CN115589589A - PNI-NPN-based 5G private network construction method and device - Google Patents

PNI-NPN-based 5G private network construction method and device Download PDF

Info

Publication number
CN115589589A
CN115589589A CN202211144359.7A CN202211144359A CN115589589A CN 115589589 A CN115589589 A CN 115589589A CN 202211144359 A CN202211144359 A CN 202211144359A CN 115589589 A CN115589589 A CN 115589589A
Authority
CN
China
Prior art keywords
network
identification information
access
cag
user equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211144359.7A
Other languages
Chinese (zh)
Inventor
梁健堂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202211144359.7A priority Critical patent/CN115589589A/en
Publication of CN115589589A publication Critical patent/CN115589589A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/088Access security using filters or firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W16/00Network planning, e.g. coverage or traffic planning tools; Network deployment, e.g. resource partitioning or cells structures
    • H04W16/18Network planning tools

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application provides a method and a device for constructing a 5G private network based on PNI-NPN; when user equipment accesses a site, receiving network access information sent by the site, wherein the network access information comprises site identification information, user equipment identification information and protected CAG identification information; according to the network access information, allowing or refusing the user equipment to access the network; only the allowed user equipment can access the network to realize the network isolation function.

Description

PNI-NPN-based 5G private network construction method and device
Technical Field
The embodiment of the application relates to but is not limited to the technical field of communication, in particular to a PNI-NPN-based 5G private network construction method and device.
Background
In the construction of the 5G private network, enterprises put high requirements on network security, wherein isolation of the private network is mainly included. A common network isolation scheme is physical isolation, which needs isolation depending on a PLMN or a slice. However, the current situation is limited in that the terminal cannot preset the slice ID, and basically, PLMN isolation is adopted, and different private networks are required to use different PLMNs through PLMN isolation, which increases resource consumption of the PLMN of the operator. How to achieve efficient, secure and low-cost network isolation is a difficult problem that must be faced.
Disclosure of Invention
The following is a summary of the subject matter described in detail herein. This summary is not intended to limit the scope of the claims.
The embodiment of the application provides a PNI-NPN-based 5G private network construction method and device, so that only allowed user equipment can access the network, and the network isolation function is realized.
In a first aspect of the present application, a PNI-NPN based 5G private network construction method includes:
constructing a network based on PNI-NPN;
when user equipment accesses a site, receiving network access information sent by the site, wherein the network access information comprises site identification information, user equipment identification information and protected CAG identification information;
and allowing or refusing the user equipment to access the network according to the network access information.
In certain embodiments of the first aspect of the present application, the protected CAG identification information comprises CAG identification information; before the step of allowing or denying the user equipment to access the network according to the network access information, the network access method further comprises:
and un-hiding the protected CAG identification information to determine CAG identification information.
In certain embodiments of the first aspect of the present application, the allowing or denying the user equipment to access the network according to the network access information includes:
when the network access information meets the preset access condition, allowing the user equipment to access the network;
and when the network access information does not meet the preset access condition, rejecting the user equipment to access the network.
In certain embodiments of the first aspect of the present application, the access condition comprises:
the station identification information is positioned in a preset station list;
the user equipment identification information is positioned in a preset user equipment list;
the CAG identification information indicates that access to a CAG cell is allowed.
In certain embodiments of the first aspect of the present application, the protected CAG identification information is generated according to the steps of:
generating a key stream according to the random code and the SUPI as a key of a symmetric encryption algorithm;
and generating the protected CAG identification information according to the key stream and the CAG identification information.
In a second aspect of the present application, a PNI-NPN based 5G private network construction apparatus includes:
an information receiving unit, configured to receive network access information sent by a station under a condition that a user equipment is accessed, where the network access information includes station identification information, user equipment identification information, and protected CAG identification information;
the information processing unit is used for allowing or refusing the user equipment to access the network according to the network access information;
wherein the network is a 5G private network constructed based on PNI-NPN.
In certain embodiments of the second aspect of the present application, the network access device further comprises a de-protection unit configured to un-hide the protected CAG identification information to determine CAG identification information.
In certain embodiments of the second aspect of the present application, the information processing unit is configured to: when the network access information meets the preset access condition, allowing the user equipment to access the network; and when the network access information does not meet the preset access condition, rejecting the user equipment to access the network.
In certain embodiments of the second aspect of the present application, the access conditions include: the station identification information is positioned in a preset station list; the user equipment identification information is positioned in a preset user equipment list; the CAG identification information indicates that access to a CAG cell is allowed.
In certain embodiments of the second aspect of the present application, the apparatus further comprises an identity generation unit comprising a first generation submodule for generating a keystream from a key of a symmetric encryption algorithm based on a random code and SUPI, and a second generation submodule for generating the protected CAG identity information from the keystream and the CAG identity information.
The embodiment of the application comprises the following steps: when user equipment accesses a site, receiving network access information sent by the site, wherein the network access information comprises site identification information, user equipment identification information and protected CAG identification information; according to the network access information, allowing or refusing the user equipment to access the network; privacy exposure that can be used to prevent user equipment from accessing a public network integrated non-public network using a CAG cell, and also to prevent identifying a group of UEs accessing NPN via a CAG cell; the problem that the CAG identification information is sent in a clear text format in the air is solved, and the CAG identification information sent in the air is protected through the protected CAG identification information so as to prohibit a man-in-the-middle attacker from identifying an NPN/CAG cell which the user equipment tries to access.
Drawings
The accompanying drawings are included to provide a further understanding of the claimed subject matter and are incorporated in and constitute a part of this specification, illustrate embodiments of the subject matter and together with the description serve to explain the principles of the subject matter and not to limit the subject matter.
FIG. 1 is a schematic diagram of a PNI-NPN network;
FIG. 2 is a step diagram of a PNI-NPN-based 5G private network construction method provided by an embodiment of the present application;
FIG. 3 is a diagram of the substeps of step S320;
fig. 4 is a structural diagram of a PNI-NPN based 5G private network construction device provided in an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
It should be noted that although functional blocks are partitioned in a schematic diagram of an apparatus and a logical order is shown in a flowchart, in some cases, the steps shown or described may be performed in a different order than the partitioning of blocks in the apparatus or the order in the flowchart. The terms "first," "second," and the like in the description, in the claims, or in the drawings described above, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
The embodiment of the application provides a PNI-NPN-based 5G private network construction method and device, wherein when user equipment accesses a site, network access information sent by the site is received, and the network access information comprises site identification information, user equipment identification information and protected CAG identification information; according to the network access information, allowing or refusing the user equipment to access the network; can be used to prevent privacy exposure of user equipment accessing a public network integrated non-public network using a CAG cell and also to prevent identification of a group of UEs accessing NPN via a CAG cell. The problem to be solved is to transmit the CAG identification information in a clear text format over the air, and to protect the CAG identification information transmitted over the air through the protected CAG identification information so as to prohibit a man-in-the-middle attacker from identifying the NPN/CAG cell which the user equipment tries to access.
The NPN is a new characteristic introduced in the 3GPP R16 standard, and is a technology for constructing a vertical industry private network. The NPN mainly constructs a 5G private network independent of a public network through a 5G technology, and the form of the NPN can be an independent network or a sub-network belonging to a PLMN network, namely a network slice, and the NPN can be used for non-public network application scenes such as enterprise internal communication and the like. The vertical industry can construct an end-to-end 5G private network through the NPN, and private data of an enterprise is limited in the NPN, so that data security is guaranteed. Meanwhile, the NPN network architecture is the same as the PLMN network architecture, and the design can reduce the NPN network construction cost.
The third generation partnership project (3 GPP) designates public network integrated non-public networks as non-public networks (NPN) deployed with Public Land Mobile Networks (PLMNs) supporting the use of Closed Access Groups (CAG) and/or network slices. The CAG identifies a group of subscribers allowed to access one or more CAG cells. CAG is used for public network integrated non-public networks (pnipns) to prevent User Equipment (UE) from automatically selecting and registering from locations that do not provide access to the NPN or locations that do not allow the UE access to the NPN. The CAG is identified by a CAG identifier (CAG ID), which is broadcast by the CAG cell. A new generation radio access network (NG-RAN) supports broadcasting a total of twelve CAG identifiers. Furthermore, the CAG cell may additionally broadcast a human-readable network name for each CAG identifier.
Referring to fig. 1, the pni-NPN is a private network based on a 5G system architecture and deployed with a PLMN, consisting of one public network and one or more non-public network subnetworks. PNI-NPN is generally implemented by deploying a CAG (closed access groups) function, which is used to define an access area of a private network user and prevent a terminal user which is not authenticated by the NPN network from accessing an integrated NPN public network, thereby achieving private network isolation.
The PNI-NPN realizes the private network function by distributing one or more network slice entities for the 5G private network based on a PLMN or 5G network slice mode.
Based on the CAG technology, the CAG ID is used for representing the group information and the position information of the user, and the cell-level access control is carried out on the terminal accessed to the private network, so that the influence on the network is reduced. A CAG may identify a group of specific users that are allowed to access one or more CAG cells associated with the CAG. The PNI-NPN needs a CAG list control mechanism to ensure the security of private network access, and the function is mainly used for preventing the terminal user which is not authenticated by the private network from accessing the 5G private network.
The CAG scheme generally needs to broadcast a CAG ID at a wireless side, a terminal can select a corresponding access network by combining with the CAG configuration of the terminal, if the wireless side does not support the CAG which the terminal expects to access, the terminal cannot try to intervene in the cell, and the implementation mechanism has the advantage of reducing the influence on the network when an illegal user accesses. In the slicing scheme, the terminal needs to access the wireless network first, and then the core network is used to determine whether the user can access a certain slice.
The group information and the position information of the users are represented, the same enterprise users are identified by the same CAG ID, the terminals are associated with the specific enterprise network users through the CAG ID, and meanwhile, the positions are bound through the cell information broadcasted by the base station. The CAG can be determined by the PLMN ID and the CAG ID together, and the CAG enabled cell only allows the subscriber to access. When signing a CAG, a user configures two pieces of information in subscription information, namely supportable access group list information which comprises all CAG IDs that can be accessed; whether the user can access the CAG identity of the network only through the CAG cell. The user equipment configured with the CAG identification can only access the network through the CAG cell.
The adjacent parks are independent private networks; using the same PLMN as the operator public network; the CAG is used to restrict access of campus users to other neighborhoods. The CAG information supported by the designated park is broadcasted on the base station of the designated park, the CAG information corresponding to the designated park is configured at the designated user terminal, namely, only the user in the park is allowed to access the wireless network coverage area of the park, the core network performs CAG subscription on the user and determines whether the terminal can access the special network, and therefore the purpose of network isolation is achieved.
Referring to fig. 2, an embodiment of the present application provides a PNI-NPN-based 5G private network construction method, including but not limited to the following steps:
step S100, when user equipment accesses a site, receiving network access information sent by the site, wherein the network access information comprises site identification information, user equipment identification information and protected CAG identification information;
step S200, un-hiding the protected CAG identification information to determine the CAG identification information;
step S300, according to the network access information, the user equipment is allowed or refused to access the network.
For step S200, the protected CAG identification information is constructed by the user equipment using the home network public key, the protection scheme and the method for hiding the UE identifier in the SUCI. Specifically, a random value is generated; the home network provides a symmetric encryption algorithm for the user equipment so as to protect the CAG identification information in the provided allowable CAG list; generating a key stream using the random code and the SUPI as keys for a symmetric encryption algorithm; the generated keystream is exclusive-OR' ed with the CAG identification information to generate protected CAG identification information.
When the AMF of the network receives the network access information containing the protected CAG identification information, the protected CAG identification information is detected to set the CAG identification information to be in a hidden state, and the protected CAG identification information and the SUCI are forwarded to the UDM of the home network so as to hide the protected CAG identification information in a contact manner. The UDM un-hides the protected CAG identification information using the same parameters as the home network public key and protection mechanism and method used to un-hide the UE identifier in the SUCI, resulting in CAG identification information.
Referring to fig. 3, for step S300, the user equipment is allowed or denied access to the network according to the network access information, including but not limited to the following steps:
step S310, when the network access information meets the preset access condition, the user equipment is allowed to access the network;
step S320, when the network access information does not satisfy the preset access condition, rejecting the user equipment to access the network.
Specifically, the access condition includes: the site identification information is positioned in a preset site list; the user equipment identification information is positioned in a preset user equipment list; the CAG identity information indicates permission to access the CAG cell.
The method comprises the steps of storing a plurality of site identifications in a preset site list, searching the site list according to site identification information, and when the site identification information in network access information corresponds to the site identifications of the site list, locating the site identification information in the preset site list.
For example, a designated campus is provided with a site a and a site B, a site C is provided outside the campus, and site identifiers of the site a and the site B are stored in a site list. When the user equipment is located in the designated park, the user equipment is accessed to the site A or the site B, and the network access information comprises the site identification of the site A or the site B. And when the user equipment is positioned outside the designated park, the user equipment is accessed to the site C, and the network access information comprises the site identification of the site C. User devices located within the designated campus may be able to access the network and user devices located outside the designated campus may not be able to access the network.
The method comprises the steps of storing a plurality of user equipment identifications in a preset user equipment list, searching the user equipment list according to user equipment identification information, and when the user equipment identification information in network access information corresponds to the user equipment identifications, locating the user equipment identification information in the preset user equipment list.
The CAG identification information may be set to 0 or 1,. When the CAG identification information is 1, the CAG identification information indicates that the CAG cell is allowed to be accessed; when the CAG identification information is 0, the CAG identification information indicates that the access to the CAG cell is refused.
The method can be used to prevent privacy exposure of user equipment accessing a public network integrated non-public network using a CAG cell and also to prevent identification of a group of UEs accessing NPN via a CAG cell. The problem to be solved is to transmit the CAG identification information in a plain text format over the air, and to protect the CAG identification information transmitted over the air through the protected CAG identification information so as to prohibit a man-in-the-middle attacker from identifying the NPN/CAG cell to which the user equipment tries to access.
According to another embodiment of the application, a PNI-NPN-based 5G private network construction device is provided.
Referring to fig. 4, the PNI-NPN based 5G private network construction apparatus includes an information receiving unit 10 and an information processing unit 30.
The information receiving unit 10 is configured to receive network access information sent by a station under a condition that a user equipment is accessed, where the network access information includes station identification information, user equipment identification information, and protected CAG identification information; the information processing unit 30 is configured to allow or deny the user equipment to access the network according to the network access information.
In some embodiments, the network access device further comprises a deprotection unit 20, and the deprotection unit 20 is configured to unhide the protected CAG identification information to determine the CAG identification information.
The protected CAG identification information is constructed by the user equipment using the home network public key, a protection scheme and a method for hiding the UE identifier in the SUCI. Specifically, a random value is generated; the home network provides a symmetric encryption algorithm for the user equipment so as to protect the CAG identification information in the provided allowable CAG list; generating a key stream using the random code and the SUPI as keys for a symmetric encryption algorithm; the generated keystream is exclusive-ORed and/or operated with the CAG identification information to generate protected CAG identification information.
When the AMF of the network receives the network access information containing the protected CAG identification information, the protected CAG identification information is detected to set the CAG identification information to be in a hidden state, and the protected CAG identification information and the SUCI are forwarded to the UDM of the home network so as to hide the protected CAG identification information in a contact manner. The UDM un-hides the protected CAG identification information using the same parameters as the home network public key and protection mechanism and method used to un-hide the UE identifier in the sui, resulting in CAG identification information.
In some embodiments, the information processing unit is configured to: when the network access information meets the preset access condition, allowing the user equipment to access the network; and when the network access information does not meet the preset access condition, rejecting the user equipment to access the network.
Specifically, the access condition includes: the site identification information is positioned in a preset site list; the user equipment identification information is positioned in a preset user equipment list; the CAG identity information indicates permission to access the CAG cell.
And storing a plurality of site identifications in a preset site list, searching the site list according to the site identification information, and when the site identification information in the network access information corresponds to the site identification of the site list, locating the site identification information in the preset site list.
For example, a site a and a site B are set in a designated campus, a site C is set outside the campus, and site identifiers of the site a and the site B are stored in a site list. When the user equipment is located in the designated park, the user equipment is accessed to the site A or the site B, and the network access information comprises the site identification of the site A or the site B. And when the user equipment is positioned outside the designated park, the user equipment is accessed to the site C, and the network access information comprises the site identification of the site C. User devices located within the designated campus may be able to access the network and user devices located outside the designated campus may not be able to access the network.
The method comprises the steps of storing a plurality of user equipment identifications in a preset user equipment list, searching the user equipment list according to user equipment identification information, and when the user equipment identification information in network access information corresponds to the user equipment identifications, locating the user equipment identification information in the preset user equipment list.
The CAG identification information may be set to 0 or 1,. When the CAG identification information is 1, the CAG identification information indicates that the CAG cell is allowed to be accessed; when the CAG identification information is 0, the CAG identification information indicates that the access to the CAG cell is refused.
The method can be used to prevent privacy exposure of user equipment accessing a public network integrated non-public network using a CAG cell and also to prevent identification of a group of UEs accessing NPN via a CAG cell. The problem to be solved is to transmit the CAG identification information in a plain text format over the air, and to protect the CAG identification information transmitted over the air through the protected CAG identification information so as to prohibit a man-in-the-middle attacker from identifying the NPN/CAG cell to which the user equipment tries to access.
In order to achieve the above object, an embodiment of the present application further provides an electronic device. The electronic device comprises a memory, a processor, a program stored on the memory and executable on the processor, and a data bus for enabling a connection communication between the processor and the memory, the program, when executed by the processor, implementing the network access method as above.
In this embodiment, when a user equipment accesses a site, network access information sent by the site is received, where the network access information includes site identification information, user equipment identification information, and protected CAG identification information; according to the network access information, allowing or refusing the user equipment to access the network; can be used to prevent privacy exposure of user equipment accessing a public network integrated non-public network using a CAG cell and also to prevent identification of a group of UEs accessing NPN via a CAG cell. The problem to be solved is to transmit the CAG identification information in a clear text format over the air, and to protect the CAG identification information transmitted over the air through the protected CAG identification information so as to prohibit a man-in-the-middle attacker from identifying the NPN/CAG cell which the user equipment tries to access.
The memory, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs and non-transitory computer executable programs, such as the network access methods described in the embodiments of the present invention above. The processor implements the network access method in the above-described embodiments of the present invention by running a non-transitory software program and a program stored in the memory.
The memory may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data and the like required to perform the network access method in the above-described embodiment of the present invention. Further, the memory may include high speed random access memory, and may also include non-transitory memory, such as at least one disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory located remotely from the processor, and these remote memories may be connected to the terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
To achieve the above object, an embodiment of the present application further provides a computer-readable storage medium storing computer-executable instructions for causing a computer to execute the network access method as described above.
In this embodiment, when a user equipment accesses a site, network access information sent by the site is received, where the network access information includes site identification information, user equipment identification information, and protected CAG identification information; according to the network access information, allowing or refusing the user equipment to access the network; can be used to prevent privacy exposure of user equipment accessing a public network integrated non-public network using a CAG cell and also to prevent identification of a group of UEs accessing NPN via a CAG cell. The problem to be solved is to transmit the CAG identification information in a clear text format over the air, and to protect the CAG identification information transmitted over the air through the protected CAG identification information so as to prohibit a man-in-the-middle attacker from identifying the NPN/CAG cell which the user equipment tries to access.
One of ordinary skill in the art will appreciate that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art. In the foregoing description of the specification, reference to the description of "one embodiment/example," "another embodiment/example," or "certain embodiments/examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the present application have been shown and described, it will be understood by those of ordinary skill in the art that: many changes, modifications, substitutions and alterations to these embodiments may be made without departing from the principles and spirit of this application, the scope of which is defined by the examples and their equivalents.
While the present invention has been described with reference to the preferred embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. A PNI-NPN-based 5G private network construction method is characterized by comprising the following steps:
constructing a network based on PNI-NPN;
when user equipment accesses a site, receiving network access information sent by the site, wherein the network access information comprises site identification information, user equipment identification information and protected CAG identification information;
and allowing or refusing the user equipment to access the network according to the network access information.
2. The PNI-NPN-based 5G private network construction method according to claim 1, wherein the protected CAG identification information comprises CAG identification information; before the step of allowing or denying the user equipment to access the network according to the network access information, the network access method further comprises:
and un-hiding the protected CAG identification information to determine CAG identification information.
3. A PNI-NPN based 5G private network construction method according to claim 2, wherein the allowing or denying the user equipment to access the network according to the network access information comprises:
when the network access information meets the preset access condition, allowing the user equipment to access the network;
and when the network access information does not meet the preset access condition, rejecting the user equipment to access the network.
4. A PNI-NPN based 5G private network construction method according to claim 3, wherein the access condition includes:
the station identification information is positioned in a preset station list;
the user equipment identification information is positioned in a preset user equipment list;
the CAG identification information indicates that access to a CAG cell is allowed.
5. The PNI-NPN-based 5G private network construction method according to claim 1, wherein the protected CAG identification information is generated according to the following steps:
generating a key stream according to the random code and the SUPI as a key of a symmetric encryption algorithm;
and generating the protected CAG identification information according to the key stream and the CAG identification information.
6. A PNI-NPN-based 5G private network construction device is characterized by comprising:
the information receiving unit is used for receiving network access information sent by a site under the condition that user equipment is accessed, wherein the network access information comprises site identification information, user equipment identification information and protected CAG identification information;
the information processing unit is used for allowing or refusing the user equipment to access the network according to the network access information;
wherein the network is a 5G private network constructed based on PNI-NPN.
7. A PNI-NPN based 5G private network construction device according to claim 6, wherein the network access device further comprises a de-protection unit for un-hiding the protected CAG identification information to determine CAG identification information.
8. A PNI-NPN based 5G private network construction apparatus according to claim 7, wherein the information processing unit is configured to: when the network access information meets the preset access condition, allowing the user equipment to access the network; and when the network access information does not meet the preset access condition, rejecting the user equipment to access the network.
9. A PNI-NPN based 5G private network constructing apparatus according to claim 8, wherein the access condition comprises: the station identification information is positioned in a preset station list; the user equipment identification information is positioned in a preset user equipment list; the CAG identification information indicates that access to a CAG cell is allowed.
10. A PNI-NPN based 5G private network construction apparatus according to claim 6, further comprising an identification generation unit, the identification generation unit comprising a first generation sub-module and a second generation sub-module, the first generation sub-module being configured to generate a key stream according to a random code and SUPI as a key of a symmetric encryption algorithm, the second generation sub-module being configured to generate the protected CAG identification information according to the key stream and the CAG identification information.
CN202211144359.7A 2022-09-20 2022-09-20 PNI-NPN-based 5G private network construction method and device Pending CN115589589A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211144359.7A CN115589589A (en) 2022-09-20 2022-09-20 PNI-NPN-based 5G private network construction method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211144359.7A CN115589589A (en) 2022-09-20 2022-09-20 PNI-NPN-based 5G private network construction method and device

Publications (1)

Publication Number Publication Date
CN115589589A true CN115589589A (en) 2023-01-10

Family

ID=84777901

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211144359.7A Pending CN115589589A (en) 2022-09-20 2022-09-20 PNI-NPN-based 5G private network construction method and device

Country Status (1)

Country Link
CN (1) CN115589589A (en)

Similar Documents

Publication Publication Date Title
US11706626B2 (en) Methods and systems for mitigating denial of service (DoS) attack in a wireless network
CN103200571B (en) Method for implementation in WTRU and CSG cell, WTRU, and home node B
US20190182654A1 (en) Preventing covert channel between user equipment and home network in communication system
EP1978772A1 (en) Authentication policy
KR20110091305A (en) Method and apparatus for selecting public land mobile network for emergency call in multiple operator core network
US11405788B2 (en) Wireless network service access control with subscriber identity protection
US20180167813A1 (en) Processing method for terminal access to 3gpp network and apparatus
US20160105825A1 (en) Mobility in mobile communications network
CN102948174A (en) Mobile radio communications device for closed subscriber group management
WO2012087189A1 (en) Methods and user equipments for granting a first user equipment access to a service
US11564086B2 (en) Secure mobile-terminated message transfer
JP5309215B2 (en) Method for defining a range of closed subscriber group identification numbers for open network access points
CN114451016B (en) Method, device and system for updating configuration data
CN115589589A (en) PNI-NPN-based 5G private network construction method and device
US20220232382A1 (en) Controlling provision of access to restricted local operator services by user equipment
CN105517105A (en) Method and apparatus for accessing network
WO2022236567A1 (en) User equipment onboarding and network congestion control in standalone non-public network deployments
CN114765811B (en) Information processing method, device, equipment and readable storage medium
CN110062440B (en) WLAN connection control method, electronic device and storage medium
WO2023142097A1 (en) User equipment-to-network relay security for proximity based services
US20230319756A1 (en) Disaster roaming for plmn
US20220360987A1 (en) Wireless telecommunications network authentication
CN115567940A (en) System information transmission method and device
CN116981002A (en) Method for processing updated CAG configuration and user equipment
KR20230105957A (en) Method and apparatus for end to end protection when provisioning ue with so-snpn credential using control plane

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination