CN101552668A - Certificating method, user equipment and base station for accessing user equipment into network - Google Patents
Certificating method, user equipment and base station for accessing user equipment into network Download PDFInfo
- Publication number
- CN101552668A CN101552668A CNA2008100432071A CN200810043207A CN101552668A CN 101552668 A CN101552668 A CN 101552668A CN A2008100432071 A CNA2008100432071 A CN A2008100432071A CN 200810043207 A CN200810043207 A CN 200810043207A CN 101552668 A CN101552668 A CN 101552668A
- Authority
- CN
- China
- Prior art keywords
- base station
- pki
- certificate
- identification information
- described base
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to the field of mobile communication and discloses a certificating method, user equipment and a base station for accessing user equipment into the network. In the invention, the base station broadcasts the mark information and the certificate of the base station, the certificate is made by encrypting the mark information of the base station through a private key of CA, and the like, and UE approves the legality of the base station by the verification of the certificate. The base station also broadcasts a public key of the base station, the UE encrypts IMSI by using the public key after receiving the public key and sends the IMSI encrypted by the public key to the base station in accessing to transmit the terminal identity IMSI by cryptogram in air and protect the terminal identity.
Description
Technical field
The present invention relates to moving communicating field, particularly the access technology of subscriber equipment.
Background technology
Along with the business of mobile communication is enriched constantly, mobile communication system will be moved towards open further trend, and will be therefore just higher to the data safe requirement, be mainly reflected in several aspects such as authentication, mandate, data confidentiality, robustness.
In the means of protection information security, cryptographic technique is one of main means, confidentiality that not only can guarantee information, and integrality and certainty that can guarantee information, and the information that prevents is distorted, is forged and palmed off.A cryptographic system is made of these four fundamentals of plaintext information source, ciphertext, key and cryptographic calculation.Say that intuitively expressly information source is exactly expressly alphabet or expressly letter, ciphertext just is meant the information after the encryption; And key is to be used for selecting from a group encryption computing of cryptographic system a cryptographic calculation, and key allows you to change encryption according to the rule of former formulation, and the combination complexity of encryption method depends on the quantity of key under the method.Cryptographic system has symmetric key cipher technology and asymmetric key cipher technology, and symmetric key cipher specification requirement encrypting and decrypting both sides have identical key.Have key inequality and the asymmetric key cipher technology is the encrypting and decrypting both sides, encryption key and decruption key can not be calculated mutually.
Be in 5,864,667 the United States Patent (USP) in the patent No., also disclose and a kind of public and private key system has been applied in method in the secure communication, comprise that by distribution the key of PKI and private key is set up secure link.
Because at present in the 2G/3G mobile communications network, in starting up of terminal attach (adhering to) network and network initiation identity request (authentication request), because international mobile station identity number (the International Mobile Station Identity of marking terminal identity, be called for short " IMSI ") plaintext transmission aloft, therefore the leak that has the terminal identity exposure, thereby may cause tracked, eavesdropping, information interception or, even the situation of forging the terminal attacking network by dos attack.In addition, owing to terminal in start or fall net and initiate to look for when net owing to there is not the mechanism of authentication network, the leak that therefore exists terminal to be cheated to insert false network.
Summary of the invention
Authentication method, subscriber equipment and base station when the object of the present invention is to provide a kind of subscriber equipment access network solve terminal is inserted the potential safety hazard of false network by deception problem.
For solving the problems of the technologies described above, the authentication method when embodiments of the present invention provide a kind of subscriber equipment access network may further comprise the steps:
Subscriber equipment receives base station identification information and certificate from base station broadcast, this certificate uses its private key will comprise that the information encryption of base station identification information forms by authentication center;
PKI with the authentication center that sets in advance in the subscriber equipment is decrypted certificate, and with base station identification information the decrypted result of this certificate is verified;
Legal as checking by then assert the base station.
Embodiments of the present invention also provide a kind of subscriber equipment, comprising:
Receiving element is used for receiving base station identification information and certificate from base station broadcast, and this certificate is formed the information encryption that comprises base station identification information with its private key by authentication center;
Memory cell is used to preserve the PKI of authentication center;
Decrypting device, the PKI that is used for the authentication center that preserved with memory cell is decrypted the certificate that receiving element receives;
Authentication unit, the base station identification information that is used for receiving with receiving element are verified the decrypted result of decrypting device, and be legal by then assert the base station as checking.
Embodiments of the present invention also provide a kind of base station, comprising:
Memory cell is used to preserve certificate, and this certificate uses its private key that the information encryption that comprises base station identification information is formed by authentication center;
Transmitting element is used for the base station identification information of broadcast base station and the certificate that memory cell is preserved.
Embodiment of the present invention compared with prior art, the main distinction and effect thereof are:
Base station broadcast base station identification information and certificate, this certificate is formed information encryptions such as base station identification information with its private key by CA, UE is by the checking of certificate being assert the legitimacy of base station, because pseudo-base station can't obtain the certificate of CA, so the true and false that can discrimination natwork.
Further, the base station is the PKI of broadcast base station also, and UE receives behind this PKI with this public key encryption IMSI, and sends IMSI through this public key encryption to the base station when inserting, thereby terminal identity IMSI is aloft transmitted with ciphertext, has protected terminal identity.
Further, can be earlier the PKI of base station identification information and base station be carried out arithmetic operation, with the private key of CA operation result is encrypted again and obtained certificate.Because comprised the information of PKI two aspects of base station identification information and base station in the certificate, so UE by the checking to certificate, can examine the correctness of two information of PKI of base station identification information and base station.If the assailant has just duplicated the broadcast message of base station and has played back, then because the IMS that UE sends encrypts with the PKI of base station, so the assailant still can't obtain the IMSI of UE, can't be normally mutual with UE further.
Arithmetic operation can be the step-by-step XOR, with respect to the mode that only Generates Certificate with base station identification information, has increased the difficulty that cracks under the prerequisite that does not increase the data volume that needs broadcasting.Arithmetic operation can also be attended operation, and the PKI that is about to base station identification information and base station couples together, and such certificate that generates is longer, is difficult for being cracked, and fail safe is better.
The PKI of CA can be kept among the UE, like this after UE roams into the network that uses another CA, as long as the PKI of revising CA normal access network is just roamed more convenient.
Description of drawings
Fig. 1 is the authentication method flow chart during according to the UE access network of first embodiment of the invention;
Fig. 2 is the authentication method flow chart during according to the UE access network of second embodiment of the invention;
Fig. 3 is the authentication method flow chart during according to the UE access network of third embodiment of the invention;
Fig. 4 is the Verification System structure chart during according to the UE access network of four embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiments of the present invention are described in further detail below in conjunction with accompanying drawing.
In embodiments of the present invention, by authentication center's (Certificate Authority is called for short " CA ") is subscriber equipment (User Equipment is called for short " UE ") and a pair of PKI of base station assigns (Public Key, be called for short " PK ") private key (Secure Key is called for short " SK ").Because this is distributed by CA public, private key, therefore hereinafter it is abbreviated as (PKca, SKca).When the UE access network, by (PKca, SKca) legitimacy to the base station authenticates.
Authentication method when first execution mode of the present invention relates to a kind of UE access network, in the present embodiment, the user that PKca is preset at UE serves in the identification module (User Service Identify Module is called for short " USIM ").Certainly, PKca can not be kept among the USIM yet, but is kept in other module of UE.If the PKI of CA is kept among the UE, roam into the network that uses another CA at UE after, as long as the PKI of revising CA normal access network is just roamed more convenient.
The base station obtains certificate in advance from CA, this certificate is formed by utilizing SKca that base station identification information is encrypted by CA, this base station is by this certificate of broadcast channel broadcasts and this base station identification information, base station identification information can be the colour coding or the beacon channel of Base Station Identification, base station, or the information that other can this base station of unique identification.Because this certificate is encrypted base station identification information by SKca and is formed, and therefore, represents this certificate with SKca (base station identification information) in the present embodiment.
Identifying procedure during the UE access network as shown in Figure 1.In step 110, when UE because of start or fall net and initiate to look for when net, receive the broadcasting of base station, from this base station broadcast, obtain base station identification information and SKca (base station identification information).
Then, in step 120, UE verifies whether this base station is legal.Specifically, UE utilizes the PKca that sets in advance in the USIM of this UE behind identification information that gets access to this base station and SKca (base station identification information), SKca (base station identification information) is decrypted, and obtains base station identification information.Then, relatively after the deciphering base station identification information that obtains whether consistent with the base station identification information that from base station broadcast, obtains.Because pseudo-base station can't obtain the certificate of CA, promptly can't obtain correct SKca (base station identification information), thus UE can be in this way can discrimination natwork the true and false.If the comparative result unanimity illustrates that then this base station is legal, enter step 130; If inconsistent, illustrate that then this base station is illegal, be pseudo-base station, process ends.
In step 130, this UE initiates to adhere to request to the base station, adheres at this and carries the UE sign in request, as the IMSI of this UE.
Be not difficult to find that because in the present embodiment, therefore UE can solve because of being cheated the problem of the potential safety hazard that inserts false network by the checking of certificate being assert the legitimacy of base station.
Authentication method when second execution mode of the present invention relates to a kind of UE access network, present embodiment is on the basis of first execution mode, done further improvement, not only solve UE because of being cheated the problem of the potential safety hazard that inserts false network, also solved the problem of the potential safety hazard of UE identity exposure.In the present embodiment, preserve a pair of public, private key in the base station, promptly (PKnb, SKnb), certificate, the base station identification information obtained are not only broadcasted in the base station from CA when broadcasting, go back the PKI of broadcast base station, i.e. PKnb.UE is after the legitimacy of having verified the base station, and the PKnb that utilization is received from base station broadcast encrypts the IMSI of this UE, the IMSI after encrypting is carried at adheres in the request, sends to the base station.
Identifying procedure during the UE access network as shown in Figure 2.In step 210, when UE because of start or fall net and initiate to look for when net, receive the broadcasting of base station, from this base station broadcast, obtain base station identification information, SKca (base station identification information) and PKnb.
Then, in step 220, UE verifies whether this base station is legal.This step is similar with step 120, does not repeat them here.
Then, in step 230, this UE initiates to adhere to request to the base station, adheres to IMSI after carrying encryption in the request at this.That is to say that this UE need be when request be adhered in this base station transmission after definite base station is legitimate base station, the PKnb that utilization receives from base station broadcast encrypts the IMSI of this UE, and the IMSI after will encrypting, i.e. PKnb (IMSI) is carried to adhere to and sends to the base station in the request.
In step 240, the base station utilizes the SKnb that self preserves, and the PKnb (IMSI) that adheres in the request that receives is decrypted, and obtains the IMSI of UE.
Because the IMSI of sign UE identity is not to be to transmit in mode expressly, but transmits with ciphertext, has therefore protected the identity of UE, solved the problem of the potential safety hazard of UE identity exposure aloft.
Authentication method when the 3rd execution mode of the present invention relates to a kind of UE access network, the present embodiment and second execution mode are roughly the same, its difference is, in second execution mode, the certificate that the base station obtains from CA is encrypted base station identification information by SKca and is formed, and in the present embodiment, the certificate that the base station obtains from CA is by SKca the operation result of base station identification information and PKnb to be encrypted to form, therefore, represent this certificate with SKca (PKnb ‖ base station identification information) in the present embodiment.Wherein, " ‖ " represents concatenation operation, just PKnb and base station identification information directly linked together.Concatenation operation makes the certificate that is generated longer, is difficult for being cracked, and fail safe is better.
Except concatenation operation, can also carry out step-by-step xor operation, computings such as step-by-step and operation to PKnb and base station identification information.If use the step-by-step xor operation,, under the prerequisite that does not increase the data volume that needs broadcasting, increased the difficulty that cracks then with respect to the mode that only Generates Certificate with base station identification information.
Identifying procedure during the UE access network as shown in Figure 3.In step 310, when UE because of start or fall net and initiate to look for when net, receive the broadcasting of base station, from this base station broadcast, obtain base station identification information, SKca (PKnb ‖ base station identification information) and PKnb.
Then, in step 320, UE verifies whether this base station is legal.Specifically, UE is after getting access to the identification information of this base station, SKca (PKnb ‖ base station identification information) and PKnb, utilization sets in advance the PKca in the USIM of this UE, and SKca (PKnb ‖ base station identification information) is decrypted, and obtains PKnb ‖ base station identification information.Then, relatively whether the PKnb ‖ base station identification information that obtains after the deciphering is consistent with the PKnb ‖ base station identification information that obtains according to base station broadcast.If the comparative result unanimity illustrates that then this base station is legal, enter step 330; If inconsistent, illustrate that then this base station is illegal, be pseudo-base station, process ends.
Because pseudo-base station can't obtain the certificate of CA, promptly can't obtain correct SKca (PKnb ‖ base station identification information), thus UE can be in this way can discrimination natwork the true and false, thereby avoid the situation that inserted false network because of cheating.
Then, in step 330, this UE initiates to adhere to request to the base station, adheres to IMSI after carrying encryption in the request at this.This step is similar with step 230, does not repeat them here.
In step 340, the base station utilizes the SKnb that self preserves, and the PKnb (IMSI) that adheres in the request that receives is decrypted, and obtains the IMSI of UE.
Because comprised the information of PKI two aspects of base station identification information and base station in the certificate, so UE by the checking to certificate, can examine the correctness of two information of PKI of base station identification information and base station.If the assailant has just duplicated the broadcast message of base station and has played back, then because the IMS that UE sends encrypts with the PKI of base station, so the assailant still can't obtain the IMSI of UE, can't be normally mutual with UE further.
Need to prove that method execution mode of the present invention can be realized in software, hardware, firmware or the like mode.No matter the present invention be with software, hardware, or the firmware mode realize, instruction code can be stored in the memory of computer-accessible of any kind (for example permanent or revisable, volatibility or non-volatile, solid-state or non-solid-state, medium fixing or that change or the like).Equally, memory can for example be programmable logic array (Programmable Array Logic, be called for short " PAL "), random access memory (Random Access Memory, be called for short " RAM "), programmable read only memory (Programmable Read Only Memory, be called for short " PROM "), read-only memory (Read-Only Memory, be called for short " ROM "), Electrically Erasable Read Only Memory (Electrically Erasable Programmable ROM, be called for short " EEPROM "), disk, CD, digital versatile disc (Digital Versatile Disc is called for short " DVD ") or the like.
Verification System when the 4th execution mode of the present invention relates to a kind of UE access network as shown in Figure 4, comprises UE and base station.
Wherein, the base station comprises: memory cell, be used to preserve certificate, and this certificate is formed the information encryption that comprises base station identification information with its private key (SKca) by CA; Transmitting element is used for the base station identification information of broadcast base station and the certificate that memory cell is preserved.
UE comprises: receiving element, be used for receiving base station identification information and certificate from base station broadcast, and this certificate is formed the information encryption that comprises base station identification information by SKca; Memory cell is used to preserve the PKI (PKca) that CA distributes; Decrypting device, the PKca that is used for being preserved with memory cell is decrypted the certificate that receiving element receives; Authentication unit, the base station identification information that is used for receiving with receiving element are verified the decrypted result of decrypting device, and be legal by then assert this base station as checking.Because pseudo-base station can't obtain the certificate of CA, so UE can be by assert the legitimacy of base station to the checking of certificate, thereby solve because of being cheated the problem of the potential safety hazard that inserts false network.
What deserves to be mentioned is, memory cell in the base station also can be used for preserving the PKI and the private key of base station, and promptly (PKnb, SKnb), transmitting element in the base station also is used to broadcast the PKnb that memory cell is preserved, and the receiving element of UE also is used for receiving this PKnb from the broadcasting of base station.
At this moment, UE also comprises: ciphering unit, and the PKnb that is used for receiving with receiving element encrypts the sign (as the IMSI of UE) of UE; Transmitting element is used for the UE sign after the ciphering unit encryption is sent to the base station.
This base station also comprises: receiving element, and the UE that encrypts through PKnb that is used to receive from UE identifies (as the IMSI of UE); Decrypting device, the encrypted UE sign that the SKnb that is used for being preserved with memory cell receives receiving element is decrypted.Because the IMSI of sign UE identity is not to be to transmit in mode expressly, but transmits with ciphertext, has therefore protected the identity of UE, solved the problem of the potential safety hazard of UE identity exposure aloft.
If the transmitting element of base station also is used to broadcast the PKnb that memory cell is preserved, then this transmitting element certificate of broadcasting can be encrypted the operation result of base station identification information and PKnb by SKca and form; The authentication unit of UE is verified in the following manner: the base station identification information that receiving element is received and the PKI of base station carry out arithmetic operation; The decrypted result of decrypting device is compared with the operation result of arithmetic operation, verify if both are identical and pass through, assert that the base station is legal.Above-mentioned computing can be step-by-step xor operation or attended operation etc.If the computing of adopting is the step-by-step xor operation,, under the prerequisite that does not increase the data volume that needs broadcasting, increased the difficulty that cracks then with respect to the mode that only Generates Certificate with base station identification information.If the computing of adopting be expression be attended operation, the PKI that is about to base station identification information and base station couples together, then the certificate that is generated is longer, is difficult for being cracked, fail safe is better.
Need to prove, each unit of mentioning in the present embodiment all is a logical block, physically, a logical block can be a physical location, it also can be the part of a physical location, can also realize that the physics realization mode of these logical blocks itself is not most important with the combination of a plurality of physical locations, the combination of the function that these logical blocks realized is the key that just solves technical problem proposed by the invention.And for outstanding innovation part of the present invention, present embodiment will not introduced not too close unit with solving technical problem relation proposed by the invention, and this does not show that there is not other unit in the said equipment execution mode.For example, can also there be baseband processing unit, antenna or the like in the base station; UE can also have display screen, microphone, earphone, keyboard or the like.
In addition, the related equipment (as UE and base station) of present embodiment can be used for finishing the method flow that the 1-3 execution mode is mentioned.Therefore all ins and outs of mentioning in the 1-3 execution mode are still effective in the present embodiment, in order to reduce repetition, repeat no more here.
Though pass through with reference to some of the preferred embodiment of the invention, the present invention is illustrated and describes, but those of ordinary skill in the art should be understood that and can do various changes to it in the form and details, and without departing from the spirit and scope of the present invention.
Claims (10)
1. the authentication method during a subscriber equipment access network is characterized in that, may further comprise the steps:
Subscriber equipment receives base station identification information and certificate from base station broadcast, this certificate uses its private key will comprise that the information encryption of described base station identification information forms by authentication center;
PKI with the described authentication center that sets in advance in the described subscriber equipment is decrypted described certificate, and with described base station identification information the decrypted result of this certificate is verified;
It is legal to verify as described by then assert described base station.
2. the authentication method during subscriber equipment access network according to claim 1 is characterized in that, and is further comprising the steps of:
The PKI of this base station is also broadcasted in described base station;
Described subscriber equipment receives the PKI of this base station from the broadcasting of described base station, and with the PKI of this base station the sign of this subscriber equipment is encrypted, and the customer equipment identification after encrypting is sent to described base station;
Described base station is decrypted with the private key of this base station customer equipment identification after to described encryption, obtains described customer equipment identification.
3. the authentication method during subscriber equipment access network according to claim 2 is characterized in that, described certificate uses its private key that the operation result of the PKI of described base station identification information and described base station is encrypted by authentication center and forms.
4. the authentication method during subscriber equipment access network according to claim 3 is characterized in that, the computing of the PKI of described base station identification information and described base station is comprised one of following:
Step-by-step xor operation, attended operation.
5. according to the authentication method during each described subscriber equipment access network in the claim 1 to 4, it is characterized in that the user that the PKI of described authentication center sets in advance at described subscriber equipment serves in identification module or the subscriber equipment;
Described customer equipment identification can be international mobile station identity number.
6. a subscriber equipment is characterized in that, comprising:
Receiving element is used for receiving base station identification information and certificate from base station broadcast, and this certificate is formed the information encryption that comprises described base station identification information with its private key by authentication center;
Memory cell is used to preserve the PKI of described authentication center;
Decrypting device, the PKI that is used for the described authentication center that preserved with described memory cell is decrypted the certificate that described receiving element receives;
Authentication unit is used for the described base station identification information that described receiving element receives the decrypted result of described decrypting device being verified, and is legal by base station as described in then assert as checking.
7. subscriber equipment according to claim 6 is characterized in that, described receiving element also is used for receiving from the broadcasting of described base station the PKI of this base station;
Described subscriber equipment also comprises:
Ciphering unit, the PKI that is used for the described base station of receiving with described receiving element is encrypted the sign of described subscriber equipment;
Transmitting element is used for the customer equipment identification after the described ciphering unit encryption is sent to described base station.
8. subscriber equipment according to claim 7 is characterized in that, described certificate uses its private key that the operation result of the PKI of described base station identification information and described base station is encrypted by authentication center and forms;
Described authentication unit is verified in the following manner:
The described base station identification information that described receiving element is received and the PKI of described base station carry out arithmetic operation;
The decrypted result of described decrypting device is compared with the operation result of described arithmetic operation, verify if both are identical and pass through, assert that described base station is legal;
It is one of following that described arithmetic operation comprises:
Step-by-step xor operation, attended operation.
9. a base station is characterized in that, comprising:
Memory cell is used to preserve certificate, and this certificate uses its private key that the information encryption that comprises described base station identification information is formed by authentication center;
Transmitting element is used for broadcasting the base station identification information of described base station and the certificate that described memory cell is preserved.
10. base station according to claim 9 is characterized in that, described memory cell also is used to preserve the PKI and the private key of described base station;
Described certificate uses its private key that the operation result of the PKI of described base station identification information and described base station is encrypted by authentication center and forms;
Described transmitting element also is used to broadcast the PKI of the described base station that described memory cell preserves;
Described base station also comprises:
Receiving element is used to receive the customer equipment identification through the public key encryption of described base station from subscriber equipment;
Decrypting device is used for the encrypted customer equipment identification that the private key of the described base station of being preserved with described memory cell receives described receiving element and is decrypted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008100432071A CN101552668A (en) | 2008-03-31 | 2008-03-31 | Certificating method, user equipment and base station for accessing user equipment into network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008100432071A CN101552668A (en) | 2008-03-31 | 2008-03-31 | Certificating method, user equipment and base station for accessing user equipment into network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101552668A true CN101552668A (en) | 2009-10-07 |
Family
ID=41156677
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008100432071A Pending CN101552668A (en) | 2008-03-31 | 2008-03-31 | Certificating method, user equipment and base station for accessing user equipment into network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101552668A (en) |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101917710A (en) * | 2010-08-27 | 2010-12-15 | 中兴通讯股份有限公司 | Method, system and related device for mobile internet encryption communication |
| CN101969638A (en) * | 2010-09-30 | 2011-02-09 | 中国科学院软件研究所 | Method for protecting international mobile subscriber identity (IMSI) in mobile communication |
| CN102036238A (en) * | 2010-12-27 | 2011-04-27 | 中国科学院软件研究所 | Method for realizing user and network authentication and key distribution based on public key |
| CN102045897A (en) * | 2009-10-10 | 2011-05-04 | 中兴通讯股份有限公司 | Group identification reporting method and device |
| WO2011054147A1 (en) * | 2009-11-05 | 2011-05-12 | 华为技术有限公司 | Method, device and communication system for service processing |
| CN102158856A (en) * | 2011-02-21 | 2011-08-17 | 惠州Tcl移动通信有限公司 | Mobile terminal identification code authentication system and method, server and terminal |
| CN102111922B (en) * | 2009-12-25 | 2014-01-01 | 中兴通讯股份有限公司 | Management method and system for M2M service signing data, and user signing data memory |
| CN104053156A (en) * | 2014-04-28 | 2014-09-17 | 中国石油大学(华东) | Automatic pseudo base station recognizing method and system |
| CN104168531A (en) * | 2013-05-15 | 2014-11-26 | Gn瑞声达A/S | Hearing instrument with an authentication protocol |
| CN104270800A (en) * | 2014-08-14 | 2015-01-07 | 平安科技(深圳)有限公司 | Method and system for establishing communication connection with terminal |
| CN104349315A (en) * | 2013-07-31 | 2015-02-11 | 普天信息技术研究院有限公司 | Method and system for assuring information security for base station and user equipment |
| CN104581710A (en) * | 2014-12-18 | 2015-04-29 | 中国科学院信息工程研究所 | Method and system for securely transmitting IMSI of LTE user on idle port |
| CN106028340A (en) * | 2016-07-29 | 2016-10-12 | 宇龙计算机通信科技(深圳)有限公司 | Method and system for identifying pseudo base stations |
| CN106454842A (en) * | 2016-10-28 | 2017-02-22 | 努比亚技术有限公司 | Method for preventing disturbance of pseudo base stations and terminal |
| CN106576237A (en) * | 2014-07-21 | 2017-04-19 | 宇龙计算机通信科技(深圳)有限公司 | Mobility management entity, home server, terminal, and identity authentication system and method |
| CN107872793A (en) * | 2016-09-26 | 2018-04-03 | 中国移动通信有限公司研究院 | A kind of base station identification approach, terminal and server |
| WO2019024031A1 (en) * | 2017-08-03 | 2019-02-07 | 于志 | System and method for authenticating mobile phone number based on cn39 code |
| WO2019028698A1 (en) * | 2017-08-09 | 2019-02-14 | Apple Inc. | Subscriber identity privacy protection |
| CN109451489A (en) * | 2018-12-12 | 2019-03-08 | 南京熊猫电子股份有限公司 | A method of the acquisition terminal IMSI based on blind redirection |
| CN110248359A (en) * | 2018-03-07 | 2019-09-17 | 中国移动通信有限公司研究院 | A kind of encipherment scheme, terminal, network element device and computer storage medium |
| CN110611911A (en) * | 2019-10-18 | 2019-12-24 | 中国联合网络通信集团有限公司 | Mobile communication method and device |
| WO2021103772A1 (en) * | 2019-11-30 | 2021-06-03 | 华为技术有限公司 | Data transmission method and apparatus |
-
2008
- 2008-03-31 CN CNA2008100432071A patent/CN101552668A/en active Pending
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102045897B (en) * | 2009-10-10 | 2014-08-13 | 中兴通讯股份有限公司 | Group identification reporting method and device |
| CN102045897A (en) * | 2009-10-10 | 2011-05-04 | 中兴通讯股份有限公司 | Group identification reporting method and device |
| WO2011054147A1 (en) * | 2009-11-05 | 2011-05-12 | 华为技术有限公司 | Method, device and communication system for service processing |
| CN102111922B (en) * | 2009-12-25 | 2014-01-01 | 中兴通讯股份有限公司 | Management method and system for M2M service signing data, and user signing data memory |
| CN101917710A (en) * | 2010-08-27 | 2010-12-15 | 中兴通讯股份有限公司 | Method, system and related device for mobile internet encryption communication |
| WO2012024872A1 (en) * | 2010-08-27 | 2012-03-01 | 中兴通讯股份有限公司 | Method, system and related apparatus for encrypting communication in mobile internet |
| CN101969638A (en) * | 2010-09-30 | 2011-02-09 | 中国科学院软件研究所 | Method for protecting international mobile subscriber identity (IMSI) in mobile communication |
| CN101969638B (en) * | 2010-09-30 | 2013-08-14 | 中国科学院软件研究所 | Method for protecting international mobile subscriber identity (IMSI) in mobile communication |
| CN102036238A (en) * | 2010-12-27 | 2011-04-27 | 中国科学院软件研究所 | Method for realizing user and network authentication and key distribution based on public key |
| CN102036238B (en) * | 2010-12-27 | 2013-12-11 | 中国科学院软件研究所 | Method for realizing user and network authentication and key distribution based on public key |
| CN102158856A (en) * | 2011-02-21 | 2011-08-17 | 惠州Tcl移动通信有限公司 | Mobile terminal identification code authentication system and method, server and terminal |
| CN104168531A (en) * | 2013-05-15 | 2014-11-26 | Gn瑞声达A/S | Hearing instrument with an authentication protocol |
| US10652673B2 (en) | 2013-05-15 | 2020-05-12 | Gn Hearing A/S | Hearing instrument with an authentication protocol |
| CN104349315A (en) * | 2013-07-31 | 2015-02-11 | 普天信息技术研究院有限公司 | Method and system for assuring information security for base station and user equipment |
| CN104349315B (en) * | 2013-07-31 | 2018-01-05 | 普天信息技术有限公司 | It is a kind of to ensure base station and the method and system of user equipment information safety |
| CN104053156A (en) * | 2014-04-28 | 2014-09-17 | 中国石油大学(华东) | Automatic pseudo base station recognizing method and system |
| CN106576237B (en) * | 2014-07-21 | 2020-10-16 | 宇龙计算机通信科技(深圳)有限公司 | Mobile management entity, home server, terminal, identity authentication system and method |
| CN106576237A (en) * | 2014-07-21 | 2017-04-19 | 宇龙计算机通信科技(深圳)有限公司 | Mobility management entity, home server, terminal, and identity authentication system and method |
| CN104270800A (en) * | 2014-08-14 | 2015-01-07 | 平安科技(深圳)有限公司 | Method and system for establishing communication connection with terminal |
| CN104270800B (en) * | 2014-08-14 | 2017-11-17 | 平安科技(深圳)有限公司 | The method and system of communication connection are established with terminal |
| CN104581710A (en) * | 2014-12-18 | 2015-04-29 | 中国科学院信息工程研究所 | Method and system for securely transmitting IMSI of LTE user on idle port |
| CN104581710B (en) * | 2014-12-18 | 2018-11-23 | 中国科学院信息工程研究所 | It is a kind of in the method and system of upper safe transmission LTE user IMSI of eating dishes without rice or wine |
| CN106028340A (en) * | 2016-07-29 | 2016-10-12 | 宇龙计算机通信科技(深圳)有限公司 | Method and system for identifying pseudo base stations |
| CN107872793A (en) * | 2016-09-26 | 2018-04-03 | 中国移动通信有限公司研究院 | A kind of base station identification approach, terminal and server |
| CN106454842A (en) * | 2016-10-28 | 2017-02-22 | 努比亚技术有限公司 | Method for preventing disturbance of pseudo base stations and terminal |
| WO2019024031A1 (en) * | 2017-08-03 | 2019-02-07 | 于志 | System and method for authenticating mobile phone number based on cn39 code |
| WO2019028698A1 (en) * | 2017-08-09 | 2019-02-14 | Apple Inc. | Subscriber identity privacy protection |
| CN110248359A (en) * | 2018-03-07 | 2019-09-17 | 中国移动通信有限公司研究院 | A kind of encipherment scheme, terminal, network element device and computer storage medium |
| CN109451489A (en) * | 2018-12-12 | 2019-03-08 | 南京熊猫电子股份有限公司 | A method of the acquisition terminal IMSI based on blind redirection |
| CN110611911A (en) * | 2019-10-18 | 2019-12-24 | 中国联合网络通信集团有限公司 | Mobile communication method and device |
| CN110611911B (en) * | 2019-10-18 | 2022-08-26 | 中国联合网络通信集团有限公司 | Mobile communication method and device |
| WO2021103772A1 (en) * | 2019-11-30 | 2021-06-03 | 华为技术有限公司 | Data transmission method and apparatus |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101552668A (en) | Certificating method, user equipment and base station for accessing user equipment into network | |
| Van Den Broek et al. | Defeating IMSI catchers | |
| CN101741555B (en) | Method and system for identity authentication and key agreement | |
| CN101822082B (en) | Techniques for secure channelization between UICC and terminal | |
| CN104584602B (en) | Encrypting a service announcement message in a discovery packet | |
| JP4263384B2 (en) | Improved method for authentication of user subscription identification module | |
| CN101969638B (en) | Method for protecting international mobile subscriber identity (IMSI) in mobile communication | |
| CN100589381C (en) | User identity secret-keeping method in communication system | |
| KR101270342B1 (en) | Exchange of key material | |
| CN102026178B (en) | User identity protection method based on public-key mechanism | |
| JP4002035B2 (en) | A method for transmitting sensitive information using unsecured communications | |
| CN105553951A (en) | Data transmission method and data transmission device | |
| CN103152731A (en) | 3G accessed IMSI (international mobile subscriber identity) privacy protection method | |
| CN114826673A (en) | Protection system, method and device for transmission data | |
| CN101808313B (en) | Method for acquiring TMSI (Temporary Mobile Subscriber Identity), mobile station, home location register and communication system | |
| US20120142315A1 (en) | Method for authentication and key establishment in a mobile communication system and method of operating a mobile station and a visitor location register | |
| WO2018076564A1 (en) | Privacy protection method and privacy protection device in vehicle communication | |
| CN106888092A (en) | Information processing method and device | |
| AU4476099A (en) | Method for protecting mobile anonymity | |
| Muthana et al. | Analysis of user identity privacy in LTE and proposed solution | |
| CN101784048B (en) | Method and system for dynamically updating identity authentication and secret key agreement of secret key | |
| KR100957044B1 (en) | Method and system for providing mutual authentication using kerberos | |
| KR100658300B1 (en) | Authentication and key establishment method for wireless communication system | |
| WO2017094833A1 (en) | Mobile communication system, mobile station and communication network | |
| Hori et al. | Security Analysis of MIS Protocol on Wireless LAN comparison with IEEE802. 11i |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20091007 |