[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN112003912B - Method for authenticating NF through SEPP in 5G core network - Google Patents

Method for authenticating NF through SEPP in 5G core network Download PDF

Info

Publication number
CN112003912B
CN112003912B CN202010814156.9A CN202010814156A CN112003912B CN 112003912 B CN112003912 B CN 112003912B CN 202010814156 A CN202010814156 A CN 202010814156A CN 112003912 B CN112003912 B CN 112003912B
Authority
CN
China
Prior art keywords
service
cnf
request message
psepp
network function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010814156.9A
Other languages
Chinese (zh)
Other versions
CN112003912A (en
Inventor
邱权冠
苏国章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Aipu Road Network Technology Co Ltd
Original Assignee
Guangzhou Aipu Road Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Aipu Road Network Technology Co Ltd filed Critical Guangzhou Aipu Road Network Technology Co Ltd
Priority to CN202010814156.9A priority Critical patent/CN112003912B/en
Publication of CN112003912A publication Critical patent/CN112003912A/en
Application granted granted Critical
Publication of CN112003912B publication Critical patent/CN112003912B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method for SEPP authentication NF in a 5G core network, which comprises the following steps: when the security edge protection proxy pSEPP of the service provider receives the service request message, legality-authenticating the network function cNF of the service consumer side that sent the service request message; if the validity authentication is passed, the safe edge protection proxy pSEPP of the service supply end forwards the service request message to a corresponding network function pNF of the service supply end to perform service request processing; otherwise, the service request message is discarded. The invention effectively prevents malicious application from being illegally disguised as cNF of the service consumer end by legality authentication of cNF of the service consumer end sending the service request message so as to transmit the control plane message to the network function pNF in the service supply end pPLMN, protects NF data in the service supply end pPLMN and enhances the safety of the PLMN in the 5G core network.

Description

Method for authenticating NF through SEPP in 5G core network
Technical Field
The invention relates to the technical field of mobile communication, in particular to a method for SEPP authentication NF in a 5G core network.
Background
In the 3GPP standard of 5G, a Security Edge Protection Proxy (SEPP) is added to enhance the security within each Public Land Mobile Network (PLMN). The SEPP is to ensure the security of control plane messages between 5G network functions (hereinafter abbreviated as NF) crossing PLMNs, so as to protect the PLMN network where the SEPP is located from external attacks.
The functions and requirements of the SEPP are specified in the TS 3GPP 33501-g30 protocol specification, but the authentication and authorization between the SEPP and the NF are only identified by data such as network layer and physical layer under PLMN ID and application layer, and do not authenticate whether the NF body exists in the corresponding PLMN network. Fig. 1 shows a topology diagram of a prior art SEPP communication architecture. The cpsepp, cNF and cPLMN in the figure represent SEPP, NF, PLMN of the service consumer side, respectively. pSEPP, pNF and pPLMN represent SEPP, NF and PLMN of the service provider respectively. N32 is the interface for communication between the SEPPs at both ends. When cNF in the cPLMN wants to obtain the service provided by pNF in the plmns, cNF first submits the service request message to the cSEPP, which then sends the service request message to the pSEPP of the opposite end. The pSEPP authenticates the PLMN ID, IP, etc. of the message, and the authentication authenticates by sending the message to the internal pNF, which then provides cNF with the requested service through a reverse process. In this process, SEPP authenticates NF, but the authentication and authorization only identifies PLMN ID and IP address through the transport layer TLS security negotiation, and cannot authenticate whether NF is legally alive in PLMN. This makes it easy for an application masquerading as an NF to illegally use a control message to access the NF inside the PLMN through SEPP, thereby causing the NF data inside the PLMN to be leaked or illegally manipulated.
Disclosure of Invention
The invention aims to provide a method for SEPP authentication of NF in a 5G core network, which can solve the problem that in the prior art, illegal NF accesses to the interior of a PLMN to cause NF data in the PLMN to be leaked or illegally controlled.
The purpose of the invention is realized by the following technical scheme:
the method for authenticating NF by SEPP in the 5G core network comprises the following steps:
step S1, when the security edge protection proxy pSEPP of the service provider receives the service request message, the network function cNF of the service consumer side sending the service request message is legally authenticated;
step S2, if the validity authentication is passed, the security edge protection proxy pSEPP of the service supply end forwards the service request message to the network function pNF of the corresponding service supply end for service request processing; otherwise, the service request message is discarded.
Further, the step of legally authenticating the network function cNF of the service consumer side that sent the service request message includes:
step S101, a secure edge protection agent pSEPP of a service supply end sends a discovery request message to a network repository function cNRF of a service consumer end;
step S102, a network repository function cNRf of a service consumer end searches whether a network function cNF of the service consumer end exists, if so, the network function cNF of the service consumer end is considered to be legal, and a discovery success message is sent to a safety edge protection agent pSEPP of a service supply end; otherwise, the network function cNF of the service consumer end is considered to be illegal, and a discovery failure message is sent to a security edge protection proxy pSEPP of the service supply end;
step S103, if the safe edge protection agent pSEPP of the service supply end receives the discovery success message, the validity authentication is passed; and the safety edge protection agent pSEPP of the service supply end receives the discovery failure message and does not pass the legality authentication.
Further, before the step S101, a step of self-validating the validity of the security edge protection proxy pSEPP of the service provider is further included, and if the self-validating is passed, the step goes to step S2; otherwise, go to step S101.
Further, the step of self-validating the validity of the security edge protection proxy pSEPP of the service provider includes:
step S001, the safe edge protection agent pSEPP of the service supply end judges whether the service request message is allowed to pass or not according to the cache list of the service supply end, if not, the legality authentication is not allowed to pass; otherwise, go to step S002;
step S002, the safe edge protection agent pSEPP of the service supply end searches whether the code of the network function in the service request message exists in the cache list of the service supply end, if so, the validity authentication is passed, and the cache list is updated; otherwise, go to step S101.
Further, the cache list comprises a first-level table, a second-level table and a third-level table; the first-level table stores codes of validated public land mobile networks; the secondary table stores the type of the network function cNF of the service consumer end passing the verification; the third-level table stores the codes and IP addresses of the verified service consumer-side network function cNF, and each verified service consumer-side network function cNF is provided with a timer.
Further, the step of determining whether to allow the service request message to pass includes:
the security edge protection proxy pSEPP of the service supply end decodes the service request message, and obtains the code of the public land mobile network in the service request message and the NF type, the code and the IP address of the network function cNF of the service consumer end; firstly, inquiring whether codes of a public land mobile network exist in a primary table, and if the codes do not exist, not allowing the codes to pass; otherwise, inquiring whether the NF type of the network function cNF at the service consumer end exists in a secondary table, and if not, not allowing the NF type to pass through; otherwise, allow passage.
Further, the updating of the cache list in step S002 means resetting the corresponding timer cNF in the cache list, so that the timer restarts counting.
Further, in step S103, after the secure edge protection proxy pSEPP of the service provider receives the discovery success message, the NF type, the code and the IP address of the network function cNF of the service consumer side sending the service request message are recorded in the tertiary table, and a timer is started to start timing.
Further, if the corresponding service consumer-side network function cNF has no new service request message to send before the timer expires, the record of the corresponding service consumer-side network function cNF is deleted from the NF cache list.
Further, the timing time is configured by an operator to which the secure edge protection proxy pSEPP of the service provider belongs.
The SEPP NF authentication method in the 5G core network effectively prevents malicious application from being illegally disguised as the network function cNF of the service consumer end through the legality authentication of the network function cNF of the service consumer end sending the service request message so as to transmit the control plane message to the network function pNF in the service supply end pPLMN, effectively protects NF data in the service supply end pPLMN and enhances the safety of the PLMN in the 5G core network.
Drawings
Fig. 1 is a topology diagram of a prior art SEPP communication architecture;
FIG. 2 is a topology diagram of the SEPP communication architecture of the present invention;
fig. 3 is a schematic diagram of a cache list structure according to the present invention.
Detailed Description
The embodiments of the present disclosure are described in detail below with reference to the accompanying drawings.
The embodiments of the present disclosure are described below with specific examples, and other advantages and effects of the present disclosure will be readily apparent to those skilled in the art from the disclosure in the specification. It is to be understood that the described embodiments are merely illustrative of some, and not restrictive, of the embodiments of the disclosure. The disclosure may be embodied or carried out in various other specific embodiments, and various modifications and changes may be made in the details within the description without departing from the spirit of the disclosure. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
The SEPP NF authentication method in the 5G core network comprises the following steps:
step S1, when the security edge protection proxy pSEPP of the service provider receives the service request message, it performs validity authentication on the network function cNF of the service consumer that sent the service request message.
Referring to fig. 2, a network function cNF of a service consumer sends a service request message to a security edge protection proxy pSEPP of a service provider via a security edge protection proxy cSEPP of the service consumer. The security edge protection proxy pSEPP of the service provider legally authenticates the network function cNF of the service consumer side that sent the service request message. The legal authentication can effectively prevent illegal messages from being transmitted to the pPLMN by illegal application in the external PLMN, and the network security in the pPLMN is ensured.
Further, in the preferred embodiment of the present application, the step of legally authenticating, by the security edge protection proxy pSEPP of the service provider, the network function cNF of the service consumer that sends the service request message includes:
step S101, the security edge protection proxy pSEPP of the service provider sends a discovery request message to the network repository function cNRF of the service consumer.
And the secure edge protection proxy pSEPP of the service provider composes the data in the service request message into a discovery request message. The discovery request message carries the code of the network function cNF of the service consumer side that sent the service request message.
Step S102, the network repository function cNRf of the service consumer end searches whether the network function cNF of the service consumer end sending the service request message exists, if so, the network function cNF of the service consumer end is considered legal, and a discovery success message is sent to the safe edge protection proxy pSEPP of the service provider end. Otherwise, the network function cNF of the service consumer side is considered to be illegal, and a discovery failure message is sent to the security edge protection proxy pSEPP of the service provider side.
Step S103, if the secure edge protection proxy pSEPP of the service provider receives the discovery success message, the validity authentication is passed. And if the safe edge protection agent pSEPP of the service supply end receives the discovery failure message, the legality authentication is not passed, and the service request message is discarded.
Preferably, if the pSEPP legally authenticates cNF that sent the service request message every time it receives the service request message, it may cause a reduction in network efficiency. Therefore, in order to ensure the validity of cNF sending the service request message without reducing the network efficiency, the present invention further includes, before step S101, a step of self-validating the validity by the security edge protection proxy pSEPP of the service provider:
step S001, the safe edge protection agent pSEPP of the service supply end judges whether the service request message is allowed to pass or not according to the cache list of the service supply end, if not, the service request message is discarded, and the legality authentication does not pass; otherwise, go to step S002.
The cache list is set in advance at the service provider, and the schematic structure thereof is shown in fig. 3. In order to accelerate the data searching efficiency, the cache list is divided into three levels of tables, including a first level table: validated cPLMN table, secondary table: type table by verified cNF, three level table: pass the verified cNF table. The primary table stores the codes of the validated PLMNs, such as PLMN ID1, PLMN ID2, PLMN ID3, and the like, wherein the PLMN ID is configured by the operator to which the PLMNs belong. The secondary table stores verified cNF types, such as network repository function NRF, unified data management UDM, network slice selection function NSSF, etc., and the verified cNF type is configured by the operator to which the plmns belong. The three-level table contains cNF passing verification, each cNF passing verification has information of fixed code NF ID, IP address and the like, and each cNF passing verification is provided with a timer.
Further, in a preferred embodiment of the present application, the step of determining whether to allow the service request message to pass includes:
the security edge protection proxy pSEPP at the service provider decodes the service request message, and obtains the encoded PLMN ID of the public land mobile network cplm and the NF type, NF ID, IP address, etc. of the network function cNF at the service consumer end in the service request message. Firstly, a primary table is searched whether the code of the public land mobile network cPLMN exists or not, if the code does not exist, the code is not allowed to pass, and the service request message is discarded. Otherwise, the service consumer side network function cNF is queried in the secondary table for the presence of the NF type, and if not, disallowed, and the service request message is discarded. Otherwise, allow passage.
Step S002, the security edge protection proxy pSEPP of the service provider searches whether the code NF ID of the network function in the service request message exists in the cache list of the service provider, and if so, the validity authentication is passed, and the cache list is updated. Otherwise, go to step S101.
In step S002, the lookup of the network function code NF ID in the service request message is performed in a tertiary table. The timer in the third-level table has a timing function, and when the network function cNF at the service consumer end has a service request message, the timer in the NF ID encoded by the corresponding network function in the third-level table restarts timing. And after the timing is finished, if the service request message is not received again, deleting the corresponding network function code NF ID from the tertiary table.
In step S002, updating the cache list means resetting the timer of the corresponding network function code NF ID in the cache list, and allowing the timer to restart timing.
The safety edge protection agent pSEPP of the service supply end confirms the legality by self, reduces the times of the legality of the authentication cNF through the network repository function cNRF of the service consumer end, and greatly improves the network efficiency.
Preferably, in step S103, after the secure edge protection proxy pSEPP of the service provider receives the discovery success message, the cache list is updated, and the NF type, NF ID, IP address, etc. of the network function cNF of the service consumer side that sends the service request message are recorded in the third-level table. And starts a timer of the network function cNF to start timing. Within the timer, if the corresponding service request message is received again, the verification through the cNMF is not needed, so that the verification times through the cNMF can be reduced, and the network efficiency is improved. If cNF has not sent new service request message before the timer reaches, the cNF record is deleted from the NF cache list, and the next time the corresponding service request message is received, it needs to pass the cNRF for verification and then added to the cache list. The timer is configured by the operator to which the secure edge protection proxy pSEPP of the service provider belongs. The function of the timer is mainly to ensure that cNRF authentication cNF does not need to be passed again within a certain time, and the function of the timer is to ensure the capacity of the cache list. If the cache list is cleared sporadically, more and more data is generated in the cache list, and network data redundancy is caused. That is, if the service request message is sent again within a certain time period through the verified network function cNF at the service consumer side, the validity of the service consumer side is verified by directly querying the cache list through the security edge protection proxy pSEPP at the service provider side. If the service request message is sent again after a predetermined time, the validity of the service request message needs to be verified by the network repository function cNRF of the service consumer side.
Step S2, if the validity authentication passes, the security edge protection proxy pSEPP of the service provider forwards the service request message to the network function pNF of the corresponding service provider to perform service request processing. Otherwise, the service request message is discarded.
The process of forwarding the service request message to the corresponding pNF by the pSEPP, and performing service request processing by the corresponding pNF belongs to the prior art, and is not described in detail herein.
The above description is for the purpose of illustrating embodiments of the invention and is not intended to limit the invention, and it will be apparent to those skilled in the art that any modification, equivalent replacement, or improvement made without departing from the spirit and principle of the invention shall fall within the protection scope of the invention.

Claims (9)

1. A method for SEPP authentication NF in a 5G core network is characterized by comprising the following steps:
step S1, when the security edge protection proxy pSEPP of the service provider receives the service request message, the network function cNF of the service consumer side sending the service request message is legally authenticated;
step S2, if the validity authentication is passed, the security edge protection proxy pSEPP of the service supply end forwards the service request message to the network function pNF of the corresponding service supply end for service request processing; otherwise, discarding the service request message;
the step of legally authenticating the network function cNF of the service consumer side that sent the service request message includes:
step S101, a secure edge protection agent pSEPP of a service supply end sends a discovery request message to a network repository function cNRF of a service consumer end;
step S102, a network repository function cNRf of a service consumer end searches whether a network function cNF of the service consumer end exists, if so, the network function cNF of the service consumer end is considered to be legal, and a discovery success message is sent to a safety edge protection agent pSEPP of a service supply end; otherwise, the network function cNF of the service consumer end is considered to be illegal, and a discovery failure message is sent to a security edge protection proxy pSEPP of the service supply end;
step S103, if the safe edge protection agent pSEPP of the service supply end receives the discovery success message, the validity authentication is passed; and the safety edge protection agent pSEPP of the service supply end receives the discovery failure message and does not pass the legality authentication.
2. The method for SEPP authentication NF in a 5G core network according to claim 1, further comprising, before the step S101, a step of self-validating the validity by the security edge protection proxy pSEPP of the service provider, and if the self-validating is passed, going to step S2; otherwise, go to step S101.
3. The method of claim 2, wherein the step of verifying the validity of the security edge protection proxy pSEPP comprises:
step S001, the safe edge protection agent pSEPP of the service supply end judges whether the service request message is allowed to pass or not according to the cache list of the service supply end, if not, the legality authentication is not allowed to pass; otherwise, go to step S002;
step S002, the safe edge protection agent pSEPP of the service supply end searches whether the code of the network function in the service request message exists in the cache list of the service supply end, if so, the validity authentication is passed, and the cache list is updated; otherwise, go to step S101.
4. The SEPP method for authenticating NF in a 5G core network as recited in claim 3, wherein the cache list includes a first level table, a second level table and a third level table; the first-level table stores codes of validated public land mobile networks; the secondary table stores the type of the network function cNF of the service consumer end passing the verification; the third-level table stores the codes and IP addresses of the verified service consumer-side network function cNF, and each verified service consumer-side network function cNF is provided with a timer.
5. The method of claim 4, wherein the step of determining whether to allow the service request message to pass through comprises:
the security edge protection proxy pSEPP of the service supply end decodes the service request message, and obtains the code of the public land mobile network in the service request message and the NF type, the code and the IP address of the network function cNF of the service consumer end; firstly, inquiring whether codes of a public land mobile network exist in a primary table, and if the codes do not exist, not allowing the codes to pass; otherwise, inquiring whether the NF type of the network function cNF at the service consumer end exists in a secondary table, and if not, not allowing the NF type to pass through; otherwise, allow passage.
6. The method of claim 3, wherein the step of updating the cache list in the step S002 is to reset the corresponding cNF timer in the cache list, so that the timer starts counting again.
7. The method of claim 4, wherein in step S103, after the security edge protection proxy pSEPP of the service provider receives the discovery success message, the NF type, the code and the IP address of the network function cNF of the service consumer side sending the service request message are recorded in the tertiary table, and a timer is started to start the timing.
8. The method of claim 7, wherein if the corresponding service consumer-side network function cNF has no new service request message to send before the timer expires, the record of the corresponding service consumer-side network function cNF is deleted from the NF cache list.
9. The method of claim 8, wherein the timing time is configured by an operator to which a security edge protection proxy (pSEPP) of the service provider belongs.
CN202010814156.9A 2020-08-13 2020-08-13 Method for authenticating NF through SEPP in 5G core network Active CN112003912B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010814156.9A CN112003912B (en) 2020-08-13 2020-08-13 Method for authenticating NF through SEPP in 5G core network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010814156.9A CN112003912B (en) 2020-08-13 2020-08-13 Method for authenticating NF through SEPP in 5G core network

Publications (2)

Publication Number Publication Date
CN112003912A CN112003912A (en) 2020-11-27
CN112003912B true CN112003912B (en) 2021-11-02

Family

ID=73472795

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010814156.9A Active CN112003912B (en) 2020-08-13 2020-08-13 Method for authenticating NF through SEPP in 5G core network

Country Status (1)

Country Link
CN (1) CN112003912B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115134812A (en) * 2021-03-26 2022-09-30 中国移动通信有限公司研究院 Trust evaluation method, data packet processing method, network element and storage medium
CN114173347B (en) * 2021-12-16 2024-03-12 中国电信股份有限公司 Communication method, device and storage medium in 5G network
CN114339752A (en) * 2021-12-30 2022-04-12 中国电信股份有限公司 Message sending method and device of safe edge protection agent and related equipment
CN116782228A (en) * 2022-03-11 2023-09-19 华为技术有限公司 Authorization verification method and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108632216B (en) * 2017-03-20 2020-10-16 电信科学技术研究院 Network function authorization method, device, readable storage medium and entity equipment
CN109688586B (en) * 2017-10-19 2021-12-07 中兴通讯股份有限公司 Network function authentication method and device and computer readable storage medium
CN110167013B (en) * 2018-02-13 2020-10-27 华为技术有限公司 Communication method and device
US11271846B2 (en) * 2018-10-22 2022-03-08 Oracle International Corporation Methods, systems, and computer readable media for locality-based selection and routing of traffic to producer network functions (NFs)
DK3607715T3 (en) * 2018-11-14 2021-08-09 Ericsson Telefon Ab L M Detection of restart of NF service consumer using direct signaling between NFs

Also Published As

Publication number Publication date
CN112003912A (en) 2020-11-27

Similar Documents

Publication Publication Date Title
CN112003912B (en) Method for authenticating NF through SEPP in 5G core network
EP3629613B1 (en) Network verification method, and relevant device and system
CN107770182B (en) Data storage method of home gateway and home gateway
JP3869392B2 (en) User authentication method in public wireless LAN service system and recording medium storing program for causing computer to execute the method
US9356928B2 (en) Mechanisms to use network session identifiers for software-as-a-service authentication
US8532115B2 (en) Negotiated secure fast table lookups for protocols with bidirectional identifiers
CN102017677B (en) Access through non-3GPP access networks
US9009465B2 (en) Augmenting name/prefix based routing protocols with trust anchor in information-centric networks
CN100550739C (en) A kind of method, system and routing device of initiating authentication request for user terminal
US7962954B2 (en) Authenticating multiple network elements that access a network through a single network switch port
US9344434B2 (en) GET VPN group member registration
EP2213138B1 (en) Optimized security association database management on home/foreign agent
JP2003198637A (en) Packet verifying method
WO2020083288A1 (en) Safety defense method and apparatus for dns server, and communication device and storage medium
KR20140111485A (en) Communicaton method of administration node, requesting node and normal node deleting unvalid contents using contents revocation list in a contents centric network
WO2013185709A1 (en) Call authentication method, device, and system
US9602463B2 (en) Method, device and system for obtaining local domain name
JP2009118267A (en) Communication network system, communication network control method, communication control apparatus, communication control program, service control device and service control program
WO2017210914A1 (en) Method and apparatus for transmitting information
CN114223232A (en) Communication method and related equipment
JP2007529763A (en) How to get user identity for network application entities
WO2010072082A1 (en) Set top box (stb) server, method and system for stp user accessing and maintaining in internet protocol television (iptv) value-added service
WO2007143903A1 (en) A system and method for realizing message service
JP4302004B2 (en) Packet filter setting method and packet filter setting system
CN116388998A (en) Audit processing method and device based on white list

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant