Single sign-on mechanism oriented to MEC environment and based on OAuth2.0

Abstract

With the rapid development of a 5G network, traditional cloud computing cannot meet the requirements of edge devices in the aspects of computational analysis, resource processing and the like. Therefore, a multi-access edge computing (MEC) (Multi-Access Edge Computing) is provided. The MEC technology has the characteristic of openness, and is convenient for various service operators to develop and deploy third-party applications based on user service requirements. However, this also causes the resource data stored in the environment to be inevitably subjected to some security and privacy threats. Therefore, in order to ensure the security of the privacy data in the MEC, the invention provides a single sign-on mechanism based on OAuth2.0 and oriented to the MEC environment. The mechanism (1) realizes user identity authentication and authorization oriented to the MEC environment, and ensures the security of resource data in the MEC by verifying the authenticity of user identity information and authorizing the identity access authority; and (2) unified authentication is realized, the repeated registration process of the user is effectively reduced, the user experience is improved, and the management cost of a service operator on account information is reduced at the same time.

Description

technical field [0001] The invention belongs to the field of network space security, and in particular relates to a unified authentication and authorization mechanism. Background technique [0002] At present, the rapid development of 5G has brought new requirements for data transmission bandwidth, delay, application and service performance. Unlike traditional cloud computing, which centralizes computing power, storage capacity and network management, MEC provides mobile network edge IT service environment and cloud computing capabilities can reduce transmission delay by performing partial caching and computing at the edge of the mobile network, and finally realize millisecond-level applications. However, with the continuous introduction of MEC technology, while the computing power of the cloud data center sinks to the edge of the network, it also means that the application services deployed in the MEC environment are exposed in an unsafe environment, and users in the MEC ar...

AI Technical Summary

Problems solved by technology

They are: Kerberos protocol, which uses the authorization server to verify user identity and issue tickets to complete user authentication, but is currently not suitable for key management of massive users; SAML2.0 protocol, suitable for user identity authentication and authorization in multi-trust domains, Its functions are powerful, but the protocol itself is relatively complicated; the OpenID protocol implements single sign-on through request tokens and access tokens, and its current application range is small, and it is easy for identity providers to track user access; Access tokens can be used to apply to user resource owners for resources, which is widely used. Although the protocol has security holes in the storage of client keys and access tokens, it has outstanding advantages such as scalability and modularization

Images