44
- 230000006870 function Effects 0.000 claims description 33
- 238000004891 communication Methods 0.000 claims description 27
- 238000004590 computer program Methods 0.000 claims description 17
- 238000004364 calculation method Methods 0.000 claims description 10
- 238000004422 calculation algorithm Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 5
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 230000002457 bidirectional effect Effects 0.000 description 2
- 238000013523 data management Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
Abstract
The embodiment of the invention provides a 5G terminal device registration method, a device and a storage medium. In the embodiment of the invention, 5G terminal equipment communicates with a temporary identity registration server through two channels, one channel is other networks, and the other channel is a 5G new wireless base station and a user plane network element function, so that the 5G terminal equipment can obtain a public key of the temporary identity registration server through other networks, and the 5G terminal equipment sends encryption information to the temporary identity registration server through the 5G new wireless base station and the user plane network element function.
Description
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a 5G terminal device registration method, a device and a storage medium.
Background
In the current 5G network, if a terminal device needs to access the 5G network, a user of the terminal device needs to go to a business office to handle a Subscriber Identity Module (SIM). The terminal equipment can perform bidirectional authentication with the 5G network equipment through the SIM card.
Therefore, if the 5G terminal device does not have the SIM card, the 5G terminal device cannot perform bidirectional authentication with the 5G network device. Therefore, the 5G terminal equipment without the SIM card is easily attacked by the pseudo base station, and certain potential safety hazard is brought to the 5G terminal equipment.
Disclosure of Invention
The embodiment of the invention provides a 5G terminal equipment registration method, equipment and a storage medium, which are used for preventing 5G terminal equipment without an SIM card from being attacked by a pseudo base station and improving the safety of the 5G terminal equipment.
In a first aspect, an embodiment of the present invention provides a method for registering a 5G terminal device, including:
the 5G terminal equipment accesses a temporary identity registration server of a target operator through a first channel and acquires a public key of the temporary identity registration server;
the 5G terminal equipment detects a wireless signal of a 5G new wireless base station of the target operator;
the 5G terminal equipment establishes communication connection with the 5G new wireless base station through the wireless signal of the 5G new wireless base station;
the 5G terminal equipment generates a random number, and encrypts the random number by adopting a public key of the temporary identity registration server to obtain first encryption information;
the 5G terminal equipment signs the first encrypted information by adopting a private key of the 5G terminal equipment;
the 5G terminal equipment sends the signed first encryption information to the temporary identity registration server through a second channel so that the temporary identity registration server obtains the random number according to the signed first encryption information, wherein the second channel comprises the 5G new wireless base station and a user plane network element function UPF of the target operator;
the 5G terminal equipment receives the information related to the random number sent by the temporary identity registration server;
the 5G terminal equipment verifies the temporary identity registration server according to the information related to the random number;
and when the temporary identity registration server passes the verification, the 5G terminal equipment and the temporary identity registration server communicate according to the key related to the random number.
In a second aspect, an embodiment of the present invention provides a method for registering a 5G terminal device, including:
a temporary identity registration server of a target operator receives access information of 5G terminal equipment through a first channel, and sends a public key of the temporary identity registration server to the 5G terminal equipment according to the access information;
the temporary identity registration server receives first encryption information which is sent by the 5G terminal equipment and signed by a private key of the 5G terminal equipment through a second channel, wherein the first encryption information is obtained by encrypting a random number generated by the 5G terminal equipment by using a public key of the temporary identity registration server, and the second channel comprises the 5G new wireless base station and a user plane network element function UPF of the target operator;
the temporary identity registration server acquires the random number according to the signed first encryption information;
the temporary identity registration server sends information related to the random number to the 5G terminal equipment, so that the 5G terminal equipment verifies the temporary identity registration server according to the information related to the random number;
and when the temporary identity registration server passes the verification, the temporary identity registration server and the 5G terminal equipment communicate according to the key related to the random number.
In a third aspect, an embodiment of the present invention provides a 5G terminal device, including:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
accessing a temporary identity registration server of a target operator through a first channel, and acquiring a public key of the temporary identity registration server;
detecting a wireless signal of a 5G new wireless base station of the target operator;
establishing communication connection with the 5G new wireless base station through wireless signals of the 5G new wireless base station;
generating a random number, and encrypting the random number by adopting a public key of the temporary identity registration server to obtain first encryption information;
signing the first encrypted information by adopting a private key of the 5G terminal equipment;
sending the signed first encryption information to the temporary identity registration server through a second channel so that the temporary identity registration server obtains the random number according to the signed first encryption information, wherein the second channel comprises the 5G new wireless base station and a user plane network element function (UPF) of the target operator;
receiving information related to the random number sent by the temporary identity registration server through the communication interface;
verifying the temporary identity registration server according to the information related to the random number;
and after the temporary identity registration server passes the verification, the communication interface communicates with the temporary identity registration server according to the key related to the random number.
In a fourth aspect, an embodiment of the present invention provides a temporary identity registration server, including:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
receiving access information of 5G terminal equipment through a first channel, and sending a public key of the temporary identity registration server to the 5G terminal equipment according to the access information;
receiving first encryption information which is sent by the 5G terminal equipment and signed by a private key of the 5G terminal equipment through a second channel, wherein the first encryption information is obtained by encrypting a random number generated by the 5G terminal equipment by adopting a public key of the temporary identity registration server, and the second channel comprises the 5G new wireless base station and a user plane network element function UPF of the target operator;
acquiring the random number according to the signed first encryption information;
sending information related to the random number to the 5G terminal equipment through the communication interface so that the 5G terminal equipment can verify the temporary identity registration server according to the information related to the random number;
and when the temporary identity registration server passes the verification, the temporary identity registration server and the 5G terminal equipment communicate according to the key related to the random number.
In a fifth aspect, the present invention provides a computer-readable storage medium, on which a computer program is stored, the computer program being executed by a processor to implement the method of the first aspect or the second aspect.
According to the registration method, the registration device and the storage medium of the 5G terminal device provided by the embodiment of the invention, the 5G terminal device is communicated with the temporary identity registration server through two channels, one channel is other networks, and the other channel is the 5G new wireless base station and the user plane network element function, so that the 5G terminal device can obtain the public key of the temporary identity registration server through other networks, and the 5G terminal device sends the encrypted information to the temporary identity registration server through the 5G new wireless base station and the user plane network element function.
Drawings
Fig. 1 is a schematic diagram of an application scenario provided in an embodiment of the present invention;
fig. 2 is a flowchart of a 5G terminal device registration method according to an embodiment of the present invention;
fig. 3 is a flowchart of a 5G terminal device registration method according to another embodiment of the present invention;
fig. 4 is a schematic structural diagram of a 5G terminal device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a temporary identity registration server according to an embodiment of the present invention.
With the foregoing drawings in mind, certain embodiments of the disclosure have been shown and described in more detail below. These drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the concepts of the disclosure to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
The 5G terminal device registration method provided by the embodiment of the invention can be applied to the communication system shown in figure 1. As shown in fig. 1, the communication system includes: the mobile terminal includes 5G terminal equipment 11, a 5G new wireless base station 12, a User plane network element Function (UPF) 13, a network element 14, a Unified Data Management (UDM) Function 15, and a temporary identity registration server 16, where the network element 14 may include an Access and mobility Management Function (AMF) and a Session Management Function (SMF). In some embodiments, the AMF and SMF may be deployed in different devices, respectively. The 5G New Radio base station is a New Radio Access Technology (NR) base station (next generation Node B, gNB) of 5G.
It is to be understood that this is by way of illustration only. The temporary identity registration server can be one or a plurality of cloud servers, the cloud servers are a server cluster, a plurality of servers are similar to a universal computer framework, and the cloud servers comprise a processor, a hard disk, a memory, a system bus and the like. The 5G terminal device 11 is, for example, a smart phone, a tablet computer, or the like.
The 5G new radio base station 12, the User Plane network element Function (UPF) 13, the network element 14, the Unified User Data Management (UDM) Function 15, and the temporary identity registration server 16 shown in fig. 1 may be network elements belonging to a target operator. The target operator is an operator to which the 5G terminal device 11 desires access.
The embodiment of the invention provides a 5G terminal equipment registration method, aiming at solving the technical problems in the prior art.
The following describes the technical solutions of the present invention and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present invention will be described below with reference to the accompanying drawings.
Fig. 2 is a flowchart of a 5G terminal device registration method provided in an embodiment of the present invention. The embodiment of the invention provides a 5G terminal equipment registration method aiming at the technical problems in the prior art, and the method comprises the following specific steps:
In this embodiment of the application, the 5G terminal device may access the temporary identity registration server through two channels, as shown in fig. 1, the first channel may be another network, and the another network may be a WIFI network or another operator network other than the target operator, for example, the 5G terminal device 11 may access the temporary identity registration server 16 through another network. The second channel may be a channel formed by the 5G new radio base station 12 and a User Plane Function (UPF) 13, for example, the 5G terminal device 11 may access the temporary identity registration server 16 through the 5G new radio base station 12 and the User Plane Function (UPF) 13.
In addition, the 5G terminal device 11 may also install an Application (APP) of a target operator. The APP may have address information for the temporary identity registration server 16 built in. Alternatively, the address information of the temporary identity registration server 16 may be input by the user. Further, the APP can access the temporary identity registration server 16 through other networks according to the address information of the temporary identity registration server 16. Specifically, the 5G terminal device 11 may send the public key of the 5G terminal device 11 and the identification information of the 5G terminal device 11 to the temporary identity registration server 16 through another network, and the temporary identity registration server 16 may send the public key of the temporary identity registration server 16 to the 5G terminal device 11 through another network.
The 5G terminal device may initiate the baseband module to search for wireless signals, e.g. 5G signals, of the target operator's 5G new wireless base station.
And 203, the 5G terminal device establishes communication connection with the 5G new wireless base station through the wireless signal of the 5G new wireless base station.
As shown in fig. 1, the 5G terminal apparatus 11 can establish a communication connection with the 5G new radio base station 12 in accordance with the 5G signal of the 5G new radio base station 12.
And step 204, the 5G terminal equipment generates a random number, and encrypts the random number by adopting the public key of the temporary identity registration server to obtain first encryption information.
Further, the 5G terminal device 11 transmits authentication information to the 5G new wireless base station 12, and the 5G new wireless base station 12 transmits the authentication information to the AMF. If the AMF determines that the 5G terminal device 11 does not have the SIM card according to the authentication information, the AMF notifies a User Plane network Function (UPF) 13, and forwards a message subsequently sent by the 5G terminal device 11 to the temporary identity registration server 16.
Specifically, the APP of the 5G terminal device 11 may generate a random number, and encrypt the random number by using the public key of the temporary identity registration server 16 to obtain the first encryption information.
And step 205, the 5G terminal device signs the first encrypted information by using the private key of the 5G terminal device.
Further, the 5G terminal device 11 signs the first encrypted information with a private key of the 5G terminal device 11.
The 5G terminal device 11 sends the signed first encryption information and the identification information of the 5G terminal device 11 to the temporary identity registration server 16 through a second channel, i.e., a 5G new wireless base station 12 and a User Plane Function (UPF) 13.
After the temporary identity registration server 16 receives the signed first encrypted information, the temporary identity registration server 16 searches for and obtains the public key of the 5G terminal device 11 according to the identification information of the 5G terminal device 11, verifies the signature by using the public key of the 5G terminal device 11, and if the signature passes the verification, the temporary identity registration server 16 decrypts the first encrypted information by using its own private key to obtain the random number.
And 208, the 5G terminal equipment verifies the temporary identity registration server according to the information related to the random number.
In one possible approach, the information related to the random number includes: the temporary identity registration server adopts the random number to encrypt a public key of the temporary identity registration server to obtain second encryption information; the 5G terminal equipment verifies the temporary identity registration server according to the information related to the random number, and the verification comprises the following steps: the 5G terminal equipment decrypts the second encrypted information by adopting the random number to obtain decrypted information; and if the decryption information is the same as the public key of the temporary identity registration server acquired by the 5G terminal equipment through the first channel, the 5G terminal equipment determines that the temporary identity registration server passes the verification.
For example, after the temporary identity registration server 16 obtains the random number, the temporary identity registration server 16 may encrypt the public key of the temporary identity registration server 16 by using the random number according to a preset encryption algorithm to obtain second encrypted information, where the second encrypted information may be information related to the random number, and the temporary identity registration server 16 may send the second encrypted information to the 5G terminal device 11.
After the 5G terminal device 11 receives the second encrypted information, the 5G terminal device 11 may decrypt the second encrypted information by using a random number generated by itself and a preset decryption algorithm to obtain decrypted information. If the decryption information is the same as the public key of the temporary identity registration server 16 acquired by the 5G terminal device 11 through the first channel, the 5G terminal device 11 determines that the temporary identity registration server 16 is authenticated.
In another possible manner, the information related to the random number includes: the temporary identity registration server adopts a private key of the temporary identity registration server to encrypt the random number to obtain third encryption information; the 5G terminal equipment verifies the temporary identity registration server according to the information related to the random number, and the verification comprises the following steps: the 5G terminal equipment decrypts the third encrypted information by adopting the public key of the temporary identity registration server to obtain decrypted information; and if the decryption information is the same as the random number, the 5G terminal equipment determines that the temporary identity registration server passes the verification.
For example, after the temporary identity registration server 16 obtains the random number, the temporary identity registration server 16 may encrypt the random number according to a preset encryption algorithm by using a private key of the temporary identity registration server 16 to obtain third encrypted information. The third encryption information may be information related to the random number, and the temporary identity registration server 16 may transmit the third encryption information to the 5G terminal device 11.
After the 5G terminal device 11 receives the third encrypted information, the 5G terminal device 11 may decrypt the third encrypted information by using the public key of the temporary identity registration server 16 and a preset decryption algorithm to obtain decrypted information. If the decryption information is the same as the random number generated by the 5G terminal apparatus 11 itself, the 5G terminal apparatus 11 determines that the temporary identity registration server 16 is authenticated.
In yet another possible manner, the information related to the random number includes: the temporary identity registration server calculates the hash value of the random number and a public key of the temporary identity registration server; the 5G terminal equipment verifies the temporary identity registration server according to the information related to the random number, and the verification comprises the following steps: and if the hash value of the public key of the temporary identity registration server and the random number obtained by the 5G terminal equipment through calculation are the same as the hash value of the public key of the temporary identity registration server and the random number obtained by the temporary identity registration server through calculation, the 5G terminal equipment determines that the temporary identity registration server passes the verification.
For example, after the temporary identity registration server 16 obtains the random number, the temporary identity registration server 16 calculates a hash value of the random number and the public key of the temporary identity registration server 16, where the hash value may be used as information related to the random number, and the temporary identity registration server 16 may send the hash value to the 5G terminal device 11.
After the 5G terminal device 11 receives the hash value, the 5G terminal device 11 may also calculate a hash value of the random number and the public key of the temporary identity registration server 16, and if the hash value calculated by the 5G terminal device 11 is the same as the hash value calculated by the temporary identity registration server 16, the 5G terminal device 11 determines that the temporary identity registration server 16 passes the verification.
In addition, when the 5G terminal device 11 determines that the temporary identity registration server 16 passes the authentication, the temporary identity registration server 16 may register the 5G terminal device 11, so that the 5G terminal device 11 may also determine that the 5G terminal device 11 has successfully registered.
And 209, after the temporary identity registration server passes the verification, the 5G terminal device communicates with the temporary identity registration server according to the key related to the random number.
When the temporary identity registration server 16 passes the authentication, the temporary identity registration server 16 and the 5G terminal device 11 possess the same random number, and the temporary identity registration server 16 and the 5G terminal device 11 can generate a related key according to the random number and communicate through the key related to the random number.
In the embodiment of the invention, 5G terminal equipment communicates with a temporary identity registration server through two channels, one channel is other networks, and the other channel is a 5G new wireless base station and a user plane network element function, so that the 5G terminal equipment can obtain a public key of the temporary identity registration server through other networks, and the 5G terminal equipment sends encryption information to the temporary identity registration server through the 5G new wireless base station and the user plane network element function.
Fig. 3 is a flowchart of a 5G terminal device registration method according to another embodiment of the present invention. On the basis of the foregoing embodiment, the method for registering a 5G terminal device provided in this embodiment specifically includes the following steps:
In this embodiment of the application, the 5G terminal device may access the temporary identity registration server through two channels, as shown in fig. 1, the first channel may be another network, and the another network may be a WIFI network or another operator network other than the target operator, for example, the 5G terminal device 11 may access the temporary identity registration server 16 through another network. The second channel may be a channel formed by the 5G new radio base station 12 and a User Plane Function (UPF) 13, for example, the 5G terminal device 11 may access the temporary identity registration server 16 through the 5G new radio base station 12 and the User Plane Function (UPF) 13.
In addition, the 5G terminal device 11 may also install an Application (APP) of a target operator. The APP may have address information for the temporary identity registration server 16 built in. Alternatively, the address information of the temporary identity registration server 16 may be input by the user. Further, the APP can access the temporary identity registration server 16 through other networks according to the address information of the temporary identity registration server 16. Specifically, the 5G terminal device 11 may send the public key of the 5G terminal device 11 and the identification information of the 5G terminal device 11 to the temporary identity registration server 16 through another network, and the temporary identity registration server 16 may send the public key of the temporary identity registration server 16 to the 5G terminal device 11 through another network.
Specifically, the APP of the 5G terminal device 11 may generate a random number, and encrypt the random number by using the public key of the temporary identity registration server 16 to obtain the first encryption information. Further, the 5G terminal device 11 signs the first encrypted information with a private key of the 5G terminal device 11. The 5G terminal device 11 sends the signed first encryption information and the identification information of the 5G terminal device 11 to the temporary identity registration server 16 through a second channel, i.e., a 5G new radio base station 12 and a User Plane Function (UPF) 13.
And step 303, the temporary identity registration server obtains the random number according to the signed first encryption information.
Optionally, the acquiring, by the temporary identity registration server, the random number according to the signed first encryption information includes: the temporary identity registration server verifies the signature according to the public key of the 5G terminal equipment; and after the signature passes the verification, the temporary identity registration server decrypts the first encrypted information by adopting a private key of the temporary identity registration server to obtain the random number.
After the temporary identity registration server 16 receives the signed first encrypted information, the temporary identity registration server 16 searches for and obtains the public key of the 5G terminal device 11 according to the identification information of the 5G terminal device 11, verifies the signature by using the public key of the 5G terminal device 11, and if the signature passes the verification, the temporary identity registration server 16 decrypts the first encrypted information by using its own private key to obtain the random number.
In one possible approach, the information related to the random number includes: the temporary identity registration server adopts the random number to encrypt a public key of the temporary identity registration server to obtain second encryption information; the 5G terminal equipment verifies the temporary identity registration server according to the information related to the random number, and the verification comprises the following steps: the 5G terminal equipment decrypts the second encrypted information by adopting the random number to obtain decrypted information; and if the decryption information is the same as the public key of the temporary identity registration server acquired by the 5G terminal equipment through the first channel, the 5G terminal equipment determines that the temporary identity registration server passes the verification.
For example, after the temporary identity registration server 16 obtains the random number, the temporary identity registration server 16 may encrypt the public key of the temporary identity registration server 16 by using the random number according to a preset encryption algorithm to obtain second encrypted information, where the second encrypted information may be information related to the random number, and the temporary identity registration server 16 may send the second encrypted information to the 5G terminal device 11.
After the 5G terminal device 11 receives the second encrypted information, the 5G terminal device 11 may decrypt the second encrypted information by using a random number generated by itself and a preset decryption algorithm to obtain decrypted information. If the decryption information is the same as the public key of the temporary identity registration server 16 acquired by the 5G terminal device 11 through the first channel, the 5G terminal device 11 determines that the temporary identity registration server 16 is authenticated.
In another possible manner, the information related to the random number includes: the temporary identity registration server adopts a private key of the temporary identity registration server to encrypt the random number to obtain third encryption information; the 5G terminal equipment verifies the temporary identity registration server according to the information related to the random number, and the verification comprises the following steps: the 5G terminal equipment decrypts the third encrypted information by adopting the public key of the temporary identity registration server to obtain decrypted information; and if the decryption information is the same as the random number, the 5G terminal equipment determines that the temporary identity registration server passes the verification.
For example, after the temporary identity registration server 16 obtains the random number, the temporary identity registration server 16 may encrypt the random number according to a preset encryption algorithm by using a private key of the temporary identity registration server 16 to obtain third encrypted information. The third encryption information may be information related to the random number, and the temporary identity registration server 16 may transmit the third encryption information to the 5G terminal device 11.
After the 5G terminal device 11 receives the third encrypted information, the 5G terminal device 11 may decrypt the third encrypted information by using the public key of the temporary identity registration server 16 and a preset decryption algorithm to obtain decrypted information. If the decryption information is the same as the random number generated by the 5G terminal apparatus 11 itself, the 5G terminal apparatus 11 determines that the temporary identity registration server 16 is authenticated.
In yet another possible manner, the information related to the random number includes: the temporary identity registration server calculates the hash value of the random number and a public key of the temporary identity registration server; the 5G terminal equipment verifies the temporary identity registration server according to the information related to the random number, and the verification comprises the following steps: and if the hash value of the public key of the temporary identity registration server and the random number obtained by the 5G terminal equipment through calculation are the same as the hash value of the public key of the temporary identity registration server and the random number obtained by the temporary identity registration server through calculation, the 5G terminal equipment determines that the temporary identity registration server passes the verification.
For example, after the temporary identity registration server 16 obtains the random number, the temporary identity registration server 16 calculates a hash value of the random number and the public key of the temporary identity registration server 16, where the hash value may be used as information related to the random number, and the temporary identity registration server 16 may send the hash value to the 5G terminal device 11.
After the 5G terminal device 11 receives the hash value, the 5G terminal device 11 may also calculate a hash value of the random number and the public key of the temporary identity registration server 16, and if the hash value calculated by the 5G terminal device 11 is the same as the hash value calculated by the temporary identity registration server 16, the 5G terminal device 11 determines that the temporary identity registration server 16 passes the verification.
In addition, when the 5G terminal device 11 determines that the temporary identity registration server 16 passes the authentication, the temporary identity registration server 16 may register the 5G terminal device 11, so that the 5G terminal device 11 may also determine that the 5G terminal device 11 has successfully registered.
And 305, after the temporary identity registration server passes the verification, the temporary identity registration server and the 5G terminal device communicate according to the key related to the random number.
When the temporary identity registration server 16 passes the authentication, the temporary identity registration server 16 and the 5G terminal device 11 possess the same random number, and the temporary identity registration server 16 and the 5G terminal device 11 can generate a related key according to the random number and communicate through the key related to the random number.
In the embodiment of the invention, 5G terminal equipment communicates with a temporary identity registration server through two channels, one channel is other networks, and the other channel is a 5G new wireless base station and a user plane network element function, so that the 5G terminal equipment can obtain a public key of the temporary identity registration server through other networks, and the 5G terminal equipment sends encryption information to the temporary identity registration server through the 5G new wireless base station and the user plane network element function.
Fig. 4 is a schematic structural diagram of a 5G terminal device according to an embodiment of the present invention. The 5G terminal device provided in the embodiment of the present invention may execute the processing flow provided in the embodiment of the 5G terminal device registration method, and as shown in fig. 4, the 5G terminal device 40 includes: memory 41, processor 42, computer programs and communication interface 43; wherein the computer program is stored in the memory 41 and is configured to be executed by the processor 42 for: accessing a temporary identity registration server of a target operator through a first channel, and acquiring a public key of the temporary identity registration server; detecting a wireless signal of a 5G new wireless base station of the target operator; establishing communication connection with the 5G new wireless base station through wireless signals of the 5G new wireless base station; generating a random number, and encrypting the random number by adopting a public key of the temporary identity registration server to obtain first encryption information; signing the first encrypted information by adopting a private key of the 5G terminal equipment; sending the signed first encryption information to the temporary identity registration server through a second channel so that the temporary identity registration server obtains the random number according to the signed first encryption information, wherein the second channel comprises the 5G new wireless base station and a user plane network element function (UPF) of the target operator; receiving information related to the random number sent by the temporary identity registration server through the communication interface; verifying the temporary identity registration server according to the information related to the random number; and after the temporary identity registration server passes the verification, the communication interface communicates with the temporary identity registration server according to the key related to the random number.
Optionally, the information related to the random number includes: the temporary identity registration server adopts the random number to encrypt a public key of the temporary identity registration server to obtain second encryption information; the processor, when verifying the temporary identity registration server according to the information related to the random number, is specifically configured to: decrypting the second encrypted information by using the random number to obtain decrypted information; and if the decryption information is the same as the public key of the temporary identity registration server acquired by the 5G terminal equipment through the first channel, determining that the temporary identity registration server passes the verification.
Optionally, the information related to the random number includes: the temporary identity registration server adopts a private key of the temporary identity registration server to encrypt the random number to obtain third encryption information; the processor, when verifying the temporary identity registration server according to the information related to the random number, is specifically configured to: decrypting the third encrypted information by using the public key of the temporary identity registration server to obtain decrypted information; and if the decryption information is the same as the random number, determining that the temporary identity registration server passes the verification.
Optionally, the information related to the random number includes: the temporary identity registration server calculates the hash value of the random number and a public key of the temporary identity registration server; the processor, when verifying the temporary identity registration server according to the information related to the random number, is specifically configured to: and if the hash value of the public key of the temporary identity registration server and the random number obtained by the 5G terminal equipment through calculation are the same as the hash value of the public key of the temporary identity registration server and the random number obtained by the temporary identity registration server through calculation, determining that the temporary identity registration server passes the verification.
The 5G terminal device in the embodiment shown in fig. 4 may be configured to execute the technical solution of the method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 5 is a schematic structural diagram of a temporary identity registration server according to an embodiment of the present invention. The temporary identity registration server provided in the embodiment of the present invention may execute the processing procedure provided in the embodiment of the 5G terminal device registration method, and as shown in fig. 5, the temporary identity registration server 50 includes: memory 51, processor 52, computer programs and communication interface 53; wherein the computer program is stored in the memory 51 and is configured to be executed by the processor 52 for: receiving access information of 5G terminal equipment through a first channel, and sending a public key of the temporary identity registration server to the 5G terminal equipment according to the access information; receiving first encryption information which is sent by the 5G terminal equipment and signed by a private key of the 5G terminal equipment through a second channel, wherein the first encryption information is obtained by encrypting a random number generated by the 5G terminal equipment by adopting a public key of the temporary identity registration server, and the second channel comprises the 5G new wireless base station and a user plane network element function UPF of the target operator; acquiring the random number according to the signed first encryption information; sending information related to the random number to the 5G terminal equipment through the communication interface so that the 5G terminal equipment can verify the temporary identity registration server according to the information related to the random number; and when the temporary identity registration server passes the verification, the temporary identity registration server and the 5G terminal equipment communicate according to the key related to the random number.
Optionally, when the processor acquires the random number according to the signed first encryption information, the processor is specifically configured to: verifying the signature according to the public key of the 5G terminal equipment; and after the signature passes the verification, decrypting the first encrypted information by using a private key of the temporary identity registration server to obtain the random number.
The temporary identity registration server in the embodiment shown in fig. 5 may be configured to execute the technical solution of the above method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
In addition, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the 5G terminal device registration method described in the foregoing embodiment.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (13)
1. A5G terminal equipment registration method is characterized by comprising the following steps:
the 5G terminal equipment accesses a temporary identity registration server of a target operator through a first channel and acquires a public key of the temporary identity registration server;
the 5G terminal equipment detects a wireless signal of a 5G new wireless base station of the target operator;
the 5G terminal equipment establishes communication connection with the 5G new wireless base station through the wireless signal of the 5G new wireless base station;
the 5G terminal equipment generates a random number, and encrypts the random number by adopting a public key of the temporary identity registration server to obtain first encryption information;
the 5G terminal equipment signs the first encrypted information by adopting a private key of the 5G terminal equipment;
the 5G terminal equipment sends the signed first encryption information to the temporary identity registration server through a second channel so that the temporary identity registration server obtains the random number according to the signed first encryption information, wherein the second channel comprises the 5G new wireless base station and a user plane network element function UPF of the target operator;
the 5G terminal equipment receives the information related to the random number sent by the temporary identity registration server;
the 5G terminal equipment verifies the temporary identity registration server according to the information related to the random number;
and when the temporary identity registration server passes the verification, the 5G terminal equipment and the temporary identity registration server communicate according to the key related to the random number.
2. The method of claim 1, wherein the information related to the random number comprises: the temporary identity registration server adopts the random number to encrypt a public key of the temporary identity registration server to obtain second encryption information;
the 5G terminal equipment verifies the temporary identity registration server according to the information related to the random number, and the verification comprises the following steps:
the 5G terminal equipment decrypts the second encrypted information by adopting the random number to obtain decrypted information;
and if the decryption information is the same as the public key of the temporary identity registration server acquired by the 5G terminal equipment through the first channel, the 5G terminal equipment determines that the temporary identity registration server passes the verification.
3. The method of claim 1, wherein the information related to the random number comprises: the temporary identity registration server adopts a private key of the temporary identity registration server to encrypt the random number to obtain third encryption information;
the 5G terminal equipment verifies the temporary identity registration server according to the information related to the random number, and the verification comprises the following steps:
the 5G terminal equipment decrypts the third encrypted information by adopting the public key of the temporary identity registration server to obtain decrypted information;
and if the decryption information is the same as the random number, the 5G terminal equipment determines that the temporary identity registration server passes the verification.
4. The method of claim 1, wherein the information related to the random number comprises: the temporary identity registration server calculates the hash value of the random number and a public key of the temporary identity registration server;
the 5G terminal equipment verifies the temporary identity registration server according to the information related to the random number, and the verification comprises the following steps:
and if the hash value of the public key of the temporary identity registration server and the random number obtained by the 5G terminal equipment through calculation are the same as the hash value of the public key of the temporary identity registration server and the random number obtained by the temporary identity registration server through calculation, the 5G terminal equipment determines that the temporary identity registration server passes the verification.
5. A5G terminal equipment registration method is characterized by comprising the following steps:
a temporary identity registration server of a target operator receives access information of 5G terminal equipment through a first channel, and sends a public key of the temporary identity registration server to the 5G terminal equipment according to the access information;
the temporary identity registration server receives first encryption information which is sent by the 5G terminal equipment and signed by a private key of the 5G terminal equipment through a second channel, wherein the first encryption information is obtained by encrypting a random number generated by the 5G terminal equipment by using a public key of the temporary identity registration server, and the second channel comprises the 5G new wireless base station and a user plane network element function UPF of the target operator;
the temporary identity registration server acquires the random number according to the signed first encryption information;
the temporary identity registration server sends information related to the random number to the 5G terminal equipment, so that the 5G terminal equipment verifies the temporary identity registration server according to the information related to the random number;
and when the temporary identity registration server passes the verification, the temporary identity registration server and the 5G terminal equipment communicate according to the key related to the random number.
6. The method according to claim 5, wherein the acquiring, by the temporary identity registration server, the random number according to the signed first encryption information comprises:
the temporary identity registration server verifies the signature according to the public key of the 5G terminal equipment;
and after the signature passes the verification, the temporary identity registration server decrypts the first encrypted information by adopting a private key of the temporary identity registration server to obtain the random number.
7. A5G terminal device, comprising:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
accessing a temporary identity registration server of a target operator through a first channel, and acquiring a public key of the temporary identity registration server;
detecting a wireless signal of a 5G new wireless base station of the target operator;
establishing communication connection with the 5G new wireless base station through wireless signals of the 5G new wireless base station;
generating a random number, and encrypting the random number by adopting a public key of the temporary identity registration server to obtain first encryption information;
signing the first encrypted information by adopting a private key of the 5G terminal equipment;
sending the signed first encryption information to the temporary identity registration server through a second channel so that the temporary identity registration server obtains the random number according to the signed first encryption information, wherein the second channel comprises the 5G new wireless base station and a user plane network element function (UPF) of the target operator;
receiving information related to the random number sent by the temporary identity registration server through the communication interface;
verifying the temporary identity registration server according to the information related to the random number;
and after the temporary identity registration server passes the verification, the communication interface communicates with the temporary identity registration server according to the key related to the random number.
8. The 5G terminal device of claim 7, wherein the information related to the random number comprises: the temporary identity registration server adopts the random number to encrypt a public key of the temporary identity registration server to obtain second encryption information;
the processor, when verifying the temporary identity registration server according to the information related to the random number, is specifically configured to:
decrypting the second encrypted information by using the random number to obtain decrypted information;
and if the decryption information is the same as the public key of the temporary identity registration server acquired by the 5G terminal equipment through the first channel, determining that the temporary identity registration server passes the verification.
9. The 5G terminal device of claim 7, wherein the information related to the random number comprises: the temporary identity registration server adopts a private key of the temporary identity registration server to encrypt the random number to obtain third encryption information;
the processor, when verifying the temporary identity registration server according to the information related to the random number, is specifically configured to:
decrypting the third encrypted information by using the public key of the temporary identity registration server to obtain decrypted information;
and if the decryption information is the same as the random number, determining that the temporary identity registration server passes the verification.
10. The 5G terminal device of claim 7, wherein the information related to the random number comprises: the temporary identity registration server calculates the hash value of the random number and a public key of the temporary identity registration server;
the processor, when verifying the temporary identity registration server according to the information related to the random number, is specifically configured to:
and if the hash value of the public key of the temporary identity registration server and the random number obtained by the 5G terminal equipment through calculation are the same as the hash value of the public key of the temporary identity registration server and the random number obtained by the temporary identity registration server through calculation, determining that the temporary identity registration server passes the verification.
11. A temporary identity registration server, comprising:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
receiving access information of 5G terminal equipment through a first channel, and sending a public key of the temporary identity registration server to the 5G terminal equipment according to the access information;
receiving first encryption information which is sent by the 5G terminal equipment and signed by a private key of the 5G terminal equipment through a second channel, wherein the first encryption information is obtained by encrypting a random number generated by the 5G terminal equipment by adopting a public key of the temporary identity registration server, and the second channel comprises the 5G new wireless base station and a user plane network element function UPF of the target operator;
acquiring the random number according to the signed first encryption information;
sending information related to the random number to the 5G terminal equipment through the communication interface so that the 5G terminal equipment can verify the temporary identity registration server according to the information related to the random number;
and when the temporary identity registration server passes the verification, the temporary identity registration server and the 5G terminal equipment communicate according to the key related to the random number.
12. The temporary identity registration server of claim 11, wherein the processor, when obtaining the random number according to the signed first encryption information, is specifically configured to:
verifying the signature according to the public key of the 5G terminal equipment;
and after the signature passes the verification, decrypting the first encrypted information by using a private key of the temporary identity registration server to obtain the random number.
13. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911401799.4A CN111148098A (en) | 2019-12-30 | 2019-12-30 | 5G terminal equipment registration method, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911401799.4A CN111148098A (en) | 2019-12-30 | 2019-12-30 | 5G terminal equipment registration method, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111148098A true CN111148098A (en) | 2020-05-12 |
Family
ID=70522140
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911401799.4A Pending CN111148098A (en) | 2019-12-30 | 2019-12-30 | 5G terminal equipment registration method, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111148098A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112073421A (en) * | 2020-09-14 | 2020-12-11 | 深圳市腾讯计算机系统有限公司 | Communication processing method, communication processing device, terminal and storage medium |
| WO2023070425A1 (en) * | 2021-10-28 | 2023-05-04 | 京东方科技集团股份有限公司 | Device identity authentication method and apparatus, electronic device, and computer readable medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106209835A (en) * | 2016-07-08 | 2016-12-07 | 北京众享比特科技有限公司 | Peer-to-peer network communication system and method |
| WO2017201809A1 (en) * | 2016-05-27 | 2017-11-30 | 宇龙计算机通信科技(深圳)有限公司 | Communication method and system for terminal |
| CN108366063A (en) * | 2018-02-11 | 2018-08-03 | 广东美的厨房电器制造有限公司 | Data communications method, device and its equipment of smart machine |
| CN108848502A (en) * | 2018-05-18 | 2018-11-20 | 兴唐通信科技有限公司 | A method of SUPI is protected using 5G-AKA |
-
2019
- 2019-12-30 CN CN201911401799.4A patent/CN111148098A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017201809A1 (en) * | 2016-05-27 | 2017-11-30 | 宇龙计算机通信科技(深圳)有限公司 | Communication method and system for terminal |
| CN106209835A (en) * | 2016-07-08 | 2016-12-07 | 北京众享比特科技有限公司 | Peer-to-peer network communication system and method |
| CN108366063A (en) * | 2018-02-11 | 2018-08-03 | 广东美的厨房电器制造有限公司 | Data communications method, device and its equipment of smart machine |
| CN108848502A (en) * | 2018-05-18 | 2018-11-20 | 兴唐通信科技有限公司 | A method of SUPI is protected using 5G-AKA |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112073421A (en) * | 2020-09-14 | 2020-12-11 | 深圳市腾讯计算机系统有限公司 | Communication processing method, communication processing device, terminal and storage medium |
| CN112073421B (en) * | 2020-09-14 | 2022-07-08 | 深圳市腾讯计算机系统有限公司 | Communication processing method, communication processing device, terminal and storage medium |
| WO2023070425A1 (en) * | 2021-10-28 | 2023-05-04 | 京东方科技集团股份有限公司 | Device identity authentication method and apparatus, electronic device, and computer readable medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111669276B (en) | Network verification method, device and system | |
| EP3249849B1 (en) | Key agreement for wireless communication | |
| CN106465121B (en) | Electronic subscriber identity module configuration | |
| US11778458B2 (en) | Network access authentication method and device | |
| US9088408B2 (en) | Key agreement using a key derivation key | |
| EP2515567B1 (en) | Apparatus and method for authenticating a transaction between a user and an entity | |
| CN103297403A (en) | Method and system for achieving dynamic password authentication | |
| CN109087100B (en) | Key distribution method, device, equipment and storage medium | |
| CN108012266B (en) | Data transmission method and related equipment | |
| CN111132165B (en) | 5G communication card-free access method, equipment and storage medium based on block chain | |
| CN111065101A (en) | 5G communication information encryption and decryption method and device based on block chain and storage medium | |
| CN111050324B (en) | 5G terminal equipment access method, equipment and storage medium | |
| CN110944319B (en) | 5G communication identity verification method, equipment and storage medium | |
| CN111148094B (en) | Registration method of 5G user terminal, user terminal equipment and medium | |
| CN111148098A (en) | 5G terminal equipment registration method, equipment and storage medium | |
| CN110138558B (en) | Transmission method and device of session key and computer-readable storage medium | |
| CN111107550A (en) | Dual-channel access registration method and device for 5G terminal equipment and storage medium | |
| CN111132155B (en) | 5G secure communication method, device and storage medium | |
| CN111132149B (en) | Registration method of 5G user terminal, user terminal equipment and medium | |
| CN110048842B (en) | Session key processing method, device and computer readable storage medium | |
| CN111065092A (en) | 5G communication information encryption and decryption method, equipment and storage medium | |
| CN111148213B (en) | Registration method of 5G user terminal, user terminal equipment and medium | |
| CN111132167B (en) | Method for 5G user terminal to access 5G network, user terminal equipment and medium | |
| KR20130109560A (en) | Encryption method of database of mobile communication device | |
| CN109547398B (en) | Authentication method and device based on smart card and terminal application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20200512 |
|
| WD01 | Invention patent application deemed withdrawn after publication |