CN111212426B - Terminal access method, terminal, micro base station and access system - Google Patents

Terminal access method, terminal, micro base station and access system Download PDF

Info

Publication number
CN111212426B
CN111212426B CN202010029235.9A CN202010029235A CN111212426B CN 111212426 B CN111212426 B CN 111212426B CN 202010029235 A CN202010029235 A CN 202010029235A CN 111212426 B CN111212426 B CN 111212426B
Authority
CN
China
Prior art keywords
encryption result
terminal
base station
micro base
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010029235.9A
Other languages
Chinese (zh)
Other versions
CN111212426A (en
Inventor
田新雪
肖征荣
马书惠
杨子文
董慧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202010029235.9A priority Critical patent/CN111212426B/en
Publication of CN111212426A publication Critical patent/CN111212426A/en
Application granted granted Critical
Publication of CN111212426B publication Critical patent/CN111212426B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Abstract

The invention discloses a terminal access method, a terminal, a micro base station and an access system, wherein the method comprises the following steps: acquiring first information and second information sent by different operator servers from a block chain network, wherein the first information comprises a first random number and a first timestamp, and the second information comprises a second random number and a second timestamp; using a homomorphic encryption algorithm to homomorphic encrypt the first information, the second information, the pre-stored first customer service password and the second customer service password to obtain a terminal encryption result; sending an access request carrying a terminal encryption result to the micro base station; and responding to the access response returned by the micro base station, and determining whether the micro base station is successfully accessed. The problem that the privacy information such as the balance of a user is easily exposed when the terminal requests to access the micro base station is solved, and the information security of the terminal is improved.

Description

Terminal access method, terminal, micro base station and access system
Technical Field
The invention relates to the technical field of communication, in particular to an access method of a terminal, the terminal, a micro base station and an access system.
Background
With The development of communication technology, The number of network access devices is increasing, and particularly after entering a fifth Generation Mobile communication network (5G), The number of network access devices is increasing explosively, The number of network access devices in a unit area may be increased to thousands of times of The previous number, and if a coverage mode of a macro base station is continued, even if The bandwidth of The base station is larger, The macro base station cannot support The network access devices. For example, the former macro base station covers 1000 internet access users, the users equally divide the rate resource of the base station, and after 5G, the requirement of the users on the internet access rate is higher and higher, the resource of one base station is far from enough, only more base stations can be arranged, and the base station is designed in a miniaturized manner, so that the density of the micro base stations is increased, in order to avoid the mutual interference of frequency spectrums between the micro base stations, the radiation power spectrum of the micro base station can be reduced, meanwhile, the radiation power of a mobile phone can be reduced, after the number of the micro base stations is greatly increased, the traditional iron tower and roof erection mode can be expanded, and a street lamp post, an advertising lamp box and a ceiling inside a building can be ideal places for the micro base station to erect.
Although the micro base station can solve a large amount of complex communication, when the micro base station authenticates a terminal, the micro base station firstly determines that the balance of the terminal is enough to pay service cost for using the micro base station, but privacy information such as the balance of a user is exposed, and the safety of user information cannot be guaranteed.
Disclosure of Invention
Therefore, the invention provides a terminal access method, a terminal, a micro base station and an access system, which aim to solve the problem that in the prior art, when the micro base station authenticates the terminal, privacy information such as balance of a user is easily exposed, so that the safety of user information cannot be guaranteed.
In order to achieve the above object, a first aspect of the present invention provides an access method for a terminal, where the method includes: acquiring first information and second information sent by different operator servers from a block chain network, wherein the first information comprises a first random number and a first timestamp, and the second information comprises a second random number and a second timestamp; using a homomorphic encryption algorithm to homomorphic encrypt the first information, the second information, the pre-stored first customer service password and the second customer service password to obtain a terminal encryption result; sending an access request carrying a terminal encryption result to the micro base station; and responding to the access response returned by the micro base station, and determining whether the micro base station is successfully accessed.
In some embodiments, the step of using a homomorphic encryption algorithm to homomorphically encrypt the first information, the second information, the first customer service password and the second customer service password, which are stored in advance, and obtain the terminal encryption result includes: using a homomorphic encryption algorithm to homomorphic encrypt the first random number, the first time stamp and the first customer service password, and calculating to obtain a first encryption result; using a homomorphic encryption algorithm to homomorphic encrypt the second random number, the second time stamp and the second customer service password, and calculating to obtain a second encryption result; and adding the first encryption result and the second encryption result to obtain a terminal encryption result.
In some embodiments, the access request further comprises: an identification of the first card and an identification of the second card.
In order to achieve the above object, a second aspect of the present invention provides an access method, including: responding to an access request sent by a dual-card terminal, and acquiring a terminal encryption result; the terminal encryption result is obtained by using a homomorphic encryption algorithm to perform homomorphic encryption calculation on a first customer service password stored in advance, a second customer service password stored in advance, first information and second information which are obtained from a block chain network and sent by different operator servers, wherein the first information comprises a first random number and a first timestamp, and the second information comprises a second random number and a second timestamp; generating and sending a first broadcast message to a block chain network according to a terminal encryption result and a block chain identifier of the micro base station; and generating and sending an access response to the dual-card terminal according to the terminal encryption result, the first server encryption result and the second server encryption result which are obtained from the block chain network and fed back by different operator servers.
In some embodiments, generating and sending an access response to the dual-card terminal according to the terminal encryption result, the first server encryption result and the second server encryption result fed back by different operator servers acquired from the blockchain network comprises: acquiring a first server encryption result fed back by a first operator server and a second server encryption result fed back by a second operator server from a block chain network; calculating to obtain a feedback encryption result according to the first server encryption result and the second server encryption result; comparing the feedback encryption result with the terminal encryption result to obtain a comparison result; and sending the access response carrying the comparison result to the dual-card terminal.
In some embodiments, the step of comparing the feedback encryption result with the terminal encryption result to obtain a comparison result includes: if the feedback encryption result is the same as the terminal encryption result, determining that the comparison result is that the dual-card terminal is allowed to access; otherwise, if the feedback encryption result is different from the terminal encryption result, determining that the comparison result is that the access of the dual-card terminal is refused.
In some embodiments, the step of obtaining a first server encryption result fed back by a first operator server and a second server encryption result fed back by a second operator server from the blockchain network includes: acquiring a third encryption result which is fed back by the first operator server and encrypted by using a public key of the micro base station according to a predetermined algorithm from the block chain network; decrypting the third encryption result by using a private key of the micro base station to obtain a first server encryption result; acquiring a fourth encryption result which is fed back by the second operator server and encrypted by using the public key of the micro base station according to a predetermined algorithm from the block chain network; and decrypting the fourth encryption result by using a private key of the micro base station to obtain a second server encryption result.
In order to achieve the above object, a third aspect of the present invention provides a terminal comprising: the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring first information and second information sent by different operator servers from a block chain network, the first information comprises a first random number and a first timestamp, and the second information comprises a second random number and a second timestamp; the encryption module is used for carrying out homomorphic encryption on the first information, the second information, the pre-stored first customer service password and the pre-stored second customer service password by using a homomorphic encryption algorithm to obtain a terminal encryption result; the first sending module is used for sending an access request carrying a terminal encryption result to the micro base station; and the access module is used for responding to the access response returned by the micro base station and determining whether the micro base station is accessed successfully.
In order to achieve the above object, a fourth aspect of the present invention provides a micro base station, comprising: the second acquisition module is used for responding to an access request sent by the dual-card terminal and acquiring a terminal encryption result; the terminal encryption result is obtained by using a homomorphic encryption algorithm to perform homomorphic encryption calculation on a first customer service password stored in advance, a second customer service password stored in advance, first information and second information which are obtained from a block chain network and sent by different operator servers, wherein the first information comprises a first random number and a first timestamp, and the second information comprises a second random number and a second timestamp; the broadcast generating module is used for generating a first broadcast message according to the terminal encryption result and the block chain identifier of the micro base station; a second sending module, configured to send the first broadcast message to a block chain network; the access response generation module is used for generating an access response according to the terminal encryption result, the first server encryption result and the second server encryption result which are obtained from the block chain network and fed back by different operator servers; and the third sending module is used for sending the access response to the dual-card terminal.
In order to achieve the above object, a fifth aspect of the present invention provides an access system, including: the system comprises a double-card terminal, a micro base station, a first operator server and a second operator server which are connected through a block chain network; the dual-card terminal is used for executing the access method of the terminal in the first aspect; the micro base station is used for executing the access method in the second aspect; the first operator server is used for responding to a first broadcast message sent by the micro base station and acquiring the identifier of a first card in the dual-card terminal and the block chain identifier of the micro base station; using a homomorphic encryption algorithm to homomorphic encrypt the identifier of the first card, the first random number and the first time stamp which are preserved in advance, and calculating to obtain a first server encryption result; generating a second broadcast message according to the block chain identifier of the micro base station, the encryption result of the first server and the identifier of the first card; sending a second broadcast message to the block chain network so that the micro base station can obtain the encryption result of the first server; the second operator server is used for responding to the first broadcast message sent by the micro base station and acquiring the identifier of a second card in the dual-card terminal and the block chain identifier of the micro base station; using a homomorphic encryption algorithm to homomorphic encrypt the identifier of the second card, a second random number and a second time stamp which are stored in advance, and calculating to obtain an encryption result of the second server; generating a third broadcast message according to the block chain identifier of the micro base station, the encryption result of the second server and the identifier of the second card; and sending a third broadcast message to the block chain network so that the micro base station acquires the encryption result of the second server.
The invention has the following advantages: the method comprises the steps that first information and second information sent by different operator servers are obtained from a block chain network, a homomorphic encryption algorithm is used by a double-card terminal to homomorphic encrypt the first information, the second information, a first customer service password and a second customer service password which are stored in advance, a terminal encryption result is obtained, and then the terminal encryption result is sent to a micro base station to obtain an access response of the micro base station. The problem that private information such as balance and the like of a user is easily exposed when the dual-card terminal requests to access the micro base station is solved, and the information security of the dual-card terminal is improved.
The micro base station can generate an access response according to the terminal encryption result, the first server encryption result and the second server encryption result which are obtained from the block chain network and fed back by different operator servers, and after the dual-card terminal obtains the access response, whether the dual-card terminal is successfully accessed into the micro base station can be determined, so that the safety of the micro base station for the authentication of the dual-card terminal is improved, and the development of a micro base station alliance is promoted.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention.
Fig. 1 is a flowchart of an access method of a terminal according to a first embodiment of the present invention;
fig. 2 is a flowchart of an access method according to a second embodiment of the present invention;
fig. 3 is a block diagram of a terminal according to a third embodiment of the present invention;
fig. 4 is a block diagram of a micro base station according to a fourth embodiment of the present invention;
fig. 5 is a network connection diagram of an access system according to a fifth embodiment of the present invention;
fig. 6 is a flowchart of a communication method of an access system according to a fifth embodiment of the present invention.
In the drawings:
301: the first obtaining module 302: encryption module
303: the sending module 304: access module
401: the second obtaining module 402: broadcast generation module
403: the second sending module 404: access response generation module
405: the third sending module 501: double-card terminal
502: the micro base station 503: first operator server
504: second operator server
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present invention, are given by way of illustration and explanation only, not limitation.
The first embodiment of the invention relates to an access method of a terminal. The method and the device are used for avoiding exposing privacy information of the user and improving the information security of the dual-card terminal.
The following describes details of the implementation of the access method of the terminal in this embodiment in detail, and the following is only for facilitating understanding of the details of the implementation of this solution and is not necessary for implementing this solution.
Fig. 1 is a flowchart of an access method of a terminal in this embodiment, where the method is applicable to a dual-card terminal, that is, a terminal capable of simultaneously using two data communication cards, such as a dual-card dual-standby mobile phone. The method may include the following steps.
In step 101, first information and second information sent by different operator servers are acquired from a block chain network.
It should be noted that, the first service password and the second service password are pre-stored in the dual-card terminal. The first information includes a first random number and a first time stamp, and the second information includes a second random number and a second time stamp. For example, the first operator server sends the first information to the blockchain network every fixed time interval (for example, 10 seconds), and the second operator server also sends the second information to the blockchain network every fixed time interval (for example, 10 seconds), so that the dual card terminal can acquire the first random number and the second random number therein, wherein the first time stamp represents the time when the first operator server sends the first random number, and the second time stamp represents the time when the second operator server sends the second random number.
In step 102, a homomorphic encryption algorithm is used to homomorphic encrypt the first information, the second information, the pre-stored first customer service password and the second customer service password, and a terminal encryption result is obtained.
In some embodiments, the first random number, the first timestamp and the first customer service password are homomorphically encrypted by using a homomorphic encryption algorithm, and a first encryption result is obtained through calculation; using a homomorphic encryption algorithm to homomorphic encrypt the second random number, the second time stamp and the second customer service password, and calculating to obtain a second encryption result; and adding the first encryption result and the second encryption result for calculation to obtain a terminal encryption result.
It should be noted that the homomorphic encryption is an encryption result obtained by performing addition and multiplication operations on a plaintext by using an encryption function and then performing homomorphic encryption on an operation result, and is equivalent to an encryption result obtained by performing addition and multiplication operations on a ciphertext after encryption. Due to the good property, the homomorphic encryption algorithm is used by the double-card terminal to homomorphically encrypt the first random number, the first timestamp and the first customer service password to obtain a first encryption result through calculation, the homomorphic encryption algorithm is used to homomorphically encrypt the second random number, the second timestamp and the second customer service password to obtain a second encryption result through calculation, information of a user cannot be leaked to other network element equipment in the block chain network, and only receiving end equipment capable of homomorphic decryption can obtain the first information and the second information.
Specifically, since the first random number and the second random number both change every time a fixed time interval elapses and the first time stamp and the second time stamp are also not fixed, they are updated every time a fixed time interval elapses; therefore, even if the third party intercepts the first encryption result or the second encryption result, the first customer service password and the second customer service password cannot be obtained, and the information security is ensured.
For example, the dual-card terminal uses a homomorphic encryption algorithm to homomorphically encrypt the acquired first random number sent by the first operator server, the first timestamp T1 and the first customer service password KEY1, and calculates an acquired first encryption result Q1; meanwhile, the dual-card terminal uses a homomorphic encryption algorithm to homomorphic encrypt the acquired second random number, the acquired second timestamp T2 and the acquired second customer service password KEY2 sent by the second operator server, and calculates to acquire a second encryption result Q2. Then, the dual card terminal adds the first encryption result Q1 and the second encryption result Q2 to obtain a terminal encryption result Q3, and stores the terminal encryption result Q3 for use when accessing the micro base station.
In step 103, an access request carrying the terminal encryption result is sent to the micro base station.
It should be noted that, after the dual-card terminal obtains the terminal encryption result through calculation, the dual-card terminal writes the terminal encryption result and the related identifier into the access request, and then sends the access request to the micro base station, so that the micro base station can obtain the terminal encryption result.
For example, when The dual card terminal finds that there is a micro base station in its connectable range through searching, The dual card terminal may send an access request carrying The terminal encryption result Q3 to The micro base station through a Mobile communication network such as a third Generation Mobile communication network (3G), a fourth Generation Mobile communication network (4G), or a fifth Generation Mobile communication network (5G).
In some embodiments, the access request further includes an identification of the first card and an identification of the second card. The identifier may be a Subscriber Identity Module (SIM) card Number in the GSM system, or may be an identifier for identifying the first card and the second card, such as an International Mobile Subscriber Identity Number (IMSI). For example, the cell phone number 1861234xxxx of the first card and the cell phone number 1381111xxxx of the first card in a dual-card terminal. The above description of the identifiers is only an example, and other identifiers not described are also within the protection scope of the present application, and are not described again here.
In step 104, in response to the access response returned by the micro base station, it is determined whether the access to the micro base station is successful.
After receiving the access response returned by the micro base station, the dual-card terminal obtains an access result carried in the access response, where the access result may specifically include that the micro base station allows the dual-card terminal to access to the mobile network of the micro base station, or that the micro base station rejects the dual-card terminal to access to the mobile network of the micro base station. And determining whether the dual-card terminal is successfully accessed into the micro base station according to the access result.
In the embodiment, the first information and the second information sent by different operator servers are acquired from the block chain network, the first customer service password, the second customer service password, the first information and the second information which are stored in advance are subjected to homomorphic encryption by the dual-card terminal through a homomorphic encryption algorithm to obtain a terminal encryption result, and then the terminal encryption result is sent to the micro base station to obtain the access response of the micro base station. The problem that private information such as balance and the like of a user is easily exposed when the dual-card terminal requests to access the micro base station is solved, and the information security of the dual-card terminal is improved.
A second embodiment of the present invention relates to an access method. Fig. 2 is a flowchart of an access method in this embodiment, which can be applied to a server, such as an operator server. The method may include the following steps.
In step 201, in response to an access request sent by a dual-card terminal, a terminal encryption result is obtained.
It should be noted that the terminal encryption result is a result obtained by performing homomorphic encryption calculation on a first customer service password stored in advance, a second customer service password stored in advance, and first information and second information sent by different operator servers acquired from a block chain network by using a homomorphic encryption algorithm by the dual-card terminal, where the first information includes a first random number and a first timestamp, and the second information includes a second random number and a second timestamp.
In some embodiments, the access request further comprises: an identification of a first card in the dual card terminal and an identification of a second card in the dual card terminal. The first server encryption result is obtained by homomorphic encryption of the identifier of the first card, a first random number stored in advance and a first time stamp by the first operator server by using a homomorphic encryption algorithm; the second server encryption result is a result obtained by the second operator server using a homomorphic encryption algorithm to homomorphic encrypt the identifier of the second card, the pre-stored second random number and the second timestamp.
For example, the dual-card terminal uses a homomorphic encryption algorithm to homomorphically encrypt the acquired first random number sent by the first operator server, the first timestamp T1 and the first customer service password KEY1, and calculates an acquired first encryption result Q1; meanwhile, the dual-card terminal uses a homomorphic encryption algorithm to homomorphic encrypt the acquired second random number, the acquired second timestamp T2 and the acquired second customer service password KEY2 sent by the second operator server, and calculates to acquire a second encryption result Q2. Then, the dual card terminal calculates the first encryption result Q1 and the second encryption result Q2 using a predetermined algorithm to obtain a terminal encryption result Q3, for example, adds the first encryption result Q1 and the second encryption result Q2 to obtain a terminal encryption result Q3. The dual card terminal will then store the terminal encryption result Q3 for use in accessing the micro base station.
In step 202, a first broadcast message is generated and sent to the blockchain network according to the terminal encryption result and the blockchain identifier of the micro base station.
For example, after receiving an access request sent by a dual-card terminal, the micro base station acquires a mobile phone number 1861234xxxx of a first card, a mobile phone number 1381111xxxx of the first card and a terminal encryption result Q3, signs the three data by using a private key of the micro base station to generate a first broadcast message, and then sends the first broadcast message to a block chain network, so that a first operator server and a second operator server receive the first broadcast message.
In step 203, an access response is generated and sent to the dual card terminal according to the terminal encryption result, the first server encryption result and the second server encryption result fed back by the different operator servers acquired from the blockchain network.
It should be noted that, the micro base station may directly package the terminal encryption result, the first server encryption result, and the second server encryption result, and send them together to the dual card terminal, so that the terminal performs operations on the above encryption results; the micro base station may also compare the terminal encryption result, the first server encryption result, and the second server encryption result to obtain a comparison result, where the comparison result represents whether the micro base station allows the access of the dual card terminal, and then send an access response carrying the comparison result to the block chain network, so that the dual card terminal obtains the access result.
In some embodiments, a first server encryption result fed back by a first operator server and a second server encryption result fed back by a second operator server are obtained from a blockchain network; calculating to obtain a feedback encryption result according to the first server encryption result and the second server encryption result; comparing the feedback encryption result with the terminal encryption result to obtain a comparison result; and sending the access response carrying the comparison result to the dual-card terminal.
For example, after the micro base station acquires a first server encryption result and a second server encryption result from the block chain network, the micro base station combines the first server encryption result and the second server encryption result according to a certain algorithm to acquire a feedback encryption result; and writing the feedback encryption result into an access response, and sending the access response to the dual-card terminal.
In some embodiments, the comparing the feedback encryption result with the terminal encryption result, and the obtaining the comparison result includes: if the feedback encryption result is the same as the terminal encryption result, determining that the comparison result is that the dual-card terminal is allowed to access; otherwise, if the feedback encryption result is different from the terminal encryption result, determining that the comparison result is that the access of the dual-card terminal is refused.
It should be noted that the feedback encryption result is obtained by the micro base station through calculation according to the feedback results of different operator services, and the terminal encryption result is obtained by the dual-card terminal through calculation according to the feedback results of different operator services, and only when the two encryption results are the same, it is indicated that the operator servers corresponding to the dual-card terminal and the micro base station are the same, that is, the two network elements receive the services of the same operator server at the same time, so that the micro base station can provide the mobile communication service for the dual-card terminal.
In some embodiments, the step of obtaining a first server encryption result fed back by a first operator server and a second server encryption result fed back by a second operator server from the blockchain network includes: acquiring a third encryption result which is fed back by the first operator server and encrypted by using a public key of the micro base station according to a predetermined algorithm from the block chain network; decrypting the third encryption result by using a private key of the micro base station to obtain a first server encryption result; acquiring a fourth encryption result which is fed back by the second operator server and encrypted by using the public key of the micro base station according to a predetermined algorithm from the block chain network; and decrypting the fourth encryption result by using a private key of the micro base station to obtain a second server encryption result.
It should be noted that the public key and the private key of the micro base station are paired, and the third encryption result encrypted by the first operator server using the public key of the micro base station can be decrypted by using the private key of the micro base station at the micro base station side to obtain the first server encryption result, and other third-party devices cannot obtain the private key of the micro base station, so that the third-party devices intercept the third encryption result in time and cannot decrypt the third encryption result, and the information security is ensured. Similarly, the fourth encrypted result encrypted by the public key of the micro base station through the second operator server can be decrypted by the private key of the micro base station at the micro base station side to obtain the encrypted result of the second server.
In the embodiment, the micro base station generates the access response according to the terminal encryption result, the first server encryption result and the second server encryption result fed back by different operator servers acquired from the block chain network, and after the dual-card terminal acquires the access response, whether the dual-card terminal is successfully accessed to the micro base station can be determined, so that the security of the micro base station for authenticating the dual-card terminal is improved, and the development of a micro base station alliance is promoted.
The steps of the above methods are divided for clarity, and the implementation may be combined into one step or split some steps, and the steps are divided into multiple steps, so long as the same logical relationship is included, which are all within the protection scope of the present patent; it is within the scope of the patent to add insignificant modifications to the algorithms or processes or to introduce insignificant design changes to the core design without changing the algorithms or processes.
The third embodiment of the present invention relates to a terminal, and specific implementation of the terminal may refer to the related description of the first embodiment, and repeated details are omitted. It should be noted that the specific implementation of the terminal in this embodiment is not limited to the above embodiment, and other undescribed embodiments are also within the scope of the terminal.
As shown in fig. 3, the terminal mainly includes: the first obtaining module 301 is configured to obtain first information and second information sent by different operator servers from a blockchain network, where the first information includes a first random number and a first timestamp, and the second information includes a second random number and a second timestamp; the encryption module 302 is configured to perform homomorphic encryption on the first information and a first customer service password and a second customer service password, which are pre-stored in the second information, by using a homomorphic encryption algorithm, so as to obtain a terminal encryption result; the first sending module 303 is configured to send an access request carrying a terminal encryption result to the micro base station; the access module 304 is configured to determine whether the micro base station is successfully accessed in response to an access response returned by the micro base station.
A fourth embodiment of the present invention relates to a micro base station, and specific implementation of the micro base station may refer to the related description of the first embodiment, and repeated details are not repeated. It should be noted that the implementation of the micro base station in this embodiment is not limited to the above embodiment, and other non-described embodiments are also within the protection scope of the micro base station.
As shown in fig. 4, the micro base station mainly includes: the second obtaining module 401 is configured to obtain a terminal encryption result in response to an access request sent by the dual-card terminal; the terminal encryption result is obtained by using a homomorphic encryption algorithm to perform homomorphic encryption calculation on a first customer service password stored in advance, a second customer service password stored in advance, first information and second information which are obtained from a block chain network and sent by different operator servers, wherein the first information comprises a first random number and a first timestamp, and the second information comprises a second random number and a second timestamp; the broadcast generating module 402 is configured to generate a first broadcast message according to the terminal encryption result and the block chain identifier of the micro base station; the second sending module 403 is configured to send the first broadcast message to the blockchain network; the access response generation module 404 is configured to generate an access response according to the terminal encryption result, the first server encryption result and the second server encryption result that are obtained from the blockchain network and fed back by the different operator servers; the third sending module 405 is configured to send an access response to the dual card terminal.
It should be noted that each module referred to in this embodiment is a logical module, and in practical applications, one logical unit may be one physical unit, may be a part of one physical unit, and may be implemented by a combination of multiple physical units. In addition, in order to highlight the innovative part of the present invention, elements that are not so closely related to solving the technical problems proposed by the present invention are not introduced in the present embodiment, but this does not indicate that other elements are not present in the present embodiment.
A fifth embodiment of the present invention relates to an access system, as shown in fig. 5, specifically including: a dual card terminal 501, a micro base station 502, a first operator server 503 and a second operator server 504 connected by a blockchain network.
The dual-card terminal 501 is configured to execute an access method of the terminal in the first embodiment; the micro base station 502 is configured to perform the access method in the second embodiment.
The first operator server 503 is configured to, in response to the first broadcast message sent by the micro base station 502, obtain an identifier of a first card in the dual-card terminal 501 and a blockchain identifier of the micro base station 502; using a homomorphic encryption algorithm to homomorphic encrypt the identifier of the first card, the first random number and the first time stamp which are preserved in advance, and calculating to obtain a first server encryption result; generating a second broadcast message according to the block chain identifier of the micro base station 502, the first server encryption result and the identifier of the first card; and sending a second broadcast message to the blockchain network, so that the micro base station 502 acquires the first server encryption result.
The second operator server 504 is configured to, in response to the first broadcast message sent by the micro base station 502, obtain an identifier of a second card in the dual-card terminal 501 and a block chain identifier of the micro base station 502; using a homomorphic encryption algorithm to homomorphic encrypt the identifier of the second card, the pre-stored second random number and the second time stamp, and calculating to obtain an encryption result of the second server; generating a third broadcast message according to the block chain identifier of the micro base station 502, the encryption result of the second server and the identifier of the second card; and sending a third broadcast message to the blockchain network, so that the micro base station 502 obtains the encryption result of the second server.
As shown in fig. 6, in the access system, the communication between the network elements may specifically include the following steps.
In step 601, the first operator server 503 transmits first information into the blockchain network every time a fixed time interval elapses, so that the dual card terminal 501 can receive the first information.
Wherein, the first information is the information sent after being signed by the first operator server 503 by using a private key; the first information includes the first timestamp and a first random number randomly generated by the first operator server 503, e.g., the first random number is "123456". Note that the first timestamp indicates a time when the first operator server 503 transmits the first random number.
In step 602, the second operator server 504 sends second information to the blockchain network every time a fixed time interval elapses, so that the dual card terminal 501 can receive the second information.
Wherein the second information is sent after being signed by the second operator server 504 using a private key; the second information includes a second timestamp and a second random number randomly generated by the second operator server 504, e.g., the second random number is "7890". Note that the second time stamp indicates a time when the second operator server 504 transmits the second random number.
It should be noted that the dual-card terminal 501 includes two cards, a mobile phone number of the first card is 1861234xxxx, and the first card corresponds to the first operator server 503; the mobile phone number of the second card is 1381111xxxx, and the second card corresponds to the second operator server 504; the dual-card terminal 501 periodically receives the first random number and the first timestamp T1 sent by the first operator server 503 corresponding to the first card from the blockchain network; meanwhile, the second random number and the second timestamp T2 sent by the second operator server 504 corresponding to the second card are also received from the blockchain network periodically.
In step 603, the dual card terminal 501 performs homomorphic encryption on the first customer service password KEY1 stored in advance, the acquired first random number sent by the first operator server 503, and the first timestamp T1 by using a homomorphic encryption algorithm, and calculates a first encryption result Q1; meanwhile, the dual card terminal 501 performs homomorphic encryption on the pre-stored second customer service password KEY2, the acquired second random number sent by the second operator server 504, and the second timestamp T2 by using a homomorphic encryption algorithm, and calculates a second encryption result Q2. Then, the dual card terminal 501 adds the first encryption result Q1 and the second encryption result Q2 to obtain a terminal encryption result Q3, and stores the terminal encryption result Q3 for use when accessing the micro base station.
It should be noted that, since the first random number and the second random number are changed every time a fixed time interval passes, and the first time stamp and the second time stamp are also not fixed, the first random number and the second random number are updated every time a fixed time interval passes; therefore, even if the third party intercepts the first encryption result or the second encryption result, the first customer service password and the second customer service password cannot be obtained, and the information security is ensured.
In step 604, the dual-card terminal 501 sends an access request to the micro base station 502.
When the dual card terminal 501 finds that there is a micro base station 502 in its connectable range through searching, the dual card terminal 501 sends an access request to the micro base station 502 through a mobile communication network such as a 3G, 4G, 5G network. The access request includes the mobile phone number 1861234xxxx of the first card, the mobile phone number 1381111xxxx of the first card and the terminal encryption result Q3 in the dual-card terminal 501.
In step 605, after receiving the access request sent by the dual-card terminal 501, the micro base station 502 obtains the phone number 1861234xxxx of the first card, the phone number 1381111xxxx of the first card, and the terminal encryption result Q3, signs the three data with its own private key, generates a first broadcast message, and sends the first broadcast message to the blockchain network, so that the first operator server 503 and the second operator server 504 receive the first broadcast message.
It should be noted that the first broadcast message includes: the blockchain id of the micro base station 502, the cell phone number 1861234xxxx of the first card in the dual-card terminal 501, the cell phone number 1381111xxxx of the first card, and the terminal encryption result Q3.
In step 606, if the first operator server 503 finds that the dual-card terminal 501 corresponding to the first card is within its own management range through searching, the first operator server 503 performs homomorphic encryption on the mobile phone number 1861234xxxx of the first card, the first random number in the time period of the current time, and the first timestamp T1 by using a homomorphic encryption algorithm, and calculates to obtain a first server encryption result Q4.
In step 607, the first operator server 503 performs homomorphic encryption on the first server encryption result Q4 according to a pre-agreed algorithm by using the public key of the micro base station 502 to obtain an encryption result Q6; then, the private key of the first operator server 503 is used to perform private key signature on the encryption result Q6, the blockchain identifier of the micro base station 502, and the mobile phone number 1861234xxxx of the first card, so as to obtain a second broadcast message, and the second broadcast message is sent to the blockchain network, so that the micro base station 502 can obtain the first server encryption result Q4.
Meanwhile, in step 608, if the second operator server 504 finds that the dual-card terminal 501 corresponding to the second card is within its own management range through searching, the second operator server 504 performs homomorphic encryption on the mobile phone number 1381111xxxx of the second card, the second random number in the time period of the current time, and the second timestamp T2 by using a homomorphic encryption algorithm, and calculates to obtain a second server encryption result Q5.
In step 609, the second operator server 504 uses the public key of the micro base station 502 to perform homomorphic encryption on the second server encryption result Q5 according to a predetermined algorithm, so as to obtain an encryption result Q7; then, the private key of the second operator server 504 is used to perform private key signature on the encryption result Q7, the blockchain identifier of the micro base station 502, and the mobile phone number 1381111xxxx of the second card, so as to obtain a third broadcast message, and the third broadcast message is sent to the blockchain network, so that the micro base station 502 can obtain the second server encryption result Q5.
In step 610, after acquiring the second broadcast message and the third broadcast message from the blockchain network, the micro base station 502 first queries a blockchain ledger to find public keys of the first operator server 503 and the second operator server 504; then the micro base station uses the public key to verify the private key signatures of the two broadcast messages respectively, and only when the verification is passed, the private key of the micro base station 502 is used for homomorphically decrypting the encryption result Q6 and the encryption result Q7 according to a predetermined algorithm to obtain a first server encryption result Q4 and a second server encryption result Q5 respectively; otherwise, the flow ends. Then, the micro base station 502 combines the first server encryption result Q4 and the second server encryption result Q5 according to a certain algorithm to obtain a feedback encryption result Q8.
Comparing the feedback encryption result Q8 with the terminal encryption result Q3, if the feedback encryption result Q8 is determined to be equal to the terminal encryption result Q3, the micro base station 502 allows the dual-card terminal 501 to access to the mobile network of the micro base station 502; otherwise, if it is determined that the feedback encryption result Q8 is not equal to the terminal encryption result Q3, it indicates that the micro base station 502 rejects the dual-card terminal 501 from accessing the mobile network of the micro base station 502.
In step 610, according to the comparison result in step 609, an access response is generated, and the access response is sent to the dual card terminal 501, so that the dual card terminal 501 can know whether the micro base station 502 allows itself to access the mobile network of the micro base station 502.
In the embodiment, the dual-card terminal generates a first encryption result according to the acquired first random number, the acquired first timestamp and the acquired mobile phone number of the first card, which are sent by the first operator server; meanwhile, a second encryption result is generated according to the obtained second random number, the second timestamp and the mobile phone number of the second card sent by the second operator server, the terminal encryption result is obtained through calculation, and then the access request carrying the terminal encryption result is sent to the micro base station; the micro base station obtains a terminal encryption result after receiving the access request, then obtains a first operator encryption result and a second operator encryption result through a block chain network, further comprehensively judges the encryption results, and determines whether to allow the dual-card terminal to access, so that the problem that the dual-card terminal is easy to expose privacy information such as balance of a user when the dual-card terminal requests to access the micro base station is avoided, the user information security of the dual-card terminal is improved, and the development of a micro base station alliance is promoted.
It will be understood that the above embodiments are merely exemplary embodiments taken to illustrate the principles of the present invention, which is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.

Claims (10)

1. An access method of a terminal, applied to the terminal, the method comprising:
acquiring first information and second information sent by different operator servers from a block chain network, wherein the first information comprises a first random number and a first timestamp, and the second information comprises a second random number and a second timestamp;
using a homomorphic encryption algorithm to homomorphic encrypt the first information, the second information, a first customer service password and a second customer service password which are stored in advance, and obtaining a terminal encryption result;
sending an access request carrying the terminal encryption result to the micro base station;
and responding to an access response returned by the micro base station, and determining whether the micro base station is accessed successfully.
2. The method according to claim 1, wherein the step of homomorphically encrypting the first information, the second information, the pre-stored first service password and the second service password by using a homomorphic encryption algorithm to obtain the terminal encryption result comprises:
using the homomorphic encryption algorithm to homomorphic encrypt the first random number, the first time stamp and the first customer service password, and calculating to obtain a first encryption result;
using the homomorphic encryption algorithm to homomorphic encrypt the second random number, the second timestamp and the second customer service password, and calculating to obtain a second encryption result;
and adding the first encryption result and the second encryption result to obtain the terminal encryption result.
3. The method of claim 1 or 2, wherein the access request further comprises: an identification of the first card and an identification of the second card.
4. An access method applied to a micro base station, the method comprising:
responding to an access request sent by a dual-card terminal, and obtaining a terminal encryption result, wherein the terminal encryption result is obtained by using a homomorphic encryption algorithm to perform homomorphic encryption calculation on a first pre-stored customer service password, a second pre-stored customer service password, first information and second information sent by different operator servers obtained from a block chain network, the first information comprises a first random number and a first timestamp, and the second information comprises a second random number and a second timestamp;
generating and sending a first broadcast message to a block chain network according to the terminal encryption result and the block chain identifier of the micro base station;
and generating and sending an access response to the dual-card terminal according to the terminal encryption result, the first server encryption result and the second server encryption result which are obtained from the block chain network and fed back by different operator servers.
5. The method according to claim 4, wherein the generating and sending an access response to the dual-card terminal according to the terminal encryption result, the first server encryption result and the second server encryption result fed back by different operator servers acquired from the blockchain network comprises:
acquiring a first server encryption result fed back by a first operator server and a second server encryption result fed back by a second operator server from a block chain network;
calculating to obtain a feedback encryption result according to the first server encryption result and the second server encryption result;
comparing the feedback encryption result with the terminal encryption result to obtain a comparison result;
and sending an access response carrying the comparison result to the dual-card terminal.
6. The method according to claim 5, wherein the step of comparing the feedback encryption result with the terminal encryption result to obtain a comparison result comprises:
if the feedback encryption result is the same as the terminal encryption result, determining that the comparison result is that the dual-card terminal is allowed to access;
otherwise, if the feedback encryption result is different from the terminal encryption result, determining that the comparison result is that the dual-card terminal is refused to access.
7. The method of claim 5, wherein the step of obtaining the first server encryption result fed back by the first operator server and the second server encryption result fed back by the second operator server from the blockchain network comprises:
acquiring a third encryption result which is fed back by the first operator server and encrypted by using the public key of the micro base station according to a predetermined algorithm from the block chain network;
decrypting the third encryption result by using a private key of the micro base station to obtain the first server encryption result;
acquiring a fourth encryption result which is fed back by the second operator server and encrypted by using the public key of the micro base station according to a predetermined algorithm from the block chain network;
and decrypting the fourth encryption result by using the private key of the micro base station to obtain the encryption result of the second server.
8. A terminal, comprising:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring first information and second information sent by different operator servers from a block chain network, the first information comprises a first random number and a first time stamp, and the second information comprises a second random number and a second time stamp;
the encryption module is used for carrying out homomorphic encryption on the first information, the second information, the pre-stored first customer service password and the pre-stored second customer service password by using a homomorphic encryption algorithm to obtain a terminal encryption result;
the first sending module is used for sending an access request carrying the terminal encryption result to the micro base station;
and the access module is used for responding to an access response returned by the micro base station and determining whether the micro base station is successfully accessed.
9. A micro base station, comprising:
the second acquisition module is used for responding to an access request sent by the dual-card terminal and acquiring a terminal encryption result; the terminal encryption result is obtained by using a homomorphic encryption algorithm to perform homomorphic encryption calculation on a first pre-stored customer service password, a second pre-stored customer service password, first information and second information which are sent by different operator servers and acquired from a block chain network by the dual-card terminal, wherein the first information comprises a first random number and a first timestamp, and the second information comprises a second random number and a second timestamp;
the broadcast generating module is used for generating a first broadcast message according to the terminal encryption result and the block chain identifier of the micro base station;
a second sending module, configured to send the first broadcast message to a blockchain network;
the access response generation module is used for generating an access response according to the terminal encryption result, a first server encryption result and a second server encryption result which are obtained from the block chain network and fed back by different operator servers;
and the third sending module is used for sending the access response to the dual-card terminal.
10. An access system, comprising: the system comprises a double-card terminal, a micro base station, a first operator server and a second operator server which are connected through a block chain network;
the dual card terminal is used for executing the access method of the terminal according to any one of claims 1 to 3;
the micro base station is used for executing the access method of any one of claims 4 to 7;
the first operator server is used for responding to a first broadcast message sent by the micro base station and acquiring the identifier of a first card in the dual-card terminal and the block chain identifier of the micro base station; using a homomorphic encryption algorithm to homomorphic encrypt the identifier of the first card, a first random number and a first time stamp which are stored in advance, and calculating to obtain a first server encryption result; generating a second broadcast message according to the block chain identifier of the micro base station, the first server encryption result and the identifier of the first card; sending the second broadcast message to a block chain network so that the micro base station acquires the encryption result of the first server;
the second operator server is used for responding to a first broadcast message sent by the micro base station and acquiring the identifier of a second card in the dual-card terminal and the block chain identifier of the micro base station; using a homomorphic encryption algorithm to homomorphic encrypt the identifier of the second card, a second random number and a second time stamp which are stored in advance, and calculating to obtain an encryption result of a second server; generating a third broadcast message according to the block chain identifier of the micro base station, the encryption result of the second server and the identifier of the second card; and sending the third broadcast message to a block chain network so that the micro base station acquires the encryption result of the second server.
CN202010029235.9A 2020-01-10 2020-01-10 Terminal access method, terminal, micro base station and access system Active CN111212426B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010029235.9A CN111212426B (en) 2020-01-10 2020-01-10 Terminal access method, terminal, micro base station and access system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010029235.9A CN111212426B (en) 2020-01-10 2020-01-10 Terminal access method, terminal, micro base station and access system

Publications (2)

Publication Number Publication Date
CN111212426A CN111212426A (en) 2020-05-29
CN111212426B true CN111212426B (en) 2022-08-26

Family

ID=70788935

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010029235.9A Active CN111212426B (en) 2020-01-10 2020-01-10 Terminal access method, terminal, micro base station and access system

Country Status (1)

Country Link
CN (1) CN111212426B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111885600B (en) * 2020-09-02 2023-04-07 中国联合网络通信集团有限公司 Access method of dual-card terminal, terminal and server
CN112040473A (en) * 2020-09-02 2020-12-04 中国联合网络通信集团有限公司 Access method of dual-card terminal, terminal and server
CN113347629A (en) * 2021-05-21 2021-09-03 中国联合网络通信集团有限公司 Method, access point and terminal for providing network access service
CN113347628A (en) * 2021-05-21 2021-09-03 中国联合网络通信集团有限公司 Method, access point and terminal for providing network access service
CN115827785B (en) * 2022-12-30 2023-05-16 中国联合网络通信集团有限公司 Data storage method, device, equipment and readable storage medium
CN117094717B (en) * 2023-07-25 2024-03-29 湖北谊嘉金融仓储有限公司 Multi-user receivables right verification system based on blockchain encryption

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102300284A (en) * 2011-09-21 2011-12-28 华为技术有限公司 Network access method for micro base station and micro base station
CN102769850B (en) * 2012-04-16 2015-10-28 中兴通讯股份有限公司 Single-card multi-mode multi-operator authentication method and device
JP6290044B2 (en) * 2014-08-29 2018-03-07 株式会社Nttドコモ Authentication system, authentication server, client device, and authentication method

Also Published As

Publication number Publication date
CN111212426A (en) 2020-05-29

Similar Documents

Publication Publication Date Title
CN111212426B (en) Terminal access method, terminal, micro base station and access system
CN111083697B (en) Access method, terminal, micro base station and access system
CN111246477B (en) Access method, terminal, micro base station and access system
CN111246471B (en) Terminal access method and device
US20180199205A1 (en) Wireless network connection method and apparatus, and storage medium
CN111212425B (en) Access method, server and terminal
CN111194034B (en) Authentication method and device
US20230344626A1 (en) Network connection management method and apparatus, readable medium, program product, and electronic device
CN111918289B (en) Terminal access method, device and server
CN111901795B (en) Access method, core network equipment and micro base station management server
CN112566119A (en) Terminal authentication method and device, computer equipment and storage medium
CN111263361B (en) Connection authentication method and device based on block chain network and micro base station
CN112994873B (en) Certificate application method and equipment
CN111212422B (en) Authentication method, micro base station and terminal
KR20080093449A (en) Gsm authentication in a cdma network
CN111093196B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
CN113302895B (en) Method and apparatus for authenticating a group of wireless communication devices
CN111866881A (en) Wireless local area network authentication method and wireless local area network connection method
CN111885600B (en) Access method of dual-card terminal, terminal and server
CN111988777B (en) Method for processing one number double-terminal service, core network equipment and server
CN111800791B (en) Authentication method, core network equipment and terminal
CN111918292B (en) Access method and device
KR20140030518A (en) Mutual authentication method and system with network in machine type communication, key distribution method and system, and uicc and device pair authentication method and system in machine type communication
CN113316146B (en) Method, access point and terminal for providing network access service
KR20190050949A (en) Method and apparatus of constructing secure infra-structure for using embedded universal integrated circuit card

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant