CN111800791B - Authentication method, core network equipment and terminal - Google Patents
Authentication method, core network equipment and terminal Download PDFInfo
- Publication number
- CN111800791B CN111800791B CN202010623532.6A CN202010623532A CN111800791B CN 111800791 B CN111800791 B CN 111800791B CN 202010623532 A CN202010623532 A CN 202010623532A CN 111800791 B CN111800791 B CN 111800791B
- Authority
- CN
- China
- Prior art keywords
- information
- homomorphic encryption
- terminal
- splitting
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 67
- 230000005540 biological transmission Effects 0.000 claims abstract description 90
- 238000004891 communication Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000011161 development Methods 0.000 description 5
- 238000013475 authorization Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000010295 mobile communication Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- PCTMTFRHKVHKIS-BMFZQQSSSA-N (1s,3r,4e,6e,8e,10e,12e,14e,16e,18s,19r,20r,21s,25r,27r,30r,31r,33s,35r,37s,38r)-3-[(2r,3s,4s,5s,6r)-4-amino-3,5-dihydroxy-6-methyloxan-2-yl]oxy-19,25,27,30,31,33,35,37-octahydroxy-18,20,21-trimethyl-23-oxo-22,39-dioxabicyclo[33.3.1]nonatriaconta-4,6,8,10 Chemical compound C1C=C2C[C@@H](OS(O)(=O)=O)CC[C@]2(C)[C@@H]2[C@@H]1[C@@H]1CC[C@H]([C@H](C)CCCC(C)C)[C@@]1(C)CC2.O[C@H]1[C@@H](N)[C@H](O)[C@@H](C)O[C@H]1O[C@H]1/C=C/C=C/C=C/C=C/C=C/C=C/C=C/[C@H](C)[C@@H](O)[C@@H](C)[C@H](C)OC(=O)C[C@H](O)C[C@H](O)CC[C@@H](O)[C@H](O)C[C@H](O)C[C@](O)(C[C@H](O)[C@H]2C(O)=O)O[C@H]2C1 PCTMTFRHKVHKIS-BMFZQQSSSA-N 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses an authentication method, core network equipment and a terminal, wherein the method comprises the following steps: acquiring a first encrypted message, and splitting the first encrypted message into first information and second information at random; according to a predetermined algorithm, using a public key of a terminal to respectively perform homomorphic encryption on first information and second information to obtain first homomorphic encryption information and second homomorphic encryption information; respectively sending the first homomorphic encryption information to the terminal in a first transmission mode and sending the second homomorphic encryption information to the terminal in a second transmission mode; receiving first homomorphic encryption splitting information and second homomorphic encryption splitting information fed back by a terminal; determining a second random number message according to the first homomorphic encryption splitting information and the second homomorphic encryption splitting information; and determining an authentication result of the terminal according to the first random number message and the second random number message.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to an authentication method, a core network device, and a terminal.
Background
With the development of the fifth Generation Mobile communication technology (5G), the 5G network can provide more and more services for the 5G user terminal, and the 5G user terminal can not only access to the operator network to which the terminal belongs, but also access to the alliance network formed by micro base stations to communicate with the micro base stations, so as to enjoy better services.
However, when the 5G ue wants to access the 5G micro base station, the 5G ue needs to pass authentication on the operator network side first, and can communicate with the micro base station after passing the authentication, and in the authentication process of the terminal, the privacy information of the 5G ue cannot be guaranteed, so that the user experience is poor.
Disclosure of Invention
Therefore, the authentication method, the core network device and the terminal are provided to solve the problem that in the prior art, in the authentication process of the terminal, it cannot be guaranteed that privacy information of the terminal is not leaked, and therefore customer experience is poor.
In order to achieve the above object, a first aspect of the present application provides an authentication method, including: acquiring a first encrypted message, and randomly splitting the first encrypted message into first information and second information; the first encrypted message comprises a session key and a first ciphertext, the first ciphertext is a ciphertext obtained by encrypting the first random number message by using the session key, and the session key is a key generated based on the attribute information of the terminal; according to a predetermined algorithm, using a public key of a terminal to perform homomorphic encryption on first information and second information respectively to obtain first homomorphic encryption information and second homomorphic encryption information; respectively sending the first homomorphic encryption information to the terminal in a first transmission mode and sending the second homomorphic encryption information to the terminal in a second transmission mode; receiving first homomorphic encryption and splitting information and second homomorphic encryption and splitting information fed back by a terminal, wherein the first homomorphic encryption and splitting information is information acquired through a first transmission mode, and the second homomorphic encryption and splitting information is information acquired through a second transmission mode; determining a second random number message according to the first homomorphic encryption splitting information and the second homomorphic encryption splitting information; and determining an authentication result of the terminal according to the first random number message and the second random number message.
In some specific implementations, determining the second random number message according to the first homomorphic encryption splitting information and the second homomorphic encryption splitting information includes: according to the splitting sequence number, adding the first homomorphic encryption splitting information and the second homomorphic encryption splitting information to obtain a third homomorphic encryption message; and using the public key of the node to homomorphically decrypt the third homomorphic encrypted message to obtain a second random number message.
In some implementations, determining an authentication result for the terminal according to the first random number message and the second random number message includes: comparing the second random number message with the first random number message to obtain a comparison result; and if the comparison results are the same, determining that the terminal is authenticated and generating an authentication passing result, otherwise, determining that the terminal is not authenticated.
In some implementations, obtaining the first encrypted message and randomly splitting the first encrypted message into the first information and the second information includes: responding to an authentication request sent by a terminal, and judging whether attribute information of the terminal is in an attribute description certificate or not according to the attribute description certificate; if so, generating a session key according to the attribute information of the terminal; encrypting the first random number message by using the session key to generate a first ciphertext; generating an authorized access condition according to the attribute description certificate; and generating a first encrypted message according to the authorized access condition, the first ciphertext and the session key, and randomly splitting the first encrypted message into first information and second information.
In some implementations, after the step of determining the authentication result for the terminal according to the first random number message and the second random number message, the method further includes: and sending the authentication result to the micro base station alliance management server so that the micro base station alliance management server can determine whether the terminal is allowed to be accessed into the micro base station or not according to the authentication result.
In order to achieve the above object, a second aspect of the present application provides an authentication method of a terminal, the method including: respectively acquiring first homomorphic encryption information sent by core network equipment through a first transmission mode, and acquiring second homomorphic encryption information sent by the core network equipment through a second transmission mode; determining a second random number message according to the first homomorphic encryption information, the second homomorphic encryption information and the attribute key of the terminal; according to the public key of the core network equipment, homomorphic encryption is carried out on the second random number message to generate a third homomorphic encryption message, and the third homomorphic encryption message is randomly split into first homomorphic encryption split information and second homomorphic encryption split information; and sending the first homomorphic encryption and splitting information and the second homomorphic encryption and splitting information to the core network equipment so that the core network equipment determines an authentication result of the terminal according to the first homomorphic encryption and splitting information, the second homomorphic encryption and splitting information and the first random number message, wherein the first homomorphic encryption and splitting information is forwarded to the core network equipment by the micro base station in a first transmission mode, and the second homomorphic encryption and splitting information is forwarded to the core network equipment by the micro base station in a second transmission mode.
In some implementations, determining the second random number message according to the first homomorphic encryption information, the second homomorphic encryption information, and the attribute key of the terminal includes: adding the first homomorphic encryption information and the second homomorphic encryption information to obtain fourth homomorphic encryption information; using the public key of the terminal to perform homomorphic decryption on the fourth homomorphic encrypted information to obtain a homomorphic decryption result; decrypting the homomorphic decryption result again by using the attribute key of the terminal to obtain a session key and a first ciphertext; and decrypting the first ciphertext by using the session key to obtain a second random number message.
In some specific implementations, before the steps of obtaining, by a first transmission method, first homomorphic encryption information sent by a core network device and obtaining, by a second transmission method, second homomorphic encryption information sent by the core network device, the method further includes: generating an authentication request according to the identification and attribute information of the terminal; and sending an authentication request to the core network equipment so that the core network equipment judges whether the attribute information of the terminal is in the attribute description certificate.
In order to achieve the above object, a third aspect of the present application provides a core network device, including: the splitting module is used for acquiring the first encrypted message and randomly splitting the first encrypted message into first information and second information; the first encrypted message comprises a session key and a first ciphertext, the first ciphertext is a ciphertext obtained by encrypting the first random number message by using the session key, and the session key is a key generated based on the attribute information of the terminal; the first homomorphic encryption module is used for homomorphic encryption of the first information and the second information respectively by using a public key of the terminal according to a predetermined algorithm to obtain first homomorphic encryption information and second homomorphic encryption information; the first sending module is used for sending the first homomorphic encryption information to the terminal in a first transmission mode and sending the second homomorphic encryption information to the terminal in a second transmission mode; the terminal comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving first homomorphic encryption and splitting information and second homomorphic encryption and splitting information fed back by the terminal, the first homomorphic encryption and splitting information is information acquired through a first transmission mode, and the second homomorphic encryption and splitting information is information acquired through a second transmission mode; the first determining module is used for determining a second random number message according to the first homomorphic encryption and splitting information and the second homomorphic encryption and splitting information; and the authentication module is used for determining an authentication result of the terminal according to the first random number message and the second random number message.
In order to achieve the above object, a fourth aspect of the present application provides a terminal comprising: the acquisition module is used for acquiring first homomorphic encryption information sent by core network equipment through a first transmission mode respectively, and acquiring second homomorphic encryption information sent by the core network equipment through a second transmission mode simultaneously; the second determining module is used for determining a second random number message according to the first homomorphic encryption information, the second homomorphic encryption information and the attribute key of the terminal; the second homomorphic encryption module is used for homomorphic encrypting the second random number message according to the public key of the core network equipment to generate a third homomorphic encryption message and randomly splitting the third homomorphic encryption message into first homomorphic encryption splitting information and second homomorphic encryption splitting information; and the second sending module is used for sending the first homomorphic encryption and splitting information and the second homomorphic encryption and splitting information to the core network equipment so that the core network equipment determines an authentication result of the terminal according to the first homomorphic encryption and splitting information, the second homomorphic encryption and splitting information and the first random number message, wherein the first homomorphic encryption and splitting information is forwarded to the core network equipment by the micro base station in a first transmission mode, and the second homomorphic encryption and splitting information is forwarded to the core network equipment by the micro base station in a second transmission mode.
According to the authentication method, the core network device and the terminal, the first encrypted message is randomly split into the first information and the second information, wherein the first encrypted message comprises a session key and a first ciphertext, the first ciphertext is a ciphertext obtained by encrypting a first random number message by using the session key, and the session key is a key generated based on the attribute information of the terminal, so that the security of the first encrypted message can be ensured; then according to a predetermined algorithm, using a public key of the terminal to respectively perform homomorphic encryption on the first information and the second information to obtain first homomorphic encryption information and second homomorphic encryption information; and the first homomorphic encrypted information is respectively sent to the terminal in a first transmission mode, and the second homomorphic encrypted information is sent to the terminal in a second transmission mode, so that the terminal can communicate through different communication channels, the information is prevented from being acquired by a third party, and the safety of the transmitted information is further enhanced. After receiving first homomorphic encryption splitting information and second homomorphic encryption splitting information fed back by a terminal, determining a second random number message according to the first homomorphic encryption splitting information and the second homomorphic encryption splitting information; the authentication result of the terminal can be determined according to the first random number message and the second random number message, the safety of the terminal and the micro base station is ensured, and the development of a 5G micro base station alliance is promoted.
Drawings
The accompanying drawings are included to provide a further understanding of the embodiments of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the principles of the disclosure and not to limit the disclosure. The above and other features and advantages will become more apparent to those skilled in the art by describing in detail exemplary embodiments thereof with reference to the attached drawings, in which:
fig. 1 is a flowchart illustrating an authentication method according to an embodiment of the present application.
Fig. 2 is a flowchart illustrating an authentication method of a terminal in a second embodiment of the present application.
Fig. 3 is a block diagram of a core network device in a third embodiment of the present application.
Fig. 4 is a block diagram illustrating a terminal according to a fourth embodiment of the present application.
Fig. 5 is a block diagram illustrating an authentication system according to a fifth embodiment of the present application.
Fig. 6 is a flowchart of a working method of the authentication system in the fifth embodiment of the present application.
In the drawings:
301: the splitting module 302: first homomorphic encryption module
303: first transmitting module 304: receiving module
305: the first determination module 306: authentication module
401: the acquisition module 402: second determining module
403: second homomorphic encryption module 404: second sending module
510: the core network device 511: access and mobility management entity
512: policy control function 520: terminal device
530: micro base station alliance management server 540: micro base station
Detailed Description
The following detailed description of embodiments of the present application will be made with reference to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present application, are given by way of illustration and explanation only, and are not intended to limit the present application. It will be apparent to one skilled in the art that the present application may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present application by illustrating examples thereof.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of additional identical elements in the process, method, article, or apparatus that comprises the element.
To make the objects, technical solutions and advantages of the present application more clear, the following detailed description of the embodiments of the present application will be made with reference to the accompanying drawings.
Example one
Fig. 1 is a schematic flowchart of an authentication method in the first embodiment of the present application, and the method is applicable to a core network device. As shown in fig. 1, the following steps are included.
Step 110, obtaining the first encrypted message, and splitting the first encrypted message into the first information and the second information at random.
The first encrypted message includes a session key and a first ciphertext, the first ciphertext is a ciphertext obtained by encrypting the first random number message using the session key, and the session key is a key generated based on the attribute information of the terminal.
The attribute information of the terminal a may include information of an operator to which the terminal belongs, registration information of a user of the terminal, and the like. The above attribute information of the terminal is only an example, and may be specifically set according to specific situations, and the attribute information of other terminals that are not described is also within the protection scope of the present application, and is not described herein again.
The core network equipment generates a session key based on the attribute information of the terminal, and encrypts the first random number message by using the session key to obtain a first ciphertext, so that only the terminal A can correctly decrypt the first ciphertext. Even if the third-party device intercepts the first ciphertext, the first ciphertext cannot be correctly decrypted because the third-party device does not have the attribute information of the terminal A, and the security of the first random number message in the transmission process is ensured. And the first information and the second information are obtained by splitting the first encrypted message randomly, so that the method has randomness, can also avoid third-party equipment from obtaining complete data, and ensures the safety of the information.
And step 120, using the public key of the terminal to perform homomorphic encryption on the first information and the second information respectively according to a predetermined algorithm, so as to obtain first homomorphic encryption information and second homomorphic encryption information.
It should be noted that the homomorphic encryption can not only ensure the security of the data, but also make the data not lose the computability. For example, an encryption result obtained by performing addition and multiplication operations on a plaintext using an encryption function and then performing homomorphic encryption on the operation result is equivalent to an encryption result obtained by performing addition and multiplication operations on a ciphertext after encryption. Due to the good property, even if the third-party equipment obtains the first homomorphic encrypted information, the third-party equipment cannot obtain all the content of the information through decryption, and the privacy information of the terminal is prevented from being leaked. And only the specified terminal, e.g., terminal a having the attribute information in step 110, can complete decryption of the homomorphic encrypted information.
And step 130, respectively sending the first homomorphic encryption information to the terminal in a first transmission mode, and sending the second homomorphic encryption information to the terminal in a second transmission mode.
The first transmission mode and the second transmission mode may have different implementation modes, and the second transmission mode is a mode different from the first transmission mode. For example, the first transmission method is any one of a broadcast method, a short message transmission method, and a block chain transmission method. When the first transmission mode is a broadcast mode, the second transmission mode can be a short message transmission mode or a block chain transmission mode so as to ensure that the information is transmitted to the terminal through different transmission channels, avoid the information being intercepted by third-party equipment and ensure the safety of the information. The above transmission methods are only examples, and may be specifically set according to specific situations, and other non-described transmission methods are also within the protection scope of the present application, and are not described herein again.
And 140, receiving the first homomorphic encryption splitting information and the second homomorphic encryption splitting information fed back by the terminal.
The first homomorphic encryption and splitting information is information obtained through a first transmission mode, and the second homomorphic encryption and splitting information is information obtained through a second transmission mode.
For example, the first homomorphic encryption splitting information is obtained in a short message mode, and the second homomorphic encryption splitting information is obtained in a broadcast message mode, so that the leakage of the messages is prevented.
And 150, determining a second random number message according to the first homomorphic encryption splitting information and the second homomorphic encryption splitting information.
In some implementations, step 150 can be implemented as follows: according to the splitting sequence number, adding the first homomorphic encryption splitting information and the second homomorphic encryption splitting information to obtain a third homomorphic encryption message; and using the public key of the node to homomorphically decrypt the third homomorphic encrypted message to obtain a second random number message.
For example, if the split sequence number of the first homomorphic encryption-split information is 1, the first homomorphic encryption-split information is 1234, the split sequence number of the second homomorphic encryption-split information is 2, and the second homomorphic encryption-split information is 5678, the second random number message is 12345678. If the split serial number of the first homomorphic encryption split information is 2 and the split serial number of the second homomorphic encryption split information is 1, the second random number message is '56781234'.
For example, the first homomorphic encryption-splitting information is B1 (e.g., including information 1234), the second homomorphic encryption-splitting information is B2 (e.g., including information 5678), and the first homomorphic encryption-splitting information and the second homomorphic encryption-splitting information can be added to obtain a third homomorphic encryption message, as the identification sequence numbers of the corresponding B1 and B2 are known; and homomorphically decrypting the third homomorphic encrypted message by using the public key of the node to obtain the information (namely 12345678) fed back by the terminal.
In some implementations, step 160 can be implemented as follows: comparing the second random number message with the first random number message to obtain a comparison result; and if the comparison results are the same, determining that the terminal is authenticated and generating an authentication passing result, otherwise, determining that the terminal is not authenticated.
For example, the second random number message stored by the core network device is 12345678, and the second random number message obtained by the calculation in the preamble step is 12345678, and the second random number message is the same as the first random number message, which indicates that the terminal has successfully obtained the authentication message of the core network device, and correctly resolves the authentication message to meet the requirement of the core network device, so that it may be determined that the terminal passes the authentication, and an authentication passing result is generated at the same time, where the authentication passing result includes the identifier of the terminal a and the authentication passing identifier. Otherwise, if the second random number message obtained by the calculation of the preamble step is abcd4567, the second random number message is different from the first random number message (i.e., 12345678), and it is determined that the terminal authentication is not passed. The terminal cannot obtain the authentication of the core network equipment, and the process is ended.
In this embodiment, a first encrypted message is randomly split into first information and second information, where the first encrypted message includes a session key and a first ciphertext, the first ciphertext is a ciphertext obtained by encrypting a first random number message using the session key, and the session key is a key generated based on attribute information of a terminal, so that security of the first encrypted message can be ensured; then according to a predetermined algorithm, using a public key of the terminal to respectively perform homomorphic encryption on the first information and the second information to obtain first homomorphic encryption information and second homomorphic encryption information; and the first homomorphic encrypted information is respectively sent to the terminal in a first transmission mode, and the second homomorphic encrypted information is sent to the terminal in a second transmission mode, so that the terminal can communicate through different communication channels, the information is prevented from being acquired by a third party, and the safety of the transmitted information is further enhanced. After receiving first homomorphic encryption splitting information and second homomorphic encryption splitting information fed back by a terminal, determining a second random number message according to the first homomorphic encryption splitting information and the second homomorphic encryption splitting information; the authentication result of the terminal can be determined according to the first random number message and the second random number message, the safety of the terminal and the micro base station is ensured, and the development of a 5G micro base station alliance is promoted.
The embodiment of the present application provides another possible implementation manner, where step 110 may be implemented in the following manner, specifically including:
step 111, responding to the authentication request sent by the terminal, and judging whether the attribute information of the terminal is in the attribute description certificate according to the attribute description certificate.
It should be noted that, if it is determined that the attribute information of the terminal is in the attribute description certificate, step 112 is executed, otherwise, the process ends.
And step 112, generating a session key according to the attribute information of the terminal.
For example, the attribute information of the terminal includes an identifier of the terminal, information of an operator to which the terminal belongs, registration information of a user of the terminal, and the like.
Step 113, encrypting the first random number message by using the session key to generate a first ciphertext.
And step 114, generating an authorized access condition according to the attribute description certificate.
It should be noted that the attribute description certificate includes attribute information of an authorized terminal, for example, information of an operator to which the terminal belongs, registration information of a user of the terminal, and the like. The generated authorized access condition indicates that only authorized terminals can access the micro base station. For example, if the attribute description certificate includes the identifier a1 of the terminal a1, the identifier a2 of the terminal a2, the identifier A3 of the terminal A3, and the like, only the terminal a1, the terminal a2, and the terminal A3 can be authorized to access the micro base station.
And step 115, generating a first encrypted message according to the authorized access condition, the first ciphertext and the session key, and randomly splitting the first encrypted message into first information and second information.
And generating an authorized access condition through the attribute description certificate, so that only the terminal with the attribute information in the attribute description certificate can correctly decrypt the first encrypted message to obtain the first ciphertext and the session key in the first encrypted message. And the session key generated according to the attribute information of the terminal is used for encrypting the first random number message to survive the first ciphertext, so that the safety of the first random number message is further ensured, and the information leakage is avoided.
The embodiment of the present application provides another possible implementation manner, where after step 160, the method further includes: and sending the authentication result to the micro base station alliance management server.
Specifically, after receiving the authentication result, the micro base station alliance management server analyzes the authentication result to obtain the identifier of the terminal passing the authentication, and stores the identifier of the terminal in the user white list, so that after the terminal enters the coverage range of the micro base station, the terminal can be allowed to be quickly accessed to the micro base station, and the authentication efficiency of the terminal is improved.
Example two
Fig. 2 is a schematic flowchart of a terminal authentication method in an embodiment of the present application, where the method is applicable to a terminal, for example, a device such as a smart phone and a tablet computer that can support mobile communication. As shown in fig. 2, the following steps are included.
The first homomorphic encryption information and the second homomorphic encryption information are respectively sent through different transmission modes, so that the information content is prevented from being acquired by a third party, and the information security is ensured.
In some implementations, before step 201, the method further includes: generating an authentication request according to the identification and attribute information of the terminal; and sending an authentication request to the core network equipment.
The authentication request is generated and sent to the core network equipment through the identification and the attribute information of the terminal, so that the core network equipment can judge whether the terminal is a legal terminal or not according to the attribute information of the terminal, for example, when the attribute information of the terminal is in an attribute description certificate, the terminal is represented as a legal terminal, and the service provided by the core network equipment can be obtained.
In some implementations, step 202 can be implemented as follows: adding the first homomorphic encryption information and the second homomorphic encryption information to obtain fourth homomorphic encryption information; using the public key of the terminal to perform homomorphic decryption on the fourth homomorphic encrypted information to obtain a homomorphic decryption result; decrypting the homomorphic decryption result again by using the attribute key of the terminal to obtain a session key and a first ciphertext; and decrypting the first ciphertext by using the session key to obtain a second random number message.
The fourth homomorphic encryption information is obtained by adding the first homomorphic encryption information and the second homomorphic encryption information to ensure the integrity of the information; through multiple times of decryption, the second random number message can be obtained. The second random number message is encrypted in a mode of combining homomorphic encryption and attribute encryption, and the information security is guaranteed. Only when the attribute information of the terminal is in the attribute description certificate and meets the authorized access condition, the terminal can correctly decrypt the encrypted result to obtain the second random number message, so that the information security of the second random number message is further ensured.
It should be noted that the homomorphic encryption method is the same as the homomorphic encryption method in the first embodiment, and is not described herein again. The message is encrypted homomorphically, so that the data security of the message is ensured in an encryption mode, and the data is not lost in computation.
And step 204, sending the first homomorphic encryption and splitting information and the second homomorphic encryption and splitting information to the core network equipment.
Specifically, after obtaining the first homomorphic encryption splitting information and the second homomorphic encryption splitting information, the core network device determines a second random number message through the first homomorphic encryption splitting information and the second homomorphic encryption splitting information, then compares the second random number message with the first random number message, and determines that the terminal passes the authentication when the first random number message and the second random number message are the same. The first homomorphic encryption and splitting information is forwarded to the core network equipment by the micro base station through a first transmission mode, and the second homomorphic encryption and splitting information is forwarded to the core network equipment by the micro base station through a second transmission mode.
In this embodiment, a first homomorphic encryption information and a second homomorphic encryption information are obtained by using a first transmission mode and a second transmission mode, respectively; determining a second random number message according to the first homomorphic encryption information, the second homomorphic encryption information and the attribute key of the terminal; and then, according to the public key of the core network equipment, homomorphic encryption is carried out on the second random number message to generate a third homomorphic encryption message, and the third homomorphic encryption message is randomly split into first homomorphic encryption split information and second homomorphic encryption split information, so that the safety of the second random number message is ensured. And then the first homomorphic encryption and splitting information and the second homomorphic encryption and splitting information are sent to the core network equipment, so that the core network equipment can obtain a second random number message, and an authentication result of the terminal is determined according to the first random number message and the second random number message, thereby ensuring the safety of the interactive information of the terminal in the authentication process. The privacy information of the terminal is prevented from being revealed, and the customer experience is improved.
EXAMPLE III
Fig. 3 is a schematic structural diagram of a core network device according to an embodiment of the present application, and for specific implementation of the device, reference may be made to the related description of the first embodiment, and repeated details are not repeated. It should be noted that the specific implementation of the apparatus in this embodiment is not limited to the above embodiment, and other undescribed embodiments are also within the scope of the apparatus.
As shown in fig. 3, the core network device specifically includes: the splitting module 301 is configured to obtain a first encrypted message, and split the first encrypted message into first information and second information at random; the first encrypted message comprises a session key and a first ciphertext, the first ciphertext is a ciphertext obtained by encrypting the first random number message by using the session key, and the session key is a key generated based on the attribute information of the terminal; the first homomorphic encryption module 302 is configured to perform homomorphic encryption on the first information and the second information respectively by using a public key of the terminal according to a predetermined algorithm, so as to obtain first homomorphic encryption information and second homomorphic encryption information; a first sending module 303, configured to send the first homomorphic encryption information to the terminal in a first transmission manner and send the second homomorphic encryption information to the terminal in a second transmission manner, respectively; a receiving module 304, configured to receive first homomorphic encryption/decryption information and second homomorphic encryption/decryption information fed back by a terminal, where the first homomorphic encryption/decryption information is information obtained through a first transmission mode, and the second homomorphic encryption/decryption information is information obtained through a second transmission mode; a first determining module 305, configured to determine a second random number message according to the first homomorphic encryption splitting information and the second homomorphic encryption splitting information; and the authentication module 306 is configured to determine an authentication result for the terminal according to the first random number message and the second random number message.
In this embodiment, a splitting module randomly splits a first encrypted message into first information and second information, where the first encrypted message includes a session key and a first ciphertext, the first ciphertext is a ciphertext obtained by encrypting a first random number message using the session key, and the session key is a key generated based on attribute information of a terminal, so that security of the first encrypted message can be ensured; then, using a first homomorphic encryption module to homomorphically encrypt the first information and the second information respectively by using a public key of the terminal according to a predetermined algorithm to obtain first homomorphic encryption information and second homomorphic encryption information; and the first sending module is used for sending the first homomorphic encryption information to the terminal in a first transmission mode and sending the second homomorphic encryption information to the terminal in a second transmission mode respectively, so that the terminal can communicate with the terminal through different communication channels, the information is prevented from being acquired by a third party, and the safety of the transmitted information is further enhanced. After the receiving module receives first homomorphic encryption and splitting information and second homomorphic encryption and splitting information fed back by the terminal, a first determining module is used for determining a second random number message according to the first homomorphic encryption and splitting information and the second homomorphic encryption and splitting information; the authentication module can determine the authentication result of the terminal according to the first random number message and the second random number message, so that the security of the terminal and the micro base station is ensured, and the development of a 5G micro base station alliance is promoted.
It should be understood that the present embodiment is an apparatus embodiment corresponding to the first embodiment, and the present embodiment can be implemented in cooperation with the first embodiment. Related technical details mentioned in the first embodiment are still valid in this embodiment, and are not described herein again in order to reduce repetition. Accordingly, the related art details mentioned in the present embodiment can also be applied to the first embodiment.
Example four
Fig. 4 is a schematic structural diagram of a terminal provided in the embodiment of the present application, and for specific implementation of the terminal, reference may be made to the related description of the second embodiment, and repeated details are not repeated. It should be noted that the specific implementation of the terminal in this embodiment is not limited to the above embodiment, and other undescribed embodiments are also within the scope of the terminal.
As shown in fig. 4, the terminal specifically includes: an obtaining module 401, configured to obtain first homomorphic encryption information sent by a core network device through a first transmission method, and obtain second homomorphic encryption information sent by the core network device through a second transmission method; a second determining module 402, configured to determine a second random number message according to the first homomorphic encryption information, the second homomorphic encryption information, and the attribute key of the terminal; a second homomorphic encryption module 403, configured to perform homomorphic encryption on the second random number message according to the public key of the core network device, generate a third homomorphic encryption message, and randomly split the third homomorphic encryption message into first homomorphic encryption split information and second homomorphic encryption split information; a second sending module 404, configured to send the first homomorphic encryption and splitting information and the second homomorphic encryption and splitting information to the core network device, so that the core network device determines an authentication result for the terminal according to the first homomorphic encryption and splitting information, the second homomorphic encryption and splitting information, and the first homomorphic encryption and splitting information is forwarded to the core network device by the micro base station through the first transmission mode, and the second homomorphic encryption and splitting information is forwarded to the core network device by the micro base station through the second transmission mode.
In this embodiment, the obtaining module obtains first homomorphic encryption information and second homomorphic encryption information respectively by using a first transmission mode and a second transmission mode, and the second determining module determines a second random number message according to the first homomorphic encryption information, the second homomorphic encryption information and the attribute key of the terminal; and then, the second homomorphic encryption module is used for homomorphic encryption on the second random number message according to the public key of the core network equipment to generate a third homomorphic encryption message, and the third homomorphic encryption message is randomly split into first homomorphic encryption split information and second homomorphic encryption split information, so that the safety of the second random number message is ensured. And then, the second sending module is used for sending the first homomorphic encryption and splitting information and the second homomorphic encryption and splitting information to the core network equipment, so that the core network equipment can obtain a second random number message, and an authentication result of the terminal is determined according to the first random number message and the second random number message, and the safety of the interactive information of the terminal in the authentication process is ensured. The privacy information of the terminal is prevented from being revealed, and the customer experience is improved.
It should be understood that this embodiment is an apparatus example corresponding to the second embodiment, and the present embodiment can be implemented in cooperation with the second embodiment. Related technical details mentioned in the second embodiment are still valid in this embodiment, and are not described herein again in order to reduce repetition. Accordingly, the related-art details mentioned in this embodiment can also be applied to the second embodiment.
It should be noted that each module referred to in this embodiment is a logical module, and in practical applications, one logical unit may be one physical unit, may be a part of one physical unit, and may be implemented by a combination of multiple physical units. In addition, in order to highlight the innovative part of the present application, a unit that is not so closely related to solving the technical problem proposed by the present application is not introduced in the present embodiment, but it does not indicate that no other unit exists in the present embodiment.
EXAMPLE five
An authentication system is provided in the embodiments of the present application, and fig. 5 is a block diagram of an authentication system in the fifth embodiment of the present application. As shown in fig. 5, includes: operator a's core network equipment 510, terminal 520, micro base station alliance management server 530, and micro base station 540. The core network device 510 includes an Access and Mobility Management entity (AMF) 511 and a policy Control Function entity (PCF) 512. The terminal 520 is a terminal supporting a fifth Generation Mobile communication technology (5th Generation Mobile Network, 5G). The micro base station alliance management server 530 is connected to the core network device 510.
It should be noted that the core network device 510 stores an attribute description certificate, where the attribute description certificate includes encrypted attribute information of each terminal and an identifier of the terminal. Each of the terminals is a terminal which obtains authorization of the micro base station alliance management server 530, that is, each of the terminals in the attribute description certificate is a terminal which can access to a micro base station in the micro base station alliance. For example, the attribute information of the terminal includes a micro base station alliance access identifier, and if the micro base station alliance access identifier of a certain terminal is 1, it indicates that the terminal obtains the authorization of the micro base station alliance management server 530; otherwise, if the micro base station alliance access identifier is 0, it indicates that the terminal has not obtained the authorization of the micro base station alliance management server 530, and therefore, the terminal cannot access to the micro base station. In specific implementation, a user attribute "5G micro base station alliance access right" may be set in a Unified Data Manager (UDM) entity in the core network device 510, and the "5G micro base station alliance access right" may be used as a micro base station alliance access identifier.
Specifically, fig. 6 is a flowchart of a working method of the authentication system, and as shown in fig. 6, the method specifically includes the following steps.
The authentication request includes an identifier of the terminal 520 (e.g., a mobile phone number of the terminal 520 or a hardware device number of the terminal 520, etc.) and attribute information of the terminal 520. Specifically, the micro base station 540 may send the authentication request to the AMF entity 511 in the core network device 510, and forward the authentication request to the PCF entity 512 by the AMF entity 511.
It should be noted that before the terminal 520 sends the authentication request, the private key of the terminal 520 is also used to encrypt the authentication request, so as to ensure the security of the authentication request.
In step 602, after receiving the authentication request, the PCF entity 512 in the core network device 510 verifies the private key of the authentication request, and after the verification, obtains the identifier of the terminal 520 and the attribute information of the terminal 520. Then, it is determined whether the attribute information of the terminal 520 is in the attribute description certificate, and if it is determined that the attribute information of the terminal 520 is in the attribute description certificate, it is determined that the network service can be provided for the terminal 520. Generating a session key according to the attribute information of the terminal 520, and encrypting a first random number message (e.g., XXXXYYYY) using the session key to generate a first ciphertext E; and generating an authorized access condition T according to the attribute description certificate, and then generating a first encrypted message according to the authorized access condition, the first ciphertext and the session key. PCF entity 512 randomly splits the first encrypted message into two parts, i.e., the first information and the second information.
For example, if the first encrypted message is ABCDWXYZ, the first information is ABCD, and the second information is WXYZ.
In step 604, the core network device 510 signs the first homomorphic encryption information T1 using the private key of the operator, obtains and sends the signed first homomorphic encryption information T1 to the terminal 520 in a broadcast transmission manner.
In step 605, the core network device 510 signs the second homomorphic encryption information T2 by using the private key of the operator, obtains and sends the signed second homomorphic encryption information T2 to the terminal 520 by using the short message transmission method.
606, the terminal 520 obtains the first homomorphic encrypted information T1 through the transmission mode of broadcasting and obtains the second homomorphic encrypted information T2 through the transmission mode of short messages; the private key signatures of the first homomorphic encryption information T1 and the second homomorphic encryption information T2 are then verified using the operator's public key, respectively.
It should be noted that, if it is determined that the private key signatures of the first homomorphic encryption information T1 and the second homomorphic encryption information T2 are both verified, step 607 is executed, otherwise, the process is ended.
In step 607, the terminal 520 adds the first homomorphic encryption information T1 and the second homomorphic encryption information T2 to obtain fourth homomorphic encryption information. And then using the public key of the terminal 520 to perform homomorphic decryption on the fourth homomorphic encrypted information to obtain a homomorphic decryption result. Then, the homomorphic decryption result is decrypted again by using the attribute key SK of the terminal 520 to obtain a session key and a first ciphertext; and decrypting the first ciphertext by using the session key to obtain a second random number message.
If the terminal 520 correctly decrypts the homomorphism of the fourth homomorphic encrypted message, the obtained homomorphic decryption result should be the same as the content of the first encrypted message (i.e., ABCDWXYZ). And, only when the terminal 520 is an authorized user (i.e., the attribute information of the terminal 520 is included in the attribute description certificate), the terminal 520 can obtain the session key and the first ciphertext. If the decryption process is correct, the contents of the second random number message and the first random number message are the same, i.e. both are XXXXYYYY.
In step 609, the terminal 520 signs the first homomorphic encryption and splitting information by using the private key of the terminal 520, and obtains and sends the signed first homomorphic encryption and splitting information to the core network device 510 in a broadcast transmission manner.
In step 610, the terminal 520 signs the second homomorphic encryption and splitting information by using the private key of the terminal 520, and obtains and sends the signed second homomorphic encryption and splitting information to the core network device 510 by using the transmission mode of the short message.
It should be noted that, if it is determined that the second random number message is identical to the first random number message and both are xxxxyyyyy, it is determined that the terminal 520 is authenticated, and an authentication pass result is generated. Step 612 is executed, otherwise, it is determined that the authentication for the terminal 520 is not passed, and the procedure is ended. The authentication pass result includes the identifier of the terminal 520 and the authentication pass identifier.
In step 612, the core network device 510 performs signature authentication on the authentication passing result by using its own private key, and obtains and sends the signed authentication passing result to the micro base station alliance management server 530.
In step 615, the micro base station 540 sends the authentication passing result to the terminal 520, and informs that the terminal 520 can access the micro base station 540.
In this embodiment, a core network device randomly splits a first encrypted message into first information and second information, where the first encrypted message includes a session key and a first ciphertext, the first ciphertext is a ciphertext obtained by the core network device encrypting a first random number message using the session key, and the session key is a key generated based on attribute information of a terminal, so that security of the first encrypted message can be ensured; then according to a predetermined algorithm, using a public key of the terminal to respectively perform homomorphic encryption on the first information and the second information to obtain first homomorphic encryption information and second homomorphic encryption information; and the first homomorphic encrypted information is respectively sent to the terminal in a first transmission mode, and the second homomorphic encrypted information is sent to the terminal in a second transmission mode, so that the terminal can communicate through different communication channels, the information is prevented from being acquired by a third party, and the safety of the transmitted information is further enhanced. After first homomorphic encryption splitting information and second homomorphic encryption splitting information fed back by a terminal are received, determining a second random number message according to the first homomorphic encryption splitting information and the second homomorphic encryption splitting information; the authentication result of the terminal can be determined according to the first random number message and the second random number message, the safety of the terminal and the micro base station is ensured, and the development of a 5G micro base station alliance is promoted.
It is to be understood that the above embodiments are merely exemplary embodiments that are employed to illustrate the principles of the present application, and that the present application is not limited thereto. It will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the application, and these changes and modifications are to be considered as the scope of the application.
Claims (10)
1. An authentication method, the method comprising:
acquiring a first encrypted message, and randomly splitting the first encrypted message into first information and second information; the first encrypted message comprises a session key and a first ciphertext, the first ciphertext is a ciphertext obtained by encrypting a first random number message by using the session key, and the session key is a key generated based on attribute information of a terminal;
according to a predetermined algorithm, using a public key of a terminal to perform homomorphic encryption on the first information and the second information respectively to obtain first homomorphic encryption information and second homomorphic encryption information;
respectively sending the first homomorphic encryption information to the terminal in a first transmission mode, and sending the second homomorphic encryption information to the terminal in a second transmission mode;
receiving first homomorphic encryption and splitting information and second homomorphic encryption and splitting information fed back by a terminal, wherein the first homomorphic encryption and splitting information is information acquired through the first transmission mode, and the second homomorphic encryption and splitting information is information acquired through the second transmission mode;
determining a second random number message according to the first homomorphic encryption splitting information and the second homomorphic encryption splitting information;
determining an authentication result for the terminal according to the first random number message and the second random number message;
the first homomorphic encryption and splitting information and the second homomorphic encryption and splitting information are information obtained by randomly splitting a third homomorphic encryption message, and the third homomorphic encryption message is a message generated by homomorphic encryption of the second random number message by the terminal according to a public key of core network equipment.
2. The method of claim 1, wherein determining a second nonce message based on the first homomorphic encryption split information and the second homomorphic encryption split information comprises:
according to the splitting sequence number, performing addition operation on the first homomorphic encryption splitting information and the second homomorphic encryption splitting information to obtain a third homomorphic encryption message;
and using the public key of the node to perform homomorphic decryption on the third homomorphic encrypted message to obtain the second random number message.
3. The method according to claim 1, wherein the determining the authentication result for the terminal according to the first random number message and the second random number message comprises:
comparing the second random number message with the first random number message to obtain a comparison result;
if the comparison result is the same, the authentication of the terminal is determined to be passed, and an authentication passing result is generated,
otherwise, determining that the terminal authentication is not passed.
4. The method of claim 1, wherein obtaining the first encrypted message and splitting the first encrypted message into the first information and the second information randomly comprises:
responding to an authentication request sent by a terminal, and judging whether attribute information of the terminal is in an attribute description certificate or not according to the attribute description certificate;
if so, generating the session key according to the attribute information of the terminal;
encrypting a first random number message by using the session key to generate a first ciphertext;
generating an authorized access condition according to the attribute description certificate;
and generating the first encrypted message according to the authorized access condition, the first ciphertext and the session key, and randomly splitting the first encrypted message into the first information and the second information.
5. The method according to any one of claims 1 to 4, wherein after the step of determining the authentication result for the terminal according to the first random number message and the second random number message, further comprising:
and sending the authentication result to a micro base station alliance management server so that the micro base station alliance management server determines whether the terminal is allowed to be accessed to the micro base station or not according to the authentication result.
6. An authentication method of a terminal, the method comprising:
respectively acquiring first homomorphic encryption information sent by core network equipment through a first transmission mode, and acquiring second homomorphic encryption information sent by the core network equipment through a second transmission mode;
determining a second random number message according to the first homomorphic encryption information, the second homomorphic encryption information and the attribute key of the terminal;
homomorphic encryption is carried out on the second random number message according to the public key of the core network equipment to generate a third homomorphic encryption message, and the third homomorphic encryption message is randomly split into first homomorphic encryption split information and second homomorphic encryption split information;
and sending the first homomorphic encryption and splitting information and the second homomorphic encryption and splitting information to the core network equipment so that the core network equipment determines an authentication result of the terminal according to the first homomorphic encryption and splitting information, the second homomorphic encryption and splitting information and a first random number message, wherein the first homomorphic encryption and splitting information is forwarded to the core network equipment by the micro base station in the first transmission mode, and the second homomorphic encryption and splitting information is forwarded to the core network equipment by the micro base station in the second transmission mode.
7. The method according to claim 6, wherein the determining a second random number message according to the first homomorphic encryption information, the second homomorphic encryption information and the attribute key of the terminal comprises:
adding the first homomorphic encryption information and the second homomorphic encryption information to obtain fourth homomorphic encryption information;
using a public key of the terminal to perform homomorphic decryption on the fourth homomorphic encrypted information to obtain a homomorphic decryption result;
decrypting the homomorphic decryption result again by using the attribute key of the terminal to obtain a session key and a first ciphertext;
and decrypting the first ciphertext by using the session key to obtain the second random number message.
8. The method according to claim 6, wherein before the steps of obtaining the first homomorphic encryption information sent by the core network device through the first transmission method and obtaining the second homomorphic encryption information sent by the core network device through the second transmission method, the method further comprises:
generating an authentication request according to the identification and attribute information of the terminal;
and sending the authentication request to core network equipment so that the core network equipment judges whether the attribute information of the terminal is in the attribute description certificate.
9. A core network device, comprising:
the splitting module is used for acquiring a first encrypted message and randomly splitting the first encrypted message into first information and second information; the first encrypted message comprises a session key and a first ciphertext, the first ciphertext is a ciphertext obtained by encrypting a first random number message by using the session key, and the session key is a key generated based on attribute information of a terminal;
the first homomorphic encryption module is used for homomorphic encryption of the first information and the second information respectively by using a public key of the terminal according to a predetermined algorithm to obtain first homomorphic encryption information and second homomorphic encryption information;
the first sending module is used for sending the first homomorphic encryption information to the terminal in a first transmission mode and sending the second homomorphic encryption information to the terminal in a second transmission mode;
a receiving module, configured to receive first homomorphic encryption and splitting information and second homomorphic encryption and splitting information fed back by a terminal, where the first homomorphic encryption and splitting information is information obtained through the first transmission method, and the second homomorphic encryption and splitting information is information obtained through the second transmission method;
the first determining module is used for determining a second random number message according to the first homomorphic encryption splitting information and the second homomorphic encryption splitting information;
the authentication module is used for determining an authentication result of the terminal according to the first random number message and the second random number message;
the first homomorphic encryption splitting information and the second homomorphic encryption splitting information are information obtained by randomly splitting a third homomorphic encryption message, and the third homomorphic encryption message is generated by the terminal performing homomorphic encryption on the second random number message according to the public key of the core network device.
10. A terminal, comprising:
the device comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for respectively acquiring first homomorphic encryption information sent by core network equipment through a first transmission mode and acquiring second homomorphic encryption information sent by the core network equipment through a second transmission mode;
the second determining module is used for determining a second random number message according to the first homomorphic encryption information, the second homomorphic encryption information and the attribute key of the terminal;
the second homomorphic encryption module is used for homomorphic encrypting the second random number message according to the public key of the core network equipment to generate a third homomorphic encryption message and randomly splitting the third homomorphic encryption message into first homomorphic encryption splitting information and second homomorphic encryption splitting information;
and the second sending module is used for sending the first homomorphic encryption and splitting information and the second homomorphic encryption and splitting information to the core network equipment so that the core network equipment determines an authentication result of the terminal according to the first homomorphic encryption and splitting information, the second homomorphic encryption and splitting information and a first random number message, wherein the first homomorphic encryption and splitting information is forwarded to the core network equipment by the micro base station in the first transmission mode, and the second homomorphic encryption and splitting information is forwarded to the core network equipment by the micro base station in the second transmission mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010623532.6A CN111800791B (en) | 2020-06-29 | 2020-06-29 | Authentication method, core network equipment and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010623532.6A CN111800791B (en) | 2020-06-29 | 2020-06-29 | Authentication method, core network equipment and terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111800791A CN111800791A (en) | 2020-10-20 |
| CN111800791B true CN111800791B (en) | 2022-08-16 |
Family
ID=72810968
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010623532.6A Active CN111800791B (en) | 2020-06-29 | 2020-06-29 | Authentication method, core network equipment and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111800791B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114172710B (en) * | 2021-12-01 | 2024-01-30 | 深圳市电子商务安全证书管理有限公司 | Data decryption method, device, equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107666388A (en) * | 2016-07-28 | 2018-02-06 | 郑珂威 | Block chain information encryption method based on complete homomorphic cryptography method |
| CN111083697A (en) * | 2020-01-10 | 2020-04-28 | 中国联合网络通信集团有限公司 | Access method, terminal, micro base station and access system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10250591B2 (en) * | 2016-02-12 | 2019-04-02 | International Business Machines Corporation | Password-based authentication |
-
2020
- 2020-06-29 CN CN202010623532.6A patent/CN111800791B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107666388A (en) * | 2016-07-28 | 2018-02-06 | 郑珂威 | Block chain information encryption method based on complete homomorphic cryptography method |
| CN111083697A (en) * | 2020-01-10 | 2020-04-28 | 中国联合网络通信集团有限公司 | Access method, terminal, micro base station and access system |
Non-Patent Citations (1)
| Title |
|---|
| 云计算网络数据库中的加密优化模型仿真分析;熊婷等;《科学技术与工程》;20160728(第21期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111800791A (en) | 2020-10-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11122428B2 (en) | Transmission data protection system, method, and apparatus | |
| CN111246471B (en) | Terminal access method and device | |
| CN111865603A (en) | Authentication method, authentication device and authentication system | |
| CN105577680A (en) | Key generation method, encrypted data analyzing method, devices and key managing center | |
| CN111246477B (en) | Access method, terminal, micro base station and access system | |
| CN111212426B (en) | Terminal access method, terminal, micro base station and access system | |
| CN111194034B (en) | Authentication method and device | |
| JP2000083018A (en) | Method for transmitting information needing secrecy by first using communication that is not kept secret | |
| CN111918289B (en) | Terminal access method, device and server | |
| CN111212425B (en) | Access method, server and terminal | |
| CN111246474B (en) | Base station authentication method and device | |
| CN107483429B (en) | A kind of data ciphering method and device | |
| CN111601280B (en) | Access verification method and device | |
| CN111050322A (en) | GBA-based client registration and key sharing method, device and system | |
| CN111901795B (en) | Access method, core network equipment and micro base station management server | |
| CN112566119A (en) | Terminal authentication method and device, computer equipment and storage medium | |
| CN111246476B (en) | Method and device for verifying micro base station user | |
| CN108964886B (en) | Communication method comprising encryption algorithm, communication method comprising decryption algorithm and equipment | |
| CN111988777B (en) | Method for processing one number double-terminal service, core network equipment and server | |
| CN111800791B (en) | Authentication method, core network equipment and terminal | |
| CN111885600B (en) | Access method of dual-card terminal, terminal and server | |
| CN112399416B (en) | Access method and device | |
| CN111918292B (en) | Access method and device | |
| CN112437436A (en) | Identity authentication method and device | |
| CN112437434B (en) | Access method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |