CN113923660B - Authentication method, equipment and storage medium for terminal to access local area network - Google Patents
Authentication method, equipment and storage medium for terminal to access local area network Download PDFInfo
- Publication number
- CN113923660B CN113923660B CN202111176995.3A CN202111176995A CN113923660B CN 113923660 B CN113923660 B CN 113923660B CN 202111176995 A CN202111176995 A CN 202111176995A CN 113923660 B CN113923660 B CN 113923660B
- Authority
- CN
- China
- Prior art keywords
- terminal
- access request
- local area
- authentication
- area network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application provides an authentication method, equipment and storage medium for accessing a terminal to a local area network. The method comprises the following steps: receiving a terminal access request sent by a base station, wherein the terminal access request carries a terminal identifier, judging whether the terminal access request is a 5G local area network access request based on routing information, and if the terminal access request is the 5G local area network access request, sending the terminal access request to a user authentication center for 5G local area network access authentication. According to the method, the terminal user can perform access authentication of the 5G local area network without switching the equipment to be connected to the state of the wireless local area network, and the access efficiency is improved.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method, an apparatus, and a storage medium for authenticating a terminal accessing to a local area network.
Background
The 5G technology is rapidly developed, so that the user experience is improved, the legal rights and interests of authorized visitors are protected, and the requirements of users on the security authentication technology are gradually improved.
In the prior art, the access authentication of the 5G WLAN is mainly based on WLAN (wireless local area network ) transmission data, and the terminal user needs to switch the device to connect to the WLAN state to perform the access authentication, which results in low access efficiency.
Disclosure of Invention
The application provides an authentication method, equipment and a storage medium for a terminal to access a local area network, which are used for solving the problem that a terminal user needs to switch equipment to an infinite local area network state for local area network access authentication and the access efficiency is low.
In a first aspect, the present application provides a method for authenticating a terminal accessing to a local area network, including:
receiving a terminal access request sent by a base station, wherein the terminal access request carries a terminal identifier;
judging whether the terminal access request is a 5G local area network access request or not based on the routing information;
if the terminal access request is a 5G local area network access request, the terminal access request is sent to a user authentication center for 5G local area network access authentication.
In a second aspect, the present application provides a method for authenticating a terminal accessing to a local area network, including:
receiving a terminal access request sent by a user plane function UPF of a 5G local area network, wherein the terminal access request carries a terminal identifier;
sending a terminal authentication information acquisition request to a session management function SMF in a 5G core network, wherein the terminal authentication information acquisition request carries a terminal identifier and is used for acquiring terminal authentication information corresponding to the terminal identifier;
receiving authentication information of a terminal sent by a session management function SMF;
and authenticating the terminal according to the authentication information of the terminal, and if the authentication is passed, sending a terminal access request to the local area network.
In a third aspect, the present application provides an authentication device for a terminal accessing a local area network, including:
the receiving module is used for receiving a terminal access request sent by the base station, wherein the terminal access request carries a terminal identifier;
the judging module is used for judging whether the terminal access request is a 5G local area network access request or not based on the routing information;
and the sending module is used for sending the terminal access request to the user authentication center for 5G local area network access authentication if the terminal access request is the 5G local area network access request.
In a fourth aspect, the present application provides an authentication device for a terminal accessing a local area network, including:
the receiving module is used for receiving a terminal access request sent by a user plane function UPF of the 5G local area network, wherein the terminal access request carries a terminal identifier;
the sending module is used for sending a terminal authentication information acquisition request to a session management function SMF in the 5G core network, wherein the terminal authentication information acquisition request carries a terminal identifier and is used for acquiring terminal authentication information corresponding to the terminal identifier;
the receiving module is also used for receiving authentication information of the terminal sent by the session management function SMF;
and an authentication module: and authenticating the terminal according to the authentication information of the terminal, and if the authentication is passed, sending a terminal access request to the local area network.
In a fifth aspect, the present application provides an authentication apparatus for a terminal accessing a local area network, including: a processor, a memory, the memory storing code, the processor executing the code stored in the memory to perform the authentication method for the terminal to access the local area network as in the first aspect.
In a sixth aspect, the present application provides an authentication device for a terminal accessing a local area network, including: a processor, a memory storing code, the processor executing the code stored in the memory to perform the authentication method for a terminal to access a local area network as in the second aspect.
In a seventh aspect, the present application provides a computer readable storage medium having stored therein computer executable instructions which when executed by a processor are adapted to carry out a method of authentication of a terminal as in any of the first aspects to a local area network.
In an eighth aspect, the present application provides a computer-readable storage medium having stored therein computer-executable instructions which, when executed by a processor, are adapted to carry out a method of authentication of a terminal to a local area network as in any of the second aspects.
The authentication method for accessing the terminal into the local area network receives the terminal access request sent by the base station, wherein the terminal access request carries the terminal identification. And judging whether the terminal access request is a 5G local area network access request or not based on the routing information. If the terminal access request is a 5G public network access request, the terminal access request is sent to a user plane function UPF of a core network. If the terminal access request is a 5G local area network access request, the terminal access request is sent to a user authentication center to perform 5G local area network access authentication, and the terminal user can perform 5G local area network access authentication without switching equipment to a wireless local area network state, so that access efficiency is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic diagram of a network architecture involved in an authentication method for a terminal to access a lan according to an embodiment of the present application;
fig. 2 is a flowchart of an authentication method for a terminal to access a lan according to an embodiment of the present application;
fig. 3 is a flowchart of an authentication method for a terminal to access to a lan according to an embodiment of the present application;
fig. 4 is a flowchart of an authentication method for a terminal to access a lan according to an embodiment of the present application;
fig. 5 is a schematic diagram of an authentication device for accessing a terminal to a lan according to an embodiment of the present application;
fig. 6 is a schematic diagram of an authentication device for accessing a terminal to a lan according to an embodiment of the present application;
fig. 7 is a schematic diagram of an authentication device for accessing a terminal to a lan according to an embodiment of the present application;
fig. 8 is a schematic diagram of an authentication device for accessing a terminal to a lan according to an embodiment of the present application.
Specific embodiments of the present application have been shown by way of the above drawings and will be described in more detail below. The drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but rather to illustrate the inventive concepts to those skilled in the art by reference to the specific embodiments.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the accompanying claims. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The terms first, second and the like in the description and in the claims and in the above-described figures, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented, for example, in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The application provides an authentication method for accessing a terminal to a local area network, wherein an area UPF (user plane function ) device is arranged in a fixed area to receive a terminal access request sent by a base station and identify whether the access request is a 5G local area network request or a 5G public network request. The terminal access request carries a terminal identifier, and the identifier information can be IP information for the terminal. The UPF equipment is internally configured with a public network/local area network routing strategy, whether the terminal access request is a 5G local area network access request can be judged based on the routing information, and if the terminal access request is the 5G local area network access request, the terminal access request is sent to a user authentication center for 5G local area network access authentication. The application can carry out 5G local area network access authentication under the mobile network state without transmitting data based on WLAN, thereby improving the access efficiency.
Fig. 1 is a schematic diagram of a network architecture related to an authentication method for accessing a terminal to a local area network according to the present application, and as can be seen from fig. 1, the terminal related to the present application is a 5G terminal device, and the terminal device should be able to carry a 5G card, and has features of identifying a terminal identity, such as a mobile phone number. The system comprises one or more 5G base stations which are intensively deployed in a fixed area, and the range of the area is set according to specific requirements. The 5G base stations within the fixed area are able to receive signals from 5G terminal devices within the area. The area is local area network. An area UPF (user plane function ) device is deployed in the area, signals from 5G base stations in the area are received, and a public network/local area network routing strategy is configured in the UPF device, so that public network or local area network requests sent by the terminal can be judged; the network is also provided with a user authentication center which is connected with the local area network and the UPF and used for authenticating the user; the 5G Core (Core network) is provided with an SMF (session management function ) supporting the authentication service by RADIUS (remote user dial in service, remote Authentication Dial In User Service) protocol.
The following describes the technical scheme of the present application and how the technical scheme of the present application solves the above technical problems in detail with specific embodiments. The following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Fig. 2 is a flowchart of an authentication method for a terminal to access to a lan, where the method of the present embodiment may be implemented by using the architecture shown in fig. 1, as shown in fig. 2, and the method of the present embodiment is implemented by using a regional UPF device deployed in the lan as shown in fig. 1, and may be implemented by using software, hardware, or a combination of software and hardware. The method comprises the following steps:
s201: and receiving a terminal access request sent by the base station, wherein the terminal access request carries a terminal identifier.
And a fixed area is deployed in the local area network, one 5G base station can be included in the fixed area, and a plurality of 5G base stations can be included in the fixed area, wherein the range of the area is set according to specific requirements. The 5G base station in the fixed area is able to receive a 5G terminal access request from the area.
The terminal may be a 5G terminal device, may carry a 5G card, and has features that may identify the identity of the terminal, for example: may be a cell phone number.
The terminal access request may be a 5G lan access request or a 5G public network access request.
The terminal identity may be a variety of information of the terminal, for example: and the IP information mounted by the terminal is used for identifying different terminals.
S202: and judging whether the terminal access request is a 5G local area network access request or not based on the routing information.
The UPF equipment is internally configured with a public network/local area network routing strategy, and public network or local area network requests sent by the terminal can be judged based on the routing information.
S203: if the terminal access request is a 5G local area network access request, the terminal access request is sent to a user authentication center for 5G local area network access authentication.
In another implementation scenario, if the terminal access request is a 5G public network access request, the terminal access request is sent to a user plane function UPF of the core network.
The embodiment of the application provides an authentication method for accessing a terminal to a local area network, which is used for receiving a terminal access request sent by a base station, wherein the terminal access request carries a terminal identifier. The terminal access request may be a 5G local area network access request or a 5G public network access request. The terminal identifier may be IP information mounted for the terminal. And judging whether the terminal access request is a 5G local area network access request or not based on the routing information. If the terminal access request is a 5G public network access request, the terminal access request is sent to a user plane function UPF of a core network. If the terminal access request is a 5G local area network access request, the terminal access request is sent to a user authentication center to perform 5G local area network access authentication, data transmission by a WLAN is not needed, and a terminal user can perform 5G local area network access authentication in a mobile network state.
On the basis of the above embodiment, if the terminal access request is a 5G lan access request, the user authentication center performs 5G lan access authentication on the request. Fig. 3 is a flowchart of an authentication method for a terminal to access to a lan, as shown in fig. 3, where the method is performed by the user authentication center shown in fig. 1, and may be implemented by software, hardware, or a combination of software and hardware. The method comprises the following steps:
s301: and receiving a terminal access request sent by a user plane function UPF of the 5G local area network, wherein the terminal access request carries a terminal identifier.
The terminal identifier can be IP information mounted on the terminal and used for identifying different terminals.
S302: and sending a terminal authentication information acquisition request to a session management function SMF in the 5G core network, wherein the terminal authentication information acquisition request carries a terminal identifier, and the terminal authentication information acquisition request is used for acquiring terminal authentication information corresponding to the terminal identifier.
Based on the RADIUS protocol, the session management function SMF may replace terminal authentication information corresponding to the terminal identifier, where the authentication information may be a name, a mobile phone number, etc.
S303: and receiving authentication information of the terminal sent by the session management function SMF.
S304: and authenticating the terminal according to the authentication information of the terminal, and if the authentication is passed, sending a terminal access request to the local area network.
In one implementation scenario, if the end user is an authenticated user, the authentication is passed and the terminal access request is sent to the local area network.
In another implementation scenario, if the end user is a non-authenticated user, authentication is not passed, rejecting the terminal access request.
The embodiment of the application provides an authentication method for accessing a terminal to a local area network, wherein a user authentication center receives a terminal access request sent by a user plane function UPF of a 5G local area network, the terminal access request carries a terminal identifier, and the identifier information can be IP information mounted on the terminal for identifying different terminals. And sending a terminal authentication information acquisition request to a session management function SMF in the 5G core network, wherein the terminal authentication information acquisition request carries a terminal identifier, and the terminal authentication information acquisition request is used for acquiring terminal authentication information corresponding to the terminal identifier. And receiving authentication information of the terminal sent by the session management function SMF. And authenticating the terminal according to the authentication information of the terminal, and if the authentication is passed, namely the terminal user is an authentication user, sending a terminal access request to the local area network. If the authentication is not passed, i.e. the terminal user is a non-authentication user, rejecting the terminal access request, and the terminal user can perform access authentication without switching the device to a wireless local area network state, thereby improving the access efficiency.
Fig. 4 is a flowchart of an authentication method for a terminal to access to a lan, and based on the above embodiment, with reference to fig. 4, the authentication method for a terminal to access to a lan of the present application is described in detail by a specific embodiment, which is specifically as follows:
s401: and the 5G terminal user sends a terminal access request.
The terminal access request may be a 5G public network access request or a 5G local area network access request.
S402: the 5G base station receives the terminal access request and sends the terminal access request to the area UPF.
And a fixed area is deployed in the local area network, one 5G base station can be included in the fixed area, and a plurality of 5G base stations can be included in the fixed area, wherein the range of the area is set according to specific requirements. The 5G base station in the fixed area is able to receive a 5G terminal access request from the area.
S403: and judging whether the terminal access request is a 5G local area network access request or not based on the routing information, if not, entering step S404, and if so, entering step S405.
And a routing strategy is built in the region UPF, and whether the terminal access request is a 5G local area network access request can be judged based on the routing information.
S404: and forwarding the terminal access request to the 5G core network.
The terminal access request may be a 5G public network access request.
When the terminal access request sent by the user is not a 5G local area network access request, namely a 5G public network access request, the area UPF directly forwards the request to a 5G core network, and the access is not different from the normal access.
S405: the terminal access request is sent to the user authentication center, and then steps S406 to S408 are entered.
The terminal access request may be a 5G lan access request.
When the request sent by the user is a 5G local area network access request, the area UPF forwards the terminal access request to a user authentication center.
The terminal access request carries a terminal identifier, and the terminal identifier can be IP information mounted on the terminal for identifying different terminals.
S406: the user authentication center sends a terminal authentication information acquisition request to a session management function SMF in the 5G core network, wherein the terminal authentication information acquisition request carries a terminal identifier, and the terminal authentication information acquisition request is used for acquiring terminal authentication information corresponding to the terminal identifier.
The terminal authentication information may be one or more identity information of the terminal user, such as: may be a mobile phone number.
Based on the RADIUS protocol, the session management function SMF may replace the terminal identity with terminal authentication information corresponding to the terminal identity, for example: and replacing the IP information mounted on the terminal with the mobile phone number of the terminal user.
S407: the user authentication center receives terminal authentication information sent by the session management function SMF.
S408: whether the terminal user is an authenticated user is determined based on the terminal authentication information, and if the terminal user is an authenticated user, the process proceeds to step S409, and if the terminal user is a non-authenticated user, the process proceeds to step S410.
Alternatively, whether the user is an authenticated user may be determined based on the end user phone number.
S409: and sending the terminal access request to the local area network.
S410: rejecting the access request of the user terminal.
According to the authentication method for accessing the terminal to the local area network, provided by the embodiment of the application, a 5G terminal user sends a terminal access request, a 5G base station receives the terminal access request and sends the terminal access request to an area UPF, the area UPF judges whether the terminal access request is the 5G local area network access request through a built-in routing strategy, and if the terminal access request is not the 5G local area network access request, namely, when the 5G public network access request is received, the area UPF forwards the 5G public network request to a 5G core network, which is different from normal access. If the request is a 5G local area network access request, the 5G local area network access request is sent to a user authentication center, the user authentication center obtains the mounting IP of the terminal, sends a request for obtaining terminal authentication information to a session management function SMF in a 5G core network, the terminal user information can be a mobile phone number, the terminal authentication information request carries a terminal identifier, and the terminal authentication information obtaining request is used for obtaining terminal authentication information corresponding to the terminal identifier. The user authentication center receives terminal authentication information sent by the session management function SMF, and judges whether the terminal user is an authenticated user or not based on the terminal authentication information. If the user is authenticated, the terminal access request is forwarded to the local area network, if the user is not authenticated, the user terminal access request is refused, the 5G terminal user can freely access the local area network and the public network, meanwhile, the equipment is not required to be switched to a wireless local area network state within the range of the designated base station, and the 5G local area network access authentication can be performed in a mobile network state.
Fig. 5 is a schematic diagram of an authentication device for accessing a terminal to a lan according to an embodiment of the present application, as shown in fig. 5, an authentication device 500 for accessing a terminal to a lan according to this embodiment of the present application may include a receiving module 501, a judging module 502, and a sending module 503.
The receiving module 501 is specifically configured to receive a terminal access request sent by a base station, where the terminal access request carries a terminal identifier.
The terminal access request may be a 5G local area network access request or a 5G public network access request.
The terminal identity may be a variety of information of the terminal, for example: and the IP information mounted by the terminal is used for identifying different terminals.
The judging module 502 is specifically configured to judge whether the terminal access request is a 5G lan access request based on the routing information.
The sending module 503 is specifically configured to send the terminal access request to the user authentication center for performing 5G lan access authentication if the terminal access request is a 5G lan access request.
The apparatus of this embodiment may be used to perform the method embodiment shown in fig. 2, and its implementation principle and technical effects are similar, and will not be described herein again.
Fig. 6 is a schematic diagram of an authentication device for accessing a terminal to a lan according to an embodiment of the present application, as shown in fig. 6, an authentication device 600 for accessing a terminal to a lan according to this embodiment of the present application may include a receiving module 601, a sending module 602, and an authentication module 603.
The receiving module 601 is specifically configured to receive a terminal access request sent by a user plane function UPF of the 5G local area network, where the terminal access request carries a terminal identifier.
The terminal identity may be a variety of information of the terminal, for example: and the IP information mounted by the terminal is used for identifying different terminals.
The sending module 602 is specifically configured to send a terminal authentication information acquisition request to a session management function SMF in the 5G core network, where the terminal authentication information acquisition request carries a terminal identifier, and the terminal authentication information acquisition request is used to acquire terminal authentication information corresponding to the terminal identifier.
The terminal authentication information may be one or more identity information of the terminal user, such as: may be a mobile phone number.
The receiving module 601 is further configured to receive authentication information of the terminal sent by the session management function SMF.
The authentication module 603 is specifically configured to authenticate the terminal according to authentication information of the terminal, and if the authentication is passed, send a terminal access request to the lan.
In one possible implementation, the authentication module 603 is specifically configured to:
and if the authentication is passed, sending the terminal access request to the local area network.
If the authentication is not passed, rejecting the terminal access request.
The apparatus of this embodiment may be used to execute the method embodiment shown in fig. 3, and its implementation principle and technical effects are similar, and will not be described herein again.
Fig. 7 is a schematic diagram of an authentication device for accessing a terminal to a lan according to an embodiment of the present application. As shown in fig. 7, an embodiment of the present application provides a terminal access local area network authentication apparatus 700 including: a processor 701 and a memory 702, wherein the processor 701 and the memory 702 are connected by a bus 703.
In a specific implementation process, the codes are stored in the memory, and the processor runs the codes stored in the memory to execute the authentication method of the terminal access local area network in the method embodiment.
The specific implementation process of the processor 701 can be referred to the above method embodiment, and its implementation principle and technical effects are similar, and this embodiment will not be described herein again.
In the embodiment shown in fig. 7, it should be understood that the processor may be a central processing unit (english: central Processing Unit, abbreviated as CPU), or may be other general purpose processors, digital signal processors (english: digital Signal Processor, abbreviated as DSP), application specific integrated circuits (english: application Specific Integrated Circuit, abbreviated as ASIC), or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present application may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in a processor for execution.
The memory may comprise a random-access memory (RAM) and may also comprise a non-volatile memory (NVM), such as at least one disk memory. The memory may store various instructions for performing the various processing functions and implementing the method steps of the present application.
The bus may be an industry standard architecture (Industry Standard Architecture, ISA) bus, an external device interconnect (Peripheral Component, PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, among others. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, the buses in the drawings of the present application are not limited to only one bus or to one type of bus.
The apparatus of this embodiment may be used to perform the method embodiment shown in fig. 2, and its implementation principle and technical effects are similar, and will not be described herein again.
Fig. 8 is a schematic diagram of an authentication device for accessing a terminal to a lan according to an embodiment of the present application. As shown in fig. 8, an authentication apparatus 800 for accessing a terminal to a local area network according to an embodiment of the present application includes: a processor 801, and a memory 802, wherein the processor 801 and the memory 802 are connected by a bus 803.
The apparatus of this embodiment may be used to execute the method embodiment shown in fig. 3, and its implementation principle and technical effects are similar, and will not be described herein again.
The embodiment of the application provides a computer readable storage medium, wherein computer execution instructions are stored in the computer readable storage medium, and the computer execution instructions are used for realizing the authentication method of the terminal access local area network in the method embodiment when being executed by a processor.
The computer readable storage medium described above may be implemented by any type or combination of volatile or non-volatile Memory devices, such as static random access Memory (Static Random Access Memory, SRAM), electrically erasable programmable Read-Only Memory (EEPROM), erasable programmable Read-Only Memory (Erasable Programmable Read-Only Memory, EPROM), programmable Read-Only Memory (Programmable Read-Only Memory, PROM), read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk, or optical disk. A readable storage medium can be any available medium that can be accessed by a general purpose or special purpose computer.
An exemplary readable storage medium is coupled to the processor such the processor can read information from, and write information to, the readable storage medium. In the alternative, the readable storage medium may be integral to the processor. The processor and the readable storage medium may reside in an application specific integrated circuit (Application Specific Integrated Circuits, ASIC for short). The processor and the readable storage medium may reside as discrete components in a device.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the method embodiments described above may be performed by hardware associated with program instructions. The foregoing program may be stored in a computer readable storage medium. The program, when executed, performs steps including the method embodiments described above; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
Other embodiments of the application will be apparent to those skilled in the art from consideration of the specification and practice of the application disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It is to be understood that the application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.
Claims (6)
1. An authentication method for a terminal to access a local area network, comprising:
the method comprises the steps that regional UPF equipment receives a terminal access request sent by a base station, wherein the terminal access request carries a terminal identifier;
the area UPF equipment judges whether the terminal access request is a 5G local area network access request or not based on the routing information;
if the terminal access request is a 5G local area network access request, the terminal access request is sent to a user authentication center for 5G local area network access authentication;
the user authentication center receives a terminal access request sent by a user plane function UPF of a 5G local area network, wherein the terminal access request carries a terminal identifier;
the user authentication center sends a terminal authentication information acquisition request to a session management function SMF in a 5G core network, wherein the terminal authentication information acquisition request carries the terminal identifier, and the terminal authentication information acquisition request is used for acquiring terminal authentication information corresponding to the terminal identifier;
the user authentication center receives authentication information of the terminal sent by the session management function SMF;
and the user authentication center authenticates the terminal according to the authentication information of the terminal, and if the authentication is passed, the terminal access request is sent to a local area network.
2. The method of claim 1, wherein the terminal identifier carried in the terminal access request is IP information carried by the terminal.
3. The method according to claim 1 or 2, characterized in that the method further comprises:
and if the terminal access request is a 5G public network access request, sending the terminal access request to a user plane function UPF of a core network.
4. An authentication apparatus for a terminal to access a local area network, comprising:
the first receiving module is used for receiving a terminal access request sent by the base station, wherein the terminal access request carries a terminal identifier;
the first judging module is used for judging whether the terminal access request is a 5G local area network access request or not based on the routing information;
the first sending module is used for sending the terminal access request to a user authentication center for 5G local area network access authentication if the terminal access request is a 5G local area network access request;
the second receiving module is used for receiving a terminal access request sent by a user plane function UPF of the 5G local area network, wherein the terminal access request carries a terminal identifier;
the second sending module is used for sending a terminal authentication information acquisition request to a session management function SMF in the 5G core network, wherein the terminal authentication information acquisition request carries the terminal identifier, and the terminal authentication information acquisition request is used for acquiring terminal authentication information corresponding to the terminal identifier;
the second receiving module is further configured to receive authentication information of the terminal sent by the session management function SMF;
and the authentication module is used for authenticating the terminal according to the authentication information of the terminal, and if the authentication is passed, the terminal access request is sent to the local area network.
5. An authentication apparatus for a terminal to access a local area network, comprising: a processor, a memory, the memory storing code, the processor running the code stored in the memory to perform the method of authentication of a terminal to a local area network as claimed in any one of claims 1 to 3.
6. A computer readable storage medium, wherein computer executable instructions are stored in the computer readable storage medium, which when executed by a processor is configured to implement the authentication method of a terminal accessing a local area network according to any of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111176995.3A CN113923660B (en) | 2021-10-09 | 2021-10-09 | Authentication method, equipment and storage medium for terminal to access local area network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111176995.3A CN113923660B (en) | 2021-10-09 | 2021-10-09 | Authentication method, equipment and storage medium for terminal to access local area network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113923660A CN113923660A (en) | 2022-01-11 |
| CN113923660B true CN113923660B (en) | 2023-08-29 |
Family
ID=79238951
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111176995.3A Active CN113923660B (en) | 2021-10-09 | 2021-10-09 | Authentication method, equipment and storage medium for terminal to access local area network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113923660B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118139047A (en) * | 2022-11-28 | 2024-06-04 | 大唐移动通信设备有限公司 | Access point authentication method and device and readable storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103052063A (en) * | 2011-10-11 | 2013-04-17 | 中国移动通信集团公司 | Method, system, wireless sharing device and terminal for accessing wireless local area network |
| CN109168171A (en) * | 2018-09-14 | 2019-01-08 | 腾讯科技(深圳)有限公司 | configuration information obtaining method, device, equipment and system |
| CN110603891A (en) * | 2017-05-08 | 2019-12-20 | 摩托罗拉移动有限责任公司 | Method for authenticating to a mobile communication network |
| CN111316697A (en) * | 2017-11-24 | 2020-06-19 | Oppo广东移动通信有限公司 | Method for accessing wireless local area network, terminal equipment and network equipment |
| CN111357390A (en) * | 2017-11-24 | 2020-06-30 | Oppo广东移动通信有限公司 | Method for accessing wireless local area network, terminal equipment and network equipment |
| WO2020194054A1 (en) * | 2019-03-28 | 2020-10-01 | Lenovo (Singapore) Pte. Ltd. | Multiple radio access technology communications |
| CN113243116A (en) * | 2018-09-30 | 2021-08-10 | 华为技术有限公司 | Local area network communication method, device and system |
| CN113302880A (en) * | 2019-01-15 | 2021-08-24 | 瑞典爱立信有限公司 | Method and apparatus for supporting Local Area Network (LAN) |
| WO2021202891A1 (en) * | 2020-04-02 | 2021-10-07 | Idac Holdings, Inc. | Extended 5g local area network interworking with a home network and change of access network for 5g lan connected devices |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11206640B2 (en) * | 2019-05-22 | 2021-12-21 | At&T Intellectual Property I, L.P. | Private local network access, authentication, and association for 5G or other next generation network |
-
2021
- 2021-10-09 CN CN202111176995.3A patent/CN113923660B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103052063A (en) * | 2011-10-11 | 2013-04-17 | 中国移动通信集团公司 | Method, system, wireless sharing device and terminal for accessing wireless local area network |
| CN110603891A (en) * | 2017-05-08 | 2019-12-20 | 摩托罗拉移动有限责任公司 | Method for authenticating to a mobile communication network |
| CN111316697A (en) * | 2017-11-24 | 2020-06-19 | Oppo广东移动通信有限公司 | Method for accessing wireless local area network, terminal equipment and network equipment |
| CN111357390A (en) * | 2017-11-24 | 2020-06-30 | Oppo广东移动通信有限公司 | Method for accessing wireless local area network, terminal equipment and network equipment |
| CN109168171A (en) * | 2018-09-14 | 2019-01-08 | 腾讯科技(深圳)有限公司 | configuration information obtaining method, device, equipment and system |
| CN113243116A (en) * | 2018-09-30 | 2021-08-10 | 华为技术有限公司 | Local area network communication method, device and system |
| CN113302880A (en) * | 2019-01-15 | 2021-08-24 | 瑞典爱立信有限公司 | Method and apparatus for supporting Local Area Network (LAN) |
| WO2020194054A1 (en) * | 2019-03-28 | 2020-10-01 | Lenovo (Singapore) Pte. Ltd. | Multiple radio access technology communications |
| WO2021202891A1 (en) * | 2020-04-02 | 2021-10-07 | Idac Holdings, Inc. | Extended 5g local area network interworking with a home network and change of access network for 5g lan connected devices |
Non-Patent Citations (1)
| Title |
|---|
| Nokia, Nokia Shanghai Bell. "S3-191425 Solution and Conclusion on 5GLAN authentication -v1".3GPP tsg_sa\wg3_security.2019,全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113923660A (en) | 2022-01-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9198026B2 (en) | SIM lock for multi-SIM environment | |
| CN101577908B (en) | User equipment verification method, device identification register and access control system | |
| CN106717042B (en) | Method and device for providing a subscription profile on a mobile terminal | |
| CN107484155B (en) | Network access method, electronic equipment and mobile terminal | |
| JPH09510073A (en) | Subscriber match confirmation at fixed cellular terminals | |
| CN113132968B (en) | Indication method and device for private network, access method and device for private network, network side equipment and terminal | |
| CN110891266B (en) | Network roaming method, device, terminal equipment and storage medium | |
| CN107079291B (en) | Method and system for personalizing a secure element of a terminal | |
| US11395129B2 (en) | Virtual sim card acquisition method, subscriber terminal and server | |
| CN113923660B (en) | Authentication method, equipment and storage medium for terminal to access local area network | |
| US9900446B2 (en) | Information processing method using virtual subscriber identification card information, electronic apparatus and server | |
| CN111372224A (en) | Method, device and equipment for sharing seed code number by eSIM (embedded subscriber identity Module) | |
| JP7450816B2 (en) | Methods and devices for establishing communication connections | |
| CN113329404B (en) | Network access method and device | |
| CN111669754B (en) | Verification method and device | |
| CN102026196A (en) | Authentication method based on WAPI ( wireless LAN authentication and privacy infrastructure), access point and mobile terminal | |
| CN112272169A (en) | User identity determination method and device | |
| CN106341374B (en) | Method and device for limiting access of unlicensed user equipment to home gateway | |
| WO2018007461A1 (en) | Method, server and system for sending data from a source device to a destination device | |
| CN110730444A (en) | Communication network access method and device based on terminal | |
| CN111885583B (en) | Network sharing method and device | |
| CN113055998B (en) | Access method, terminal equipment and storage medium of roaming network | |
| CN114710830B (en) | Network registration method and related device | |
| JP6461060B2 (en) | Control method and communication system | |
| CN118803730A (en) | 5G message account opening method, device, electronic equipment, storage medium and program product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |