CN112491829B - MEC platform identity authentication method and device based on 5G core network and blockchain - Google Patents
MEC platform identity authentication method and device based on 5G core network and blockchain Download PDFInfo
- Publication number
- CN112491829B CN112491829B CN202011272829.9A CN202011272829A CN112491829B CN 112491829 B CN112491829 B CN 112491829B CN 202011272829 A CN202011272829 A CN 202011272829A CN 112491829 B CN112491829 B CN 112491829B
- Authority
- CN
- China
- Prior art keywords
- authentication
- mec platform
- mec
- blockchain
- platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 230000007246 mechanism Effects 0.000 claims abstract description 28
- 230000004044 response Effects 0.000 claims description 63
- 238000007726 management method Methods 0.000 claims description 49
- 238000012795 verification Methods 0.000 claims description 26
- 238000013523 data management Methods 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 13
- 230000011664 signaling Effects 0.000 claims description 7
- 230000001360 synchronised effect Effects 0.000 claims description 3
- DJGAAPFSPWAYTJ-UHFFFAOYSA-M metamizole sodium Chemical compound [Na+].O=C1C(N(CS([O-])(=O)=O)C)=C(C)N(C)N1C1=CC=CC=C1 DJGAAPFSPWAYTJ-UHFFFAOYSA-M 0.000 claims 3
- 238000005516 engineering process Methods 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 30
- 101000904787 Homo sapiens Serine/threonine-protein kinase ATR Proteins 0.000 description 23
- 102100023921 Serine/threonine-protein kinase ATR Human genes 0.000 description 23
- 238000010586 diagram Methods 0.000 description 10
- 230000008569 process Effects 0.000 description 8
- 238000004846 x-ray emission Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 7
- 101100355601 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) RAD53 gene Proteins 0.000 description 5
- 238000000926 separation method Methods 0.000 description 5
- 101150016833 mec-3 gene Proteins 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000000977 initiatory effect Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The invention discloses a MEC platform identity authentication method and device based on a 5G core network and a blockchain, wherein the method comprises the steps of authenticating the identity of a MEC platform through a 5G authentication and key agreement authentication mechanism; marking the network address and the permanent equipment identifier information owned by the authenticated MEC platform; performing uplink management on the authenticated MEC platform through a blockchain consensus mechanism, and storing network address and permanent equipment identifier information owned by the MEC platform into each node on the current blockchain; the method, the device, the equipment and the computer storage medium can realize identity authentication of the MEC platform, synchronize and consensus the authenticated platform identification information based on the blockchain technology, effectively realize authentication of the identity of the MEC platform and effectively prevent the occurrence of illegal use and falsification of the IP address.
Description
Technical Field
The disclosure belongs to the technical field of 5G network communication, and in particular relates to an MEC platform identity authentication method and device based on a 5G core network and a blockchain.
Background
When the MEC (Multi-access Edge Computing ) platform accesses the 5G (5 th Generation mobile networks or 5th Generation wireless systems, 5th-Generation, 5G for short, and fifth Generation mobile communication technology) core network, authentication and authorization are required for the identity of the MEC platform, and the existing solutions are all to connect the UPF (User Plane Function ) and the MEC platform through optical cables, and to configure the same IP addresses (Internet Protocol Address, internet protocol addresses) for both ends, so as to realize forwarding of data. As shown in fig. 1, the private network IP address fields where the MEC1 platform and the UPF are located are the same, so that normal data exchange can be performed, while the IP address fields where the MEC2 platform and the UPF are located are different, so that normal data exchange cannot be performed.
After the MEC service is introduced, the MEC platform is distributed on the edge, so that the data processing rate is improved, and meanwhile, the risk is brought to the security of network data. In the actual application process, the network cannot effectively distinguish the authenticity of the MEC platform and cannot judge whether the IP address used by the MEC platform is the IP address allocated by the network; when manual supervision is not in place, there may be a phenomenon of falsifying and impersonating the IP address. Therefore, when an illegal user tampers with or imports the IP address, the security of the data is difficult to be ensured.
In view of this, the present disclosure is specifically proposed.
Disclosure of Invention
The embodiment of the disclosure provides a method, a device, equipment and a computer storage medium for authenticating MEC platform identity based on a 5G core network and a blockchain, which can realize the protection of each MEC platform IP address and prevent the MEC platform IP address from being tampered and faked maliciously.
In one aspect, an embodiment of the present disclosure provides a MEC platform identity authentication method based on a 5G core network and a blockchain, the method including:
identity authentication is carried out on the MEC platform through a 5G authentication and key agreement authentication mechanism; marking the network address and the permanent equipment identifier information owned by the authenticated MEC platform;
and carrying out uplink management on the authenticated MEC platform through a blockchain consensus mechanism, and storing network addresses and permanent equipment identifier information owned by the MEC platform into each node on the current blockchain.
In one embodiment, the authentication of the MEC platform by the 5G authentication and key agreement authentication mechanism includes
The MEC platform is connected with the security network element SEAF, the security network element SEAF initiates a start authentication request to the authentication server, and the request contains permanent equipment identifier information of the MEC platform so that the authentication server can request the unified data management equipment to verify the authenticity of the permanent equipment identifier information;
After the permanent equipment identifier information passes verification, the unified data management equipment creates an authentication vector to respond to the authentication server so that the authentication server interacts with the security network element SEAF, and identity authentication service is executed according to the authentication vector.
In one embodiment, the identity authentication is performed on the MEC platform by using a 5G authentication and key agreement authentication mechanism, which specifically includes:
the MEC platform is connected with the security network element SEAF, and information carrying the permanent equipment identifier of the current MEC platform is sent to the security network element SEAF;
sending an authentication starting request to an authentication server through a security network element SEAF so that an authentication response request is sent to unified data management equipment UDM or ARPF after the authentication server AUSF authenticates a service network of the security network element SEAF; wherein the initiation authentication request and the authentication response request both contain permanent equipment identifier information of the MEC platform, and the unified data management equipment UDM or ARPF verifies the authenticity of the permanent equipment identifier information.
In one embodiment, the authentication of the MEC platform is performed by a 5G authentication and key agreement authentication mechanism, and further includes:
after the permanent equipment identifier information passes verification, the unified data management equipment UDM or ARPF creates a first authentication vector, responds to an authentication response request, sends the first authentication vector to an authentication server AUSF and indicates the authentication vector to be used for authentication and key negotiation authentication; wherein the first authentication vector comprises a random number, an authentication token, an authentication response parameter and an authentication key;
The authentication server AUSF stores the authentication response parameters, calculates an anchor key according to the authentication key, generates a second authentication vector containing a random number, an authentication token and the anchor key, and sends the second authentication vector to the security network element SEAF;
the security network element SEAF sends request information containing at least the random number and the authentication token in the second authentication vector to the MEC platform, so that the platform sends the random number and the authentication token to the universal subscriber identity module USIM to verify the freshness of the authentication token, and the MEC platform deduces response parameters, authentication keys and anchor keys and returns the response parameters, the authentication keys and the anchor keys to the authentication server;
the authentication server side judges an authentication result according to the comparison of the response parameter and the authentication response parameter; if the comparison is equal, the authentication is passed, otherwise the authentication fails.
In one embodiment, marking network addresses and permanent equipment identifier information owned by authenticated MEC platforms includes
And enabling the authenticated MEC platform to acquire an authentication result, and acquiring an indication for marking the current public network address and the permanent equipment identifier information of the MEC platform, and marking the MEC platform to perform the uplink operation.
In one embodiment, the method for performing uplink management on the authenticated MEC platform through a blockchain consensus mechanism specifically comprises the following steps of
And synchronizing the public network address and the permanent equipment identifier information of the authenticated MEC platform to other MEC platforms in the network where the current platform is located as the identification information of the MEC platform for uplink management of the MEC platform.
In one embodiment, in performing uplink management on an authenticated MEC platform through a blockchain consensus mechanism, the uplink management includes:
generating a first transaction hash value of the current platform according to the authenticated MEC platform permanent equipment identifier information and the distributed public network address;
the MEC platform is enabled to initiate an access request to the core network again, so that when the core network receives the access request, an authentication signaling is sent to other MEC platforms on the blockchain, and identity authentication is carried out on the MEC platform of the access request;
enabling other MEC platforms on the blockchain to call the identification information of the MEC platform according to public network address information contained in the current MEC platform access request to generate a second hash value;
acquiring a second hash value and a first hash value, comparing the two hash values, and if the two hash values are equal, verifying to pass; and otherwise, the verification fails.
In another aspect, an embodiment of the present disclosure provides an MEC platform identity authentication apparatus based on a 5G core network and a blockchain, the apparatus comprising,
The authentication and authentication management module is used for carrying out identity authentication on the MEC platform through a 5G authentication and key agreement authentication mechanism; marking the network address and the permanent equipment identifier information owned by the authenticated MEC platform;
and the uplink management module is used for carrying out uplink management on the authenticated MEC platform through a blockchain consensus mechanism, and storing the network address and the permanent equipment identifier information owned by the MEC platform into each node on the current blockchain.
In still another aspect, an embodiment of the present disclosure provides an MEC platform identity authentication device based on a 5G core network and a blockchain, the device including: a processor and a memory storing computer program instructions;
the processor executes the computer program instructions to implement any one of the above-described MEC platform identity authentication methods for 5G core networks and blockchains.
In yet another aspect, an embodiment of the present disclosure provides a computer storage medium, where computer program instructions are stored, where the computer program instructions, when executed by a processor, implement a MEC platform identity authentication method for a 5G core network and blockchain as described in any one of the foregoing.
According to the MEC platform identity authentication method, device and equipment for the 5G core network and the blockchain, and the computer storage medium, the identity authentication of the MEC platform can be realized, the platform identification information passing the authentication is synchronized and commonly recognized based on the blockchain technology, the authentication of the MEC platform identity is effectively realized, and the occurrence of illegal use and falsification of an IP address is effectively prevented.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings that are needed in the embodiments of the present disclosure will be briefly described below, and it will be apparent to those skilled in the art that other drawings can be obtained according to these drawings without inventive effort.
Fig. 1 is a schematic diagram of a MEC platform access 5G core network provided in the prior art;
fig. 2 is a network topology diagram adopted in the MEC platform identity authentication method based on the 5G core network and the blockchain provided in the embodiments of the present disclosure; wherein 2a is a schematic architecture diagram of a single MEC platform accessing a 5G core network; 2b is an interaction schematic diagram of a multi-MEC platform accessing a 5G core network in the network;
fig. 3 is a schematic flow chart of performing startup authentication in the MEC platform identity authentication method based on the 5G core network and the blockchain according to the embodiment of the present disclosure;
fig. 4 is a schematic flow chart of performing authentication in the MEC platform identity authentication method based on the 5G core network and the blockchain according to the embodiment of the present disclosure;
fig. 5 is a schematic flow chart of performing uplink management in the MEC platform identity authentication method based on the 5G core network and the blockchain according to the embodiments of the present disclosure;
Fig. 6 is a schematic structural diagram of an MEC platform identity authentication device based on a 5G core network and a blockchain according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of an MEC platform identity authentication device based on a 5G core network and a blockchain according to another embodiment of the present disclosure.
Detailed Description
Features and exemplary embodiments of various aspects of the present disclosure will be described in detail below, and in order to make the objects, technical solutions and advantages of the present disclosure more apparent, the present disclosure will be described in further detail below with reference to the accompanying drawings and the detailed embodiments. It should be understood that the specific embodiments described herein are intended to be illustrative of the present disclosure and not limiting. It will be apparent to one skilled in the art that the present disclosure may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present disclosure by showing examples of the present disclosure.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
The method has the defects that a network cannot effectively distinguish the authenticity of an MEC platform, cannot judge whether an IP address used by the MEC platform is an IP address allocated by the network or not, cannot prevent illegal users from obtaining access rights of resources, and cannot ensure the security of a system and data.
Therefore, in order to solve the problems in the prior art, the embodiments of the present disclosure provide a method, an apparatus, a device, and a computer storage medium for MEC platform identity authentication based on a 5G core network and a blockchain. The following first describes an MEC platform identity authentication method based on a 5G core network and a blockchain provided by an embodiment of the present disclosure.
Fig. 3-5 are schematic flow diagrams of an MEC platform identity authentication method based on a 5G core network and a blockchain according to an embodiment of the present disclosure, the method includes the following steps:
S001, carrying out identity authentication on the MEC platform through a 5G authentication and key agreement authentication mechanism; marking the network address and the permanent equipment identifier information owned by the authenticated MEC platform;
s002, carrying out uplink management on the authenticated MEC platform through a blockchain consensus mechanism, and storing network addresses and permanent equipment identifier information owned by the MEC platform into each node on the current blockchain.
In the method provided in this embodiment, in conjunction with the network topology diagram shown in fig. 2, the MEC platform interacts and authenticates with the 5G core network through UPF (User Plane Function ), as shown in fig. 2a. And (3) carrying out uplink management on all authenticated MEC platforms in the network, as shown in fig. 2b, taking each MEC platform as a block node, taking an IP address allocated to the MEC platform and PEI (Permanent Equipment Identifier, permanent equipment identifier, international Mobile Equipment Identity (IMEI) information equivalent to a 4G network) information of the MEC platform as identification information of the MEC platform, carrying out consensus authentication on the links, and ensuring that the identification information of the MEC platform is not tampered and impersonated at will.
The network element functions in the 5GC architecture shown in fig. 2a are explained as follows:
AF: application Function, application layer functional entity.
AMF: access and Mobility Management Function, access and mobility management functional entities; is the termination of the NG-RAN (Radio Access Network, radio access network base station) signaling interface (N2), the termination of NAS (non access stratum) signaling (N1).
SMF: session Management Function session management function entity.
UPF: user Plane Function, user plane functional entity.
PCF: policy Control Function, policy control function.
NEF: network Exposure Functio, the network exposes functional entities.
NRF: network Repository Function, network storage function entity.
UDM: unified Data Management, unified data management.
AUSF: authentication Server Function, authentication server network element.
NSSF: network Slice Selection Function, network slice selection functional entity.
UE: user Equipment.
Specifically, in the method in this embodiment, during the identity authentication of the MEC platform by using the 5G-AKA (Authentication and Key Agreement ) authentication mechanism, the MAC address (Media Access Control Address) of the MEC platform device is first translated into a media access control address, also called a local area network address, a MAC address, an ethernet address or a physical address) to be converted into a decimal PEI as the edge device, and then used for the identity authentication on the core network. Then
The authentication is started, as shown in fig. 3, comprising the steps of:
s101, connecting an MEC platform with a security network element SEAF (SEcurity Anchor Function, a security anchor network element, SEAF for short, hereinafter the same) and transmitting N1 message information carrying a permanent equipment identifier PEI of the MEC platform to the security network element SEAF through a NEF (Network Exposure Function, network exposure functional entity) network element;
s102, when the security network element SEAF wants to start authentication, the security network element SEAF sends a Nausf_MECAUtility_ Authenticate Request message to an AUSF (Authentication Server Function, authentication server) network element, namely, the security network element SEAF initiates an authentication starting request to the AUSF to call Nausf_MECAUtility service; wherein the request includes permanent equipment identifier information of the MEC platform;
s103, after receiving the Nausf_MECAUtility_ Authenticate Request message, the AUSF checks whether the SEAF network element initiating the request in the service network has the right to use the service network name in the Nausf_MECAUtility_authentication request by comparing the service network name with the expected service network name; comparing the service network names to be the same, and authorizing the service network to use the service network names;
S104, the AUSF network element sends the obtained permanent equipment identifier information PEI and SNN (Serving Network Name, name of service network) to a UDM (Unified Data Management ) network element or an ARPF (Authentication Credential Repository and Processing Function, authentication evidence storage and management) network element by sending the authentication response Request information of the nudm_MECAUtility_get_request;
s105, verifying authenticity of the permanent equipment identifier PEI by unified data management equipment such as UDM/ARPF according to information stored in a database.
Performing authentication is as shown in fig. 4:
after the permanent equipment identifier information PEI passes verification, the unified data management equipment creates a first authentication vector to respond to the authentication server so that the authentication server interacts with the security network element SEAF, and identity authentication service is executed according to the authentication vector. The method specifically comprises the following steps:
s201, after a permanent equipment identifier PEI passes verification, the UDM/ARPF creates a 5G HE AV (5G Home Environment Authentication Vector), namely a first authentication vector; when the UDM/ARPF generates an AV (Authentication Vector ), the "separation bit" of the authentication management field (Authentication Management Field, AMF for short) must be set to 1; when the UDM/ARPF creates a 5G HE AV, it is generated by RAND (Random Challenge), AUTN (Authentication Token authentication token), XRES (Expected Response, authentication response parameters), and KAUSF (authentication key).
S202.UDM/ARPF responds to authentication Response request, sends 5G HE AV to AUSF in nudm_MECAuthentication_get Response message, and indicates that the 5G HE AV will be used for AKA authentication in nudm_MECAuthentication_get Response message;
s203.ausf stores an authentication response parameter XRES, and may calculate an anchor key KSEAF according to the authentication key KAUSF, and replace the authentication response parameter XRES with the anchor key KSEAF to obtain a 5G SE AV (SEcurity Authentication Vector, security anchor authentication vector), that is, a second authentication vector, where the second authentication vector includes RAND (Random Challenge), AUTN (Authentication Token ), and KSEAF (anchor key);
s204, AUSF sends Nausf_MECAUtility_authentication response message to the SEAF network element, wherein the response message carries 5G SE AV;
s205. the SEAF network element sends an authentication_request Authentication Request message with Authentication parameters such as random number RAND and token AUTN to the MEC platform through the NEF, where the Authentication Request message may further include parameter ngKSI (Key Set Identifier in g,5g key set identifier), which is used for the MEC platform and AMF (Access and Mobility Management Function, access and mobility management functions; the AMF network element and SEAF network element may be together in one physical device) to identify KAMF (ME device from KSEAF and SEAF network element derived key) and part of the local security context information created when Authentication is successful, and may further include ABBA parameters (Anti-Bidding down Between Architectures, anti-dimensionality attack of different architecture), where the conventional setting parameters are used for enabling subsequent dimensionality protection for the security function;
S206, the ME (Mobile Equipment) in the MEC platform forwards the received random number RAND and the token AUTN to the USIM (Universal Subscriber Identity Module, user service identification module) of the ME;
s207, after receiving the random number RAND and the token AUTN, the USIM firstly verifies the freshness of the token AUTN in the second authentication vector, after passing the verification, the USIM calculates a RESponse RES (namely RESponse, RESponse parameters), returns the RESponse RES, a stored confidentiality key CK and an integrity key IK to the ME, and the ME can deduce RES (encrypted RESponse parameters), KAUSF and KSEAF according to RES, CK, IK;
s208, during authentication execution, the ME checks whether an authentication management field AMF parameter "separation bit" of the token AUTN is 1, and if so, the MEC platform returns RES to the SEAF in an authentication response message Authentication Response sent by the NAS (Non-Access Stratum);
s209. the seaf network element sends the encrypted response parameter RES together with the response identifier PEI to the AUSF through a nausf_mecaauthentication_ Authenticate Request request message; after the AUSF of the home network receives the Nausf_MECAuthentication_authentication request, firstly judging whether the second authentication vector is out of date, and if so, judging that the authentication fails; if not, comparing the encryption response parameter RES with the authentication response parameter XRES, and if so, considering that the identity authentication is successful by AUSF;
S210.AUSF tells the SEAF that the MEC platform is in the authentication result of the home network by sending a response message Nausf_MECAuthentication_ Authenticate Response to the SEAF network element;
s211, the SEAF network element sends a Nausf_MECAuthentication_ Authenticate Result message, the result of the MEC platform identity authentication is notified through the result message, and if the authentication is successful, a blockchain module of the MEC platform is indicated to mark an IP address and an identifier PEI;
s212, if the identity authentication is successful, the blockchain module in the MEC platform marks the IP address and the identifier PEI at the moment and is used for information uplink operation.
By adopting the block chain mode, the risk problem that the IP address of the MEC platform is easy to tamper and any MEC platform can randomly use other MEC platform IPs can be solved. The blockchain is a distributed shared ledger and database based on cryptography and a consensus algorithm, has the characteristics of decentralization, non-falsification, whole trace, traceability, collective maintenance, openness, transparency and the like, and is matched with the distributed deployment condition of the MEC platform.
In this embodiment, all the MEC platforms in the current network that are successfully authenticated are subjected to uplink management, each MEC platform is used as a block node, the IP address allocated to the MEC platform and the PEI information of the MEC platform are used as identification information of the MEC platform, and after the authenticated MEC platform obtains the authentication result, the indication of the current public network address and the permanent equipment identifier information of the MEC platform is obtained and is used for sending to all other MEC platforms to synchronize the identification information, and the identification information is stored in other MEC platforms.
Specifically, as shown in fig. 5, when the authenticated MEC1 platform initiates a request to the core network again, performing uplink management on the authenticated MEC platform through a blockchain consensus mechanism includes:
s301, regarding primary authentication of the 5G core network to the MEC1 platform as one transaction, and generating a first transaction Hash value MEC1Hash1 of the current MEC1 platform according to the authenticated identifier PEI and the allocated IP address;
s302, when the authenticated MEC1 platform needs to use the allocated IP resources due to platform service, an access Request MEC1 visual_Request needs to be initiated to the 5G core network again;
when the S303.5G core network (abbreviated as 5 GC) receives the access request, other MEC platforms (i.e., MEC2, MEC3, MEC) on the blockchain are required … ) Performing identity authentication on the MEC1 which requests access at the moment; namely, the 5G core network sends MEC Identification Verification _Request authentication signaling to each other MEC platform to Request the identity authentication of the MEC platform of the access Request;
s304 remaining MEC platforms (i.e., MEC2, MEC3, MEC) … ) Calling the identification information of the MEC platform according to public network address information contained in the access request of the current MEC platform to respectively generate second transaction Hash values MEC2Hash2, MEC3Hash3 and …
S305, comparing the first transaction Hash value MEC1Hash1 with a second transaction Hash value MEC2Hash2, MEC3Hash3 and … generated by the other MEC platforms, and feeding back verification results MEC Identification Verification _response to the 5G core network one by one;
S306.5G the core network feeds back the access result MEC1 visual_response according to the verification result, if the verification result values in s305 are the same, the information of the MEC1 platform is not tampered, the MEC1 platform is allowed to use the allocated resources again, the MEC1 platform service is normally performed, and if the verification is not passed, the authentication flow needs to be reinitiated to the core network by the MEC1 platform.
According to the method and the device, through a 5G core network and a blockchain technology, identity authentication of an edge computing platform MEC is achieved, the permanent equipment identifier PEI and the IP address are stored into each node to conduct hash value comparison, confidentiality is high, authentication of the MEC platform identity is effectively achieved, and the occurrence of illegal use and tampering of the IP address is effectively prevented.
In another aspect, as shown in fig. 6, an embodiment of the present disclosure provides an MEC platform identity authentication device based on a 5G core network and a blockchain, the device comprising,
the authentication and authentication management module is used for carrying out identity authentication on the MEC platform through a 5G authentication and key agreement authentication mechanism; marking the network address and the permanent equipment identifier information owned by the authenticated MEC platform;
And the uplink management module is used for carrying out uplink management on the authenticated MEC platform through a blockchain consensus mechanism, and storing the network address and the permanent equipment identifier information owned by the MEC platform into each node on the current blockchain.
The authentication and authentication management module is used for managing and starting authentication and executing authentication flow, and implementing steps S101-S105 and S201-S212 of MEC platform identity authentication based on the 5G core network and the blockchain in the above embodiment of the disclosure.
1. Performing startup authentication, referring to fig. 2-3, includes:
s101, connecting an MEC platform with a security network element SEAF, and transmitting an N1 message carrying a permanent equipment identifier PEI to the security network element SEAF (SEcurity Anchor Function, a security anchor network element, SEAF for short, hereinafter the same) by the MEC through a NEF (Network Exposure Function, network opening function) network element;
s102, when the SEAF network element wants to start authentication, the SEAF sends a request message Nausf_MECAULTRING_ Authenticate Request to an AUSF (AUthenticationServer Function, authentication server) network element, namely, initiates an authentication starting request to call Nausf_MECAULTRING service; wherein the request includes permanent equipment identifier information of the MEC platform;
S103, after receiving the Nausf_MECAUtility_ Authenticate Request message, the AUSF checks whether the SEAF network element initiating the request in the service network has the right to use the service network name in the Nausf_MECAUtility_authentication request by comparing the service network name with the expected service network name; comparing the service network names to be the same, and authorizing the service network to use the service network names;
s104, the AUSF network element sends the obtained identifier PEI information and SNN (Serving Network Name, name of service network) to a UDM (Unified Data Management )/ARPF (Authentication Credential Repository and Processing Function, authentication credential storage and management) network element by sending a Nudm_MECAUtility_get request;
s105, verifying authenticity of the identifier PEI by the unified data management devices, namely UDM/ARPF according to information stored in a database.
2. Performing authentication, refer to FIG. 4
After the permanent equipment identifier information PEI passes verification, the unified data management equipment creates a first authentication vector to respond to the authentication server so that the authentication server interacts with the security network element SEAF, and identity authentication service is executed according to the authentication vector. The method specifically comprises the following steps:
S201, after PEI passes verification, the UDM/ARPF creates a 5G HE AV (5G Home Environment Authentication Vector), namely a first authentication vector; when generating an AV (Authentication Vector ), the "separation bit" of the authentication management field (Authentication Management Field, AMF) must be set to 1; when the UDM/ARPF creates a 5G HE AV, it is generated by RAND (Random Challenge), AUTN (Authentication Token authentication token), XRES (Expected Response, authentication response parameters), and KAUSF (authentication key).
S202.UDM/ARPF responds to authentication response request, sends 5G HE AV to AUSF in nudm_MECAuthentication_get response, and indicates that the 5G HE AV is to be used for AKA authentication in nudm_MECAuthentication_get response;
s203.ausf stores authentication response parameters XRES, and may calculate an anchor key KSEAF according to the authentication key KAUSF, replace XRES with the anchor key KSEAF to obtain a 5G SE AV (SEcurity Authentication Vector, security anchor authentication vector), i.e. a second authentication vector, where the second authentication vector includes RAND (Random Challenge), AUTN (Authentication Token ), and KSEAF (anchor key);
S204, AUSF sends Nausf_MECAUtility_authentication response message to the SEAF network element, wherein the response message carries 5G SE AV;
s205. the SEAF network element sends an authentication_request Authentication Request message with Authentication parameters such as random number RAND and token AUTN to the MEC platform through the NEF, where the Authentication Request message may further include parameter ngKSI (Key Set Identifier in g,5g key set identifier), which is used for the MEC platform and AMF (Access and Mobility Management Function, access and mobility management functions; the AMF network element and SEAF network element may be together in a physical device) to identify KAMF (ME and SEAF derived key from KSEAF) and part of the native security context information created when Authentication is successful, and may further include ABBA parameters (Anti-Bidding down Between Architectures, anti-downmaintenance attacks of different architecture), where the conventional setting parameters are used for subsequently enabling downmaintenance protection for the security functions;
s206, the ME (Mobile Equipment) in the MEC platform forwards the received random number RAND and the token AUTN to the USIM (Universal Subscriber Identity Module, user service identification module);
s207, after receiving the random number RAND and the token AUTN, the USIM firstly verifies the freshness of the AUTN in the second authentication vector, after passing the verification, the USIM calculates RESponse RES (RESponse parameter), and returns the RESponse parameter RES, the stored confidentiality key CK and the stored integrity key IK to the ME, and the ME can deduce RES (encrypted RESponse parameter), KAUSF and KSEAF according to the RESponse parameter RES, CK, IK;
S208, during authentication execution, the ME checks whether an authentication management field AMF parameter separation bit of the AUTN is 1, and if the authentication management field AMF parameter separation bit is 1, the MEC platform returns an encryption response parameter RES to the SEAF network element through an NAS (Non-Access Stratum) authentication response message Authentication Response;
s209. the seaf network element sends the encrypted response parameter RES together with the response identifier PEI to the AUSF through a nausf_mecaauthentication_ Authenticate Request request message; after the AUSF of the home network receives the Nausf_MECAuthentication_ Authenticate Request request message, firstly judging whether the second authentication vector is out of date, and if so, judging that the authentication fails; if not, comparing the encryption response parameter RES with the authentication response parameter XRES, and if so, considering that the identity authentication is successful by AUSF;
s210.AUSF tells the SEAF network element that the MEC platform is in the authentication result of the home network by sending Nausf_MECAUtility_ Authenticate Response response message to the SEAF;
s211, the SEAF network element informs the MEC platform of the identity authentication result through a Nausf_MECAuthentication_ Authenticate Result message, and if authentication is successful, the block chain module of the MEC platform is instructed to mark an IP address and an identifier PEI;
S212, if the identity authentication is successful, the blockchain module in the MEC platform marks the IP and the identifier PEI at the moment and is used for information uplink operation.
The uplink management module carries out uplink management on all authenticated MEC platforms in the current network, each MEC platform is used as a block node, the IP address allocated by the MEC platform and PEI information of the MEC platform are used as identification information of the MEC platform, and after the authenticated MEC platform obtains an authentication result, an indication marking the current public network address and self permanent equipment identifier information is obtained and is used for being sent to all other MEC platforms to synchronize the identification information and stored in the other MEC platforms.
Specifically, when the authenticated MEC1 platform initiates a request to the core network again, the uplink management module performs uplink management on the authenticated MEC platform through the blockchain consensus mechanism, and performs the method steps S301 to S306 of the authentication of the MEC platform based on the 5G core network and the blockchain in the above embodiment, referring to fig. 5, including:
s301, regarding primary authentication of the 5G core network to the MEC1 platform as one transaction, and generating a first transaction Hash value MEC1Hash1 of the current MEC1 platform according to the authenticated identifier PEI and the allocated IP address;
S302, when the authenticated MEC1 platform needs to use the allocated IP resources due to platform service, an access Request MEC1 visual_Request needs to be initiated to the 5G core network again;
when the S303.5G core network (abbreviated as 5 GC) receives the access request, other MEC platforms (i.e., MEC2, MEC3, MEC) on the blockchain are required … ) Performing identity authentication on the MEC1 which requests access at the moment; namely, the 5G core network sends MEC Identification Verification _Request authentication signaling to each other MEC platform to Request the identity authentication of the MEC platform of the access Request;
s304 remaining MEC platforms (i.e., MEC2, MEC3, MEC) … ) Calling the identification information of the MEC platform according to public network address information contained in the access request of the current MEC platform to respectively generate second transaction Hash values MEC2Hash2, MEC2Hash3 and …
S305, comparing the first transaction Hash value MEC1Hash1 with a second transaction Hash value MEC2Hash, MEC3Hash and … generated by the other MEC platforms, and feeding back a verification result MEC Identification Verification _response to the 5G core network one by one;
S306.5G the core network feeds back the access result MEC1 visual_response according to the verification result, if the verification result values in s305 are the same, it is indicated that the information of the MEC1 platform has not been tampered, the MEC1 platform is allowed to use the allocated resources again, the MEC1 platform service proceeds normally, if verification does not pass through the MEC1 platform, the authentication flow needs to be reinitiated to the core network
In yet another aspect, as shown in fig. 7, an embodiment of the present disclosure provides an MEC platform identity authentication device based on a 5G core network and a blockchain, the device including: a processor and a memory storing computer program instructions;
the processor executes the computer program instructions to implement any one of the above-described MEC platform identity authentication methods for 5G core networks and blockchains.
Fig. 7 is a schematic hardware structure diagram of an MEC platform identity authentication device for 5G core network and blockchain according to an embodiment of the present disclosure.
The MEC platform authentication device at the 5G core network and blockchain may include a processor 301 and a memory 302 storing computer program instructions.
In particular, the processor 301 may include a Central Processing Unit (CPU), or an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or may be configured as one or more integrated circuits implementing embodiments of the present disclosure.
The processor 301 reads and executes the computer program instructions stored in the memory 302 to implement the MEC platform identity authentication method of the blockchain and 5G core network of any of the above embodiments.
In one example, the MEC platform identity authentication device of the 5G core network and blockchain may further include a communication interface 303 and a bus 310. As shown in fig. 7, the processor 301, the memory 302, and the communication interface 303 are connected to each other by a bus 310 and perform communication with each other.
The communication interface 303 is mainly used to implement communication between each module, apparatus, unit and/or device in the embodiments of the present disclosure.
In yet another aspect, an embodiment of the present disclosure provides a computer storage medium, where computer program instructions are stored, where the computer program instructions, when executed by a processor, implement a MEC platform identity authentication method for a 5G core network and blockchain as described in any one of the foregoing.
It should be clear that the present disclosure is not limited to the particular arrangements and processes described above and illustrated in the drawings. For the sake of brevity, a detailed description of known methods is omitted here. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present disclosure are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications, and additions, or change the order between steps, after appreciating the spirit of the present disclosure.
The functional blocks shown in the above-described structural block diagrams may be implemented in hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, a plug-in, a function card, or the like. When implemented in software, the elements of the present disclosure are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine readable medium or transmitted over transmission media or communication links by a data signal carried in a carrier wave. A "machine-readable medium" may include any medium that can store or transfer information. Examples of machine-readable media include electronic circuitry, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, radio Frequency (RF) links, and the like. The code segments may be downloaded via computer networks such as the internet, intranets, etc.
It should also be noted that the exemplary embodiments mentioned in this disclosure describe some methods or systems based on a series of steps or devices. However, the present disclosure is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, may be different from the order in the embodiments, or several steps may be performed simultaneously.
In the foregoing, only the specific embodiments of the present disclosure are described, and it will be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the systems, modules and units described above may refer to the corresponding processes in the foregoing method embodiments, which are not repeated herein. It should be understood that the scope of the present disclosure is not limited thereto, and any equivalent modifications or substitutions can be easily made by those skilled in the art within the technical scope of the present disclosure, and these modifications or substitutions should be included in the scope of the present disclosure.
Claims (8)
1. The MEC platform identity authentication method based on the 5G core network and the blockchain is characterized by comprising the following steps of:
identity authentication is carried out on the MEC platform through a 5G authentication and key agreement authentication mechanism; marking the network address and the permanent equipment identifier information owned by the authenticated MEC platform;
Performing uplink management on the authenticated MEC platform through a blockchain consensus mechanism, and storing network address and permanent equipment identifier information owned by the MEC platform into each node on the current blockchain;
the uplink management of the authenticated MEC platform through the block chain consensus mechanism specifically comprises the following steps:
for the authenticated MEC platform, the public network address and the permanent equipment identifier information of the MEC platform are used as the identification information of the MEC platform, and the identification information is synchronized to other MEC platforms in the network where the current MEC platform is located, so that the MEC platform is used for uplink management;
the uplink management includes:
generating a first transaction hash value of the current MEC platform according to the authenticated MEC platform permanent equipment identifier information and the distributed public network address;
the MEC platform is enabled to initiate an access request to the core network again, so that when the core network receives the access request, an authentication signaling is sent to other MEC platforms on the blockchain, and identity authentication is carried out on the MEC platform of the access request;
enabling other MEC platforms on the blockchain to call the identification information of the MEC platform according to public network address information contained in the current MEC platform access request to generate a second hash value;
Acquiring a second hash value and a first hash value, comparing the two hash values, and if the two hash values are equal, verifying to pass; otherwise, the verification fails.
2. The method for authenticating the MEC platform identity based on the 5G core network and the blockchain according to claim 1, wherein the authenticating the MEC platform by the 5G authentication and key agreement authentication mechanism comprises:
the MEC platform and the security network element SEAF are connected, the security network element SEAF initiates a start authentication request to the authentication server, and the request contains permanent equipment identifier information of the MEC platform for the authentication server to send to the unified data management equipment
Requesting verification of authenticity of the permanent device identifier information;
after the permanent equipment identifier information passes verification, the unified data management equipment creates an authentication vector to respond to the authentication server so that the authentication server interacts with the security network element SEAF, and identity authentication service is executed according to the authentication vector.
3. The method for authenticating the MEC platform identity based on the 5G core network and the blockchain according to claim 2, wherein the authenticating the MEC platform identity by the 5G authentication and key agreement authentication mechanism specifically comprises:
The MEC platform is connected with the security network element SEAF, and information carrying the permanent equipment identifier of the current MEC platform is sent to the security network element SEAF;
sending an authentication starting request to an authentication server through a security network element SEAF so that an authentication response request is sent to unified data management equipment UDM or ARPF after the authentication server AUSF authenticates a service network of the security network element SEAF; wherein the start authentication request and the authentication response request both contain permanent equipment identifier information of the MEC platform, and the unified data management device UDM or ARPF verifies the authenticity of the permanent equipment identifier information.
4. The method for authenticating the MEC platform identity based on the 5G core network and the blockchain according to claim 3, wherein the authenticating the MEC platform by the 5G authentication and key agreement authentication mechanism further comprises:
after the permanent equipment identifier information passes verification, the unified data management equipment UDM or ARPF creates a first authentication vector, responds to the authentication response request, sends the first authentication vector to an authentication server AUSF and indicates the authentication vector to be used for authentication and key negotiation authentication; wherein the first authentication vector comprises a random number, an authentication token, an authentication response parameter and an authentication key;
The authentication server AUSF stores the authentication response parameters, calculates an anchor key according to the authentication key, generates a second authentication vector containing the random number, the authentication token and the anchor key, and sends the second authentication vector to the security network element SEAF;
the security network element SEAF sends request information containing at least the random number and the authentication token in the second authentication vector to the MEC platform, so that the MEC platform sends the random number and the authentication token to the universal subscriber identity module USIM to verify the freshness of the authentication token, and the MEC platform deduces response parameters, authentication keys and anchor keys and returns the response parameters, the authentication keys and the anchor keys to the authentication server;
the authentication server side judges an authentication result according to the comparison between the response parameter and the authentication response parameter; if the comparison is equal, the authentication is passed, otherwise, the authentication fails.
5. The method for authenticating an MEC platform identity based on a 5G core network and blockchain of any of claims 1-4, wherein the tagging the network address and permanent equipment identifier information owned by the authenticated MEC platform comprises:
and enabling the authenticated MEC platform to acquire an authentication result, and acquiring an indication for marking the current public network address and the permanent equipment identifier information of the MEC platform, and marking the MEC platform to perform the uplink operation.
6. The MEC platform identity authentication device based on the 5G core network and the blockchain is characterized by comprising an authentication and authentication management module, a key agreement and authentication mechanism and a key agreement and authentication module, wherein the authentication and authentication management module is used for carrying out identity authentication on the MEC platform through the 5G authentication and key agreement and authentication mechanism;
marking the network address and the permanent equipment identifier information owned by the authenticated MEC platform;
the uplink management module is used for carrying out uplink management on the authenticated MEC platform through a block chain consensus mechanism, and storing network address and permanent equipment identifier information owned by the MEC platform into each node on the current block chain;
the uplink management of the authenticated MEC platform through the block chain consensus mechanism specifically comprises the following steps:
for the authenticated MEC platform, the public network address and the permanent equipment identifier information of the MEC platform are used as the identification information of the MEC platform, and the identification information is synchronized to other MEC platforms in the network where the current MEC platform is located, so that the MEC platform is used for uplink management;
the uplink management includes:
generating a first transaction hash value of the current MEC platform according to the authenticated MEC platform permanent equipment identifier information and the distributed public network address;
The MEC platform is enabled to initiate an access request to the core network again, so that when the core network receives the access request, an authentication signaling is sent to other MEC platforms on the blockchain, and identity authentication is carried out on the MEC platform of the access request;
enabling other MEC platforms on the blockchain to call the identification information of the MEC platform according to public network address information contained in the current MEC platform access request to generate a second hash value;
acquiring a second hash value and a first hash value, comparing the two hash values, and if the two hash values are equal, verifying to pass; otherwise, the verification fails.
7. An MEC platform identity authentication device based on a 5G core network and a blockchain, the device comprising:
a processor and a memory storing computer program instructions;
the processor, when executing the computer program instructions, implements the MEC platform identity authentication method for a 5G core network and blockchain as claimed in any of claims 1-5.
8. A computer storage medium having stored thereon computer program instructions which when executed by a processor implement the MEC platform identity authentication method of a 5G core network and blockchain as claimed in any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011272829.9A CN112491829B (en) | 2020-11-13 | 2020-11-13 | MEC platform identity authentication method and device based on 5G core network and blockchain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011272829.9A CN112491829B (en) | 2020-11-13 | 2020-11-13 | MEC platform identity authentication method and device based on 5G core network and blockchain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112491829A CN112491829A (en) | 2021-03-12 |
| CN112491829B true CN112491829B (en) | 2023-04-28 |
Family
ID=74930592
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011272829.9A Active CN112491829B (en) | 2020-11-13 | 2020-11-13 | MEC platform identity authentication method and device based on 5G core network and blockchain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112491829B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113301022B (en) * | 2021-04-27 | 2022-08-09 | 成都极略科技有限公司 | Internet of things equipment identity security authentication method based on block chain and fog calculation |
| CN114650535B (en) * | 2022-03-02 | 2023-01-03 | 广州爱浦路网络技术有限公司 | SEPP mutual trust connection method, system, device and medium in 5G core network |
| CN114978741B (en) * | 2022-06-07 | 2024-03-19 | 中国电信股份有限公司 | Inter-system authentication method and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109327457A (en) * | 2018-11-09 | 2019-02-12 | 广州大学 | A kind of internet of things equipment identity identifying method and system based on block chain |
| CN110569643A (en) * | 2019-09-10 | 2019-12-13 | 腾讯科技(深圳)有限公司 | traffic management method and device based on block chain network |
| CN111586017A (en) * | 2020-04-29 | 2020-08-25 | 北京邮电大学 | Method and device for authenticating communication user |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109299347A (en) * | 2018-11-16 | 2019-02-01 | 大唐高鸿信息通信研究院(义乌)有限公司 | A kind of academic information query method and system based on 5G framework and block chain |
| CN109361688B (en) * | 2018-11-16 | 2021-01-22 | 大唐高鸿信息通信(义乌)有限公司 | Evidence storing method and system based on 5G architecture and block chain |
| US11626989B2 (en) * | 2019-03-21 | 2023-04-11 | Verizon Patent And Licensing Inc. | System and method for allocating multi-access edge computing services |
| CN111866858A (en) * | 2019-04-29 | 2020-10-30 | 华为技术有限公司 | Registration method and communication device |
| CN110730075A (en) * | 2019-09-11 | 2020-01-24 | 烨链(上海)科技有限公司 | Data processing method, device and system |
| CN111556089A (en) * | 2020-03-16 | 2020-08-18 | 西安电子科技大学 | Resource joint optimization method based on enabling block chain mobile edge computing system |
-
2020
- 2020-11-13 CN CN202011272829.9A patent/CN112491829B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109327457A (en) * | 2018-11-09 | 2019-02-12 | 广州大学 | A kind of internet of things equipment identity identifying method and system based on block chain |
| CN110569643A (en) * | 2019-09-10 | 2019-12-13 | 腾讯科技(深圳)有限公司 | traffic management method and device based on block chain network |
| CN111586017A (en) * | 2020-04-29 | 2020-08-25 | 北京邮电大学 | Method and device for authenticating communication user |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112491829A (en) | 2021-03-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112491829B (en) | MEC platform identity authentication method and device based on 5G core network and blockchain | |
| US11496320B2 (en) | Registration method and apparatus based on service-based architecture | |
| KR101485230B1 (en) | Secure multi-uim authentication and key exchange | |
| Chen et al. | Lightweight and provably secure user authentication with anonymity for the global mobility network | |
| US11451614B2 (en) | Cloud authenticated offline file sharing | |
| KR101075713B1 (en) | Method and apparatus for access authentication in wireless mobile communication system | |
| CN109729523B (en) | Terminal networking authentication method and device | |
| US8474020B2 (en) | User authentication method, wireless communication apparatus, base station, and account management apparatus | |
| KR100978052B1 (en) | Apparatus, method and computer program product providing mobile node identities in conjunction with authentication preferences in generic bootstrapping architecture GBA | |
| EP1768426A1 (en) | Authentication method and corresponding information transmission method | |
| US11159940B2 (en) | Method for mutual authentication between user equipment and a communication network | |
| EP1886438A1 (en) | Method for inclusive authentication and management of service provider, terminal and user identity module, and system and terminal device using the method | |
| KR20060017594A (en) | Technique for secure wireless lan access | |
| EP3614741B1 (en) | Processing apparatus for terminal access to 3gpp network and communication system and corresponding system and computer program product | |
| WO2018205148A1 (en) | Data packet checking method and device | |
| JP2023162296A (en) | Non-3GPP device access to core network | |
| KR101718096B1 (en) | Method and system for authenticating in wireless communication system | |
| BR112021003460A2 (en) | device with no subscriber identity, device with subscriber identity, method for use on a device without subscriber identity, method for use on a device with subscriber identity, and computer program product | |
| CN116015807A (en) | Lightweight terminal security access authentication method based on edge calculation | |
| WO2015178597A1 (en) | System and method for updating secret key using puf | |
| CN105656854B (en) | A kind of method, equipment and system for verifying Wireless LAN user sources | |
| CN112423299B (en) | Method and system for wireless access based on identity authentication | |
| CN112887979A (en) | Network access method and related equipment | |
| CN101742507B (en) | System and method for accessing Web application site for WAPI terminal | |
| CN111163466A (en) | Method for 5G user terminal to access block chain, user terminal equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20231208 Address after: No. 220 Qingyuan Street, Shijiazhuang City, Hebei Province, 050011 Patentee after: China Mobile System Integration Co.,Ltd. Patentee after: China Mobile xiongan information and Communication Technology Co.,Ltd. Patentee after: CHINA MOBILE COMMUNICATIONS GROUP Co.,Ltd. Patentee after: China Mobile Information System Integration Co.,Ltd. Address before: 071700 No.88, South Aowei Road, Rongcheng County, Baoding City, Hebei Province Patentee before: China Mobile xiongan information and Communication Technology Co.,Ltd. Patentee before: China Mobile System Integration Co.,Ltd. Patentee before: CHINA MOBILE COMMUNICATIONS GROUP Co.,Ltd. |