CN116600297B - Registration method, device, system and communication equipment based on 5G private network - Google Patents
Registration method, device, system and communication equipment based on 5G private network Download PDFInfo
- Publication number
- CN116600297B CN116600297B CN202310872544.6A CN202310872544A CN116600297B CN 116600297 B CN116600297 B CN 116600297B CN 202310872544 A CN202310872544 A CN 202310872544A CN 116600297 B CN116600297 B CN 116600297B
- Authority
- CN
- China
- Prior art keywords
- authentication
- terminal
- network element
- free
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 141
- 238000004891 communication Methods 0.000 title claims abstract description 44
- 238000013523 data management Methods 0.000 claims abstract description 106
- 230000008569 process Effects 0.000 claims abstract description 93
- 230000004044 response Effects 0.000 claims abstract description 73
- 238000007726 management method Methods 0.000 claims description 128
- 238000004590 computer program Methods 0.000 claims description 19
- 238000010561 standard procedure Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 description 18
- 238000010586 diagram Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 9
- 230000011664 signaling Effects 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- GVVPGTZRZFNKDS-JXMROGBWSA-N geranyl diphosphate Chemical compound CC(C)=CCC\C(C)=C\CO[P@](O)(=O)OP(O)(O)=O GVVPGTZRZFNKDS-JXMROGBWSA-N 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W60/00—Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application relates to a registration method, a registration device, a registration system and communication equipment based on a 5G private network. The method comprises the following steps: responding to a registration request sent by a terminal, and acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in a 5G private network under the condition that the authentication service network element deployed in an external network cannot be connected; sending an authentication request to a terminal to instruct the terminal to compare the terminal authentication-free password prestored in the terminal with the terminal authentication-free password carried in the authentication request in a consistent manner; acquiring authentication response information sent by a terminal after the consistency comparison is passed; and comparing the network authentication-free password stored in the unified data management network element with the network authentication-free password carried in the authentication response information, negotiating with the terminal that encryption and integrity protection are not started at this time if the comparison is consistent, and completing the subsequent registration process according to the standard process agreed by the standard communication protocol and the terminal. The method can improve the availability of the 5G private network.
Description
Technical Field
The present application relates to the field of 5G communication technologies, and in particular, to a registration method, apparatus, system and communication device based on a 5G private network.
Background
In the deployment of a 5G private Network, for security reasons, a Network element for performing authentication (i.e., an authentication service Network element) is typically deployed in a Network outside the 5G private Network, for example, AUSF (Authentication Server Function) in the 5G private Network is deployed in a Public Network, and for example, in a SNPN (standard Non-Public Network) scenario in the 3gpp r17 standard, a credential holder (Credentials Holder) of the SNPN is deployed outside the SNPN private Network (a private Network based on the 5G system architecture, which is a private Network based on the 3gpp r17 standard). In this case, once the connection between the private network and the external network is interrupted, authentication cannot be performed when the terminal user registers, so that the private network cannot be successfully registered, the registration success rate of the 5G private network is reduced, and the usability of the 5G private network is reduced.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a 5G private network-based registration method, apparatus, system, communication device, computer-readable storage medium, and computer program product that improves the availability of a 5G private network.
In a first aspect, the present application provides a registration method based on a 5G private network. The method comprises the following steps:
responding to a registration request sent by a terminal, and acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in a 5G private network under the condition that the authentication service network element deployed in an external network cannot be connected; the unified data management network element also stores a network authentication-free password, and the network authentication-free password and the terminal authentication-free password are generated in the prior normal registration process of the terminal;
generating an authentication request carrying a terminal authentication-free password, and sending the authentication request to the terminal to instruct the terminal to compare the terminal authentication-free password prestored in the terminal with the terminal authentication-free password carried in the authentication request in a consistent manner;
acquiring authentication response information sent by a terminal after the consistency comparison is passed; the authentication response information carries a network authentication-free password prestored in the terminal;
and comparing the network authentication-free password stored in the unified data management network element with the network authentication-free password carried in the authentication response information, negotiating with the terminal that encryption and integrity protection are not started at this time if the comparison is consistent, and completing the subsequent registration process according to the standard process agreed by the standard communication protocol and the terminal.
In some of these embodiments, the registration request is a second registration request; the registration request received in the prior normal registration process is a first registration request; the first registration request is earlier than the second registration request; the method further comprises the steps of:
responding to a first registration request sent by a terminal during normal operation of an authentication service network element in an external network, and carrying out normal registration with the terminal;
acquiring a network authentication-free password and a terminal authentication-free password generated in a normal registration process;
storing the generated network authentication-free password and terminal authentication-free password in a unified data management network element in the 5G private network; the generated network authentication-free password and terminal authentication-free password are also stored in the terminal.
In some of these embodiments, obtaining the network authentication-free password and the terminal authentication-free password generated during normal registration includes at least one of:
acquiring a network authentication-free password and a terminal authentication-free password generated in a normal registration process of a terminal;
the access management network element generates a network authentication-free password and a terminal authentication-free password in the normal registration process; the network authentication-free password and the terminal authentication-free password stored by the terminal are provided by an access management network element;
The access management network element generates a network authentication-free password in the normal registration process, and acquires a terminal authentication-free password generated by the terminal in the normal registration process; the network authentication-free password stored by the terminal is provided by the access management network element.
In some of these embodiments, the first registration request is an initial registration request sent when the terminal first applies for registration; the prior normal registration process is a normal registration process performed for the initial registration request; the network authentication-free password and the terminal authentication-free password stored in the unified data management network element are generated in a normal registration process for the initial registration request.
In some of these embodiments, the method further comprises:
under the condition that the authentication service network element is detected to be in a fault state, entering an authentication-free mode;
responding to a registration request sent by a terminal, under the condition that an authentication service network element deployed in an external network cannot be connected, acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in a 5G private network comprises:
and responding to the registration request of the terminal received in the authentication-free mode, and acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in the 5G private network.
In some embodiments, in response to a registration request sent by a terminal, in a case where an authentication service network element deployed in an external network cannot be connected, acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in a 5G private network, including:
responding to a registration request sent by a terminal, and detecting the working state of an authentication service network element deployed in an external network;
and if the working state is a fault state, acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in the 5G private network.
In some embodiments, in response to a registration request sent by a terminal, in a case where an authentication service network element deployed in an external network cannot be connected, acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in a 5G private network, including:
responding to a registration request sent by a terminal, and sending a user data request to a unified data management network element in a 5G private network under the condition that an authentication service network element deployed in an external network cannot be connected;
acquiring user data response information returned by the unified data management network element aiming at the user data request; the user data response information carries a network authentication-free password and a terminal authentication-free password which are prestored in a unified data management network element.
In a second aspect, the present application also provides a registration device based on a 5G private network, where the device includes:
the password acquisition module is used for responding to a registration request sent by the terminal and acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in the 5G private network under the condition that the authentication service network element deployed in the external network cannot be connected; the unified data management network element also stores a network authentication-free password, and the network authentication-free password and the terminal authentication-free password are generated in the prior normal registration process of the terminal;
the authentication request sending module is used for generating an authentication request carrying a terminal authentication-free password and sending the authentication request to the terminal so as to instruct the terminal to compare the terminal authentication-free password stored in the terminal in advance with the terminal authentication-free password carried in the authentication request in a consistent manner;
the response receiving module is used for acquiring authentication response information sent by the terminal after the consistency comparison is passed; the authentication response information carries a network authentication-free password prestored in the terminal;
the registration module is used for comparing the network authentication-free password stored in the unified data management network element with the network authentication-free password carried in the authentication response information, negotiating with the terminal that encryption and integrity protection are not started at this time if the comparison is consistent, and completing the subsequent registration process according to the standard process agreed by the standard communication protocol and the terminal.
In a third aspect, the present application also provides a registration system based on a 5G private network, where the system includes an access management network element and a terminal;
the access management network element is used for responding to the registration request sent by the terminal, and acquiring a pre-stored terminal authentication-free password from the unified data management network element deployed in the 5G private network under the condition that the authentication service network element deployed in the external network cannot be connected; the unified data management network element also stores a network authentication-free password, and the network authentication-free password and the terminal authentication-free password are generated in the prior normal registration process of the terminal; generating an authentication request carrying an authentication-free password of the terminal, and sending the authentication request to the terminal;
the terminal is used for carrying out consistency comparison on the terminal authentication-free password stored in the terminal in advance and the terminal authentication-free password carried in the authentication request, and sending authentication response information to the access management network element after the consistency comparison is passed; the authentication response information carries a network authentication-free password prestored in the terminal;
the access management network element is also used for acquiring authentication response information; and comparing the network authentication-free password stored in the unified data management network element with the network authentication-free password carried in the authentication response information, negotiating with the terminal that encryption and integrity protection are not started at this time if the comparison is consistent, and completing the subsequent registration process according to the standard process agreed by the standard communication protocol and the terminal.
In a fourth aspect, the present application also provides a communication device. The communication device comprises a memory storing a computer program and a processor implementing the steps described in the embodiments of the application when the processor executes the computer program.
In a fourth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps described in the embodiments of the present application.
In a fifth aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps described in the various embodiments of the application.
According to the registration method, the device, the system, the communication equipment, the storage medium and the computer program product based on the 5G private network, the network authentication-free password and the terminal authentication-free password can be generated in the previous normal registration process, and the two authentication-free passwords are respectively stored in the unified data management network element and the terminal in the 5G private network, so that when the access management network element subsequently receives a registration request of the terminal, even if the access management network element cannot be connected with an authentication service network element deployed in an external network, the authentication-free processing of both parties can be performed based on the unified data management network element and the network authentication-free password and the terminal authentication-free password which are prestored in the terminal, namely, the terminal and the access management network element are communicated and released, and do not need to perform substantial authentication through the authentication service network element in the external network, but can also perform certain security verification through the two authentication-free passwords, thereby realizing the registration of the terminal, improving the success rate of terminal registration, and improving the usability of the 5G private network, and ensuring the reliability of the 5G private network to a certain extent.
Drawings
Fig. 1 is a schematic diagram of a network deployment scenario applicable to a 5G private network-based registration method of the present application in one embodiment;
fig. 2 is a flow diagram of a registration method based on a 5G private network in one embodiment;
fig. 3 is a flow chart of a registration method based on a 5G private network in another embodiment;
FIG. 4 is a timing diagram of a 5G private network-based registration method in one embodiment;
FIG. 5 is a block diagram of a 5G private network-based registration apparatus in one embodiment;
fig. 6 is an internal structural diagram of a communication device in one embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
Fig. 1 is a schematic diagram of a network deployment scenario suitable for the 5G private network-based registration method of the present application in one embodiment. Referring to fig. 1, the authentication service network element is AUSF, which is deployed in the public network. While other network elements are deployed locally on the enterprise private network (i.e., the 5G private network). The access management network element is AMF (Access and Mobility Management Function), the unified data management network element is UDM (UnifiedData Management), the base station is gNB, and the user plane function network element is UPF (The User plane function). The session management function network element is SMF (Session Management function). N2, N3, N6, N8, N10, N12, and N14 in the figure are each different types of interfaces in the 5G network. As can be seen from fig. 1, if the authentication service network element fails and cannot normally communicate with the access management network element, authentication cannot be performed, and terminal registration is affected.
The method of the application can exactly solve the problems existing in the network deployment scenario. In the application, as long as the private network is successfully and normally registered before the terminal, in the previous normal registration process, the network authentication-free password and the terminal authentication-free password can be generated and respectively stored in the terminal and the UDM in the private network, so that the follow-up authentication-free processing can be carried out according to the stored network authentication-free password and the terminal authentication-free password, namely, the network registration of the terminal can be realized without depending on the communication authentication with the AUSF.
In one embodiment, as shown in fig. 2, a registration method based on a 5G private network is provided, and the method is applied to an access management network element in the 5G private network for illustration, where the method may be implemented by the access management network element itself or may be implemented by interaction between the access management network element and a terminal, and specifically includes the following steps:
step 202, responding to a registration request sent by a terminal, and acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in a 5G private network under the condition that the authentication service network element deployed in an external network cannot be connected; the unified data management network element also stores a network authentication-free password, and the network authentication-free password and the terminal authentication-free password are generated in the prior normal registration process of the terminal.
In some embodiments, the access management network element may be an AMF, which is a network element in a 5G network, and the access and mobility management functions are mainly used to perform registration, connection, reachability, and mobility management, and belong to a terminal and a wireless core network control panel access point. The unified data management network element may be UDM (Unified Data Management). The authentication service network element may be AUSF (Authentication Server Function), and the authentication server function mainly implements access authentication of 3GPP and non-3 GPP.
It can be understood that the unified data management network element, the access management network element and the terminal are deployed in the 5G private network, the authentication service network element is deployed in the external network, and when the terminal wants to register the 5G private network, the authentication service network element needs to authenticate, and because the authentication service network element is deployed in the external network, once the access management network element and the authentication service network element cannot be connected for communication, the registration failure is caused by the failure of authentication.
The prior normal registration process is the prior normal registration process, that is, when the terminal requests registration before initiating the registration request of this time, the access management network element can communicate with the authentication service network element in normal connection, so that the authentication service network element can authenticate the terminal, and after authentication is successful, the access management network element can execute the normal registration process with the terminal, that is, the access management network element and the terminal can participate in the normal registration process together. In this normal registration process, a network authentication-free password and a terminal authentication-free password can be generated. It will be appreciated that since the terminal was previously able to register normally by authentication, indicating that its identity is unproblematic, a network authentication-free password and a terminal authentication-free password may be generated to enable subsequent registration requests to be authentication-free. The access management network element can store the network authentication-free password and the terminal authentication-free password generated in the prior normal registration process in a unified data management network element in the 5G private network, and the terminal can also store the network authentication-free password and the terminal authentication-free password so as to facilitate subsequent authentication-free processing.
It can be understood that the previous normal registration process may be any one normal registration process before the present registration request, and the pre-stored network authentication-free password and the terminal authentication-free password may be generated in any one previous normal registration process.
In some embodiments, the network authentication-free password and the terminal authentication-free password may be generated by the access management network element during normal registration. In this case, the access management network element may synchronize the generated network authentication-free password and the terminal authentication-free password to the terminal, so that the terminal stores the network authentication-free password and the terminal authentication-free password. The network authentication-free password and the terminal authentication-free password may also be generated by the terminal during normal registration. In this case, the terminal may synchronize the generated network authentication-free password and the terminal authentication-free password to the access management network element, so that the access management network element stores the network authentication-free password and the terminal authentication-free password. It can be understood that the access management network element can also generate a network authentication-free password in the normal registration process, the terminal generates a terminal authentication-free password in the normal registration process, and the access management network element and the terminal synchronize the generated authentication-free passwords to each other.
After the unified data management network element and the terminal respectively store the network authentication-free password and the terminal authentication-free password generated in the previous normal registration process, under the condition that the terminal sends the registration request to the access management network element again, if the access management network element and the authentication service network element can normally communicate, the normal registration process is continued for the new registration request, if the access management network element cannot be connected with the authentication service network element, authentication can be carried out without passing through the authentication service network element, namely, the access management network element can acquire the terminal authentication-free password and the network authentication-free password generated in the previous normal registration process of the terminal from the unified data management network element so as to carry out subsequent authentication-free processing.
In some embodiments, in response to a registration request sent by a terminal, in a case where an authentication service network element deployed in an external network cannot be connected, acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in a 5G private network, including: responding to a registration request sent by a terminal, and sending a user data request to a unified data management network element in a 5G private network under the condition that an authentication service network element deployed in an external network cannot be connected; acquiring user data response information returned by the unified data management network element aiming at the user data request; the user data response information carries a network authentication-free password and a terminal authentication-free password which are prestored in a unified data management network element.
It can be understood that the network authentication-free password and the terminal authentication-free password are stored in the unified data management network element in advance, and the access management network element can send the user data request to the unified data management network element after receiving the registration request sent by the terminal under the condition that the access management network element cannot be connected with the authentication service network element deployed in the external network. The unified data management network element can respond to the user data request and return the stored network authentication-free password and terminal authentication-free password to the access management network element in a mode of user data response information.
It should be noted that, the normal connection communication with the authentication service network element may be implemented under the condition that the authentication service network element can work normally and has no fault. If the access management network element cannot be connected with the authentication service network element, the authentication service network element cannot work normally and is in a fault state. It should be noted that, the authentication service network element cannot be connected, which is not limited to the case that the authentication service network element fails, but also can be caused to be disconnected for other reasons, so long as the authentication service network element cannot be connected, the authentication-free processing in the present application can be performed.
In some embodiments, the network authentication-free password and the terminal authentication-free password may be generated based on random numbers or may be computationally generated according to pre-configured rules, such as based on a stored key in combination with random numbers. This is not limited.
Step 204, an authentication request carrying a terminal authentication-free password is generated, and the authentication request is sent to the terminal, so as to instruct the terminal to compare the terminal authentication-free password pre-stored in the terminal with the terminal authentication-free password carried in the authentication request in a consistent manner.
Specifically, after the access management network element obtains the terminal authentication-free password stored in the unified data management network element, the access management network element may generate an authentication request, where the authentication request carries the terminal authentication-free password. The access management network element may send the authentication request to the terminal. The terminal can compare the consistency of the terminal authentication-free password stored by the terminal with the terminal authentication-free password carried in the authentication request, namely, whether the terminal authentication-free password stored by the terminal is consistent with the terminal authentication-free password carried in the authentication request.
Step 206, acquiring authentication response information sent by the terminal after the consistency comparison is passed; the authentication response information carries a network authentication-free password prestored in the terminal.
The consistency comparison is passed, namely the terminal authentication-free password stored by the terminal is consistent with the terminal authentication-free password carried in the authentication request.
Specifically, after the consistency comparison is passed, the terminal dispenses with authentication and authentication of the network, namely dispenses with authentication and authentication processing of the authentication service network element on the network. Furthermore, the terminal can acquire the network authentication-free password stored by the terminal to generate authentication response information carrying the network authentication-free password, and the terminal sends the authentication response information to the access management network element. The access management network element can acquire the authentication response information sent by the terminal.
And step 208, comparing the network authentication-free password stored in the unified data management network element with the network authentication-free password carried in the authentication response information, negotiating with the terminal that encryption and integrity protection are not started at this time if the comparison is consistent, and completing the subsequent registration process according to the standard process agreed by the standard communication protocol and the terminal.
Specifically, after the access management network element obtains the authentication response information sent by the terminal, the network authentication-free password obtained from the unified data management network element can be compared with the network authentication-free password carried in the authentication response information, namely, whether the two are consistent or not is compared, and if the two are consistent, the network is free from authentication of the terminal, namely, authentication processing of the authentication service network element on the terminal is avoided. Furthermore, the access management network element and the terminal of the private network are directly communicated, and authentication processing of the authentication service network element is not performed. The access management network element can perform security mode negotiation with the terminal to negotiate that encryption and integrity protection are not enabled this time, i.e. the encryption and integrity protection are closed. Then, the access management network element can complete the subsequent registration process according to the standard process agreed by the standard communication protocol and the terminal.
In some embodiments, the access management network element may initiate a security mode command procedure (Security Mode Command) to the terminal in which the negotiating the connection does not integrity protect and cryptographically protect the signaling and data. Specifically, during the secure mode command, 5G integrity algorithm 5G-IA0 (null integrity protection algorithm) may be set in a specified field of the secure mode command (Security Mode Command) message to indicate that the connection is not encrypted and integrity protected.
In the above embodiment, the network authentication-free password and the terminal authentication-free password can be generated in the previous normal registration process, and the two authentication-free passwords are stored in the unified data management network element and the terminal in the 5G private network, so that when the access management network element subsequently receives the registration request of the terminal, even if the access management network element cannot be connected with the authentication service network element deployed in the external network, the authentication-free processing of both parties can be performed based on the unified data management network element and the network authentication-free password and the terminal authentication-free password stored in advance in the terminal, that is, the terminal and the access management network element are communicated and released, and the authentication service network element in the external network is not required to perform substantial authentication, but the two authentication-free passwords can also perform certain security verification, thereby realizing the registration of the terminal, improving the success rate of terminal registration, improving the usability of the 5G private network, and ensuring the reliability of the 5G private network to a certain extent.
In some embodiments, the registration request is a second registration request; the registration request received in the prior normal registration process is a first registration request; the first registration request is earlier than the second registration request. The method further comprises the steps of: responding to a first registration request sent by a terminal during normal operation of an authentication service network element in an external network, and carrying out normal registration with the terminal; acquiring a network authentication-free password and a terminal authentication-free password generated in a normal registration process; storing the generated network authentication-free password and terminal authentication-free password in a unified data management network element in the 5G private network; the generated network authentication-free password and terminal authentication-free password are also stored in the terminal.
It will be appreciated that the first registration request is earlier than the second registration request, i.e. a preceding registration request indicating that the first registration request is the second registration request. Since the first registration request is sent when the authentication service network element works normally, the registration procedure for the first registration request is the prior normal registration procedure.
In some embodiments, the first registration request is an initial registration request sent when the terminal first applies for registration; the prior normal registration process is a normal registration process performed for the initial registration request; the network authentication-free password and the terminal authentication-free password stored in the unified data management network element are generated in a normal registration process for the initial registration request. In other embodiments, a new network authentication-free password and terminal authentication-free password may be generated each time normal registration is possible, to override the old network authentication-free password and terminal authentication-free password generated before replacement. Therefore, the first registration request may be a registration request that may perform a normal registration procedure the last time before the second registration request.
Specifically, when the authentication service network element in the external network works normally, the terminal sends a first registration request to the access management network element, and the access management network element responds to the first registration request and performs normal registration with the terminal. In the normal registration process for the first registration request, a network authentication-free password and a terminal authentication-free password are generated, and the access management network element can store the generated network authentication-free password and terminal authentication-free password in the unified data management network element. It will be appreciated that the terminal may also store the network authentication-free password and the terminal authentication-free password generated during the normal registration procedure for the first registration request.
In some embodiments, the access management network element may obtain a network authentication-free password and a terminal authentication-free password generated by the terminal during normal registration. Namely, in the normal registration process aiming at the first registration request, the terminal generates two authentication-free passwords, namely a network authentication-free password and a terminal authentication-free password, and the first password generation mode is called for the terminal to generate the password for short. Specifically, if the terminal generates two authentication-free passwords, namely, a network authentication-free password and a terminal authentication-free password, the terminal can carry the two authentication-free passwords in the sent second registration request so as to synchronize the two authentication-free passwords with the access management network element. The access management network element can store the network authentication-free password and the terminal authentication-free password carried in the second registration request into the unified data management network element for subsequent registration request authentication-free use.
In some embodiments, the access management network element may itself generate the network authentication-free password and the terminal authentication-free password during the normal registration procedure for the first registration request. The second password generation mode is called as an access management network element for generating a password. Furthermore, the access management network element may synchronize the generated network authentication-free password and the terminal authentication-free password to the terminal, so that the terminal itself stores the two authentication-free passwords.
In some embodiments, the access management network element may generate a network authentication-free password in a normal registration process, and the terminal generates a terminal authentication-free password in the normal registration process, and synchronizes the respective generated authentication-free passwords to each other. The third password generation mode is abbreviated. Specifically, the terminal may synchronize the terminal authentication-free password to the access management network element by carrying the generated terminal authentication-free password in the second registration request. The access management network element may carry the network authentication-free password generated by itself in the registration response information, so as to synchronize the network authentication-free password to the terminal.
In some embodiments, in the normal registration process of the access management network element and the terminal, one target password generation mode can be determined from three password generation modes through analysis, and respective generation objects of the network authentication-free password and the terminal authentication-free password are determined based on the target password generation mode, namely, the generation object of the network authentication-free password and the terminal authentication-free password is determined.
In the above embodiment, the authentication-free password is generated according to the previous normal registration process, so that the authentication-free password can be used for subsequent authentication-free when the authentication service network element fails, which is reliable and improves the availability of the 5G private network.
In some embodiments, the method further comprises: and under the condition that the authentication service network element is detected to be in a fault state, entering an authentication-free mode. In this embodiment, in response to a registration request sent by a terminal, when an authentication service network element deployed in an external network cannot be connected, obtaining a pre-stored authentication-free password of the terminal from a unified data management network element deployed in a 5G private network includes: and responding to the registration request of the terminal received in the authentication-free mode, and acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in the 5G private network.
Specifically, the access management network element may periodically detect the working state of the authentication service network element, and in case that the authentication service network element is detected to be in a fault state, the access management network element may enter an authentication-free mode. In the authentication-free mode, if a registration request sent by the terminal is received, a pre-stored terminal authentication-free password can be acquired from the unified data management network element, and a subsequent authentication-free processing step is executed.
In the above embodiment, the mode of the access management network element is switched by detecting the working state of the authentication service network element, and is switched to the authentication-free mode, and the authentication-free processing using the authentication-free password can be started based on the holographic authentication-free mode by providing a brand new authentication-free mode, so that the reliability and usability of the 5G private network are improved.
In some embodiments, in response to a registration request sent by a terminal, in a case where an authentication service network element deployed in an external network cannot be connected, acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in a 5G private network, including: responding to a registration request sent by a terminal, and detecting the working state of an authentication service network element deployed in an external network; and if the working state is a fault state, acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in the 5G private network.
Specifically, the access management network element may trigger to detect the working state of the authentication service network element after receiving the registration request sent by the terminal. If the working state of the authentication service network element is detected to be a fault state, entering an authentication-free mode, acquiring a pre-stored terminal authentication-free password from the unified data management network element, and executing subsequent authentication-free processing steps.
In the above embodiment, after receiving the registration request, the working state of the authentication service network element is detected, and when the authentication service network element fails, the authentication-free mode is entered, so that the mode switching can be controlled more accurately.
As shown in fig. 3, a registration method based on a 5G private network is provided, and the method specifically includes the following steps:
step 302, the access management network element and the terminal generate a network authentication-free password and a terminal authentication-free password in the normal registration process.
It will be appreciated that normal registration can be performed, illustrating that the authentication service network element is working properly.
Step 304, the access management network element stores the network authentication-free password and the terminal authentication-free password in the unified data management network element, and the terminal itself stores the network authentication-free password and the terminal authentication-free password.
Step 306, the access management network element receives the registration request sent by the terminal again. Step 308 is performed.
Step 308, it is determined whether the authentication service network element works normally. If yes, go to step 310, if no, go to step 312.
In step 310, the access management network element and the terminal register according to the standard procedure agreed by the standard communication protocol.
Step 312, the access management network element sends an authentication request to the terminal, the authentication request carrying a terminal authentication-free password.
And 314, the terminal compares the terminal authentication-free password pre-stored in the terminal with the terminal authentication-free password carried in the authentication request, and after the consistency comparison is passed, the terminal returns authentication response information to the access management network element, wherein the authentication response information carries the network authentication-free password pre-stored in the terminal.
Step 316, the access management network element compares the network authentication-free password stored in the unified data management network element with the network authentication-free password carried in the authentication response information, and if the comparison is consistent, both the access management network element and the terminal are released, and no substantial authentication operation is performed.
In step 318, the access management network element and the terminal negotiate to close the encryption and integrity protection of the signaling or data.
Step 320, the access management network element and the terminal complete the subsequent registration process according to the standard process and the terminal agreed by the standard communication protocol.
In the above embodiment, the network authentication-free password and the terminal authentication-free password can be generated in the previous normal registration process, and the two authentication-free passwords are stored in the unified data management network element and the terminal in the 5G private network, so that when the access management network element subsequently receives the registration request of the terminal, even if the access management network element cannot be connected with the authentication service network element deployed in the external network, the authentication-free processing of both parties can be performed based on the unified data management network element and the network authentication-free password and the terminal authentication-free password stored in advance in the terminal, that is, the terminal and the access management network element are communicated and released, and the authentication service network element in the external network is not required to perform substantial authentication, but the two authentication-free passwords can also perform certain security verification, thereby realizing the registration of the terminal, improving the success rate of terminal registration, improving the usability of the 5G private network, and ensuring the reliability of the 5G private network to a certain extent.
As shown in fig. 4, a timing diagram of a registration method based on a 5G private network is provided. The authentication service network element is located in an external network, such as a public network, in the timing diagram. The access management network element, the terminal and the unified data management network element are all deployed in the private network, and the specific steps are as follows:
1. and when the authentication service network element in the external network works normally, the terminal sends a first registration request to the access management network element.
2. The access management network element, the terminal and the authentication service network element complete the authentication process according to the standard process agreed by the standard communication protocol.
3. The access management network element and the terminal complete the security mode negotiation, start the signaling/data encryption and the integrity protection, and complete other registration related operations. That is, the normal registration processing for the first registration request is realized.
4. The access management network element generates a terminal authentication-free password and a network authentication-free password for the terminal.
5. The access management network element returns a registration acceptance message to the terminal, wherein the registration acceptance message carries two authentication-free passwords.
The two authentication-free passwords are the latest generated network authentication-free password and the terminal authentication-free password.
It will be appreciated that the terminal stores the two authentication-free passwords received (i.e., the network authentication-free password and the terminal authentication-free password). If the authentication-free password has been previously stored, the previous authentication-free password is overridden with the newly received authentication-free password.
6. The access management network element sends a user data update request to the unified data management network element, wherein the user data update request carries two authentication-free passwords.
Similarly, the two authentication-free passwords are the latest generated network authentication-free password and the terminal authentication-free password.
It is understood that the unified data management network element stores the two received authentication-free passwords. If the authentication-free password of the user has been previously stored, the previous authentication-free password is overridden with the newly received authentication-free password.
7. The unified data management network element returns a user data update response to the access management network element.
8. When an access management network element in the private network detects that an external network authentication service network element fails, the access management network element can enter an authentication-free mode.
9. The terminal again sends a second registration request to the access management network element in the authentication-free mode.
10. The access management network element sends a user data request to the unified data management network element.
11. The unified data management network element returns the user data response information to the access management network element.
It can be understood that the user data response information carries the network authentication-free password and the terminal authentication-free password of the user.
12. The access management network element sends an authentication request to the terminal, wherein the authentication request carries a terminal authentication-free password of the user.
13. The terminal checks the terminal authentication-free password.
Specifically, the terminal checks the received terminal authentication-free password with the terminal authentication-free password stored in the terminal, and if the received terminal authentication-free password is consistent with the terminal authentication-free password, the terminal is free from authentication on the network.
14. The terminal returns an authentication response to the access management network element, wherein the authentication response carries a network authentication-free password stored by the terminal.
15. The access management network element checks the network authentication-free password.
Specifically, the access management network element checks the received network authentication-free password with the network authentication-free password obtained from the unified data management network element, and if the two passwords are consistent, authentication of the terminal is avoided
16. The access management network element and the terminal are directly communicated, and authentication is carried out without passing through the authentication service network element.
17. The access management network element and the terminal carry out the safety mode negotiation, and the integrity protection and encryption protection of signaling and data are appointed not to be started.
18. The access management network element and the terminal complete the subsequent registration process according to the standard process agreed by the standard communication protocol.
In the above embodiment, the network authentication-free password and the terminal authentication-free password can be generated in the previous normal registration process, and the two authentication-free passwords are stored in the unified data management network element and the terminal in the 5G private network, so that when the access management network element subsequently receives the registration request of the terminal, even if the access management network element cannot be connected with the authentication service network element deployed in the external network, the authentication-free processing of both parties can be performed based on the unified data management network element and the network authentication-free password and the terminal authentication-free password stored in advance in the terminal, that is, the terminal and the access management network element are communicated and released, and the authentication service network element in the external network is not required to perform substantial authentication, but the two authentication-free passwords can also perform certain security verification, thereby realizing the registration of the terminal, improving the success rate of terminal registration, improving the usability of the 5G private network, and ensuring the reliability of the 5G private network to a certain extent.
It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiment of the application also provides a registration device based on the 5G private network, which is used for realizing the above mentioned registration method based on the 5G private network. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in the embodiment of one or more registration devices based on the 5G private network provided below may be referred to the limitation of the registration method based on the 5G private network hereinabove, and will not be repeated here.
In one embodiment, as shown in fig. 5, there is provided a registration apparatus based on a 5G private network, including: a password acquisition module 502, an authentication request transmission module 504 and a response reception module 506, wherein:
the password obtaining module 502 is configured to obtain a pre-stored authentication-free password of the terminal from a unified data management network element deployed in the 5G private network in response to a registration request sent by the terminal, where the authentication service network element deployed in the external network cannot be connected; the unified data management network element also stores a network authentication-free password, and the network authentication-free password and the terminal authentication-free password are generated in the prior normal registration process of the terminal.
The authentication request sending module 504 is configured to generate an authentication request carrying a terminal authentication-free password, and send the authentication request to the terminal, so as to instruct the terminal to compare the terminal authentication-free password stored in the terminal with the terminal authentication-free password carried in the authentication request in a consistent manner.
A response receiving module 506, configured to obtain authentication response information sent by the terminal after the consistency comparison passes; the authentication response information carries a network authentication-free password prestored in the terminal.
The registration module 508 is configured to compare the network authentication-free password stored in the unified data management network element with the network authentication-free password carried in the authentication response information, and if the comparison is consistent, negotiate with the terminal that encryption and integrity protection are not enabled this time, and complete a subsequent registration procedure according to a standard procedure agreed by a standard communication protocol and the terminal.
In some embodiments, the registration request is a second registration request; the registration request received in the prior normal registration process is a first registration request; the first registration request is earlier than the second registration request;
the registration module 508 is further configured to perform normal registration with the terminal in response to a first registration request sent by the terminal during normal operation of an authentication service network element in the external network;
the password acquisition module 502 is further configured to acquire a network authentication-free password and a terminal authentication-free password generated in a normal registration process; storing the generated network authentication-free password and terminal authentication-free password in a unified data management network element in the 5G private network; the generated network authentication-free password and terminal authentication-free password are also stored in the terminal.
In some embodiments, the password obtaining module 502 is further configured to obtain a network authentication-free password and a terminal authentication-free password that are generated by the terminal in a normal registration process; or generating a network authentication-free password and a terminal authentication-free password in the normal registration process; the network authentication-free password and the terminal authentication-free password stored by the terminal are provided by an access management network element; or generating a network authentication-free password in the normal registration process, and acquiring a terminal authentication-free password generated in the normal registration process of the terminal; the network authentication-free password stored by the terminal is provided by the access management network element.
In some embodiments, the first registration request is an initial registration request sent when the terminal first applies for registration; the prior normal registration process is a normal registration process performed for the initial registration request; the network authentication-free password and the terminal authentication-free password stored in the unified data management network element are generated in a normal registration process for the initial registration request.
In some embodiments, the password obtaining module 502 is further configured to enter an authentication-free mode if it is detected that the authentication service network element is in a failure state; and responding to the registration request of the terminal received in the authentication-free mode, and acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in the 5G private network.
In some embodiments, the password obtaining module 502 is further configured to detect an operating state of an authentication service network element deployed in the external network in response to a registration request sent by the terminal; and if the working state is a fault state, acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in the 5G private network.
In some embodiments, the password obtaining module 502 is further configured to send, in response to a registration request sent by the terminal, a user data request to a unified data management network element in the 5G private network in a case where an authentication service network element deployed in the external network cannot be connected; acquiring user data response information returned by the unified data management network element aiming at the user data request; the user data response information carries a network authentication-free password and a terminal authentication-free password which are prestored in a unified data management network element.
The above-mentioned respective modules in the registration apparatus based on the 5G private network may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the communication device, or may be stored in software in a memory in the communication device, so that the processor may call and execute operations corresponding to the above modules.
In some embodiments, a registration system based on a 5G private network is provided, the system comprising an access management network element and a terminal;
the access management network element is used for responding to the registration request sent by the terminal, and acquiring a pre-stored terminal authentication-free password from the unified data management network element deployed in the 5G private network under the condition that the authentication service network element deployed in the external network cannot be connected; the unified data management network element also stores a network authentication-free password, and the network authentication-free password and the terminal authentication-free password are generated in the prior normal registration process of the terminal; generating an authentication request carrying an authentication-free password of the terminal, and sending the authentication request to the terminal;
the terminal is used for carrying out consistency comparison on the terminal authentication-free password stored in the terminal in advance and the terminal authentication-free password carried in the authentication request, and sending authentication response information to the access management network element after the consistency comparison is passed; the authentication response information carries a network authentication-free password prestored in the terminal;
The access management network element is also used for acquiring authentication response information; and comparing the network authentication-free password stored in the unified data management network element with the network authentication-free password carried in the authentication response information, negotiating with the terminal that encryption and integrity protection are not started at this time if the comparison is consistent, and completing the subsequent registration process according to the standard process agreed by the standard communication protocol and the terminal.
In some embodiments, the system further comprises a unified data management network element.
The access management network element is also used for responding to the registration request sent by the terminal, and sending a user data request to the unified data management network element in the 5G private network under the condition that the authentication service network element deployed in the external network cannot be connected;
the unified data management network element is also used for returning user data response information to the access management network element; the user data response information carries a network authentication-free password and a terminal authentication-free password which are prestored in a unified data management network element.
In one embodiment, a communication device is provided, where the communication device may be any one of an access management network element or a terminal or a unified data management network element, and an internal structure diagram thereof may be as shown in fig. 6. The communication device comprises a processor, a memory, an Input/Output interface (I/O) and a communication interface. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface is connected to the system bus through the input/output interface. Wherein the processor of the communication device is configured to provide computing and control capabilities. The memory of the communication device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The input/output interface of the communication device is used to exchange information between the processor and the external device. The communication interface of the communication device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements a registration method based on a 5G private network.
It will be appreciated by those skilled in the art that the structure shown in fig. 6 is merely a block diagram of a portion of the structure associated with the present inventive arrangements and is not limiting of the communication device to which the present inventive arrangements are applied, and that a particular communication device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a communication device is provided that includes a memory having a computer program stored therein and a processor that when executing the computer program performs the steps of the above embodiments.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when executed by a processor, implements the steps of the above embodiments.
In an embodiment, a computer program product is provided comprising a computer program which, when executed by a processor, implements the steps of the above embodiments.
It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party, and the collection, use and processing of the related data need to comply with the related laws and regulations and standards of the related country and region.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric RandomAccess Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can take many forms, such as static Random access memory (Static Random Access Memory, SRAM) or Dynamic Random access memory (Dynamic Random AccessMemory, DRAM), among others. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.
Claims (9)
1. A registration method based on a 5G private network, performed by an access management network element within the 5G private network, the method comprising:
responding to a first registration request sent by a terminal during normal operation of an authentication service network element in an external network, and carrying out normal registration with the terminal;
acquiring a network authentication-free password and a terminal authentication-free password generated in a normal registration process;
Storing the generated network authentication-free password and the terminal authentication-free password in a unified data management network element in the 5G private network; the generated network authentication-free password and the terminal authentication-free password are also stored in the terminal;
responding to a second registration request sent by the terminal, and acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in the 5G private network under the condition that the terminal cannot be connected with an authentication service network element deployed in an external network; the unified data management network element also stores a network authentication-free password, and the network authentication-free password and the terminal authentication-free password are generated in the prior normal registration process of the terminal;
generating an authentication request carrying the terminal authentication-free password, and sending the authentication request to a terminal to instruct the terminal to compare the terminal authentication-free password pre-stored in the terminal with the terminal authentication-free password carried in the authentication request in a consistent manner;
acquiring authentication response information sent by the terminal after the consistency comparison is passed; the authentication response information carries a network authentication-free password prestored in the terminal;
And comparing the network authentication-free password stored in the unified data management network element with the network authentication-free password carried in the authentication response information, negotiating with the terminal that encryption and integrity protection are not started at this time if the comparison is consistent, and completing a subsequent registration process with the terminal according to a standard process agreed by a standard communication protocol.
2. The method of claim 1, wherein the obtaining the network authentication-free password and the terminal authentication-free password generated during the normal registration process comprises at least one of:
acquiring a network authentication-free password and a terminal authentication-free password generated by the terminal in the normal registration process;
the access management network element generates a network authentication-free password and a terminal authentication-free password in the normal registration process; the network authentication-free password stored by the terminal and the terminal authentication-free password are provided by the access management network element;
the access management network element generates a network authentication-free password in the normal registration process, and acquires a terminal authentication-free password generated by the terminal in the normal registration process; the network authentication-free password stored by the terminal is provided by the access management network element.
3. The method according to claim 1, wherein the first registration request is an initial registration request transmitted when the terminal first applies for registration; the prior normal registration process is a normal registration process performed for the initial registration request; the network authentication-free password and the terminal authentication-free password stored in the unified data management network element are generated in a normal registration process for the initial registration request.
4. A method according to any one of claims 1 to 3, further comprising:
under the condition that the authentication service network element is detected to be in a fault state, entering an authentication-free mode;
the obtaining the pre-stored terminal authentication-free password from the unified data management network element deployed in the 5G private network under the condition that the second registration request sent by the response terminal cannot be connected with the authentication service network element deployed in the external network comprises the following steps:
and responding to a second registration request of the terminal received in the authentication-free mode, and acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in the 5G private network.
5. A method according to any one of claims 1 to 3, wherein the obtaining, in response to the second registration request sent by the terminal, the pre-stored terminal authentication-free password from the unified data management network element deployed in the 5G private network in the case where the authentication service network element deployed in the external network cannot be connected, includes:
Responding to a second registration request sent by the terminal, and detecting the working state of an authentication service network element deployed in the external network;
and if the working state is a fault state, acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in the 5G private network.
6. A method according to any one of claims 1 to 3, wherein the obtaining, in response to the second registration request sent by the terminal, the pre-stored terminal authentication-free password from the unified data management network element deployed in the 5G private network in the case where the authentication service network element deployed in the external network cannot be connected, includes:
responding to a second registration request sent by the terminal, and sending a user data request to a unified data management network element in the 5G private network under the condition that an authentication service network element deployed in an external network cannot be connected;
acquiring user data response information returned by the unified data management network element for the user data request; and the user data response information carries a network authentication-free password and a terminal authentication-free password which are prestored in the unified data management network element.
7. A registration apparatus based on a 5G private network, the apparatus comprising:
The registration module is used for responding to a first registration request sent by the terminal during normal operation of an authentication service network element in an external network and carrying out normal registration with the terminal;
the password acquisition module is used for acquiring a network authentication-free password and a terminal authentication-free password which are generated in the normal registration process; storing the generated network authentication-free password and the terminal authentication-free password in a unified data management network element in the 5G private network; the generated network authentication-free password and the terminal authentication-free password are also stored in the terminal;
the password acquisition module is further used for responding to a second registration request sent by the terminal, and acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in the 5G private network under the condition that the authentication service network element deployed in the external network cannot be connected; the unified data management network element also stores a network authentication-free password, and the network authentication-free password and the terminal authentication-free password are generated in the prior normal registration process of the terminal;
the authentication request sending module is used for generating an authentication request carrying the terminal authentication-free password and sending the authentication request to the terminal so as to instruct the terminal to compare the terminal authentication-free password pre-stored in the terminal with the terminal authentication-free password carried in the authentication request in a consistent way;
The response receiving module is used for acquiring authentication response information sent by the terminal after the consistency comparison is passed; the authentication response information carries a network authentication-free password prestored in the terminal;
the registration module is further configured to compare the network authentication-free password stored in the unified data management network element with the network authentication-free password carried in the authentication response information, and if the comparison is consistent, negotiate with the terminal that encryption and integrity protection are not enabled this time, and complete a subsequent registration procedure with the terminal according to a standard procedure agreed by a standard communication protocol.
8. A registration system based on a 5G private network, wherein the system comprises an access management network element and a terminal;
the access management network element is used for responding to a first registration request sent by the terminal during normal operation of an authentication service network element in an external network and carrying out normal registration with the terminal; acquiring a network authentication-free password and a terminal authentication-free password generated in a normal registration process; storing the generated network authentication-free password and the terminal authentication-free password in a unified data management network element in the 5G private network; the generated network authentication-free password and the terminal authentication-free password are also stored in the terminal;
The access management network element is further used for responding to a second registration request sent by the terminal, and acquiring a pre-stored terminal authentication-free password from a unified data management network element deployed in the 5G private network under the condition that the authentication service network element deployed in the external network cannot be connected; the unified data management network element also stores a network authentication-free password, and the network authentication-free password and the terminal authentication-free password are generated in the prior normal registration process of the terminal; generating an authentication request carrying the authentication-free password of the terminal, and sending the authentication request to the terminal;
the terminal is used for carrying out consistency comparison on a terminal authentication-free password pre-stored in the terminal and a terminal authentication-free password carried in the authentication request, and sending authentication response information to the access management network element after the consistency comparison is passed; the authentication response information carries a network authentication-free password prestored in the terminal;
the access management network element is further used for acquiring the authentication response information; and comparing the network authentication-free password stored in the unified data management network element with the network authentication-free password carried in the authentication response information, negotiating with the terminal that encryption and integrity protection are not started at this time if the comparison is consistent, and completing a subsequent registration process with the terminal according to a standard process agreed by a standard communication protocol.
9. A communication device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 6 when the computer program is executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310872544.6A CN116600297B (en) | 2023-07-17 | 2023-07-17 | Registration method, device, system and communication equipment based on 5G private network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310872544.6A CN116600297B (en) | 2023-07-17 | 2023-07-17 | Registration method, device, system and communication equipment based on 5G private network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116600297A CN116600297A (en) | 2023-08-15 |
| CN116600297B true CN116600297B (en) | 2023-10-20 |
Family
ID=87612057
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310872544.6A Active CN116600297B (en) | 2023-07-17 | 2023-07-17 | Registration method, device, system and communication equipment based on 5G private network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116600297B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112423301A (en) * | 2020-11-02 | 2021-02-26 | 中国联合网络通信集团有限公司 | Private network registration management method and AMF network element |
| CN115175162A (en) * | 2021-04-06 | 2022-10-11 | 华为技术有限公司 | Communication method and device |
| CN115776717A (en) * | 2021-09-07 | 2023-03-10 | 中国移动通信集团设计院有限公司 | Terminal pre-registration method, device and equipment |
| WO2023041634A1 (en) * | 2021-09-20 | 2023-03-23 | Telefonaktiebolaget Lm Ericsson (Publ) | Authentication of a wireless communication device with an external authentication server |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11399281B2 (en) * | 2020-02-21 | 2022-07-26 | Telefonaktiebolaget Lm Ericsson (Publ) | Authentication server function selection in authentication and key management |
-
2023
- 2023-07-17 CN CN202310872544.6A patent/CN116600297B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112423301A (en) * | 2020-11-02 | 2021-02-26 | 中国联合网络通信集团有限公司 | Private network registration management method and AMF network element |
| CN115175162A (en) * | 2021-04-06 | 2022-10-11 | 华为技术有限公司 | Communication method and device |
| CN115776717A (en) * | 2021-09-07 | 2023-03-10 | 中国移动通信集团设计院有限公司 | Terminal pre-registration method, device and equipment |
| WO2023041634A1 (en) * | 2021-09-20 | 2023-03-23 | Telefonaktiebolaget Lm Ericsson (Publ) | Authentication of a wireless communication device with an external authentication server |
Non-Patent Citations (4)
| Title |
|---|
| Correction of NSSAI in the Registration procedure and Service Request procedure;China Telecom;3GPP TSG SA WG2 Meeting #140E S2-2006492;全文 * |
| eNS_502_KI#3_Update of Registration Procedures;XIAOMI;3GPP TSG-WG SA2 Meeting #144E e-meeting S2-2102655;全文 * |
| NF Registration via the NRF;Nokia 等;3GPP TSG-SA2 Meeting #127 S2-183261;全文 * |
| Nokia,等. "Discussion on UE configuration parameters update via the Registration Accept".3GPP TSG-CT WG1 Meeting #120 C1-196132.2019,全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116600297A (en) | 2023-08-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110781509B (en) | Data verification method and device, storage medium and computer equipment | |
| CN106060796A (en) | Method and device for destroying backups of terminal | |
| JP6230322B2 (en) | Communication apparatus, key sharing method, program, and communication system | |
| KR102162044B1 (en) | The Method for User Authentication Based on Block Chain and The System Thereof | |
| CN111342963A (en) | Data uplink method, data storage method and device | |
| CN104836784A (en) | Information processing method, client, and server | |
| US20220245631A1 (en) | Authentication method and apparatus of biometric payment device, computer device, and storage medium | |
| CN112398824B (en) | Authority verification method, storage medium and electronic equipment | |
| CN111614548A (en) | Message pushing method and device, computer equipment and storage medium | |
| KR20240011878A (en) | Secure and reliable bridge for asset transfer between different networks with updated watcher pools | |
| CN109150811B (en) | Method and device for realizing trusted session and computing equipment | |
| CN111324885A (en) | Distributed identity authentication method | |
| US11190351B2 (en) | Key generation method and acquisition method, private key update method, chip, and server | |
| CN116600297B (en) | Registration method, device, system and communication equipment based on 5G private network | |
| CN116489762A (en) | Access registration method, device, system, communication equipment and storage medium | |
| CN114257419B (en) | Device authentication method, device, computer device and storage medium | |
| CN106685931B (en) | Smart card application management method and system, terminal and smart card | |
| CN115314191A (en) | Fusion key application method and system | |
| CN114257406A (en) | Equipment communication method and device based on identification algorithm and computer equipment | |
| CN114978542A (en) | Full-life-cycle-oriented Internet of things equipment identity authentication method, system and storage medium | |
| CN114692124A (en) | Data reading and writing method and device and electronic equipment | |
| CN110535632B (en) | Quantum communication service station AKA key negotiation method and system based on asymmetric key pool pair and DH protocol | |
| CN109561093B (en) | Unauthorized behavior detection method and device, computer equipment and storage medium | |
| CN115250192A (en) | Robot network authentication system and method | |
| CN115150145B (en) | Crowd-sourced device communication method, device, computer device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |