CN113115413A - Method for accessing user terminal to 5G network - Google Patents
Method for accessing user terminal to 5G network Download PDFInfo
- Publication number
- CN113115413A CN113115413A CN202110487222.0A CN202110487222A CN113115413A CN 113115413 A CN113115413 A CN 113115413A CN 202110487222 A CN202110487222 A CN 202110487222A CN 113115413 A CN113115413 A CN 113115413A
- Authority
- CN
- China
- Prior art keywords
- network
- module
- authentication
- security
- user terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 230000005540 biological transmission Effects 0.000 claims description 14
- 230000003287 optical effect Effects 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 5
- 239000013307 optical fiber Substances 0.000 claims description 2
- 230000008054 signal transmission Effects 0.000 claims 1
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 description 15
- 238000004891 communication Methods 0.000 description 11
- 230000007246 mechanism Effects 0.000 description 6
- 238000011161 development Methods 0.000 description 4
- DJGAAPFSPWAYTJ-UHFFFAOYSA-M metamizole sodium Chemical compound [Na+].O=C1C(N(CS([O-])(=O)=O)C)=C(C)N(C)N1C1=CC=CC=C1 DJGAAPFSPWAYTJ-UHFFFAOYSA-M 0.000 description 3
- 230000004075 alteration Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/18—Selecting a network or a communication service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Abstract
The invention discloses a method for accessing a user terminal into a 5G network, which consists of a sending module, a receiving module, an authentication module and a control module, wherein the sending module comprises: the sending module is used for sending an access request carrying terminal identification information to an accessed 5G network by a user terminal; the receiving module is used for receiving the access request data by the 5G network; the authentication module is used for authenticating the accessed request data through an authentication protocol EAP authentication framework; the control module is used for controlling the authentication module to authenticate the user terminal when receiving the access authentication information of the user terminal; the method comprises the following steps: the method comprises the following steps: the user terminal sends an access request carrying terminal identification information to an accessed 5G network through a sending module; the invention has the beneficial effects that: authentication is carried out through an authentication protocol EAP authentication framework, so that the safety authentication efficiency of the terminal when the terminal is switched between 5G networks is improved, and the exposure of user privacy information is avoided; and due to the arrangement of the color light module, the link cost is greatly reduced.
Description
Technical Field
The invention belongs to the technical field of communication, and particularly relates to a method for accessing a user terminal to a 5G network.
Background
With the increasing maturity of internet information technology, 5G communication technology has come. In the foreseeable future years, 5G communication admission standards, network architectures and communication protocols all get major breakthroughs.
With the rapid development of communication technology, the living style of people has changed day by day, and the continuous improvement of the information technology of smart phones and mobile internet also promotes the development of mobile office and remote information transmission.
With the advent of the big data age, the reception of terminal devices will face more challenges. The realization of mobile office, remote control and video transmission functions enables people to enter the ubiquitous era, in which the requirements of people on the high efficiency, safety and stability of communication technology are higher and higher, so that the 5G communication technology is rapidly developed; currently, the 5G communication technology has the following characteristics:
firstly, high-speed and large-capacity information transmission needs high-speed network transmission equipment, the international standards of 3Gpp and IEEE are integrated into a market mechanism under the coordination of the current international standardization transfer protocol, and the large-scale antenna array and the multi-input multi-output technology greatly improve the capacity of the internet and lay a good foundation for further improving the large-information transmission of the mobile terminal; secondly, a multi-people technology is improved on the basis of the original technology in the 5G era, so that the transmission stability is further improved, and researches show that the transmission stability is higher when the number of antennas is increased, so that the multi-people technology is also suitable for network transmission in the 5G era; third, the full duplex technology belongs to the two-way communication technology of the same frequency at the same time, the technology has drawn up very large commercial development value, from the current technological development situation, the space existing in developing the communication activity is relatively limited, the transmitting signal and receiving signal between terminal and network may have the situation of mutual interference, make the traffic reduce constantly, can solve this problem effectively through adopting the full duplex technology, can reduce the situation of mutual interference of transmitting signal and receiving signal effectively, improve the communication material apparently.
A 5G core network, which adopts an SBA Architecture (Service Based Architecture); the SBA architecture is based on the cloud native architecture design, and the 'micro-service' concept in the IT field is used for reference, so that the 5G core network is modularized and software; there is also a major reason why the 5G core network is to be modular, namely for "slicing".
When the existing user terminal accesses the 5G network, the problem of user privacy exposure exists.
Disclosure of Invention
The present invention aims to provide a method for accessing a user terminal to a 5G network, so as to solve the problem that the privacy of the user is exposed when the existing user terminal is accessed to the 5G network, which is proposed in the above background art.
In order to achieve the purpose, the invention provides the following technical scheme: a method for accessing a user terminal to a 5G network comprises a sending module, a receiving module, an authentication module and a control module, wherein:
the sending module is used for sending an access request carrying terminal identification information to an accessed 5G network by a user terminal;
the receiving module is used for receiving the access request data by the 5G network;
the authentication module is used for authenticating the accessed request data through an authentication protocol EAP authentication framework;
the control module is used for controlling the authentication module to authenticate the user terminal when receiving the access authentication information of the user terminal;
the method comprises the following steps:
the method comprises the following steps: the user terminal sends an access request carrying terminal identification information to an accessed 5G network through a sending module;
step two: the 5G network receives access request data through a receiving module;
step three: and authenticating the accessed request data through an authentication protocol EAP authentication framework by an authentication module.
As a preferred technical solution of the present invention, the authentication protocol EAP authentication framework divides 5G network security into three aspects of user domain security, service domain security, and network domain security; wherein:
the user domain security comprises user terminal security and user privacy security;
service domain security includes network slice security;
the network domain security comprises user access process security and network environment security.
As a preferred technical solution of the present invention, the authentication protocol EAP authentication framework supports the following protocol:
EAP-PSK (pre-shared key);
EAP-TLS (transport layer Security);
EAP-AKA (authentication and key agreement).
As a preferred technical solution of the present invention, the optical fiber module further includes a color light module, and the color light module is used for combining optical signals with different wavelengths into one path for transmission.
The invention also comprises a network access module, and the network access module is used for accessing the user terminal to the 5G network for network access.
The invention also comprises an encryption module which is used for creating a safe network environment for users.
The invention also comprises an issuing module which is used for issuing the security certificate for the user terminal.
Compared with the prior art, the invention has the beneficial effects that:
(1) authentication is carried out through an authentication protocol EAP authentication framework, so that the safety authentication efficiency of the terminal when the terminal is switched between 5G networks is improved, and the exposure of user privacy information is avoided;
(2) and due to the arrangement of the color light module, the link cost is greatly reduced.
Drawings
Fig. 1 is a flowchart of an access method of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
Referring to fig. 1, the present invention provides a technical solution: a method for accessing a user terminal to a 5G network comprises a sending module, a receiving module, an authentication module and a control module, wherein:
the sending module is used for sending an access request carrying terminal identification information to an accessed 5G network by a user terminal;
the receiving module is used for receiving the access request data by the 5G network;
the authentication module is used for authenticating the accessed request data through an authentication protocol EAP authentication framework;
the control module is used for controlling the authentication module to authenticate the user terminal when receiving the access authentication information of the user terminal;
the method comprises the following steps:
the method comprises the following steps: the user terminal sends an access request carrying terminal identification information to an accessed 5G network through a sending module;
step two: the 5G network receives access request data through a receiving module;
step three: the authentication module authenticates the accessed request data through an authentication protocol EAP authentication framework, so that the safety authentication efficiency of the terminal during switching between the 5G networks is improved, and the exposure of user privacy information is avoided.
In this embodiment, preferably, the authentication protocol EAP authentication framework divides 5G network security into three aspects, namely, user domain security, service domain security, and network domain security; wherein:
the user domain security comprises user terminal security and user privacy security;
service domain security includes network slice security;
the network domain security comprises user access process security and network environment security.
In this embodiment, preferably, the authentication protocol EAP authentication framework supports the following protocol:
EAP-PSK (pre-shared key);
EAP-TLS (transport layer Security);
EAP-AKA (authentication and key agreement).
In the authentication framework, IEEE 802.1x authentication can be adopted during wired access, EAP-AKA authentication can be used during 5G new air interface access, different access networks provide authentication services by using AMF and AUSF/ARPF which are unified in logic function, a user can perform seamless switching among different access networks, and the security architecture of the 5G network is obviously different from that of the previous mobile network
In this embodiment, preferably, the optical transceiver further includes a color light module, and the color light module is configured to combine optical signals with different wavelengths into one path for transmission, so that link cost is greatly reduced.
Example 2
Referring to fig. 1, the present invention provides a technical solution: a method for accessing a user terminal to a 5G network comprises a sending module, a receiving module, an authentication module and a control module, wherein:
the sending module is used for sending an access request carrying terminal identification information to an accessed 5G network by a user terminal;
the receiving module is used for receiving the access request data by the 5G network;
the authentication module is used for authenticating the accessed request data through an authentication protocol EAP authentication framework;
the control module is used for controlling the authentication module to authenticate the user terminal when receiving the access authentication information of the user terminal;
the method comprises the following steps:
the method comprises the following steps: the user terminal sends an access request carrying terminal identification information to an accessed 5G network through a sending module;
step two: the 5G network receives access request data through a receiving module;
step three: the authentication module authenticates the accessed request data through an authentication protocol EAP authentication framework, so that the safety authentication efficiency of the terminal during switching between the 5G networks is improved, and the exposure of user privacy information is avoided.
In this embodiment, preferably, the authentication protocol EAP authentication framework divides 5G network security into three aspects, namely, user domain security, service domain security, and network domain security; wherein:
the user domain security comprises user terminal security and user privacy security;
service domain security includes network slice security;
the network domain security comprises user access process security and network environment security.
In this embodiment, preferably, the authentication protocol EAP authentication framework supports the following protocol:
EAP-PSK (pre-shared key);
EAP-TLS (transport layer Security);
EAP-AKA (authentication and key agreement).
In the authentication framework, IEEE 802.1x authentication can be adopted during wired access, EAP-AKA authentication can be used during 5G new air interface access, different access networks provide authentication services by using AMF and AUSF/ARPF which are unified in logic function, a user can perform seamless switching among different access networks, and the security architecture of the 5G network is obviously different from that of the previous mobile network
In this embodiment, preferably, the optical transceiver further includes a color light module, and the color light module is configured to combine optical signals with different wavelengths into one path for transmission, so that link cost is greatly reduced.
In this embodiment, preferably, the system further includes a network access module, and the network access module is used for accessing the user terminal to the 5G network for network access.
Example 3
Referring to fig. 1, the present invention provides a technical solution: a method for accessing a user terminal to a 5G network comprises a sending module, a receiving module, an authentication module and a control module, wherein:
the sending module is used for sending an access request carrying terminal identification information to an accessed 5G network by a user terminal;
the receiving module is used for receiving the access request data by the 5G network;
the authentication module is used for authenticating the accessed request data through an authentication protocol EAP authentication framework;
the control module is used for controlling the authentication module to authenticate the user terminal when receiving the access authentication information of the user terminal;
the method comprises the following steps:
the method comprises the following steps: the user terminal sends an access request carrying terminal identification information to an accessed 5G network through a sending module;
step two: the 5G network receives access request data through a receiving module;
step three: the authentication module authenticates the accessed request data through an authentication protocol EAP authentication framework, so that the safety authentication efficiency of the terminal during switching between the 5G networks is improved, and the exposure of user privacy information is avoided.
In this embodiment, preferably, the authentication protocol EAP authentication framework divides 5G network security into three aspects, namely, user domain security, service domain security, and network domain security; wherein:
the user domain security comprises user terminal security and user privacy security;
service domain security includes network slice security;
the network domain security comprises user access process security and network environment security.
In this embodiment, preferably, the authentication protocol EAP authentication framework supports the following protocol:
EAP-PSK (pre-shared key);
EAP-TLS (transport layer Security);
EAP-AKA (authentication and key agreement).
In the authentication framework, IEEE 802.1x authentication can be adopted during wired access, EAP-AKA authentication can be used during 5G new air interface access, different access networks provide authentication services by using AMF and AUSF/ARPF which are unified in logic function, a user can perform seamless switching among different access networks, and the security architecture of the 5G network is obviously different from that of the previous mobile network
In this embodiment, preferably, the optical transceiver further includes a color light module, and the color light module is configured to combine optical signals with different wavelengths into one path for transmission, so that link cost is greatly reduced.
In this embodiment, preferably, the system further includes a network access module, and the network access module is used for accessing the user terminal to the 5G network for network access.
In this embodiment, it is preferable that the system further includes an encryption module, and the encryption module is configured to create a secure network environment for a user.
In this embodiment, preferably, the system further includes an issuing module, and the issuing module is configured to issue the security credential for the user terminal; the security credentials comprise symmetric security credentials and asymmetric security credentials, and the 5G network needs to support the management of various security credentials, including symmetric security credential management and asymmetric security credential management; the symmetric security certificate management mechanism is convenient for operators to manage users in a centralized way; by adopting the asymmetric security certificate management, the identity management and the access authentication under the scene of the Internet of things can be realized, the authentication chain is shortened, the rapid and secure access is realized, and the authentication overhead is reduced; meanwhile, the pressure of a core network is relieved, and the bottleneck risk caused by signaling storm and high concentration of authentication nodes is avoided; asymmetric security credential management mainly includes the following two types of branches: certificate mechanisms and identity security based IBC (identity cryptography based) mechanisms; the certificate mechanism is a mature asymmetric security certificate management mechanism, is widely applied to financial and CA (certificate center) services, and has high certificate complexity; the identity management based on the IBC can be used as a public key of the identity management, a certificate does not need to be sent during authentication, the advantage of high transmission efficiency is achieved, the identity management corresponding to the IBC is easy to associate with the network/application ID, and an identity management strategy can be flexibly formulated or modified; the asymmetric key system has the decentralized characteristic, keys of all terminal devices do not need to be stored on a network side, a permanent online centralized identity management node does not need to be deployed, a network authentication node can adopt a decentralized deployment mode and is moved to the edge of a network as follows, and the authentication of the terminal and the network does not need to access a user identity database of a network center; the user credentials, USIM application and key generation algorithms for accessing the 5G network should always be stored and processed in a tamper-resistant secure hardware solution to prevent an attacker from tampering with the user credentials, the session keys shared with the HN or the key generation algorithms.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (7)
1. A method for accessing a user terminal to a 5G network is characterized in that: the system consists of a sending module, a receiving module, an authentication module and a control module, wherein:
the sending module is used for sending an access request carrying terminal identification information to an accessed 5G network by a user terminal;
the receiving module is used for receiving the access request data by the 5G network;
the authentication module is used for authenticating the accessed request data through an authentication protocol EAP authentication framework;
the control module is used for controlling the authentication module to authenticate the user terminal when receiving the access authentication information of the user terminal;
the method comprises the following steps:
the method comprises the following steps: the user terminal sends an access request carrying terminal identification information to an accessed 5G network through a sending module;
step two: the 5G network receives access request data through a receiving module;
step three: and authenticating the accessed request data through an authentication protocol EAP authentication framework by an authentication module.
2. The method of claim 1, wherein the method comprises the following steps: the authentication protocol EAP authentication framework divides the 5G network security into three aspects of user domain security, service domain security and network domain security; wherein:
the user domain security comprises user terminal security and user privacy security;
service domain security includes network slice security;
the network domain security comprises user access process security and network environment security.
3. The method of claim 1, wherein the method comprises the following steps: the authentication protocol EAP authentication framework supports the following protocols:
EAP-PSK (pre-shared key);
EAP-TLS (transport layer Security);
EAP-AKA (authentication and key agreement).
4. The method of claim 1, wherein the method comprises the following steps: the optical fiber signal transmission device also comprises a color light module which is used for combining optical signals with different wavelengths into one path for transmission.
5. The method of claim 1, wherein the method comprises the following steps: the system also comprises a network access module, and the network access module is used for accessing the user terminal into the 5G network for network access.
6. The method of claim 1, wherein the method comprises the following steps: the system also comprises an encryption module which is used for creating a safe network environment for users.
7. The method of claim 1, wherein the method comprises the following steps: the system also comprises an issuing module which is used for issuing the security certificate for the user terminal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110487222.0A CN113115413A (en) | 2021-05-05 | 2021-05-05 | Method for accessing user terminal to 5G network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110487222.0A CN113115413A (en) | 2021-05-05 | 2021-05-05 | Method for accessing user terminal to 5G network |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113115413A true CN113115413A (en) | 2021-07-13 |
Family
ID=76720851
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110487222.0A Pending CN113115413A (en) | 2021-05-05 | 2021-05-05 | Method for accessing user terminal to 5G network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113115413A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114760626A (en) * | 2021-10-18 | 2022-07-15 | 西安电子科技大学 | Self-adaptive combined authentication method for 5G large-scale terminal |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020055574A1 (en) * | 2018-09-13 | 2020-03-19 | Qualcomm Incorporated | Extensible authentication protocol (eap) implementation in new radio (nr) |
CN110996322A (en) * | 2019-11-28 | 2020-04-10 | 楚天龙股份有限公司 | Method for realizing secondary authentication of terminal |
CN111131258A (en) * | 2019-12-26 | 2020-05-08 | 中移(成都)信息通信科技有限公司 | Safe private network architecture system based on 5G network slice |
WO2020152140A1 (en) * | 2019-01-21 | 2020-07-30 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods for authentication and key management in a wireless communications network and related apparatuses |
CN112235799A (en) * | 2020-10-14 | 2021-01-15 | 中国电力科学研究院有限公司 | Network access authentication method and system for terminal equipment |
-
2021
- 2021-05-05 CN CN202110487222.0A patent/CN113115413A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020055574A1 (en) * | 2018-09-13 | 2020-03-19 | Qualcomm Incorporated | Extensible authentication protocol (eap) implementation in new radio (nr) |
WO2020152140A1 (en) * | 2019-01-21 | 2020-07-30 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods for authentication and key management in a wireless communications network and related apparatuses |
CN110996322A (en) * | 2019-11-28 | 2020-04-10 | 楚天龙股份有限公司 | Method for realizing secondary authentication of terminal |
CN111131258A (en) * | 2019-12-26 | 2020-05-08 | 中移(成都)信息通信科技有限公司 | Safe private network architecture system based on 5G network slice |
CN112235799A (en) * | 2020-10-14 | 2021-01-15 | 中国电力科学研究院有限公司 | Network access authentication method and system for terminal equipment |
Non-Patent Citations (1)
Title |
---|
""29509-g61"", 《3GPP SPECS\ARCHIVE》, 8 February 2021 (2021-02-08) * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114760626A (en) * | 2021-10-18 | 2022-07-15 | 西安电子科技大学 | Self-adaptive combined authentication method for 5G large-scale terminal |
CN114760626B (en) * | 2021-10-18 | 2024-04-02 | 西安电子科技大学 | Self-adaptive combined authentication method for 5G large-scale terminal |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11477242B2 (en) | Network security management method, and apparatus | |
CN111131258B (en) | Safe private network architecture system based on 5G network slice | |
US11552791B2 (en) | Access technology agnostic service network authentication | |
CN110267270B (en) | Identity authentication method for sensor terminal access edge gateway in transformer substation | |
EP1972125A2 (en) | Apparatus and method for protection of management frames | |
CN110535637A (en) | A kind of the wireless dispatch method, apparatus and system of quantum key | |
WO2011015060A1 (en) | Extensible authentication protocol authentication method, base station and authentication server thereof | |
CN102255904B (en) | Communication network and terminal authentication method thereof | |
Garzon et al. | Decentralized identifiers and self-sovereign identity in 6g | |
CN113115413A (en) | Method for accessing user terminal to 5G network | |
WO2022134089A1 (en) | Method and apparatus for generating security context, and computer-readable storage medium | |
WO2023143244A1 (en) | Terminal management method and core network device | |
US20230354037A1 (en) | Methods and systems for identifying ausf and accessing related keys in 5g prose | |
US11683700B2 (en) | Digital signatures for small cells of telecommunications networks | |
KR102587360B1 (en) | Method and apparatus for supporting reauthentication of dn authorized pdu session and for managing pdu session according to change in dn authorization data | |
KR20210040776A (en) | Method and apparatus for activating 5g user in 5g system | |
CN114268945B (en) | Communication network access method, device and system | |
Gu et al. | A unified security framework for WiMAX over EPON access networks | |
CN203482402U (en) | Gateway system and base station system | |
WO2023213184A1 (en) | Communication method and communication apparatus | |
US20230262642A1 (en) | Wireless residential gateway and indoor base station | |
US20230086538A1 (en) | Apparatus and method for providing security in wireless communication system | |
US20240008101A1 (en) | Identification of fraudulent network data sessions | |
Cheng et al. | Design and measurement of an indoor Li-Fi system based on 802.3 protocol | |
Fang | Efficient and Flexible Solutions for 5G Wireless Network Security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210713 |
|
RJ01 | Rejection of invention patent application after publication |