Search

CN-122028041-A - Communication network device and perceived information security communication method

CN122028041ACN 122028041 ACN122028041 ACN 122028041ACN-122028041-A

Abstract

The invention provides a communication network device and a perceived information security communication method, which comprises the steps of pre-installing security resources, presetting all security resources, security parameters and security strategies required by a security management unit, completing the initial installation of the security resources for a user plane security enhancement function unit, a control plane security enhancement function unit and an active cellular base station unit by the security management unit, correspondingly triggering a network access attachment flow according to the type of cellular perception equipment, generating an authentication vector according to the strategy in the network access attachment flow to complete main authentication, safely transmitting service data, acquiring perceived information by the cellular perception equipment and initiating transmission with an integrated base station, and selecting a corresponding cellular base station unit by the integrated base station according to the type of the cellular perception equipment to complete encryption and decryption of uplink and downlink data. The invention has the advantages of low power consumption, medium-long distance coverage, safe communication and the like, and is suitable for the scenes of active cellular communication, passive cellular communication and the like.

Inventors

  • WANG JUN
  • JIANG YONGGUANG
  • DENG WEIHUA
  • Gan shuang
  • FAN GUOLIN

Assignees

  • 中国电子科技集团公司第三十研究所

Dates

Publication Date
20260512
Application Date
20260415

Claims (10)

  1. 1. A communication network device, comprising an integrated core network of interconnected integrated base stations; The integrated base station comprises a wireless energy supply base station unit, a passive cellular base station unit and an active cellular base station unit, wherein the wireless energy supply base station unit is used for providing a wireless charging function for passive cellular sensing equipment outside and indirectly charging required active sensing equipment through the passive cellular sensing equipment; The integrated core network comprises a user plane network element, a user plane security enhancement function unit, a control plane network element, a control plane security enhancement function unit, a network management unit and a security management unit, wherein the user plane network element is used for providing a standard 3GPP function, the user plane security enhancement function unit is used for providing a security protection function of a business data end-to-end transmission process, the control plane network element is used for providing a standard 3GPP function, the control plane security enhancement function unit is used for providing a main authentication enhancement function based on a non-3 GPP standard cryptographic algorithm, a special secondary authentication function and a NAS signaling encryption protection function based on a non-3 GPP standard cryptographic algorithm, the network management unit is used for providing a network management function and a cooperation control function between active cellular communication and passive cellular communication, and the security management unit is used for providing configuration of security resource initial installation and security policy.
  2. 2. The communication network apparatus according to claim 1, wherein the active cellular base station unit supports a negotiation mechanism of a 3GPP standard-based security mechanism-supported air interface user plane data protection algorithm or an air algorithm, a non-3 GPP standard-based cryptographic algorithm, and a standard-based air interface user plane protection algorithm, while expanding a non-3 GPP algorithm identifier for indicating a non-3 GPP standard algorithm.
  3. 3. A method of secure communication of perceived information, implemented on the basis of a communication network device according to any one of claims 1-2, comprising: The security resource initial assembly, which is to preset all security resources, security parameters and security policies required by a security management unit, and complete the security resource initial assembly for a user plane security enhancement function unit, a control plane security enhancement function unit and an active cellular base station unit by the security management unit; Triggering a network access attachment process according to the corresponding type of the cellular sensing equipment, and generating an authentication vector according to a strategy in the network access attachment process to finish main authentication; and the integrated base station selects the corresponding cellular base station unit according to the type of the cellular sensing equipment to finish encryption and decryption of uplink and downlink data.
  4. 4. A method for secure communication of information as claimed in claim 3, wherein said security management unit is configured to perform initial installation of security resources for the user plane security enhancement function unit, the control plane security enhancement function unit, and the active cellular base station unit, and specifically comprises: filling the safety management unit with the required safety resources, safety parameters and safety strategies for the control plane safety enhancement function; filling the safety resources, safety parameters and safety strategies required by the user plane safety enhancement function through the safety management unit; The active cellular base station unit is filled with its required security resources, security parameters and security policies by the security management unit.
  5. 5. A method for secure communication of awareness information according to claim 3, wherein the secure network attachment comprises performing a network attachment procedure of an active cellular awareness device using standard policies, comprising: Directly generating an authentication vector by the control plane network element based on an AES algorithm of the 3GPP standard; After the active honeycomb sensing equipment completes the identity authentication of the accessed network according to the AES algorithm of the 3GPP standard, an authentication response is returned; the control surface network element completes verification of authentication response; after the verification is completed, the network access attachment is completed.
  6. 6. A method for secure communication of awareness information according to claim 3, wherein the secure network attachment comprises performing a network attachment procedure of an active cellular awareness device using an enhanced policy, comprising: Generating an authentication vector by a control plane security enhancement function unit based on a non-3 GPP standard cryptographic algorithm, and encrypting and embedding an algorithm identifier in the authentication vector; after the active cellular sensing equipment completes the identity authentication of the accessed network according to the algorithm indicated by the algorithm identifier, returning an authentication response; The control plane safety enhancement function unit completes verification of authentication response; after the verification is completed, the network access attachment is completed.
  7. 7. A method for secure communication of awareness information according to claim 3, wherein the secure network access comprises performing a network access procedure of a passive cellular awareness device using standard policies, comprising: Directly generating an authentication vector by a control plane network element based on an AES algorithm of the 3GPP standard, and transmitting the authentication vector to passive cellular sensing equipment; the passive cellular sensing device returns an authentication response according to an AES algorithm of the 3GPP standard; the control surface network element completes verification of authentication response; after the verification is completed, the network access attachment is completed.
  8. 8. A method for secure communication of awareness information according to claim 3, wherein the secure network attachment comprises performing a network attachment procedure of a passive cellular awareness device using an enhanced policy, comprising: Generating an authentication vector by a control plane security enhancement function unit based on a non-3 GPP standard cryptographic algorithm, and encrypting and embedding an algorithm identifier in the authentication vector; The passive cellular sensing device returns an authentication response according to the algorithm indicated by the algorithm identifier; The control plane safety enhancement function unit completes verification of authentication response; after the verification is completed, the network access attachment is completed.
  9. 9. The method for secure communication of awareness information according to claim 5 or 6, wherein in the secure transmission of service data, the data transmission procedure of the active cellular awareness device includes: The active cellular sensing equipment is awakened by the passive cellular sensing equipment, and starts to acquire sensing information or receive instruction information; the SMC negotiation flow based on 3GPP is expanded, the algorithm identifier is used for determining a negotiation null algorithm, a 3GPP standard algorithm or a non-3 GPP standard cryptographic algorithm, if the negotiation result is the null algorithm, the security protection is not provided subsequently; when uplink service transmission is carried out, the active cellular sensing equipment initiates sensing information transmission; when downlink service transmission is carried out, the integrated base station equipment initiates instruction information transmission; the integrated base station adopts the negotiated algorithm to carry out channel encryption processing on the downlink air interface data and carries out channel decryption processing on the uplink air interface data; The user plane safety enhancement function unit of the integrated core network adopts a non-3 GPP standard cryptographic algorithm to encrypt the downlink application data; The user plane safety enhancement function unit of the integrated core network adopts a non-3 GPP standard cryptographic algorithm to decrypt the uplink application data, adopts a zero trust and access control mechanism to judge the type, flow direction and authority of the service data, blocks illegal service data, gathers and returns legal service data.
  10. 10. The method for secure communication of awareness information according to claim 7 or 8, wherein in the secure transmission of service data, the data transmission procedure of the passive cellular awareness device includes: Triggering passive cellular sensing equipment to acquire sensing information; determining algorithm strategies of subsequent NAS signaling protection according to the main authentication algorithm strategy, wherein the algorithm strategies comprise a null algorithm, a 3GPP standard algorithm or a non-3 GPP standard password algorithm; Initiating sensing information transmission by passive cellular sensing equipment data; the integrated base station adopts the selected algorithm to encrypt the downlink NAS signaling and decrypt the uplink NAS signaling; The user plane safety enhancement function unit of the integrated core network adopts a non-3 GPP standard cryptographic algorithm to encrypt the downlink application data; and the user plane safety enhancement function unit of the integrated core network adopts a non-3 GPP standard cryptographic algorithm to carry out information source decryption processing on the uplink application data.

Description

Communication network device and perceived information security communication method Technical Field Ext> theext> inventionext> relatesext> toext> theext> fieldext> ofext> 5ext> Gext> -ext> Aext> /ext> 6ext> Gext> cellularext> mobileext> communicationext>,ext> inext> particularext> toext> aext> communicationext> networkext> deviceext> andext> aext> perceptionext> informationext> securityext> communicationext> methodext>.ext> Background Currently, three types of information communication modes are mainly perceived in industry, namely a wired scene, an active wireless scene and a passive wireless scene, as shown in fig. 1. The specific wired scene has the advantages that the physical isolation characteristic of the wired channel has higher safety, meanwhile, the problem of power supply does not exist, but the disadvantages are obvious, the wired connection of the wired scene inevitably leads to extremely limited application scenes, and the cost can rise sharply along with the expansion of the scale. The active wireless scene has the advantages that the wireless communication mode gets rid of the wired constraint, has kilometer-level communication distance and coverage range, and has the most extensive application scene, but has the disadvantages that the openness of a wireless channel brings about larger potential safety hazard and is very sensitive to power consumption. The passive wireless scene has the advantages that the wireless communication mode gets rid of wired constraint, has communication distance and coverage range of hundred meters, can charge a small amount by means of electromagnetic signals, gets rid of constraint of power supply, has application scene breadth between the wired scene and the active wireless scene, and has the disadvantages that the openness of a wireless channel brings about great potential safety hazard, and the efficiency of charging by means of electromagnetic signals is insufficient for supporting high-frequency communication. It can be seen that the main current sensing information communication modes have respective advantages and disadvantages, and a multifunctional sensing information security communication method which takes advantages of various modes into consideration and avoids the respective disadvantages is lacking. Disclosure of Invention The embodiment of the application provides a communication network device and a perception information security communication method, which are used for solving the problems in the background technology. Other features and advantages of the application will be apparent from the following detailed description, or may be learned by the practice of the application. According to a first aspect of an embodiment of the present application, there is provided a communication network apparatus including an integrated core network in which integrated base stations are interconnected; The integrated base station comprises a wireless energy supply base station unit, a passive cellular base station unit and an active cellular base station unit, wherein the wireless energy supply base station unit is used for providing a wireless charging function for passive cellular sensing equipment outside and indirectly charging required active sensing equipment through the passive cellular sensing equipment; The integrated core network comprises a user plane network element, a user plane security enhancement function unit, a control plane network element, a control plane security enhancement function unit, a network management unit and a security management unit, wherein the user plane network element is used for providing a standard 3GPP function, the user plane security enhancement function unit is used for providing a security protection function of a business data end-to-end transmission process, the control plane network element is used for providing a standard 3GPP function, the control plane security enhancement function unit is used for providing a main authentication enhancement function based on a non-3 GPP standard cryptographic algorithm, a special secondary authentication function and a NAS signaling encryption protection function based on a non-3 GPP standard cryptographic algorithm, the network management unit is used for providing a network management function and a cooperation control function between active cellular communication and passive cellular communication, and the security management unit is used for providing configuration of security resource initial installation and security policy. According to one embodiment of the present application, the active cellular base station unit supports a negotiation mechanism of a null user plane data protection algorithm or null algorithm supported by a security mechanism of the 3GPP standard, a non-3 GPP standard-based cryptographic algorithm and a standard-based null user plane protection algorithm, and extends a non-3 GPP algorithm identifier for indicating an algorithm of the non-3 GPP