CN113852959A - Authentication method and device for Wi-Fi equipment by 5GC - Google Patents
Authentication method and device for Wi-Fi equipment by 5GC Download PDFInfo
- Publication number
- CN113852959A CN113852959A CN202111005384.2A CN202111005384A CN113852959A CN 113852959 A CN113852959 A CN 113852959A CN 202111005384 A CN202111005384 A CN 202111005384A CN 113852959 A CN113852959 A CN 113852959A
- Authority
- CN
- China
- Prior art keywords
- authentication
- equipment
- access request
- local area
- wireless local
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 97
- 230000002457 bidirectional effect Effects 0.000 claims abstract description 64
- 238000005516 engineering process Methods 0.000 claims abstract description 24
- 238000010295 mobile communication Methods 0.000 claims abstract description 24
- 238000004590 computer program Methods 0.000 claims description 17
- 238000004891 communication Methods 0.000 abstract description 14
- 230000005540 biological transmission Effects 0.000 abstract description 10
- 238000004817 gas chromatography Methods 0.000 description 135
- 238000010586 diagram Methods 0.000 description 7
- 230000003993 interaction Effects 0.000 description 7
- 230000011664 signaling Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 230000006872 improvement Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides an authentication method and device of a 5GC for Wi-Fi equipment, which relate to the technical field of communication and comprise the following steps: generating an access request and sending the access request to a wireless local area network device; after the access request is successfully authenticated, performing bidirectional authentication on a fifth generation mobile communication technology core network connected with the wireless local area network equipment; after the bidirectional authentication is passed, acquiring a master key from a fifth-generation mobile communication technology core network through the wireless local area network equipment; wherein the master key is used for air interface encryption; according to the master key, the wireless local area network equipment is accessed to a fifth generation mobile communication technology core network, and various terminals which do not have the 5G NAS capability can finish accessing the 5GC and authenticating the 5GC only by having the Wi-Fi capability and the authentication capability, and perform service data transmission with the 5 GC; meanwhile, communication between the UE and the 5GC is more secure.
Description
Technical Field
The invention relates to the technical field of communication, in particular to an authentication method and device for Wi-Fi equipment by a 5GC (gas chromatography).
Background
After a terminal, such as a User Equipment (UE), is registered in a fifth Generation Mobile Communication Technology Core Network (5 GC) through a WiFi device, data transmission needs to be performed in the 5GC through the WiFi device.
However, in the current 5GC networking, a base station mainly accesses the 5GC for a terminal with a 5G Non-Access Stratum (NAS) capability, and the 5GC performs Access and authentication of the terminal, and the 5GC performs Access and authentication processing on the terminal without the 5G NAS capability lacks a mature technical scheme. Therefore, a processing scheme for the 5GC to access and authenticate the terminal without the 5G NAS capability is an important issue to be solved in the industry at present.
Disclosure of Invention
The invention provides an authentication method and device for a 5GC to Wi-Fi equipment, which can realize that various terminals which do not have 5G NAS capability can finish accessing the 5GC and authenticate only by having Wi-Fi capability and authentication capability, and can transmit service data with the 5GC, so that the communication between UE and the 5GC is safer.
The invention provides an authentication method of a 5GC for Wi-Fi equipment, which is applied to a visiting network side and comprises the following steps:
generating an access request and sending the access request to a wireless local area network device; the user equipment serving as the visiting network side establishes connection with the wireless local area network equipment based on Wi-Fi;
after the access request is successfully authenticated, performing bidirectional authentication on a fifth generation mobile communication technology core network connected with the wireless local area network equipment;
after the bidirectional authentication is passed, acquiring a master key from a fifth-generation mobile communication technology core network through the wireless local area network equipment; wherein the master key is used for air interface encryption;
and accessing a fifth generation mobile communication technology core network through the wireless local area network equipment according to the master key.
According to the authentication method of the 5GC to the Wi-Fi equipment, after the access request is successfully authenticated, the bidirectional authentication is performed on a fifth generation mobile communication technology core network connected with the wireless local area network equipment, and the authentication method specifically comprises the following steps:
the wireless local area network equipment acquires the access request of the user equipment and authenticates the access request based on an Enterprise mode;
after the access request is successfully authenticated, performing bidirectional authentication with a fifth generation mobile communication technology core network based on an improved extensible authentication protocol-authentication and key protocol;
and terminating the method when the access request fails to be authenticated.
According to the authentication method of the 5GC for the Wi-Fi equipment, which is provided by the invention, the access request is generated and sent to the wireless local area network equipment, and the authentication method specifically comprises the following steps:
and after the user equipment is registered, generating the access request and sending the access request to the wireless local area network equipment.
The invention also provides an authentication method of the 5GC to the Wi-Fi equipment, which is applied to a home network side and comprises the following steps:
when the access request of the user equipment is successfully authenticated, performing bidirectional authentication with the user equipment; the user equipment and the wireless local area network equipment establish connection based on Wi-Fi, and the wireless local area network equipment establishes connection with a fifth generation mobile communication technology core network serving as the home network side;
after the bidirectional authentication is passed, generating a master key, and sending the master key to the user equipment through the wireless local area network equipment; wherein the master key is used for air interface encryption.
According to the authentication method of the 5GC to the Wi-Fi equipment, when the access request of the user equipment is successfully authenticated, the two-way authentication is carried out with the user equipment, and the authentication method specifically comprises the following steps:
the wireless local area network equipment acquires the access request of the user equipment and authenticates the access request based on an Enterprise mode;
when the access request is successfully authenticated, performing bidirectional authentication with the user equipment based on an improved extensible authentication protocol-authentication and key protocol;
and terminating the method when the access request fails to be authenticated.
The invention also provides an authentication device of the 5GC for the Wi-Fi equipment, which is applied to the visiting network side and comprises the following components:
the request module is used for generating an access request and sending the access request to the wireless local area network equipment; the user equipment serving as the visiting network side establishes connection with the wireless local area network equipment based on Wi-Fi;
the first authentication module is used for performing bidirectional authentication with a fifth generation mobile communication technology core network connected with the wireless local area network device after the access request authentication is successful;
an obtaining module, configured to obtain, by the wlan device, a master key from a core network of a fifth-generation mobile communication technology after the bidirectional authentication is passed; wherein the master key is used for air interface encryption;
and the access module is used for accessing a fifth generation mobile communication technology core network through the wireless local area network equipment according to the master key.
The invention provides an authentication method of a 5GC for Wi-Fi equipment, which is applied to a home network side and comprises the following steps:
the second authentication module is used for performing bidirectional authentication with the user equipment after the access request authentication of the user equipment is successful; the user equipment and the wireless local area network equipment establish connection based on Wi-Fi, and the wireless local area network equipment establishes connection with a fifth generation mobile communication technology core network serving as the home network side;
the generating module is used for generating a master key after the bidirectional authentication is passed, and sending the master key to the user equipment through the wireless local area network equipment; wherein the master key is used for air interface encryption.
The invention also provides an electronic device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the program to realize the steps of the authentication method of the 5GC on the Wi-Fi device.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method for authentication of a Wi-Fi device by a 5GC as described in any one of the above.
The present invention also provides a computer program product comprising a computer program which, when executed by a processor, performs the steps of the method for authentication of a Wi-Fi device by a 5GC as described in any one of the above.
According to the authentication method and device for the 5GC to the Wi-Fi equipment, after the TWAN equipment acquires the access request of the UE serving as the visiting network side, the access request is authenticated, and after the access request is authenticated successfully, the UE and the 5GC are subjected to bidirectional authentication; after the two-way authentication is passed, the 5GC provides PMK required by air interface encryption for the UE through TWAN equipment, so that various terminals which do not have 5G NAS capability can finish accessing the 5GC and performing authentication only by having Wi-Fi capability and authentication capability, and perform service data transmission with the 5 GC; meanwhile, the authentication process is bidirectional, so that the 5GC can manage the UE accessed through Wi-Fi, and the communication between the UE and the 5GC is safer;
or after the TWAN equipment acquires the access request of the UE, authenticating the access request, and after the access request is authenticated successfully, performing bidirectional authentication between the 5GC serving as the home network side and the UE; after the two-way authentication is passed, the 5GC provides PMK required by air interface encryption for the UE through TWAN equipment, so that various terminals which do not have 5G NAS capability can finish accessing the 5GC and performing authentication only by having Wi-Fi capability and authentication capability, and perform service data transmission with the 5 GC; meanwhile, since the authentication process is bidirectional, the 5GC can manage the UE accessed through Wi-Fi, and the communication between the UE and the 5GC is safer.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a method for authenticating a Wi-Fi device by a 5GC according to an embodiment of the present invention;
fig. 2 is a schematic flowchart illustrating a step S200 in a method for authenticating a Wi-Fi device by a 5GC according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of a method for authenticating a Wi-Fi device by a 5GC according to another embodiment of the present invention;
fig. 4 is a flowchart illustrating a specific step S500 in a method for authenticating a Wi-Fi device by a 5GC according to another embodiment of the present invention;
fig. 5 is a schematic diagram of a 5GC for performing bidirectional authentication between a UE and the 5GC in the authentication method for Wi-Fi devices provided by the present invention;
fig. 6 is a schematic structural diagram of an authentication apparatus for Wi-Fi devices by a 5GC according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a first authentication module in an authentication apparatus for Wi-Fi devices by a 5GC according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of an authentication apparatus of a Wi-Fi device by a 5GC according to another embodiment of the present invention;
fig. 9 is a schematic structural diagram of a second authentication module in an authentication apparatus for Wi-Fi devices by a 5GC according to another embodiment of the present invention;
fig. 10 is a schematic structural diagram of an electronic device provided by the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The method for authenticating Wi-Fi equipment by 5GC according to the present invention is described below with reference to fig. 1 and 5, and the method of fig. 1 is applied to a visiting network side, for example, UE, and includes the following steps:
s100, the UE generates an access request and sends the access request to Wireless Local Area Networks (WLAN) equipment, wherein the access request is that the UE requests to access the 5GC, and data transmission between the UE and the 5GC is carried out. 5GC is the home network side.
Specifically, after the UE completes registration, a corresponding access request is generated.
Specifically, the WLAN device in the method is a Trusted WLAN Access Network (TWAN) device, and the TWAN device is referred to as the WLAN device in the method in the following.
It is understood that the UE and the TWAN device on the visited network side can communicate with each other based on Wi-Fi.
S200, when the access request is successfully authenticated, the UE and the 5GC connected with the TWAN equipment perform bidirectional authentication.
The TWAN device performs signaling interaction with the 5GC through a Non-Access Stratum (NAS)/NG application protocol (NGAP) message, specifically, with an Access and Mobility Management Function (AMF) network element of the 5 GC. For example, the NGAP interface is an interface for interacting with an AMF network element in the 5GC as an access network (NG-RAN) in the 5G network.
S300, after the bidirectional authentication passes, obtaining a Master Key (PMK) from the 5GC through the TWAN device, where it can be understood that the PMK is used for air interface encryption, that is, after the bidirectional authentication between the 5GC and the UE passes, the 5GC provides the PMK required by the air interface encryption to the UE through the TWAN device.
S400, according to the PMK, the UE accesses to the 5GC through the TWAN equipment.
According to the authentication method of the 5GC for the Wi-Fi equipment, after the TWAN equipment acquires the access request of the UE serving as the visiting network side, the access request is authenticated, and after the access request is authenticated successfully, the UE and the 5GC are subjected to bidirectional authentication; after the two-way authentication is passed, the 5GC provides PMK required by air interface encryption for the UE through TWAN equipment, so that various terminals which do not have 5G NAS capability can finish accessing the 5GC and performing authentication only by having Wi-Fi capability and authentication capability, and perform service data transmission with the 5 GC; meanwhile, since the authentication process is bidirectional, the 5GC can manage the UE accessed through Wi-Fi, and the communication between the UE and the 5GC is safer.
The authentication method of Wi-Fi equipment by 5GC in the present invention is described below with reference to fig. 2, and the step S200 in the method applied to the visited network side specifically includes the following steps:
s210, the TWAN equipment acquires the access request of the UE and authenticates the access request based on an Enterprise mode.
The Enterprise mode is an Enterprise-level Wi-Fi authentication mode. The common router accesses Wi-Fi by using a shared Key (PSK) mode, the Enterprise mode is login authenticated by AAA, and only after authentication is successful, the UE can access Wi-Fi equipment, such as TWAN equipment.
S220, after the access request authentication is successful, bidirectional authentication is carried out based on an improved extensible authentication protocol-authentication and key agreement (EAP-AKA') and 5 GC. EAP-AKA' is an improvement on EAP-AKA, and is a new EAP authentication method.
And S230, when the access request authentication fails, terminating the method.
The method for authenticating Wi-Fi device by 5GC of the present invention is described below with reference to fig. 3 and 5, and the method of fig. 3 is applied to a home network side, for example, 5GC, and includes the following steps:
and S500, when the access request of the UE is successfully authenticated, performing bidirectional authentication with the UE as the 5GC on the home network side. The UE and the WLAN equipment establish connection based on Wi-Fi, and the WLAN equipment and the 5GC serving as a home network side establish connection. The UE is the visiting network side.
Specifically, the WLAN device in the method is a TWAN device, and the WLAN device in the method is referred to as the TWAN device in the following.
The TWAN equipment performs signaling interaction with the 5GC through the NAS/NGAP message, specifically, performs signaling interaction with an AMF network element of the 5 GC. For example, the NGAP interface is an interface for interacting with an AMF network element in the 5GC as an access network (NG-RAN) in the 5G network.
And S600, when the two-way authentication is passed, generating a PMK, and sending the PMK to the UE through the TWAN equipment, wherein the PMK is used for air interface encryption, that is, after the two-way authentication between the UE and the 5GC is passed, the 5GC provides the PMK required by the air interface encryption for the UE through the TWAN equipment.
According to the authentication method of the 5GC for the Wi-Fi equipment, after the TWAN equipment acquires the access request of the UE, the TWAN equipment authenticates the access request, and after the access request is successfully authenticated, the TWAN equipment is used as the 5GC on the home network side to perform bidirectional authentication with the UE; after the two-way authentication is passed, the 5GC provides PMK required by air interface encryption for the UE through TWAN equipment, so that various terminals which do not have 5G NAS capability can finish accessing the 5GC and performing authentication only by having Wi-Fi capability and authentication capability, and perform service data transmission with the 5 GC; meanwhile, since the authentication process is bidirectional, the 5GC can manage the UE accessed through Wi-Fi, and the communication between the UE and the 5GC is safer.
The authentication method of Wi-Fi device by 5GC of the present invention is described below with reference to fig. 4, and the step S500 in the method applied to the home network side specifically includes the following steps:
s510, the TWAN equipment acquires the access request of the UE and authenticates the access request based on an Enterprise mode.
The Enterprise mode is an Enterprise-level Wi-Fi authentication mode. The common router access Wi-Fi uses a PSK mode, the Enterprise mode is login authenticated by AAA, and the UE can access Wi-Fi equipment, such as TWAN equipment, only after authentication is successful.
S520, when the access request is successfully authenticated, performing bidirectional authentication with the UE based on the EAP-AKA'. EAP-AKA' is an improvement on EAP-AKA, and is a new EAP authentication method.
S530, when the access request authentication fails, the method is terminated.
The authentication device of the Wi-Fi equipment by the 5GC provided by the present invention is described below, and the authentication device of the Wi-Fi equipment by the 5GC described below and the authentication method of the Wi-Fi equipment by the 5GC described above may be referred to correspondingly.
The apparatus for authenticating Wi-Fi device by 5GC in the present invention is described below with reference to fig. 6, and the method in fig. 6 is applied to a visiting network side, such as UE, and the apparatus includes:
the request module 100 is configured to generate an access request through the UE, and send the access request to the WLAN device, where the access request is that the UE requests to access the 5GC, and perform data transmission between the UE and the 5 GC. 5GC is the home network side.
Specifically, after the UE completes registration, a corresponding access request is generated.
In particular, the WLAN device in the method is a trusted TWAN device, and the WLAN device in the method is referred to as the TWAN device in the following.
It is understood that the UE and the TWAN device on the visited network side can communicate with each other based on Wi-Fi.
The first authentication module 200 is configured to perform bidirectional authentication between the UE and the 5GC connected to the TWAN device after the access request is authenticated successfully.
The TWAN equipment performs signaling interaction with the 5GC through the NAS/NGAP message, specifically, performs signaling interaction with the access of the 5GC and the AMF network element. For example, the NGAP interface is an interface for interacting with an AMF network element in the 5GC as an access network (NG-RAN) in the 5G network.
The obtaining module 300 is configured to obtain, by the TWAN device, the PMK from the 5GC after the bidirectional authentication is passed, where it can be understood that the PMK is used for air interface encryption, that is, after the bidirectional authentication between the 5GC and the UE is passed, the 5GC provides, by the TWAN device, the PMK required by the air interface encryption to the UE.
And an access module 400, configured to access the 5GC through the TWAN device by the UE according to the PMK.
According to the authentication device of the 5GC for the Wi-Fi equipment, after the TWAN equipment acquires the access request of the UE serving as the visiting network side, the access request is authenticated, and after the access request is authenticated successfully, the UE and the 5GC are subjected to bidirectional authentication; after the two-way authentication is passed, the 5GC provides PMK required by air interface encryption for the UE through TWAN equipment, so that various terminals which do not have 5G NAS capability can finish accessing the 5GC and performing authentication only by having Wi-Fi capability and authentication capability, and perform service data transmission with the 5 GC; meanwhile, since the authentication process is bidirectional, the 5GC can manage the UE accessed through Wi-Fi, and the communication between the UE and the 5GC is safer.
The following describes, with reference to fig. 7, an authentication apparatus for Wi-Fi devices by 5GC of the present invention, where the first authentication module 200 applied in the apparatus on the visiting network side specifically includes:
the first authentication unit 210 is configured to acquire an access request of the UE through the TWAN device, and authenticate the access request based on an Enterprise method.
The Enterprise mode is an Enterprise-level Wi-Fi authentication mode. The common router access Wi-Fi uses a PSK mode, the Enterprise mode is login authenticated by AAA, and the UE can access Wi-Fi equipment, such as TWAN equipment, only after authentication is successful.
The second authentication unit 220 is configured to perform bidirectional authentication based on EAP-AKA' and 5GC after the access request authentication is successful. EAP-AKA' is an improvement on EAP-AKA, and is a new EAP authentication method.
A third authentication unit 230, configured to terminate the method after the authentication of the access request fails.
The apparatus for authenticating Wi-Fi device by 5GC of the present invention is described below with reference to fig. 8, and the apparatus of fig. 8 is applied to a home network side, for example, 5GC, and includes:
the second authentication module 500 is configured to perform bidirectional authentication with the UE as a 5GC on the home network side after the access request authentication of the UE is successful. The UE and the WLAN equipment establish connection based on Wi-Fi, and the WLAN equipment and the 5GC serving as a home network side establish connection. The UE is the visiting network side.
Specifically, the WLAN device in the method is a TWAN device, and the WLAN device in the method is referred to as the TWAN device in the following.
The TWAN equipment performs signaling interaction with the 5GC through the NAS/NGAP message, specifically, performs signaling interaction with an AMF network element of the 5 GC. For example, the NGAP interface is an interface for interacting with an AMF network element in the 5GC as an access network (NG-RAN) in the 5G network.
The generating module 600 is configured to generate a PMK after the bidirectional authentication passes, and send the PMK to the UE through the TWAN device, where it can be understood that the PMK is used for air interface encryption, that is, after the bidirectional authentication between the UE and the 5GC passes, the 5GC provides the PMK required by the air interface encryption to the UE through the TWAN device.
According to the authentication device of the 5GC for the Wi-Fi equipment, after the TWAN equipment acquires the access request of the UE, the TWAN equipment authenticates the access request, and after the access request is successfully authenticated, the TWAN equipment is used as the 5GC on the home network side to perform bidirectional authentication with the UE; after the two-way authentication is passed, the 5GC provides PMK required by air interface encryption for the UE through TWAN equipment, so that various terminals which do not have 5G NAS capability can finish accessing the 5GC and performing authentication only by having Wi-Fi capability and authentication capability, and perform service data transmission with the 5 GC; meanwhile, since the authentication process is bidirectional, the 5GC can manage the UE accessed through Wi-Fi, and the communication between the UE and the 5GC is safer.
The following describes, with reference to fig. 9, an authentication apparatus for Wi-Fi devices by 5GC according to the present invention, where the second authentication module 500 applied in the apparatus on the home network side specifically includes:
a fourth authentication unit 510, configured to acquire an access request of the UE through the TWAN device, and authenticate the access request based on an Enterprise method.
The Enterprise mode is an Enterprise-level Wi-Fi authentication mode. The common router access Wi-Fi uses a PSK mode, the Enterprise mode is login authenticated by AAA, and the UE can access Wi-Fi equipment, such as TWAN equipment, only after authentication is successful.
A fifth authentication unit 620, configured to perform bidirectional authentication with the UE based on EAP-AKA' after the access request authentication is successful. EAP-AKA' is an improvement on EAP-AKA, and is a new EAP authentication method.
A sixth authentication unit 230, configured to terminate the method after the authentication of the access request fails.
Fig. 10 illustrates a physical structure diagram of an electronic device, and as shown in fig. 10, the electronic device may include: a processor (processor)810, a communication Interface 820, a memory 830 and a communication bus 840, wherein the processor 810, the communication Interface 820 and the memory 830 communicate with each other via the communication bus 840. The processor 810 may invoke logic instructions in the memory 830 to perform a 5GC method of authentication of Wi-Fi devices, application and visited network side, the method comprising the steps of:
s100, generating an access request through the UE, and sending the access request to a WLAN (TWAN) device, wherein it can be understood that the UE serving as a visiting network side and the TWAN device can communicate based on Wi-Fi;
s200, when the access request is successfully authenticated, the UE and a 5GC connected with the TWAN equipment perform bidirectional authentication;
s300, after the bidirectional authentication is passed, obtaining the PMK from the 5GC through the TWAN equipment, wherein the PMK is used for air interface encryption;
s400, according to the PMK, the UE accesses to the 5GC through the TWAN equipment.
Or, in order to execute the authentication method of 5GC to Wi-Fi equipment, the method is applied to the home network side, and the method comprises the following steps:
and S500, when the access request of the UE is successfully authenticated, performing bidirectional authentication with the UE as the 5GC on the home network side. The method comprises the steps that the UE and the WLAN equipment establish connection based on Wi-Fi, the WLAN equipment and a 5GC serving as a home network side establish connection, and particularly, the WLAN equipment in the method is TWAN equipment;
and S600, generating a PMK after the bidirectional authentication is passed, and sending the PMK to the UE through the TWAN equipment, wherein the PMK is used for air interface encryption.
In addition, the logic instructions in the memory 830 may be implemented in software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, the present invention further provides a computer program product, where the computer program product includes a computer program, the computer program may be stored on a non-transitory computer readable storage medium, and when the computer program is executed by a processor, a computer can execute the method for authenticating a Wi-Fi device by 5GC provided by the above methods, the method includes the following steps:
s100, generating an access request through the UE, and sending the access request to a WLAN (TWAN) device, wherein it can be understood that the UE serving as a visiting network side and the TWAN device can communicate based on Wi-Fi;
s200, when the access request is successfully authenticated, the UE and a 5GC connected with the TWAN equipment perform bidirectional authentication;
s300, after the bidirectional authentication is passed, obtaining the PMK from the 5GC through the TWAN equipment, wherein the PMK is used for air interface encryption;
s400, according to the PMK, the UE accesses to the 5GC through the TWAN equipment.
Or, the 5GC authentication method for Wi-Fi equipment provided by the above methods is applied to the home network side, and the method includes the following steps:
and S500, when the access request of the UE is successfully authenticated, performing bidirectional authentication with the UE as the 5GC on the home network side. The method comprises the steps that the UE and the WLAN equipment establish connection based on Wi-Fi, the WLAN equipment and a 5GC serving as a home network side establish connection, and particularly, the WLAN equipment in the method is TWAN equipment;
and S600, generating a PMK after the bidirectional authentication is passed, and sending the PMK to the UE through the TWAN equipment, wherein the PMK is used for air interface encryption.
In yet another aspect, the present invention also provides a non-transitory computer-readable storage medium, on which a computer program is stored, the computer program, when being executed by a processor, implements the method for authenticating a Wi-Fi device by 5GC provided by the above methods, the method being applied to a visited network side, and the method including the following steps:
s100, generating an access request through the UE, and sending the access request to a WLAN (TWAN) device, wherein it can be understood that the UE serving as a visiting network side and the TWAN device can communicate based on Wi-Fi;
s200, when the access request is successfully authenticated, the UE and a 5GC connected with the TWAN equipment perform bidirectional authentication;
s300, after the bidirectional authentication is passed, obtaining the PMK from the 5GC through the TWAN equipment, wherein the PMK is used for air interface encryption;
s400, according to the PMK, the UE accesses to the 5GC through the TWAN equipment.
Or, the 5GC authentication method for Wi-Fi equipment provided by the above methods is applied to the home network side, and the method includes the following steps:
and S500, when the access request of the UE is successfully authenticated, performing bidirectional authentication with the UE as the 5GC on the home network side. The method comprises the steps that the UE and the WLAN equipment establish connection based on Wi-Fi, the WLAN equipment and a 5GC serving as a home network side establish connection, and particularly, the WLAN equipment in the method is TWAN equipment;
and S600, generating a PMK after the bidirectional authentication is passed, and sending the PMK to the UE through the TWAN equipment, wherein the PMK is used for air interface encryption.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A5 GC is applied to visit the network side to authenticate the Wi-Fi equipment, characterized by comprising the following steps:
generating an access request and sending the access request to a wireless local area network device; the user equipment serving as the visiting network side establishes connection with the wireless local area network equipment based on Wi-Fi;
after the access request is successfully authenticated, performing bidirectional authentication on a fifth generation mobile communication technology core network connected with the wireless local area network equipment;
after the bidirectional authentication is passed, acquiring a master key from a fifth-generation mobile communication technology core network through the wireless local area network equipment; wherein the master key is used for air interface encryption;
and accessing a fifth generation mobile communication technology core network through the wireless local area network equipment according to the master key.
2. The authentication method for the Wi-Fi device by the 5GC according to claim 1, wherein after the access request authentication is successful, the bidirectional authentication is performed by a core network of a fifth generation mobile communication technology connected to the wlan device, specifically comprising the following steps:
the wireless local area network equipment acquires the access request of the user equipment and authenticates the access request based on an Enterprise mode;
after the access request is successfully authenticated, performing bidirectional authentication with a fifth generation mobile communication technology core network based on an improved extensible authentication protocol-authentication and key protocol;
and terminating the method when the access request fails to be authenticated.
3. The method for authenticating Wi-Fi equipment by using a 5GC according to claim 1, wherein the step of generating an access request and sending the access request to the wlan equipment specifically comprises the steps of:
and after the user equipment is registered, generating the access request and sending the access request to the wireless local area network equipment.
4. A5 GC is applied to the home network side for the authentication method of Wi-Fi equipment, which is characterized by comprising the following steps:
when the access request of the user equipment is successfully authenticated, performing bidirectional authentication with the user equipment; the user equipment and the wireless local area network equipment establish connection based on Wi-Fi, and the wireless local area network equipment establishes connection with a fifth generation mobile communication technology core network serving as the home network side;
after the bidirectional authentication is passed, generating a master key, and sending the master key to the user equipment through the wireless local area network equipment; wherein the master key is used for air interface encryption.
5. The authentication method for the Wi-Fi equipment by the 5GC according to claim 4, wherein the bidirectional authentication with the user equipment is performed after the access request authentication of the user equipment is successful, specifically comprising the steps of:
the wireless local area network equipment acquires the access request of the user equipment and authenticates the access request based on an Enterprise mode;
when the access request is successfully authenticated, performing bidirectional authentication with the user equipment based on an improved extensible authentication protocol-authentication and key protocol;
and terminating the method when the access request fails to be authenticated.
6. The utility model provides a 5GC is to authentication device of Wi-Fi equipment, is applied to visiting the network side, characterized in that, includes:
the request module is used for generating an access request and sending the access request to the wireless local area network equipment; the user equipment serving as the visiting network side establishes connection with the wireless local area network equipment based on Wi-Fi;
the first authentication module is used for performing bidirectional authentication with a fifth generation mobile communication technology core network connected with the wireless local area network device after the access request authentication is successful;
an obtaining module, configured to obtain, by the wlan device, a master key from a core network of a fifth-generation mobile communication technology after the bidirectional authentication is passed; wherein the master key is used for air interface encryption;
and the access module is used for accessing a fifth generation mobile communication technology core network through the wireless local area network equipment according to the master key.
7. A method for authenticating Wi-Fi equipment by a 5GC is applied to a home network side, and is characterized by comprising the following steps:
the second authentication module is used for performing bidirectional authentication with the user equipment after the access request authentication of the user equipment is successful; the user equipment and the wireless local area network equipment establish connection based on Wi-Fi, and the wireless local area network equipment establishes connection with a fifth generation mobile communication technology core network serving as the home network side;
the generating module is used for generating a master key after the bidirectional authentication is passed, and sending the master key to the user equipment through the wireless local area network equipment; wherein the master key is used for air interface encryption.
8. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program performs the steps of the method for authentication of a Wi-Fi device by a 5GC according to any one of claims 1 to 5.
9. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the steps of the method for authentication of a Wi-Fi device by a 5GC as claimed in any one of claims 1 to 5.
10. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, carries out the steps of the method for authentication of a Wi-Fi device by a 5GC according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111005384.2A CN113852959A (en) | 2021-08-30 | 2021-08-30 | Authentication method and device for Wi-Fi equipment by 5GC |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111005384.2A CN113852959A (en) | 2021-08-30 | 2021-08-30 | Authentication method and device for Wi-Fi equipment by 5GC |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113852959A true CN113852959A (en) | 2021-12-28 |
Family
ID=78976555
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111005384.2A Pending CN113852959A (en) | 2021-08-30 | 2021-08-30 | Authentication method and device for Wi-Fi equipment by 5GC |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113852959A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115065970A (en) * | 2022-06-23 | 2022-09-16 | 中国联合网络通信集团有限公司 | Authentication method and trusted wireless local area network interactive function equipment |
| WO2023240659A1 (en) * | 2022-06-17 | 2023-12-21 | 北京小米移动软件有限公司 | Authentication method and apparatus, communication device and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104852896A (en) * | 2015-02-03 | 2015-08-19 | 四川通信科研规划设计有限责任公司 | Wi-Fi wireless node network access method and system |
| CN109804651A (en) * | 2016-10-05 | 2019-05-24 | 摩托罗拉移动有限责任公司 | It is attached by the core network of independent non-3GPP access network |
-
2021
- 2021-08-30 CN CN202111005384.2A patent/CN113852959A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104852896A (en) * | 2015-02-03 | 2015-08-19 | 四川通信科研规划设计有限责任公司 | Wi-Fi wireless node network access method and system |
| CN109804651A (en) * | 2016-10-05 | 2019-05-24 | 摩托罗拉移动有限责任公司 | It is attached by the core network of independent non-3GPP access network |
Non-Patent Citations (1)
| Title |
|---|
| MOTOROLA MOBILITY, LENOVO, BROADCOM: "S2-187859 "Update of Solution #3: Access to 5GC from UEs without supporting NAS on non-3GPP access"", 3GPP TSG_SA\\WG2_ARCH, no. 2, 14 August 2018 (2018-08-14), pages 1 - 11 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023240659A1 (en) * | 2022-06-17 | 2023-12-21 | 北京小米移动软件有限公司 | Authentication method and apparatus, communication device and storage medium |
| CN115065970A (en) * | 2022-06-23 | 2022-09-16 | 中国联合网络通信集团有限公司 | Authentication method and trusted wireless local area network interactive function equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10531297B2 (en) | Authentication method and server, and computer storage medium | |
| US11496320B2 (en) | Registration method and apparatus based on service-based architecture | |
| CN112566050B (en) | Cellular service account transfer for an accessory wireless device | |
| JP6727294B2 (en) | User equipment UE access method, access device, and access system | |
| JP6668407B2 (en) | Terminal authentication method and apparatus used in mobile communication system | |
| CN111465011B (en) | Cross-network access method, device, storage medium and communication system | |
| KR101068424B1 (en) | Inter-working function for a communication system | |
| CN104221414A (en) | Secure and automatic connection to wireless network | |
| CN107567017B (en) | Wireless connection system, device and method | |
| WO2013159576A1 (en) | Method and terminal for accessing wireless network, wi-fi access network node, and authentication server | |
| CN113852959A (en) | Authentication method and device for Wi-Fi equipment by 5GC | |
| CN104519490A (en) | WIFI (wireless fidelity) connection method, WIFI connection device, mobile terminal and system | |
| CN109561429B (en) | Authentication method and device | |
| CN106572465B (en) | A kind of wireless connection method and system | |
| CN109391937A (en) | Acquisition methods, equipment and the system of public key | |
| KR20230124621A (en) | UE authentication method and system for non-3GPP service access | |
| KR101730954B1 (en) | System and method for producing sequrity service by means of application, and apparatus applied to the same | |
| US8051464B2 (en) | Method for provisioning policy on user devices in wired and wireless networks | |
| CN108024241A (en) | Terminal accessing authentication method, system and authentication server | |
| CN109548026B (en) | Method and device for controlling terminal access | |
| WO2008001988A1 (en) | System and method for managing network/service access for linkage between network access and application service | |
| CN114978556A (en) | Slice authentication method, device and system | |
| CN109962897B (en) | Open platform authentication and access method and system based on two-dimensional code scanning | |
| CN107318110A (en) | Wifi cut-in methods and device based on virtual SIM card | |
| CN114173333A (en) | Access network, network selection method, device and communication equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |