CN112468483A - Service dynamic allocation and signaling protection method based on 5G edge protection agent - Google Patents
Service dynamic allocation and signaling protection method based on 5G edge protection agent Download PDFInfo
- Publication number
- CN112468483A CN112468483A CN202011328546.1A CN202011328546A CN112468483A CN 112468483 A CN112468483 A CN 112468483A CN 202011328546 A CN202011328546 A CN 202011328546A CN 112468483 A CN112468483 A CN 112468483A
- Authority
- CN
- China
- Prior art keywords
- service
- request
- module
- network element
- response
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/51—Discovery or management thereof, e.g. service location protocol [SLP] or web services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a service dynamic allocation and signaling protection method based on a 5G edge protection agent, which comprises the following steps: s1, dividing the user request into a service discovery request and a general service request; and S2, respectively processing the service discovery request and the general service request through the safety edge protection equipment. The invention greatly improves the flexibility, safety and maintainability of internal network service deployment, ensures the safety and high availability requirements of the internal network, is suitable for the scene of safe 5G communication requirements and has important application prospect.
Description
Technical Field
The invention relates to the technical field of 5G edge protection, in particular to a service dynamic allocation and signaling protection method based on a 5G edge protection agent.
Background
In a secure 5G mobile communication network, a 5G core network separates User Plane (UP) functions from Control Plane (CP) functions, which interact with service-based interfaces. The security core network is further fused with the 5G core network in a network slicing mode, and for the untrusted 5G mobile communication core network, the control plane signaling protection of the security 5G network is realized by adding boundary protection equipment in a physical entity form between the core networks and adopting a mode based on a Security Edge Protection Proxy (SEPP). SEPP needs to provide functions such as single-point access, intranet topology hiding, load balancing, message identification filtering and supervision protection, blocking external attacks, traffic management and speed limiting, and guaranteeing continuity of service. The current solutions that are close to the above requirements are mainly the traditional edge protection devices and reverse proxy service solutions.
The traditional scheme of the edge protection device mainly adds network security protection measures, can prevent attacks from spreading to an internal network, controls network behaviors and application flow, but still presents internal network topology and service device information to the outside, and cannot solve the problem of interaction only by using a service-based interface.
Although the reverse proxy service scheme can effectively realize the functions of internal network topology hiding, load balancing and speed limiting implementation, the server configuration is relatively fixed and cannot adapt to the increase and decrease of the service types, even for the original service types, after the service equipment is adjusted, the proxy server configuration needs to be changed or even the proxy service needs to be restarted, the dynamic adjustment of the service equipment cannot be adapted, and the continuity of the core network service cannot be ensured; the reverse proxy server can perform classified interception on user requests according to information such as request addresses, parameters and the like, but cannot perform message identification filtering and supervision.
Therefore, the existing solutions, whether adopting the traditional edge protection device or the reverse proxy service scheme, cannot fully meet the protection requirements of the 5G mobile communication core network.
Disclosure of Invention
Aiming at the defects in the prior art, the dynamic service allocation and signaling protection method based on the 5G edge protection agent solves the problems that external equipment directly accesses an intranet service network element, the intranet service network element address and the intranet service network element distribution condition are presented to the outside, and the risk of internal network topology structure exposure exists; the internal service network element is difficult to maintain, and the problem of service interruption can be caused by modifying the configuration of the service network element and even restarting the service.
In order to achieve the purpose of the invention, the invention adopts the technical scheme that: a service dynamic allocation and signaling protection method based on 5G edge protection agent is characterized by comprising the following steps:
s1, dividing the user request into a service discovery request and a general service request;
and S2, respectively processing the service discovery request and the general service request through the safety edge protection equipment.
Further: the service discovery request is a request initiated by a network element to a network repository function network element (NRF) to discover a service device having a specific service type, and the general service request is a request initiated by the network element to an intranet service device to acquire a service of the specific type.
Further: the safe edge protection device comprises a hardware platform and a software module.
Further: the hardware platform comprises a general service system and IP protection equipment.
Further: the software module comprises a network protocol stack, an IP layer protection, an HTTP protocol stack, a request analysis module, a message identification module, a signaling filtering module, a strategy matching module, a strategy configuration module, a strategy dynamic maintenance module, a service network element matching module, a service selection module, a request encapsulation forwarding module, a response processing module, a response receiving module and a response forwarding module; the network protocol stack is connected with a signal input end of the HTTP protocol stack through IP layer protection, the network protocol stack can also be directly connected with the HTTP protocol stack, a signal output end, a request analysis module, a message identification module, a signaling filtering module, a service selection module, a request encapsulation forwarding module and a signal input end of the FTTP protocol stack of the HTTP protocol stack are sequentially connected, a signal output end, a response processing module, a response forwarding module and a signal input end of the HTTP protocol stack are sequentially connected, the response processing module is further connected with a strategy dynamic maintenance module and a service network element service module respectively, the strategy dynamic maintenance module and the strategy configuration module are connected with the signaling filtering module through a strategy matching module, and the service network element maintenance module is connected with the service selection module through the service network element matching module.
Further: the processing flow of the service discovery request is as follows:
a1, the service discovery request initiated by the user equipment reaches the security edge protection equipment through the visited network NRF (V-NRF), the security edge protection equipment carries out validity check on the service discovery request, and the service discovery request which is checked to be valid is transferred to the home network NRF (H-NRF);
a2, sending a service discovery request response to the edge protection device through the H-NRF;
a3, establishing a service mapping message through edge protection equipment, replacing a service address message in the service mapping message with a local access address, and repackaging a service discovery request response;
a4, sending the repackaged service discovery request response to the initiating user.
Further: the processing flow of the general service request is as follows:
b1, making the general service request initiated by the external network element reach the entrance of the home network security border protection proxy (H-SEPP), intercepting the illegal data packet through the IP protection module, and checking the service request message passing the interception according to the protection strategy;
b2, searching the service mapping relation table according to the terminal and the service request type, searching the service network element group capable of providing the service, and selecting the target service network element by combining the user information and the corresponding configuration service strategy of the service grade;
b3, if there is no matched service network element, actively sending a service discovery request to the H-NRF through SEPP;
b4, obtaining corresponding service information from the service discovery request response through the edge protection device, and updating the service network element;
b5, sending the repackaging request to the target service network element, if the target service network element is abnormal or the response is overtime, reselecting the corresponding standby service network element, and sending the repackaging request;
b6, when the edge protection device receives the service discovery request response and analyzes, dynamically adjusting the protection strategy and updating the service network element according to the response result data;
and B7, repackaging the response data and forwarding the response data to the request end.
Further: the request message in said step B1 includes necessary parameters, source and destination information, content format, content compliance, user status and location information.
The invention has the beneficial effects that:
1. the invention has hidden network topology, shields the distribution situation of internal network service network elements, shields the information of internal network service network element addresses, quantity and the like, only edge protection equipment is visible to the outside, and can resist remote detection and attack;
2. the dynamic conversion of the service network element address solves the problems of dynamic increase and decrease of the service network elements of the internal network or the address conversion of the service network elements; the continuity of the core network service is guaranteed, and the user service experience is uninterrupted under the conditions of the change of the IP address of the network element of the core network and the like;
3. the service network element of the invention is automatically selected, and the corresponding internal service network element can be automatically selected to provide services according to the service type;
4. the invention realizes the message identification and filtration, carries out the identification, filtration and supervision protection on the control plane messages between Public Land Mobile Networks (PLMN), carries out the filtration and detection on the abnormal signaling flow between networks, completes the filtration and extraction of network data and signaling flow, and provides the functions of illegal and abnormal signaling protection.
The invention greatly improves the flexibility, safety and maintainability of internal network service deployment, ensures the safety and high availability requirements of the internal network, is suitable for the scene of safe 5G communication requirements and has important application prospect.
Drawings
FIG. 1 is a schematic view of a safety margin protection device deployment topology of the present invention;
FIG. 2 is a safety margin protection device implementation architecture in accordance with the present invention;
FIG. 3 is a flow chart of a service discovery request process according to the present invention;
fig. 4 is a flow chart of a general service request process in the present invention.
Detailed Description
The following description of the embodiments of the present invention is provided to facilitate the understanding of the present invention by those skilled in the art, but it should be understood that the present invention is not limited to the scope of the embodiments, and it will be apparent to those skilled in the art that various changes may be made without departing from the spirit and scope of the invention as defined and defined in the appended claims, and all matters produced by the invention using the inventive concept are protected.
A service dynamic allocation and signaling protection method based on 5G edge protection agent includes the following steps:
s1, dividing the user request into a service discovery request and a general service request;
the service discovery request is a request initiated by the network element to the NRF to discover a service device having a specific service type. The general service request is a request initiated by the network element to the intranet service equipment to acquire a specific type of service. The edge protection device has corresponding request processing flows for the two types of requests, namely a service discovery request processing flow and a general service request processing flow.
And S2, respectively processing the service discovery request and the general service request through the safety edge protection equipment.
Deploying NRF in HPLMN, providing registration service for service network elements deployed in HPLMN, maintaining state information of service network element resources in an intranet, acquiring information such as addresses, current states and service types which can be provided of each service network element by intercepting external network element (NF) service discovery requests or actively inquiring the NRF by edge protection equipment, establishing an intranet service mapping table, and maintaining a mapping relation between service ID and the intranet service network elements; when receiving a service request, carrying out service ID matching according to a service strategy, and selecting a corresponding service network element to provide service; for NRF queries initiated by a visited network (VPLMN) NF, the edge protection device replaces the real service network element information in the request response with the local address and the self-defined service ID. The user equipment of the access side network (VPLMN) needs to access the service in the HPLMN and can only access through the edge protection equipment, namely, only the edge protection equipment is visible for the user equipment in the VPLMN, and the internal network information of the HPLMN is shielded. When the user equipment accesses the service in the HPLMN, only the service to be accessed needs to be provided in the request sent to the edge protection device, and no specific service network element information needs to be provided, and a deployment topology diagram of the edge protection device is shown in fig. 1. If the user equipment U _ a needs to access the authentication service network element S _ a, user authentication is carried out on the HPLMN, an authentication request reaches the edge protection equipment through the VPLMN, the edge protection equipment firstly carries out security check on the request, if the request passes through the VPLMN, the NRF query result and the user policy are matched with the corresponding service network element (such as the service network element S _ a), the edge protection equipment forwards the authentication request of the U _ a to the S _ a, the edge protection equipment receives the authentication result of the S _ a, repackages the authentication result and forwards the repackaged authentication result to the U _ a, and then, the primary request process of the user U _ a is completed.
The safety edge protection device consists of two parts, namely a hardware module and a host software module. The universal service system and the IP protection equipment form an edge protection hardware platform; the software module mainly comprises a network protocol stack, an IP layer protection module, an HTTP protocol stack, a message identification module, a signaling filtering module, a filtering strategy maintenance module, a service network element matching module, a service selection module, a response processing module and the like. The modules of message identification, signaling filtration, filtration strategy maintenance and the like realize the signaling protection function of the system; and modules for service network element maintenance, service network element matching, service selection, response processing and the like realize the dynamic service allocation function of the control plane of the system.
The secure edge prevention device implementation architecture is shown in fig. 2, the network protocol stack is connected with the signal input end of the HTTP protocol stack through IP layer prevention, the network protocol stack can also be directly connected with the HTTP protocol stack, the signal output end of the HTTP protocol stack, the request analysis module, the message identification module, the signaling filtering module, the service selection module, the request encapsulation forwarding module and the signal input end of the FTTP protocol stack are sequentially connected, the signal output end of the HTTP protocol stack, the response processing module, the response forwarding module and the signal input end of the HTTP protocol stack are connected in sequence, the response processing module is also respectively connected with the strategy dynamic maintenance module and the service network element service module, the strategy dynamic maintenance module and the strategy configuration module are both connected with the signaling filtering module through the strategy matching module, and the service network element maintenance module is connected with the service selection module through the service network element matching module.
The flow of the process for a user or a network element of an external network to send a service discovery request to an internal network via V-NRF is shown in fig. 3.
A1, the service discovery request initiated by the user equipment reaches the safety edge protection equipment through V-NRF, the safety edge protection equipment carries out validity check on the service discovery request, and the service discovery request which is checked to be legal is transferred to H-NRF;
a2, sending a service discovery request response to the edge protection device through the H-NRF;
a3, establishing a service mapping message through edge protection equipment, replacing a service address message in the service mapping message with a local access address, and repackaging a service discovery request response; the service mapping relationship is shown in table 1.
Table 1 service mapping relation
Field(s) | Sample examples |
Service ID | 39228c72-a0bb-4e84-b15f-b8e920ea171b |
Service name | nsmf-pdusession |
Type of service | SMF |
Service status | REGISTERED |
Period of validity | 2020-01-09 17:32:25 |
Access path | https://127.0.0.1:29502/nsmf-pdusession/v1 |
A4, sending the repackaged service discovery request response to the initiating user.
The general service request processing flow for the foreign network user or the network element is shown in fig. 4.
B1, making the general service request from the external network element reach the H-SEPP entrance, intercepting the illegal data packet by the IP protection module, checking the service request message passing the interception according to the protection strategy; and intercepting the request which does not meet the requirement of the strategy according to the information validity check such as necessary parameters, source and destination information, content format, content conformity, user state, position and the like.
B2, searching the service mapping relation table according to the terminal and the service request type, searching the service network element group capable of providing the service, and selecting the target service network element by combining the user information and the corresponding configuration service strategy of the service grade;
b3, if there is no matched service network element, actively sending a service discovery request to the H-NRF through SEPP;
b4, obtaining corresponding service information from the service discovery request response through the edge protection device, and updating the service network element;
b5, sending the repackaging request to the target service network element, if the target service network element is abnormal or the response is overtime, reselecting the corresponding standby service network element, and sending the repackaging request;
b6, when the edge protection device receives the service discovery request response and analyzes, dynamically adjusting the protection strategy and updating the service network element according to the response result data;
and B7, repackaging the response data and forwarding the response data to the request end.
The invention greatly improves the flexibility, safety and maintainability of internal network service deployment, ensures the safety and high availability requirements of the internal network, is suitable for the scene of safe 5G communication requirements and has important application prospect.
Claims (8)
1. A service dynamic allocation and signaling protection method based on 5G edge protection agent is characterized by comprising the following steps:
s1, dividing the user request into a service discovery request and a general service request;
and S2, respectively processing the service discovery request and the general service request through the safety edge protection equipment.
2. The method of claim 1, wherein the service discovery request is a request initiated by the network element to the NRF to discover a service device with a specific service type, and the general service request is a request initiated by the network element to an intranet service device to obtain a service of a specific type.
3. The method for dynamic service allocation and signaling protection based on 5G edge protection agent as claimed in claim 1, wherein the security edge protection device comprises a hardware platform and a software module.
4. The method of claim 3, wherein the hardware platform comprises a generic service system and an IP protection device.
5. The method for dynamic service allocation and signaling protection based on the 5G edge protection agent according to claim 3, wherein the software modules include a network protocol stack, IP layer protection, HTTP protocol stack, a request parsing module, a message identification module, a signaling filtering module, a policy matching module, a policy configuration module, a policy dynamic maintenance module, a service network element matching module, a service selection module, a request encapsulation forwarding module, a response processing module, a response receiving module and a response forwarding module; the network protocol stack is connected with a signal input end of the HTTP protocol stack through IP layer protection, the network protocol stack can also be directly connected with the HTTP protocol stack, a signal output end, a request analysis module, a message identification module, a signaling filtering module, a service selection module, a request encapsulation forwarding module and a signal input end of the FTTP protocol stack of the HTTP protocol stack are sequentially connected, a signal output end, a response processing module, a response forwarding module and a signal input end of the HTTP protocol stack are sequentially connected, the response processing module is further connected with a strategy dynamic maintenance module and a service network element service module respectively, the strategy dynamic maintenance module and the strategy configuration module are connected with the signaling filtering module through a strategy matching module, and the service network element maintenance module is connected with the service selection module through the service network element matching module.
6. The method according to claim 1, wherein the service discovery request is processed by:
a1, the service discovery request initiated by the user equipment reaches the safety edge protection equipment through V-NRF, the safety edge protection equipment carries out validity check on the service discovery request, and the service discovery request which is checked to be legal is transferred to H-NRF;
a2, sending a service discovery request response to the edge protection device through the H-NRF;
a3, establishing a service mapping message through edge protection equipment, replacing a service address message in the service mapping message with a local access address, and repackaging a service discovery request response;
a4, sending the repackaged service discovery request response to the initiating user.
7. The method according to claim 1, wherein the general service request processing procedure is as follows:
b1, making the general service request from the external network element reach the H-SEPP entrance, intercepting the illegal data packet by the IP protection module, checking the service request message passing the interception according to the protection strategy;
b2, searching the service mapping relation table according to the terminal and the service request type, searching the service network element group capable of providing the service, and selecting the target service network element by combining the user information and the corresponding configuration service strategy of the service grade;
b3, if there is no matched service network element, actively sending a service discovery request to the H-NRF through SEPP;
b4, obtaining corresponding service information from the service discovery request response through the edge protection device, and updating the service network element;
b5, sending the repackaging request to the target service network element, if the target service network element is abnormal or the response is overtime, reselecting the corresponding standby service network element, and sending the repackaging request;
b6, when the edge protection device receives the service discovery request response and analyzes, dynamically adjusting the protection strategy and updating the service network element according to the response result data;
and B7, repackaging the response data and forwarding the response data to the request end.
8. The method for dynamic service allocation and signaling protection based on 5G edge protection proxy as claimed in claim 7, wherein the request message in step B1 includes necessary parameters, source and destination information, content format, content compliance, user status and location information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011328546.1A CN112468483B (en) | 2020-11-24 | 2020-11-24 | Service dynamic allocation and signaling protection method based on 5G edge protection agent |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011328546.1A CN112468483B (en) | 2020-11-24 | 2020-11-24 | Service dynamic allocation and signaling protection method based on 5G edge protection agent |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112468483A true CN112468483A (en) | 2021-03-09 |
CN112468483B CN112468483B (en) | 2022-02-08 |
Family
ID=74798215
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011328546.1A Active CN112468483B (en) | 2020-11-24 | 2020-11-24 | Service dynamic allocation and signaling protection method based on 5G edge protection agent |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112468483B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113518082A (en) * | 2021-06-24 | 2021-10-19 | 深之蓝(天津)水下智能科技有限公司 | Message processing method, electronic equipment and storage medium |
CN113542219A (en) * | 2021-06-07 | 2021-10-22 | 中国人民解放军战略支援部队信息工程大学 | Method and system for realizing signaling access based on multi-mode network element proxy |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20190174449A1 (en) * | 2018-02-09 | 2019-06-06 | Intel Corporation | Technologies to authorize user equipment use of local area data network features and control the size of local area data network information in access and mobility management function |
WO2019158028A1 (en) * | 2018-02-13 | 2019-08-22 | 华为技术有限公司 | Communication method and device |
CN110290161A (en) * | 2018-03-19 | 2019-09-27 | 中国移动通信有限公司研究院 | A kind of topology hiding method, node, functional entity and computer storage medium |
WO2020001300A1 (en) * | 2018-06-29 | 2020-01-02 | Huawei Technologies Co., Ltd. | Method and solution for avoiding issues with inter plmn routing and tls in 5g service based architecture |
US20200036754A1 (en) * | 2018-07-30 | 2020-01-30 | Cisco Technology, Inc. | Sepp registration, discovery and inter-plmn connectivity policies |
WO2020094547A1 (en) * | 2018-11-05 | 2020-05-14 | Telefonaktiebolaget Lm Ericsson (Publ) | Fully qualified domain name handling for service interactions in 5g |
WO2020150268A1 (en) * | 2019-01-14 | 2020-07-23 | Apple Inc. | Management of vehicle-to-everything pc5 capability in 5g systems |
CN111586136A (en) * | 2020-04-30 | 2020-08-25 | 广州爱浦路网络技术有限公司 | Method and system for dynamically discovering TCE (traffic control element) resources in 5G core network |
CN111684826A (en) * | 2018-06-25 | 2020-09-18 | 日本电气株式会社 | Method and system for indicating SMS subscription to UE when SMS subscription in network changes |
-
2020
- 2020-11-24 CN CN202011328546.1A patent/CN112468483B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20190174449A1 (en) * | 2018-02-09 | 2019-06-06 | Intel Corporation | Technologies to authorize user equipment use of local area data network features and control the size of local area data network information in access and mobility management function |
WO2019158028A1 (en) * | 2018-02-13 | 2019-08-22 | 华为技术有限公司 | Communication method and device |
CN110167013A (en) * | 2018-02-13 | 2019-08-23 | 华为技术有限公司 | A kind of communication means and device |
CN110290161A (en) * | 2018-03-19 | 2019-09-27 | 中国移动通信有限公司研究院 | A kind of topology hiding method, node, functional entity and computer storage medium |
CN111684826A (en) * | 2018-06-25 | 2020-09-18 | 日本电气株式会社 | Method and system for indicating SMS subscription to UE when SMS subscription in network changes |
WO2020001300A1 (en) * | 2018-06-29 | 2020-01-02 | Huawei Technologies Co., Ltd. | Method and solution for avoiding issues with inter plmn routing and tls in 5g service based architecture |
US20200036754A1 (en) * | 2018-07-30 | 2020-01-30 | Cisco Technology, Inc. | Sepp registration, discovery and inter-plmn connectivity policies |
WO2020094547A1 (en) * | 2018-11-05 | 2020-05-14 | Telefonaktiebolaget Lm Ericsson (Publ) | Fully qualified domain name handling for service interactions in 5g |
WO2020150268A1 (en) * | 2019-01-14 | 2020-07-23 | Apple Inc. | Management of vehicle-to-everything pc5 capability in 5g systems |
CN111586136A (en) * | 2020-04-30 | 2020-08-25 | 广州爱浦路网络技术有限公司 | Method and system for dynamically discovering TCE (traffic control element) resources in 5G core network |
Non-Patent Citations (2)
Title |
---|
HUANG ZEYU 等: "Survey on Edge Computing Security", 《IEEE》 * |
潘海侠 等: "服务系统中多阶段动态服务匹配模型及优化算法研究", 《工业工程》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113542219A (en) * | 2021-06-07 | 2021-10-22 | 中国人民解放军战略支援部队信息工程大学 | Method and system for realizing signaling access based on multi-mode network element proxy |
CN113542219B (en) * | 2021-06-07 | 2023-02-14 | 中国人民解放军战略支援部队信息工程大学 | Method and system for realizing signaling access based on multi-mode network element proxy |
CN113518082A (en) * | 2021-06-24 | 2021-10-19 | 深之蓝(天津)水下智能科技有限公司 | Message processing method, electronic equipment and storage medium |
CN113518082B (en) * | 2021-06-24 | 2021-12-17 | 深之蓝(天津)水下智能科技有限公司 | Message processing method, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN112468483B (en) | 2022-02-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11553342B2 (en) | Methods, systems, and computer readable media for mitigating 5G roaming security attacks using security edge protection proxy (SEPP) | |
US11818570B2 (en) | Methods, systems, and computer readable media for message validation in fifth generation (5G) communications networks | |
US11516671B2 (en) | Methods, systems, and computer readable media for mitigating location tracking and denial of service (DoS) attacks that utilize access and mobility management function (AMF) location service | |
US7586871B2 (en) | Platform and method for providing data services in a communication network | |
US7512969B2 (en) | System and method for detecting and reporting cable network devices with duplicate media access control addresses | |
CN112468483B (en) | Service dynamic allocation and signaling protection method based on 5G edge protection agent | |
US9071505B2 (en) | Method and system for dynamically allocating services for subscribers data traffic | |
US11997585B2 (en) | SIM whitelisting and multi-operator core networks | |
KR20230058457A (en) | Methods, systems, and computer readable media for 5G user equipment (UE) historical mobility tracking and security screening using mobility patterns | |
US8437354B2 (en) | Method and apparatus for realizing unicast reverse path forwarding | |
US20220295282A1 (en) | Methods, systems, and computer readable media for delegated authorization at security edge protection proxy (sepp) | |
CN115037551B (en) | Connection authority control method and device, electronic equipment and storage medium | |
CN109995769B (en) | Multi-stage heterogeneous trans-regional full-real-time safety management and control method and system | |
CN103873456B (en) | The access control method and WiFi equipment of WiFi equipment | |
KR20040092911A (en) | Apparatus and method for processing a data call in a private wireless high-speed data system | |
KR20200020544A (en) | Method and system for private network service in 5g communication network | |
JP2003224576A (en) | Lan type internet access network and subscriber line accommodation method used therefor | |
US9264885B2 (en) | Method and system for message transmission control, method and system for register/update | |
JP2006099590A (en) | Access controller, access control method and access control program | |
CN109962831B (en) | Virtual client terminal device, router, storage medium, and communication method | |
US11974134B2 (en) | Methods, systems, and computer readable media for validating subscriber entities against spoofing attacks in a communications network | |
de Carvalho Macedo et al. | Attacks to mobile networks using SS7 vulnerabilities: a real traffic analysis | |
CN112261660A (en) | Android mobile phone end application proxy access security control method | |
CN111010371A (en) | Method for realizing stable terminal access based on ipv6 automatic configuration | |
CN117041973A (en) | Signaling attack processing method, system, device and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |