CN113411286B - Access processing method and device based on 5G technology, electronic equipment and storage medium - Google Patents

Access processing method and device based on 5G technology, electronic equipment and storage medium Download PDF

Info

Publication number
CN113411286B
CN113411286B CN202010182703.6A CN202010182703A CN113411286B CN 113411286 B CN113411286 B CN 113411286B CN 202010182703 A CN202010182703 A CN 202010182703A CN 113411286 B CN113411286 B CN 113411286B
Authority
CN
China
Prior art keywords
private network
user terminal
access request
request
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010182703.6A
Other languages
Chinese (zh)
Other versions
CN113411286A (en
Inventor
张力
曾维微
王松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Wodong Tianjun Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Wodong Tianjun Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Wodong Tianjun Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN202010182703.6A priority Critical patent/CN113411286B/en
Publication of CN113411286A publication Critical patent/CN113411286A/en
Application granted granted Critical
Publication of CN113411286B publication Critical patent/CN113411286B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Abstract

The disclosure provides an access processing method based on a 5G technology, an access processing device based on the 5G technology, electronic equipment and a computer readable storage medium, and belongs to the technical field of communication. Applied to mobile edge computing, MEC, nodes, the method comprising: acquiring an access request sent by a user terminal; when judging that the access request is a private network access request, sending the access request to a corresponding private network so as to process the access request through the private network; and when the access request is judged to be a public network access request, the access request is sent to a core network, so that the access request is sent to a corresponding address through the core network. The method and the device can effectively process the access request of the user so that the user can efficiently access the private enterprise network.

Description

Access processing method and device based on 5G technology, electronic equipment and storage medium
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to an access processing method based on a 5G technology, an access processing device based on a 5G technology, an electronic device, and a computer readable storage medium.
Background
With the development of communication technology, in various large-scale enterprise parks, an enterprise private network is often built by setting a physical private network, a WIFI (Wireless-Fidelity) or a virtual private network, so as to meet the requirements of each enterprise on the aspects of security, privacy, service reliability and the like of mobile office communication. In the prior art, no matter which way is adopted to establish the private enterprise network, corresponding problems exist, such as establishing the private enterprise network by a physical private network or deploying WIFI, and the cost is high; the virtual private network is arranged, so that a user accesses the private network service of the enterprise through the public mobile network, no matter where the user is, the data are required to be accessed and acquired through the Internet outlet of the enterprise network, the data are transmitted back through the backbone network of the core network, the distance is longer, the time delay is higher, the resource cost is higher, the data security is lower, and the better network performance cannot be provided.
Therefore, how to adopt a reasonable access processing method to enable a user to access an enterprise private network through a public mobile network with high efficiency and safety is a problem to be solved in the prior art.
It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the present disclosure and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The disclosure provides an access processing method based on a 5G technology, an access processing device based on a 5G technology, an electronic device and a computer readable storage medium, so as to overcome the problem of low access efficiency in the existing access processing method at least to a certain extent.
Other features and advantages of the present disclosure will be apparent from the following detailed description, or may be learned in part by the practice of the disclosure.
According to a first aspect of the present disclosure, there is provided an access processing method based on a 5G technology, applied to mobile edge computing MEC node, including: applied to a mobile edge computing MEC node, the method comprising: acquiring an access request sent by a user terminal; when judging that the access request is a private network access request, sending the access request to a corresponding private network so as to process the access request through the private network; and when the access request is judged to be a public network access request, the access request is sent to a core network, so that the access request is sent to a corresponding address through the core network.
In one exemplary embodiment of the present disclosure, the access request is judged to be a private network access request or a public network access request by: extracting an access address from the access request; when the access address is found in the private network address library, determining that the access request is a private network access request; and when the access address is not found in the private network address library, determining that the access request is a public network access request.
In an exemplary embodiment of the disclosure, when the user terminal does not establish a session with the private network, the access request is a session establishment request; the sending the access request to the corresponding private network includes: and sending the session establishment request to a corresponding private network authentication server, so that when the private network authentication server authenticates the session establishment request, a session between the user terminal and the private network is established.
In an exemplary embodiment of the present disclosure, the method further comprises: acquiring subscription information according to the identity information of the user terminal; detecting whether the session establishment request satisfies the subscription information; and when the session establishment request is determined to meet the subscription information, the step of sending the session establishment request to a corresponding private network authentication server is performed.
In an exemplary embodiment of the present disclosure, when it is determined that the session establishment request satisfies the subscription information, the method further includes: detecting whether the private network requires secondary authentication; and when the private network is determined to require secondary authentication, the step of sending the session establishment request to a corresponding private network authentication server is performed.
In an exemplary embodiment of the present disclosure, the method further comprises: when the private network is determined not to require secondary authentication, detecting an authentication state of the user terminal; when the authentication state of the user terminal is determined to be authenticated, notifying the private network authentication server to establish a session between the user terminal and the private network; and when the authentication state of the user terminal is determined to be unauthenticated, the step of sending the session establishment request to a corresponding private network authentication server is performed.
In an exemplary embodiment of the present disclosure, the session establishment request includes: identity information of the user terminal, a name of the private network and a session identifier.
According to a second aspect of the present disclosure, there is provided an access processing method based on a 5G technology, applied to a private network authentication server, including: the method is applied to a private network authentication server and comprises the following steps: receiving an access request, wherein the access request is sent to an MEC node by a user terminal, and then sent to the private network authentication server by the MEC node; and establishing a session between the private network and the user terminal, and processing the access request through the session.
In an exemplary embodiment of the present disclosure, the establishing a session between a private network and the user terminal includes: authenticating the user terminal; and when the authentication is passed, establishing a session between the private network and the user terminal.
In an exemplary embodiment of the present disclosure, the authenticating the user terminal includes: receiving a session establishment request from the MEC node; and extracting the identity information of the user terminal from the session establishment request, and authenticating the user terminal according to the identity information.
In an exemplary embodiment of the present disclosure, the identity information includes any one or more of the following: the IP address of the user terminal, the MAC address of the user terminal, the equipment identifier of the user terminal, the user account password of the user terminal and the digital certificate contained in the user terminal.
According to a third aspect of the present disclosure, there is provided an access processing apparatus based on 5G technology, applied to mobile edge computing MEC node, comprising: the request acquisition module is used for acquiring an access request sent by the user terminal; the first request sending module is used for sending the access request to a corresponding private network when judging that the access request is a private network access request so as to process the access request through the private network; and the second request sending module is used for sending the access request to a core network when judging that the access request is a public network access request so as to send the access request to a corresponding address through the core network.
In one exemplary embodiment of the present disclosure, the access request is judged to be a private network access request or a public network access request by: extracting an access address from the access request; when the access address is found in the private network address library, determining that the access request is a private network access request; and when the access address is not found in the private network address library, determining that the access request is a public network access request.
In an exemplary embodiment of the disclosure, when the user terminal does not establish a session with the private network, the access request is a session establishment request; the first request sending module is used for sending the session establishment request to a corresponding private network authentication server, so that when the private network authentication server authenticates the session establishment request, a session between the user terminal and the private network is established.
In an exemplary embodiment of the present disclosure, the access processing apparatus based on the 5G technology further includes: the subscription information acquisition module is used for acquiring subscription information according to the identity information of the user terminal; a subscription information monitoring module, configured to detect whether the session establishment request satisfies the subscription information; and the subscription information judging module is used for executing the step of sending the session establishment request to the corresponding private network authentication server when the session establishment request is determined to meet the subscription information.
In an exemplary embodiment of the present disclosure, the access processing apparatus based on the 5G technology further includes: the authentication detection module is used for detecting whether the private network requires secondary authentication or not when the session establishment request is determined to meet the subscription information; and the authentication judging module is used for executing the step of sending the session establishment request to the corresponding private network authentication server when the private network is determined to require secondary authentication.
In an exemplary embodiment of the present disclosure, the access processing apparatus based on the 5G technology further includes: the state detection module is used for detecting the authentication state of the user terminal when the private network is determined to not require secondary authentication; the state judging module is used for notifying the private network authentication server to establish a session between the user terminal and the private network when the authentication state of the user terminal is determined to be authenticated; and when the authentication state of the user terminal is determined to be unauthenticated, the step of sending the session establishment request to a corresponding private network authentication server is performed.
In an exemplary embodiment of the present disclosure, the session establishment request includes: identity information of the user terminal, a name of the private network and a session identifier.
According to a fourth aspect of the present disclosure, there is provided an access processing device based on 5G technology, applied to a private network authentication server, including: the request receiving module is used for receiving an access request, wherein the access request is sent to an MEC node by a user terminal and then sent to the private network authentication server by the MEC node; and the session establishment module is used for establishing a session between the private network and the user terminal and processing the access request through the session.
In one exemplary embodiment of the present disclosure, the session establishment module includes: an authentication unit, configured to authenticate the user terminal; and the session establishment unit is used for establishing a session between the private network and the user terminal when the authentication is passed.
In one exemplary embodiment of the present disclosure, an authentication unit includes: a request receiving subunit, configured to receive a session establishment request from the MEC node; and the authentication subunit is used for extracting the identity information of the user terminal from the session establishment request and authenticating the user terminal according to the identity information.
In an exemplary embodiment of the present disclosure, the identity information includes any one or more of the following: the IP address of the user terminal, the MAC address of the user terminal, the equipment identifier of the user terminal, the user account password of the user terminal and the digital certificate contained in the user terminal.
According to a fifth aspect of the present disclosure, there is provided an electronic device comprising: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform the method of any of the above via execution of the executable instructions.
According to a sixth aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method of any one of the above.
Exemplary embodiments of the present disclosure have the following advantageous effects:
acquiring an access request sent by a user terminal; when judging that the access request is a private network access request, sending the access request to a corresponding private network so as to process the access request through the private network; when the access request is judged to be a public network access request, the access request is sent to a core network, so that the access request is sent to a corresponding address through the core network. On one hand, the public mobile network access is used in the embodiment, equipment such as a base station is not required to be arranged, the construction cost and the operation and maintenance cost are low, and the public mobile network access has a large coverage area and good network performance; on the other hand, compared with the prior art, users all need to access the private network in a mode of returning through the core network, the access request of the users is judged through the mobile edge computing node, the user terminal accessing the private network is directly shunted to the enterprise network without entering the core network, the overhead of a return path is avoided, the network time delay and the burden of the core network and the backbone network are reduced, meanwhile, the users normally access the public network service without being limited by the outlet bandwidth of the private network, and better user experience can be obtained; on the other hand, the embodiment of the invention can effectively isolate the data in the private network and improve the data safety and reliability.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure. It will be apparent to those of ordinary skill in the art that the drawings in the following description are merely examples of the disclosure and that other drawings may be derived from them without undue effort.
Fig. 1 schematically illustrates a system architecture diagram of an operating environment in the present exemplary embodiment;
fig. 2 schematically shows a flowchart of an access processing method based on the 5G technology in the present exemplary embodiment;
fig. 3 schematically shows a sub-flowchart of an access processing method based on the 5G technology in the present exemplary embodiment;
fig. 4 schematically shows a sub-flowchart of another 5G technology based access processing method in the present exemplary embodiment;
fig. 5 schematically shows an interactive flowchart of another access processing method based on the 5G technology in the present exemplary embodiment;
Fig. 6 schematically shows a flowchart of another access processing method based on the 5G technology in the present exemplary embodiment;
fig. 7 schematically shows a sub-flowchart of another 5G technology-based access processing method in the present exemplary embodiment;
fig. 8 schematically shows a block diagram of an access processing apparatus based on the 5G technology in the present exemplary embodiment;
fig. 9 schematically shows a block diagram of another access processing apparatus based on the 5G technology in the present exemplary embodiment;
fig. 10 schematically shows an electronic device for implementing the above method in the present exemplary embodiment;
fig. 11 schematically shows a computer-readable storage medium for implementing the above-described method in the present exemplary embodiment.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
Based on the above-mentioned problems, an exemplary embodiment of the present disclosure first provides an access processing method based on a 5G technology, where an application scenario of the method of the present embodiment may be: in various enterprise parks, such as an industrial park, a logistics park, a port, a senior citizen or campus, the method of the present exemplary embodiment is adopted to control users accessing the network, so that enterprise authorized users can access the network through the public network and the enterprise private network authentication server, and for non-enterprise authorized users, only the users are allowed to access the network through the public network, thereby enabling the users to access the enterprise park efficiently.
Fig. 1 shows a system architecture diagram of an operating environment of the present exemplary embodiment, and referring to fig. 1, the system 100 may include a user terminal 110, a mobile edge computing MEC (Mobile Edge Computing) node 120, a private network 130, and a public network 140. The user terminal 110 may be a smart phone, a tablet computer, a personal computer, etc. used by a user, and is configured to send an access request to the MEC to establish a connection with a corresponding network; the MEC120 is a carrier class service environment with high performance, low latency and high bandwidth, which can provide services and cloud computing functions required by users nearby by using a wireless access network, and is configured to receive an access request sent by the user terminal 110 and send the access request to a corresponding network; private network 130 refers to a network within an enterprise campus, such as an industrial park, a logistics park, a senior citizen's home or campus, etc., that meets the requirements of the area for security, privacy, business reliability, etc. of mobile office communications. An application server module may be provided in the private network 130 as needed, for example, an office automation, a mail system, a customer relationship management or resource management server, etc. are provided in an enterprise campus; the public network 140 is a wide area network, which is different from a private network, and has a larger network coverage, and has a certain difference according to different operator platforms.
It should be noted that, the present exemplary embodiment is particularly applied to a 5G (5 rd Generation, fifth Generation mobile communication technology) network architecture, where MEC is a technology based on deep integration of access network and internet service in the 5G communication architecture. The method deploys the functions of partial service processing and resource scheduling of an AS (Application Server ) and MBB (Mobile Broadband) core network to the network edge close to an access network together, and the service is processed close to a user through the service so AS to realize reliable and ultra-low-delay service processing.
The MEC technology enables the traditional wireless access network to have the conditions of service localization and close-range deployment, and the wireless access network has the transmission capability of low time delay and high bandwidth, thereby effectively relieving the requirement of the mobile network on the transmission bandwidth and time delay. Meanwhile, the service face sinking localization deployment can effectively reduce the network load and the requirement on the network backhaul bandwidth, thereby achieving the purpose of reducing the network operation cost. In addition, the localization deployment of the service application enables the service application to be closer to the wireless network and the user, and the perception and utilization of network context information (position, network load, wireless resource utilization rate and the like) are easier to realize, so that the service experience of the user can be effectively improved. Furthermore, the operator can open the wireless network capability to third party service applications and software developers through the MEC, and provide a platform for developing and deploying innovative services.
Furthermore, the MEC in the present exemplary embodiment is not limited to the node form described above, and may also be referred to as a MEC platform, a MEC system, or others, which is not specifically limited in this disclosure.
It should be understood that the data of the devices shown in fig. 1 are only exemplary, and any number of user terminals may be provided according to actual needs, and the private network 130 may also be provided with any number of terminals or servers for providing services, etc.
Based on the above description, the method in the present exemplary embodiment may be applied to the MEC node 120 shown in fig. 1.
The following describes the present exemplary embodiment with reference to fig. 2, and as shown in fig. 2, the access processing method based on the 5G technology may include the following steps S210 to S230:
step S210, access request sent by the user terminal is obtained.
The access request refers to a request sent by the user terminal for performing network access, and may include an access identifier, an access time, an access type, an IP address of an access network, a web address of the access network, an access name, or an IP address of the user terminal. In this exemplary embodiment, the MEC may be configured to continuously acquire the access request sent by the user terminal, or may be configured to periodically acquire the access request sent by the user terminal, for example, acquire the access request sent by the user terminal once every ten minutes, which is not specifically limited in this disclosure.
The user terminal needs to perform authentication processing when performing special cases such as network access for the first time or transmitting an access request for the first time. The specific process can be as follows: the user terminal is started up to register, performs first authentication based on access credentials of an operator network, and establishes a Non-access stratum (NAS) security context with the network. The first authentication may be used for the user terminal to access the operator network, and specifically may use a generic 3GPP (3 rd Generation Partnership Project, third generation partnership project) authentication credential to access the network, which conforms to the 3GPP standard 5G network access specification.
In an exemplary embodiment, a mobile office user may first obtain a digital certificate for a 5G office user terminal through a private network CA digital certificate issuing server, so as to ensure high-strength authentication access of the mobile office. The authorized 5G user terminal acquiring the digital certificate accesses the local 5G public mobile network through the public 5G base station (indoor/outdoor base station), and then step S210 may be executed, where the MEC receives the access request sent by the user terminal, so that the MEC determines whether it accesses the private network of the enterprise.
Step S220, when the access request is determined to be a private network access request, the access request is sent to the corresponding private network to process the access request through the private network.
Step S230, when the access request is determined to be a public network access request, the access request is sent to the core network, so that the access request is sent to the corresponding address through the core network.
In this exemplary embodiment, the MEC deployed by the local office may determine whether the user terminal accesses the private network of the enterprise, and if so, determine that the access request is a session establishment request, and may directly locally offload the access request of the user terminal to the private network through the user plane function network element device. Specifically, it may be determined whether the access request sent by the current user terminal is a private network access request or a public network access request by extracting address information in the access request, for example, an IP address of the access network or a website of the access network.
Specifically, as shown in fig. 3, in an exemplary embodiment, the access request may be determined to be a private network access request or a public network access request by:
step S310, extracting an access address from the access request;
step S320, when the access address is found in the private network address library, determining that the access request is a private network access request;
step S330, when no access address is found in the private network address library, the access request is determined to be a public network access request.
The access address may include an IP address or a web address of the network accessed by the user terminal, for example, if a user wants to access a service within a certain range in a certain electronic campus, the transmitted access request may include information such as an IP address or an access web address of a server corresponding to the access request. Private network address library refers to a database that includes all access addresses involved in the private network, such as a collection of all server IP addresses within a particular enterprise campus, or a collection of all service websites within an enterprise campus, etc. The matching result of whether the access address contained in the access request is in the private network address library can be obtained by matching the access address extracted from the access request with the private network address library, if the access address is in the private network address library, the current user can be indicated to access the private network, and if the access address is not in the private network address library, the current user is indicated not to access the private network, namely the public network.
In addition, in an exemplary embodiment, the access address may also be determined by other manners to determine whether the current user needs to access the private network, for example, set a preset rule for identifying the access address, and consider that, in a general case, the network in the enterprise campus has a certain regularity, for example, when the access address is a web address, the first 7 bits in the web address in the enterprise campus are all regularity characters, such as "198.156.666"; 198.156.601", etc., it may be determined whether the current access address is a private network address based on a preset rule for access address identification, thereby implementing judgment of a user access request, etc. In addition, there may be other ways of determining the user access request, which is not limited in this disclosure.
Based on the above description, in the present exemplary embodiment, an access request sent by a user terminal is acquired; when judging that the access request is a private network access request, sending the access request to a corresponding private network so as to process the access request through the private network; when the access request is judged to be a public network access request, the access request is sent to a core network, so that the access request is sent to a corresponding address through the core network. On one hand, the public mobile network access is used in the embodiment, equipment such as a base station is not required to be arranged, the construction cost and the operation and maintenance cost are low, and the public mobile network access has a large coverage area and good network performance; on the other hand, compared with the prior art, users all need to access the private network in a mode of returning through the core network, the access request of the users is judged through the mobile edge computing node, the user terminal accessing the private network is directly shunted to the enterprise network without entering the core network, the overhead of a return path is avoided, the network time delay and the burden of the core network and the backbone network are reduced, meanwhile, the users normally access the public network service without being limited by the outlet bandwidth of the private network, and better user experience can be obtained; on the other hand, the embodiment of the invention can effectively isolate the data in the private network and improve the data safety and reliability.
In an exemplary embodiment, when the user terminal does not establish a session with the private network, that is, when the user accesses the private network for the first time, the session needs to be established with the private network, and at this time, the access request sent by the user terminal is a session establishment request. Wherein the session establishment request may include: identity information of the user terminal, such as a user identification, an IP address, etc. of the user terminal, a name of the private network, such as an enterprise private slice identification, a data network name identification, and a session identification, such as a session ID (identity), a request type, and SM PDU DN Request Container (SM ProtocolDataUnit Data network Request Container ).
The sending the access request to the corresponding private network may include:
and sending the session establishment request to a corresponding private network authentication server, so that when the private network authentication server authenticates the session establishment request, the session between the user terminal and the private network is established.
The private network authentication server is a server which is arranged in an enterprise park and used for authenticating a user terminal, can process an access request sent by the user terminal, provides verification authorization and account service, and is mainly used for managing access of a user to the network server and providing service for the user with access authority. For example, the AAA server, the private network authentication server may perform authentication determination and control session establishment after receiving the session establishment request, so as to implement network access control for authorized users in the enterprise campus. The AAA server typically works in conjunction with network access controls, gateway servers, databases, user information directories, etc.
In an exemplary embodiment, as shown in fig. 4, the access processing method based on the 5G technology may further include the steps of:
step S410, acquiring subscription information according to identity information of a user terminal;
step S420, detecting whether the session establishment request satisfies subscription information;
step S430, when it is determined that the session establishment request satisfies the subscription information, a step of transmitting the session establishment request to the corresponding private network authentication server is performed.
The subscription information may be used to reflect whether the user subscribes to a web service, information of which web service is subscribed to, and the like. The identity information of the user terminal may refer to identification information of the user, such as SUPI (SUbscription Permanent Identifier, user unique permanent identity), and in this exemplary embodiment, subscription information may be obtained from the unified data management module according to the SUPI. Further, it is detected whether the current session establishment request satisfies subscription information, for example, if an enterprise subscribes to the network service of the a operator in its campus, then when the user accesses the enterprise campus, it needs to detect whether the user accords with the network subscription service of the a operator, if the subscription information is not satisfied, no enterprise private network can be involved, and when the user terminal satisfies the subscription information, a step of sending the session establishment request to the corresponding private network authentication server can be performed.
In an exemplary embodiment, when it is determined that the session establishment request satisfies the subscription information, the 5G technology-based access processing method may further include:
detecting whether the private network requires secondary authentication;
when it is determined that the private network requires the secondary authentication, a step of transmitting a session establishment request to a corresponding private network authentication server is performed.
In this exemplary embodiment, in consideration of the fact that in some cases, the time, purpose, and other factors of the user accessing the private network are different, it may also be detected whether the private network requires secondary authentication, for example, whether the session management policy related to the area name of the current enterprise campus requires secondary authentication. When it is determined that the private network requires the secondary authentication, the step of transmitting the session establishment request to the corresponding private network authentication server may be performed.
In an exemplary embodiment, the 5G technology-based access processing method may further include the steps of:
when the private network is determined not to require secondary authentication, detecting an authentication state of the user terminal;
when the authentication state of the user terminal is determined to be authenticated, notifying a private network authentication server to establish a session between the user terminal and the private network;
and when the authentication state of the user terminal is determined to be unauthenticated, executing the step of sending a session establishment request to a corresponding private network authentication server.
In practical applications, after a user accesses a private network, the network may be disconnected temporarily or for some special reasons in a period of time, for example, the network of the user terminal is unstable, the network traffic is closed, network switching is performed in multiple areas, or the private network is not used for a period of time, so that the network is automatically disconnected. Therefore, a mechanism for detecting the authentication state of the user terminal can be set, when the user accesses the private network, the authentication state of the user terminal is judged whether to be authenticated or not by detecting the authentication state of the user terminal, if so, the user terminal can be considered to be accessed to the private network before the authentication, and a session can be directly established with the private network without an authentication process at present, namely, a history session between the user terminal and the private network is activated; if the authentication status is not authenticated, a step of transmitting a session establishment request to a corresponding private network authentication server is performed.
In particular, in order to ensure the security of the access of the ue to the private network, the present exemplary embodiment may further set a "freshness time" for the detection of the authentication status, for example, when detecting whether the authentication status of the ue is authenticated, set the "freshness time" to 24 hours, if the authentication status of the ue is detected to be authenticated, but exceeds 24 hours, similarly perform the step of sending the session establishment request to the corresponding private network authentication server, and re-perform the authentication procedure, etc.
In general, the following main network elements are involved in the 5G core network:
(1) AMF (access and mobility management function): responsible for access and mobility management of users;
(2) SMF (session management function): is responsible for session management of the user;
(3) UPF (user plane function): is responsible for user plane processing;
(4) AUSF (authentication server function): is responsible for authenticating 3GPP and non-3 GPP access of users;
(5) PCF (policy control): the policy control of the user is responsible, including the policy of the session, the mobility policy and the like;
(6) UDM (unified data management): is responsible for subscription data management of users;
(7) NSSF (network slice selection function): the network slice adopted by the user service is selected;
(8) NRF (network function registration function): is responsible for registration, discovery and selection of network functions;
(9) NEF (network capability open function): the capability of the 5G network is opened to an external system;
(10) AF (application function): interworking with the core network to provide services for the user, etc.
The UPF belongs to a user plane, the 5G core network elements except the UPF belong to a control panel, the user plane adopts a service architecture design, and the control plane adopts a traditional architecture and an interface. The user plane network element refers to a network element for processing actual service data of a user, and the control plane network element refers to a network element for managing commands of data trend. In the 5G core network, AMF and SMF can be separated, and the deployment of AMF and SMF can be separated in a hierarchical manner; the bearer is separated from the control, and the deployment levels of UPF and SMF can be separated; AMF and UPF are flexibly deployed according to service demands, signaling and traffic flow and transmission resources; the network element functions are modularized and decoupled by adopting a service architecture design, and the interfaces are simplified.
Based on this, in an exemplary embodiment, the process of accessing the private network by the user terminal, as shown in fig. 5, may include the following steps:
step S510, the user terminal 501 triggers a PDU (protocol data unit) to initiate a session establishment request;
step S520, the mobility management network element 502 selects a session management network element 503 corresponding to the private network, and sends identity information of the user terminal, such as SUPI (SUbscription Permanent Identifier, unique permanent identity of the user), to the session management network element 503; a session identifier; network slice identification, e.g., S-nsai (Single Network Slice Selection Assistance Information, network slice selection assistance information); identification such as data network name;
step S530, the session management network element 503 obtains subscription information from the unified data management module 504 according to the identity information of the user terminal, and checks whether the session establishment request sent by the user terminal 501 meets the subscription information;
step S540, when the session establishment request is determined to meet the subscription information, detecting whether the private network requires secondary authentication;
step S550, detecting the authentication state of the user terminal 501 when it is determined that the private network does not require the secondary authentication;
When it is determined that the private network requires the secondary authentication, or when it is determined that the authentication state of the user terminal 501 is not authenticated, step S560 is performed, and a session establishment request is sent to the corresponding private network authentication server 505;
when it is determined that the authentication state of the user terminal 501 is authenticated, step S570 is performed to notify the private network authentication server 505 to establish a session between the user terminal 501 and the private network;
step S580, the session management network element 503 starts the authentication service with the private network authentication server 505, so that the private network authentication server 505 authenticates the user terminal 501 and sends the authentication result to the session management network element 503;
in step S590, the session management network element 503 obtains the authentication result of the private network authentication server 505, and returns it to the user terminal 501 to establish a session.
If the session management network element 503 checks that the session establishment request does not meet the subscription information, the process may be directly ended, and the user terminal is denied access to the private network.
The exemplary embodiment of the present disclosure further provides an access processing method based on a 5G technology, as shown in fig. 6, applied to a private network authentication server, the access processing method based on the 5G technology may include the following steps:
Step S610, receiving an access request, wherein the access request is sent to an MEC node by a user terminal, and then sent to a private network authentication server by the MEC node;
step S620, a session between the private network and the user terminal is established, and the access request is processed through the session.
The access request refers to a request sent by the user terminal for performing network access, and may include an access identifier, an access time, an access type, an IP address of an access network, a web address of the access network, an access name, or an IP address of the user terminal. In this exemplary embodiment, the MEC deployed at the local office may determine whether the accessed user terminal accesses the private network or the public network, and if the accessed user terminal accesses the private network, the access request of the user terminal may be shunted to the private network through the user plane function network element device, and the identity authentication may be performed on the access request by the private network authentication server.
In an exemplary embodiment, as shown in fig. 7, in step S620, establishing a session between a private network and a user terminal may include the steps of:
step S710, authenticating the user terminal;
step S720, when the authentication is passed, a session between the private network and the user terminal is established.
The authentication of the user terminal is essentially to authenticate whether the current access user has the right to access the private network, so as to prevent the illegal user from occupying network resources. In the present exemplary embodiment, various authentication methods, such as a password, a digital signature, etc., may be employed, which the present disclosure does not particularly limit.
In an exemplary embodiment, the step S710 may include the steps of:
receiving a session establishment request from the MEC node;
and extracting the identity information of the user terminal from the session establishment request, and authenticating the user terminal according to the identity information.
In this exemplary embodiment, after receiving the access request sent by the user terminal, the MEC node may determine whether the access user accesses the private network, and if so, determine that the access request is a session establishment request. Specifically, the session establishment request may be sent by the user terminal to the mobility management network element, and after the mobility management network element forwards the session establishment request to the corresponding session management network element, the session management network element forwards the session establishment request to the private network authentication server. The corresponding session management network element may be a session management network element that can provide services and cloud computing functions required by the user based on the enterprise campus selection.
After the session management network element sends the session establishment request to the private network authentication server, the private network authentication server can extract the identity information of the user terminal from the session establishment request so as to authenticate the user terminal according to the identity information. The identity information may include any one or more of the following: the method comprises the steps of IP address of a user terminal, MAC address of the user terminal, equipment identification of the user terminal, user account password of the user terminal and data certificate contained in the user terminal. It should be noted that, in addition to the above-mentioned identity information, the present exemplary embodiment may further include other data that may be used for authentication, for example, an identifier of the user terminal or a permission type, etc., which is not specifically limited in this disclosure.
In an exemplary embodiment, the process that the private network authentication server authenticates the user terminal to make it perform data access may include: the session management network element may select a user plane network element of the local side of the area where the private network is located, and forward AM PDU DN Request Container to a UPF, where the UPF is forwarded to an AAA server (i.e., the private network authentication server in the present exemplary embodiment); the AAA server and the user terminal exchange EPA information according to the EPA (Extensible Authentication Protocol ) method, and can also send additional authorization information; after authentication is successful, the AAA server sends EPA authentication success information to the session management network element; the session management network element stores the user ID and the data network name related to the enterprise campus area name in a list with successful authentication, and the list can also exist in the UDM; the session management network element sends the information of successful authentication to the user terminal; establishing a PDU session; according to the local strategy or the request of the user terminal, the IP or MAC address of the PDU session is sent to the AAA server; thereby performing data access.
The exemplary embodiment of the disclosure also provides an access processing device based on the 5G technology. Applied to mobile edge computing MEC nodes, referring to fig. 8, the apparatus 800 may include: a request acquisition module 810, configured to acquire an access request sent by a user terminal; a first request sending module 820, configured to send the access request to the corresponding private network to process the access request through the private network when the access request is determined to be a private network access request; the second request sending module 830 is configured to send the access request to the core network when it is determined that the access request is a public network access request, so as to send the access request to a corresponding address through the core network.
In an exemplary embodiment, the access request is judged as a private network access request or a public network access request by: extracting an access address from the access request; when the access address is found in the private network address library, determining that the access request is a private network access request; when the access address is not found in the private network address library, the access request is determined to be a public network access request.
In an exemplary embodiment, when the user terminal does not establish a session with the private network, the access request is a session establishment request; the first request sending module is used for sending a session establishment request to a corresponding private network authentication server, so that when the private network authentication server authenticates the session establishment request, a session between the user terminal and the private network is established.
In an exemplary embodiment, the access processing apparatus based on the 5G technology further includes: the subscription information acquisition module is used for acquiring subscription information according to the identity information of the user terminal; the subscription information monitoring module is used for detecting whether the session establishment request meets subscription information; and the subscription information judging module is used for executing the step of sending the session establishment request to the corresponding private network authentication server when determining that the session establishment request meets the subscription information.
In an exemplary embodiment, the access processing apparatus based on the 5G technology further includes: the authentication detection module is used for detecting whether the private network requires secondary authentication or not when the session establishment request is determined to meet subscription information; and the authentication judging module is used for executing the step of sending the session establishment request to the corresponding private network authentication server when the private network is determined to require secondary authentication.
In an exemplary embodiment, the access processing apparatus based on the 5G technology further includes: the state detection module is used for detecting the authentication state of the user terminal when the private network is determined to not require secondary authentication; the state judging module is used for informing the private network authentication server to establish a session between the user terminal and the private network when the authentication state of the user terminal is determined to be authenticated; and when the authentication state of the user terminal is determined to be unauthenticated, executing the step of sending the session establishment request to the corresponding private network authentication server.
In an exemplary embodiment, the session establishment request includes: identity information of the user terminal, the name of the private network and the session identification.
The exemplary embodiment of the disclosure also provides an access processing device based on the 5G technology. Applied to a private network authentication server, referring to fig. 9, the apparatus 900 may include: the request receiving module 910 is configured to receive an access request, where the access request is sent to an MEC node by a user terminal, and then sent to a private network authentication server by the MEC node; the session establishment module 920 is configured to establish a session between the private network and the user terminal, and process the access request through the session.
In an exemplary embodiment, the session establishment module includes: the authentication unit is used for authenticating the user terminal; and the session establishment unit is used for establishing a session between the private network and the user terminal when the authentication is passed.
In an exemplary embodiment, the authentication unit includes: a request receiving subunit, configured to receive a session establishment request from the MEC node; and the authentication subunit is used for extracting the identity information of the user terminal from the session establishment request and authenticating the user terminal according to the identity information.
In an exemplary embodiment, the identity information includes any one or more of the following: the method comprises the steps of IP address of a user terminal, MAC address of the user terminal, equipment identification of the user terminal, user account password of the user terminal and digital certificate contained in the user terminal.
The specific details of each module/unit in the above apparatus are already described in the embodiments of the method section, and the details not disclosed can be found in the embodiments of the method section, so that they will not be described here again.
The exemplary embodiments of the present disclosure also provide an electronic device capable of implementing the above method.
Those skilled in the art will appreciate that the various aspects of the present disclosure may be implemented as a system, method, or program product. Accordingly, various aspects of the disclosure may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" system.
An electronic device 1000 according to such an exemplary embodiment of the present disclosure is described below with reference to fig. 10. The electronic device 1000 shown in fig. 10 is merely an example and should not be construed as limiting the functionality and scope of use of the disclosed embodiments.
As shown in fig. 10, the electronic device 1000 is embodied in the form of a general purpose computing device. Components of electronic device 1000 may include, but are not limited to: the at least one processing unit 1010, the at least one memory unit 1020, a bus 1030 connecting the various system components (including the memory unit 1020 and the processing unit 1010), and a display unit 1040.
Wherein the storage unit stores program code that is executable by the processing unit 1010 such that the processing unit 1010 performs steps according to various exemplary embodiments of the present disclosure described in the above section of the present specification. For example, the processing unit 1010 may execute steps S210 to S230 shown in fig. 2, may execute steps S310 to S330 shown in fig. 3, or the like.
The memory unit 1020 may include readable media in the form of volatile memory units such as Random Access Memory (RAM) 1021 and/or cache memory unit 1022, and may further include Read Only Memory (ROM) 1023.
Storage unit 1020 may also include a program/utility 1024 having a set (at least one) of program modules 1025, such program modules 1025 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 1030 may be representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 1000 can also communicate with one or more external devices 1200 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 1000, and/or with any device (e.g., router, modem, etc.) that enables the electronic device 1000 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 1050. Also, electronic device 1000 can communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 1060. As shown, the network adapter 1060 communicates with other modules of the electronic device 1000 over the bus 1030. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with the electronic device 1000, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solutions according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a terminal device, or a network device, etc.) to perform the method according to the exemplary embodiments of the present disclosure.
Exemplary embodiments of the present disclosure also provide a computer readable storage medium having stored thereon a program product capable of implementing the method described above in the present specification. In some possible implementations, various aspects of the disclosure may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps according to the various exemplary embodiments of the disclosure as described in the "exemplary methods" section of this specification, when the program product is run on the terminal device.
Referring to fig. 11, a program product 1100 for implementing the above-described method according to an exemplary embodiment of the present disclosure is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present disclosure is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable signal medium may include a data signal propagated in baseband or as part of a carrier wave with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
Furthermore, the above-described figures are only schematic illustrations of processes included in the method according to the exemplary embodiments of the present disclosure, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.
It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with exemplary embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (13)

1. An access processing method based on 5G technology, applied to mobile edge computing MEC nodes, the method comprising:
acquiring an access request sent by a user terminal;
when judging that the access request is a private network access request, sending the access request to a corresponding private network so as to process the access request through the private network;
when the access request is judged to be a public network access request, the access request is sent to a core network, so that the access request is sent to a corresponding address through the core network;
when the user terminal does not establish a session with the private network, the access request is a session establishment request;
the sending the access request to the corresponding private network includes: transmitting the session establishment request to a corresponding private network authentication server, and establishing a session between the user terminal and the private network when the private network authentication server authenticates the session establishment request;
Acquiring subscription information according to the identity information of the user terminal;
detecting whether the session establishment request satisfies the subscription information;
when it is determined that the session establishment request satisfies the subscription information, the method further includes:
detecting whether the private network requires secondary authentication;
and when the private network is determined to require secondary authentication, the step of sending the session establishment request to a corresponding private network authentication server is performed.
2. The method of claim 1, wherein the access request is determined to be a private network access request or a public network access request by:
extracting an access address from the access request;
when the access address is found in the private network address library, determining that the access request is a private network access request;
and when the access address is not found in the private network address library, determining that the access request is a public network access request.
3. The method according to claim 1, wherein the method further comprises:
and when the session establishment request is determined to meet the subscription information, the step of sending the session establishment request to a corresponding private network authentication server is performed.
4. The method according to claim 1, wherein the method further comprises:
when the private network is determined not to require secondary authentication, detecting an authentication state of the user terminal;
when the authentication state of the user terminal is determined to be authenticated, notifying the private network authentication server to establish a session between the user terminal and the private network;
and when the authentication state of the user terminal is determined to be unauthenticated, the step of sending the session establishment request to a corresponding private network authentication server is performed.
5. The method according to any of claims 1 or 3 to 4, wherein the session establishment request comprises: identity information of the user terminal, a name of the private network and a session identifier.
6. An access processing method based on a 5G technology is characterized by being applied to a private network authentication server, and comprises the following steps:
receiving an access request, wherein the access request is sent to an MEC node by a user terminal, and then sent to the private network authentication server by the MEC node;
establishing a session between a private network and the user terminal, and processing the access request through the session;
wherein when the user terminal does not establish a session with the private network, the access request is a session establishment request, and the method further includes: the MEC node sends the session establishment request to a corresponding private network authentication server, so that when the private network authentication server authenticates the session establishment request, a session between the user terminal and the private network is established; acquiring subscription information according to the identity information of the user terminal; detecting whether the session establishment request satisfies the subscription information;
When it is determined that the session establishment request satisfies the subscription information, the method further includes:
the MEC node detects whether the private network requires secondary authentication;
and when the private network is determined to require secondary authentication, the step of sending the session establishment request to a corresponding private network authentication server is performed.
7. The method of claim 6, wherein the establishing a session between a private network and the user terminal comprises:
authenticating the user terminal;
and when the authentication is passed, establishing a session between the private network and the user terminal.
8. The method of claim 7, wherein authenticating the user terminal comprises:
receiving a session establishment request from the MEC node;
and extracting the identity information of the user terminal from the session establishment request, and authenticating the user terminal according to the identity information.
9. The method of claim 8, wherein the identity information comprises any one or more of: the IP address of the user terminal, the MAC address of the user terminal, the equipment identifier of the user terminal, the user account password of the user terminal and the digital certificate contained in the user terminal.
10. An access processing apparatus based on 5G technology, applied to mobile edge computing MEC nodes, the apparatus comprising:
the request acquisition module is used for acquiring an access request sent by the user terminal;
the first request sending module is used for sending the access request to a corresponding private network when judging that the access request is a private network access request so as to process the access request through the private network;
the second request sending module is used for sending the access request to a core network when judging that the access request is a public network access request so as to send the access request to a corresponding address through the core network;
when the user terminal does not establish a session with the private network, the access request is a session establishment request; the first request sending module is used for sending a session establishment request to a corresponding private network authentication server, so that when the private network authentication server passes the session establishment request authentication, a session between the user terminal and the private network is established;
the subscription information acquisition module is used for acquiring subscription information according to the identity information of the user terminal;
the subscription information monitoring module is used for detecting whether the session establishment request meets subscription information;
The authentication detection module is used for detecting whether the private network requires secondary authentication or not when the session establishment request is determined to meet subscription information;
and the authentication judging module is used for executing the step of sending the session establishment request to the corresponding private network authentication server when the private network is determined to require secondary authentication.
11. An access processing device based on 5G technology, applied to a private network authentication server, comprising:
the request receiving module is used for receiving an access request, wherein the access request is sent to an MEC node by a user terminal and then sent to the private network authentication server by the MEC node;
the session establishment module is used for establishing a session between the private network and the user terminal and processing the access request through the session;
when the user terminal does not establish a session with the private network, the access request is a session establishment request, and the MEC node is further configured to: transmitting the session establishment request to a corresponding private network authentication server, and establishing a session between the user terminal and the private network when the private network authentication server authenticates the session establishment request; acquiring subscription information according to the identity information of the user terminal; detecting whether the session establishment request satisfies the subscription information;
Upon determining that the session establishment request satisfies the subscription information, the MEC node is further to:
detecting whether the private network requires secondary authentication;
and when the private network is determined to require secondary authentication, the step of sending the session establishment request to a corresponding private network authentication server is performed.
12. An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the method of any of claims 1-5 or claims 6-9 via execution of the executable instructions.
13. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the method of any of claims 1-5 or claims 6-9.
CN202010182703.6A 2020-03-16 2020-03-16 Access processing method and device based on 5G technology, electronic equipment and storage medium Active CN113411286B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010182703.6A CN113411286B (en) 2020-03-16 2020-03-16 Access processing method and device based on 5G technology, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010182703.6A CN113411286B (en) 2020-03-16 2020-03-16 Access processing method and device based on 5G technology, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113411286A CN113411286A (en) 2021-09-17
CN113411286B true CN113411286B (en) 2023-05-30

Family

ID=77676590

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010182703.6A Active CN113411286B (en) 2020-03-16 2020-03-16 Access processing method and device based on 5G technology, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113411286B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114025412B (en) * 2021-11-03 2024-03-26 中国联合网络通信集团有限公司 Service access method, system, device and storage medium
CN115150830B (en) * 2022-09-02 2022-11-29 北京首信科技股份有限公司 Method and system for guaranteeing terminal public network access when 5G private network access authentication fails

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107295507A (en) * 2016-04-01 2017-10-24 中兴通讯股份有限公司 A kind of private network cut-in method, apparatus and system
CN107566429A (en) * 2016-06-30 2018-01-09 中兴通讯股份有限公司 Base station, the response method of access request, apparatus and system
CN107920366A (en) * 2017-07-21 2018-04-17 深圳星耀智能计算技术有限公司 The method and device that a kind of business to mobile terminal is shunted
CN110740481A (en) * 2018-07-18 2020-01-31 中国移动通信有限公司研究院 Data processing method, apparatus and computer storage medium based on quality of service

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107295507A (en) * 2016-04-01 2017-10-24 中兴通讯股份有限公司 A kind of private network cut-in method, apparatus and system
CN107566429A (en) * 2016-06-30 2018-01-09 中兴通讯股份有限公司 Base station, the response method of access request, apparatus and system
CN107920366A (en) * 2017-07-21 2018-04-17 深圳星耀智能计算技术有限公司 The method and device that a kind of business to mobile terminal is shunted
CN110740481A (en) * 2018-07-18 2020-01-31 中国移动通信有限公司研究院 Data processing method, apparatus and computer storage medium based on quality of service

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
多接入移动边缘计算技术在移动网络的部署实践与思考;孙立杰等;《电信工程技术与标准化》;20200115;第25-30页 *
孙立杰等.多接入移动边缘计算技术在移动网络的部署实践与思考.《电信工程技术与标准化》.2020, *

Also Published As

Publication number Publication date
CN113411286A (en) 2021-09-17

Similar Documents

Publication Publication Date Title
EP3657894B1 (en) Network security management method and apparatus
CN112566050B (en) Cellular service account transfer for an accessory wireless device
US10237732B2 (en) Mobile device authentication in heterogeneous communication networks scenario
US9787683B2 (en) Seamless wi-fi subscription remediation
KR102001544B1 (en) Apparatus and method to enable a user authentication in a communication system
US8611859B2 (en) System and method for providing secure network access in fixed mobile converged telecommunications networks
WO2018000834A1 (en) Wifi hotspot information modification method and device
AU2014410591B2 (en) Connection establishment method, device, and system
CN107094127B (en) Processing method and device, and obtaining method and device of security information
CN111132305B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
CN113411286B (en) Access processing method and device based on 5G technology, electronic equipment and storage medium
US9680814B2 (en) Method, device, and system for registering terminal application
US20080235185A1 (en) Communication system and method of accessing therefor
CN102255904A (en) Communication network and terminal authentication method thereof
EP3079329B1 (en) Terminal application registration method, device and system
CN107800715B (en) portal authentication method and access equipment
EP2721859B1 (en) Handling of operator connection offers in a communication network
CN111147256B (en) Authentication method and device
KR101160903B1 (en) Blacklist extracting system and method thereof
CN115086956A (en) Network access method, network access device, medium, and electronic device for communication network
CN101742507B (en) System and method for accessing Web application site for WAPI terminal
CN114080004B (en) Private network access method and device
US20230112126A1 (en) Core network transformation authenticator
WO2016197712A1 (en) Method and device for accessing wireless network
CN102577463B (en) The method and apparatus of telemanagement is carried out for using privately owned radio plot to unknown terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant