CN114040410A - Terminal authentication method, network side device and storage medium - Google Patents

Terminal authentication method, network side device and storage medium Download PDF

Info

Publication number
CN114040410A
CN114040410A CN202111444758.0A CN202111444758A CN114040410A CN 114040410 A CN114040410 A CN 114040410A CN 202111444758 A CN202111444758 A CN 202111444758A CN 114040410 A CN114040410 A CN 114040410A
Authority
CN
China
Prior art keywords
network
identity authentication
authentication
network side
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111444758.0A
Other languages
Chinese (zh)
Inventor
戴国华
吴海波
谭华
刁永平
赵强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202111444758.0A priority Critical patent/CN114040410A/en
Publication of CN114040410A publication Critical patent/CN114040410A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present disclosure provides a terminal authentication method, a network side device and a storage medium, wherein the method comprises: the network side equipment receives a second identity authentication request sent by the terminal APP and judges whether an authentication customization strategy corresponding to the terminal APP is set; if so, the network side equipment performs second identity authentication on the terminal APP based on the authentication customization strategy; if not, the network side equipment carries out second identity authentication on the terminal APP based on the authentication default strategy; and the network side equipment allocates resources for the terminal APP based on the second identity authentication result. The method, the equipment and the storage medium enhance the protection capability of a network system by customizing the algorithm and the protocol of the secondary authentication by a user, and have the characteristics of flexible deployment of industry slicing services, various user requirements and the like; the protection capability of a network system is enhanced, and the network slice-based end-to-end network access is provided for users more safely and reliably.

Description

Terminal authentication method, network side device and storage medium
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a terminal authentication method, a network device, and a storage medium.
Background
At present, a 5G industry private network performs two identity authentications on terminal access, the first Authentication completes network access Authentication between the terminal access private network and UDM (Unified Data Management, Unified Data Management Function)/ARPF (Authentication document storage and Processing Function) and AUSF (Authentication Server Function), and the second Authentication performs network slice service authority Authentication in AAA (Authentication, Authorization, Accounting, Authentication, Authorization, and Accounting) servers in a user name + password manner, so as to limit unauthorized terminal access. At present, the second authentication mode of the AAA server is simple and easy to break, and the network system protection cannot meet the increasing network access security requirements of industrial users.
Disclosure of Invention
In view of the above, an object of the present invention is to provide a terminal authentication method, a network side device and a storage medium.
According to a first aspect of the present disclosure, there is provided a terminal authentication method, including: the network side equipment receives a second identity authentication request sent by a terminal APP and judges whether an authentication customization strategy corresponding to the terminal APP is set; after the terminal passes the first identity authentication and is attached to a target network, the terminal APP sends the second identity authentication request; if so, the network side equipment performs second identity authentication on the terminal APP based on the authentication customization strategy; if not, the network side equipment carries out second identity authentication on the terminal APP based on an authentication default strategy; and the network side equipment allocates resources for the terminal APP based on the second identity authentication result.
Optionally, the authentication customization policy includes: first characteristic information; the network side equipment carries out second identity authentication on the terminal APP based on the authentication customization strategy, and the second identity authentication comprises the following steps: the network side equipment acquires first characteristic information corresponding to the terminal APP; the network side equipment extracts second characteristic information from the second identity authentication request, and matches the first characteristic information with the second characteristic information; and the network side equipment judges whether the second identity authentication is successful according to the matching result.
Optionally, the authentication customization policy includes: network slice allocation information; the network side equipment allocates resources for the terminal APP based on the second identity authentication result, and the allocating comprises: if the matching result is judged to be successful, the network side equipment acquires network slice distribution information corresponding to the APP of the terminal; and the network side equipment allocates the corresponding network slice for the terminal APP based on the network slice allocation information.
Optionally, the network side device receives a new slice request or a slice permission modification request sent by the terminal APP; the network side equipment extracts third characteristic information from the newly added slice request or the slice permission modification request, and matches the first characteristic information with the third characteristic information; and if the matching result is judged to be successful, the network side equipment carries out corresponding processing according to the newly added slice request or the slice permission modification request.
Optionally, the first feature information and the second feature information include: fingerprint, iris, voice, identification card information.
Optionally, the authenticating default policy includes: a first username and a first password; the network side equipment carries out second identity authentication on the terminal APP based on the authentication default strategy, and the second identity authentication comprises the following steps: the network side equipment acquires a first user name and a first password corresponding to the terminal; the network side equipment extracts a second user name and a second password from the second identity authentication request, and compares the first user name and the first password with the second user name and the second password; and the network side equipment judges whether the second identity authentication is successful according to the comparison result.
Optionally, the allocating, by the network side device, resources to the terminal APP based on the second identity authentication result includes: and if the network side equipment judges that the comparison result is successful, distributing the same network slice for all the terminal APPs.
Optionally, the network side device includes: an AAA server; the target network includes: 5G network.
According to a second aspect of the present disclosure, there is provided a network side device, including: the customized strategy judging module is used for receiving a second identity authentication request sent by a terminal APP and judging whether an authentication customized strategy corresponding to the terminal APP is set; after the terminal passes the first identity authentication and is attached to a target network, the terminal APP sends the second identity authentication request; the first identity authentication module is used for carrying out second identity authentication on the terminal APP based on the authentication customization strategy if the terminal APP is authenticated; the second identity authentication module is used for carrying out second identity authentication on the terminal APP based on an authentication default strategy if the terminal APP is not authenticated; and the resource allocation module is used for allocating resources for the terminal APP based on the second identity authentication result.
Optionally, the authentication customization policy includes: first characteristic information; the first identity authentication module is used for acquiring first feature information corresponding to the terminal APP, extracting second feature information from the second identity authentication request, and matching the first feature information with the second feature information; and judging whether the second identity authentication is successful according to the matching result.
Optionally, the authentication customization policy includes: network slice allocation information; the resource allocation module is used for acquiring network slice allocation information corresponding to the APP of the terminal if the matching result is judged to be successful; and distributing corresponding network slices for the terminal APP based on the network slice distribution information.
Optionally, the resource allocation module is configured to receive a new slice request or a slice permission modification request sent by the terminal APP; extracting third characteristic information from the new slice request or the slice permission modification request, and matching the first characteristic information with the third characteristic information; and if the matching result is judged to be successful, performing corresponding processing according to the newly added slice request or the slice permission modification request.
Optionally, the first feature information and the second feature information include: fingerprint, iris, voice, identification card information.
Optionally, the authenticating default policy includes: a first username and a first password; the second identity authentication module is used for acquiring a first username and a first password corresponding to the terminal; extracting a second user name and a second password from the second identity authentication request, and comparing the first user name and the first password with the second user name and the second password; and judging whether the second identity authentication is successful according to the comparison result.
Optionally, the resource allocation module is configured to allocate the same network slice for all the terminal APPs if the network side device determines that the comparison result is successful.
Optionally, the network side device includes: an AAA server. The target network includes: 5G network.
According to a fourth aspect of the present disclosure, there is provided a network side device, including: a memory; and a processor coupled to the memory, the processor configured to perform the method as described above based on instructions stored in the memory.
According to a fourth aspect of the present disclosure, there is provided a computer readable storage medium storing computer instructions for execution by a processor to perform the method as described above.
According to the terminal authentication method, the network side equipment and the storage medium, the user can distinguish the industry slicing authority of the user through the algorithm and the protocol of customized secondary authentication, the self-defined identity authentication mechanism is combined with different slicing service requirements corresponding to different network system protection levels, the protection capability of the network system is enhanced, and the terminal authentication method, the network side equipment and the storage medium have the characteristics of flexible deployment of the industry slicing service, various user requirements and the like; the protection capability of a network system is enhanced, the network slice-based end-to-end network access is provided for users more safely and reliably, and the autonomous controllable secondary identity authentication function can be realized.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and other drawings can be obtained by those skilled in the art without inventive exercise.
Fig. 1 is a schematic flow chart diagram according to an embodiment of a terminal authentication method;
fig. 2 is a schematic flow chart illustrating a second authentication according to an embodiment of the terminal authentication method;
fig. 3 is a schematic flow chart of performing a second authentication according to another embodiment of the terminal authentication method;
fig. 4 is a flowchart illustrating resource modification according to an embodiment of a terminal authentication method;
fig. 5 is a flowchart illustrating a method of authenticating a terminal according to still another embodiment;
FIG. 6 is a block diagram of one embodiment of a network side device;
fig. 7 is a block diagram of another embodiment of a network-side device.
Detailed Description
The present disclosure now will be described more fully hereinafter with reference to the accompanying drawings, in which exemplary embodiments of the disclosure are shown. The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
The terms "first", "second", and the like are used hereinafter only for descriptive distinction and have no other special meaning.
Fig. 1 is a flowchart illustrating an embodiment of a terminal authentication method, as shown in fig. 1:
step 101, the network side device receives a second identity authentication request sent by the terminal APP, and judges whether an authentication customization policy corresponding to the terminal APP is set.
In one embodiment, the terminal completes network access authentication with the UDM/ARPF and the AUSF for the first time based on the existing authentication method, and after the terminal passes the first identity authentication and is attached to the target network, the terminal APP sends a second identity authentication request. The network side device comprises an AAA server and the like, the target network comprises a 5G network and the like, and the terminal APP can be various APPs, such as e-commerce APP, social APP and the like.
And 102, if so, performing second identity authentication on the terminal APP by the network side equipment based on the authentication customized strategy.
And 103, if not, performing second identity authentication on the terminal APP by the network side equipment based on the authentication default strategy.
And step 104, the network side equipment allocates resources for the terminal APP based on the second identity authentication result. The resources include network slices, etc.
In one embodiment, the network side device may adopt multiple methods for performing the second identity authentication on the terminal APP based on the authentication customized policy. Fig. 2 is a schematic flowchart illustrating a second authentication process according to an embodiment of a terminal authentication method, where an authentication customization policy includes first feature information; as shown in fig. 2:
step 201, a network side device obtains first feature information corresponding to an APP application of a terminal.
Step 202, the network side device extracts second characteristic information from the second identity authentication request, and matches the first characteristic information with the second characteristic information. The first characteristic information and the second characteristic information comprise information such as fingerprints, irises, voice, identity card information and the like.
Step 203, the network side device judges whether the second identity authentication is successful according to the matching result.
The authentication customization strategy comprises network slice distribution information, and if the network side equipment judges that the matching result is successful, the network side equipment acquires the network slice distribution information corresponding to the APP application of the terminal. And the network side equipment allocates the corresponding network slice for the terminal APP based on the network slice allocation information.
After the terminal passes the first network access authentication and successfully accesses/attaches to the network, the new function of the AAA server allows the user to customize and design the algorithm and the protocol (authentication customization strategy) of the secondary authentication, can enhance the protection capability of the network system, and provides the end-to-end network access based on the network slice for the user more safely and reliably.
Fig. 3 is a schematic flowchart illustrating a second authentication procedure according to another embodiment of the terminal authentication method, where the authentication default policy includes a first username and a first password; as shown in fig. 3:
step 301, a network side device acquires a first username and a first password corresponding to a terminal.
Step 302, the network side device extracts the second username and the second password from the second identity authentication request, and compares the first username and the first password with the second username and the second password.
Step 303, the network side device determines whether the second identity authentication is successful according to the comparison result. For example, if the network side device determines that the comparison result is successful, the same network slice is allocated to all the terminal APPs. The same network slice may be a default slice.
Fig. 4 is a schematic flowchart of resource modification in an embodiment of a terminal authentication method, as shown in fig. 4:
step 401, a network side device receives a new slice adding request or a slice permission modification request sent by a terminal APP.
Step 402, the network side device extracts third feature information from the slice adding request or the slice permission modification request, and matches the first feature information with the third feature information. The third characteristic information comprises information such as fingerprints, irises, voice, identity card information and the like.
And step 403, if the network side device determines that the matching result is successful, performing corresponding processing according to the new slice request or the slice permission modification request. For example, a new network slice is allocated to the terminal APP according to the new slice request, or the usage period, the security level, and other permissions of the network slice currently used by the terminal APP are modified according to the slice permission modification request.
In the prior art, a terminal can only uniformly associate all apps to a default slice, the slice service authority cannot be distinguished, secondary identity authority authentication of network slice service is performed in a user name and password mode in a default mode, the authentication mode is easy to leak and crack, and the like.
In the terminal authentication method disclosed by the invention, after the terminal passes the first network access identity authentication and successfully accesses/attaches the 5G network, the industry user is allowed to carry out the customized design of the algorithm and the protocol of the secondary authentication, and the user-defined algorithm and the protocol are adopted to carry out the secondary identity authentication between the terminal and the AAA server.
The algorithm and the protocol of the second-time identity authentication of the terminal user are designed in a customized manner, the mobile terminal is used for collecting the biological characteristic information of the user such as fingerprints, irises and voice, the self-defined authentication mechanism corresponding to different network system protection levels is combined with different slicing services, the network system protection capability is enhanced, the network slicing-based end-to-end network access is provided for the user more safely and reliably, and the autonomous controllable second-time identity authentication function of the 5G industry private network can be realized.
Fig. 5 is a flowchart illustrating a method for authenticating a terminal according to another embodiment, as shown in fig. 5:
and step 501, the terminal passes the first network access identity authentication and successfully accesses/attaches the 5G network. Different users have different business slicing requirements.
Step 502, judging whether the slice/industry user carries out the algorithm and protocol customized design (authentication customized strategy) of secondary authentication, if so, entering step 504, and if not, entering step 503.
Step 503, the network authenticates the user according to the original identity authentication mechanism (authentication default policy), and the terminal uniformly associates all apps to the default slice until the service is finished.
Step 504, the network authenticates the user according to the user-defined identity authentication mechanism (authentication customization policy), updates the App capability authorized by the terminal and independently associates the App capability with the corresponding slice.
Step 505, in the service process, the terminal judges whether the user has a new slice adding requirement or applies different use authorities of the authorized slices; if so (there is a need for new slices), step 504 is entered, and if not (slices are not authorized for different usage rights), step 506 is entered.
Step 506, the network system responds to the terminal request, updates the current terminal authorized APP capability range, and provides the corresponding slice service.
In one embodiment, as shown in fig. 6, the present disclosure provides a network-side device 60, including: a customized policy decision module 61, a first identity authentication module 62, a second identity authentication module 63 and a resource allocation module 64. The customized policy judgment module 61 receives a second identity authentication request sent by the terminal APP, and judges whether an authentication customized policy corresponding to the terminal APP is set; after the terminal passes the first identity authentication and is attached to the target network, the terminal APP sends a second identity authentication request.
If yes, the first identity authentication module 62 performs second identity authentication on the terminal APP based on the authentication customization policy; if not, the second identity authentication module 63 performs second identity authentication on the terminal APP based on the authentication default policy. And the resource allocation module 64 allocates resources for the terminal APP based on the second identity authentication result.
In one embodiment, the authentication customization policy includes first characteristic information; the first identity authentication module 62 obtains first feature information corresponding to the APP application of the terminal, extracts second feature information from the second identity authentication request, matches the first feature information and the second feature information, and determines whether the second identity authentication is successful according to a matching result.
The authentication customization policy comprises network slice distribution information; if the matching result is successful, the resource allocation module 64 acquires network slice allocation information corresponding to the APP application of the terminal, and allocates a corresponding network slice to the APP of the terminal based on the network slice allocation information.
The resource allocation module 64 receives a new slice request or a slice permission modification request sent by the terminal APP, extracts third feature information from the new slice request or the slice permission modification request, and matches the first feature information with the third feature information. If the matching result is successful, the resource allocation module 64 performs corresponding processing according to the new slice request or the slice permission modification request.
In one embodiment, the authentication default policy includes a first username and a first password; the second identity authentication module 63 obtains the first username and the first password corresponding to the terminal, extracts the second username and the second password from the second identity authentication request, compares the first username and the first password with the second username and the second password, and the second identity authentication module 63 determines whether the second identity authentication is successful according to the comparison result. And if the network side equipment of the resource allocation module 64 judges that the comparison result is successful, allocating the same network slice for all the terminal APPs.
In one embodiment, fig. 7 is a block diagram of another embodiment of a network-side device according to the present disclosure. As shown in fig. 7, the apparatus may include a memory 71, a processor 72, a communication interface 73, and a bus 74. The memory 71 is used for storing instructions, the processor 72 is coupled to the memory 71, and the processor 72 is configured to execute the terminal authentication method implemented above based on the instructions stored in the memory 71.
The memory 71 may be a high-speed RAM memory, a non-volatile memory (non-volatile memory), or the like, and the memory 71 may be a memory array. The storage 71 may also be partitioned and the blocks may be combined into virtual volumes according to certain rules. The processor 72 may be a central processing unit CPU, or an application Specific Integrated circuit asic, or one or more Integrated circuits configured to implement the terminal authentication method of the present disclosure.
In one embodiment, the present disclosure provides a computer-readable storage medium storing computer instructions that, when executed by a processor, implement a method as in any one of the above embodiments.
The terminal authentication method, the network side device and the storage medium in the embodiment can distinguish the industry slicing authority of the user through the algorithm and the protocol of the customized secondary authentication of the user, combine different slicing service requirements to correspond to different network system protection levels to define an identity authentication mechanism, enhance the protection capability of the network system, and have the characteristics of flexible deployment of the industry slicing service, various user requirements and the like; the protection capability of a network system is enhanced, the network slice-based end-to-end network access is provided for users more safely and reliably, and the autonomous controllable secondary identity authentication function can be realized.
The method and system of the present disclosure may be implemented in a number of ways. For example, the methods and systems of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
The description of the present disclosure has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the disclosure in the form disclosed. Many modifications and variations will be apparent to practitioners skilled in this art. The embodiment was chosen and described in order to best explain the principles of the disclosure and the practical application, and to enable others of ordinary skill in the art to understand the disclosure for various embodiments with various modifications as are suited to the particular use contemplated.

Claims (18)

1. A terminal authentication method includes:
the network side equipment receives a second identity authentication request sent by a terminal APP and judges whether an authentication customization strategy corresponding to the terminal APP is set;
after the terminal passes the first identity authentication and is attached to a target network, the terminal APP sends the second identity authentication request;
if so, the network side equipment performs second identity authentication on the terminal APP based on the authentication customization strategy;
if not, the network side equipment carries out second identity authentication on the terminal APP based on an authentication default strategy;
and the network side equipment allocates resources for the terminal APP based on the second identity authentication result.
2. The method of claim 1, the authenticating the customized policy comprising: first characteristic information; the network side equipment carries out second identity authentication on the terminal APP based on the authentication customization strategy, and the second identity authentication comprises the following steps:
the network side equipment acquires first characteristic information corresponding to the terminal APP;
the network side equipment extracts second characteristic information from the second identity authentication request, and matches the first characteristic information with the second characteristic information;
and the network side equipment judges whether the second identity authentication is successful according to the matching result.
3. The method of claim 2, the authenticating the customized policy comprising: network slice allocation information; the network side equipment allocates resources for the terminal APP based on the second identity authentication result, and the allocating comprises:
if the matching result is judged to be successful, the network side equipment acquires network slice distribution information corresponding to the APP of the terminal;
and the network side equipment allocates the corresponding network slice for the terminal APP based on the network slice allocation information.
4. The method of claim 3, further comprising:
the network side equipment receives a new slice adding request or a slice permission modification request sent by the terminal APP;
the network side equipment extracts third characteristic information from the newly added slice request or the slice permission modification request, and matches the first characteristic information with the third characteristic information;
and if the matching result is judged to be successful, the network side equipment carries out corresponding processing according to the newly added slice request or the slice permission modification request.
5. The method of claim 2, wherein,
the first feature information and the second feature information include: fingerprint, iris, voice, identification card information.
6. The method of claim 1, the authenticating the default policy comprising: a first username and a first password; the network side equipment carries out second identity authentication on the terminal APP based on the authentication default strategy, and the second identity authentication comprises the following steps:
the network side equipment acquires a first user name and a first password corresponding to the terminal;
the network side equipment extracts a second user name and a second password from the second identity authentication request, and compares the first user name and the first password with the second user name and the second password;
and the network side equipment judges whether the second identity authentication is successful according to the comparison result.
7. The method of claim 6, wherein the allocating, by the network side device, the resource for the terminal APP based on the second identity authentication result includes:
and if the network side equipment judges that the comparison result is successful, distributing the same network slice for all the terminal APPs.
8. The method of any one of claims 1 to 7,
the network side device includes: an AAA server.
The target network includes: 5G network.
9. A network-side device, comprising:
the customized strategy judging module is used for receiving a second identity authentication request sent by a terminal APP and judging whether an authentication customized strategy corresponding to the terminal APP is set; after the terminal passes the first identity authentication and is attached to a target network, the terminal APP sends the second identity authentication request;
the first identity authentication module is used for carrying out second identity authentication on the terminal APP based on the authentication customization strategy if the terminal APP is authenticated;
the second identity authentication module is used for carrying out second identity authentication on the terminal APP based on an authentication default strategy if the terminal APP is not authenticated;
and the resource allocation module is used for allocating resources for the terminal APP based on the second identity authentication result.
10. The network side device of claim 9, the authentication customization policy comprising: first characteristic information;
the first identity authentication module is used for acquiring first feature information corresponding to the terminal APP, extracting second feature information from the second identity authentication request, and matching the first feature information with the second feature information; and judging whether the second identity authentication is successful according to the matching result.
11. The network side device of claim 10, the authentication customization policy comprising: network slice allocation information;
the resource allocation module is used for acquiring network slice allocation information corresponding to the APP of the terminal if the matching result is judged to be successful; and distributing corresponding network slices for the terminal APP based on the network slice distribution information.
12. The network-side device of claim 11, further comprising:
the resource allocation module is used for receiving a new slice request or a slice permission modification request sent by the terminal APP; extracting third characteristic information from the new slice request or the slice permission modification request, and matching the first characteristic information with the third characteristic information; and if the matching result is judged to be successful, performing corresponding processing according to the newly added slice request or the slice permission modification request.
13. The network-side device of claim 10,
the first feature information and the second feature information include: fingerprint, iris, voice, identification card information.
14. The network side device of claim 9, the authentication default policy comprising: a first username and a first password;
the second identity authentication module is used for acquiring a first username and a first password corresponding to the terminal; extracting a second user name and a second password from the second identity authentication request, and comparing the first user name and the first password with the second user name and the second password; and judging whether the second identity authentication is successful according to the comparison result.
15. The network-side device of claim 14,
and the resource allocation module is used for allocating the same network slice for all the terminal APPs if the network side equipment judges that the comparison result is successful.
16. The network-side device of any one of claims 9 to 15,
the network side device includes: an AAA server.
The target network includes: 5G network.
17. A network-side device, comprising:
a memory; and a processor coupled to the memory, the processor configured to perform the method of any of claims 1-8 based on instructions stored in the memory.
18. A computer-readable storage medium having stored thereon computer instructions for execution by a processor of the method of any one of claims 1 to 8.
CN202111444758.0A 2021-11-30 2021-11-30 Terminal authentication method, network side device and storage medium Pending CN114040410A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111444758.0A CN114040410A (en) 2021-11-30 2021-11-30 Terminal authentication method, network side device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111444758.0A CN114040410A (en) 2021-11-30 2021-11-30 Terminal authentication method, network side device and storage medium

Publications (1)

Publication Number Publication Date
CN114040410A true CN114040410A (en) 2022-02-11

Family

ID=80139599

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111444758.0A Pending CN114040410A (en) 2021-11-30 2021-11-30 Terminal authentication method, network side device and storage medium

Country Status (1)

Country Link
CN (1) CN114040410A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017133535A1 (en) * 2016-02-04 2017-08-10 中兴通讯股份有限公司 Network slice selection method, policy generation method, and network node
WO2019120696A1 (en) * 2017-12-22 2019-06-27 Deutsche Telekom Ag Techniques for establishing data communication based on user identification
US20200053083A1 (en) * 2018-08-13 2020-02-13 Lenovo (Singapore) Pte. Ltd. Network slice authentication
WO2020177523A1 (en) * 2019-03-04 2020-09-10 华为技术有限公司 Registration method and apparatus for terminal device
WO2021122644A1 (en) * 2019-12-20 2021-06-24 Thales Dis France Sa Method to facilitate user authenticating in a wireless network
WO2021179617A1 (en) * 2020-03-12 2021-09-16 华为技术有限公司 Authentication and authorization method and corresponding device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017133535A1 (en) * 2016-02-04 2017-08-10 中兴通讯股份有限公司 Network slice selection method, policy generation method, and network node
WO2019120696A1 (en) * 2017-12-22 2019-06-27 Deutsche Telekom Ag Techniques for establishing data communication based on user identification
US20200053083A1 (en) * 2018-08-13 2020-02-13 Lenovo (Singapore) Pte. Ltd. Network slice authentication
WO2020177523A1 (en) * 2019-03-04 2020-09-10 华为技术有限公司 Registration method and apparatus for terminal device
WO2021122644A1 (en) * 2019-12-20 2021-06-24 Thales Dis France Sa Method to facilitate user authenticating in a wireless network
WO2021179617A1 (en) * 2020-03-12 2021-09-16 华为技术有限公司 Authentication and authorization method and corresponding device

Similar Documents

Publication Publication Date Title
US10425818B2 (en) Enforcing service policies in embedded UICCs
US6636975B1 (en) Accessing a secure resource using certificates bound with authentication information
CN105160226B (en) User ID authentication method, device, system and smart home
US8950002B2 (en) Method and apparatus for token-based access of related resources
US8713672B2 (en) Method and apparatus for token-based context caching
US20050177724A1 (en) Authentication system and method
US20130047254A1 (en) Method and apparatus for token-based transaction tagging
CN105553928B (en) Communication method, device and system based on biological feature recognition
US7814330B2 (en) Method and apparatus for facilitating multi-level computer system authentication
US8458781B2 (en) Method and apparatus for token-based attribute aggregation
CN110009776B (en) Identity authentication method and device
US8474056B2 (en) Method and apparatus for token-based virtual machine recycling
CN108429879B (en) Electronic apparatus, camera control method, camera control apparatus, and computer-readable storage medium
US8726361B2 (en) Method and apparatus for token-based attribute abstraction
US9361443B2 (en) Method and apparatus for token-based combining of authentication methods
CN107358118B (en) SFS access control method and system, SFS and terminal equipment
CN105722084A (en) Authentication method based on embedded subscriber identity module, and terminal
CN112671534B (en) Service key management method, service terminal and system based on biological characteristics
US8752143B2 (en) Method and apparatus for token-based reassignment of privileges
CN110516427B (en) Terminal user identity authentication method and device, storage medium and computer equipment
CN112464213A (en) Operating system access control method, device, equipment and storage medium
CN114040410A (en) Terminal authentication method, network side device and storage medium
CN103685134A (en) WLAN (Wireless Local Area Network) resource access control method and WLAN resource access control device
US20220394042A1 (en) Protecting physical locations with continuous multi-factor authentication systems
US8789143B2 (en) Method and apparatus for token-based conditioning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination