Disclosure of Invention
The embodiment of the disclosure provides a method, a device, equipment and a computer storage medium for authenticating MEC platform identity based on a 5G core network and a blockchain, which can realize the protection of each MEC platform IP address and prevent the MEC platform IP address from being tampered and faked maliciously.
In one aspect, an embodiment of the present disclosure provides a MEC platform identity authentication method based on a 5G core network and a blockchain, the method including:
identity authentication is carried out on the MEC platform through a 5G authentication and key agreement authentication mechanism; marking the network address and the permanent equipment identifier information owned by the authenticated MEC platform;
and carrying out uplink management on the authenticated MEC platform through a blockchain consensus mechanism, and storing network addresses and permanent equipment identifier information owned by the MEC platform into each node on the current blockchain.
In one embodiment, the authentication of the MEC platform by the 5G authentication and key agreement authentication mechanism includes
The MEC platform is connected with the security network element SEAF, the security network element SEAF initiates a start authentication request to the authentication server, and the request contains permanent equipment identifier information of the MEC platform so that the authentication server can request the unified data management equipment to verify the authenticity of the permanent equipment identifier information;
After the permanent equipment identifier information passes verification, the unified data management equipment creates an authentication vector to respond to the authentication server so that the authentication server interacts with the security network element SEAF, and identity authentication service is executed according to the authentication vector.
In one embodiment, the identity authentication is performed on the MEC platform by using a 5G authentication and key agreement authentication mechanism, which specifically includes:
the MEC platform is connected with the security network element SEAF, and information carrying the permanent equipment identifier of the current MEC platform is sent to the security network element SEAF;
sending an authentication starting request to an authentication server through a security network element SEAF so that an authentication response request is sent to unified data management equipment UDM or ARPF after the authentication server AUSF authenticates a service network of the security network element SEAF; wherein the initiation authentication request and the authentication response request both contain permanent equipment identifier information of the MEC platform, and the unified data management equipment UDM or ARPF verifies the authenticity of the permanent equipment identifier information.
In one embodiment, the authentication of the MEC platform is performed by a 5G authentication and key agreement authentication mechanism, and further includes:
after the permanent equipment identifier information passes verification, the unified data management equipment UDM or ARPF creates a first authentication vector, responds to an authentication response request, sends the first authentication vector to an authentication server AUSF and indicates the authentication vector to be used for authentication and key negotiation authentication; wherein the first authentication vector comprises a random number, an authentication token, an authentication response parameter and an authentication key;
The authentication server AUSF stores the authentication response parameters, calculates an anchor key according to the authentication key, generates a second authentication vector containing a random number, an authentication token and the anchor key, and sends the second authentication vector to the security network element SEAF;
the security network element SEAF sends request information containing at least the random number and the authentication token in the second authentication vector to the MEC platform, so that the platform sends the random number and the authentication token to the universal subscriber identity module USIM to verify the freshness of the authentication token, and the MEC platform deduces response parameters, authentication keys and anchor keys and returns the response parameters, the authentication keys and the anchor keys to the authentication server;
the authentication server side judges an authentication result according to the comparison of the response parameter and the authentication response parameter; if the comparison is equal, the authentication is passed, otherwise the authentication fails.
In one embodiment, marking network addresses and permanent equipment identifier information owned by authenticated MEC platforms includes
And enabling the authenticated MEC platform to acquire an authentication result, and acquiring an indication for marking the current public network address and the permanent equipment identifier information of the MEC platform, and marking the MEC platform to perform the uplink operation.
In one embodiment, the method for performing uplink management on the authenticated MEC platform through a blockchain consensus mechanism specifically comprises the following steps of
And synchronizing the public network address and the permanent equipment identifier information of the authenticated MEC platform to other MEC platforms in the network where the current platform is located as the identification information of the MEC platform for uplink management of the MEC platform.
In one embodiment, in performing uplink management on an authenticated MEC platform through a blockchain consensus mechanism, the uplink management includes:
generating a first transaction hash value of the current platform according to the authenticated MEC platform permanent equipment identifier information and the distributed public network address;
the MEC platform is enabled to initiate an access request to the core network again, so that when the core network receives the access request, an authentication signaling is sent to other MEC platforms on the blockchain, and identity authentication is carried out on the MEC platform of the access request;
enabling other MEC platforms on the blockchain to call the identification information of the MEC platform according to public network address information contained in the current MEC platform access request to generate a second hash value;
acquiring a second hash value and a first hash value, comparing the two hash values, and if the two hash values are equal, verifying to pass; and otherwise, the verification fails.
In another aspect, an embodiment of the present disclosure provides an MEC platform identity authentication apparatus based on a 5G core network and a blockchain, the apparatus comprising,
The authentication and authentication management module is used for carrying out identity authentication on the MEC platform through a 5G authentication and key agreement authentication mechanism; marking the network address and the permanent equipment identifier information owned by the authenticated MEC platform;
and the uplink management module is used for carrying out uplink management on the authenticated MEC platform through a blockchain consensus mechanism, and storing the network address and the permanent equipment identifier information owned by the MEC platform into each node on the current blockchain.
In still another aspect, an embodiment of the present disclosure provides an MEC platform identity authentication device based on a 5G core network and a blockchain, the device including: a processor and a memory storing computer program instructions;
the processor executes the computer program instructions to implement any one of the above-described MEC platform identity authentication methods for 5G core networks and blockchains.
In yet another aspect, an embodiment of the present disclosure provides a computer storage medium, where computer program instructions are stored, where the computer program instructions, when executed by a processor, implement a MEC platform identity authentication method for a 5G core network and blockchain as described in any one of the foregoing.
According to the MEC platform identity authentication method, device and equipment for the 5G core network and the blockchain, and the computer storage medium, the identity authentication of the MEC platform can be realized, the platform identification information passing the authentication is synchronized and commonly recognized based on the blockchain technology, the authentication of the MEC platform identity is effectively realized, and the occurrence of illegal use and falsification of an IP address is effectively prevented.
Detailed Description
Features and exemplary embodiments of various aspects of the present disclosure will be described in detail below, and in order to make the objects, technical solutions and advantages of the present disclosure more apparent, the present disclosure will be described in further detail below with reference to the accompanying drawings and the detailed embodiments. It should be understood that the specific embodiments described herein are intended to be illustrative of the present disclosure and not limiting. It will be apparent to one skilled in the art that the present disclosure may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present disclosure by showing examples of the present disclosure.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
The method has the defects that a network cannot effectively distinguish the authenticity of an MEC platform, cannot judge whether an IP address used by the MEC platform is an IP address allocated by the network or not, cannot prevent illegal users from obtaining access rights of resources, and cannot ensure the security of a system and data.
Therefore, in order to solve the problems in the prior art, the embodiments of the present disclosure provide a method, an apparatus, a device, and a computer storage medium for MEC platform identity authentication based on a 5G core network and a blockchain. The following first describes an MEC platform identity authentication method based on a 5G core network and a blockchain provided by an embodiment of the present disclosure.
Fig. 3-5 are schematic flow diagrams of an MEC platform identity authentication method based on a 5G core network and a blockchain according to an embodiment of the present disclosure, the method includes the following steps:
S001, carrying out identity authentication on the MEC platform through a 5G authentication and key agreement authentication mechanism; marking the network address and the permanent equipment identifier information owned by the authenticated MEC platform;
s002, carrying out uplink management on the authenticated MEC platform through a blockchain consensus mechanism, and storing network addresses and permanent equipment identifier information owned by the MEC platform into each node on the current blockchain.
In the method provided in this embodiment, in conjunction with the network topology diagram shown in fig. 2, the MEC platform interacts and authenticates with the 5G core network through UPF (User Plane Function ), as shown in fig. 2a. And (3) carrying out uplink management on all authenticated MEC platforms in the network, as shown in fig. 2b, taking each MEC platform as a block node, taking an IP address allocated to the MEC platform and PEI (Permanent Equipment Identifier, permanent equipment identifier, international Mobile Equipment Identity (IMEI) information equivalent to a 4G network) information of the MEC platform as identification information of the MEC platform, carrying out consensus authentication on the links, and ensuring that the identification information of the MEC platform is not tampered and impersonated at will.
The network element functions in the 5GC architecture shown in fig. 2a are explained as follows:
AF: application Function, application layer functional entity.
AMF: access and Mobility Management Function, access and mobility management functional entities; is the termination of the NG-RAN (Radio Access Network, radio access network base station) signaling interface (N2), the termination of NAS (non access stratum) signaling (N1).
SMF: session Management Function session management function entity.
UPF: user Plane Function, user plane functional entity.
PCF: policy Control Function, policy control function.
NEF: network Exposure Functio, the network exposes functional entities.
NRF: network Repository Function, network storage function entity.
UDM: unified Data Management, unified data management.
AUSF: authentication Server Function, authentication server network element.
NSSF: network Slice Selection Function, network slice selection functional entity.
UE: user Equipment.
Specifically, in the method in this embodiment, during the identity authentication of the MEC platform by using the 5G-AKA (Authentication and Key Agreement ) authentication mechanism, the MAC address (Media Access Control Address) of the MEC platform device is first translated into a media access control address, also called a local area network address, a MAC address, an ethernet address or a physical address) to be converted into a decimal PEI as the edge device, and then used for the identity authentication on the core network. Then
The authentication is started, as shown in fig. 3, comprising the steps of:
s101, connecting an MEC platform with a security network element SEAF (SEcurity Anchor Function, a security anchor network element, SEAF for short, hereinafter the same) and transmitting N1 message information carrying a permanent equipment identifier PEI of the MEC platform to the security network element SEAF through a NEF (Network Exposure Function, network exposure functional entity) network element;
s102, when the security network element SEAF wants to start authentication, the security network element SEAF sends a Nausf_MECAUtility_ Authenticate Request message to an AUSF (Authentication Server Function, authentication server) network element, namely, the security network element SEAF initiates an authentication starting request to the AUSF to call Nausf_MECAUtility service; wherein the request includes permanent equipment identifier information of the MEC platform;
s103, after receiving the Nausf_MECAUtility_ Authenticate Request message, the AUSF checks whether the SEAF network element initiating the request in the service network has the right to use the service network name in the Nausf_MECAUtility_authentication request by comparing the service network name with the expected service network name; comparing the service network names to be the same, and authorizing the service network to use the service network names;
S104, the AUSF network element sends the obtained permanent equipment identifier information PEI and SNN (Serving Network Name, name of service network) to a UDM (Unified Data Management ) network element or an ARPF (Authentication Credential Repository and Processing Function, authentication evidence storage and management) network element by sending the authentication response Request information of the nudm_MECAUtility_get_request;
s105, verifying authenticity of the permanent equipment identifier PEI by unified data management equipment such as UDM/ARPF according to information stored in a database.
Performing authentication is as shown in fig. 4:
after the permanent equipment identifier information PEI passes verification, the unified data management equipment creates a first authentication vector to respond to the authentication server so that the authentication server interacts with the security network element SEAF, and identity authentication service is executed according to the authentication vector. The method specifically comprises the following steps:
s201, after a permanent equipment identifier PEI passes verification, the UDM/ARPF creates a 5G HE AV (5G Home Environment Authentication Vector), namely a first authentication vector; when the UDM/ARPF generates an AV (Authentication Vector ), the "separation bit" of the authentication management field (Authentication Management Field, AMF for short) must be set to 1; when the UDM/ARPF creates a 5G HE AV, it is generated by RAND (Random Challenge), AUTN (Authentication Token authentication token), XRES (Expected Response, authentication response parameters), and KAUSF (authentication key).
S202.UDM/ARPF responds to authentication Response request, sends 5G HE AV to AUSF in nudm_MECAuthentication_get Response message, and indicates that the 5G HE AV will be used for AKA authentication in nudm_MECAuthentication_get Response message;
s203.ausf stores an authentication response parameter XRES, and may calculate an anchor key KSEAF according to the authentication key KAUSF, and replace the authentication response parameter XRES with the anchor key KSEAF to obtain a 5G SE AV (SEcurity Authentication Vector, security anchor authentication vector), that is, a second authentication vector, where the second authentication vector includes RAND (Random Challenge), AUTN (Authentication Token ), and KSEAF (anchor key);
s204, AUSF sends Nausf_MECAUtility_authentication response message to the SEAF network element, wherein the response message carries 5G SE AV;
s205. the SEAF network element sends an authentication_request Authentication Request message with Authentication parameters such as random number RAND and token AUTN to the MEC platform through the NEF, where the Authentication Request message may further include parameter ngKSI (Key Set Identifier in g,5g key set identifier), which is used for the MEC platform and AMF (Access and Mobility Management Function, access and mobility management functions; the AMF network element and SEAF network element may be together in one physical device) to identify KAMF (ME device from KSEAF and SEAF network element derived key) and part of the local security context information created when Authentication is successful, and may further include ABBA parameters (Anti-Bidding down Between Architectures, anti-dimensionality attack of different architecture), where the conventional setting parameters are used for enabling subsequent dimensionality protection for the security function;
S206, the ME (Mobile Equipment) in the MEC platform forwards the received random number RAND and the token AUTN to the USIM (Universal Subscriber Identity Module, user service identification module) of the ME;
s207, after receiving the random number RAND and the token AUTN, the USIM firstly verifies the freshness of the token AUTN in the second authentication vector, after passing the verification, the USIM calculates a RESponse RES (namely RESponse, RESponse parameters), returns the RESponse RES, a stored confidentiality key CK and an integrity key IK to the ME, and the ME can deduce RES (encrypted RESponse parameters), KAUSF and KSEAF according to RES, CK, IK;
s208, during authentication execution, the ME checks whether an authentication management field AMF parameter "separation bit" of the token AUTN is 1, and if so, the MEC platform returns RES to the SEAF in an authentication response message Authentication Response sent by the NAS (Non-Access Stratum);
s209. the seaf network element sends the encrypted response parameter RES together with the response identifier PEI to the AUSF through a nausf_mecaauthentication_ Authenticate Request request message; after the AUSF of the home network receives the Nausf_MECAuthentication_authentication request, firstly judging whether the second authentication vector is out of date, and if so, judging that the authentication fails; if not, comparing the encryption response parameter RES with the authentication response parameter XRES, and if so, considering that the identity authentication is successful by AUSF;
S210.AUSF tells the SEAF that the MEC platform is in the authentication result of the home network by sending a response message Nausf_MECAuthentication_ Authenticate Response to the SEAF network element;
s211, the SEAF network element sends a Nausf_MECAuthentication_ Authenticate Result message, the result of the MEC platform identity authentication is notified through the result message, and if the authentication is successful, a blockchain module of the MEC platform is indicated to mark an IP address and an identifier PEI;
s212, if the identity authentication is successful, the blockchain module in the MEC platform marks the IP address and the identifier PEI at the moment and is used for information uplink operation.
By adopting the block chain mode, the risk problem that the IP address of the MEC platform is easy to tamper and any MEC platform can randomly use other MEC platform IPs can be solved. The blockchain is a distributed shared ledger and database based on cryptography and a consensus algorithm, has the characteristics of decentralization, non-falsification, whole trace, traceability, collective maintenance, openness, transparency and the like, and is matched with the distributed deployment condition of the MEC platform.
In this embodiment, all the MEC platforms in the current network that are successfully authenticated are subjected to uplink management, each MEC platform is used as a block node, the IP address allocated to the MEC platform and the PEI information of the MEC platform are used as identification information of the MEC platform, and after the authenticated MEC platform obtains the authentication result, the indication of the current public network address and the permanent equipment identifier information of the MEC platform is obtained and is used for sending to all other MEC platforms to synchronize the identification information, and the identification information is stored in other MEC platforms.
Specifically, as shown in fig. 5, when the authenticated MEC1 platform initiates a request to the core network again, performing uplink management on the authenticated MEC platform through a blockchain consensus mechanism includes:
s301, regarding primary authentication of the 5G core network to the MEC1 platform as one transaction, and generating a first transaction Hash value MEC1Hash1 of the current MEC1 platform according to the authenticated identifier PEI and the allocated IP address;
s302, when the authenticated MEC1 platform needs to use the allocated IP resources due to platform service, an access Request MEC1 visual_Request needs to be initiated to the 5G core network again;
when the S303.5G core network (abbreviated as 5 GC) receives the access request, other MEC platforms (i.e., MEC2, MEC3, MEC) on the blockchain are required … ) Performing identity authentication on the MEC1 which requests access at the moment; namely, the 5G core network sends MEC Identification Verification _Request authentication signaling to each other MEC platform to Request the identity authentication of the MEC platform of the access Request;
s304 remaining MEC platforms (i.e., MEC2, MEC3, MEC) … ) Calling the identification information of the MEC platform according to public network address information contained in the access request of the current MEC platform to respectively generate second transaction Hash values MEC2Hash2, MEC3Hash3 and …
S305, comparing the first transaction Hash value MEC1Hash1 with a second transaction Hash value MEC2Hash2, MEC3Hash3 and … generated by the other MEC platforms, and feeding back verification results MEC Identification Verification _response to the 5G core network one by one;
S306.5G the core network feeds back the access result MEC1 visual_response according to the verification result, if the verification result values in s305 are the same, the information of the MEC1 platform is not tampered, the MEC1 platform is allowed to use the allocated resources again, the MEC1 platform service is normally performed, and if the verification is not passed, the authentication flow needs to be reinitiated to the core network by the MEC1 platform.
According to the method and the device, through a 5G core network and a blockchain technology, identity authentication of an edge computing platform MEC is achieved, the permanent equipment identifier PEI and the IP address are stored into each node to conduct hash value comparison, confidentiality is high, authentication of the MEC platform identity is effectively achieved, and the occurrence of illegal use and tampering of the IP address is effectively prevented.
In another aspect, as shown in fig. 6, an embodiment of the present disclosure provides an MEC platform identity authentication device based on a 5G core network and a blockchain, the device comprising,
the authentication and authentication management module is used for carrying out identity authentication on the MEC platform through a 5G authentication and key agreement authentication mechanism; marking the network address and the permanent equipment identifier information owned by the authenticated MEC platform;
And the uplink management module is used for carrying out uplink management on the authenticated MEC platform through a blockchain consensus mechanism, and storing the network address and the permanent equipment identifier information owned by the MEC platform into each node on the current blockchain.
The authentication and authentication management module is used for managing and starting authentication and executing authentication flow, and implementing steps S101-S105 and S201-S212 of MEC platform identity authentication based on the 5G core network and the blockchain in the above embodiment of the disclosure.
1. Performing startup authentication, referring to fig. 2-3, includes:
s101, connecting an MEC platform with a security network element SEAF, and transmitting an N1 message carrying a permanent equipment identifier PEI to the security network element SEAF (SEcurity Anchor Function, a security anchor network element, SEAF for short, hereinafter the same) by the MEC through a NEF (Network Exposure Function, network opening function) network element;
s102, when the SEAF network element wants to start authentication, the SEAF sends a request message Nausf_MECAULTRING_ Authenticate Request to an AUSF (AUthenticationServer Function, authentication server) network element, namely, initiates an authentication starting request to call Nausf_MECAULTRING service; wherein the request includes permanent equipment identifier information of the MEC platform;
S103, after receiving the Nausf_MECAUtility_ Authenticate Request message, the AUSF checks whether the SEAF network element initiating the request in the service network has the right to use the service network name in the Nausf_MECAUtility_authentication request by comparing the service network name with the expected service network name; comparing the service network names to be the same, and authorizing the service network to use the service network names;
s104, the AUSF network element sends the obtained identifier PEI information and SNN (Serving Network Name, name of service network) to a UDM (Unified Data Management )/ARPF (Authentication Credential Repository and Processing Function, authentication credential storage and management) network element by sending a Nudm_MECAUtility_get request;
s105, verifying authenticity of the identifier PEI by the unified data management devices, namely UDM/ARPF according to information stored in a database.
2. Performing authentication, refer to FIG. 4
After the permanent equipment identifier information PEI passes verification, the unified data management equipment creates a first authentication vector to respond to the authentication server so that the authentication server interacts with the security network element SEAF, and identity authentication service is executed according to the authentication vector. The method specifically comprises the following steps:
S201, after PEI passes verification, the UDM/ARPF creates a 5G HE AV (5G Home Environment Authentication Vector), namely a first authentication vector; when generating an AV (Authentication Vector ), the "separation bit" of the authentication management field (Authentication Management Field, AMF) must be set to 1; when the UDM/ARPF creates a 5G HE AV, it is generated by RAND (Random Challenge), AUTN (Authentication Token authentication token), XRES (Expected Response, authentication response parameters), and KAUSF (authentication key).
S202.UDM/ARPF responds to authentication response request, sends 5G HE AV to AUSF in nudm_MECAuthentication_get response, and indicates that the 5G HE AV is to be used for AKA authentication in nudm_MECAuthentication_get response;
s203.ausf stores authentication response parameters XRES, and may calculate an anchor key KSEAF according to the authentication key KAUSF, replace XRES with the anchor key KSEAF to obtain a 5G SE AV (SEcurity Authentication Vector, security anchor authentication vector), i.e. a second authentication vector, where the second authentication vector includes RAND (Random Challenge), AUTN (Authentication Token ), and KSEAF (anchor key);
S204, AUSF sends Nausf_MECAUtility_authentication response message to the SEAF network element, wherein the response message carries 5G SE AV;
s205. the SEAF network element sends an authentication_request Authentication Request message with Authentication parameters such as random number RAND and token AUTN to the MEC platform through the NEF, where the Authentication Request message may further include parameter ngKSI (Key Set Identifier in g,5g key set identifier), which is used for the MEC platform and AMF (Access and Mobility Management Function, access and mobility management functions; the AMF network element and SEAF network element may be together in a physical device) to identify KAMF (ME and SEAF derived key from KSEAF) and part of the native security context information created when Authentication is successful, and may further include ABBA parameters (Anti-Bidding down Between Architectures, anti-downmaintenance attacks of different architecture), where the conventional setting parameters are used for subsequently enabling downmaintenance protection for the security functions;
s206, the ME (Mobile Equipment) in the MEC platform forwards the received random number RAND and the token AUTN to the USIM (Universal Subscriber Identity Module, user service identification module);
s207, after receiving the random number RAND and the token AUTN, the USIM firstly verifies the freshness of the AUTN in the second authentication vector, after passing the verification, the USIM calculates RESponse RES (RESponse parameter), and returns the RESponse parameter RES, the stored confidentiality key CK and the stored integrity key IK to the ME, and the ME can deduce RES (encrypted RESponse parameter), KAUSF and KSEAF according to the RESponse parameter RES, CK, IK;
S208, during authentication execution, the ME checks whether an authentication management field AMF parameter separation bit of the AUTN is 1, and if the authentication management field AMF parameter separation bit is 1, the MEC platform returns an encryption response parameter RES to the SEAF network element through an NAS (Non-Access Stratum) authentication response message Authentication Response;
s209. the seaf network element sends the encrypted response parameter RES together with the response identifier PEI to the AUSF through a nausf_mecaauthentication_ Authenticate Request request message; after the AUSF of the home network receives the Nausf_MECAuthentication_ Authenticate Request request message, firstly judging whether the second authentication vector is out of date, and if so, judging that the authentication fails; if not, comparing the encryption response parameter RES with the authentication response parameter XRES, and if so, considering that the identity authentication is successful by AUSF;
s210.AUSF tells the SEAF network element that the MEC platform is in the authentication result of the home network by sending Nausf_MECAUtility_ Authenticate Response response message to the SEAF;
s211, the SEAF network element informs the MEC platform of the identity authentication result through a Nausf_MECAuthentication_ Authenticate Result message, and if authentication is successful, the block chain module of the MEC platform is instructed to mark an IP address and an identifier PEI;
S212, if the identity authentication is successful, the blockchain module in the MEC platform marks the IP and the identifier PEI at the moment and is used for information uplink operation.
The uplink management module carries out uplink management on all authenticated MEC platforms in the current network, each MEC platform is used as a block node, the IP address allocated by the MEC platform and PEI information of the MEC platform are used as identification information of the MEC platform, and after the authenticated MEC platform obtains an authentication result, an indication marking the current public network address and self permanent equipment identifier information is obtained and is used for being sent to all other MEC platforms to synchronize the identification information and stored in the other MEC platforms.
Specifically, when the authenticated MEC1 platform initiates a request to the core network again, the uplink management module performs uplink management on the authenticated MEC platform through the blockchain consensus mechanism, and performs the method steps S301 to S306 of the authentication of the MEC platform based on the 5G core network and the blockchain in the above embodiment, referring to fig. 5, including:
s301, regarding primary authentication of the 5G core network to the MEC1 platform as one transaction, and generating a first transaction Hash value MEC1Hash1 of the current MEC1 platform according to the authenticated identifier PEI and the allocated IP address;
S302, when the authenticated MEC1 platform needs to use the allocated IP resources due to platform service, an access Request MEC1 visual_Request needs to be initiated to the 5G core network again;
when the S303.5G core network (abbreviated as 5 GC) receives the access request, other MEC platforms (i.e., MEC2, MEC3, MEC) on the blockchain are required … ) Performing identity authentication on the MEC1 which requests access at the moment; namely, the 5G core network sends MEC Identification Verification _Request authentication signaling to each other MEC platform to Request the identity authentication of the MEC platform of the access Request;
s304 remaining MEC platforms (i.e., MEC2, MEC3, MEC) … ) Calling the identification information of the MEC platform according to public network address information contained in the access request of the current MEC platform to respectively generate second transaction Hash values MEC2Hash2, MEC2Hash3 and …
S305, comparing the first transaction Hash value MEC1Hash1 with a second transaction Hash value MEC2Hash, MEC3Hash and … generated by the other MEC platforms, and feeding back a verification result MEC Identification Verification _response to the 5G core network one by one;
S306.5G the core network feeds back the access result MEC1 visual_response according to the verification result, if the verification result values in s305 are the same, it is indicated that the information of the MEC1 platform has not been tampered, the MEC1 platform is allowed to use the allocated resources again, the MEC1 platform service proceeds normally, if verification does not pass through the MEC1 platform, the authentication flow needs to be reinitiated to the core network
In yet another aspect, as shown in fig. 7, an embodiment of the present disclosure provides an MEC platform identity authentication device based on a 5G core network and a blockchain, the device including: a processor and a memory storing computer program instructions;
the processor executes the computer program instructions to implement any one of the above-described MEC platform identity authentication methods for 5G core networks and blockchains.
Fig. 7 is a schematic hardware structure diagram of an MEC platform identity authentication device for 5G core network and blockchain according to an embodiment of the present disclosure.
The MEC platform authentication device at the 5G core network and blockchain may include a processor 301 and a memory 302 storing computer program instructions.
In particular, the processor 301 may include a Central Processing Unit (CPU), or an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or may be configured as one or more integrated circuits implementing embodiments of the present disclosure.
Memory 302 may include mass storage for data or instructions. By way of example, and not limitation, memory 302 may comprise a Hard Disk Drive (HDD), floppy Disk Drive, flash memory, optical Disk, magneto-optical Disk, magnetic tape, or universal serial bus (Universal Serial Bus, USB) Drive, or a combination of two or more of the foregoing. Memory 302 may include removable or non-removable (or fixed) media, where appropriate. Memory 302 may be internal or external to the integrated gateway disaster recovery device, where appropriate. In a particular embodiment, the memory 302 is a non-volatile solid-state memory.
The processor 301 reads and executes the computer program instructions stored in the memory 302 to implement the MEC platform identity authentication method of the blockchain and 5G core network of any of the above embodiments.
In one example, the MEC platform identity authentication device of the 5G core network and blockchain may further include a communication interface 303 and a bus 310. As shown in fig. 7, the processor 301, the memory 302, and the communication interface 303 are connected to each other by a bus 310 and perform communication with each other.
The communication interface 303 is mainly used to implement communication between each module, apparatus, unit and/or device in the embodiments of the present disclosure.
Bus 310 includes hardware, software, or both that couple the components of the online data flow billing device to each other. By way of example, and not limitation, the buses may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a HyperTransport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a micro channel architecture (MCa) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus, or a combination of two or more of the above. Bus 310 may include one or more buses, where appropriate. Although embodiments of the disclosure describe and illustrate a particular bus, the disclosure contemplates any suitable bus or interconnect.
In yet another aspect, an embodiment of the present disclosure provides a computer storage medium, where computer program instructions are stored, where the computer program instructions, when executed by a processor, implement a MEC platform identity authentication method for a 5G core network and blockchain as described in any one of the foregoing.
It should be clear that the present disclosure is not limited to the particular arrangements and processes described above and illustrated in the drawings. For the sake of brevity, a detailed description of known methods is omitted here. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present disclosure are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications, and additions, or change the order between steps, after appreciating the spirit of the present disclosure.
The functional blocks shown in the above-described structural block diagrams may be implemented in hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, a plug-in, a function card, or the like. When implemented in software, the elements of the present disclosure are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine readable medium or transmitted over transmission media or communication links by a data signal carried in a carrier wave. A "machine-readable medium" may include any medium that can store or transfer information. Examples of machine-readable media include electronic circuitry, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, radio Frequency (RF) links, and the like. The code segments may be downloaded via computer networks such as the internet, intranets, etc.
It should also be noted that the exemplary embodiments mentioned in this disclosure describe some methods or systems based on a series of steps or devices. However, the present disclosure is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, may be different from the order in the embodiments, or several steps may be performed simultaneously.
In the foregoing, only the specific embodiments of the present disclosure are described, and it will be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the systems, modules and units described above may refer to the corresponding processes in the foregoing method embodiments, which are not repeated herein. It should be understood that the scope of the present disclosure is not limited thereto, and any equivalent modifications or substitutions can be easily made by those skilled in the art within the technical scope of the present disclosure, and these modifications or substitutions should be included in the scope of the present disclosure.