CN110944319A - 5G communication identity authentication method, equipment and storage medium - Google Patents

5G communication identity authentication method, equipment and storage medium Download PDF

Info

Publication number
CN110944319A
CN110944319A CN201911402046.5A CN201911402046A CN110944319A CN 110944319 A CN110944319 A CN 110944319A CN 201911402046 A CN201911402046 A CN 201911402046A CN 110944319 A CN110944319 A CN 110944319A
Authority
CN
China
Prior art keywords
terminal device
operator
terminal equipment
registration server
temporary
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911402046.5A
Other languages
Chinese (zh)
Other versions
CN110944319B (en
Inventor
任雪峰
董惠勤
路成业
王凌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Full Chain Communication Information Technology Co Ltd
Original Assignee
Jiangsu Full Chain Communication Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Full Chain Communication Information Technology Co Ltd filed Critical Jiangsu Full Chain Communication Information Technology Co Ltd
Priority to CN201911402046.5A priority Critical patent/CN110944319B/en
Publication of CN110944319A publication Critical patent/CN110944319A/en
Application granted granted Critical
Publication of CN110944319B publication Critical patent/CN110944319B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/183Processing at user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W60/00Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention provides a 5G communication identity authentication method, equipment and a storage medium. In the embodiment of the invention, a 5G terminal device sends a registration request to a 5G new wireless base station of a first operator, the registration request comprises a temporary identifier of the 5G terminal device, the 5G terminal device only comprises a subscriber identity card of a second operator, and further, the 5G terminal device receives a private IP address allocated to the 5G terminal device by a session management function SMF and an IP address of a temporary identity registration server, so that the 5G terminal device can access the temporary identity registration server according to the private IP address and the IP address of the temporary identity registration server, and identity authentication, service customization and online payment are carried out by the temporary identity registration server, and the 5G terminal device can access a 5G network of the first operator under the condition that an SIM card of the first operator is not inserted.

Description

5G communication identity authentication method, equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a 5G communication identity authentication method, equipment and a storage medium.
Background
In the current 5G network, if a terminal device needs to access the 5G network, a user of the terminal device needs to go to a business office to handle a Subscriber Identity Module (SIM) card. Since the mobile network defaults that all terminal devices can be called and addressed, if the terminal device does not have an SIM card, the terminal device cannot obtain globally unique identity, and cannot finish terminal device access authentication, so that the terminal device cannot enjoy any 5G service.
In the prior art, a terminal device may have installed a SIM card of a certain operator, but since the terminal device has not installed SIM cards of other operators, the terminal device cannot enjoy services provided by other operators. However, the terminal device may only need services provided by other operators and does not want to handle SIM cards of other operators, so how to allow the user to freely select an operator without handling the SIM card of the operator becomes an urgent problem to be solved.
Disclosure of Invention
The embodiment of the invention provides a 5G communication identity authentication method, equipment and a storage medium, so that 5G terminal equipment can access a 5G network of a first operator under the condition that a SIM card of the first operator is not inserted.
In a first aspect, an embodiment of the present invention provides a 5G communication identity authentication method, including:
the method comprises the steps that 5G terminal equipment sends a registration request to a 5G new wireless base station of a first operator, wherein the registration request comprises a temporary identifier of the 5G terminal equipment, and the 5G terminal equipment comprises a subscriber identity card of a second operator;
the 5G terminal equipment receives a private IP address distributed to the 5G terminal equipment by a Session Management Function (SMF);
the 5G terminal equipment receives the IP address of the temporary identity registration server sent by the SMF;
the 5G terminal equipment accesses the temporary identity registration server according to the private IP address and the IP address of the temporary identity registration server;
and the 5G terminal equipment performs identity authentication, service customization and online payment through the temporary identity registration server.
In a second aspect, an embodiment of the present invention provides a 5G communication identity authentication method, including:
a 5G new wireless base station of a first operator receives a registration request of a 5G terminal device, wherein the registration request comprises a temporary identifier of the 5G terminal device, and the 5G terminal device comprises a subscriber identity card of a second operator;
the 5G new wireless base station sends the registration request to an access and mobility management function (AMF), wherein the AMF is used for verifying whether the registration request comprises a user hidden identifier, and if no user hidden identifier exists in the registration request, the AMF is used for indicating an SMF to allocate a private IP address to the 5G terminal equipment;
and the 5G new wireless base station sends the public key of the 5G terminal equipment and the temporary identifier to a temporary identity registration server so that the 5G terminal equipment is accessed to a 5G network through the temporary identity registration server.
In a third aspect, an embodiment of the present invention provides a 5G terminal device, including:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
sending a registration request to a 5G new wireless base station of a first operator through the communication interface, wherein the registration request comprises a temporary identifier of the 5G terminal equipment, and the 5G terminal equipment comprises a subscriber identity card of a second operator;
receiving a private IP address distributed to the 5G terminal equipment by a Session Management Function (SMF) through the communication interface;
receiving the IP address of the temporary identity registration server sent by the SMF through the communication interface;
accessing the temporary identity registration server according to the private IP address and the IP address of the temporary identity registration server;
and performing identity authentication, service customization and online payment through the temporary identity registration server.
In a fourth aspect, an embodiment of the present invention provides a 5G new radio base station, the 5G new radio base station belonging to a first operator, the 5G new radio base station including:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
receiving a registration request of 5G terminal equipment through the communication interface, wherein the registration request comprises a temporary identifier of the 5G terminal equipment, and the 5G terminal equipment comprises a Subscriber Identity Module (SIM) card of a second operator;
sending the registration request to an access and mobility management function (AMF) through the communication interface, wherein the AMF is used for verifying whether the registration request comprises a user hidden identifier, and if no user hidden identifier exists in the registration request, the AMF is used for indicating the SMF to allocate a private IP address to the 5G terminal equipment;
and sending the public key of the 5G terminal equipment and the temporary identifier to a temporary identity registration server through the communication interface so that the 5G terminal equipment is accessed to a 5G network through the temporary identity registration server.
In a fifth aspect, the present invention provides a computer-readable storage medium, on which a computer program is stored, the computer program being executed by a processor to implement the method of the first aspect or the second aspect.
The 5G communication identity authentication method, the equipment and the storage medium provided by the embodiment of the invention send a registration request to the 5G new wireless base station of the first operator through the 5G terminal equipment, the registration request comprises the temporary identity of the 5G terminal device, the 5G terminal device only comprises a subscriber identity card of the second operator, further, the 5G terminal device receives the private IP address allocated to the 5G terminal device by the session management function SMF and the IP address of the temporary identity registration server, so that the 5G terminal device can access the temporary identity registration server based on the private IP address and the IP address of the temporary identity registration server, and the temporary identity registration server is used for identity authentication, service customization and online payment, therefore, the 5G terminal equipment can access the 5G network of the first operator under the condition that the SIM card of the first operator is not inserted.
Drawings
Fig. 1 is a schematic diagram of a communication system according to an embodiment of the present invention;
fig. 2 is a flowchart of a 5G communication authentication method according to an embodiment of the present invention;
fig. 3 is a flowchart of a 5G communication authentication method according to another embodiment of the present invention;
fig. 4 is a schematic structural diagram of a 5G terminal device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a 5G new wireless base station according to an embodiment of the present invention.
With the foregoing drawings in mind, certain embodiments of the disclosure have been shown and described in more detail below. These drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the concepts of the disclosure to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
The 5G communication identity authentication method provided by the embodiment of the invention can be applied to the communication system shown in figure 1. As shown in fig. 1, the communication system includes: the mobile terminal includes 5G terminal equipment 11, a 5G new wireless base station 12, a User plane network element Function (UPF) 13, a network element 14, a Unified Data Management (UDM) Function 15, a temporary identity registration server 16, and a Data network, where the network element 14 may include an access and Mobility Management Function (AMF) and a Session Management Function (SMF). In some embodiments, the AMF and SMF may be deployed in different devices, respectively. The 5G New Radio base station is a New Radio Access Technology (NR) base station (gNB) of 5G.
It is to be understood that this is by way of illustration only. The temporary identity registration server can be one or a plurality of cloud servers, the cloud servers are a server cluster, a plurality of servers are similar to a universal computer framework, and the cloud servers comprise a processor, a hard disk, a memory, a system bus and the like. The 5G terminal device 11 is, for example, a smart phone, a tablet computer, or the like.
The 5G communication identity authentication method provided by the embodiment of the invention aims to solve the technical problems in the prior art.
The following describes the technical solutions of the present invention and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present invention will be described below with reference to the accompanying drawings.
Fig. 2 is a flowchart of a 5G communication authentication method according to an embodiment of the present invention. The embodiment of the invention provides a 5G communication identity authentication method aiming at the technical problems in the prior art, and the method comprises the following specific steps:
step 201, the 5G terminal device sends a registration request to the 5G new wireless base station of the first operator, where the registration request includes the temporary identifier of the 5G terminal device, and the 5G terminal device includes the subscriber identity card of the second operator.
Optionally, before the 5G terminal device sends the registration request to the 5G new radio base station of the first operator, the method further includes: the 5G terminal equipment generates a public key and a private key corresponding to the temporary identity; the temporary identifier includes the public key, an International Mobile Equipment Identity (IMEI) of the 5G terminal device, or a hash value calculated according to the public key and the IMEI of the 5G terminal device.
In the embodiment of the present application, the 5G terminal device 11 shown in fig. 1 is only inserted with the SIM card of the operator a, that is, the 5G terminal device 11 may access the 5G network of the operator a. In some scenarios, the 5G terminal device 11 may need to access the 5G network of another operator, e.g. the 5G terminal device 11 may need to access the 5G network of operator B. In this embodiment, the 5G terminal device 11 may install a 5G network operator selection Application (APP), and the APP may be used for the 5G terminal device 11 to switch to select an operator. After the 5G terminal device 11 starts the application, the 5G terminal device 11 searches for signals of surrounding 5G new wireless base stations, and displays identification information of an operator to which the 5G new wireless base stations searched by the 5G terminal device 11 belong, it can be understood that the 5G terminal device 11 can not only search for the 5G new wireless base stations of the operator a, but also detect the 5G new wireless base stations of other surrounding operators. If the 5G terminal device 11 displays the identification information of the operator B, the user may select the identification information of the operator B on the 5G terminal device 11. The 5G terminal apparatus 11 can access the 5G network of the operator B through the 5G new radio base station of the operator B according to the selection operation of the user. Specifically, the 5G terminal device 11 accesses the 5G network of the operator B with the temporary identity. In this embodiment, operator B may be denoted as a first operator, and operator a may be denoted as a second operator. In addition, as shown in fig. 1, the new 5G radio base station 12, a User Plane network element Function (UPF) 13, a network element 14, a Unified User Data Management (UDM) Function 15, and a data network belong to the operator B.
Specifically, in the process that the 5G terminal device 11 accesses the 5G network of the operator B with the temporary identity, the 5G terminal device 11 may generate a public key and a private key corresponding to the temporary identity, where the public key is denoted as PK and the private key is denoted as SK. Further, the 5G terminal device 11 may prompt the user to enter a password, which may be used to encrypt the SK, and the encrypted SK may be stored locally at the 5G terminal device 11.
Specifically, after the user of the 5G terminal device 11 selects the identification information of the operator B, the 5G terminal device 11 may send a registration request to the 5G new wireless base station of the operator B, and specifically, the registration request is applied for the temporary identity of the 5G terminal device 11. The registration request includes the temporary identification of the 5G terminal device 11. The 5G new radio base station of the operator B may be the 5G new radio base station 12 shown in fig. 1.
In one possible approach, the temporary identifier of the 5G terminal device 11 is the public key PK generated by the 5G terminal device 11 as described above. That is, the public key PK may serve as a unique temporary identification for the user of the 5G terminal device 11.
In another possible approach, the temporary identity of the 5G terminal equipment 11 is the IMEI of the 5G terminal equipment 11.
In yet another possible manner, the 5G terminal device 11 may further calculate a hash value of the public key PK and the IMEI of the 5G terminal device 11, and use the hash value as a Globally Unique temporary UE Identity (GUTI). That is, the temporary identifier of the 5G terminal device 11 is GUTI.
When the 5G new radio base station 12 receives the registration request of the 5G terminal device 11, the 5G new radio base station 12 may send the registration request to the AMF in the network 14, and the AMF detects whether a subscriber hidden Identifier (sui) corresponding to the operator B is included in the registration request. Since the 5G terminal device 11 is not inserted into the SIM card of the operator B, the 5G terminal device 11 cannot generate the SUCI corresponding to the operator B, that is, the registration request does not include the SUCI corresponding to the operator B. When the AMF determines that the registration request does not include the SUCI corresponding to the operator B, the AMF does not send an authentication application to the UDM, but notifies the SMF to assign the private IP address corresponding to the operator B to the 5G terminal device 11.
Further, the 5G new radio base station 12 may also transmit PK and GUTI to the temporary identity registration server 16, and transmit the public key of the temporary identity registration server 16 to the 5G terminal device 11.
Step 202, the 5G terminal device receives the private IP address allocated to the 5G terminal device by the session management function SMF.
When receiving the notification message of the AMF, the SMF allocates a private IP address corresponding to the operator B to the 5G terminal device 11, and determines that the default gateway address is the address of the UPF. The SMF sends the private IP address corresponding to the operator B to the 5G terminal device 11, and accordingly, the 5G terminal device 11 receives the private IP address corresponding to the operator B.
And 203, the 5G terminal device receives the IP address of the temporary identity registration server sent by the SMF.
In addition, the SMF may also send the IP address of the temporary identity registration server 16 to the 5G terminal device 11. Accordingly, the 5G terminal device 11 receives the IP address of the temporary identity registration server 16.
And step 204, the 5G terminal equipment accesses the temporary identity registration server according to the private IP address and the IP address of the temporary identity registration server.
The 5G terminal device 11 may start a browser installed in the 5G terminal device 11, and access the temporary identity registration server 16 according to the private IP address of the 5G terminal device 11 corresponding to the operator B and the IP address of the temporary identity registration server 16.
It is understood that the 5G terminal device 11 has two sets of IP addresses, one of which is an IP address (e.g., IPa) corresponding to the operator a, and the IP address is assigned to the 5G terminal device 11 by the network element of the operator a. The other IP address of the 5G terminal device 11 is a private IP address (e.g., IPb) corresponding to the operator B, that is, a private IP address assigned to the 5G terminal device 11 by the network element of the operator B. Before the identity information of the 5G terminal device 11 is authenticated by the network element of the operator B, the 5G terminal device 11 may use the IP address, i.e., IPa, allocated to the 5G terminal device 11 by the network element of the operator a, except for accessing the temporary identity registration server 16. After the identity information of the 5G terminal device 11 is authenticated by the network element of the operator B, the 5G terminal device 11 may use IPa and IPb at the same time. In addition, the 5G terminal device 11 may also use IPa and IPb by using other policies, for example, the 5G terminal device 11 may set the priority of IPa and IPb, and use IPa and IPb according to the priority. Alternatively, the 5G terminal device 11 may switch the setting of the priority according to different service types or different IP addresses of nodes that need to interact.
And step 205, the 5G terminal equipment performs identity authentication, service customization and online payment through the temporary identity registration server.
Specifically, the 5G terminal device 11 may perform identity authentication, service customization and online payment through the temporary identity registration server 16.
Optionally, in the process that the 5G terminal device performs identity authentication, service customization and online payment through the temporary identity registration server, the message sent by the 5G terminal device to the temporary identity registration server includes the private key signature of the 5G terminal device, and the temporary identity registration server verifies the private key signature by using the public key.
In the process that the 5G terminal device 11 performs identity authentication, service customization and online payment through the temporary identity registration server 16, the message sent by the 5G terminal device 11 to the temporary identity registration server 16 may be signed by the 5G terminal device 11 with a private key using SK, that is, the message sent by the 5G terminal device 11 to the temporary identity registration server 16 includes the private key signature of the 5G terminal device 11. After receiving the message sent by the 5G terminal device 11, the identity registration server 16 may verify the private key signature in the message by using the public key PK of the 5G terminal device 11. In addition, for the confidentiality of the communication between the 5G terminal device 11 and the temporary identity registration server 16, a session key for encrypting the content of the communication between the 5G terminal device 11 and the temporary identity registration server 16 may also be generated from PK and SK.
After the 5G terminal device 11 completes payment through the temporary identity registration server 16, the temporary identity registration server 16 adds information such as the temporary identity, the access right, the access time limit, and the like of the 5G terminal device 11 to the UDM. Further, the UDM may notify other functional modules such as SMF and UPF to perform access control according to a normal flow, so that the 5G terminal device 11 may access the 5G network.
In the embodiment of the invention, a 5G terminal device sends a registration request to a 5G new wireless base station of a first operator, the registration request comprises a temporary identifier of the 5G terminal device, the 5G terminal device only comprises a subscriber identity card of a second operator, and further, the 5G terminal device receives a private IP address allocated to the 5G terminal device by a session management function SMF and an IP address of a temporary identity registration server, so that the 5G terminal device can access the temporary identity registration server according to the private IP address and the IP address of the temporary identity registration server, and identity authentication, service customization and online payment are carried out by the temporary identity registration server, and the 5G terminal device can access a 5G network of the first operator under the condition that an SIM card of the first operator is not inserted.
Fig. 3 is a flowchart of a 5G communication authentication method according to another embodiment of the present invention. On the basis of the foregoing embodiment, the 5G communication authentication method provided in this embodiment specifically includes the following steps:
step 301, a 5G new wireless base station of a first operator receives a registration request of a 5G terminal device, where the registration request includes a temporary identifier of the 5G terminal device, and the 5G terminal device includes a subscriber identity card of a second operator.
Optionally, the temporary identifier includes the public key, the IMEI of the 5G terminal device, or a hash value calculated according to the public key and the IMEI of the 5G terminal device.
In the embodiment of the present application, the 5G terminal device 11 shown in fig. 1 is only inserted with the SIM card of the operator a, that is, the 5G terminal device 11 may access the 5G network of the operator a. In some scenarios, the 5G terminal device 11 may need to access the 5G network of another operator, e.g. the 5G terminal device 11 may need to access the 5G network of operator B. In this embodiment, the 5G terminal device 11 may install a 5G network operator selection Application (APP), and the APP may be used for the 5G terminal device 11 to switch to select an operator. After the 5G terminal device 11 starts the application, the 5G terminal device 11 searches for signals of surrounding 5G new wireless base stations, and displays identification information of an operator to which the 5G new wireless base stations searched by the 5G terminal device 11 belong, it can be understood that the 5G terminal device 11 can not only search for the 5G new wireless base stations of the operator a, but also detect the 5G new wireless base stations of other surrounding operators. If the 5G terminal device 11 displays the identification information of the operator B, the user may select the identification information of the operator B on the 5G terminal device 11. The 5G terminal apparatus 11 can access the 5G network of the operator B through the 5G new radio base station of the operator B according to the selection operation of the user. Specifically, the 5G terminal device 11 accesses the 5G network of the operator B with the temporary identity. In this embodiment, operator B may be denoted as a first operator, and operator a may be denoted as a second operator. In addition, as shown in fig. 1, the 5G new radio base station 12, a User Plane network element Function (UPF) 13, a network element 14, a Unified User Data Management (UDM) Function 15, a temporary identity registration server 16, and a data network belong to the operator B.
Specifically, in the process that the 5G terminal device 11 accesses the 5G network of the operator B with the temporary identity, the 5G terminal device 11 may generate a public key and a private key corresponding to the temporary identity, where the public key is denoted as PK and the private key is denoted as SK. Further, the 5G terminal device 11 may prompt the user to enter a password, which may be used to encrypt the SK, and the encrypted SK may be stored locally at the 5G terminal device 11.
Specifically, after the user of the 5G terminal device 11 selects the identification information of the operator B, the 5G terminal device 11 may send a registration request to the 5G new wireless base station of the operator B, and specifically, the registration request is applied for the temporary identity of the 5G terminal device 11. The registration request includes the temporary identification of the 5G terminal device 11. The 5G new radio base station of the operator B may be the 5G new radio base station 12 shown in fig. 1.
In one possible approach, the temporary identifier of the 5G terminal device 11 is the public key PK generated by the 5G terminal device 11 as described above. That is, the public key PK may serve as a unique temporary identification for the user of the 5G terminal device 11.
In another possible approach, the temporary identity of the 5G terminal equipment 11 is the IMEI of the 5G terminal equipment 11.
In yet another possible manner, the 5G terminal device 11 may further calculate a hash value of the public key PK and the IMEI of the 5G terminal device 11, and use the hash value as a Globally Unique temporary UE Identity (GUTI). That is, the temporary identifier of the 5G terminal device 11 is GUTI.
Step 302, the 5G new radio base station sends the registration request to an access and mobility management function AMF, where the AMF is configured to verify whether the registration request includes a hidden user identifier, and if the registration request does not include a hidden user identifier, the AMF is configured to instruct an SMF to allocate a private IP address to the 5G terminal device.
When the 5G new radio base station 12 receives the registration request of the 5G terminal device 11, the 5G new radio base station 12 may send the registration request to the AMF in the network 14, and the AMF detects whether a subscriber hidden Identifier (sui) corresponding to the operator B is included in the registration request. Since the 5G terminal device 11 is not inserted into the SIM card of the operator B, the 5G terminal device 11 cannot generate the SUCI corresponding to the operator B, that is, the registration request does not include the SUCI corresponding to the operator B. When the AMF determines that the registration request does not include the SUCI corresponding to the operator B, the AMF does not send an authentication application to the UDM, but notifies the SMF to assign the private IP address corresponding to the operator B to the 5G terminal device 11.
Further, the 5G new radio base station 12 may also transmit PK and GUTI to the temporary identity registration server 16, and transmit the public key of the temporary identity registration server 16 to the 5G terminal device 11.
When receiving the notification message of the AMF, the SMF allocates a private IP address corresponding to the operator B to the 5G terminal device 11, and determines that the default gateway address is the address of the UPF. The SMF sends the private IP address corresponding to the operator B to the 5G terminal device 11, and accordingly, the 5G terminal device 11 receives the private IP address corresponding to the operator B.
In addition, the SMF may also send the IP address of the temporary identity registration server 16 to the 5G terminal device 11. Accordingly, the 5G terminal device 11 receives the IP address of the temporary identity registration server 16.
Step 303, the 5G new wireless base station sends the public key of the 5G terminal device and the temporary identifier to a temporary identity registration server, so that the 5G terminal device accesses the 5G network through the temporary identity registration server.
The 5G terminal device 11 may start a browser installed in the 5G terminal device 11, and access the temporary identity registration server 16 according to the private IP address of the 5G terminal device 11 corresponding to the operator B and the IP address of the temporary identity registration server 16.
It is understood that the 5G terminal device 11 has two sets of IP addresses, one of which is an IP address (e.g., IPa) corresponding to the operator a, and the IP address is assigned to the 5G terminal device 11 by the network element of the operator a. The other IP address of the 5G terminal device 11 is a private IP address (e.g., IPb) corresponding to the operator B, that is, a private IP address assigned to the 5G terminal device 11 by the network element of the operator B. Before the identity information of the 5G terminal device 11 is authenticated by the network element of the operator B, the 5G terminal device 11 may use the IP address, i.e., IPa, allocated to the 5G terminal device 11 by the network element of the operator a, except for accessing the temporary identity registration server 16. After the identity information of the 5G terminal device 11 is authenticated by the network element of the operator B, the 5G terminal device 11 may use IPa and IPb at the same time. In addition, the 5G terminal device 11 may also use IPa and IPb by using other policies, for example, the 5G terminal device 11 may set the priority of IPa and IPb, and use IPa and IPb according to the priority. Alternatively, the 5G terminal device 11 may switch the setting of the priority according to different service types or different IP addresses of nodes that need to interact.
Specifically, the 5G terminal device 11 may perform identity authentication, service customization and online payment through the temporary identity registration server 16.
In the process that the 5G terminal device 11 performs identity authentication, service customization and online payment through the temporary identity registration server 16, the message sent by the 5G terminal device 11 to the temporary identity registration server 16 may be signed by the 5G terminal device 11 with a private key using SK, that is, the message sent by the 5G terminal device 11 to the temporary identity registration server 16 includes the private key signature of the 5G terminal device 11. After receiving the message sent by the 5G terminal device 11, the identity registration server 16 may verify the private key signature in the message by using the public key PK of the 5G terminal device 11. In addition, for the confidentiality of the communication between the 5G terminal device 11 and the temporary identity registration server 16, a session key for encrypting the content of the communication between the 5G terminal device 11 and the temporary identity registration server 16 may also be generated from PK and SK.
After the 5G terminal device 11 completes payment through the temporary identity registration server 16, the temporary identity registration server 16 adds information such as the temporary identity, the access right, the access time limit, and the like of the 5G terminal device 11 to the UDM. Further, the UDM may notify other functional modules such as SMF and UPF to perform access control according to a normal flow, so that the 5G terminal device 11 may access the 5G network.
In the embodiment of the invention, a 5G terminal device sends a registration request to a 5G new wireless base station of a first operator, the registration request comprises a temporary identifier of the 5G terminal device, the 5G terminal device only comprises a subscriber identity card of a second operator, and further, the 5G terminal device receives a private IP address allocated to the 5G terminal device by a session management function SMF and an IP address of a temporary identity registration server, so that the 5G terminal device can access the temporary identity registration server according to the private IP address and the IP address of the temporary identity registration server, and identity authentication, service customization and online payment are carried out by the temporary identity registration server, and the 5G terminal device can access a 5G network of the first operator under the condition that an SIM card of the first operator is not inserted.
Fig. 4 is a schematic structural diagram of a 5G terminal device according to an embodiment of the present invention. The 5G terminal device provided in the embodiment of the present invention may execute the processing procedure provided in the 5G communication identity authentication method embodiment, and as shown in fig. 4, the 5G terminal device 40 includes: memory 41, processor 42, computer programs and communication interface 43; wherein the computer program is stored in the memory 41 and is configured to be executed by the processor 42 for: sending a registration request to a 5G new wireless base station of a first operator through the communication interface, wherein the registration request comprises a temporary identifier of the 5G terminal equipment, and the 5G terminal equipment comprises a subscriber identity card of a second operator; receiving a private IP address distributed to the 5G terminal equipment by a Session Management Function (SMF) through the communication interface; receiving the IP address of the temporary identity registration server sent by the SMF through the communication interface; accessing the temporary identity registration server according to the private IP address and the IP address of the temporary identity registration server; and performing identity authentication, service customization and online payment through the temporary identity registration server.
Optionally, before the processor sends the registration request to the 5G new radio base station of the first operator through the communication interface, the processor is further configured to: generating a public key and a private key corresponding to the temporary identity; the temporary identifier comprises the public key, the IMEI of the 5G terminal equipment, or a hash value calculated according to the public key and the IMEI of the 5G terminal equipment.
Optionally, in the process that the 5G terminal device performs identity authentication, service customization and online payment through the temporary identity registration server, the message sent by the 5G terminal device to the temporary identity registration server includes the private key signature of the 5G terminal device, and the temporary identity registration server verifies the private key signature by using the public key.
The 5G terminal device in the embodiment shown in fig. 4 may be configured to execute the technical solution of the method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 5 is a schematic structural diagram of a 5G new wireless base station according to an embodiment of the present invention. As shown in fig. 5, the 5G new wireless base station 50 according to the embodiment of the present invention may execute the processing procedure provided in the 5G communication identity authentication method embodiment, where: memory 51, processor 52, computer programs and communication interface 53; wherein the computer program is stored in the memory 51 and is configured to be executed by the processor 52 for: receiving a registration request of 5G terminal equipment through the communication interface, wherein the registration request comprises a temporary identifier of the 5G terminal equipment, and the 5G terminal equipment comprises a Subscriber Identity Module (SIM) card of a second operator; sending the registration request to an access and mobility management function (AMF) through the communication interface, wherein the AMF is used for verifying whether the registration request comprises a user hidden identifier, and if no user hidden identifier exists in the registration request, the AMF is used for indicating the SMF to allocate a private IP address to the 5G terminal equipment; and sending the public key of the 5G terminal equipment and the temporary identifier to a temporary identity registration server through the communication interface so that the 5G terminal equipment is accessed to a 5G network through the temporary identity registration server.
Optionally, the temporary identifier includes the public key, the IMEI of the 5G terminal device, or a hash value calculated according to the public key and the IMEI of the 5G terminal device.
The 5G new radio base station in the embodiment shown in fig. 5 can be used to implement the technical solution of the above method embodiment, and the implementation principle and technical effect are similar, and are not described herein again.
In addition, the embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the 5G communication authentication method described in the foregoing embodiment.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (11)

1. A5G communication identity authentication method is characterized by comprising the following steps:
the method comprises the steps that 5G terminal equipment sends a registration request to a 5G new wireless base station of a first operator, wherein the registration request comprises a temporary identifier of the 5G terminal equipment, and the 5G terminal equipment comprises a subscriber identity card of a second operator;
the 5G terminal equipment receives a private IP address distributed to the 5G terminal equipment by a Session Management Function (SMF);
the 5G terminal equipment receives the IP address of the temporary identity registration server sent by the SMF;
the 5G terminal equipment accesses the temporary identity registration server according to the private IP address and the IP address of the temporary identity registration server;
and the 5G terminal equipment performs identity authentication, service customization and online payment through the temporary identity registration server.
2. The method of claim 1, wherein before the 5G terminal device sends a registration request to a 5G new radio base station of the first operator, the method further comprises:
the 5G terminal equipment generates a public key and a private key corresponding to the temporary identity;
the temporary identifier comprises the public key, the International Mobile Equipment Identity (IMEI) of the 5G terminal equipment, or a hash value calculated according to the public key and the IMEI of the 5G terminal equipment.
3. The method according to claim 2, wherein during the processes of identity authentication, service customization and online payment of the 5G terminal device by the temporary identity registration server, the message sent by the 5G terminal device to the temporary identity registration server includes a private key signature of the 5G terminal device, and the temporary identity registration server adopts the public key to verify the private key signature.
4. A5G communication identity authentication method is characterized by comprising the following steps:
a 5G new wireless base station of a first operator receives a registration request of a 5G terminal device, wherein the registration request comprises a temporary identifier of the 5G terminal device, and the 5G terminal device comprises a subscriber identity card of a second operator;
the 5G new wireless base station sends the registration request to an access and mobility management function (AMF), wherein the AMF is used for verifying whether the registration request comprises a user hidden identifier, and if no user hidden identifier exists in the registration request, the AMF is used for indicating an SMF to allocate a private IP address to the 5G terminal equipment;
and the 5G new wireless base station sends the public key of the 5G terminal equipment and the temporary identifier to a temporary identity registration server so that the 5G terminal equipment is accessed to a 5G network through the temporary identity registration server.
5. The method according to claim 4, wherein the temporary identity comprises the public key, the IMEI of the 5G terminal device, or a hash value calculated from the public key and the IMEI of the 5G terminal device.
6. A5G terminal device, comprising:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
sending a registration request to a 5G new wireless base station of a first operator through the communication interface, wherein the registration request comprises a temporary identifier of the 5G terminal equipment, and the 5G terminal equipment comprises a subscriber identity card of a second operator;
receiving a private IP address distributed to the 5G terminal equipment by a Session Management Function (SMF) through the communication interface;
receiving the IP address of the temporary identity registration server sent by the SMF through the communication interface;
accessing the temporary identity registration server according to the private IP address and the IP address of the temporary identity registration server;
and performing identity authentication, service customization and online payment through the temporary identity registration server.
7. The 5G terminal device of claim 6, wherein before sending the registration request to the 5G new radio base station of the first operator via the communication interface, the processor is further configured to:
generating a public key and a private key corresponding to the temporary identity;
the temporary identifier comprises the public key, the IMEI of the 5G terminal equipment, or a hash value calculated according to the public key and the IMEI of the 5G terminal equipment.
8. The 5G terminal device according to claim 7, wherein in the process of identity authentication, service customization and online payment by the 5G terminal device through the temporary identity registration server, the message sent by the 5G terminal device to the temporary identity registration server includes a private key signature of the 5G terminal device, and the temporary identity registration server adopts the public key to verify the private key signature.
9. A5G new radio base station, wherein the 5G new radio base station belongs to a first operator, and wherein the 5G new radio base station comprises:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
receiving a registration request of 5G terminal equipment through the communication interface, wherein the registration request comprises a temporary identifier of the 5G terminal equipment, and the 5G terminal equipment comprises a Subscriber Identity Module (SIM) card of a second operator;
sending the registration request to an access and mobility management function (AMF) through the communication interface, wherein the AMF is used for verifying whether the registration request comprises a user hidden identifier, and if no user hidden identifier exists in the registration request, the AMF is used for indicating the SMF to allocate a private IP address to the 5G terminal equipment;
and sending the public key of the 5G terminal equipment and the temporary identifier to a temporary identity registration server through the communication interface so that the 5G terminal equipment is accessed to a 5G network through the temporary identity registration server.
10. The new 5G radio base station according to claim 9, characterised in that the temporary identity comprises the public key, the IMEI of the 5G terminal device, or a hash value calculated from the public key and the IMEI of the 5G terminal device.
11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-5.
CN201911402046.5A 2019-12-30 2019-12-30 5G communication identity verification method, equipment and storage medium Active CN110944319B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911402046.5A CN110944319B (en) 2019-12-30 2019-12-30 5G communication identity verification method, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911402046.5A CN110944319B (en) 2019-12-30 2019-12-30 5G communication identity verification method, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN110944319A true CN110944319A (en) 2020-03-31
CN110944319B CN110944319B (en) 2023-08-08

Family

ID=69913819

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911402046.5A Active CN110944319B (en) 2019-12-30 2019-12-30 5G communication identity verification method, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN110944319B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111464963A (en) * 2020-04-01 2020-07-28 中国联合网络通信集团有限公司 Registration method of card-free terminal and identity registration server
CN111464964A (en) * 2020-04-01 2020-07-28 中国联合网络通信集团有限公司 Call addressing method and device
CN111970681A (en) * 2020-08-26 2020-11-20 中国联合网络通信集团有限公司 Equipment identification method and device
CN114979079A (en) * 2021-02-18 2022-08-30 ***通信有限公司研究院 Information processing method, device, related equipment and storage medium
WO2024065339A1 (en) * 2022-09-28 2024-04-04 北京小米移动软件有限公司 Network satellite coverage data authorization method, device, and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768961A (en) * 2018-05-11 2018-11-06 中国联合网络通信集团有限公司 storage processing method and home gateway
US20190174449A1 (en) * 2018-02-09 2019-06-06 Intel Corporation Technologies to authorize user equipment use of local area data network features and control the size of local area data network information in access and mobility management function
WO2019120554A1 (en) * 2017-12-21 2019-06-27 Telefonaktiebolaget Lm Ericsson (Publ) Methods and apparatus for registering an ims subscriber using temporary identifiers

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019120554A1 (en) * 2017-12-21 2019-06-27 Telefonaktiebolaget Lm Ericsson (Publ) Methods and apparatus for registering an ims subscriber using temporary identifiers
US20190174449A1 (en) * 2018-02-09 2019-06-06 Intel Corporation Technologies to authorize user equipment use of local area data network features and control the size of local area data network information in access and mobility management function
CN108768961A (en) * 2018-05-11 2018-11-06 中国联合网络通信集团有限公司 storage processing method and home gateway

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111464963A (en) * 2020-04-01 2020-07-28 中国联合网络通信集团有限公司 Registration method of card-free terminal and identity registration server
CN111464964A (en) * 2020-04-01 2020-07-28 中国联合网络通信集团有限公司 Call addressing method and device
CN111970681A (en) * 2020-08-26 2020-11-20 中国联合网络通信集团有限公司 Equipment identification method and device
CN114979079A (en) * 2021-02-18 2022-08-30 ***通信有限公司研究院 Information processing method, device, related equipment and storage medium
WO2024065339A1 (en) * 2022-09-28 2024-04-04 北京小米移动软件有限公司 Network satellite coverage data authorization method, device, and storage medium

Also Published As

Publication number Publication date
CN110944319B (en) 2023-08-08

Similar Documents

Publication Publication Date Title
CN110944319B (en) 5G communication identity verification method, equipment and storage medium
CN111050324B (en) 5G terminal equipment access method, equipment and storage medium
US8706085B2 (en) Method and apparatus for authenticating communication device
JP6602475B2 (en) Method, device and system for authenticating to mobile network, and server for authenticating device to mobile network
CN107094127B (en) Processing method and device, and obtaining method and device of security information
CN106851632A (en) A kind of smart machine accesses the method and device of WLAN
CN111262865B (en) Method, device and system for making access control strategy
CN111083695B (en) 5G communication card-free access method, equipment and storage medium
CN111132305B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
CN111132165B (en) 5G communication card-free access method, equipment and storage medium based on block chain
CN108616805B (en) Emergency number configuration and acquisition method and device
WO2018045983A1 (en) Information processing method and device, and network system
CN106535156B (en) Virtual subscriber identity module card migration method, terminal, server and system
CN108243631B (en) Network access method and equipment
CN111093196B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
CN111132155B (en) 5G secure communication method, device and storage medium
CN111148098A (en) 5G terminal equipment registration method, equipment and storage medium
CN111107550A (en) Dual-channel access registration method and device for 5G terminal equipment and storage medium
CN114338132B (en) Secret-free login method, client application, operator server and electronic equipment
CN103049693B (en) Method, Apparatus and system that a kind of application program uses
CN111065092A (en) 5G communication information encryption and decryption method, equipment and storage medium
CN111083700A (en) 5G terminal equipment access method, equipment and storage medium based on block chain
WO2022270228A1 (en) Device and method for providing communication service for accessing ip network, and program therefor
CN113347627B (en) Wireless network access method, device and mobile terminal
JP7076050B1 (en) Devices, methods and programs for providing communication services to access IP networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant