WO2023236497A1 - Procédé et appareil d'authentification, support de stockage et dispositif électronique - Google Patents

Procédé et appareil d'authentification, support de stockage et dispositif électronique Download PDF

Info

Publication number
WO2023236497A1
WO2023236497A1 PCT/CN2022/140462 CN2022140462W WO2023236497A1 WO 2023236497 A1 WO2023236497 A1 WO 2023236497A1 CN 2022140462 W CN2022140462 W CN 2022140462W WO 2023236497 A1 WO2023236497 A1 WO 2023236497A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
entity
access
user terminal
information
Prior art date
Application number
PCT/CN2022/140462
Other languages
English (en)
Chinese (zh)
Inventor
尹君
李思含
陈洁
李雪馨
Original Assignee
中国电信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国电信股份有限公司 filed Critical 中国电信股份有限公司
Publication of WO2023236497A1 publication Critical patent/WO2023236497A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L5/00Arrangements affording multiple use of the transmission path
    • H04L5/003Arrangements for allocating sub-channels of the transmission path
    • H04L5/0053Allocation of signaling, i.e. of overhead other than pilot signals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication

Definitions

  • the present disclosure relates to the field of communication technology, and in particular, to an authentication method, device, storage medium and electronic equipment.
  • UDM Unified Data Management, unified data management function
  • authentication data is generally deployed on the operator's public network, and contract data is deployed on the enterprise's private network.
  • the public network and the private network are independent of each other.
  • the private network cannot obtain the authentication status of the UE (User Equipment, user terminal), and therefore cannot authenticate the user.
  • the terminal performs legality authentication.
  • an embodiment of the present disclosure provides an authentication method, including:
  • the authentication result is sent to the access and mobility management function entity, so that the access and mobility management function entity performs authority authentication on the first user terminal corresponding to the authentication request information.
  • the authentication result is sent to the access and mobility management function entity, so that the access and mobility management function entity performs authority authentication on the first user terminal corresponding to the authentication request information, include:
  • first indication information of authentication failure is generated, and the first indication information is sent to the access and mobility management function entity to instruct the access and mobility management function entity to refuse authentication. Access the first user terminal corresponding to the request information;
  • second indication information indicating successful authentication is generated, and the second indication information is sent to the access and mobility management functional entity to instruct the access and mobility management functional entity to accept the authentication request.
  • the first user terminal corresponding to the information accesses.
  • the method further includes:
  • the authentication result is sent to the subscription data management entity to instruct the subscription data management entity to update the permission status of the first user terminal corresponding to the authentication request information.
  • the method further includes:
  • determining the legality of the query request based on the contract feedback information includes:
  • the subscription feedback information contains the subscription data of the second user terminal, and the target network element corresponding to the query request is in the default private network function entity list, then the subscription data is sent to the target network element;
  • determining the legality of the query request based on the contract feedback information includes:
  • the subscription feedback information contains the subscription data of the second user terminal, and the target network element corresponding to the query request is in the default private network function entity list, and the current request time is within the preset validity period of the target network element authority, then The contract data is sent to the target network element;
  • the contract feedback information does not contain contract data, or the target network element corresponding to the query request is not in the default private network function entity list, or the current request time is not within the default validity period of the target network element permissions, a query is generated. The requested rejection information is sent to the target network element.
  • the target network element is at least one of an access and mobility management functional entity and a session management functional entity.
  • an authentication device which includes:
  • the first transceiver module is configured to receive the authentication request information sent by the access and mobility management functional entity, and send the authentication request information to the authentication server functional entity, so that the authentication server functional entity can authenticate from the authentication server based on the authentication request information.
  • the data management entity obtains authentication data;
  • the parsing module is used to parse the content of the authentication data and obtain the authentication results
  • the second transceiver module is configured to send the authentication result to the access and mobility management functional entity, so that the access and mobility management functional entity can perform authority authentication on the first user terminal corresponding to the authentication request information.
  • an embodiment of the present disclosure provides a computer-readable storage medium on which a computer program is stored.
  • the computer program is executed by a processor, the above method is implemented.
  • an embodiment of the present disclosure provides an electronic device, including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform the above method by executing the executable instructions. .
  • Figure 1 shows a schematic diagram of an application scenario of an authentication method in this exemplary embodiment
  • Figure 2 shows a schematic diagram of an application scenario of an authentication method in this exemplary embodiment
  • Figure 3 shows a flow chart of an authentication method in this exemplary embodiment
  • Figure 4 shows an interaction diagram of an authentication method in this exemplary embodiment
  • Figure 5 shows a flow chart of an authentication method in this exemplary embodiment
  • Figure 6 shows an interaction diagram of an authentication method in this exemplary embodiment
  • Figure 7 shows a schematic structural diagram of an authentication device in this exemplary embodiment
  • FIG. 8 shows a schematic structural diagram of an electronic device in this exemplary embodiment.
  • Example embodiments will now be described more fully with reference to the accompanying drawings.
  • Example embodiments may, however, be embodied in various forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete and will fully convey the concepts of the example embodiments. be communicated to those skilled in the art.
  • the described features, structures or characteristics may be combined in any suitable manner in one or more embodiments.
  • numerous specific details are provided to provide a thorough understanding of embodiments of the disclosure.
  • those skilled in the art will appreciate that the technical solutions of the present disclosure may be practiced without one or more of the specific details being omitted, or other methods, components, devices, steps, etc. may be adopted.
  • well-known technical solutions have not been shown or described in detail to avoid obscuring aspects of the disclosure.
  • UDM Unified Data Management, unified data management function
  • embodiments of the present disclosure provide an authentication method to improve the convenience of user terminal authentication between the operator's public network and the customer's private network.
  • the following is a brief introduction to the application environment of the authentication method provided by the embodiment of the present disclosure:
  • the authentication method provided by the embodiment of the present disclosure is applied to the communication system between the operator's public network and the customer's private network.
  • the 5G core network architecture of the communication system is as shown in Figure 1, including:
  • UE User Equipment
  • user terminal which can be a communication device such as a mobile phone that can access the 5G network.
  • NRF Network Repository Function, network storage function entity, used for NF (network function, network function) registration, management, status detection, and automatic management of all NF.
  • NF network function, network function
  • management management
  • status detection management
  • automatic management of all NF.
  • registration information includes NF type, address, service list, etc.
  • NSSF The Network Slice Selection Function, the network slice selection entity, determines the network slice that the UE is allowed to access based on the UE's slice selection auxiliary information, subscription information, etc.
  • AUSF Authentication Server Function, authentication server functional entity, used to implement 3GPP and non-3GPP access authentication.
  • SMF Session Management function
  • session management function entity responsible for tunnel maintenance, IP address allocation and management, UP (User Plane, user plane) function selection, policy implementation and QoS (Quality of Service, quality of service) control and billing Data collection, roaming, etc.
  • UP User Plane, user plane
  • QoS Quality of Service
  • AMF Access and Mobility Management Function, access and mobility management functional entity, performs registration, connection, reachability, and mobility management. Provides session management message transmission channels for UE and SMF, provides authentication and authentication functions for users when accessing, terminals and wireless core network control plane access points.
  • PCF Policy Control function, policy control function entity, unified policy framework, policy rules used to provide control plane functions.
  • NEF Network Exposure Function, a network open functional entity, opens the capabilities of each NF, converts internal and external information, and is used in edge computing scenarios.
  • AMF Access and Mobility Management Function, access and mobility management functional entity, performs registration, connection, reachability, and mobility management. Provides session management message transmission channels for UE and SMF, provides authentication and authentication functions for users when accessing, terminals and wireless core network control plane access points.
  • wireless access network refers to the fixed user's wireless access to the switch in whole or in part.
  • the wireless access network is composed of a series of transmission entities between service node (such as switch) interfaces and related user network interfaces, and is a wireless implementation system that provides the required transmission carrying capacity for the transmission of telecommunications services.
  • UPF The User plane function, user plane functional entity, used for packet routing and forwarding, policy implementation, traffic reporting, Qos processing, etc.
  • UDM Unified Data Management, a unified data management functional entity, responsible for the management of user identification, contract data, authentication data, and user service network element registration management (such as AMF, SMF, etc. that currently provide services to user terminals, such as When the user switches the accessed AMF, UDM will also initiate a logout message to the old AMF, requiring the old AMF to delete user-related information). It should be explained that the embodiment of the present disclosure splits the UDM entity into two parts: A-UDM (Authentication-UDM, authentication data management entity) and S-UDM (Subscriber-UDM, subscription data management entity).
  • A-UDM Authentication-UDM, authentication data management entity
  • S-UDM Subscriber-UDM, subscription data management entity
  • A-UDM is configured in the operator's main network and is used to store authentication data.
  • S-UDM is configured in the customer's private network and is used to store the subscription data of customer access users.
  • the interactive architecture in the embodiment of the present disclosure is divided into two parts. One part is the operator's large network 5G core network, and the other part is the private network 5G core network of the private network customer.
  • the A-UDM entity used to store authentication data and the AUSF entity used to perform authentication services are configured in the large network 5G core network.
  • the private network 5G core network is configured with AMF for user terminal access and management, UPF for packet routing and forwarding and policy implementation, SMF entities for session management, and S-UDM for storing user subscription data.
  • the large network 5G core network and the private network 5G core network communicate through IWF (Customer Premise Inter-working Function, user-side (user-side) network interconnection function signaling interworking gateway).
  • IWF Customer Premise Inter-working Function, user-side (user
  • the authentication method includes the following steps 301 to 303:
  • Step 301 The signaling interoperability gateway receives the authentication request information sent by the AMF, and sends the authentication request information to the AUSF, so that the AUSF obtains authentication data from the A-UDM based on the authentication request information.
  • the authentication data is stored in the A-UDM entity in the operator's network.
  • the first user terminal initiates a registration request and sends the registration request to the AMF entity.
  • the registration request at least includes the terminal identifier of the first user terminal.
  • AMF entities can perform authentication procedures based on the 3gpp 33.501 standard.
  • the AMF entity generates authentication request information and sends the authentication request information to the IWF, which forwards it to the AUSF entity.
  • the AUSF entity is configured in the operator's large network.
  • the AUSF entity sends the authentication request information to the A-UDM entity that stores authentication data, so as to request the A-UDM entity for the authentication data of the first user terminal.
  • the A-UDM entity queries to obtain the authentication data corresponding to the first user terminal based on the terminal identifier and other information of the first user terminal, and delivers the authentication data to the AUSF entity.
  • Step 302 The signaling interoperability gateway performs content analysis on the authentication data to obtain the authentication result.
  • the IWF entity parses the authentication data to determine the current authority of the first user terminal. For example, if the value of the AuthResult field in the authentication data Nausf_UE Authentication_Authenticate Response is AUTHENTICATION_SUCCESS, it means that the first user terminal has been successfully authenticated; if the value of the AuthResult field is AUTHENTICATION_FAILURE, it means that the first user terminal has failed to authenticate.
  • Step 303 The signaling interoperability gateway sends the authentication result to the AMF, so that the AMF can authenticate the authority of the first user terminal corresponding to the authentication request information.
  • the AUSF entity communicates with the AMF entity through the IWF entity, and the IWF entity forwards the parsed authentication result to the AMF entity, so that the AMF can perform authority authentication on the first user terminal corresponding to the authentication request information. For example, a feedback message indicating successful authentication or failed authentication is sent to the corresponding first user terminal.
  • UDM is split into an A-UDM entity for storing authentication data and an S-UDM entity for storing contract data, and the A-UDM entity is configured in the operator's network, and the S-UDM entity is The entity is configured in the 5G private network of the private network customer.
  • the authority of the user terminal When the authority of the user terminal needs to be authenticated, it only needs to send the authentication request information sent by the AMF entity to the AUSF entity, obtain the authentication data from A-UDM, and then After content analysis of the authentication data, the obtained authentication result is sent to the AMF entity, and the AMF entity can perform authority authentication on the first user terminal corresponding to the authentication request information in the private network, thereby solving the current problem between the operator's public network and The technical problem of poor authentication convenience for user terminals between customer private networks has achieved the technical effect of improving authentication convenience.
  • the signaling interoperability gateway sends the authentication result to the AMF, so that the AMF can perform authority authentication on the first user terminal corresponding to the authentication request information, including the following two situations:
  • the signaling interoperability gateway In the first case, if the authentication result is authentication failure, the signaling interoperability gateway generates the first indication information of authentication failure and sends the first indication information to the AMF to instruct the AMF to reject the third authentication request corresponding to the authentication request information.
  • a user terminal accesses.
  • the signaling interoperability gateway In the second case, if the authentication result is that the authentication is successful, the signaling interoperability gateway generates the second indication information that the authentication is successful, and sends the second indication information to the AMF to instruct the AMF to accept the first authentication request corresponding to the authentication request information. User terminal access.
  • Authentication results generally include two situations: authentication identification and authentication success.
  • the embodiment of the present disclosure generates different first indication information and second indication information for different situations and sends them to the AMF entity, so that the AMF entity can quickly determine the first terminal.
  • the current authentication result is more efficient.
  • the authentication method also includes the following step A:
  • Step A The signaling interoperability gateway sends the authentication result to S-UDM to instruct S-UDM to update the permission status of the first user terminal corresponding to the authentication request information.
  • the IWF entity can configure the network element information of each network element in the private network in China, such as the NF entity ID of each network element.
  • the IWF sends an authentication success message to the S-UDM entity in the private network.
  • the authentication result carries the network element information of the private network, such as AMF network element ID or SMF network element ID.
  • the S-UDM entity updates the permission status of the first user terminal corresponding to the authentication result, for example, updates it to an identifier such as authenticated or successful authentication, so that it can be directly read later. corresponding data.
  • the S-UDM entity can also record the network function ID of the private network where the first user terminal is located, that is, the network element ID, so as to accurately determine the permissions when the network element accesses the first user terminal next time.
  • the IWF forwards the authentication result to the S-UDM entity, and the S-UDM entity changes the status of the corresponding first user terminal according to the terminal identifier in the authentication result. Change it to not authenticated or authentication failed.
  • the S-UDM entity receives the status adjustment instruction for the first user terminal sent by the AMF entity, it may also update the permission status of the first user terminal.
  • the above authentication method also includes the following steps 501 to 502:
  • Step 501 The signaling interoperability gateway receives a query request for the subscription data of the second user terminal sent by the target network element, and sends the query request to S-UDM to instruct S-UDM to query the subscription data of the second user terminal.
  • the AMF entity or the SMF entity sends a query request for the second user terminal subscription data to the IWF entity.
  • the query request at least contains the terminal identification of the second user terminal.
  • the IWF entity forwards it to S-UDM, and S-UDM queries the permission status of the second user terminal corresponding to the query request and the corresponding subscription data.
  • the query request can also be sent directly by the AMF entity or SMF entity to the S-UDM entity without going through the IWF, which is not specifically limited in this embodiment.
  • Step 502 The signaling interoperability gateway receives the subscription feedback information sent by S-UDM, and determines the legality of the query request based on the subscription feedback information.
  • the S-UDM entity first determines the permission status of the second user terminal. If the permission status of the second user terminal is authenticated, it means that the query request of the second user terminal is legal, then S - The UDM entity generates subscription feedback information including subscription data and feeds it back to the corresponding network element through the IWF entity, such as the AMF entity or SMF entity, so that the corresponding network element can normally process the request of the second user terminal; if the second user terminal The permission status of the user terminal is unauthenticated, which means that the query request of the second user terminal is illegal. Then the S-UDM entity generates contract feedback information rejecting the request and feeds it back to the corresponding network element through the IWF entity.
  • the S-UDM entity can also directly send the subscription feedback information to the corresponding network element without going through the IWF entity to save transmission time. This embodiment does not limit the transmission method of the subscription feedback information, which can be specifically configured according to time conditions.
  • the subscription data of the second user terminal is queried and sent to the S-UDM entity, and then the validity of the query request is determined based on the subscription feedback information sent by the S-UDM entity. It can avoid the risk of constructing false information in the network to obtain user contract data, greatly improve the security of user contract data in the private network, and ensure data security within the enterprise.
  • the signaling interoperability gateway determines the legality of the query request based on the contract feedback information, including the following two situations:
  • the signaling interoperability gateway will send the subscription data to the target network Yuan;
  • the signaling interoperability gateway will generate a rejection message for the query request and will The rejection message is sent to the target network element.
  • the preset private network function entity list is the private network NF list, which is equivalent to the legal network element whitelist. If the target network element is in the network element whitelist, and the contract feedback information sent by the S-UDM entity Contains the subscription data of the second user terminal, which means that the subscription data request of the second user terminal is legal, and the IWF entity sends the corresponding subscription data to the target network element to instruct the target network element to feed back the subscription data to the second user terminal. On the contrary, if one of the conditions is not met, it means that the query request of the second user terminal is illegal, and the IWF entity generates rejection information and feeds it back to the target network element for the target network element to reject the second user. This query request of the terminal.
  • This method can further avoid the risk of constructing false information in the network to obtain user contract data, greatly improve the security of user contract data in the private network, and ensure data security within the enterprise.
  • the above-mentioned step 503, the signaling interoperability gateway determines the legality of the query request based on the contract feedback information includes:
  • the signaling interworking gateway sends the contract data to the target network element
  • the signaling interworking gateway In the second case, if the contract feedback information does not contain contract data, or the target network element corresponding to the query request is not in the default private network function entity list, or the current request time is not within the preset validity period of the target network element permissions , the signaling interworking gateway generates rejection information for the query request, and sends the rejection information to the target network element.
  • this embodiment adds a limit to the preset validity period, and sets a validity period for each user equipment request. Only when the query time is within the preset validity period can the contract data be queried and accessed, which avoids Illegal reading of user contract data at other illegal times further improves the security of user contract data and ensures data security within the enterprise.
  • FIG. 7 shows a schematic architecture diagram of the authentication device 700, including a first transceiver module 710, a parsing module 720 and a second transceiver module 730, where:
  • the first transceiver module 710 is used to receive the authentication request information sent by the AMF, and send the authentication request information to the AUSF, so that the AUSF can obtain authentication data from the A-UDM based on the authentication request information;
  • the parsing module 720 is used to perform content parsing on the authentication data to obtain the authentication result;
  • the second transceiver module 730 is used to send the authentication result to the AMF, so that the AMF can authenticate the authority of the first user terminal corresponding to the authentication request information.
  • the second transceiver module 730 is specifically configured to, if the authentication result is authentication failure, generate first indication information of authentication failure, and send the first indication information to the AMF, so as to Instruct the AMF to deny access to the first user terminal corresponding to the authentication request information; if the authentication result is that the authentication is successful, generate the second indication information that the authentication is successful, and send the second indication information to the AMF to instruct the AMF to accept the authentication.
  • the first user terminal corresponding to the right request information accesses.
  • the second transceiver module 730 is also configured to send the authentication result to S-UDM to instruct S-UDM to respond to the authentication request information.
  • the permission status of the first user terminal is updated.
  • the second transceiver module 730 is also configured to receive a query request for the second user terminal subscription data sent by the target network element, and send the query request to S-UDM to indicate S-UDM.
  • the UDM queries the subscription data of the second user terminal; receives the subscription feedback information sent by the S-UDM, and determines the legality of the query request based on the subscription feedback information.
  • the second transceiver module 730 is specifically configured to: if the subscription feedback information contains the subscription data of the second user terminal, and the target network element corresponding to the query request is in the default private network function entity list , the contract data is sent to the target network element; if the contract feedback information does not contain contract data, or the target network element corresponding to the query request is not in the default private network function entity list, a rejection message for the query request is generated. , and sends the rejection information to the target network element.
  • the second transceiver module 730 is specifically configured to: if the subscription feedback information contains the subscription data of the second user terminal, and the target network element corresponding to the query request is in the default private network function entity list , and the current request time is within the preset validity period of the target network element's authority, the contract data will be sent to the target network element; if the contract feedback information does not contain the contract data, or the target network element corresponding to the query request is not in the preset limit network function entity list, or the current request time is not within the preset validity period of the target network element permissions, then a rejection message for the query request is generated and the rejection message is sent to the target network element.
  • the target network element is at least one of AMF and SMF.
  • Exemplary embodiments of the present disclosure also provide a computer-readable storage medium, which can be implemented in the form of a program product, which includes program code.
  • the program product When the program product is run on an electronic device, the program code is used to cause the electronic device to The steps described in the "Exemplary Methods" section of this specification above according to various exemplary embodiments of the present disclosure are performed.
  • the program product may be implemented as a portable compact disk read-only memory (CD-ROM) and include the program code, and may be run on an electronic device, such as a personal computer.
  • CD-ROM portable compact disk read-only memory
  • the program product of the present disclosure is not limited thereto.
  • a readable storage medium may be any tangible medium containing or storing a program that may be used by or in conjunction with an instruction execution system, apparatus, or device.
  • the Program Product may take the form of one or more readable media in any combination.
  • the readable medium may be a readable signal medium or a readable storage medium.
  • the readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, device or device, or any combination thereof. More specific examples (non-exhaustive list) of readable storage media include: electrical connection with one or more conductors, portable disk, hard disk, random access memory (RAM), read only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above.
  • a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave carrying readable program code therein. Such propagated data signals may take many forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the above.
  • a readable signal medium may also be any readable medium other than a readable storage medium that can send, propagate, or transport the program for use by or in connection with an instruction execution system, apparatus, or device.
  • Program code embodied on a readable medium may be transmitted using any suitable medium, including but not limited to wireless, wireline, optical cable, RF, etc., or any suitable combination of the foregoing.
  • Program code for performing the operations of the present disclosure may be written in any combination of one or more programming languages, including object-oriented programming languages such as Java, C++, etc., as well as conventional procedural programming. Language—such as "C” or a similar programming language.
  • the program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server execute on.
  • the remote computing device may be connected to the user computing device through any kind of network, including a local area network (LAN) or a wide area network (WAN), or may be connected to an external computing device (e.g., provided by an Internet service). (business comes via Internet connection).
  • any step in the above authentication method can be implemented when the program code stored in the computer-readable storage medium is executed.
  • an exemplary embodiment of the present disclosure also provides an electronic device 800 , which may be a backend server of an information platform.
  • the electronic device 800 will be described below with reference to FIG. 8 . It should be understood that the electronic device 800 shown in FIG. 8 is only an example and should not bring any limitations to the functions and scope of use of the embodiments of the present disclosure.
  • electronic device 800 is embodied in the form of a general computing device.
  • the components of the electronic device 800 may include, but are not limited to: at least one processing unit 810, at least one storage unit 820, and a bus 830 connecting different system components (including the storage unit 820 and the processing unit 810).
  • the storage unit stores program code, and the program code can be executed by the processing unit 810, so that the processing unit 810 performs the steps according to various exemplary embodiments of the present invention described in the "Exemplary Method" section of this specification.
  • the processing unit 810 may perform the method steps shown in FIG. 2 and the like.
  • the storage unit 820 may include a volatile storage unit, such as a random access storage unit (RAM) 821 and/or a cache storage unit 822, and may further include a read-only storage unit (ROM) 823.
  • RAM random access storage unit
  • ROM read-only storage unit
  • Storage unit 820 may also include a program/utility 824 having a set of (at least one) program modules 825 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, Each of these examples, or some combination, may include the implementation of a network environment.
  • program/utility 824 having a set of (at least one) program modules 825 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, Each of these examples, or some combination, may include the implementation of a network environment.
  • Bus 830 may include a data bus, an address bus, and a control bus.
  • Electronic device 800 may also communicate with one or more external devices 2000 (eg, keyboard, pointing device, Bluetooth device, etc.), which communication may occur through input/output (I/O) interface 840.
  • Electronic device 800 may also communicate with one or more networks (e.g., a local area network (LAN), a wide area network (WAN), and/or a public network, such as the Internet) through a network adapter 850.
  • networks e.g., a local area network (LAN), a wide area network (WAN), and/or a public network, such as the Internet
  • network adapter 850 communicates with other modules of electronic device 800 via bus 830.
  • other hardware and/or software modules may be used in conjunction with electronic device 800, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives And data backup storage system, etc.
  • any step in the above authentication method can be implemented when the program code stored in the electronic device is executed.
  • modules or units of equipment for action execution are mentioned in the above detailed description, this division is not mandatory.
  • the features and functions of two or more modules or units described above may be embodied in one module or unit.
  • the features and functions of one module or unit described above may be further divided into being embodied by multiple modules or units.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Procédé d'authentification, consistant : à recevoir, par une passerelle d'interfonctionnement de signalisation, des informations de demande d'authentification envoyées par une entité de fonction de gestion d'accès et de mobilité (AMF), et à envoyer, par la passerelle d'interfonctionnement de signalisation, les informations de demande d'authentification à une entité de fonction de serveur d'authentification (AUSF), de telle sorte que l'AUSF obtient des données d'authentification à partir d'une entité de gestion de données d'authentification (A-UDM) sur la base des informations de demande d'authentification ; à effectuer, par la passerelle d'interfonctionnement de signalisation, une analyse de contenu sur les données d'authentification pour obtenir un résultat d'authentification ; et à envoyer, par la passerelle d'interfonctionnement de signalisation, le résultat d'authentification à l'AMF, de telle sorte que l'AMF effectue une authentification d'autorisations sur un premier terminal utilisateur correspondant aux informations de demande d'authentification. La commodité d'authentification d'un terminal utilisateur entre un réseau public d'un opérateur et un réseau privé d'un client est améliorée.
PCT/CN2022/140462 2022-06-08 2022-12-20 Procédé et appareil d'authentification, support de stockage et dispositif électronique WO2023236497A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210646161.2 2022-06-08
CN202210646161.2A CN114900833B (zh) 2022-06-08 2022-06-08 鉴权方法、装置、存储介质和电子设备

Publications (1)

Publication Number Publication Date
WO2023236497A1 true WO2023236497A1 (fr) 2023-12-14

Family

ID=82728632

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/140462 WO2023236497A1 (fr) 2022-06-08 2022-12-20 Procédé et appareil d'authentification, support de stockage et dispositif électronique

Country Status (2)

Country Link
CN (1) CN114900833B (fr)
WO (1) WO2023236497A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114900833B (zh) * 2022-06-08 2023-10-03 中国电信股份有限公司 鉴权方法、装置、存储介质和电子设备

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110891271A (zh) * 2018-09-10 2020-03-17 大唐移动通信设备有限公司 一种鉴权方法及装置
CN112654033A (zh) * 2020-12-15 2021-04-13 中国联合网络通信集团有限公司 一种业务开通方法及装置
CN112672336A (zh) * 2019-09-30 2021-04-16 华为技术有限公司 实现外部认证的方法、通信装置及通信系统
CN113453213A (zh) * 2021-06-02 2021-09-28 中国联合网络通信集团有限公司 一种鉴权数据同步方法及装置
US20210329583A1 (en) * 2018-08-13 2021-10-21 Samsung Electronics Co., Ltd. Apparatus and method for registration on network in wireless communication system
CN113573346A (zh) * 2021-07-12 2021-10-29 中国联合网络通信集团有限公司 一种数据处理方法及装置
CN114554474A (zh) * 2020-11-18 2022-05-27 中国电信股份有限公司 Nsa用户漫游到sa的接入方法、系统和网络互通功能实体
CN114900833A (zh) * 2022-06-08 2022-08-12 中国电信股份有限公司 鉴权方法、装置、存储介质和电子设备

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102528728B1 (ko) * 2018-08-13 2023-05-08 삼성전자주식회사 무선 통신 시스템에서 네트워크에 등록하기 위한 장치 및 방법
EP3849252B1 (fr) * 2018-10-05 2023-12-20 Samsung Electronics Co., Ltd. Appareil et procédé permettant de prendre en charge un accès à un réseau de communication mobile privé et réseau de communication mobile d'opérateur
CN113438647A (zh) * 2020-03-05 2021-09-24 大唐移动通信设备有限公司 一种公网用户接入专网的方法、呼叫业务处理方法及设备
CN113950051B (zh) * 2020-07-17 2022-11-15 大唐移动通信设备有限公司 一种鉴权推演方法及装置
CN112423301B (zh) * 2020-11-02 2023-12-22 中国联合网络通信集团有限公司 专网注册管理方法和amf网元
CN113938874B (zh) * 2021-09-28 2023-08-08 中国联合网络通信集团有限公司 数据处理方法、装置、设备及系统
CN114363029B (zh) * 2021-12-28 2024-04-12 中国电信股份有限公司 差异化网络接入认证方法、装置、设备及介质

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210329583A1 (en) * 2018-08-13 2021-10-21 Samsung Electronics Co., Ltd. Apparatus and method for registration on network in wireless communication system
CN110891271A (zh) * 2018-09-10 2020-03-17 大唐移动通信设备有限公司 一种鉴权方法及装置
CN112672336A (zh) * 2019-09-30 2021-04-16 华为技术有限公司 实现外部认证的方法、通信装置及通信系统
CN114554474A (zh) * 2020-11-18 2022-05-27 中国电信股份有限公司 Nsa用户漫游到sa的接入方法、系统和网络互通功能实体
CN112654033A (zh) * 2020-12-15 2021-04-13 中国联合网络通信集团有限公司 一种业务开通方法及装置
CN113453213A (zh) * 2021-06-02 2021-09-28 中国联合网络通信集团有限公司 一种鉴权数据同步方法及装置
CN113573346A (zh) * 2021-07-12 2021-10-29 中国联合网络通信集团有限公司 一种数据处理方法及装置
CN114900833A (zh) * 2022-06-08 2022-08-12 中国电信股份有限公司 鉴权方法、装置、存储介质和电子设备

Also Published As

Publication number Publication date
CN114900833A (zh) 2022-08-12
CN114900833B (zh) 2023-10-03

Similar Documents

Publication Publication Date Title
US11277306B2 (en) Sending information of a network repository function instance storing network function instance information
US20230144444A1 (en) Virtual Gateway Control and Management
EP3657894B1 (fr) Procédé de gestion de sécurité de réseau et appareil
WO2020147760A1 (fr) Procédé, dispositif, et système de communication de réseau local
WO2021037175A1 (fr) Procédé de gestion de tranche de réseau et dispositif associé
WO2020253701A1 (fr) Procédé, dispositif et système pour gérer des politiques de transfert de données d'arrière-plan
US20220272607A1 (en) Network Access Method and Communication Apparatus
CN113411286B (zh) 基于5g技术的访问处理方法及装置、电子设备、存储介质
WO2023236497A1 (fr) Procédé et appareil d'authentification, support de stockage et dispositif électronique
US20240015069A1 (en) Network function registration method, discovery method, apparatus, device and medium
US20240048986A1 (en) Communication method and apparatus
CN114285736A (zh) Supi号段配置系统、方法、装置、网络设备和介质
CN113613279A (zh) 路由策略生成方法及相关设备
US20220360586A1 (en) Apparatus, methods, and computer programs
CN114205902A (zh) 5g网络中发现请求的响应方法、装置、电子设备及介质
CN114691734A (zh) 缓存管控方法、装置、计算机可读介质及电子设备
CN115086956A (zh) 通信网络的入网方法、入网装置、介质和电子设备
CN116545777B (zh) 用户类别切换方法、装置、存储介质与电子设备
WO2023179083A1 (fr) Procédé et appareil de configuration de politique de sélection de routage, dispositif et support de stockage
CN115065995B (zh) 关联信息管理方法、装置、电子设备及存储介质
WO2024065503A1 (fr) Négociation de procédures d'authentification dans un calcul périphérique
WO2018126483A1 (fr) Procédé et appareil de gestion de services réseau
WO2024032554A1 (fr) Procédé et système d'authentification de dispositif terminal, et dispositif associé
CN115209522B (zh) 网络功能注册方法、发现方法、装置、设备及介质
US11943684B2 (en) Systems and methods for improved access to user data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22945625

Country of ref document: EP

Kind code of ref document: A1