Authentication method, device, and system
地域:
Guangdong
摘要
Example authentication methods, devices, and systems are provided, where those example can be used to verify validity of access location information of a next generation-residential gateway (NG-RG) in a fixed-mobile convergence architecture. One example method includes a network device receiving first link information that is used to represent an access location of a residential gateway, and the network device obtaining second link information of the residential gateway. When the first link information matches partial or all information of the second link information, or when the first link information matches partial or all information of one link information of the second link information, the network device verifies validity of the access location of the residential gateway.
說明書
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
This application is a continuation of International Application No. PCT/CN2019/101941, filed on Aug. 22, 2019, which claims priority to Chinese Patent Application No. 201811090292.7, filed on Sep. 18, 2018. The disclosures of the aforementioned applications are hereby incorporated by reference in their entireties.
This application relates to the field of communications technologies, and in particular, to an authentication method, a device, and a system.
In a fixed-mobile convergence (namely, convergence of a fixed network and a mobile network) network architecture jointly defined by the 3rd generation partnership project (3GPP) and the fixed network forum, a next generation-residential gateway (NG-RG) as a residential gateway can access a 5th generation (5G) mobile core network by using a wireline 5G access network (W-5GAN) device and a 5G access gateway function (5G-AGF) network element. In a process of accessing the 5G mobile core network by the NG-RG, the NG-RG verifies validity of a universal subscriber identity module (USIM) by using a 5G-authentication and key agreement (5G-AKA) authentication algorithm or an extensible authentication protocol (EAP) authentication algorithm (for example, an EAP-AKA authentication algorithm or an improved EAP-AKA (EAP-AKA′) authentication algorithm). In addition, considering that an access location of an NG-RG in a fixed network generally needs to be fixed, currently, validity of access location information of the NG-RG needs to be verified while validity of a USIM is verified.
權(quán)利要求
What is claimed is:1. An authentication method, wherein the method comprises:receiving, by a mobility management network device, first link information, wherein the first link information is used to represent an access location of a residential gateway; obtaining, by the mobility management network device, subscription information of the residential gateway, wherein the subscription information of the residential gateway comprises second link information of the residential gateway and second virtual interface information of the residential gateway, the second link information is used to represent a location of the residential gateway, and the second virtual interface information is used to represent a service type of the residential gateway; and verifying, by the mobility management network device, validity of the access location of the residential gateway based on the first link information and the second link information; receiving, by the mobility management network device, first virtual interface information, wherein the first virtual interface information is used to represent a current service type of the residential gateway; and verifying, by the mobility management network device, validity of a current service of the residential gateway based on the first virtual interface information and the second virtual interface information; and sending, by the mobility management network device, a non-access stratum security mode command (NAS SMC) request message to the residential gateway, wherein the NAS SMC request message comprises the first virtual interface information, and the first virtual interface information is used by the residential gateway to verify whether the first virtual interface information is modified on an air interface. 2. The method according to claim 1 , wherein there are a plurality of pieces of second link information; andthe verifying, by the mobility management network device, validity of the access location of the residential gateway based on the first link information and the second link information comprises:if the first link information matches any one of the plurality of pieces of second link information, determining, by the mobility management network device, that the access location of the residential gateway is valid. 3. The method according to claim 1 , wherein there are a plurality of pieces of second virtual interface information; andthe verifying, by the mobility management network device, validity of a current service of the residential gateway based on the first virtual interface information and the second virtual interface information comprises:if the first virtual interface information matches any one of the plurality of pieces of second virtual interface information, determining, by the mobility management network device, that the current service of the residential gateway is valid. 4. A mobility management network device, wherein the mobility management network device comprises at least one processor configured to execute instructions stored in a memory, wherein the instructions instruct the at least one processor to:receive first link information, wherein the first link information is used to represent an access location of a residential gateway; obtain subscription information of the residential gateway, wherein the subscription information of the residential gateway comprises second link information of the residential gateway and second virtual interface information of the residential gateway, the second link information is used to represent a location of the residential gateway, and the second virtual interface information is used to represent a service type of the residential gateway; verify validity of the access location of the residential gateway based on the first link information and the second link information; and receive first virtual interface information, wherein the first virtual interface information is used to represent a current service type of the residential gateway; verify validity of a current service of the residential gateway based on the first virtual interface information and the second virtual interface information; and send a non-access stratum security mode command (NAS SMC) request message to the residential gateway, wherein the NAS SMC request message comprises the first virtual interface information, and the first virtual interface information is used by the residential gateway to verify whether the first virtual interface information is modified on an air interface. 5. The mobility management network device according to claim 4 , wherein there are a plurality of pieces of second link information; andthe instructions instruct the at least one processor to verify validity of the access location of the residential gateway based on the first link information and the second link information comprises:if the first link information matches any one of the plurality of pieces of second link information, determine that the access location of the residential gateway is valid. 6. The mobility management network device according to claim 4 , wherein there are a plurality of pieces of second virtual interface information; andthe instructions instruct the at least one processor to verify validity of the current service of the residential gateway based on the first virtual interface information and the second virtual interface information comprises:if the first virtual interface information matches any one of the plurality of pieces of second virtual interface information, determine that the current service of the residential gateway is valid.
意見反饋
使用該功能遇到問題