CN110944319A - 5G communication identity authentication method, equipment and storage medium - Google Patents
5G communication identity authentication method, equipment and storage medium Download PDFInfo
- Publication number
- CN110944319A CN110944319A CN201911402046.5A CN201911402046A CN110944319A CN 110944319 A CN110944319 A CN 110944319A CN 201911402046 A CN201911402046 A CN 201911402046A CN 110944319 A CN110944319 A CN 110944319A
- Authority
- CN
- China
- Prior art keywords
- terminal device
- operator
- terminal equipment
- registration server
- temporary
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/183—Processing at user equipment or user record carrier
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W60/00—Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/20—Transfer of user or subscriber data
- H04W8/205—Transfer to or from user equipment or user record carrier
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention provides a 5G communication identity authentication method, equipment and a storage medium. In the embodiment of the invention, a 5G terminal device sends a registration request to a 5G new wireless base station of a first operator, the registration request comprises a temporary identifier of the 5G terminal device, the 5G terminal device only comprises a subscriber identity card of a second operator, and further, the 5G terminal device receives a private IP address allocated to the 5G terminal device by a session management function SMF and an IP address of a temporary identity registration server, so that the 5G terminal device can access the temporary identity registration server according to the private IP address and the IP address of the temporary identity registration server, and identity authentication, service customization and online payment are carried out by the temporary identity registration server, and the 5G terminal device can access a 5G network of the first operator under the condition that an SIM card of the first operator is not inserted.
Description
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a 5G communication identity authentication method, equipment and a storage medium.
Background
In the current 5G network, if a terminal device needs to access the 5G network, a user of the terminal device needs to go to a business office to handle a Subscriber Identity Module (SIM) card. Since the mobile network defaults that all terminal devices can be called and addressed, if the terminal device does not have an SIM card, the terminal device cannot obtain globally unique identity, and cannot finish terminal device access authentication, so that the terminal device cannot enjoy any 5G service.
In the prior art, a terminal device may have installed a SIM card of a certain operator, but since the terminal device has not installed SIM cards of other operators, the terminal device cannot enjoy services provided by other operators. However, the terminal device may only need services provided by other operators and does not want to handle SIM cards of other operators, so how to allow the user to freely select an operator without handling the SIM card of the operator becomes an urgent problem to be solved.
Disclosure of Invention
The embodiment of the invention provides a 5G communication identity authentication method, equipment and a storage medium, so that 5G terminal equipment can access a 5G network of a first operator under the condition that a SIM card of the first operator is not inserted.
In a first aspect, an embodiment of the present invention provides a 5G communication identity authentication method, including:
the method comprises the steps that 5G terminal equipment sends a registration request to a 5G new wireless base station of a first operator, wherein the registration request comprises a temporary identifier of the 5G terminal equipment, and the 5G terminal equipment comprises a subscriber identity card of a second operator;
the 5G terminal equipment receives a private IP address distributed to the 5G terminal equipment by a Session Management Function (SMF);
the 5G terminal equipment receives the IP address of the temporary identity registration server sent by the SMF;
the 5G terminal equipment accesses the temporary identity registration server according to the private IP address and the IP address of the temporary identity registration server;
and the 5G terminal equipment performs identity authentication, service customization and online payment through the temporary identity registration server.
In a second aspect, an embodiment of the present invention provides a 5G communication identity authentication method, including:
a 5G new wireless base station of a first operator receives a registration request of a 5G terminal device, wherein the registration request comprises a temporary identifier of the 5G terminal device, and the 5G terminal device comprises a subscriber identity card of a second operator;
the 5G new wireless base station sends the registration request to an access and mobility management function (AMF), wherein the AMF is used for verifying whether the registration request comprises a user hidden identifier, and if no user hidden identifier exists in the registration request, the AMF is used for indicating an SMF to allocate a private IP address to the 5G terminal equipment;
and the 5G new wireless base station sends the public key of the 5G terminal equipment and the temporary identifier to a temporary identity registration server so that the 5G terminal equipment is accessed to a 5G network through the temporary identity registration server.
In a third aspect, an embodiment of the present invention provides a 5G terminal device, including:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
sending a registration request to a 5G new wireless base station of a first operator through the communication interface, wherein the registration request comprises a temporary identifier of the 5G terminal equipment, and the 5G terminal equipment comprises a subscriber identity card of a second operator;
receiving a private IP address distributed to the 5G terminal equipment by a Session Management Function (SMF) through the communication interface;
receiving the IP address of the temporary identity registration server sent by the SMF through the communication interface;
accessing the temporary identity registration server according to the private IP address and the IP address of the temporary identity registration server;
and performing identity authentication, service customization and online payment through the temporary identity registration server.
In a fourth aspect, an embodiment of the present invention provides a 5G new radio base station, the 5G new radio base station belonging to a first operator, the 5G new radio base station including:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
receiving a registration request of 5G terminal equipment through the communication interface, wherein the registration request comprises a temporary identifier of the 5G terminal equipment, and the 5G terminal equipment comprises a Subscriber Identity Module (SIM) card of a second operator;
sending the registration request to an access and mobility management function (AMF) through the communication interface, wherein the AMF is used for verifying whether the registration request comprises a user hidden identifier, and if no user hidden identifier exists in the registration request, the AMF is used for indicating the SMF to allocate a private IP address to the 5G terminal equipment;
and sending the public key of the 5G terminal equipment and the temporary identifier to a temporary identity registration server through the communication interface so that the 5G terminal equipment is accessed to a 5G network through the temporary identity registration server.
In a fifth aspect, the present invention provides a computer-readable storage medium, on which a computer program is stored, the computer program being executed by a processor to implement the method of the first aspect or the second aspect.
The 5G communication identity authentication method, the equipment and the storage medium provided by the embodiment of the invention send a registration request to the 5G new wireless base station of the first operator through the 5G terminal equipment, the registration request comprises the temporary identity of the 5G terminal device, the 5G terminal device only comprises a subscriber identity card of the second operator, further, the 5G terminal device receives the private IP address allocated to the 5G terminal device by the session management function SMF and the IP address of the temporary identity registration server, so that the 5G terminal device can access the temporary identity registration server based on the private IP address and the IP address of the temporary identity registration server, and the temporary identity registration server is used for identity authentication, service customization and online payment, therefore, the 5G terminal equipment can access the 5G network of the first operator under the condition that the SIM card of the first operator is not inserted.
Drawings
Fig. 1 is a schematic diagram of a communication system according to an embodiment of the present invention;
fig. 2 is a flowchart of a 5G communication authentication method according to an embodiment of the present invention;
fig. 3 is a flowchart of a 5G communication authentication method according to another embodiment of the present invention;
fig. 4 is a schematic structural diagram of a 5G terminal device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a 5G new wireless base station according to an embodiment of the present invention.
With the foregoing drawings in mind, certain embodiments of the disclosure have been shown and described in more detail below. These drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the concepts of the disclosure to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
The 5G communication identity authentication method provided by the embodiment of the invention can be applied to the communication system shown in figure 1. As shown in fig. 1, the communication system includes: the mobile terminal includes 5G terminal equipment 11, a 5G new wireless base station 12, a User plane network element Function (UPF) 13, a network element 14, a Unified Data Management (UDM) Function 15, a temporary identity registration server 16, and a Data network, where the network element 14 may include an access and Mobility Management Function (AMF) and a Session Management Function (SMF). In some embodiments, the AMF and SMF may be deployed in different devices, respectively. The 5G New Radio base station is a New Radio Access Technology (NR) base station (gNB) of 5G.
It is to be understood that this is by way of illustration only. The temporary identity registration server can be one or a plurality of cloud servers, the cloud servers are a server cluster, a plurality of servers are similar to a universal computer framework, and the cloud servers comprise a processor, a hard disk, a memory, a system bus and the like. The 5G terminal device 11 is, for example, a smart phone, a tablet computer, or the like.
The 5G communication identity authentication method provided by the embodiment of the invention aims to solve the technical problems in the prior art.
The following describes the technical solutions of the present invention and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present invention will be described below with reference to the accompanying drawings.
Fig. 2 is a flowchart of a 5G communication authentication method according to an embodiment of the present invention. The embodiment of the invention provides a 5G communication identity authentication method aiming at the technical problems in the prior art, and the method comprises the following specific steps:
Optionally, before the 5G terminal device sends the registration request to the 5G new radio base station of the first operator, the method further includes: the 5G terminal equipment generates a public key and a private key corresponding to the temporary identity; the temporary identifier includes the public key, an International Mobile Equipment Identity (IMEI) of the 5G terminal device, or a hash value calculated according to the public key and the IMEI of the 5G terminal device.
In the embodiment of the present application, the 5G terminal device 11 shown in fig. 1 is only inserted with the SIM card of the operator a, that is, the 5G terminal device 11 may access the 5G network of the operator a. In some scenarios, the 5G terminal device 11 may need to access the 5G network of another operator, e.g. the 5G terminal device 11 may need to access the 5G network of operator B. In this embodiment, the 5G terminal device 11 may install a 5G network operator selection Application (APP), and the APP may be used for the 5G terminal device 11 to switch to select an operator. After the 5G terminal device 11 starts the application, the 5G terminal device 11 searches for signals of surrounding 5G new wireless base stations, and displays identification information of an operator to which the 5G new wireless base stations searched by the 5G terminal device 11 belong, it can be understood that the 5G terminal device 11 can not only search for the 5G new wireless base stations of the operator a, but also detect the 5G new wireless base stations of other surrounding operators. If the 5G terminal device 11 displays the identification information of the operator B, the user may select the identification information of the operator B on the 5G terminal device 11. The 5G terminal apparatus 11 can access the 5G network of the operator B through the 5G new radio base station of the operator B according to the selection operation of the user. Specifically, the 5G terminal device 11 accesses the 5G network of the operator B with the temporary identity. In this embodiment, operator B may be denoted as a first operator, and operator a may be denoted as a second operator. In addition, as shown in fig. 1, the new 5G radio base station 12, a User Plane network element Function (UPF) 13, a network element 14, a Unified User Data Management (UDM) Function 15, and a data network belong to the operator B.
Specifically, in the process that the 5G terminal device 11 accesses the 5G network of the operator B with the temporary identity, the 5G terminal device 11 may generate a public key and a private key corresponding to the temporary identity, where the public key is denoted as PK and the private key is denoted as SK. Further, the 5G terminal device 11 may prompt the user to enter a password, which may be used to encrypt the SK, and the encrypted SK may be stored locally at the 5G terminal device 11.
Specifically, after the user of the 5G terminal device 11 selects the identification information of the operator B, the 5G terminal device 11 may send a registration request to the 5G new wireless base station of the operator B, and specifically, the registration request is applied for the temporary identity of the 5G terminal device 11. The registration request includes the temporary identification of the 5G terminal device 11. The 5G new radio base station of the operator B may be the 5G new radio base station 12 shown in fig. 1.
In one possible approach, the temporary identifier of the 5G terminal device 11 is the public key PK generated by the 5G terminal device 11 as described above. That is, the public key PK may serve as a unique temporary identification for the user of the 5G terminal device 11.
In another possible approach, the temporary identity of the 5G terminal equipment 11 is the IMEI of the 5G terminal equipment 11.
In yet another possible manner, the 5G terminal device 11 may further calculate a hash value of the public key PK and the IMEI of the 5G terminal device 11, and use the hash value as a Globally Unique temporary UE Identity (GUTI). That is, the temporary identifier of the 5G terminal device 11 is GUTI.
When the 5G new radio base station 12 receives the registration request of the 5G terminal device 11, the 5G new radio base station 12 may send the registration request to the AMF in the network 14, and the AMF detects whether a subscriber hidden Identifier (sui) corresponding to the operator B is included in the registration request. Since the 5G terminal device 11 is not inserted into the SIM card of the operator B, the 5G terminal device 11 cannot generate the SUCI corresponding to the operator B, that is, the registration request does not include the SUCI corresponding to the operator B. When the AMF determines that the registration request does not include the SUCI corresponding to the operator B, the AMF does not send an authentication application to the UDM, but notifies the SMF to assign the private IP address corresponding to the operator B to the 5G terminal device 11.
Further, the 5G new radio base station 12 may also transmit PK and GUTI to the temporary identity registration server 16, and transmit the public key of the temporary identity registration server 16 to the 5G terminal device 11.
When receiving the notification message of the AMF, the SMF allocates a private IP address corresponding to the operator B to the 5G terminal device 11, and determines that the default gateway address is the address of the UPF. The SMF sends the private IP address corresponding to the operator B to the 5G terminal device 11, and accordingly, the 5G terminal device 11 receives the private IP address corresponding to the operator B.
And 203, the 5G terminal device receives the IP address of the temporary identity registration server sent by the SMF.
In addition, the SMF may also send the IP address of the temporary identity registration server 16 to the 5G terminal device 11. Accordingly, the 5G terminal device 11 receives the IP address of the temporary identity registration server 16.
And step 204, the 5G terminal equipment accesses the temporary identity registration server according to the private IP address and the IP address of the temporary identity registration server.
The 5G terminal device 11 may start a browser installed in the 5G terminal device 11, and access the temporary identity registration server 16 according to the private IP address of the 5G terminal device 11 corresponding to the operator B and the IP address of the temporary identity registration server 16.
It is understood that the 5G terminal device 11 has two sets of IP addresses, one of which is an IP address (e.g., IPa) corresponding to the operator a, and the IP address is assigned to the 5G terminal device 11 by the network element of the operator a. The other IP address of the 5G terminal device 11 is a private IP address (e.g., IPb) corresponding to the operator B, that is, a private IP address assigned to the 5G terminal device 11 by the network element of the operator B. Before the identity information of the 5G terminal device 11 is authenticated by the network element of the operator B, the 5G terminal device 11 may use the IP address, i.e., IPa, allocated to the 5G terminal device 11 by the network element of the operator a, except for accessing the temporary identity registration server 16. After the identity information of the 5G terminal device 11 is authenticated by the network element of the operator B, the 5G terminal device 11 may use IPa and IPb at the same time. In addition, the 5G terminal device 11 may also use IPa and IPb by using other policies, for example, the 5G terminal device 11 may set the priority of IPa and IPb, and use IPa and IPb according to the priority. Alternatively, the 5G terminal device 11 may switch the setting of the priority according to different service types or different IP addresses of nodes that need to interact.
And step 205, the 5G terminal equipment performs identity authentication, service customization and online payment through the temporary identity registration server.
Specifically, the 5G terminal device 11 may perform identity authentication, service customization and online payment through the temporary identity registration server 16.
Optionally, in the process that the 5G terminal device performs identity authentication, service customization and online payment through the temporary identity registration server, the message sent by the 5G terminal device to the temporary identity registration server includes the private key signature of the 5G terminal device, and the temporary identity registration server verifies the private key signature by using the public key.
In the process that the 5G terminal device 11 performs identity authentication, service customization and online payment through the temporary identity registration server 16, the message sent by the 5G terminal device 11 to the temporary identity registration server 16 may be signed by the 5G terminal device 11 with a private key using SK, that is, the message sent by the 5G terminal device 11 to the temporary identity registration server 16 includes the private key signature of the 5G terminal device 11. After receiving the message sent by the 5G terminal device 11, the identity registration server 16 may verify the private key signature in the message by using the public key PK of the 5G terminal device 11. In addition, for the confidentiality of the communication between the 5G terminal device 11 and the temporary identity registration server 16, a session key for encrypting the content of the communication between the 5G terminal device 11 and the temporary identity registration server 16 may also be generated from PK and SK.
After the 5G terminal device 11 completes payment through the temporary identity registration server 16, the temporary identity registration server 16 adds information such as the temporary identity, the access right, the access time limit, and the like of the 5G terminal device 11 to the UDM. Further, the UDM may notify other functional modules such as SMF and UPF to perform access control according to a normal flow, so that the 5G terminal device 11 may access the 5G network.
In the embodiment of the invention, a 5G terminal device sends a registration request to a 5G new wireless base station of a first operator, the registration request comprises a temporary identifier of the 5G terminal device, the 5G terminal device only comprises a subscriber identity card of a second operator, and further, the 5G terminal device receives a private IP address allocated to the 5G terminal device by a session management function SMF and an IP address of a temporary identity registration server, so that the 5G terminal device can access the temporary identity registration server according to the private IP address and the IP address of the temporary identity registration server, and identity authentication, service customization and online payment are carried out by the temporary identity registration server, and the 5G terminal device can access a 5G network of the first operator under the condition that an SIM card of the first operator is not inserted.
Fig. 3 is a flowchart of a 5G communication authentication method according to another embodiment of the present invention. On the basis of the foregoing embodiment, the 5G communication authentication method provided in this embodiment specifically includes the following steps:
Optionally, the temporary identifier includes the public key, the IMEI of the 5G terminal device, or a hash value calculated according to the public key and the IMEI of the 5G terminal device.
In the embodiment of the present application, the 5G terminal device 11 shown in fig. 1 is only inserted with the SIM card of the operator a, that is, the 5G terminal device 11 may access the 5G network of the operator a. In some scenarios, the 5G terminal device 11 may need to access the 5G network of another operator, e.g. the 5G terminal device 11 may need to access the 5G network of operator B. In this embodiment, the 5G terminal device 11 may install a 5G network operator selection Application (APP), and the APP may be used for the 5G terminal device 11 to switch to select an operator. After the 5G terminal device 11 starts the application, the 5G terminal device 11 searches for signals of surrounding 5G new wireless base stations, and displays identification information of an operator to which the 5G new wireless base stations searched by the 5G terminal device 11 belong, it can be understood that the 5G terminal device 11 can not only search for the 5G new wireless base stations of the operator a, but also detect the 5G new wireless base stations of other surrounding operators. If the 5G terminal device 11 displays the identification information of the operator B, the user may select the identification information of the operator B on the 5G terminal device 11. The 5G terminal apparatus 11 can access the 5G network of the operator B through the 5G new radio base station of the operator B according to the selection operation of the user. Specifically, the 5G terminal device 11 accesses the 5G network of the operator B with the temporary identity. In this embodiment, operator B may be denoted as a first operator, and operator a may be denoted as a second operator. In addition, as shown in fig. 1, the 5G new radio base station 12, a User Plane network element Function (UPF) 13, a network element 14, a Unified User Data Management (UDM) Function 15, a temporary identity registration server 16, and a data network belong to the operator B.
Specifically, in the process that the 5G terminal device 11 accesses the 5G network of the operator B with the temporary identity, the 5G terminal device 11 may generate a public key and a private key corresponding to the temporary identity, where the public key is denoted as PK and the private key is denoted as SK. Further, the 5G terminal device 11 may prompt the user to enter a password, which may be used to encrypt the SK, and the encrypted SK may be stored locally at the 5G terminal device 11.
Specifically, after the user of the 5G terminal device 11 selects the identification information of the operator B, the 5G terminal device 11 may send a registration request to the 5G new wireless base station of the operator B, and specifically, the registration request is applied for the temporary identity of the 5G terminal device 11. The registration request includes the temporary identification of the 5G terminal device 11. The 5G new radio base station of the operator B may be the 5G new radio base station 12 shown in fig. 1.
In one possible approach, the temporary identifier of the 5G terminal device 11 is the public key PK generated by the 5G terminal device 11 as described above. That is, the public key PK may serve as a unique temporary identification for the user of the 5G terminal device 11.
In another possible approach, the temporary identity of the 5G terminal equipment 11 is the IMEI of the 5G terminal equipment 11.
In yet another possible manner, the 5G terminal device 11 may further calculate a hash value of the public key PK and the IMEI of the 5G terminal device 11, and use the hash value as a Globally Unique temporary UE Identity (GUTI). That is, the temporary identifier of the 5G terminal device 11 is GUTI.
When the 5G new radio base station 12 receives the registration request of the 5G terminal device 11, the 5G new radio base station 12 may send the registration request to the AMF in the network 14, and the AMF detects whether a subscriber hidden Identifier (sui) corresponding to the operator B is included in the registration request. Since the 5G terminal device 11 is not inserted into the SIM card of the operator B, the 5G terminal device 11 cannot generate the SUCI corresponding to the operator B, that is, the registration request does not include the SUCI corresponding to the operator B. When the AMF determines that the registration request does not include the SUCI corresponding to the operator B, the AMF does not send an authentication application to the UDM, but notifies the SMF to assign the private IP address corresponding to the operator B to the 5G terminal device 11.
Further, the 5G new radio base station 12 may also transmit PK and GUTI to the temporary identity registration server 16, and transmit the public key of the temporary identity registration server 16 to the 5G terminal device 11.
When receiving the notification message of the AMF, the SMF allocates a private IP address corresponding to the operator B to the 5G terminal device 11, and determines that the default gateway address is the address of the UPF. The SMF sends the private IP address corresponding to the operator B to the 5G terminal device 11, and accordingly, the 5G terminal device 11 receives the private IP address corresponding to the operator B.
In addition, the SMF may also send the IP address of the temporary identity registration server 16 to the 5G terminal device 11. Accordingly, the 5G terminal device 11 receives the IP address of the temporary identity registration server 16.
The 5G terminal device 11 may start a browser installed in the 5G terminal device 11, and access the temporary identity registration server 16 according to the private IP address of the 5G terminal device 11 corresponding to the operator B and the IP address of the temporary identity registration server 16.
It is understood that the 5G terminal device 11 has two sets of IP addresses, one of which is an IP address (e.g., IPa) corresponding to the operator a, and the IP address is assigned to the 5G terminal device 11 by the network element of the operator a. The other IP address of the 5G terminal device 11 is a private IP address (e.g., IPb) corresponding to the operator B, that is, a private IP address assigned to the 5G terminal device 11 by the network element of the operator B. Before the identity information of the 5G terminal device 11 is authenticated by the network element of the operator B, the 5G terminal device 11 may use the IP address, i.e., IPa, allocated to the 5G terminal device 11 by the network element of the operator a, except for accessing the temporary identity registration server 16. After the identity information of the 5G terminal device 11 is authenticated by the network element of the operator B, the 5G terminal device 11 may use IPa and IPb at the same time. In addition, the 5G terminal device 11 may also use IPa and IPb by using other policies, for example, the 5G terminal device 11 may set the priority of IPa and IPb, and use IPa and IPb according to the priority. Alternatively, the 5G terminal device 11 may switch the setting of the priority according to different service types or different IP addresses of nodes that need to interact.
Specifically, the 5G terminal device 11 may perform identity authentication, service customization and online payment through the temporary identity registration server 16.
In the process that the 5G terminal device 11 performs identity authentication, service customization and online payment through the temporary identity registration server 16, the message sent by the 5G terminal device 11 to the temporary identity registration server 16 may be signed by the 5G terminal device 11 with a private key using SK, that is, the message sent by the 5G terminal device 11 to the temporary identity registration server 16 includes the private key signature of the 5G terminal device 11. After receiving the message sent by the 5G terminal device 11, the identity registration server 16 may verify the private key signature in the message by using the public key PK of the 5G terminal device 11. In addition, for the confidentiality of the communication between the 5G terminal device 11 and the temporary identity registration server 16, a session key for encrypting the content of the communication between the 5G terminal device 11 and the temporary identity registration server 16 may also be generated from PK and SK.
After the 5G terminal device 11 completes payment through the temporary identity registration server 16, the temporary identity registration server 16 adds information such as the temporary identity, the access right, the access time limit, and the like of the 5G terminal device 11 to the UDM. Further, the UDM may notify other functional modules such as SMF and UPF to perform access control according to a normal flow, so that the 5G terminal device 11 may access the 5G network.
In the embodiment of the invention, a 5G terminal device sends a registration request to a 5G new wireless base station of a first operator, the registration request comprises a temporary identifier of the 5G terminal device, the 5G terminal device only comprises a subscriber identity card of a second operator, and further, the 5G terminal device receives a private IP address allocated to the 5G terminal device by a session management function SMF and an IP address of a temporary identity registration server, so that the 5G terminal device can access the temporary identity registration server according to the private IP address and the IP address of the temporary identity registration server, and identity authentication, service customization and online payment are carried out by the temporary identity registration server, and the 5G terminal device can access a 5G network of the first operator under the condition that an SIM card of the first operator is not inserted.
Fig. 4 is a schematic structural diagram of a 5G terminal device according to an embodiment of the present invention. The 5G terminal device provided in the embodiment of the present invention may execute the processing procedure provided in the 5G communication identity authentication method embodiment, and as shown in fig. 4, the 5G terminal device 40 includes: memory 41, processor 42, computer programs and communication interface 43; wherein the computer program is stored in the memory 41 and is configured to be executed by the processor 42 for: sending a registration request to a 5G new wireless base station of a first operator through the communication interface, wherein the registration request comprises a temporary identifier of the 5G terminal equipment, and the 5G terminal equipment comprises a subscriber identity card of a second operator; receiving a private IP address distributed to the 5G terminal equipment by a Session Management Function (SMF) through the communication interface; receiving the IP address of the temporary identity registration server sent by the SMF through the communication interface; accessing the temporary identity registration server according to the private IP address and the IP address of the temporary identity registration server; and performing identity authentication, service customization and online payment through the temporary identity registration server.
Optionally, before the processor sends the registration request to the 5G new radio base station of the first operator through the communication interface, the processor is further configured to: generating a public key and a private key corresponding to the temporary identity; the temporary identifier comprises the public key, the IMEI of the 5G terminal equipment, or a hash value calculated according to the public key and the IMEI of the 5G terminal equipment.
Optionally, in the process that the 5G terminal device performs identity authentication, service customization and online payment through the temporary identity registration server, the message sent by the 5G terminal device to the temporary identity registration server includes the private key signature of the 5G terminal device, and the temporary identity registration server verifies the private key signature by using the public key.
The 5G terminal device in the embodiment shown in fig. 4 may be configured to execute the technical solution of the method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 5 is a schematic structural diagram of a 5G new wireless base station according to an embodiment of the present invention. As shown in fig. 5, the 5G new wireless base station 50 according to the embodiment of the present invention may execute the processing procedure provided in the 5G communication identity authentication method embodiment, where: memory 51, processor 52, computer programs and communication interface 53; wherein the computer program is stored in the memory 51 and is configured to be executed by the processor 52 for: receiving a registration request of 5G terminal equipment through the communication interface, wherein the registration request comprises a temporary identifier of the 5G terminal equipment, and the 5G terminal equipment comprises a Subscriber Identity Module (SIM) card of a second operator; sending the registration request to an access and mobility management function (AMF) through the communication interface, wherein the AMF is used for verifying whether the registration request comprises a user hidden identifier, and if no user hidden identifier exists in the registration request, the AMF is used for indicating the SMF to allocate a private IP address to the 5G terminal equipment; and sending the public key of the 5G terminal equipment and the temporary identifier to a temporary identity registration server through the communication interface so that the 5G terminal equipment is accessed to a 5G network through the temporary identity registration server.
Optionally, the temporary identifier includes the public key, the IMEI of the 5G terminal device, or a hash value calculated according to the public key and the IMEI of the 5G terminal device.
The 5G new radio base station in the embodiment shown in fig. 5 can be used to implement the technical solution of the above method embodiment, and the implementation principle and technical effect are similar, and are not described herein again.
In addition, the embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the 5G communication authentication method described in the foregoing embodiment.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (11)
1. A5G communication identity authentication method is characterized by comprising the following steps:
the method comprises the steps that 5G terminal equipment sends a registration request to a 5G new wireless base station of a first operator, wherein the registration request comprises a temporary identifier of the 5G terminal equipment, and the 5G terminal equipment comprises a subscriber identity card of a second operator;
the 5G terminal equipment receives a private IP address distributed to the 5G terminal equipment by a Session Management Function (SMF);
the 5G terminal equipment receives the IP address of the temporary identity registration server sent by the SMF;
the 5G terminal equipment accesses the temporary identity registration server according to the private IP address and the IP address of the temporary identity registration server;
and the 5G terminal equipment performs identity authentication, service customization and online payment through the temporary identity registration server.
2. The method of claim 1, wherein before the 5G terminal device sends a registration request to a 5G new radio base station of the first operator, the method further comprises:
the 5G terminal equipment generates a public key and a private key corresponding to the temporary identity;
the temporary identifier comprises the public key, the International Mobile Equipment Identity (IMEI) of the 5G terminal equipment, or a hash value calculated according to the public key and the IMEI of the 5G terminal equipment.
3. The method according to claim 2, wherein during the processes of identity authentication, service customization and online payment of the 5G terminal device by the temporary identity registration server, the message sent by the 5G terminal device to the temporary identity registration server includes a private key signature of the 5G terminal device, and the temporary identity registration server adopts the public key to verify the private key signature.
4. A5G communication identity authentication method is characterized by comprising the following steps:
a 5G new wireless base station of a first operator receives a registration request of a 5G terminal device, wherein the registration request comprises a temporary identifier of the 5G terminal device, and the 5G terminal device comprises a subscriber identity card of a second operator;
the 5G new wireless base station sends the registration request to an access and mobility management function (AMF), wherein the AMF is used for verifying whether the registration request comprises a user hidden identifier, and if no user hidden identifier exists in the registration request, the AMF is used for indicating an SMF to allocate a private IP address to the 5G terminal equipment;
and the 5G new wireless base station sends the public key of the 5G terminal equipment and the temporary identifier to a temporary identity registration server so that the 5G terminal equipment is accessed to a 5G network through the temporary identity registration server.
5. The method according to claim 4, wherein the temporary identity comprises the public key, the IMEI of the 5G terminal device, or a hash value calculated from the public key and the IMEI of the 5G terminal device.
6. A5G terminal device, comprising:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
sending a registration request to a 5G new wireless base station of a first operator through the communication interface, wherein the registration request comprises a temporary identifier of the 5G terminal equipment, and the 5G terminal equipment comprises a subscriber identity card of a second operator;
receiving a private IP address distributed to the 5G terminal equipment by a Session Management Function (SMF) through the communication interface;
receiving the IP address of the temporary identity registration server sent by the SMF through the communication interface;
accessing the temporary identity registration server according to the private IP address and the IP address of the temporary identity registration server;
and performing identity authentication, service customization and online payment through the temporary identity registration server.
7. The 5G terminal device of claim 6, wherein before sending the registration request to the 5G new radio base station of the first operator via the communication interface, the processor is further configured to:
generating a public key and a private key corresponding to the temporary identity;
the temporary identifier comprises the public key, the IMEI of the 5G terminal equipment, or a hash value calculated according to the public key and the IMEI of the 5G terminal equipment.
8. The 5G terminal device according to claim 7, wherein in the process of identity authentication, service customization and online payment by the 5G terminal device through the temporary identity registration server, the message sent by the 5G terminal device to the temporary identity registration server includes a private key signature of the 5G terminal device, and the temporary identity registration server adopts the public key to verify the private key signature.
9. A5G new radio base station, wherein the 5G new radio base station belongs to a first operator, and wherein the 5G new radio base station comprises:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
receiving a registration request of 5G terminal equipment through the communication interface, wherein the registration request comprises a temporary identifier of the 5G terminal equipment, and the 5G terminal equipment comprises a Subscriber Identity Module (SIM) card of a second operator;
sending the registration request to an access and mobility management function (AMF) through the communication interface, wherein the AMF is used for verifying whether the registration request comprises a user hidden identifier, and if no user hidden identifier exists in the registration request, the AMF is used for indicating the SMF to allocate a private IP address to the 5G terminal equipment;
and sending the public key of the 5G terminal equipment and the temporary identifier to a temporary identity registration server through the communication interface so that the 5G terminal equipment is accessed to a 5G network through the temporary identity registration server.
10. The new 5G radio base station according to claim 9, characterised in that the temporary identity comprises the public key, the IMEI of the 5G terminal device, or a hash value calculated from the public key and the IMEI of the 5G terminal device.
11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911402046.5A CN110944319B (en) | 2019-12-30 | 2019-12-30 | 5G communication identity verification method, equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911402046.5A CN110944319B (en) | 2019-12-30 | 2019-12-30 | 5G communication identity verification method, equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110944319A true CN110944319A (en) | 2020-03-31 |
CN110944319B CN110944319B (en) | 2023-08-08 |
Family
ID=69913819
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911402046.5A Active CN110944319B (en) | 2019-12-30 | 2019-12-30 | 5G communication identity verification method, equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110944319B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111464963A (en) * | 2020-04-01 | 2020-07-28 | 中国联合网络通信集团有限公司 | Registration method of card-free terminal and identity registration server |
CN111464964A (en) * | 2020-04-01 | 2020-07-28 | 中国联合网络通信集团有限公司 | Call addressing method and device |
CN111970681A (en) * | 2020-08-26 | 2020-11-20 | 中国联合网络通信集团有限公司 | Equipment identification method and device |
CN114979079A (en) * | 2021-02-18 | 2022-08-30 | ***通信有限公司研究院 | Information processing method, device, related equipment and storage medium |
WO2024065339A1 (en) * | 2022-09-28 | 2024-04-04 | 北京小米移动软件有限公司 | Network satellite coverage data authorization method, device, and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108768961A (en) * | 2018-05-11 | 2018-11-06 | 中国联合网络通信集团有限公司 | storage processing method and home gateway |
US20190174449A1 (en) * | 2018-02-09 | 2019-06-06 | Intel Corporation | Technologies to authorize user equipment use of local area data network features and control the size of local area data network information in access and mobility management function |
WO2019120554A1 (en) * | 2017-12-21 | 2019-06-27 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods and apparatus for registering an ims subscriber using temporary identifiers |
-
2019
- 2019-12-30 CN CN201911402046.5A patent/CN110944319B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019120554A1 (en) * | 2017-12-21 | 2019-06-27 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods and apparatus for registering an ims subscriber using temporary identifiers |
US20190174449A1 (en) * | 2018-02-09 | 2019-06-06 | Intel Corporation | Technologies to authorize user equipment use of local area data network features and control the size of local area data network information in access and mobility management function |
CN108768961A (en) * | 2018-05-11 | 2018-11-06 | 中国联合网络通信集团有限公司 | storage processing method and home gateway |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111464963A (en) * | 2020-04-01 | 2020-07-28 | 中国联合网络通信集团有限公司 | Registration method of card-free terminal and identity registration server |
CN111464964A (en) * | 2020-04-01 | 2020-07-28 | 中国联合网络通信集团有限公司 | Call addressing method and device |
CN111970681A (en) * | 2020-08-26 | 2020-11-20 | 中国联合网络通信集团有限公司 | Equipment identification method and device |
CN114979079A (en) * | 2021-02-18 | 2022-08-30 | ***通信有限公司研究院 | Information processing method, device, related equipment and storage medium |
WO2024065339A1 (en) * | 2022-09-28 | 2024-04-04 | 北京小米移动软件有限公司 | Network satellite coverage data authorization method, device, and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110944319B (en) | 2023-08-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110944319B (en) | 5G communication identity verification method, equipment and storage medium | |
CN111050324B (en) | 5G terminal equipment access method, equipment and storage medium | |
US8706085B2 (en) | Method and apparatus for authenticating communication device | |
JP6602475B2 (en) | Method, device and system for authenticating to mobile network, and server for authenticating device to mobile network | |
CN107094127B (en) | Processing method and device, and obtaining method and device of security information | |
CN106851632A (en) | A kind of smart machine accesses the method and device of WLAN | |
CN111262865B (en) | Method, device and system for making access control strategy | |
CN111083695B (en) | 5G communication card-free access method, equipment and storage medium | |
CN111132305B (en) | Method for 5G user terminal to access 5G network, user terminal equipment and medium | |
CN111132165B (en) | 5G communication card-free access method, equipment and storage medium based on block chain | |
CN108616805B (en) | Emergency number configuration and acquisition method and device | |
WO2018045983A1 (en) | Information processing method and device, and network system | |
CN106535156B (en) | Virtual subscriber identity module card migration method, terminal, server and system | |
CN108243631B (en) | Network access method and equipment | |
CN111093196B (en) | Method for 5G user terminal to access 5G network, user terminal equipment and medium | |
CN111132155B (en) | 5G secure communication method, device and storage medium | |
CN111148098A (en) | 5G terminal equipment registration method, equipment and storage medium | |
CN111107550A (en) | Dual-channel access registration method and device for 5G terminal equipment and storage medium | |
CN114338132B (en) | Secret-free login method, client application, operator server and electronic equipment | |
CN103049693B (en) | Method, Apparatus and system that a kind of application program uses | |
CN111065092A (en) | 5G communication information encryption and decryption method, equipment and storage medium | |
CN111083700A (en) | 5G terminal equipment access method, equipment and storage medium based on block chain | |
WO2022270228A1 (en) | Device and method for providing communication service for accessing ip network, and program therefor | |
CN113347627B (en) | Wireless network access method, device and mobile terminal | |
JP7076050B1 (en) | Devices, methods and programs for providing communication services to access IP networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |