CN112217861A - 5G network boundary network element identification protection method and device based on identification jump - Google Patents

5G network boundary network element identification protection method and device based on identification jump Download PDF

Info

Publication number
CN112217861A
CN112217861A CN202010910869.5A CN202010910869A CN112217861A CN 112217861 A CN112217861 A CN 112217861A CN 202010910869 A CN202010910869 A CN 202010910869A CN 112217861 A CN112217861 A CN 112217861A
Authority
CN
China
Prior art keywords
identification
identification field
protection
current
real
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010910869.5A
Other languages
Chinese (zh)
Other versions
CN112217861B (en
Inventor
刘树新
王凯
季新生
李星
柏溢
朱宇航
赵宇
吉立新
丁瑞浩
李海涛
巩小锐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Engineering University of PLA Strategic Support Force
Network Communication and Security Zijinshan Laboratory
Original Assignee
Information Engineering University of PLA Strategic Support Force
Network Communication and Security Zijinshan Laboratory
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Engineering University of PLA Strategic Support Force , Network Communication and Security Zijinshan Laboratory filed Critical Information Engineering University of PLA Strategic Support Force
Priority to CN202010910869.5A priority Critical patent/CN112217861B/en
Publication of CN112217861A publication Critical patent/CN112217861A/en
Application granted granted Critical
Publication of CN112217861B publication Critical patent/CN112217861B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • G06F16/211Schema design and management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/142Managing session states for stateless protocols; Signalling session states; State transitions; Keeping-state mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computational Linguistics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a 5G network boundary network element identification protection method and device based on identification jump, the method processes HTTP signaling interacted between 5G core networks to realize the protection of network element identification; firstly, in a cross-network element service discovery phase, processing a core network hNRF response of a visited place vNRF external service request, extracting network element identification information in the response, performing identification jump conversion on identification content of the response, replacing the identification content into an hNRF response message, and forwarding the hNRF response message to a vNRF; when the user of the external network initiates a service request, the identifier in the external request message is replaced by the identifier of the network element before the jump conversion, and the identifier in the response message of the network element in the network is changed into the identifier of the network element after the jump conversion. The invention can complete the protection of the network element identification in the signaling under the condition of not influencing the normal signaling interaction.

Description

5G network boundary network element identification protection method and device based on identification jump
Technical Field
The invention belongs to the technical field of network safety protection, and particularly relates to a 5G network boundary network element identifier protection method and device based on identifier hopping, which aims at a network element equipment identifier protection scene of a 5G network boundary.
Background
With the rapid development of communication technology, fifth generation communication systems gradually enter into practical deployment phases. The 5G is a network of 'everything interconnection', is tightly combined with industrial control, intelligent traffic and the like, and has more prominent importance in social life, industrial production and national safety. The 5G has richer application scenes, the network security threats are more complex and diversified, and new challenges are brought to the 5G network architecture.
Under the 5G network environment, service application is more diversified, and cross-network communication sessions become a common phenomenon. In the internet of everything era, the identities of users and devices are unknown, and various means are used to carry out illegal behaviors such as information stealing, fraud, attack and the like on mobile users, so that the security threat of mobile communication networks is becoming more complicated and diversified, and the credibility of the mobile communication networks is challenged greatly.
The 5G network element identifier is an important parameter for discovering a network element and providing a specific service in the 5G core network. The same as the traditional 3/4G mobile communication network, roaming situation still exists in the 5G era, and registration and conversation of the visited place and the home place are also realized between core networks through signaling interaction; when the inter-network service is initiated, the required service is forwarded to other networks through a security edge protection proxy SEPP (Security edge protection proxy) (see standard TS23.501, https:// www.tech-overview. com/3m 23/tiv-3 gpp-23-501.html) network element functional entity. Because the HTTP \2 message in the request and the response carries the user network element identification information (see the standard TS23.502, HTTPs:// www.tech-invite. com/3m 23/tiv-3 gpp-23-502.html), but the SEPP does not carry out effective protection, the leakage of the network element identification can be caused, and the potential risk exists in the inter-network communication.
Disclosure of Invention
The invention provides a 5G network boundary network element identification protection method and device based on identification hopping, aiming at the problems that HTTP \2 messages in requests and responses carry user network element identification information, but effective protection is not carried out by SEPP, so that network element identification is leaked, and potential risks exist in internetwork communication.
In order to achieve the purpose, the invention adopts the following technical scheme:
A5G network boundary network element identification protection method based on identification hopping comprises the following steps:
step 1: constructing a real and protection identification database, wherein the real and protection identification database is used for storing network element identification names, real identification fields and corresponding protection identification fields;
step 2: judging whether the real-time internetwork signaling has a relevant identification field, and if not, directly forwarding the signaling to the intranet; if the identification field exists, extracting the current identification field and judging whether the identification field is a request message, if not, skipping to the step 3, and if so, skipping to the step 4;
and step 3: inquiring whether the current identification field exists in the real identification field in the database, if not, generating a corresponding protection identification field by jumping, storing the current identification field and the correspondingly generated protection identification field in the database, and replacing the identification field content in the current HTTP \2 message in the response message with the corresponding protection identification field content; if the current identification field exists in the real identification field, inquiring the corresponding protection identification field, and replacing the identification field content in the current HTTP \2 message in the response message with the corresponding protection identification field content;
and 4, step 4: matching and searching an identification field in the current HTTP \2 message in the request message in a protection identification field of the database, finding a corresponding real identification field, and replacing the identification field content in the HTTP \2 message with the corresponding real identification field content;
and 5: and (4) forwarding the HTTP \2 message processed in the step (4), replacing the content of the identification field in the current HTTP \2 message in the response message with the content of the corresponding protection identification field, and returning the protection identification field to the external network.
Further, the relevant identification field comprises NF-instanceId and NF-Id which respectively represent the network element service identification and the network element identification of service access in the 5G network.
Further, the step 3 comprises:
generating corresponding protection identification fields in a jumping mode as follows:
Figure BDA0002663226540000021
wherein, flag takes values of 0,1 and 2 according to the type of the current identification field, and respectively represents numbers, letters and mixed types; a is a set composed of numbers, B is a set composed of letters, and C is a set composed of mixed numbers and letters; x is the current identification field; frand () is a hopping function; se (x) a guard identification field generated for hopping; rand () is a random function for randomly selecting a field of the same number of bits as a corresponding guard identification field after subtracting the current identification field in the corresponding set.
A5G network boundary network element identification protection device based on identification hopping comprises:
the real and protection identification database construction module is used for constructing a real and protection identification database, and the real and protection identification database is used for storing network element identification names, real identification fields and corresponding protection identification fields;
the judging module is used for judging whether the real-time internetwork signaling has the related identification field or not, and if not, the real-time internetwork signaling is directly forwarded to the intranet; if the identification field exists, extracting the current identification field and judging whether the identification field is a request message, if not, skipping to a first identification replacement module, and if so, skipping to a second identification replacement module;
the first identification replacement module is used for inquiring whether the current identification field exists in the real identification field in the database, if not, generating the corresponding protection identification field in a jumping mode, storing the current identification field and the correspondingly generated protection identification field into the database, and replacing the identification field content in the current HTTP \2 message in the response message with the corresponding protection identification field content; if the current identification field exists in the real identification field, inquiring the corresponding protection identification field, and replacing the identification field content in the current HTTP \2 message in the response message with the corresponding protection identification field content;
the second identification replacement module is used for matching and searching the identification field in the current HTTP \2 message in the request message in the protection identification field of the database, finding the corresponding real identification field and replacing the identification field content in the HTTP \2 message with the corresponding real identification field content;
and the third identification replacing module is used for forwarding the HTTP \2 message processed by the second identification replacing module, replacing the identification field content in the current HTTP \2 message in the response message with the corresponding protection identification field content, and returning the protection identification field content to the external network.
Further, the first identity replacement module further comprises:
the protection hopping generation submodule is used for generating corresponding protection identification fields in a hopping mode as follows:
Figure BDA0002663226540000031
wherein, flag takes values of 0,1 and 2 according to the type of the current identification field, and respectively represents numbers, letters and mixed types; a is a set composed of numbers, B is a set composed of letters, and C is a set composed of mixed numbers and letters; x is the current identification field; frand () is a hopping function; se (x) a guard identification field generated for hopping; rand () is a random function for randomly selecting a field of the same number of bits as a corresponding guard identification field after subtracting the current identification field in the corresponding set.
Compared with the prior art, the invention has the following beneficial effects:
the invention provides a 5G network boundary network element identification protection method and device based on identification jump, aiming at the problems that http/2.0 messages in requests and responses carry user network element identification information, but effective protection is not carried out by SEPP, so that network element identification is leaked, and potential risks exist in internetwork communication. The invention carries out jumping processing on the signaling field of the leaked internal network element identification from the signaling content, displays the virtual identification after jumping, namely the protection identification, to the outside, and replaces the virtual identification with the real network element identification, namely the real identification to the inside. Under the condition of not influencing normal signaling interaction, the protection of the network element identifier in the signaling is completed.
Drawings
Fig. 1 is a basic flowchart of a 5G network boundary network element identifier protection method based on identifier hopping according to an embodiment of the present invention;
fig. 2 is an exemplary diagram of identification field related information in a signaling of a 5G network boundary network element identification protection method based on identification hopping according to an embodiment of the present invention;
fig. 3 is a flowchart of a service discovery network element identifier protection method based on identifier hopping for a 5G network boundary network element identifier protection method according to an embodiment of the present invention;
FIG. 4 is a network element identifier protection flowchart of a registration/PDU session flow of a 5G network boundary network element identifier protection method based on identifier hopping according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a 5G network boundary network element identifier protection apparatus based on identifier hopping according to an embodiment of the present invention;
fig. 6 is a schematic deployment diagram of a 5G network boundary network element identifier protection device based on identifier hopping according to an embodiment of the present invention.
Detailed Description
The invention is further illustrated by the following examples in conjunction with the accompanying drawings:
the invention relates to a 5G network boundary network element identification protection method based on identification jump, which is characterized in that inter-network signaling is analyzed, and the network element identification field of the signaling is processed by identification jump, so that the 5G network element identification protection is realized; specifically, the process of processing a signaling flow entering in real time is shown in fig. 1, and includes:
step S101: constructing a real and protection identification database, wherein the real and protection identification database is used for storing network element identification names, real identification fields and corresponding protection identification fields; specifically, the real and protection identification database structure is shown in table 1.
TABLE 1 true and protection identification database
Figure BDA0002663226540000041
Figure BDA0002663226540000051
Step S102: judging whether the real-time internetwork signaling has a relevant identification field, if not, directly forwarding the signaling to an intranet (a protected 5G core network); if the request message exists, extracting the current identification field and judging whether the current identification field is the request message (message initiated by Http client), if not, jumping to the step S103, and if so, jumping to the step S104.
Further, the relevant identification field comprises NF-instanceId, NF-Id, PLMN-Id and the like, which respectively represent the network element service identification, the network element identification and the network domain identification of service access in the 5G network; specifically, the NF-Id comprises AMF-Id, AUSF-Id, SMF-Id and the like, wherein AMF, AUSF and SMF are network elements in a 5G network; specifically, the identification field related information in the signaling is shown in fig. 2.
Step S103: inquiring whether the current identification field exists in the real identification field in the database, if not, generating a corresponding protection identification field by jumping, storing the current identification field and the correspondingly generated protection identification field in the database, and replacing the identification field content in the current HTTP \2 message in the response message with the corresponding protection identification field content (as shown in the response message processing in figure 3); if the current identification field already exists in the real identification field, the corresponding protection identification field is queried, and the identification field content in the current HTTP \2 message in the response message is replaced with the corresponding protection identification field content (as shown in the response message processing in fig. 4).
Further, the step S103 includes:
generating corresponding protection identification fields in a jumping mode as follows:
Figure BDA0002663226540000052
wherein, flag takes values of 0,1 and 2 according to the type of the current identification field, and respectively represents numbers, letters and mixed types; a is a set of numbers, a ═ 0,1,2.. 9 }; b is a set of letters, B ═ a, B, c.. Z, a, B, c.. Z }; c is a set of mixed numbers and letters, C ═ 0,1,2.. 9, a, B, C.. Z }; x is the current identification field; frand () is a hopping function; se (x) a guard identification field generated for hopping; rand () is a random function for randomly selecting a field of the same number of bits as a corresponding guard identification field after subtracting the current identification field in the corresponding set.
Specifically, an example of a process of generating the corresponding guard identification field by hopping is shown in table 2.
Table 2 identifies example content hopping procedures
Type (B) Examples of such applications are Transformation method
Number of 1234 Frand(x,flag=0)
Letters Abcd Frand(x,flag=1)
Hybrid type A2B4c3 Frand(x,flag=2)
Step S104: matching and searching of the identification field in the current HTTP \2 message in the request message are carried out in the protection identification field of the database, the corresponding real identification field is found, and the identification field content in the HTTP \2 message is replaced by the corresponding real identification field content (as shown in the request message processing in figure 4).
Step S105: the HTTP \2 message processed in step S104 is forwarded, and then the content of the identification field in the current HTTP \2 message in the response message is replaced with the content of the corresponding protection identification field, and returned to the external network (as shown in the response message processing in fig. 4).
It is worth pointing out that, in the present invention, both the request message and the response message are HTTP \2 messages.
In summary, the invention provides a 5G network boundary network element identifier protection method and device based on identifier hopping, aiming at the problem that http/2.0 messages in requests and responses carry user network element identifier information, but SEPP does not perform effective protection, which can cause leakage of network element identifiers and cause potential risks in inter-network communication. The invention carries out jumping processing on the signaling field of the leaked internal network element identification from the signaling content, displays the virtual identification after jumping, namely the protection identification, to the outside, and replaces the virtual identification with the real network element identification, namely the real identification to the inside. Under the condition of not influencing normal signaling interaction, the protection of the network element identifier in the signaling is completed.
On the basis of the above embodiment, as shown in fig. 5, the present invention further discloses a device for protecting a 5G network boundary network element identifier based on identifier hopping, which includes:
a real and protection identifier database constructing module 201, configured to construct a real and protection identifier database, where the real and protection identifier database is used to store network element identifier names, real identifier fields, and corresponding protection identifier fields.
The judging module 202 is configured to judge whether a related identifier field exists in the real-time inter-network signaling, and if not, directly forward the real-time inter-network signaling to the intranet; if the identifier exists, extracting the current identifier field and judging whether the identifier field is a request message, if not, skipping to the first identifier replacement module 203, and if so, skipping to the second identifier replacement module 204.
The first identifier replacing module 203 is configured to query the database whether the current identifier field exists in the real identifier field, if not, generate a corresponding protection identifier field by jumping, store the current identifier field and the correspondingly generated protection identifier field in the database, and replace the identifier field content in the current HTTP \2 message in the response message with the corresponding protection identifier field content; if the current identification field exists in the real identification field, the corresponding protection identification field is inquired, and the identification field content in the current HTTP \2 message in the response message is replaced by the corresponding protection identification field content.
The second identifier replacing module 204 is configured to perform matching search on an identifier field in a current HTTP \2 message in the request message in the protection identifier field of the database, find a corresponding real identifier field, and replace the content of the identifier field in the HTTP \2 message with the content of the corresponding real identifier field.
The third identifier replacing module 205 is configured to forward the HTTP \2 message processed by the second identifier replacing module, replace the content of the identifier field in the current HTTP \2 message in the response message with the content of the corresponding protection identifier field, and return the content to the external network.
Further, the first identity replacement module 203 further includes:
the protection hopping generation submodule is used for generating corresponding protection identification fields in a hopping mode as follows:
Figure BDA0002663226540000071
wherein, flag takes values of 0,1 and 2 according to the type of the current identification field, and respectively represents numbers, letters and mixed types; a is a set composed of numbers, B is a set composed of letters, and C is a set composed of mixed numbers and letters; x is the current identification field; frand () is a hopping function; se (x) a guard identification field generated for hopping; rand () is a random function for randomly selecting a field of the same number of bits as a corresponding guard identification field after subtracting the current identification field in the corresponding set.
Specifically, when deployed, the network element identifier protecting apparatus may be connected in series between 5G border gateway devices SEPPs or embedded in an SEPP function as a protecting function, and performs protecting processing on an HTTP signaling request initiated by an external network, as shown in fig. 6.
The above shows only the preferred embodiments of the present invention, and it should be noted that it is obvious to those skilled in the art that various modifications and improvements can be made without departing from the principle of the present invention, and these modifications and improvements should also be considered as the protection scope of the present invention.

Claims (5)

1. A5G network boundary network element identification protection method based on identification hopping is characterized by comprising the following steps:
step 1: constructing a real and protection identification database, wherein the real and protection identification database is used for storing network element identification names, real identification fields and corresponding protection identification fields;
step 2: judging whether the real-time internetwork signaling has a relevant identification field, and if not, directly forwarding the signaling to the intranet; if the identification field exists, extracting the current identification field and judging whether the identification field is a request message, if not, skipping to the step 3, and if so, skipping to the step 4;
and step 3: inquiring whether the current identification field exists in the real identification field in the database, if not, generating a corresponding protection identification field by jumping, storing the current identification field and the correspondingly generated protection identification field in the database, and replacing the identification field content in the current HTTP \2 message in the response message with the corresponding protection identification field content; if the current identification field exists in the real identification field, inquiring the corresponding protection identification field, and replacing the identification field content in the current HTTP \2 message in the response message with the corresponding protection identification field content;
and 4, step 4: matching and searching an identification field in the current HTTP \2 message in the request message in a protection identification field of the database, finding a corresponding real identification field, and replacing the identification field content in the HTTP \2 message with the corresponding real identification field content;
and 5: and (4) forwarding the HTTP \2 message processed in the step (4), replacing the content of the identification field in the current HTTP \2 message in the response message with the content of the corresponding protection identification field, and returning the protection identification field to the external network.
2. The method of claim 1, wherein the relevant identification field comprises NF-InstanceId and NF-Id, which respectively represent a network element service identifier and a network element identifier of a service access in the 5G network.
3. The identity hopping-based 5G network border network element identity protection method of claim 1, wherein the step 3 comprises:
generating corresponding protection identification fields in a jumping mode as follows:
Figure FDA0002663226530000011
wherein, flag takes values of 0,1 and 2 according to the type of the current identification field, and respectively represents numbers, letters and mixed types; a is a set composed of numbers, B is a set composed of letters, and C is a set composed of mixed numbers and letters; x is the current identification field; frand () is a hopping function; se (x) a guard identification field generated for hopping; rand () is a random function for randomly selecting a field of the same number of bits as a corresponding guard identification field after subtracting the current identification field in the corresponding set.
4. A5G network boundary network element identification protection device based on identification hopping is characterized by comprising the following components:
the real and protection identification database construction module is used for constructing a real and protection identification database, and the real and protection identification database is used for storing network element identification names, real identification fields and corresponding protection identification fields;
the judging module is used for judging whether the real-time internetwork signaling has the related identification field or not, and if not, the real-time internetwork signaling is directly forwarded to the intranet; if the identification field exists, extracting the current identification field and judging whether the identification field is a request message, if not, skipping to a first identification replacement module, and if so, skipping to a second identification replacement module;
the first identification replacement module is used for inquiring whether the current identification field exists in the real identification field in the database, if not, generating the corresponding protection identification field in a jumping mode, storing the current identification field and the correspondingly generated protection identification field into the database, and replacing the identification field content in the current HTTP \2 message in the response message with the corresponding protection identification field content; if the current identification field exists in the real identification field, inquiring the corresponding protection identification field, and replacing the identification field content in the current HTTP \2 message in the response message with the corresponding protection identification field content;
the second identification replacement module is used for matching and searching the identification field in the current HTTP \2 message in the request message in the protection identification field of the database, finding the corresponding real identification field and replacing the identification field content in the HTTP \2 message with the corresponding real identification field content;
and the third identification replacing module is used for forwarding the HTTP \2 message processed by the second identification replacing module, replacing the identification field content in the current HTTP \2 message in the response message with the corresponding protection identification field content, and returning the protection identification field content to the external network.
5. The apparatus of claim 4, wherein the first identity replacement module comprises:
the protection hopping generation submodule is used for generating corresponding protection identification fields in a hopping mode as follows:
Figure FDA0002663226530000021
wherein, flag takes values of 0,1 and 2 according to the type of the current identification field, and respectively represents numbers, letters and mixed types; a is a set composed of numbers, B is a set composed of letters, and C is a set composed of mixed numbers and letters; x is the current identification field; frand () is a hopping function; se (x) a guard identification field generated for hopping; rand () is a random function for randomly selecting a field of the same number of bits as a corresponding guard identification field after subtracting the current identification field in the corresponding set.
CN202010910869.5A 2020-09-02 2020-09-02 5G network boundary network element identification protection method and device based on identification jump Active CN112217861B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010910869.5A CN112217861B (en) 2020-09-02 2020-09-02 5G network boundary network element identification protection method and device based on identification jump

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010910869.5A CN112217861B (en) 2020-09-02 2020-09-02 5G network boundary network element identification protection method and device based on identification jump

Publications (2)

Publication Number Publication Date
CN112217861A true CN112217861A (en) 2021-01-12
CN112217861B CN112217861B (en) 2022-10-28

Family

ID=74048771

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010910869.5A Active CN112217861B (en) 2020-09-02 2020-09-02 5G network boundary network element identification protection method and device based on identification jump

Country Status (1)

Country Link
CN (1) CN112217861B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113542219A (en) * 2021-06-07 2021-10-22 中国人民解放军战略支援部队信息工程大学 Method and system for realizing signaling access based on multi-mode network element proxy

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103236927A (en) * 2013-04-16 2013-08-07 中国科学技术大学 Dynamic-identification-based authentication method and system
CN104247462A (en) * 2012-01-13 2014-12-24 诺基亚通信公司 Machine-type communication proxy function
CN104753888A (en) * 2013-12-31 2015-07-01 中兴通讯股份有限公司 Message handling method and device
CN105376733A (en) * 2015-09-30 2016-03-02 联想(北京)有限公司 Information processing method and electronic apparatus
US20170357826A1 (en) * 2014-12-31 2017-12-14 Gemalto Sa System and method for obfuscating an identifier to protect the identifier from impermissible appropriation
CN110620822A (en) * 2019-09-27 2019-12-27 腾讯科技(深圳)有限公司 Network element determination method and device
CN110881184A (en) * 2018-09-05 2020-03-13 华为技术有限公司 Communication method and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104247462A (en) * 2012-01-13 2014-12-24 诺基亚通信公司 Machine-type communication proxy function
CN103236927A (en) * 2013-04-16 2013-08-07 中国科学技术大学 Dynamic-identification-based authentication method and system
CN104753888A (en) * 2013-12-31 2015-07-01 中兴通讯股份有限公司 Message handling method and device
US20170357826A1 (en) * 2014-12-31 2017-12-14 Gemalto Sa System and method for obfuscating an identifier to protect the identifier from impermissible appropriation
CN105376733A (en) * 2015-09-30 2016-03-02 联想(北京)有限公司 Information processing method and electronic apparatus
CN110881184A (en) * 2018-09-05 2020-03-13 华为技术有限公司 Communication method and device
CN110620822A (en) * 2019-09-27 2019-12-27 腾讯科技(深圳)有限公司 Network element determination method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113542219A (en) * 2021-06-07 2021-10-22 中国人民解放军战略支援部队信息工程大学 Method and system for realizing signaling access based on multi-mode network element proxy
CN113542219B (en) * 2021-06-07 2023-02-14 中国人民解放军战略支援部队信息工程大学 Method and system for realizing signaling access based on multi-mode network element proxy

Also Published As

Publication number Publication date
CN112217861B (en) 2022-10-28

Similar Documents

Publication Publication Date Title
CN107580324B (en) Method for protecting IMSI privacy of mobile communication system
US20220014922A1 (en) Protecting a telecommunications network using network components as blockchain nodes
CN101009706B (en) Method for protecting application based on sip
CN105828413A (en) Safety method of D2D mode B discovery, terminal and system
CN112217861B (en) 5G network boundary network element identification protection method and device based on identification jump
CN117280656A (en) Methods, systems, and computer readable media for hiding network function instance identifiers
CN105743746A (en) Intelligent home electric appliance management method, management apparatus and management system
CN112203279B (en) 5G network boundary network element address protection method and device based on discrete address change
Papadopoulos et al. Separating authentication from query execution in outsourced databases
WO2022036336A1 (en) Network communication method and apparatus
Angermeier et al. PAL-privacy augmented LTE: A privacy-preserving scheme for vehicular LTE communication
CN101610509B (en) Method, device and system for protecting communication security
CN102546521B (en) Based on cdma service nesting method and the system of IMS network
CN114946153A (en) Method, device and system for application key generation and management in a communication network in encrypted communication with a service application
CN109818909B (en) Call processing method and device
CN113542219B (en) Method and system for realizing signaling access based on multi-mode network element proxy
CN105491065A (en) Resource access method of message-oriented middleware, server, and resource access system
Chen et al. A dual-factor access authentication scheme for IoT terminal in 5G environments with network slice selection
CN111970695B (en) 5G charging domain user privacy protection method, charging system and core network system
US8380165B1 (en) Identifying a cloned mobile device in a communications network
CN106572453B (en) Content charging method, charging network element, SP server and charging system
KR101013274B1 (en) Method and system for intercepting unusual call in wireless data communication environment
CN113489747A (en) Session connection method, device and terminal
CN111903246B (en) High-mobility backbone communication system user sniffing method
CN106330831A (en) User management method and system of government and enterprise network, service server and communication core network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant