5g iot card access risk management method, system and device and storage medium
By identifying the application address and industry type accessed by the IoT card, a customized blacklist policy is generated, and access restrictions are enforced using core network elements. This solves the reliability and efficiency problems of IoT card access risk management in existing technologies and enables precise control of 5G IoT cards.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- E SURFING IOT CO LTD
- Filing Date
- 2022-12-28
- Publication Date
- 2026-06-23
AI Technical Summary
In the existing 5G IoT card access risk management, the blacklist restriction service has problems of insufficient reliability and low efficiency, which leads to the wrong blocking of legitimate applications in IoT terminal business scenarios, frequent customer complaints, and complex configuration and low efficiency.
By obtaining the target customer's destination application address, identifying the first application accessed, obtaining application restriction templates based on industry type, generating customized blacklist business policies, and executing drop actions through the core network element PCF to restrict access to the target customer.
It improves the reliability and efficiency of 5G IoT cards accessing human network applications, ensures that legitimate business is not affected, simplifies the configuration process, and reduces customer complaints.
Smart Images

Figure CN116056083B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of Internet of Things (IoT) technology, and in particular to a method, system, device, and storage medium for managing access risks of 5G IoT cards. Background Technology
[0002] With the rapid development of the Internet of Things (IoT) industry, IoT SIM cards are used in various sectors. Due to their advanced independent network elements, abundant number resources, low cost, and massive data allowances, they have become a target for illegal activities, with criminals selling them in large quantities as mobile data SIM cards. Once sold, these cards could become the target of telecommunications fraud, posing significant security risks to people's lives and property. To address this illegal and irregular practice, telecom operators and the Ministry of Industry and Information Technology (MIIT) have jointly implemented strict regulations, using blacklisting rules to restrict IoT SIM cards from accessing IoT applications. Blacklisting refers to setting up a service access blacklist on the network side or implementing security policies on the access side to prohibit customers from using IoT applications. Currently, the blacklisting regulations prohibit internet applications including social networking, video, shopping, and gaming websites, such as WeChat, QQ, Douyin (TikTok), Kuaishou, Taobao, and QQ Games.
[0003] The current blacklist restriction on business has the following two problems:
[0004] 1) Insufficient reliability: The blacklist-restricted services use a uniform package that includes all the Internet of Things (IoT) restricted applications required by the Ministry of Industry and Information Technology. This results in the blocking of IoT terminals that actually need to use IoT restricted applications, making it impossible for customers to use their services and causing customer complaints.
[0005] 2) Inefficient: The blacklist service uses predefined rules, which are sent from PCF to SMF and then passed through to UPF. UPF then executes the policy to block the service. This involves the configuration of multiple network elements, which is complex and difficult, resulting in low execution efficiency. Summary of the Invention
[0006] The purpose of this invention is to at least partially solve one of the technical problems existing in the prior art.
[0007] Therefore, one objective of this invention is to provide a 5G IoT card access risk management method that improves the reliability of restricting 5G IoT cards from accessing human network applications.
[0008] Another objective of this invention is to provide a 5G IoT card access risk management system.
[0009] To achieve the above-mentioned technical objectives, the technical solutions adopted in the embodiments of the present invention include:
[0010] In a first aspect, embodiments of the present invention provide a 5G IoT card access risk management method, comprising the following steps:
[0011] Obtain the target customer's destination application address, and identify the first application accessed by the target customer based on the destination application address;
[0012] Obtain the first industry type of the target customer, and obtain the application restriction template of the target customer based on the first industry type;
[0013] The first application is matched with the application restriction template. When the match is successful, the first application is added to the target customer's application blacklist, and a blacklist business policy is generated based on the target customer's IoT card number and the application blacklist.
[0014] When the target customer accesses the network again, access will be restricted for the target customer according to the blacklist service policy.
[0015] Furthermore, in one embodiment of the present invention, the step of obtaining the target customer's destination application address and identifying the first application accessed by the target customer based on the destination application address specifically includes:
[0016] The user plane data stream of the UPF device is collected, and the user plane data stream is parsed to obtain the destination application address and generate an application address list, which is then sent to the Internet of Things platform.
[0017] The target application address is identified through the IoT platform to obtain the first application accessed by the target customer.
[0018] Furthermore, in one embodiment of the present invention, the 5G IoT card access risk management method further includes a step of pre-customizing the application restriction template, which specifically includes:
[0019] Obtain multiple preset second industry types, and determine multiple second applications that need to be accessed corresponding to the second industry types;
[0020] Obtain a preset application list, delete the second application from the application list, and obtain the application restriction list;
[0021] Determine the application address of each application in the application restriction list, and generate the application restriction template.
[0022] Furthermore, in one embodiment of the present invention, the step of matching the first application with the application restriction template, and adding the first application to the target customer's application blacklist when the match is successful, specifically includes:
[0023] Match the first application and the destination application address with the application and application address allocation in the application restriction template;
[0024] If both matches are successful, the first application and the target application address are added to the application blacklist.
[0025] Furthermore, in one embodiment of the present invention, the step of generating a blacklist business strategy based on the target customer's IoT card number and the application blacklist specifically includes:
[0026] Configure a blacklist service package and configure the mapping relationship between the blacklist service package and the contracted service, wherein the contracted service includes a preset service code;
[0027] Configure the services within the blacklist service package, bind the destination application address in the application blacklist to the service code, and then bind the service code to the drop action of the core network element PCF;
[0028] The target customer's IoT card number is signed up for the blacklist service package.
[0029] Furthermore, in one embodiment of the present invention, the step of restricting access to the target customer according to the blacklist business policy specifically includes:
[0030] When the application addresses accessed by the target customer are all the destination application addresses in the application blacklist, the target customer is shut down through the core network element PCF.
[0031] When the application address accessed by the target customer is the destination application address in the application blacklist, the core network element PCF performs a drop action on the destination application address in the service code.
[0032] Furthermore, in one embodiment of the present invention, the 5G IoT card access risk management method further includes the following steps:
[0033] The blacklist business strategy is dynamically updated based on the access behavior of the target customers.
[0034] Secondly, embodiments of the present invention provide a 5G IoT card access risk management system, including:
[0035] The application identification module is used to obtain the destination application address of the target customer and identify the first application accessed by the target customer based on the destination application address.
[0036] The template acquisition module is used to acquire the first industry type of the target customer and acquire the application restriction template of the target customer based on the first industry type.
[0037] The strategy generation module is used to match the first application with the application restriction template. When the match is successful, the first application is added to the application blacklist of the target customer, and a blacklist business strategy is generated based on the IoT card number of the target customer and the application blacklist.
[0038] The access restriction module is used to restrict the target customer's access to the network again according to the blacklist service policy.
[0039] Thirdly, embodiments of the present invention provide a 5G IoT card access risk management device, comprising:
[0040] At least one processor;
[0041] At least one memory for storing at least one program;
[0042] When the at least one program is executed by the at least one processor, the at least one processor implements the above-described 5G IoT card access risk management method.
[0043] Fourthly, embodiments of the present invention also provide a computer-readable storage medium storing a processor-executable program, which, when executed by a processor, is used to perform the aforementioned 5G IoT card access risk management method.
[0044] The advantages and beneficial effects of the present invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention:
[0045] This invention embodiment statistically obtains all destination application addresses accessed by customers and pushes them to an IoT platform. The IoT platform identifies and extracts the IoT applications accessed by the customer. Based on the customer's industry type, an industry-specific IoT application restriction template is created. The identified IoT applications accessed by the customer are matched with the industry-specific IoT application restriction template to generate a customized blacklist service policy for restricting IoT applications, which is dynamically updated. The customer's SIM card is automatically subscribed to this blacklist service policy. When the customer's SIM card accesses the network again, if it accesses an IoT application within the blacklist, the platform triggers the core network element PCF to issue a drop blocking policy, thereby restricting the IoT card's access to IoT applications and providing customized security control for the IoT card. This invention embodiment achieves the control requirements for IoT cards without affecting the customer's normal use of IoT services, improving the reliability of restricting 5G IoT cards' access to IoT applications; and by issuing a drop blocking policy through the core network element PCF, the efficiency of restricting 5G IoT cards' access to IoT applications is improved. Attached Figure Description
[0046] To more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the embodiments of the present invention are described below. It should be understood that the drawings described below are only for the convenience of clearly describing some embodiments of the technical solutions of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0047] Figure 1 A flowchart illustrating the steps of a 5G IoT card access risk management method provided in this embodiment of the invention;
[0048] Figure 2 A structural block diagram of a 5G IoT card access risk management system provided in an embodiment of the present invention;
[0049] Figure 3 This is a structural block diagram of a 5G IoT card access risk management device provided in an embodiment of the present invention. Detailed Implementation
[0050] The embodiments of the present invention are described in detail below. Examples of these embodiments are shown in the accompanying drawings, wherein the same or similar reference numerals denote the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the accompanying drawings are exemplary and are only used to explain the present invention, and should not be construed as limiting the present invention. The step numbers in the following embodiments are set only for ease of explanation, and there is no limitation on the order between the steps. The execution order of each step in the embodiments can be adaptively adjusted according to the understanding of those skilled in the art.
[0051] In the description of this invention, "multiple" means two or more. The use of "first" and "second" is for distinguishing technical features only and should not be construed as indicating or implying relative importance, or implicitly indicating the number of indicated technical features, or the order of the indicated technical features. Furthermore, unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art.
[0052] Reference Figure 1 This invention provides a method for managing access risks of 5G IoT cards, specifically including the following steps:
[0053] S101. Obtain the target customer's destination application address, and identify the first application accessed by the target customer based on the destination application address.
[0054] Step S101 specifically includes the following steps:
[0055] S1011. Collect the user plane data stream of the UPF device, parse the user plane data stream to obtain the destination application address and generate an application address list, and then send the application address list to the IoT platform.
[0056] S1012. Identify the target application address through the IoT platform to obtain the first application accessed by the target customer.
[0057] Specifically, utilizing the IoT private network signaling and service awareness information system, user plane data streams from UPF devices are collected via optical splitters, aggregation splitters, and user plane collectors. The streams are then transferred and parsed, analyzing the destination addresses in the HTTP and TCP protocols. Statistics are compiled to obtain all destination addresses accessed by the user, forming an application address list. This list is then pushed to the IoT platform via an interface. Based on this application address list, the IoT platform identifies the IoT applications accessed by the user.
[0058] S102. Obtain the target customer's first industry type, and obtain the target customer's application restriction template based on the first industry type.
[0059] Specifically, the IoT platform is the essential platform for customers to open IoT SIM cards. It stores the industry type entered by customers when opening IoT SIM cards, including connected vehicles, industrial IoT, public utilities, energy management, and retail services. For different industry types, customized application restriction templates for IoT applications are pre-generated based on the applications that the industry needs to access. The corresponding application restriction template is obtained based on the target customer's primary industry type and used for generating subsequent blacklist business strategies.
[0060] As an optional implementation, the 5G IoT SIM card access risk management method further includes a step of pre-customizing application restriction templates, which specifically includes:
[0061] A1. Obtain multiple preset second industry types and determine the multiple second applications that need to be accessed corresponding to the second industry types;
[0062] A2. Obtain the preset application list, delete the second application from the application list, and obtain the application restriction list;
[0063] A3. Determine the application address of each application in the application restriction list and generate an application restriction template.
[0064] S103. Match the first application with the application restriction template. If the match is successful, add the first application to the target customer's application blacklist and generate a blacklist business policy based on the target customer's IoT card number and application blacklist.
[0065] As a further optional implementation, the step of matching the first application with the application restriction template, and adding the first application to the target customer's application blacklist when a match is successful, specifically includes:
[0066] S1031. Match the first application and the destination application address with the application and application address allocation in the application restriction template;
[0067] S1032. When both matches are successful, add the first application and the destination application address to the application blacklist.
[0068] Specifically, during the matching process, to ensure accuracy, both the first application and the corresponding destination application address are matched simultaneously. Only when both match successfully are the first application and the corresponding destination application address added to the application blacklist.
[0069] As an optional implementation, the step of generating a blacklist business strategy based on the target customer's IoT card number and application blacklist specifically includes:
[0070] S1033. Configure the blacklist service package and configure the mapping relationship between the blacklist service package and the contracted service. The contracted service includes the preset service code.
[0071] S1034. Configure the services within the blacklist service package, bind the destination application address in the application blacklist to the service code, and then bind the service code to the drop action of the core network element PCF.
[0072] S1035. Sign up the target customer's IoT card number for a blacklist service package.
[0073] Specifically, the configuration of blacklist business policies for customized human network application restriction rules:
[0074] (1) Configure the blacklist service package 5g_blacklist_1;
[0075] (2) Configure the mapping between application identifier and contracted service, that is, configure the binding relationship between 5g_blacklist_1 package and the newly added 7010000011 service. 7010000011 is configured with the binding relationship with iot_up_701000001.
[0076] (3) Configure the services within the package, bind the IP addresses of the blacklist restriction list to the iot_up_701000001 code, and bind the code to iot_traffic_blacklist;
[0077] (4) iot_traffic_blacklist binds the drop action of the blacklist service on PCF;
[0078] (5) Through this layer-by-layer mapping, the blacklist service scenario, package, and rules are all bound together. The platform automatically signs up the customized blacklist service policy for the customer's SIM card. As long as the platform issues 5g_blacklist_1, the restricted addresses in the package will be dropped on the network element side to restrict access to address services within the Internet of People.
[0079] S104. When the target customer accesses the network again, access restrictions are imposed on the target customer according to the blacklist business policy.
[0080] Specifically, based on the blacklist service policy obtained from the above steps, when a target customer accesses the network, the customer's SIM card is blocked from accessing addresses within the policy, thus restricting service access.
[0081] As an optional implementation, the step of restricting access to target customers based on the blacklist business policy specifically includes:
[0082] B1. When the application addresses accessed by the target customer are all destination application addresses in the application blacklist, the target customer is shut down through the core network element PCF.
[0083] B2. When the application address accessed by the target customer is a destination application address in the application blacklist, the core network element PCF performs a drop action on the destination application address within the service code.
[0084] Specifically, if all the destination addresses accessed by a user are blacklisted, the user will be directly shut down, and the platform will trigger the core network element PCF to execute the stop_service policy. If some of the destination addresses accessed by a user are blacklisted, in this scenario, access to addresses within the customer's customized Internet access restriction rules needs to be blocked. The platform will issue 5g_blacklist_1, and the PCF will execute address blocking within this package to restrict access to those addresses.
[0085] As an optional implementation, the 5G IoT card access risk management method further includes the following steps:
[0086] The blacklist business strategy is dynamically updated based on the access behavior of target customers.
[0087] Specifically, the blacklist service policy of this invention is dynamically updated in real time according to the access behavior of the target customer. When the target customer accesses a new application address, it is identified and matched again to determine whether the blacklist service policy needs to be updated (updated if a new restricted address for human networks is accessed, and not updated if no access is made).
[0088] The method steps of the embodiments of the present invention have been described above. It can be understood that the embodiments of the present invention statistically obtain all destination application addresses accessed by the customer, push them to the IoT platform, and identify and extract the human network applications accessed by the customer through the IoT platform; based on the customer's industry type, formulate an industry-specific human network application restriction template; match the identified human network applications accessed by the customer with the industry-specific human network application restriction template to generate a customized blacklist service policy for restricting human network applications, and dynamically update it; automatically subscribe the customer's SIM card to the blacklist service policy; when the customer's SIM card accesses the network again, if it accesses a human network application within the blacklist, the platform triggers the core network element PCF to issue a drop blocking policy, thereby restricting the IoT card's access to human network applications and performing customized security control on the IoT card. The embodiments of the present invention achieve the control requirements for IoT cards without affecting the customer's normal use of human network services, improving the reliability of restricting 5G IoT cards' access to human network applications; and improve the efficiency of restricting 5G IoT cards' access to human network applications by issuing a drop blocking policy through the core network element PCF.
[0089] Reference Figure 2 This invention provides a 5G IoT card access risk management system, comprising:
[0090] The application identification module is used to obtain the target application address of the target customer and identify the first application accessed by the target customer based on the target application address;
[0091] The template acquisition module is used to obtain the target customer's first industry type and obtain the target customer's application restriction template based on the first industry type;
[0092] The strategy generation module is used to match the first application with the application restriction template. When the match is successful, the first application is added to the target customer's application blacklist, and a blacklist business strategy is generated based on the target customer's IoT card number and the application blacklist.
[0093] The access restriction module is used to restrict access to the target customer based on the blacklist business policy when the target customer accesses the network again.
[0094] The content of the above method embodiments is applicable to this system embodiment. The specific functions implemented in this system embodiment are the same as those in the above method embodiments, and the beneficial effects achieved are also the same as those achieved in the above method embodiments.
[0095] Reference Figure 3 This invention provides a 5G IoT card access risk management device, comprising:
[0096] At least one processor;
[0097] At least one memory for storing at least one program;
[0098] When the above-mentioned at least one program is executed by the above-mentioned at least one processor, the above-mentioned at least one processor implements the above-mentioned 5G IoT card access risk management method.
[0099] The content of the above method embodiments is applicable to the device embodiments. The specific functions implemented by the device embodiments are the same as those of the above method embodiments, and the beneficial effects achieved are also the same as those achieved by the above method embodiments.
[0100] This invention also provides a computer-readable storage medium storing a processor-executable program, which, when executed by a processor, performs the aforementioned 5G IoT card access risk management method.
[0101] This invention provides a computer-readable storage medium that can execute a 5G IoT card access risk management method provided in the method embodiment of this invention. It can execute any combination of the implementation steps of the method embodiment and has the corresponding functions and beneficial effects of the method.
[0102] This invention also discloses a computer program product or computer program, which includes computer instructions stored in a computer-readable storage medium. A processor of a computer device can read the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, causing the computer device to perform... Figure 1 The method shown.
[0103] In some alternative embodiments, the functions / operations mentioned in the block diagrams may not occur in the order shown in the operation diagrams. For example, depending on the functions / operations involved, two consecutively shown blocks may actually be executed substantially simultaneously, or the aforementioned blocks may sometimes be executed in reverse order. Furthermore, the embodiments presented and described in the flowcharts of this invention are provided by way of example to provide a more comprehensive understanding of the technology. The disclosed methods are not limited to the operations and logic flows presented herein. Alternative embodiments are contemplated in which the order of various operations is changed and sub-operations described as part of a larger operation are executed independently.
[0104] Furthermore, although the invention has been described in the context of functional modules, it should be understood that, unless otherwise stated, one or more of the aforementioned functions and / or features may be integrated into a single physical device and / or software module, or one or more functions and / or features may be implemented in a separate physical device or software module. It is also understood that a detailed discussion of the actual implementation of each module is unnecessary for understanding the invention. Rather, given the properties, functions, and internal relationships of the various functional modules in the apparatus disclosed herein, the actual implementation of the module will be understood within the scope of conventional skill of an engineer. Therefore, those skilled in the art can implement the invention as set forth in the claims using ordinary techniques without excessive experimentation. It is also understood that the specific concepts disclosed are merely illustrative and not intended to limit the scope of the invention, which is determined by the full scope of the appended claims and their equivalents.
[0105] If the aforementioned functions are implemented as software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this invention, or the part that contributes to the prior art, or a part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this invention. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.
[0106] The logic and / or steps represented in the flowchart or otherwise described herein, for example, can be considered as a sequenced list of executable instructions for implementing logical functions, and can be embodied in any computer-readable medium for use by, or in conjunction with, an instruction execution system, apparatus, or device (such as a computer-based system, a processor-included system, or other system that can fetch and execute instructions from, an instruction execution system, apparatus, or device). For the purposes of this specification, "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transmit programs for use by, or in conjunction with, an instruction execution system, apparatus, or device.
[0107] More specific examples of computer-readable media (a non-exhaustive list) include: electrical connections (electronic devices) having one or more wires, portable computer disk drives (magnetic devices), random access memory (RAM), read-only memory (ROM), erasable and editable read-only memory (EPROM or flash memory), fiber optic devices, and portable optical disc read-only memory (CDROM). Furthermore, computer-readable media can even be paper or other suitable media on which the aforementioned program can be printed, because the aforementioned program can be obtained electronically, for example, by optically scanning the paper or other medium, followed by editing, interpreting, or, if necessary, processing in other suitable ways, and then stored in computer memory.
[0108] It should be understood that various parts of the present invention can be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, multiple steps or methods can be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, it can be implemented using any one or a combination of the following techniques known in the art: discrete logic circuits having logic gates for implementing logical functions on data signals, application-specific integrated circuits (ASICs) having suitable combinational logic gates, programmable gate arrays (PGAs), field-programmable gate arrays (FPGAs), etc.
[0109] In the foregoing description of this specification, references to terms such as "one embodiment," "another embodiment," or "some embodiments" indicate that a specific feature, structure, material, or characteristic described in connection with an embodiment or example is included in at least one embodiment or example of the present invention. In this specification, illustrative expressions of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials, or characteristics described may be combined in any suitable manner in one or more embodiments or examples.
[0110] Although embodiments of the invention have been shown and described, those skilled in the art will understand that various changes, modifications, substitutions and alterations can be made to these embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the claims and their equivalents.
[0111] The above is a detailed description of the preferred embodiments of the present invention. However, the present invention is not limited to the above embodiments. Those skilled in the art can make various equivalent modifications or substitutions without departing from the spirit of the present invention. All such equivalent modifications or substitutions are included within the scope defined by the claims of this application.
Claims
1. A method for managing access risks of 5G IoT cards, characterized in that, Includes the following steps: Obtain the target customer's destination application address, and identify the first application accessed by the target customer based on the destination application address; Obtain the first industry type of the target customer, and obtain the application restriction template of the target customer based on the first industry type; The first application is matched with the application restriction template. When the match is successful, the first application is added to the target customer's application blacklist, and a blacklist business policy is generated based on the target customer's IoT card number and the application blacklist. When the target customer accesses the network again, access will be restricted for the target customer according to the blacklist service policy; The specific steps for obtaining the target customer's application address are as follows: The user plane data stream of the UPF device is collected and parsed to obtain the destination application address; The step of generating a blacklist business strategy based on the target customer's IoT card number and the application blacklist specifically includes: Configure a blacklist service package and configure the mapping relationship between the blacklist service package and the contracted service, wherein the contracted service includes a preset service code; Configure the services within the blacklist service package, bind the destination application address in the application blacklist to the service code, and then bind the service code to the drop action of the core network element PCF; The target customer's IoT card number is signed up for the blacklist service package.
2. The 5G IoT card access risk management method according to claim 1, characterized in that, The step of identifying the first application accessed by the target customer based on the destination application address specifically includes: An application address list is generated based on the destination application address, and the application address list is sent to the Internet of Things platform; The target application address is identified through the IoT platform to obtain the first application accessed by the target customer.
3. The 5G IoT card access risk management method according to claim 1, characterized in that, The 5G IoT card access risk management method also includes the step of pre-customizing the application restriction template, which specifically includes: Obtain multiple preset second industry types, and determine multiple second applications that need to be accessed corresponding to the second industry types; Obtain a preset application list, delete the second application from the application list, and obtain the application restriction list; Determine the application address of each application in the application restriction list, and generate the application restriction template.
4. The 5G IoT card access risk management method according to claim 3, characterized in that, The step of matching the first application with the application restriction template, and adding the first application to the target customer's application blacklist when the match is successful, specifically includes: Match the first application and the destination application address with the application and application address allocation in the application restriction template; If both matches are successful, the first application and the target application address are added to the application blacklist.
5. The 5G IoT card access risk management method according to claim 1, characterized in that, The step of restricting access to the target customer according to the blacklist business policy specifically includes: When the application addresses accessed by the target customer are all the destination application addresses in the application blacklist, the target customer is shut down through the core network element PCF. When the application address accessed by the target customer is the destination application address in the application blacklist, the core network element PCF performs a drop action on the destination application address in the service code.
6. A method for managing access risks of a 5G IoT card according to any one of claims 1 to 5, characterized in that, The 5G IoT card access risk management method also includes the following steps: The blacklist business strategy is dynamically updated based on the access behavior of the target customers.
7. A 5G IoT card access risk management system, characterized in that, A method for implementing a 5G IoT card access risk management method as described in any one of claims 1 to 6 includes: The application identification module is used to obtain the destination application address of the target customer and identify the first application accessed by the target customer based on the destination application address. The template acquisition module is used to acquire the first industry type of the target customer and acquire the application restriction template of the target customer based on the first industry type. The strategy generation module is used to match the first application with the application restriction template. When the match is successful, the first application is added to the application blacklist of the target customer, and a blacklist business strategy is generated based on the IoT card number of the target customer and the application blacklist. The access restriction module is used to restrict the target customer's access to the network again according to the blacklist service policy.
8. A 5G IoT card access risk management device, characterized in that, include: At least one processor; At least one memory for storing at least one program; When the at least one program is executed by the at least one processor, the at least one processor implements a 5G IoT card access risk management method as described in any one of claims 1 to 6.
9. A computer-readable storage medium storing a processor-executable program, characterized in that, The processor-executable program, when executed by the processor, is used to perform a 5G IoT card access risk management method as described in any one of claims 1 to 6.