CN114301662B - Method, device, equipment and medium for requesting producer network function service - Google Patents
Method, device, equipment and medium for requesting producer network function service Download PDFInfo
- Publication number
- CN114301662B CN114301662B CN202111614414.XA CN202111614414A CN114301662B CN 114301662 B CN114301662 B CN 114301662B CN 202111614414 A CN202111614414 A CN 202111614414A CN 114301662 B CN114301662 B CN 114301662B
- Authority
- CN
- China
- Prior art keywords
- network
- function
- network function
- consumer
- warehousing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000012795 verification Methods 0.000 claims abstract description 15
- 230000006870 function Effects 0.000 claims description 547
- 238000002360 preparation method Methods 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 3
- 239000003550 marker Substances 0.000 claims 1
- 238000005242 forging Methods 0.000 abstract description 3
- 238000010295 mobile communication Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 2
- 230000002708 enhancing effect Effects 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Abstract
The disclosure provides a method, a device, equipment and a medium for requesting a producer network function service, and relates to the technical field of mobile communication security. The method for requesting the producer network function service enables the consumer network function to check whether the network function set is registered in the network storage function; if not, the consumer network function firstly uses the network function set certificate and the network storage function to perform mutual identity authentication, after the authentication is successful, the consumer network function represents the network function set to register to the network storage function and submits a network function list contained in the network function set to the network storage function, and then uses the network function certificate and the network storage function to perform mutual identity authentication; if registered, the consumer network function uses the network function certificate to perform mutual identity authentication with the network storage function. Thus, the verification of the network function set can be greatly enhanced, and the network function set which an unauthorized person belongs to can be effectively prevented from forging.
Description
Technical Field
The present disclosure relates to the field of mobile communications security technologies, and in particular, to a method, an apparatus, a device, and a medium for requesting a producer network function service.
Background
Currently, the 3GPP (third generation partnership project) related technology introduces the concept of a network function set (NF set), and each Network Function (NF) in the same network function set shares a content context. The original access token of the 3GPP is applied by taking the consumer network function as a unit, and the related technology proposes a scheme of applying the access token by taking the consumer network function set as a unit. However, the scheme has the problem that verification of the network function set to which the consumer network function belongs is insufficient, and the malicious network function can forge the network function set to which the malicious network function belongs to apply for the token of the network function set in an imposter manner, so that the service provided by the producer is used by using the access token, and the security of the network is affected.
It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the present disclosure and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The present disclosure aims to provide a method, an apparatus, a device and a medium for requesting a network function service of a producer, at least to some extent, overcome the problem that the network security is affected by using a service provided by the producer with an access token due to insufficient verification of a network function set to which a consumer network function belongs and easy occurrence of malicious network function impossibly applying for a token of the network function set.
Other features and advantages of the present disclosure will be apparent from the following detailed description, or may be learned in part by the practice of the disclosure.
According to one aspect of the present disclosure, there is provided a method of requesting a producer network function service, comprising:
the consumer network function checks whether the network function set is registered with the network warehousing function;
if not, the consumer network function firstly uses the network function set certificate and the network storage function to perform mutual identity authentication, after the authentication is successful, the consumer network function represents the network function set to register to the network storage function and submits a network function list contained in the network function set to the network storage function, and then uses the network function certificate and the network storage function to perform mutual identity authentication;
if registered, the consumer network function uses the network function certificate to perform mutual identity authentication with the network storage function.
In one embodiment of the present disclosure, the method of the consumer network function to access the producer network function further comprises:
after the authentication of the network function certificate and the network warehousing function is successful, the consumer network function carries a network function identifier and a network function set identifier to apply a token to the network warehousing function;
the network warehousing function checks to see if the consumer network function belongs to the list of network functions contained by the network function set,
if not, the network warehousing function does not issue a network function set access token to the consumer network function, and requests the service termination of the producer network function;
if yes, the network storage function issues a network function set access token to the consumer network function, and the consumer network function carries the access token to request the service of the producer network function.
In one embodiment of the present disclosure, the method of the consumer network function to the producer network function further comprises a preparing step comprising:
adding a flag bit of whether the network function set is registered in the network warehousing function in the content context of the network function set, and adding a network function list;
applying for a digital certificate for the network function set, and writing the digital certificate and a secret key corresponding to the digital certificate into the content context of the network function set;
and marking the network function set not registered with the network warehousing function in the marking bit, and filling the application instance identifier of the network function into a network function list.
In one embodiment of the present disclosure, if the set of network functions is not registered with the network warehousing function, and after the consumer network function registers with the network warehousing function on behalf of the set of network functions, the consumer network function marks the set of network functions as registered with the network warehousing function.
In one embodiment of the present disclosure,
if the network function set is registered in the network warehousing function, marking 1 by the marking bit;
and if the network function set is not registered in the network warehousing function, marking 0 by the marking bit.
In one embodiment of the present disclosure, the method of the consumer network function to access the producer network function further comprises:
the consumer network function checks to see if there is already an access token required to access the producer network function,
if so, the consumer network function requests the producer network function's service with an access token,
if not, the step of entering the consumer network function to check whether the network function set is registered in the network warehousing function.
According to another aspect of the present disclosure, there is provided an apparatus for requesting a producer network function service, comprising:
a preparation module for adding a flag bit of whether the network function set is registered in the network warehousing function in the content context of the network function set, and adding a network function list; the method comprises the steps of applying for a digital certificate for a network function set, and writing the digital certificate and a secret key corresponding to the digital certificate into a content context of the network function set; the method comprises the steps of marking a network function set to be unregistered with a network warehousing function in the marking bit, and filling an application instance identifier of the network function into a network function list;
the registration module is used for the consumer network function to perform mutual identity authentication with the network storage function by using the network function set certificate; the consumer network function representative network function set is used for registering with the network storage function after the authentication is successful and submitting a network function list contained in the network function set to the network storage function; the network function certificate is used for carrying out mutual identity authentication on the consumer network function and the network storage function; the method comprises the steps of marking a network function set to be registered with a network warehousing function in the marking position; and
the verification module is used for applying tokens to the network warehousing function by carrying the network function identification and the network function set identification by the consumer network function after the authentication of the network function certificate and the network warehousing function is successful; for the network warehousing function to see if the consumer network function belongs to the list of network functions contained by the network function set,
if not, the network warehousing function does not issue a network function set access token to the consumer network function, requests service termination of the producer network function,
if yes, the network storage function issues a network function set access token to the consumer network function, and the consumer network function carries the access token to request the service of the producer network function.
In one embodiment of the present disclosure,
if the network function set is registered in the network warehousing function, marking 1 by the marking bit;
and if the network function set is not registered in the network warehousing function, marking 0 by the marking bit.
According to still another aspect of the present disclosure, there is provided an electronic apparatus including:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform any of the above-described methods of requesting producer network function services via execution of the executable instructions.
According to yet another aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method of requesting a producer network function service as described in any of the above.
The method for requesting the producer network function service provided by the embodiment of the disclosure can realize mutual identity authentication between the network function set certificate of the consumer network function and the network warehousing function, register the consumer network function representative network function set to the network warehousing function after the authentication is successful, and submit the network function list contained in the network function set to the network warehousing function, so that the network function set which is forged by an unauthorized person can be effectively prevented.
Further, in the method for requesting the network function service of the producer provided in this embodiment, when the members included in the network function set change, the network function set certificate does not need to be applied again, and only one network function representative network function set is required to register with the network storage function, and all network functions are not required to register with the network storage function, so that convenience can be greatly improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure. It will be apparent to those of ordinary skill in the art that the drawings in the following description are merely examples of the disclosure and that other drawings may be derived from them without undue effort.
FIG. 1 illustrates a schematic diagram of a method of requesting producer network function services in an embodiment of the present disclosure;
FIG. 2 illustrates another diagram of a method of requesting producer network function services in an embodiment of the present disclosure;
FIG. 3 illustrates another schematic diagram of a method of requesting producer network function services in an embodiment of the present disclosure;
FIG. 4 illustrates another diagram of a method of requesting producer network function services in an embodiment of the present disclosure;
FIG. 5 illustrates another diagram of a method of requesting producer network function services in an embodiment of the present disclosure;
FIG. 6 illustrates a schematic diagram of an apparatus for requesting a producer network function service in an embodiment of the present disclosure;
FIG. 7 illustrates another schematic diagram of an apparatus for requesting a producer network function service in an embodiment of the present disclosure; and
fig. 8 shows a block diagram of a computer device requesting a producer network function service in an embodiment of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in software or in one or more hardware modules or integrated circuits or in different networks and/or processor devices and/or microcontroller devices.
According to the scheme provided by the application, the mutual identity authentication is performed between the network function set (NF set) certificate and the network warehousing function (NRF) through the network function set (NF) of the consumer, the consumer network function registers with the network warehousing function on behalf of the network function set after the authentication is successful, and the network function list contained in the network function set is submitted to the network warehousing function, so that the network function set which the unauthorized person belongs to can be effectively prevented from forging. For ease of understanding, several terms referred to in this application are first explained below.
Network Function (NF).
Network function set (Network Function set, NF set).
Network storage functions (Network Repository Function, NRF).
Network Function identification (NF ID).
Network Function set identification (NF set ID).
The scheme provided by the embodiment of the application relates to a mobile communication security technology, and is specifically described by the following embodiments:
as shown in fig. 1, the present embodiment provides a method for requesting a producer network function service, which prevents an unauthorized person from forging a network function set to which the producer network function service belongs by:
s101: the consumer network function checks whether the network function set is registered with the network warehousing function;
S102:
if not, the consumer network function firstly uses the network function set certificate and the network storage function to perform mutual identity authentication, after the authentication is successful, the consumer network function registers the network function set to the network storage function and submits a network function list contained in the network function set to the network storage function, and then uses the network function certificate and the network storage function to perform mutual identity authentication.
If registered, the consumer network function directly uses the network function certificate to perform mutual identity authentication with the network storage function.
In addition, after the authentication of the network function certificate for the consumer network function and the network warehousing function is successful (after step S102), the method further comprises the following steps:
the consumer network function carries a network function identifier and a network function set identifier to apply for a token to the network warehousing function;
the network warehousing function checks to see if the consumer network function belongs to the list of network functions contained by the network function set,
if not, the network warehousing function does not issue a network function set access token to the consumer network function, and requests the service termination of the producer network function;
if yes, the network storage function issues a network function set access token to the consumer network function, and the consumer network function carries the access token to request the service of the producer network function.
Through the steps, the method for requesting the network function service of the producer provided by the embodiment can realize mutual identity authentication between the network function set certificate and the network warehousing function, and after the authentication is successful, the consumer network function registers with the network warehousing function on behalf of the network function set and submits the network function list contained in the network function set to the network warehousing function, so that the authentication of the network function set of the consumer network function is greatly enhanced, and the network function set of the consumer network function set is effectively prevented from being forged by an unauthorized person.
The process of enhancing the verification is described below by specific embodiments and procedures:
as shown in fig. 2, the present embodiment provides a method for requesting a producer network function service, including:
s201: a preparation step;
s202: a registration step;
s203: a verification step; and
s204: an access step.
The method comprises the following steps:
as shown in fig. 2 and 3, the preparation step S201 specifically further includes the following steps:
s11: the method comprises the steps of adding a flag bit for whether the network function set is registered in the network storage function in the content context of the network function set, and adding a network function list.
S12: applying for the digital certificate for the network function set, and writing the digital certificate and a key corresponding to the digital certificate into a content context of the network function set.
S13: and setting a flag bit of whether the network function set is registered in the network warehousing function to 0, and filling an application instance identifier (instance id) of the network function into a network function list.
In the above step, in step S13, the flag bit of whether the network function set is registered in the network warehousing function is set to 0, and 0 indicates that the above flag bit marks that the network function set is not registered in the network warehousing function.
As shown in fig. 2 and fig. 4, in this embodiment, the step of S202 of registration specifically further includes the following steps:
s21: a certain network function in the network function set is taken as a consumer to access the service provided by the producer network function;
s22: the consumer network function checks to see if there is an access token required to access the producer network function;
S23:
if the access token required by the access producer network function exists, directly entering into step S204, wherein the consumer network function requests the service of the producer network function by carrying the access token;
if the access token required by the producer network function is not accessed, the consumer network function checks whether the flag bit of the network function set registered in the network storage function is 1;
S24:
if the flag bit is 1, then enter S203 to verify the step;
if the flag bit is 0, the consumer network function uses the network function set certificate and the network storage function to perform mutual identity authentication;
s25: after the network function set certificate and the network storage function authentication of the consumer network function are successful, the consumer network function registers the network storage function on behalf of the network function set, and submits a network function list contained in the network function set to the network storage function.
S26: after the consumer network function registers with the network warehousing function on behalf of the network function set, the consumer network function sets a flag bit for the network function set registered with the network warehousing function to 1.
In the above steps, 1 indicates that the above flag bit flag network function set is registered with the network warehousing function in step S23, step S24, and step S26.
As shown in fig. 2 and 5, in this embodiment, the step S203 of verifying specifically further includes the following steps:
s31: the consumer network function uses the network function certificate and the network storage function to perform mutual identity authentication;
s32: after the mutual identity authentication of the consumer network function and the network warehousing function is successful, the consumer network function carries a network function identifier (NF ID) and a network function set identifier (NF set ID) to apply for a token to the network warehousing function, and the network warehousing function verifies whether the network function set has the right to access the service of the producer;
s33: the network storage function checks whether the consumer network function belongs to a network function list contained in the network function set;
S34:
if the consumer network function belongs to the network function list contained in the network function set, the network storage function issues a network function set access token to the consumer network function;
if the consumer network function does not belong to the network function list contained by the network function set, the network warehousing function does not issue a network function set access token to the consumer network function requesting service termination of the producer network function.
In this embodiment, the accessing step S204 specifically includes: the consumer network function carries an access token requesting the services of the producer network function.
In this embodiment, the flag bit indicates that the network function set is not registered with the network warehousing function by 0, and the flag bit indicates that the network function set is registered with the network warehousing function by 1. Of course, in another embodiment, the flag bit may use other symbols or numbers to indicate whether the network function set is registered with the network warehousing function, which will not be described herein.
The method for requesting the network function service of the producer can realize mutual identity authentication between the network function set certificate of the consumer network function and the network warehousing function, register the consumer network function representative network function set to the network warehousing function after the authentication is successful, and submit the network function list contained in the network function set to the network warehousing function, so that the verification of the network function set can be greatly enhanced, and the network function set which is the network function set is effectively prevented from being forged by an unauthorized person.
In addition, it should be noted that, in the method for requesting the network function service of the producer provided in this embodiment, when the member included in the network function set changes, it is not necessary to apply for the network function set certificate again, and only one network function representative network function set is required to register with the network warehousing function, and all network functions are not required to register with the network warehousing function, so that convenience can be greatly improved.
In the present exemplary embodiment, according to the above-described method for requesting a producer network function service, there is also provided an apparatus for requesting a producer network function service, and an apparatus for requesting a producer network function service according to the present invention will be described with reference to fig. 6 and 7.
As shown in fig. 6, an apparatus 6 for requesting a network function service of a producer provided in this embodiment includes a preparation module 601, a registration module 602, and a verification module 603.
The preparation module 601 is configured to add a flag bit for whether the network function set is registered in the network repository function in the content context of the network function set, and add a network function list. The preparation module 601 can also be used to apply for a digital certificate for a network function set and write the digital certificate and a key corresponding to the digital certificate into the content context of the network function set. The preparation module 601 is further operable to mark in a marking bit that the set of network functions is not registered with the network warehousing function and to populate the network function list with application instance identifications of the network functions.
The registration module 602 is used for the consumer network function to perform mutual identity authentication with the network storage function by using the network function set certificate. The registration module 602 can also be configured to register the consumer network function with the network warehousing function on behalf of the network function set and submit a list of network functions contained in the network function set to the network warehousing function after authentication is successful. Registration module 602 can also be used for mutual authentication of the consumer network function with the network function certificate and the network warehousing function. The registration module 602 can also be used to mark that the network function set has been registered with the network warehousing function at a marking bit.
The verification module 603 is configured to apply for a token to the network warehousing function by carrying the network function identifier and the network function set identifier by the consumer network function after the authentication of the network function certificate and the network warehousing function by the consumer network function is successful. The verification module 603 can also be used for the network warehousing function to check whether the consumer network function belongs to a network function list contained in the network function set; if the consumer network function does not belong to the network function list contained in the network function set, the network storage function does not issue a network function set access token to the consumer network function, and requests the service termination of the producer network function; if the consumer network function belongs to a network function list contained in the network function set, the network warehousing function issues a network function set access token to the consumer network function, and the consumer network function carries the access token to request services of the producer network function.
As shown in fig. 7, the apparatus 7 for requesting a network function service of a producer further includes a preparation module 701, a registration module 702, a verification module 703, and an access module 704.
The verification module 703 is configured to apply a token to the network warehousing function with the network function identifier and the network function set identifier carried by the consumer network function after the authentication of the network function certificate and the network warehousing function is successful. The verification module 703 can also be used for the network warehousing function to see if the consumer network function belongs to a network function list contained in the network function set; if the consumer network function does not belong to the network function list contained in the network function set, the network storage function does not issue a network function set access token to the consumer network function, and requests the service termination of the producer network function; if the consumer network function belongs to a network function list contained by the network function set, the network warehousing function issues a network function set access token to the consumer network function.
The access module 704 is configured to allow the consumer network function, which carries the token required to access the producer network function, to access the producer network function.
In addition, the preparation module 701 and the registration module 702 in this embodiment are the same as the preparation module 601 and the registration module 602 in the above embodiment, and are not described here again.
It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
In an exemplary embodiment of the present disclosure, an electronic device capable of implementing the above method is also provided.
Those skilled in the art will appreciate that the various aspects of the invention may be implemented as a system, method, or program product. Accordingly, aspects of the invention may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" system.
An electronic device 800 according to such an embodiment of the invention is described below with reference to fig. 7. The electronic device 800 shown in fig. 8 is merely an example and should not be construed as limiting the functionality and scope of use of embodiments of the present invention.
As shown in fig. 8, the electronic device 800 is embodied in the form of a general purpose computing device. Components of electronic device 800 may include, but are not limited to: the at least one processing unit 810, the at least one memory unit 820, and a bus 830 connecting the various system components, including the memory unit 820 and the processing unit 810.
Wherein the storage unit stores program code that is executable by the processing unit 810 such that the processing unit 810 performs steps according to various exemplary embodiments of the present invention described in the above section of the "exemplary method" of the present specification. For example, the processing unit 810 may perform the S201 preparation step, S202 registration step, S203 verification step, and S204 access step as shown in fig. 1.
The storage unit 820 may include readable media in the form of volatile storage units, such as Random Access Memory (RAM) 8201 and/or cache memory 8202, and may further include Read Only Memory (ROM) 8203.
Storage unit 820 may also include a program/utility 8204 having a set (at least one) of program modules 8205, such program modules 8205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 830 may be one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 800 may also communicate with one or more external devices 900 (e.g., keyboard, pointing device, bluetooth device, etc.), one or more devices that enable a user to interact with the electronic device 600, and/or any device (e.g., router, modem, etc.) that enables the electronic device 800 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 650. Also, electronic device 800 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 860. As shown, network adapter 860 communicates with other modules of electronic device 800 over bus 830. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 600, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a terminal device, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, a computer-readable storage medium having stored thereon a program product capable of implementing the method described above in the present specification is also provided. In some possible embodiments, the various aspects of the invention may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps according to the various exemplary embodiments of the invention as described in the "exemplary methods" section of this specification, when said program product is run on the terminal device.
A program product for implementing the above method according to an embodiment of the present invention is described, which may employ a portable compact disc read-only memory (CD-ROM) and comprise program code and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable signal medium may include a data signal propagated in baseband or as part of a carrier wave with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
Furthermore, although the steps of the methods in the present disclosure are depicted in a particular order in the drawings, this does not require or imply that the steps must be performed in that particular order or that all illustrated steps be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform, etc.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
Claims (9)
1. A method for requesting a producer network function service, comprising:
the consumer network function checks whether the network function set is registered with the network warehousing function;
if not, the consumer network function firstly uses the network function set certificate and the network storage function to perform mutual identity authentication, after the authentication is successful, the consumer network function represents the network function set to register to the network storage function and submits a network function list contained in the network function set to the network storage function, and then uses the network function certificate and the network storage function to perform mutual identity authentication;
if registered, the consumer network function uses the network function certificate to perform mutual identity authentication with the network storage function;
after the authentication of the network function certificate and the network warehousing function is successful, the consumer network function carries a network function identifier and a network function set identifier to apply a token to the network warehousing function;
the network storage function checks whether the consumer network function belongs to a network function list contained in the network function set;
if not, the network warehousing function does not issue a network function set access token to the consumer network function, and requests the service termination of the producer network function;
if yes, the network storage function issues a network function set access token to the consumer network function, and the consumer network function carries the access token to request the service of the producer network function.
2. The method of requesting a producer network function service of claim 1, wherein the method of the consumer network function accessing the producer network function further comprises a preparing step comprising:
adding a flag bit of whether the network function set is registered in the network warehousing function in the content context of the network function set, and adding a network function list;
applying for a digital certificate for the network function set, and writing the digital certificate and a secret key corresponding to the digital certificate into the content context of the network function set;
and marking the network function set not registered with the network warehousing function in the marking bit, and filling the application instance identifier of the network function into a network function list.
3. The method of claim 2, wherein if the set of network functions is not registered with the network warehousing function, and wherein after the set of consumer network functions registers with the network warehousing function on behalf of the set of network functions, the consumer network function marks the set of marker bits as registered with the network warehousing function.
4. A method for requesting a producer network function service according to claim 2 or 3,
if the network function set is registered in the network warehousing function, marking 1 by the marking bit;
and if the network function set is not registered in the network warehousing function, marking 0 by the marking bit.
5. The method of requesting a producer network function service of claim 1, wherein the method of a consumer network function accessing the producer network function further comprises:
the consumer network function checks to see if there is already an access token required to access the producer network function,
if so, the consumer network function requests the producer network function's service with an access token,
if not, the step of entering the consumer network function to check whether the network function set is registered in the network warehousing function.
6. An apparatus for requesting a producer network function service, comprising:
a preparation module (601) for adding a flag bit of whether the network function set is registered in the network warehousing function in the content context of the network function set, and adding a network function list; the method comprises the steps of applying for a digital certificate for a network function set, and writing the digital certificate and a secret key corresponding to the digital certificate into a content context of the network function set; the method comprises the steps of marking a network function set to be unregistered with a network warehousing function in the marking bit, and filling an application instance identifier of the network function into a network function list;
a registration module (602) for the consumer network function to perform mutual identity authentication with the network function set certificate and the network storage function; the consumer network function representative network function set is used for registering with the network storage function after the authentication is successful and submitting a network function list contained in the network function set to the network storage function; the network function certificate is used for carrying out mutual identity authentication on the consumer network function and the network storage function; the method comprises the steps of marking a network function set to be registered with a network warehousing function in the marking position; and
the verification module (603) is used for applying tokens to the network warehousing function by carrying the network function identification and the network function set identification by the consumer network function after the authentication of the network function certificate and the network warehousing function is successful; for the network warehousing function to see if the consumer network function belongs to the list of network functions contained by the network function set,
if not, the network warehousing function does not issue a network function set access token to the consumer network function, requests service termination of the producer network function,
if yes, the network storage function issues a network function set access token to the consumer network function, and the consumer network function carries the access token to request the service of the producer network function.
7. The apparatus for requesting a producer network function service of claim 6,
if the network function set is registered in the network warehousing function, marking 1 by the marking bit;
and if the network function set is not registered in the network warehousing function, marking 0 by the marking bit.
8. An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the method of requesting a producer network function service of any of claims 1 to 5 via execution of the executable instructions.
9. A computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the method of requesting a producer network function service of any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111614414.XA CN114301662B (en) | 2021-12-27 | 2021-12-27 | Method, device, equipment and medium for requesting producer network function service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111614414.XA CN114301662B (en) | 2021-12-27 | 2021-12-27 | Method, device, equipment and medium for requesting producer network function service |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114301662A CN114301662A (en) | 2022-04-08 |
| CN114301662B true CN114301662B (en) | 2024-02-23 |
Family
ID=80970515
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111614414.XA Active CN114301662B (en) | 2021-12-27 | 2021-12-27 | Method, device, equipment and medium for requesting producer network function service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114301662B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109688586A (en) * | 2017-10-19 | 2019-04-26 | 中兴通讯股份有限公司 | A kind of method, apparatus and computer readable storage medium of network function certification |
| CN111770122A (en) * | 2019-04-02 | 2020-10-13 | 中国移动通信有限公司研究院 | Service communication agent SCP registration method, service calling method and network equipment |
| WO2021240055A1 (en) * | 2020-05-25 | 2021-12-02 | Nokia Technologies Oy | Enhanced authorization in communication networks |
-
2021
- 2021-12-27 CN CN202111614414.XA patent/CN114301662B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109688586A (en) * | 2017-10-19 | 2019-04-26 | 中兴通讯股份有限公司 | A kind of method, apparatus and computer readable storage medium of network function certification |
| CN111770122A (en) * | 2019-04-02 | 2020-10-13 | 中国移动通信有限公司研究院 | Service communication agent SCP registration method, service calling method and network equipment |
| WO2021240055A1 (en) * | 2020-05-25 | 2021-12-02 | Nokia Technologies Oy | Enhanced authorization in communication networks |
Non-Patent Citations (1)
| Title |
|---|
| Access token request for NF Set – RFC clarification;Nokia 等;3GPP TSG-SA3 Meeting #104-e draft_S3-212886-r5;20210827;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114301662A (en) | 2022-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9934014B2 (en) | Automatic purposed-application creation | |
| CN111311251B (en) | Binding processing method, device and equipment | |
| CN110521182B (en) | Method and system for protocol level identity mapping | |
| CN110826043B (en) | Digital identity application system and method, identity authentication system and method | |
| US20100325427A1 (en) | Method and apparatus for authenticating a mobile device | |
| CN110300133B (en) | Cross-domain data transmission method, device, equipment and storage medium | |
| CN112131021A (en) | Access request processing method and device | |
| CN109359449B (en) | Authentication method, device, server and storage medium based on micro service | |
| CN111917551B (en) | Handle access protection method and system based on certificateless public key | |
| CN111698312B (en) | Service processing method, device, equipment and storage medium based on open platform | |
| CN109379403B (en) | Control method and device of Internet of things equipment, server and terminal equipment | |
| WO2021247356A1 (en) | Systems and methods of account verification upgrade | |
| WO2023241060A1 (en) | Data access method and apparatus | |
| CN111245811A (en) | Information encryption method and device and electronic equipment | |
| CN110719590B (en) | One-key login method, device, equipment and storage medium based on mobile phone number | |
| CN111404706A (en) | Application downloading method, secure element, client device and service management device | |
| CN114301662B (en) | Method, device, equipment and medium for requesting producer network function service | |
| US20210076215A1 (en) | Scalable public key identification model | |
| CN112187786B (en) | Service processing method, device, server and storage medium for network service | |
| CN114443525B (en) | Data processing system, method, electronic equipment and storage medium | |
| CN113934554A (en) | RPC cross-language communication method and device, storage medium and electronic equipment | |
| CN114186994A (en) | Method, terminal and system for using digital currency wallet application | |
| CN115086428A (en) | Network request sending method and device and electronic equipment | |
| CN116319070B (en) | Industrial Internet identification analysis system, method, electronic equipment and storage medium | |
| CN108958771A (en) | Update method, device, server and the storage medium of application program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |