WO2018119608A1 - Procédé de traitement d'application, dispositif de réseau et dispositif terminal - Google Patents

Procédé de traitement d'application, dispositif de réseau et dispositif terminal Download PDF

Info

Publication number
WO2018119608A1
WO2018119608A1 PCT/CN2016/112195 CN2016112195W WO2018119608A1 WO 2018119608 A1 WO2018119608 A1 WO 2018119608A1 CN 2016112195 W CN2016112195 W CN 2016112195W WO 2018119608 A1 WO2018119608 A1 WO 2018119608A1
Authority
WO
WIPO (PCT)
Prior art keywords
certificate
verified
application
information
terminal device
Prior art date
Application number
PCT/CN2016/112195
Other languages
English (en)
Chinese (zh)
Inventor
徐以旭
张进
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2016/112195 priority Critical patent/WO2018119608A1/fr
Publication of WO2018119608A1 publication Critical patent/WO2018119608A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the embodiments of the present application relate to communications technologies, and in particular, to an application processing method, a network device, and a terminal device.
  • the Next Generation Mobile Network (NGMN) organization is in the 5th generation (5th generation) to meet the quality of service (QoS) requirements of the dissatisfied types of devices, different types of services, and different application scenarios.
  • Th Generation referred to as 5G) communication system, configures a variety of different network slices for different service requirements.
  • a network slice may include a service requirement corresponding network function and a corresponding radio access technology (Radio Access Technology, RAT for short) configuration example.
  • RAT Radio Access Technology
  • a third party, such as an application (APP) can be authorized by the operator to manage the content of the network slice according to the information provided by the operator, and provide customized services for the user.
  • APP application
  • the operator can pre-configure the content of the network handover corresponding to the different service types of the terminal device to the terminal device.
  • the terminal device can access the data server or the application server corresponding to the preset application according to the network slice corresponding to the preset application.
  • the terminal device is a contracted user of the operator, the operator may perform legality authentication on the terminal device, but the illegal application running on the legal terminal device, such as an application that is maliciously modified or disguised, may be utilized.
  • a legitimate terminal device uses a network slice to access the network, causing serious security risks on the current network.
  • the embodiments of the present application provide an application processing method, a network device, and a terminal device, so as to reduce network security risks and improve network security.
  • an embodiment of the present application provides an application processing method, including:
  • the network device receives a verification request from the terminal device, where the verification request includes a certificate to be verified Information; the certificate to be verified is a certificate from the application providing device;
  • the network device determines the root certificate according to the information of the certificate to be verified
  • the network device sends a verification response to the terminal device, where the verification response includes a verification result of the to-be-verified certificate
  • the determining, by the network device, whether the information of the certificate to be verified meets the preset condition comprises: determining, by the network device, whether the certificate to be verified is a certificate issued by the certificate issuing device according to the information of the root certificate and the certificate to be verified .
  • the method may send a verification request to the network device by using the terminal device, where the verification request includes information of the certificate to be verified, and the network device determines the root certificate according to the information of the certificate to be verified, and according to the root certificate and the to-be-calibrated
  • the information of the verification certificate determines whether the certificate to be verified is a certificate issued by the certificate issuing device, obtains a verification result of the certificate to be verified, and then returns a verification response to the terminal device, where the verification response includes the to-be-checked The verification result of the certificate.
  • the network device can verify the certificate to be verified of the application, and can effectively prevent the illegal application running on the terminal device from using the network slice to access the network, thereby effectively ensuring the security of the network.
  • the verification request may further include an application identifier
  • the determining, by the network device, that the information of the to-be-verified certificate meets the preset condition may further include:
  • the network device determines, according to the application identifier and the information of the certificate to be verified, whether the certificate to be verified is a certificate of the providing device that is issued to the application.
  • the application identifier may include: an identifier of the application, and/or an identifier of the application providing device, and the like.
  • the identifier of the application may include at least one of the following: a name of the application, a version number of the application, and the like.
  • the identifier of the application providing device may include: the application provides information such as the name of the provider corresponding to the device.
  • the verification request as shown above may further include an identifier of the terminal device
  • the network device determines whether the information of the to-be-verified certificate meets the preset condition, and may further include:
  • the network device determines whether the network slice corresponding to the application is located in the network slice signed by the terminal device, according to the information of the network slice that is subscribed by the terminal device and the network slice information corresponding to the application.
  • the identifier of the terminal device as described above may include at least one identifier: an IP address of the terminal device, a medium access control address, a customer identification module identifier, an international mobile subscriber identity, and a global unique temporary User device identification, etc.
  • the verification response may further include information about a network slice corresponding to the application; wherein the preset condition includes: the to-be-checked
  • the certificate is the certificate issued by the certificate issuing device
  • the certificate to be verified is the certificate of the providing device issued to the application
  • the network slice corresponding to the application is located in the network slice signed by the terminal device.
  • the information about the network slice corresponding to the application includes at least one type of information: an identifier of the network slice, a service type corresponding to the network slice, a usage type corresponding to the network slice, and a network slice.
  • the validity period information and the certificate verification frequency information corresponding to the network slice includes at least one type of information: an identifier of the network slice, a service type corresponding to the network slice, a usage type corresponding to the network slice, and a network slice.
  • the service type may include any type of service such as a video service, a network phone service, and a V2X service.
  • the type of the terminal device that uses the network slice may also be referred to as the usage type corresponding to the network slice, and the usage type may include: the type of use of the in-vehicle user device, the type of use of the smart phone, and the like, and any terminal device using the network slice. Types of.
  • the receiving, by the network device, the verification request from the terminal device, as described above may include:
  • the network device receives the verification request from the terminal device during installation of the application.
  • the network device receives the verification request from the terminal device during startup of the application.
  • the information about the certificate to be verified may include at least one of the following: a public key of the certificate to be verified, a signature algorithm of the certificate to be verified, and a hash of the certificate to be verified The algorithm, the fingerprint algorithm of the certificate to be verified, the validity period of the certificate to be verified, the issuer identifier of the certificate to be verified, and the identifier of the object to which the certificate to be verified is issued.
  • the embodiment of the present application further provides an application processing method, including:
  • the terminal device sends a verification request to the network device, where the verification request includes a certificate to be verified
  • the information to be verified is a certificate of the provided device from the application; the information of the certificate to be verified is used for verification of the certificate to be verified;
  • the terminal device receives a verification response from the network device, and the verification response includes a verification result of the to-be-verified certificate.
  • the verification request may further include an application identifier, where the application identifier is used to determine whether the certificate to be verified is a certificate issued by the certificate issuing device to the application providing device.
  • the application identifier is further used for determining the information of the network slice corresponding to the application
  • the verification request further includes an identifier of the terminal device; the identifier of the terminal device is used for determining the network slice signed by the terminal device.
  • the verification response may further include information about the network slice corresponding to the application; wherein the preset condition includes: the to-be-verified certificate The certificate issued by the device is issued by the device, and the certificate to be verified is a certificate of the device provided to the application, and the network certificate corresponding to the certificate is located in the network slice signed by the terminal device;
  • the method can also include:
  • the terminal device stores information of a network slice corresponding to the application.
  • the terminal device may store information about the network slice corresponding to the application to the terminal device, whether the terminal device is in the installation process of the application or the information about the network slice corresponding to the application acquired during the startup process.
  • the information of the network slice corresponding to the application is prevented from being maliciously modified or copied to ensure network security.
  • the terminal device may store the information about the network slice corresponding to the application, and store the public key information corresponding to the application, so as to ensure that the application corresponds to the information.
  • the security of the network sliced information stored on the terminal device side is effective to prevent the information of the network slice corresponding to the application from being maliciously modified or copied to ensure network security.
  • the information about the network slice corresponding to the application may include at least one of the following: an identifier of the network slice, a service type corresponding to the network slice, a type of the terminal device using the network slice, and the The validity period information of the network slice and the certificate verification frequency information corresponding to the network slice.
  • the terminal device as shown above sends a verification request to the network device.
  • the terminal device sends the verification request to the network device during installation of the application.
  • the terminal device sends the verification request to the network device during startup of the application.
  • the terminal device may further include, after receiving the information including the network slice corresponding to the application, :
  • the terminal device continues to install the application.
  • the terminal device sends the verification request to the network device during the installation process of the application, and if the certificate to be verified satisfies the preset condition, the application is continuously installed, and the If the verification certificate does not meet any of the preset conditions, the installation of the application is stopped, and the installation of the illegal application can be effectively avoided, thereby effectively avoiding the risk of the network slice being accessed or attacked by the malicious application, and improving the security of the network.
  • the terminal device may further include, after receiving the information including the network slice corresponding to the application, :
  • the terminal device accesses the network according to the network slice.
  • the terminal device accesses the network according to the information of the network slice corresponding to the application, and implements a corresponding service requirement of the application.
  • the information about the certificate to be verified may include at least one of the following: a public key of the certificate to be verified, a signature algorithm of the certificate to be verified, and a hash of the certificate to be verified The algorithm, the fingerprint algorithm of the certificate to be verified, the validity period of the certificate to be verified, the issuer identifier of the certificate to be verified, and the identifier of the object to which the certificate to be verified is issued.
  • the embodiment of the present application further provides an application processing method, including:
  • the terminal device searches for information about the root certificate corresponding to the to-be-verified certificate from the preset root certificate area according to the information of the certificate to be verified; the certificate to be verified is a certificate of the providing device from the application;
  • the terminal device determines, according to the information about the root certificate and the certificate to be verified, whether the certificate to be verified is a certificate issued by the certificate issuing device, to obtain a verification result of the certificate to be verified.
  • the method may further determine, by the terminal device, a root certificate identifier corresponding to the to-be-verified certificate of the application, and find a root certificate corresponding to the root certificate identifier according to the root certificate identifier, and then according to the root certificate. Check the validity of the certificate to be verified. Due to the method, the terminal device The application to be verified can be verified, and the illegal application running on the legal terminal device can be effectively prevented from using the network segment to access the network, thereby effectively ensuring the security of the network.
  • the method may further include:
  • the terminal device receives an installation package of the application from the providing device of the application; the installation package may include: an installation file of the application, information of the certificate to be verified, and information of a network slice corresponding to the application.
  • the method may further include:
  • the terminal device stores information of a network slice corresponding to the application.
  • the embodiment of the present application further provides a network device, including:
  • a receiving module configured to receive a verification request from the terminal device, where the verification request includes information of the certificate to be verified; the certificate to be verified is a certificate of the providing device from the application;
  • a processing module configured to determine a root certificate according to the information of the to-be-verified certificate; determine whether the information of the to-be-verified certificate meets a preset condition, to obtain a verification result of the to-be-verified certificate;
  • a sending module configured to send a verification response to the terminal device, where the verification response includes a verification result of the to-be-verified certificate
  • the processing module is specifically configured to determine, according to the information about the root certificate and the certificate to be verified, whether the certificate to be verified is a certificate issued by the certificate issuing device.
  • the verification request further includes an application identifier
  • the processing module is further configured to determine, according to the application identifier and the information of the certificate to be verified, whether the certificate to be verified is a certificate of a providing device that is issued to the application.
  • the verification request may further include an identifier of the terminal device
  • the processing module is further configured to: determine, according to the application identifier, information about a network slice corresponding to the application; determine, according to the identifier of the terminal device, information about a network slice subscribed by the terminal device; and information about the network slice signed by the terminal device and the application Corresponding network slice information determines whether the network slice corresponding to the application is located in the network slice that the terminal device subscribes to.
  • the verification response further includes information about a network slice corresponding to the application; wherein the preset condition may include: the to-be-checked
  • the certificate is the certificate issued by the certificate issuing device, and the certificate to be verified is issued to the application.
  • the certificate for the device and the network slice corresponding to the application are located in the network slice signed by the terminal device.
  • the information about the network slice corresponding to the application may include at least one type of information: an identifier of the network slice, a service type corresponding to the network slice, a usage type corresponding to the network slice, and the network slice.
  • the validity period information and the certificate verification frequency information corresponding to the network slice may include at least one type of information: an identifier of the network slice, a service type corresponding to the network slice, a usage type corresponding to the network slice, and the network slice.
  • the receiving module is specifically configured to receive the verification request from the terminal device during the installation process of the application or during the startup process of the application.
  • the information about the certificate to be verified may include at least one of the following: a public key of the certificate to be verified, a signature algorithm of the certificate to be verified, and a hash of the certificate to be verified The algorithm, the fingerprint algorithm of the certificate to be verified, the validity period of the certificate to be verified, the issuer identifier of the certificate to be verified, and the identifier of the object to which the certificate to be verified is issued.
  • the embodiment of the present application further provides a terminal device, including:
  • a sending module configured to send a verification request to the network device, where the verification request includes information of the certificate to be verified; the certificate to be verified is a certificate of the providing device from the application; and the information of the certificate to be verified is used for the school to be verified Verification of the verification certificate;
  • a receiving module configured to receive a verification response from the network device, where the verification response includes a verification result of the to-be-verified certificate.
  • the verification request may further include an application identifier, where the application identifier is used to determine whether the certificate to be verified is a certificate issued by the certificate issuing device to the application providing device.
  • the application identifier is further used for determining the information of the network slice corresponding to the application
  • the verification request may further include an identifier of the terminal device; the identifier of the terminal device is used for determining the network slice signed by the terminal device.
  • the verification response further includes information about the network slice corresponding to the application; wherein the preset condition includes: the to-be-verified certificate is The certificate issued by the certificate issuing device, the certificate to be verified is a certificate of the providing device issued to the application, and the certificate to be verified is a network slice corresponding to the application, and is located in a network slice signed by the terminal device;
  • the terminal device further includes:
  • the storage module is configured to store information about a network slice corresponding to the application.
  • the information about the network slice corresponding to the application includes at least one of the following: an identifier of the network slice, a service type corresponding to the network slice, a type of the terminal device using the network slice, and the network The validity period information of the slice and the certificate verification frequency information corresponding to the network slice.
  • the sending module is specifically configured to send the verification request to the network device during installation of the application or during startup of the application.
  • the information about the certificate to be verified may include at least one of the following: a public key of the certificate to be verified, a signature algorithm of the certificate to be verified, and a hash of the certificate to be verified The algorithm, the fingerprint algorithm of the certificate to be verified, the validity period of the certificate to be verified, the issuer identifier of the certificate to be verified, and the identifier of the object to which the certificate to be verified is issued.
  • the embodiment of the present application further provides a terminal device, including:
  • a processing module configured to search, according to the information of the certificate to be verified, the information of the root certificate corresponding to the certificate to be verified from the preset root certificate area; the certificate to be verified is a certificate of the providing device from the application; The information of the root certificate and the certificate to be verified determines whether the certificate to be verified is a certificate issued by the certificate issuing device, so as to obtain a verification result of the certificate to be verified.
  • the terminal device further includes:
  • the receiving module is configured to receive an installation package of the application from the providing device of the application; the installation package includes: an installation file of the application, information about the certificate to be verified, and information about a network slice corresponding to the application.
  • the terminal device further includes:
  • the storage module is configured to store information about a network slice corresponding to the application.
  • the embodiment of the present application further provides a network device, including: a receiver, a processor, and a transmitter; wherein the receiver is connected to the processor, and the processor is connected to the transmitter;
  • the receiver is configured to receive a verification request from the terminal device, where the verification request includes information about the certificate to be verified; the certificate to be verified is a certificate of the providing device from the application;
  • a processor configured to determine a root certificate according to the information of the to-be-verified certificate; determine whether the information of the to-be-verified certificate meets a preset condition, to obtain a verification result of the to-be-verified certificate;
  • a transmitter configured to send a verification response to the terminal device, where the verification response includes a verification result of the to-be-verified certificate
  • the processor is specifically configured to determine, according to the information about the root certificate and the certificate to be verified, whether the certificate to be verified is a certificate issued by the certificate issuing device.
  • the verification request further includes an application identifier
  • the processor is further configured to determine, according to the application identifier and the information of the certificate to be verified, whether the certificate to be verified is a certificate of the providing device that is issued to the application.
  • the verification request may further include an identifier of the terminal device
  • the processor is further configured to determine, according to the application identifier, information about a network slice corresponding to the application; determine, according to the identifier of the terminal device, information about a network slice subscribed by the terminal device; and information about the network slice signed by the terminal device and the application Corresponding network slice information determines whether the network slice corresponding to the application is located in the network slice that the terminal device subscribes to.
  • the verification response further includes information about a network slice corresponding to the application; wherein the preset condition includes: the to-be-verified certificate
  • the certificate issued by the device is issued by the device, and the certificate to be verified is the certificate of the providing device issued to the application, and the network slice corresponding to the application is located in the network slice signed by the terminal device.
  • the information about the network slice corresponding to the application includes at least one type of information: an identifier of the network slice, a service type corresponding to the network slice, a usage type corresponding to the network slice, and a network slice.
  • the validity period information and the certificate verification frequency information corresponding to the network slice includes at least one type of information: an identifier of the network slice, a service type corresponding to the network slice, a usage type corresponding to the network slice, and a network slice.
  • the receiver has a means for receiving the verification request from the terminal device during installation of the application or during startup of the application.
  • the information about the certificate to be verified includes at least one of the following: a public key of the certificate to be verified, a signature algorithm of the certificate to be verified, and a hash algorithm of the certificate to be verified.
  • the embodiment of the present application further provides a terminal device, including: a transmitter and a receiver;
  • the sender is configured to send a verification request to the network device, where the verification request includes information about the certificate to be verified; the certificate to be verified is a certificate of the providing device from the application; and the information of the certificate to be verified is used for Verification of the certificate to be verified;
  • a receiver configured to receive a verification response from the network device, where the verification response includes a verification result of the to-be-verified certificate.
  • the verification request further includes an application identifier, where the application identifier is used to determine whether the certificate to be verified is a certificate issued by the certificate issuing device to the application providing device.
  • the application identifier is further used for determining the information of the network slice corresponding to the application
  • the verification request further includes an identifier of the terminal device; the identifier of the terminal device is used for determining a network slice subscribed by the terminal device.
  • the verification response further includes information about the network slice corresponding to the application; wherein the preset condition includes: the to-be-verified certificate is The certificate issued by the certificate issuing device, the certificate to be verified is a certificate of the providing device issued to the application, and the certificate to be verified is a network slice corresponding to the application, and is located in a network slice signed by the terminal device;
  • the terminal device further includes: a processor and a memory; the processor is connected to the memory, and the processor is further connected to the receiver;
  • a processor configured to store information of the network slice corresponding to the application into the memory.
  • the information about the network slice corresponding to the application includes at least one of the following: an identifier of the network slice, a service type corresponding to the network slice, a type of the terminal device using the network slice, and the network The validity period information of the slice and the certificate verification frequency information corresponding to the network slice.
  • the transmitter is specifically configured to send the verification request to the network device during installation of the application or during startup of the application.
  • the information about the certificate to be verified includes at least one of the following: a public key of the certificate to be verified, a signature algorithm of the certificate to be verified, and a hash algorithm of the certificate to be verified.
  • the ninth aspect, the embodiment of the present application further provides a terminal device, including: a processor;
  • a processor configured to search, according to the information of the certificate to be verified, the information of the root certificate corresponding to the certificate to be verified from the preset root certificate area; the certificate to be verified is a certificate of the providing device from the application; The information of the root certificate and the certificate to be verified determines whether the certificate to be verified is a certificate issued by the certificate issuing device, so as to obtain a verification result of the certificate to be verified.
  • the terminal device further includes: a receiver; the receiver is connected to the processor Connect
  • a receiver configured to receive an installation package of the application from the providing device of the application; the installation package includes: an installation file of the application, information about the certificate to be verified, and information about a network slice corresponding to the application.
  • the terminal device further includes: a memory; the processor is connected to the memory;
  • the processor is configured to store the information of the network slice corresponding to the application into the memory if the certificate to be verified is a certificate issued by the certificate issuing device.
  • the embodiment of the present application further provides a computer program product, where the computer program product includes a program code corresponding to any one of the application processing methods provided by the first aspect of the embodiment of the present application.
  • the embodiment of the present application further provides a computer program product, where the computer program product includes program code corresponding to any one of the application processing methods provided by the second aspect of the embodiment of the present application.
  • the embodiment of the present application further provides a computer program product, where the computer program product includes a program code corresponding to any one of the application processing methods provided by the third aspect of the embodiment of the present application.
  • the embodiment of the present application further provides a storage medium, where the storage medium is used to store a computer program product, where the computer program product includes: a program code, where the program code may include the first embodiment of the present application.
  • the embodiment of the present application further provides a storage medium, where the storage medium is used to store a computer program product, where the computer program product includes: a program code, where the program code may include the foregoing The program code corresponding to any of the application processing methods provided by the two aspects.
  • the embodiment of the present application further provides a storage medium, where the storage medium is used to store a computer program product, where the computer program product includes: a program code, where the program code may include the foregoing The program code corresponding to any of the application processing methods provided by the three aspects.
  • the application processing method, the network device, and the terminal device in the embodiment of the present application may send a verification request to the network device by using the terminal device, where the verification request includes information of the certificate to be verified, and the network device root Determining the root certificate according to the information of the certificate to be verified, and determining whether the certificate to be verified is a certificate issued by the certificate issuing device according to the information of the root certificate and the certificate to be verified, and obtaining the verification of the certificate to be verified As a result, a verification response is then returned to the terminal device, the verification response including the verification result of the certificate to be verified.
  • the network device can verify the verification certificate, which can effectively prevent the illegal application running on the terminal device from using the network device to access the network, thereby effectively ensuring the security of the network.
  • FIG. 1 is a structural diagram of a network system to which embodiments of the present application are applied;
  • FIG. 2 is a flowchart 1 of an application processing method according to an embodiment of the present application.
  • FIG. 3 is a second flowchart of an application processing method according to an embodiment of the present disclosure.
  • FIG. 4 is a flowchart 3 of an application processing method according to an embodiment of the present application.
  • FIG. 5 is a flowchart 4 of an application processing method according to an embodiment of the present disclosure.
  • FIG. 6 is a flowchart 5 of an application processing method according to an embodiment of the present disclosure.
  • FIG. 7 is a schematic structural diagram 1 of a network device according to an embodiment of the present disclosure.
  • FIG. 8 is a schematic structural diagram 1 of a terminal device according to an embodiment of the present disclosure.
  • FIG. 9 is a schematic structural diagram 2 of a terminal device according to an embodiment of the present disclosure.
  • FIG. 10 is a schematic structural diagram 2 of a network device according to an embodiment of the present disclosure.
  • FIG. 11 is a schematic structural diagram 1 of a computer program product according to an embodiment of the present application.
  • FIG. 12 is a schematic structural diagram 1 of a storage medium according to an embodiment of the present disclosure.
  • FIG. 13 is a schematic structural diagram 3 of a terminal device according to an embodiment of the present disclosure.
  • FIG. 14 is a schematic structural diagram 2 of a computer program product according to an embodiment of the present application.
  • FIG. 15 is a second schematic structural diagram of a storage medium according to an embodiment of the present disclosure.
  • FIG. 16 is a schematic structural diagram 4 of a terminal device according to an embodiment of the present disclosure.
  • FIG. 17 is a schematic structural diagram 3 of a computer program product according to an embodiment of the present disclosure.
  • FIG. 18 is a schematic structural diagram 3 of a storage medium according to an embodiment of the present application.
  • FIG. 1 is a structural diagram of a network system to which embodiments of the present application apply.
  • the terminal device can access the corresponding server, such as a server, through a radio access network (RAN) and a core network (CN), thereby implementing corresponding Service.
  • the applicable scenarios of the terminal device may include: an enhanced mobile broadband (eMBB), a large-scale Internet of Things (mMiveMTC), and a low-latency and high-reliability communication (Ultra-Relaible and Low).
  • eMBB enhanced mobile broadband
  • mMiveMTC large-scale Internet of Things
  • Ultra-Relaible and Low Low-latency and high-reliability communication
  • At least one scenario such as Latency Communication (URLLC).
  • URLLC Latency Communication
  • the terminal device may have an APP-slice adaptor corresponding to the eMBB application, where
  • the eMBB application may include: an eMBB E1 application and an eMBB E2 application.
  • the network slice adapter corresponding to the eMBB application may include a correspondence between the eMBB E1 application and the network slice information, and a correspondence between the eMBB E2 application and the network slice information.
  • the Control Plane Network Functions for eMBB can be accessed according to the eMBB Common CP NFs of the Mobile Broadband Common Control Plane Network Functions (eMBB Common CP NFs).
  • Slice E1 accesses the server device corresponding to the IMS by accessing the User Plane Network Functions for eMBB Slice E1 to implement the corresponding IMS service.
  • the terminal device in the eMBB scenario can also access the eMBB E2 slice control plane network element (Control Plane Network Functions for eMBB Slice E2) according to the eMBB Common CP NFs, and access the user plane network element of the eMBB E2 slice (User Plane Network). Functions for eMBB Slice E2), thereby accessing the server device corresponding to the Internet to implement the corresponding Internet service.
  • the terminal device may have a network slice adapter corresponding to the mMTC application; the mMTC application may include: mMTC M1 application and mMTC M2 application.
  • the network slice adapter corresponding to the mMTC application may include a correspondence between the mMTC M1 application and the network slice information, and a correspondence between the mMTC M2 application and the network slice information.
  • the control plane network element (Control Plane Network Functions for mMTC Slice M1) can be connected to the MMTC M1 slice, and the user plane network element of the mMTC M1 slice is accessed.
  • the Control Plane Network Functions for mMTC Slice M1 can also be accessed by accessing the MMTC M2 sliced user plane network element (User Plane Network Functions for mMTC Slice M2). ), thereby accessing the server device corresponding to the industrial sensor to realize the corresponding industrial sensor service.
  • the terminal device may have a network slice adapter corresponding to the URLLC application, and the URLLC application includes the URLLC U1 application and URLLC U2 application.
  • the network slice adapter corresponding to the URLLC application may include a correspondence between the URLLC U1 application and the network slice information, and a correspondence between the URLLC U2 application and the network slice information.
  • the User Plane Network Functions for URLLC Slice U1 can be accessed by the terminal device in the URLLC scenario by accessing the Control Plane Network Functions for URLLC Slice U1. Therefore, the server device corresponding to the V2X is accessed to implement the corresponding grid service.
  • the Control Plane Network Functions for URLLC Slice U2 can also be accessed, and the User Plane Network Functions for URLLC Slice U2 is accessed by accessing the URLLC U2 slice. ), thereby accessing the server device corresponding to the haptic Internet, and implementing the corresponding haptic Internet service.
  • the terminal device involved in the following embodiments of the present application may be a device that provides data connectivity to a user, a handheld device with a wireless connection function, or a wireless device that is connected to a wireless modem.
  • the wireless terminal can communicate with one or more core networks via the RAN), which can be a mobile terminal, such as a mobile telephone (or "cellular" telephone) and a computer with a mobile terminal, for example, can be portable, pocket-sized , handheld, computer built-in or in-vehicle mobile devices that exchange language and/or data with a wireless access network.
  • a wireless terminal may also be called a system, a subscriber unit (Subscriber Unit), a subscriber station (Subscriber Station), and a mobile station (Mobile). Station), Mobile Station, Remote Station, Access Point, Remote Terminal, Access Terminal, User Terminal, User Agent Agent), User Device, User Equipment, smartphone, Automated Device or Internet Of Things Device.
  • PCS Personal Communication Service
  • SIP Session Initiation Protocol
  • WLL Wireless Local Loop
  • PDA Personal Digital Assistant
  • a wireless terminal may also be called a system, a subscriber unit (Subscriber Unit), a subscriber station (Subscriber Station), and a mobile station (Mobile). Station), Mobile Station, Remote Station, Access Point, Remote Terminal, Access Terminal, User Terminal, User Agent Agent), User Device, User Equipment, smartphone, Automated Device or Internet Of Things Device.
  • the carrier device involved in the following embodiments of the present application may be a network element device in an operator network.
  • the network element device in the carrier network may be a Mobility Management Entity (MME), or another network element entity with mobility or slice management functions, such as a Common Control Plane (Common Control Plane, Common Common CP) or Slice Select Function (SSF).
  • MME Mobility Management Entity
  • SSF Slice Select Function
  • FIG. 2 is a flowchart 1 of an application processing method according to an embodiment of the present application. As shown in FIG. 2, the application processing method may include:
  • the terminal device sends a verification request to the network device.
  • the verification request includes information about the certificate to be verified; the certificate to be verified is a certificate of the providing device from the application.
  • the terminal device may send a verification request to the network device if it is determined that the application needs to use the network slice to access the corresponding network.
  • the terminal device may send a permission request to the user, and if receiving a confirmation command input by the user, such as clicking and agreeing to the corresponding instruction, it may be determined that the application needs to use the network slice to access the corresponding network.
  • the application may be an application that the terminal device is installing or already installed after being downloaded from an application store or other channels.
  • the providing device of the application may be a server that provides the application, such as a server of an application provider, or a server of an application store, or the like.
  • the network device can be a carrier device, such as a carrier device to which the terminal device is attached. That is, the terminal device can send a verification request to the carrier device to which it is attached.
  • the verification request may be an APP Certificate Validate Request.
  • the terminal device may send a Non-Access Stratum (NAS) signaling to the carrier device, where the verification request may be included in the NAS signaling.
  • NAS Non-Access Stratum
  • the network device can also be a server, such as a certificate verification server. That is, the terminal device can send a verification request to the server. For example, the terminal device can send the verification request to the server through the user plane message.
  • the terminal device may be pre-stored at the end Information such as an internet protocol (IP) address or a network domain name of the server on the end device determines the server, and then sends the verification request to the server.
  • IP internet protocol
  • the network device receives the verification request from the terminal device.
  • the network device determines a root certificate according to the information of the to-be-verified certificate.
  • the information of the certificate to be verified may include a root certificate identifier.
  • the network device can determine the root certificate according to the root certificate identifier.
  • the information of the certificate to be verified may further include at least one of the following: a public key of the certificate to be verified, a signature algorithm of the certificate to be verified, a hash algorithm of the certificate to be verified, and the to-be-calibrated
  • the fingerprint algorithm of the verification book, the validity period of the certificate to be verified, the issuer identifier of the certificate to be verified, and the identifier of the object to which the certificate to be verified is issued.
  • the issuer identifier may be an identifier of a certificate issuing device, such as an identifier of a carrier, a certificate authority (CA) identifier, or the like.
  • the CA identifier may be the identity of the issuing authority of the certificate to be verified, such as the carrier device, the certificate server, or other certificate issuing organization.
  • the identifier of the object to which the certificate to be verified is issued may be at least one of an identifier of the application provider, an identifier of the providing device of the application, and the like.
  • the network device determines whether the information of the to-be-verified certificate meets a preset condition, to obtain a verification result of the to-be-verified certificate.
  • the determining, by the network device in S203, that the information of the to-be-verified certificate meets the preset condition may include:
  • the network device determines, according to the root certificate and the information of the certificate to be verified, whether the certificate to be verified is a certificate issued by the certificate issuing device.
  • the network device can determine whether the information of the root certificate and the information of the certificate to be verified include the same information. If the information of the root certificate and the information of the certificate to be verified include the same information, the network device may determine that the certificate to be verified is a certificate issued by the certificate issuing device, and thus the certificate to be verified may be determined. The first check passes. On the other hand, if the information of the root certificate and the information of the certificate to be verified do not include the same information, the network device may determine that the certificate to be verified is not a certificate issued by the certificate issuing device, and thus may determine the pending The first verification of the certificate failed.
  • the network device may be the same device or different device as the certificate issuing device.
  • the certificate issuing device may be a carrier device or another certificate issuing device.
  • the network device sends a verification response to the terminal device.
  • the verification response includes a verification result of the to-be-verified certificate.
  • the terminal device receives the verification response from the network device.
  • the verification response can be an APP Certificate Validate response. If the first check of the to-be-verified certificate is passed, the verification result of the to-be-verified certificate in the verification response may include a first verification success indication, and the first verification success indication may also be called a school Pass the Pass (Validate Pass). If the first check of the to-be-verified certificate fails, the verification result of the to-be-verified certificate may also include a first verification failure indication, and the first verification failure indication may also be referred to as a verification pass indication (Validate Fail).
  • the terminal device may send a verification request to the network device, where the verification request includes information about the certificate to be verified, and the network device determines the root certificate according to the information of the certificate to be verified. And determining, according to the information about the root certificate and the certificate to be verified, whether the certificate to be verified is a certificate issued by the certificate issuing device, obtaining a verification result of the certificate to be verified, and then returning a verification response to the terminal device, The verification response includes a verification result of the certificate to be verified.
  • the network device can verify the certificate to be verified of the application, and can effectively prevent the illegal application running on the terminal device from using the network slice to access the network, thereby effectively ensuring the security of the network.
  • the verification request further includes: an application identifier.
  • the application identifier may include: an identifier of the application, and/or an identifier of the application providing device, and the like.
  • the identifier of the application may include at least one of the following: a name of the application, a version number of the application, and the like.
  • the identifier of the application providing device may include: the application provides information such as the name of the provider corresponding to the device.
  • the determining, by the network device in S203, that the information of the to-be-verified certificate meets the preset condition may further include:
  • the network device determines, according to the application identifier and the information of the certificate to be verified, whether the certificate to be verified is a certificate of the providing device that is issued to the application.
  • the network device may determine a certificate of the providing device issued to the application according to the application identifier, and then compare whether the information of the certificate issued to the providing device of the application includes the information of the certificate to be verified. If the information of the certificate issued to the application providing device includes the information of the certificate to be verified, the network device determines that the certificate to be verified is a certificate of the providing device issued to the application, and may determine the first certificate to be verified. The second check passed. On the other hand, if the information of the certificate issued to the application providing device does not include the information of the certificate to be verified, the network device determines that the certificate to be verified is not issued. A certificate issued to the application providing device, and thus the second verification failure of the certificate to be verified may be determined.
  • the verification result of the to-be-verified certificate in the verification response may include a second verification success indication. If the second verification of the to-be-verified certificate fails, the verification result of the to-be-verified certificate may include a second verification failure indication.
  • the first check of the to-be-verified certificate and the second check of the to-be-verified certificate may be performed simultaneously or sequentially.
  • the network device may perform a second check on the to-be-verified certificate if the first verification of the to-be-verified certificate is successful.
  • the first verification success may be: the certificate to be verified is a certificate issued by the certificate issuing device, and the second verification includes: determining whether the certificate to be verified is a certificate of the providing device issued to the application. .
  • the verification request as described above may further include: an identifier of the terminal device.
  • the identifier of the terminal device as described above may include at least one of the following: an IP address of the terminal device, a Medium Access Control (MAC) address, and a Subscriber Identity Module (SIM).
  • the identification the International Mobile Subscriber Identification Number (IMSI), and the Globally Unique Temporary UE Identity (GUTI).
  • IMSI International Mobile Subscriber Identification Number
  • GUI Globally Unique Temporary UE Identity
  • the determining, by the network device in S203, that the information of the to-be-verified certificate meets the preset condition may further include:
  • the network device determines whether the network slice corresponding to the application is located in the network slice signed by the terminal device, according to the information of the network slice that is subscribed to by the terminal device and the network slice information corresponding to the application.
  • the network device may determine, according to the application identifier, a correspondence between the preset application identifier and the network slice information, the information of the network slice corresponding to the application identifier is information about the network slice corresponding to the application.
  • the network device may determine, according to the identifier of the terminal device, a correspondence between the preset terminal device identifier and the subscription network slice information, information about the network slice that the terminal device subscribes to.
  • the network device may query the network corresponding to the application in the information of the network slice subscribed by the terminal device.
  • Network slice information If the information about the network slice corresponding to the application is queried, that is, the information about the network slice corresponding to the application includes the information about the network slice corresponding to the application, the network slice corresponding to the application is determined to be signed by the terminal device. Within the network slice, the third check of the certificate to be verified can be determined to pass.
  • the network slice corresponding to the application may be determined not to be It is located in the network slice that is subscribed to by the terminal device, so that the third verification failure of the to-be-verified certificate can be determined.
  • the verification result of the to-be-verified certificate in the verification response may include a third verification success indication. If the third verification of the to-be-verified certificate fails, the verification result of the to-be-verified certificate may also include a third verification failure indication.
  • the first check of the to-be-verified certificate, the second check of the to-be-verified certificate, and the third check of the to-be-verified certificate may be performed simultaneously, or may be performed sequentially.
  • the network device may perform a second check on the to-be-verified certificate if the first verification of the to-be-verified certificate is successful, and if the second verification is successful, The certificate to be verified performs a third verification.
  • the first verification success may be: the certificate to be verified is a certificate issued by the certificate issuing device, and the second verification succeeds: the certificate to be verified is a certificate of a providing device issued to the application,
  • the third check includes: determining whether the network slice corresponding to the application is located in the network slice signed by the terminal device.
  • the verification response may further include: information about the network slice corresponding to the application.
  • the preset condition includes: the certificate to be verified is a certificate issued by the certificate issuing device, the certificate to be verified is a certificate of the providing device issued to the application, and the network slice corresponding to the application is located at the terminal device. Within the network slice.
  • the network device may determine that the to-be-verified certificate satisfies the preset condition, that is, the first check, the second check, and the third check of the to-be-verified certificate are verified, and the check is passed. Sending information of the network slice corresponding to the application to the terminal device.
  • the information of the network slice corresponding to the application may include a mapping relationship between the application and the information of the network slice.
  • the terminal device may refresh the network slice corresponding to the application stored by the terminal device according to the information of the network slice corresponding to the application.
  • the information in the adapter is to update the information in the network slice adapter corresponding to the application to the received network slice information corresponding to the application.
  • the information about the network slice corresponding to the application includes at least one of the following information: an identifier of the network slice, a service type corresponding to the network slice, and a type of the terminal device that uses the network slice. And the validity period information of the network slice, and the like.
  • the service type may include any of the types of services, such as a video service, a voice over internet protocol (VoIP) service, and a V2X service.
  • a video service such as a video service, a voice over internet protocol (VoIP) service, and a V2X service.
  • VoIP voice over internet protocol
  • V2X V2X service
  • the type of the terminal device that uses the network slice may also be referred to as the usage type (Usage Type) corresponding to the network slice, and the usage type may include: a car UE Usage Type, and a type of use of the smart phone ( Smartphone UE Usage Type) Any type of terminal device that uses this network slice.
  • Usage Type a car UE Usage Type
  • Smartphone UE Usage Type a type of use of the smart phone
  • Network slices of different security levels have different validity periods.
  • the validity period information of the network slice can be determined by the network device according to the security level of the network slice.
  • the terminal device may determine the validity period of the network slice according to the received validity period information of the network slice, and access the corresponding network according to the information of the network slice during the validity period of the network slice. If the validity period of the network slice expires, the terminal device may perform the certificate verification of the application by using any one of the application processing methods described above, and re-acquire the network slice from the network device if the certificate verification is passed. information.
  • the verification response further includes: certificate verification frequency information of the application.
  • network slices of different security levels have different certificate verification frequencies.
  • the certificate check frequency indication of the network slice can be determined by the network device based on the security level of the network slice.
  • the terminal device may determine a certificate verification frequency of the application according to the certificate verification frequency information of the application, and send the verification request to the network device according to the certificate verification frequency of the application, so that the network device is to be The verification is verified again.
  • FIG. 3 is a second flowchart of an application processing method according to an embodiment of the present application. As shown in Figure 3, the above steps S201 can include:
  • the terminal device sends the verification request to the network device during the installation process of the application.
  • the terminal device may suspend the installation of the application and send the verification request to the network device.
  • the verification response further includes: information about the network slice corresponding to the application.
  • the method may include:
  • the terminal device stores information about the network slice corresponding to the application, and installs the application.
  • the terminal device may store information about the network slice corresponding to the application. If the installation of the application is suspended, the terminal device may continue to install the application, so that after the application is installed, the information may be accessed according to the information of the network slice corresponding to the application.
  • the network implements the corresponding business needs of the application.
  • the certificate to be verified does not meet the preset condition, that is, the certificate to be verified is not issued by the certificate issuing device, and the certificate to be verified is not issued to the application providing device by the certificate issuing device.
  • the method may include: the terminal device stops installing the application, or the network slice corresponding to the application is not located in the network slice signed by the terminal device.
  • the terminal device sends the verification request to the network device during the installation process of the application, and if the certificate to be verified satisfies the preset condition, the application is continuously installed, and the If the verification certificate does not meet any of the preset conditions, the installation of the application is stopped, and the installation of the illegal application can be effectively avoided, thereby effectively avoiding the risk of the network slice being accessed or attacked by the malicious application, and improving the security of the network.
  • the method may further include:
  • the providing device of the application sends the installation package of the application to the terminal device.
  • the installation package includes: a signature file, an installation file, and the certificate to be verified.
  • the terminal device receives the installation package of the application from the providing device of the application.
  • the signature file may be used by the application providing device to perform signature processing on the installation file of the application, obtain signature data, and then encrypt the signature data according to a preset private key by using a preset fingerprint algorithm.
  • the certificate to be verified may be determined by the application providing device according to the certificate obtained from the certificate issuing device, and the certificate to be verified may include, for example, a certificate issued by the certificate issuing device. All or part of the information in the book.
  • S301b The terminal device performs integrity verification on the installation file according to the to-be-verified certificate and the signature file.
  • the terminal device may determine, according to the to-be-verified certificate, a public key, a signature algorithm, and a fingerprint algorithm corresponding to the private key, and perform a signature operation on the installation file according to the signature algorithm to obtain signature data A of the installation file, and then The public key uses the fingerprint algorithm to decrypt the signature file to obtain signature data B.
  • the terminal device performs integrity verification on the installation file by comparing the signature data A and the signature data B. If the signature data A and the signature data B are the same, the terminal device may determine that the integrity check of the installation file passes; if the signature data A and the signature data B are different, the terminal device may determine the installation file. The integrity check failed.
  • the terminal device determines that the integrity check is passed, it is determined that the installation file has not been maliciously modified; if the terminal device determines that the integrity check fails, it is determined that the installation file is maliciously modified and belongs to an incomplete file.
  • the terminal device sends the verification request to the network device, which may include:
  • the terminal device During the installation process of the application, if the integrity check of the installation file passes, the terminal device sends the verification request to the network device.
  • the installation file is integrity checked, and if the integrity check of the installation file passes, the installation of the application is performed, and then the verification request is sent to the network device during the installation process of the application. It can effectively avoid the installation of illegal applications, effectively avoid the risk of network slicing being attacked or attacked by malicious applications, improve the security of the network, and effectively avoid the application incomplete or difficult application caused by malicious modification. Realization, effectively guarantee the implementation of the corresponding function of the application.
  • FIG. 4 is a third flowchart of an application processing method according to an embodiment of the present disclosure. As shown in FIG. 4, the application processing method may include:
  • the certificate issuing device sends a first certificate to the providing device of the application.
  • the providing device of the application receives the first certificate from the certificate issuing device.
  • the first certificate may be a certificate issued by the certificate issuing device to the providing device of the application.
  • the providing device of the application processes the installation file of the application according to the first certificate. Get the signature file for the app.
  • the installation file of the application may be an installation file pre-stored in the providing device, and the installation file on the providing device may be an installation file uploaded by a developer of the application.
  • the application providing device may determine a signature algorithm, a private key, a fingerprint algorithm, and the like according to the first certificate, and process the installation file according to the signature algorithm to obtain signature data of the installation file, and adopt the fingerprint algorithm according to the private key.
  • the installation file is encrypted to obtain the signature file of the application.
  • the application providing device sends the signature file, the installation file, and the second certificate to the terminal device.
  • the second certificate includes all or part of the information of the first certificate, and the second certificate and the signature file are used to enable the terminal device. Perform an integrity check on the installation file.
  • the second certificate may be a certificate to be verified in the application processing method as described in any of the above.
  • the information about the first certificate as described above may include at least one of the following information: a secret key pair, a signature algorithm, a hash algorithm, a fingerprint algorithm, an expiration date, an issuer identifier, and an identifier of the issued object;
  • the key pair includes: a private key and a public key.
  • the issuer identifier may include the identifier of the certificate issuing device in the first certificate.
  • the identifier of the issued object may include: an identifier of the provided device of the application.
  • the providing device of the application may process the installation file according to the signature algorithm in the first certificate, obtain signature data of the installation file, and process the processed data according to the hash algorithm. , get the hash value of the signature data.
  • the providing device of the application may, for example, encrypt the hash value of the signature data according to the fingerprint algorithm in the first certificate according to the private key in the key pair to obtain the signature file.
  • the certificate issuing device may send a certificate update request to obtain the latest certificate issued by the certificate issuing device, so as to implement timely updating of the certificate, so as to effectively avoid being effective. Avoid the installation of illegal applications, effectively avoid the risk of network slicing being attacked or attacked by malicious applications, and improve network security.
  • the information of the second certificate includes partial information of the information of the first certificate.
  • the information of the second certificate may include at least one of the following: a public key in the information of the first certificate, a signature algorithm in the information of the first certificate, a hash algorithm in the information of the first certificate, a fingerprint algorithm in the information of the first certificate, a validity period in the information of the first certificate, and a letter of the first certificate.
  • the terminal device may perform a signature operation on the installation file according to the signature algorithm. And performing the hash operation on the data after the signature operation according to the hash algorithm, obtaining the signature data A of the installation file, and then decrypting the signature file according to the public key by the fingerprint algorithm to obtain the signature data B.
  • the terminal device can perform integrity check on the installation file by comparing the signature data A and the signature data B. If the signature data A and the signature data B are the same, the terminal device may determine that the integrity check of the installation file passes; otherwise, if the signature data A and the signature data B are different, the terminal device may determine the integrity of the installation file. Sex check failed.
  • first certificate and the second certificate is only an example, and the first certificate and the second certificate may further include other information such as the certificate specification, and details are not described herein again.
  • the sending, by the terminal device, the verification request to the network device in S201, as described above, may include:
  • the terminal device sends the verification request to the network device.
  • the terminal device may send the verification request to the network device during each startup of the application, or may send the verification request to the network device during the first startup of the application.
  • the verification response further includes: information about the network slice corresponding to the application.
  • the method may further include:
  • the terminal device stores information about a network slice corresponding to the application, and accesses the network according to the network slice.
  • the terminal device can access the network according to the information of the network slice corresponding to the application, so as to implement the corresponding service requirement of the application.
  • the terminal device may store information about the network slice corresponding to the application to the terminal device, whether the terminal device is in the installation process of the application or the information about the network slice corresponding to the application acquired during the startup process.
  • the information of the network slice corresponding to the application is prevented from being maliciously modified or copied to ensure network security.
  • the terminal device may store the information about the network slice corresponding to the application, and store the public key information corresponding to the application, so as to ensure that the application corresponds to the information.
  • the security of the network sliced information stored on the terminal device side is effectively avoided.
  • the information of the network slice corresponding to the application is maliciously modified or copied to ensure network security.
  • FIG. 5 is a flowchart 4 of an application processing method according to an embodiment of the present application.
  • the application processing method may include:
  • the terminal device searches for a root certificate corresponding to the to-be-verified certificate from the preset root certificate area according to the information of the certificate to be verified.
  • the certificate to be verified may be a certificate from the application providing device.
  • the information of the certificate to be verified may include a root certificate identifier.
  • the terminal device can search for the root certificate corresponding to the root certificate identifier from the preset root certificate area according to the root certificate identifier.
  • the preset root certificate area may store at least one root certificate, and each root certificate has a corresponding root certificate identifier.
  • the terminal device determines, according to the root certificate, the certificate to be verified, whether the certificate to be verified is a certificate issued by the certificate issuing device, to obtain a verification result of the to-be-verified certificate.
  • the terminal device can determine whether the information of the root certificate and the information of the certificate to be verified include the same information. If the information of the root certificate and the information of the certificate to be verified include the same information, the terminal device may determine that the certificate to be verified is a certificate issued by the certificate issuing device, and the validity of the certificate to be verified is verified. . On the other hand, if the information of the root certificate and the information of the certificate to be verified do not include the same information, the terminal device may determine that the certificate to be verified is not a certificate issued by the certificate issuing device, and the certificate to be verified is legal. Sex check failed.
  • the verification of the certificate can be implemented by the terminal device itself.
  • the root device identifier corresponding to the to-be-verified certificate of the application is determined by the terminal device, and the root certificate corresponding to the root certificate identifier is searched according to the root certificate identifier. And then verifying the validity of the certificate to be verified according to the root certificate.
  • the terminal device can verify the certificate to be verified of the application, and can effectively prevent the illegal application running on the legal terminal device from using the network slice to access the network, thereby effectively ensuring the security of the network.
  • the method in the foregoing S501, the terminal device, before the root certificate corresponding to the to-be-verified certificate, is obtained from the preset root certificate area according to the information of the certificate to be verified, the method may further include:
  • the terminal device receives the installation package of the application from the providing device of the application; the installation package includes: an installation file of the application, information of the certificate to be verified, and information of a network slice corresponding to the application.
  • the method may further include:
  • the terminal device stores information of a network slice corresponding to the application.
  • the terminal device can receive the application from the providing device of the application while receiving the installation file of the application and the information of the certificate to be verified from the providing device of the application.
  • Corresponding network slice information and the terminal device can verify the application to be verified certificate without sending a request to the network device to obtain information of the network slice corresponding to the application.
  • the terminal device may receive the information of the network slice corresponding to the application from the providing device of the application, but the terminal device may store the terminal device after determining that the certificate to be verified is a certificate issued by the certificate issuing device. The information of the network slice corresponding to the application. If the certificate to be verified is not a certificate issued by the certificate issuing device, the terminal device may discard the installation package of the application.
  • the terminal device may further receive a signature file of the application delivered by the application providing device, to perform integrity verification on the installation file.
  • the implementation process of the specific integrity check is similar to the above, and is not described here.
  • a specific description of the information of the to-be-verified certificate, the signature file, and the network slice corresponding to the application may be similar to the foregoing, and details are not described herein again.
  • FIG. 6 is a flowchart 5 of an application processing method according to an embodiment of the present disclosure. As shown in FIG. 6, the application processing method may include:
  • the application providing device sends an application certificate request to the operator device.
  • the operator device receives the application certificate request from the application providing device.
  • the operator equipment After receiving the application certificate request, the operator equipment sends the issuing certificate to the application providing device.
  • the application providing device receives the issuance certificate from the operator device.
  • the information for issuing the certificate includes: a secret key pair of the issued certificate, a signature algorithm of the issued certificate, a hash algorithm of the issued certificate, a fingerprint algorithm of the issued certificate, an issuer identifier of the issued certificate, and an application providing device Identification, validity period of the issued certificate, and certificate specification information.
  • the key pair includes: a private key and a public key.
  • the application providing device processes the installation file of the application according to the signature algorithm, obtains signature data of the installation file, and processes the signature data according to the hash algorithm to obtain a hash value of the signature data, and according to the private
  • the key uses the fingerprint algorithm to encrypt the hash value of the signature data to obtain a signature file of the application.
  • the installation file of the application may be an installation file pre-stored in the application providing device, and the application file provided on the device may be an installation file uploaded by a developer of the application.
  • the application providing device sends, to the terminal device, the signature file of the application, the installation file, and the information of the certificate to be verified, where the information of the certificate to be verified includes part of the information of the certificate.
  • the information of the certificate to be verified includes: the public key, the signature algorithm, the hash algorithm, the fingerprint algorithm, the validity period, the issuer identifier, the identifier of the application providing device, and other contents of the certificate specification.
  • the terminal device decrypts the signature file by using the fingerprint algorithm according to the public key to obtain a hash value of the signature data A.
  • the terminal device processes the installation file according to the signature algorithm to obtain signature data B, and processes the signature data B according to the hash algorithm to obtain a hash value of the signature data B.
  • the terminal device compares whether the hash value of the signature data A and the hash value of the signature data B are the same.
  • the terminal device determines that the installation file passes the integrity check and starts installing the application according to the installation file.
  • the terminal device determines that the integrity check of the installation file fails.
  • the terminal device determines that the application has a network slice access requirement, and sends a verification request to the operator equipment, where the verification request includes an identifier of the application, an identifier of the terminal device, and information about the certificate to be verified.
  • the terminal device may determine that the application has a network slice access requirement if it is determined that the application needs to use a network slice to access the corresponding network.
  • the terminal device can send a verification request to the operator device during the installation of the application.
  • the terminal device may also send a verification request to the operator device during the startup process of the application.
  • the operator equipment determines the root certificate according to the information of the certificate to be verified, and determines, according to the information of the root certificate and the certificate to be verified, whether the certificate to be verified is a certificate issued by the operator device.
  • the carrier device in the S610 determines the root certificate according to the information of the to-be-verified certificate, which is similar to the foregoing S202.
  • the specific implementation process refer to the foregoing, and details are not described herein.
  • the carrier device in the S610 determines, according to the root certificate and the information of the certificate to be verified Whether the certificate is a certificate issued by the operator device is similar to that in the above S203. For the specific implementation process, refer to the above, and no further details are provided herein.
  • the operator equipment determines, according to the identifier of the application and the information of the certificate to be verified, whether the certificate to be verified is a certificate issued by the operator device to the application providing device.
  • the operator equipment determines, according to the identifier of the terminal device, a network slice that is subscribed by the terminal device, and determines information about the network slice corresponding to the application according to the identifier of the application.
  • the operator equipment determines whether the network slice corresponding to the application is located in the network slice signed by the terminal device, according to the information of the network slice that is subscribed to by the terminal device and the network slice information corresponding to the application.
  • S611, S612, and S613 are not limited, and S611, S612, and S613 may be executed simultaneously or sequentially.
  • the certificate to be verified is a certificate issued by the operator device, and the certificate to be verified is a certificate issued to the application providing device, and the network slice corresponding to the application is located in the network slice signed by the terminal device,
  • the operator device sends a verification response to the terminal device, where the verification response includes a verification success indication of the to-be-checked certificate and information about the network slice corresponding to the application.
  • the terminal device determines, according to the verification success indication of the to-be-verified certificate, that the to-be-verified certificate is verified and stores information of the network slice corresponding to the application.
  • the terminal device may continue to install the application according to the installation file.
  • the terminal device may also access the network according to the network slice corresponding to the application.
  • the certificate to be verified is not a certificate issued by the operator device, the certificate to be verified does not issue a certificate to the device for the device, or the network slice corresponding to the application is not located in the terminal device.
  • the operator device sends a verification response to the terminal device, and the verification response includes a verification failure indication of the to-be-verified certificate.
  • the terminal device determines, according to the verification failure indication of the to-be-verified certificate, that the verification of the to-be-verified certificate fails.
  • the terminal device sends a verification to the carrier device during the installation process of the application. If the terminal device determines that the verification of the to-be-verified certificate fails, the terminal device also needs to notify the installation of the application.
  • the terminal device sends a verification request to the operator device during the startup process of the application, and the terminal device determines that the to-be-verified certificate is verified, the application may also be stopped.
  • the application processing method may be that the certificate to be verified is a certificate issued by the operator device, the certificate to be verified is a certificate issued to the application providing device, and the network slice corresponding to the application is located in the network signed by the terminal device.
  • the terminal device stores the information of the network slice corresponding to the application, so that the terminal device can access the network according to the information of the network slice corresponding to the application, so as to implement the corresponding service requirement of the application.
  • the certificate to be verified is not issued by the operator device, the certificate to be verified is not issued by the operator device to the application providing device, or the network slice corresponding to the application is not located in the terminal.
  • the installation of the application is stopped in the case of the network sliced by the device, which can effectively prevent the installation or startup of the illegal application, thereby effectively avoiding the risk of the network slice being accessed or attacked by the malicious application, and improving the security of the network.
  • FIG. 7 is a schematic structural diagram 1 of a network device according to an embodiment of the present disclosure. As shown in FIG. 7, the network device 700 includes:
  • the receiving module 701 is configured to receive a verification request from the terminal device, where the verification request includes information about the certificate to be verified; the certificate to be verified is a certificate of the providing device from the application;
  • the processing module 702 is configured to determine a root certificate according to the information of the to-be-verified certificate, and determine whether the information of the to-be-verified certificate meets a preset condition to obtain a verification result of the to-be-verified certificate.
  • the sending module 703 is configured to send a verification response to the terminal device, where the verification response includes a verification result of the to-be-verified certificate.
  • the processing module 702 is specifically configured to determine, according to the information about the root certificate and the certificate to be verified, whether the certificate to be verified is a certificate issued by the certificate issuing device.
  • the verification request further includes an application identifier.
  • the processing module 702 is further configured to determine, according to the application identifier and the information of the certificate to be verified, whether the certificate to be verified is a certificate of a providing device that is issued to the application.
  • the verification request may further include an identifier of the terminal device.
  • the processing module 702 is further configured to: determine, according to the application identifier, information about a network slice corresponding to the application; determine, according to the identifier of the terminal device, information about a network slice that is subscribed by the terminal device; and information about the network slice that is subscribed according to the terminal device Apply the information of the corresponding network slice to determine the response Whether the corresponding network slice is located in the network slice signed by the terminal device.
  • the verification response further includes information about a network slice corresponding to the application; wherein the preset condition may include: the to-be-checked
  • the certificate is the certificate issued by the certificate issuing device
  • the certificate to be verified is the certificate of the providing device issued to the application
  • the network slice corresponding to the application is located in the network slice signed by the terminal device.
  • the information about the network slice corresponding to the application may include at least one type of information: an identifier of the network slice, a service type corresponding to the network slice, a usage type corresponding to the network slice, and the network slice.
  • the validity period information and the certificate verification frequency information corresponding to the network slice may include at least one type of information: an identifier of the network slice, a service type corresponding to the network slice, a usage type corresponding to the network slice, and the network slice.
  • the receiving module 701 is specifically configured to receive the verification request from the terminal device during the installation process of the application or during the startup process of the application.
  • the information about the certificate to be verified may include at least one of the following: a public key of the certificate to be verified, a signature algorithm of the certificate to be verified, and a hash of the certificate to be verified The algorithm, the fingerprint algorithm of the certificate to be verified, the validity period of the certificate to be verified, the issuer identifier of the certificate to be verified, and the identifier of the object to which the certificate to be verified is issued.
  • the network device provided by the embodiment of the present application may perform the application processing method performed by the network device described in any of the foregoing FIG. 2, FIG. 3, FIG. 4, and FIG. 6, and the specific implementation process and beneficial effects thereof may be referred to above. This will not be repeated here.
  • FIG. 8 is a schematic structural diagram 1 of a terminal device according to an embodiment of the present disclosure. As shown in FIG. 8, the terminal device 800 includes:
  • the sending module 801 is configured to send a verification request to the network device, where the verification request includes information of the certificate to be verified; the certificate to be verified is a certificate of the providing device from the application; and the information of the certificate to be verified is used for Verify the verification of the certificate.
  • the receiving module 802 is configured to receive a verification response from the network device, where the verification response includes a verification result of the to-be-verified certificate.
  • the verification request may further include an application identifier, where the application identifier is used to determine whether the certificate to be verified is a certificate issued by the certificate issuing device to the application providing device.
  • the application identifier is further used for determining the information of the network slice corresponding to the application
  • the verification request may further include an identifier of the terminal device; the identifier of the terminal device is used for the terminal The determination of the network slice of the device contract.
  • the verification response further includes information about the network slice corresponding to the application; wherein the preset condition includes: the to-be-verified certificate is The certificate issued by the certificate issuing device, the certificate to be verified is a certificate of the providing device issued to the application, and the certificate to be verified is a network slice corresponding to the application, and is located in a network slice signed by the terminal device;
  • the terminal device 800 further includes:
  • the storage module is configured to store information about a network slice corresponding to the application.
  • the information about the network slice corresponding to the application includes at least one of the following: an identifier of the network slice, a service type corresponding to the network slice, a type of the terminal device using the network slice, and the network The validity period information of the slice and the certificate verification frequency information corresponding to the network slice.
  • the sending module 801 is specifically configured to send the verification request to the network device during the installation process of the application or during the startup process of the application.
  • the information about the certificate to be verified may include at least one of the following: a public key of the certificate to be verified, a signature algorithm of the certificate to be verified, and a hash of the certificate to be verified The algorithm, the fingerprint algorithm of the certificate to be verified, the validity period of the certificate to be verified, the issuer identifier of the certificate to be verified, and the identifier of the object to which the certificate to be verified is issued.
  • the terminal device device provided by the embodiment of the present application may perform the application processing method performed by the terminal device described in any of the foregoing FIG. 2, FIG. 3, FIG. 4, and FIG. 6, and the specific implementation process and beneficial effects thereof may be referred to the foregoing. I will not repeat them here.
  • FIG. 9 is a schematic structural diagram 2 of a terminal device according to an embodiment of the present disclosure. As shown in FIG. 9, the terminal device 900 includes:
  • the processing module 901 is configured to search, according to the information of the certificate to be verified, the information of the root certificate corresponding to the certificate to be verified from the preset root certificate area; the certificate to be verified is a certificate of the providing device from the application; The root certificate and the information of the certificate to be verified determine whether the certificate to be verified is a certificate issued by the certificate issuing device, so as to obtain a verification result of the certificate to be verified.
  • the terminal device 900 further includes:
  • a receiving module configured to receive an installation package of the application from the providing device of the application; the installation package includes: an installation file of the application, information of the certificate to be verified, and a network slice corresponding to the application interest.
  • the terminal device 900 further includes:
  • the storage module is configured to store information about a network slice corresponding to the application.
  • the terminal device provided by the embodiment of the present application can perform the application processing method performed by the terminal device in the foregoing FIG. 5, and the specific implementation process and the beneficial effects thereof can be referred to the foregoing, and details are not described herein again.
  • FIG. 10 is a schematic structural diagram 2 of a network device according to an embodiment of the present disclosure.
  • the network device 1000 includes a receiver 1001, a processor 1002, and a transmitter 1003.
  • the receiver 1001 is connected to the processor 1002, and the processor 1002 is connected to the transmitter 1003.
  • the receiver 1001 is configured to receive a verification request from the terminal device, where the verification request includes information about the certificate to be verified; the certificate to be verified is a certificate of the providing device from the application.
  • the processor 1002 is configured to determine a root certificate according to the information of the to-be-verified certificate, and determine whether the information of the to-be-verified certificate meets a preset condition to obtain a verification result of the to-be-verified certificate.
  • the transmitter 1003 is configured to send a verification response to the terminal device, where the verification response includes a verification result of the to-be-verified certificate.
  • the processor 1002 is specifically configured to determine, according to the information about the root certificate and the certificate to be verified, whether the certificate to be verified is a certificate issued by the certificate issuing device.
  • the verification request further includes an application identifier
  • the processor 1002 is further configured to determine, according to the application identifier and the information of the certificate to be verified, whether the certificate to be verified is a certificate of a providing device that is issued to the application.
  • the verification request may further include an identifier of the terminal device
  • the processor 1002 is further configured to: determine, according to the application identifier, information about a network slice corresponding to the application; determine, according to the identifier of the terminal device, information about a network slice that is subscribed by the terminal device; and information about the network slice that is signed by the terminal device and the Applying the information of the corresponding network slice to determine whether the network slice corresponding to the application is located in the network slice signed by the terminal device.
  • the verification response further includes information about a network slice corresponding to the application; wherein the preset condition includes: the to-be-verified certificate
  • the certificate issued by the device is issued by the device, and the certificate to be verified is the certificate of the providing device issued to the application, and the network slice corresponding to the application is located in the network slice signed by the terminal device.
  • the information about the network slice corresponding to the application includes at least one type of information: an identifier of the network slice, a service type corresponding to the network slice, a usage type corresponding to the network slice, and a network slice.
  • the validity period information and the certificate verification frequency information corresponding to the network slice includes at least one type of information: an identifier of the network slice, a service type corresponding to the network slice, a usage type corresponding to the network slice, and a network slice.
  • the receiver 1001 has a means for receiving the verification request from the terminal device during installation of the application or during startup of the application.
  • the information about the certificate to be verified includes at least one of the following: a public key of the certificate to be verified, a signature algorithm of the certificate to be verified, and a hash algorithm of the certificate to be verified.
  • FIG. 11 is a schematic structural diagram 1 of a computer program product according to an embodiment of the present application.
  • computer program product 1100 can include program code 1101.
  • the program code 1101 may be a program code corresponding to an application processing method executed by the network device described in any of the above-mentioned FIG. 2, FIG. 3, FIG. 4, and FIG.
  • the program code 1101 in the computer program product 1100 can be executed, for example, by the processor 1002 in the network device 1000 shown in FIG. 10 described above.
  • FIG. 12 is a schematic structural diagram 1 of a storage medium according to an embodiment of the present disclosure.
  • storage medium 1200 can be used to store computer program product 1201.
  • Computer program product 1201 can include program code 1202.
  • the program code 1202 may be a program code corresponding to an application processing method executed by the network device described in any of the above-mentioned FIG. 2, FIG. 3, FIG. 4, and FIG.
  • the storage medium 1200 may be an internal memory in the network device 1000 shown in FIG. 10 described above, or may be an external memory connected to the network device 1000 shown in FIG. 10 described above.
  • the program code 1202 in the computer program product 1201 can be executed, for example, by the processor 1002 in the network device 1000 shown in FIG. 10 described above.
  • the network device, the computer program product, and the storage medium provided by the embodiments of the present application may perform the application processing method performed by the network device described in any of the foregoing FIG. 2, FIG. 3, FIG. 4, and FIG. 6, and the specific implementation process thereof And the beneficial effects can be seen in the above, and will not be described again here.
  • FIG. 13 is a schematic structural diagram 3 of a terminal device according to an embodiment of the present disclosure. As shown in FIG. 13, the terminal device 1300 may include a transmitter 1301 receiver 1302.
  • the sender 1301 is configured to send a verification request to the network device, where the verification request includes information about the certificate to be verified; the certificate to be verified is a certificate of the providing device from the application; and the information of the certificate to be verified is used. Check the certificate to be verified.
  • the receiver 1302 is configured to receive a verification response from the network device, where the verification response includes a verification result of the to-be-verified certificate.
  • the verification request further includes an application identifier, where the application identifier is used to determine whether the certificate to be verified is a certificate issued by the certificate issuing device to the application providing device.
  • the application identifier is further used for determining the information of the network slice corresponding to the application.
  • the verification request further includes an identifier of the terminal device; the identifier of the terminal device is used for determining a network slice subscribed by the terminal device.
  • the verification response further includes information about the network slice corresponding to the application; wherein the preset condition includes: the to-be-verified certificate is The certificate is issued by the certificate issuing device, and the certificate to be verified is a certificate of the providing device issued to the application, and the certificate to be verified is a network slice corresponding to the application, and is located in a network slice signed by the terminal device.
  • the terminal device 1300 further includes: a processor and a memory; the processor is connected to the memory, and the processor is further connected to the receiver;
  • a processor configured to store information of the network slice corresponding to the application into the memory.
  • the information about the network slice corresponding to the application includes at least one of the following: an identifier of the network slice, a service type corresponding to the network slice, a type of the terminal device using the network slice, and the network The validity period information of the slice and the certificate verification frequency information corresponding to the network slice.
  • the transmitter 1301 is specifically configured to send the verification request to the network device during installation of the application or during startup of the application.
  • the information about the certificate to be verified includes at least one of the following: a public key of the certificate to be verified, a signature algorithm of the certificate to be verified, and a hash algorithm of the certificate to be verified , The fingerprint algorithm of the certificate to be verified, the validity period of the certificate to be verified, the issuer identifier of the certificate to be verified, and the identifier of the object to which the certificate to be verified is issued.
  • FIG. 14 is a schematic structural diagram 2 of a computer program product according to an embodiment of the present application.
  • computer program product 1400 can include program code 1401.
  • the program code 1401 may be a program code corresponding to an application processing method executed by the terminal device described in any of the above-mentioned FIG. 2, FIG. 3, FIG. 4, and FIG.
  • the program code 1401 in the computer program product 1400 can be executed, for example, by the processor in the terminal device 1300 shown in FIG. 13 described above.
  • FIG. 15 is a schematic structural diagram 2 of a storage medium according to an embodiment of the present disclosure.
  • storage medium 1500 can be used to store computer program product 1501.
  • the computer program product 1501 can include program code 1502.
  • the program code 1502 may be a program code corresponding to an application processing method executed by the terminal device described in any of the above-mentioned FIG. 2, FIG. 3, FIG. 4, and FIG.
  • the storage medium 1500 may be an internal memory in the terminal device 1300 shown in FIG. 13 described above, or may be an external memory connected to the terminal device 1300 shown in FIG. 13 described above.
  • the program code 1502 in the computer program product 1501 can be executed, for example, by the processor in the terminal device 1300 shown in FIG. 13 described above.
  • the terminal device, the computer program product, and the storage medium provided in the embodiments of the present application may perform the application processing method performed by the terminal device in any of the foregoing FIG. 2, FIG. 3, FIG. 4, and FIG. 6, and the specific implementation process thereof And the beneficial effects can be seen in the above, and will not be described again here.
  • FIG. 16 is a schematic structural diagram 4 of a terminal device according to an embodiment of the present disclosure. As shown in FIG. 16, the terminal device 1600 may include a processor 1601.
  • the processor 1601 is configured to search, according to the information of the certificate to be verified, the information of the root certificate corresponding to the certificate to be verified from the preset root certificate area; the certificate to be verified is a certificate of the providing device from the application; The root certificate and the information of the certificate to be verified determine whether the certificate to be verified is a certificate issued by the certificate issuing device, so as to obtain a verification result of the certificate to be verified.
  • the terminal device 1600 further includes: a receiver; and the receiver is connected to the processor 1601.
  • a receiver configured to receive an installation package of the application from the providing device of the application; the installation package includes: an installation file of the application, information about the certificate to be verified, and information about a network slice corresponding to the application.
  • the terminal device further includes: a memory; the processor 1601 is connected to the memory;
  • the processor is configured to store the information of the network slice corresponding to the application into the memory if the certificate to be verified is a certificate issued by the certificate issuing device.
  • FIG. 17 is a schematic structural diagram 3 of a computer program product according to an embodiment of the present application.
  • computer program product 1700 can include program code 1701.
  • the program code 1701 may be a program code corresponding to the application processing method executed by the terminal device described in the above FIG. 5 of the embodiment of the present application.
  • the program code 1701 in the computer program product 1700 can be executed, for example, by the processor 1601 in the terminal device 1600 shown in FIG. 16 described above.
  • FIG. 18 is a schematic structural diagram 3 of a storage medium according to an embodiment of the present application.
  • storage medium 1800 can be used to store computer program product 1801.
  • Computer program product 1801 can include program code 1802.
  • the program code 1802 may be a program code corresponding to an application processing method executed by the terminal device described in the above FIG. 5 of the embodiment of the present application.
  • the storage medium 1800 may be an internal memory in the terminal device 1600 shown in FIG. 16 described above, or may be an external memory connected to the terminal device 1600 shown in FIG. 16 described above.
  • the program code 1802 in the computer program product 1801 can be executed, for example, by the processor 1601 in the terminal device 1600 shown in FIG. 16 described above.
  • the terminal device, the computer program product, and the storage medium provided in the embodiments of the present application can perform the application processing method performed by the terminal device in the foregoing FIG. 5, and the specific implementation process and beneficial effects thereof can be referred to the above, and details are not described herein again. .
  • the foregoing program may be stored in a computer readable storage medium, and the program is executed when executed.
  • the foregoing method includes the steps of the foregoing method embodiments; and the foregoing storage medium includes: a ROM, a RAM, a magnetic disk, or an optical disk, and the like, which can store various program codes. quality.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Les modes de réalisation de la présente invention comprennent un procédé de traitement d'application, un dispositif de réseau et un dispositif terminal. Le procédé de traitement d'application selon les modes de réalisation de la présente invention comprend les étapes suivantes : un dispositif de réseau reçoit, en provenance d'un dispositif terminal, une demande de vérification comprenant des informations d'un certificat à vérifier d'une application, détermine un certificat racine selon les informations du certificat à vérifier, et détermine ensuite si le certificat à vérifier est un certificat délivré par un dispositif émetteur en fonction des informations du certificat racine et du certificat à vérifier. Les modes de réalisation de la présente invention peuvent améliorer la sécurité de réseau.
PCT/CN2016/112195 2016-12-26 2016-12-26 Procédé de traitement d'application, dispositif de réseau et dispositif terminal WO2018119608A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/112195 WO2018119608A1 (fr) 2016-12-26 2016-12-26 Procédé de traitement d'application, dispositif de réseau et dispositif terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/112195 WO2018119608A1 (fr) 2016-12-26 2016-12-26 Procédé de traitement d'application, dispositif de réseau et dispositif terminal

Publications (1)

Publication Number Publication Date
WO2018119608A1 true WO2018119608A1 (fr) 2018-07-05

Family

ID=62707758

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/112195 WO2018119608A1 (fr) 2016-12-26 2016-12-26 Procédé de traitement d'application, dispositif de réseau et dispositif terminal

Country Status (1)

Country Link
WO (1) WO2018119608A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113852483A (zh) * 2020-06-28 2021-12-28 中兴通讯股份有限公司 网络切片连接管理方法、终端及计算机可读存储介质
CN113938389A (zh) * 2021-09-30 2022-01-14 天翼物联科技有限公司 一种切片网络配置方法、系统、装置与存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102340398A (zh) * 2010-07-27 2012-02-01 中国移动通信有限公司 安全策略设置、确定方法、应用程序执行操作方法及装置
US20140259003A1 (en) * 2013-03-07 2014-09-11 Go Daddy Operating Company, LLC Method for trusted application deployment
CN105743910A (zh) * 2016-03-30 2016-07-06 福建联迪商用设备有限公司 通过数字签名安装程序的方法及系统
CN105787357A (zh) * 2016-03-28 2016-07-20 福建联迪商用设备有限公司 一种基于安卓系统apk下载方法及其系统
CN106230598A (zh) * 2016-07-29 2016-12-14 深圳兆日科技股份有限公司 移动终端第三方应用安全认证方法和装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102340398A (zh) * 2010-07-27 2012-02-01 中国移动通信有限公司 安全策略设置、确定方法、应用程序执行操作方法及装置
US20140259003A1 (en) * 2013-03-07 2014-09-11 Go Daddy Operating Company, LLC Method for trusted application deployment
CN105787357A (zh) * 2016-03-28 2016-07-20 福建联迪商用设备有限公司 一种基于安卓系统apk下载方法及其系统
CN105743910A (zh) * 2016-03-30 2016-07-06 福建联迪商用设备有限公司 通过数字签名安装程序的方法及系统
CN106230598A (zh) * 2016-07-29 2016-12-14 深圳兆日科技股份有限公司 移动终端第三方应用安全认证方法和装置

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113852483A (zh) * 2020-06-28 2021-12-28 中兴通讯股份有限公司 网络切片连接管理方法、终端及计算机可读存储介质
CN113852483B (zh) * 2020-06-28 2023-09-05 中兴通讯股份有限公司 网络切片连接管理方法、终端及计算机可读存储介质
CN113938389A (zh) * 2021-09-30 2022-01-14 天翼物联科技有限公司 一种切片网络配置方法、系统、装置与存储介质

Similar Documents

Publication Publication Date Title
JP6612358B2 (ja) ネットワークアクセスデバイスをワイヤレスネットワークアクセスポイントにアクセスさせるための方法、ネットワークアクセスデバイス、アプリケーションサーバ、および不揮発性コンピュータ可読記憶媒体
US20220014524A1 (en) Secure Communication Using Device-Identity Information Linked To Cloud-Based Certificates
EP2514169B1 (fr) Système, procédé et appareil permettant d'effectuer une recherche fiable de réseau, de capacité et de service
EP3308499B1 (fr) Gestion de certificat de fournisseur de services
CN102550001B (zh) 用于允许自举架构和共享身份服务相互作用的用户身份管理
WO2015165325A1 (fr) Procédé, dispositif et système d'authentification sécurisée de terminal
US20160277927A1 (en) Apparatus and method for sponsored connectivity to wireless networks using application-specific network access credentials
US9015819B2 (en) Method and system for single sign-on
US20080294891A1 (en) Method for Authenticating a Mobile Node in a Communication Network
JP5276593B2 (ja) ネットワーク信用証明書を獲得するためのシステムおよび方法
EP2398206B1 (fr) Procédé de gestion de délégation de serveur et appareil de communication associé
CN113966625B (zh) 用于核心网络域中的证书处理的技术
US9948628B2 (en) Method for enabling lawful interception by providing security information
WO2023115913A1 (fr) Procédé et système d'authentification, dispositif électronique et support de stockage lisible par ordinateur
WO2016173174A1 (fr) Procédé et dispositif de mise à niveau de données de verrouillage de réseau
US11838755B2 (en) Techniques for secure authentication of the controlled devices
WO2018119608A1 (fr) Procédé de traitement d'application, dispositif de réseau et dispositif terminal
WO2014169802A1 (fr) Terminal, dispositif côté réseau, procédé de commande d'application de terminal et système
CN109460647B (zh) 一种多设备安全登录的方法
CN114143198B (zh) 固件升级的方法
US20220256349A1 (en) Provision of Application Level Identity
JP2012138729A (ja) データ処理装置、プログラム、およびデータ処理システム
CN117062073A (zh) 安全认证方法、装置、计算机设备和存储介质
CN117641338A (zh) 安全通信系统
KR20140103530A (ko) M2m 응용서비스 인증 방법 및 그 장치

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16924998

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16924998

Country of ref document: EP

Kind code of ref document: A1