CN101771997B - Method, equipment and system for protection of confidentiality of international mobile subscriber identifier IMSI - Google Patents

Method, equipment and system for protection of confidentiality of international mobile subscriber identifier IMSI Download PDF

Info

Publication number
CN101771997B
CN101771997B CN2009100764512A CN200910076451A CN101771997B CN 101771997 B CN101771997 B CN 101771997B CN 2009100764512 A CN2009100764512 A CN 2009100764512A CN 200910076451 A CN200910076451 A CN 200910076451A CN 101771997 B CN101771997 B CN 101771997B
Authority
CN
China
Prior art keywords
subsequent use
imsi
sign
use sign
mme
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2009100764512A
Other languages
Chinese (zh)
Other versions
CN101771997A (en
Inventor
朱红儒
齐旻鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN2009100764512A priority Critical patent/CN101771997B/en
Publication of CN101771997A publication Critical patent/CN101771997A/en
Application granted granted Critical
Publication of CN101771997B publication Critical patent/CN101771997B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method for protection of confidentiality of an international mobile subscriber identifier IMSI, which comprises: the network side generates a standby identity for a subscriber according to the IMSI of the subscriber; and when the temporary identity GUTI of the subscriber fails, the network side can identify the subscriber according to the standby identity. The invention simultaneously discloses attribution signing subscriber server, a mobile management entity, subscriber equipment and an IMSI confidentiality protection system. Moreover, the invention can realize the protection of the confidentiality of the IMSI without changing the existing signaling system, and simultaneously can avoid identity synchronization and identity collision during protecting the confidentiality of the IMSI.

Description

Protection of confidentiality of international mobile subscriber identifier IMSI method, equipment and system
Technical field
The present invention relates to communication technical field, relate in particular to protection of confidentiality of international mobile subscriber identifier IMSI method, equipment and system.
Background technology
The 5.1.1 definition of TR33.102 should guarantee its confidentiality as the IMSI (International MobileSubscriber Identifier, international mobile subscriber identifier) of user identity on Radio Link.In order to guarantee its confidentiality, existing standard requires to use user identity temporary mark GUTI (the unique interim indications in the GloballyUnique Temporary Identity whole world) to replace IMSI in network, to transmit.
But in existing network, when mistake appears in network side, customer data base can't be with user's GUTI and IMSI at once, and network side will send identity request message, and the request user sends IMSI information with clear-text way.So just destroyed the confidentiality of user IMSI.
In order to guarantee the confidentiality of user IMSI, existing solution has two kinds:
A kind of is independently to be calculated according to the private information of sharing and the temporary mark of the IMSI that is protected by UE (User Equipment, subscriber equipment) and network side.But the weak point of this scheme is: the temporary mark for UE and network side independently calculate, and inconsistent situation appears easily, promptly produce stationary problem.In addition,, therefore cause different UE to calculate the situation of same temporary mark easily, promptly produce the sign collision problem because temporary mark independently calculates.
Another kind is to use public key safety mechanism, utilize PKI user's IMSI is encrypted after transmission again.But the weak point of this scheme is: the security mechanism that uses public-key is carried out encipherment protection to IMSI scheme is revised excessive to the prior art system, need rebulid the new security system of a cover, can't use in the existing security system.
Summary of the invention
The embodiment of the invention provides a kind of protection of confidentiality of international mobile subscriber identifier IMSI method; In order under the situation of existing signaling system not being changed, to realize the Confidentiality protection of IMSI; And avoid when carrying out the IMSI Confidentiality protection, producing sign stationary problem and sign collision problem, this method comprises:
Network side according to user's IMSI for the user generates subsequent use sign;
When user's temporary mark GUTI lost efficacy, network side was discerned the user according to subsequent use sign.
The embodiment of the invention also provides a kind of home signature user server HSS; In order under the situation of existing signaling system not being changed, to realize the Confidentiality protection of IMSI; And avoid when carrying out the IMSI Confidentiality protection, producing sign stationary problem and sign collision problem, this HSS comprises:
Receiver module is used to receive the IMSI that the UE that transmitted by MME reports;
Generation module is used for generating subsequent use sign according to IMSI;
Sending module is used for giving MME with the subsequent use identification feedback that generates.
The embodiment of the invention also provides a kind of mobile management entity MME; In order under the situation of existing signaling system not being changed, to realize the Confidentiality protection of IMSI; And avoid when carrying out the IMSI Confidentiality protection, producing sign stationary problem and sign collision problem, this MME comprises:
Receiver module is used to receive the IMSI that UE reports; And, receive the subsequent use sign that HSS feeds back according to the IMSI generation;
Sending module is used for after said receiver module receives the IMSI that UE reports, IMSI being forwarded to HSS; Receive the subsequent use sign of HSS feedback at said receiver module after, give UE with subsequent use identification feedback.
The embodiment of the invention also provides a kind of user equipment (UE); In order under the situation of existing signaling system not being changed, to realize the Confidentiality protection of IMSI; And avoid when carrying out the IMSI Confidentiality protection, producing sign stationary problem and sign collision problem, this UE comprises:
Sending module is used for reporting IMSI to MME;
Receiver module is used to receive the subsequent use sign of the HSS of MME feedback according to the IMSI generation;
Mapping block is used for subsequent use sign and IMSI are shone upon.
The embodiment of the invention also provides a kind of IMSI Confidentiality protection system; In order under the situation of existing signaling system not being changed, to realize the Confidentiality protection of IMSI; And avoid when carrying out the IMSI Confidentiality protection, producing sign stationary problem and sign collision problem, this system comprises:
Network equipment, be used for IMSI according to the user for the user generates subsequent use sign; When user's temporary mark GUTI lost efficacy, the user is discerned according to subsequent use sign;
Subscriber equipment is used for providing to network equipment user's IMSI, and, receive the subsequent use sign that network equipment generates, and subsequent use sign and IMSI are shone upon.
The embodiment of the invention is that the user generates subsequent use sign by network side according to user's IMSI when IMSI is carried out Confidentiality protection; When user's temporary mark GUTI lost efficacy, network side was discerned the user according to subsequent use sign, so just can avoid on Radio Link user's IMSI information is exposed.And be different from the prior art and independently calculate the scheme of temporary mark, but generate subsequent use sign according to IMSE, can avoid identifying stationary problem and sign collision problem by network side with protection IMSI by UE and network side; In addition, the embodiment of the invention is not changed existing message authentication flow process, and is less to the change of existing message signaling format yet, can reuse existing signaling system fully, remedied the deficiency of existing public key safety mechanism yet.
Description of drawings
Fig. 1 is an IMSI Confidentiality protection method flow diagram in the embodiment of the invention;
Process chart when Fig. 2 inserts for user in the embodiment of the invention first;
Fig. 3 is the process chart of user's in the embodiment of the invention GUTI temporary mark when losing efficacy;
Fig. 4, Fig. 5, Fig. 6 are the structural representation of HSS in the embodiment of the invention;
Fig. 7, Fig. 8, Fig. 9 are the structural representation of MME in the embodiment of the invention;
Figure 10, Figure 11 are the structural representation of UE in the embodiment of the invention;
Figure 12 is the structural representation of IMSI Confidentiality protection system in the embodiment of the invention.
Embodiment
Below in conjunction with Figure of description the embodiment of the invention is elaborated.
As shown in Figure 1, in the embodiment of the invention, IMSI Confidentiality protection method flow can comprise:
Step 101, network side according to user's IMSI for the user generates subsequent use sign.
Step 102, when user's temporary mark GUTI lost efficacy, network side is discerned the user according to subsequent use sign.
Generate subsequent use sign by network side according to user's IMSI; The relative GUTI of this subsequent use sign is a more long-acting replacement sign; When the GUTI temporary mark lost efficacy; Network side can be accomplished the identification to the user according to subsequent use sign, so just can avoid on Radio Link user's IMSI information is exposed.
The equipment of the network side in the enforcement can have multiple, all can so long as can realize function shown in Figure 1.Comprise MME (Mobility Management Entity with network equipment below; Mobile management entity), HSS (Home Subscriber Server; Home signature user server) for example describes, and carry out between the MME, HSS, UE mutual, to realize the Confidentiality protection of IMSI.
Then step 101 can comprise when realizing:
Mobile management entity MME is forwarded to home signature user server HSS with IMSI after receiving the IMSI of reported by user equipment UE;
HSS generates subsequent use sign and feeds back to MME according to IMSI;
MME gives UE with subsequent use identification feedback, subsequent use sign and IMSI is shone upon in this locality by UE.
Said process promptly is the processing procedure when the user inserts first, can also comprise in this process certainly: MME generates GUTI according to IMSI after receiving the IMSI that UE reports; And MME also will feed back to UE according to the GUTI that IMSI generates when giving UE with subsequent use identification feedback.
As shown in Figure 2, step 101 in force, the processing when promptly the user inserts first specifically can comprise:
Step 201, when the user inserts first, the user at first reports IMSI to show own identity.
Step 202, MME obtain to transmit IMSI to HSS after the IMSI of UE.
Step 203, MME calculate the temporary mark GUTI that generates the user according to IMSI.The execution sequence of this step can with step 202 simultaneously, also can be before or after step 202.
Step 204, HSS receive after the user IMSI information, expressly can judge UE according to the IMSI that sends and insert first, therefore generate a subsequent use sign of IMSI and are expressed as subsequent use sign T IMSI1, with subsequent use sign T IMSI1Shine upon with IMSI.
Step 205, HSS are with subsequent use sign T IMSI1Feed back to MME, HSS can be through authentication information with subsequent use sign T during enforcement IMSI1Tell MME.
GUTI and the subsequent use sign of IMSI T that step 206, MME will generate according to IMSI IMSI1Send UE together to.UE is receiving subsequent use sign T IMSI1After shine upon related with IMSI it.
Then step 102 can comprise when realizing:
When user's temporary mark GUTI lost efficacy, MME obtained subsequent use sign and is forwarded to HSS from UE;
After HSS receives subsequent use sign, search the corresponding list item of database and should subsequent use mark and label be user mode, generate new subsequent use sign and be masked as stand-by state, with new subsequent use identification feedback to MME; Said database list item stores the corresponding relation of IMSI and subsequent use sign and the state of subsequent use sign;
MME gives UE with new subsequent use identification feedback, is new subsequent use sign in this locality with former subsequent use identification renewal by UE.
Said process promptly is the processing procedure when user's GUTI temporary mark lost efficacy, and can also comprise in this process certainly: MME generates new GUTI according to subsequent use sign after obtaining subsequent use sign from UE; And MME also will feed back to UE according to the new GUTI that subsequent use sign generates when giving UE with new subsequent use identification feedback.
Above-mentioned database is HSS extra foundation in order to preserve subsequent use sign.As shown in table 1, this database has three crucial list items and with the stored in form of clauses and subclauses.Database should be according to subsequent use sign T IMSIInformation finds corresponding IMSI information fast, also should be able to find corresponding T fast according to IMSI information simultaneously IMSIInformation:
The database list item of table 1 HSS
IMSI T IMSI1 used
IMSI T IMSI2 active
Wherein, the IMSI list item is used for placing the IMSI information of all UE, and T IMSIList item is used for depositing the T of corresponding IMSI information IMSIInformation (for example goes up the T of table IMSI1And T IMSI2), the state list item is used for depositing this IMSI and T IMSIThe state of corresponding informance.This state can be stand-by state (active) or user mode (used).If status indication is active, then mean the IMSI of UE end this moment and the T in this clauses and subclauses IMSIInformation is corresponding; If status indication is used, the IMSI that then means the UE end is at T IMSIBefore the information updating with these clauses and subclauses in T IMSIInformation is corresponding.
Should be each IMSI among the HSS and preserve two corresponding message, wherein a bar state is active, and another bar state then is used.State is that the clauses and subclauses of used can guarantee when mistake occurring in the network UE end IMSI and T IMSICorresponding informance can recover synchronously with the HSS end.In promptly implementing, when the new subsequent use sign of feedback, as if in the network mistake appears, then can be according to being masked as the subsequent use sign of user mode, and subsequent use sign on the HSS and the subsequent use identification recovery on the UE is synchronous.
As shown in Figure 3, step 102 in force, the processing when user's GUTI temporary mark lost efficacy specifically can comprise:
Step 301-302, lose temporary mark GUTI when UE sends identity request message at MME, UE is with the subsequent use sign of IMSI T IMSI1Send to MME.
Step 303, MME are with the subsequent use sign of IMSI T IMSI1Send to HSS.
Step 304, MME generate new GUTI according to subsequent use sign.The execution sequence of this step can with step 203 simultaneously, also can be before or after step 203.
Step 305, HSS receive the subsequent use sign of IMSI T IMSI1After, in database, finding corresponding list item also should subsequent use sign T IMSI1Be masked as user mode, produce a subsequent use sign of new IMSI then and (can be expressed as T IMSI2) and be masked as stand-by state.
Step 306, HSS are with T IMSI2Send to MME.
Step 307, MME are with new GUTI and T IMSI2Send to UE.UE utilizes T IMSI2Upgrade the subsequent use sign of its original IMSI.
For the subsequent use sign of protection IMSI, generate and send to UE by HSS.Because IMSI is by MCC (Mobile Country Code; Mobile Country Code MCC), MNC (Mobile Network Code, mobile network number) and MSIN (Mobile Subscriber Indentification Number, mobile identification number) form; Therefore; HSS can keep MCC and MNC field when generating the subsequent use sign of corresponding IMSI, and MSIN number of user produced an alternative yard SC (Substitution Code) with a random number through one-way function.The subsequent use sign that is IMSI should be following:
T IMSI=MCC+MNC+SC。
At T IMSIKeep MCC and can guarantee that with MNC MME finds corresponding HSS according to TIMSI.And the individual event function that is used to generate SC can adopt arbitrary can bonding to the no trapdoor and the function that can calculate fast.In the enforcement, this substitutes sign indicating number can have same length with MSIN, the T that makes last generation IMSIInformation is deposited the format fields of IMSI in can multiplexing message.If the T that HSS calculates IMSIExist, HSS can change random number and regenerate T so IMSI
User's use for ease, only ME (Mobile Equipment, portable terminal) goes up the T that preserves the IMSI correspondence to UE at the terminal IMSIInformation.A T can be only preserved at each terminal IMSIInformation, and indicate that this information is the subsequent use sign of IMSI, thus guarantee not from USIM (UMTS Subscriber IdentityModule, UMTS subscriber identity module; UMTS:Universal Mobile TelecommunicationSystem, UMTS) obtains IMSI information in the card, guarantee the fail safe of IMSI.When network was initiated identity request (Identity Request), ME used T according to agreement IMSIThe IMSI message that replaces usim card to provide is returned.When user's USIM separated with ME, the last TIMSI informational needs of ME was eliminated.
One of ordinary skill in the art will appreciate that all or part of step in the foregoing description method is to instruct relevant hardware to accomplish through program; This program can be stored in the computer-readable recording medium, and storage medium can comprise: ROM, RAM, disk or CD etc.
Based on same inventive concept, the embodiment of the invention also provides a kind of home signature user server HSS, and its structure is as shown in Figure 4, can comprise:
Receiver module 401 is used to receive the IMSI that the UE that transmitted by MME reports;
Generation module 402 is used for generating subsequent use sign according to IMSI;
Sending module 403 is used for giving MME with the subsequent use identification feedback that generates.
Among the embodiment, receiver module 401 can also be used for when user's temporary mark GUTI lost efficacy, receiving the subsequent use sign that MME obtains from UE;
This moment is as shown in Figure 5, and HSS shown in Figure 4 can also comprise:
Database processing module 404 is used for after receiver module 401 receives subsequent use sign, searches the corresponding list item of database and should subsequent use mark and label be user mode; Said database list item stores the corresponding relation of IMSI and subsequent use sign and the state of subsequent use sign;
Generation module 402 can also be used to generate new subsequent use sign;
It is stand-by state that database processing module 404 can also be used for new subsequent use mark and label;
Sending module 403 can also be used for giving MME with new subsequent use identification feedback.
As shown in Figure 6, among the embodiment, HSS shown in Figure 5 can also comprise:
Recover synchronization module 405, be used for when feeding back new subsequent use sign, if it is mistake occurs in the network, then, that subsequent use sign on the HSS and the subsequent use identification recovery on the UE is synchronous according to being masked as the subsequent use sign of user mode.
Among the embodiment, generation module 402 generates alternative sign indicating number with MSIN among the IMSI and random number through one-way function when generating subsequent use sign; The alternative sign indicating number of the MCC among the IMSI, MNC and generation is made up, generate subsequent use sign.
Based on same inventive concept, a kind of MME also is provided in the embodiment of the invention, its structure is as shown in Figure 7, can comprise:
Receiver module 701 is used to receive the IMSI that UE reports; And, receive the subsequent use sign that HSS feeds back according to the IMSI generation;
Sending module 702 is used for after receiver module receives the IMSI that UE reports, IMSI being forwarded to HSS; Receive the subsequent use sign of HSS feedback at receiver module after, give UE with subsequent use identification feedback.
As shown in Figure 8, among the embodiment, MME shown in Figure 7 can also comprise:
Acquisition module 703 is used for when user's temporary mark GUTI lost efficacy, obtaining subsequent use sign from UE;
Sending module 702 can also be used for the subsequent use sign of obtaining is forwarded to HSS:
Receiver module 701 can also be used to receive the newly-generated subsequent use sign of HSS feedback;
Sending module 702 can also be used for the subsequent use sign that HSS is newly-generated and be transmitted to UE.
As shown in Figure 9, among the embodiment, MME shown in Figure 8 can also comprise:
Generation module 704 is used for after acquisition module gets access to subsequent use sign from UE, generates new GUTI according to subsequent use sign;
Sending module 702 can also be used for when giving UE with new subsequent use identification feedback, will feed back to UE according to the new GUTI that subsequent use sign generates.
Based on same inventive concept, the embodiment of the invention also provides a kind of UE, and its structure is shown in figure 10, can comprise:
Sending module 1001 is used for reporting IMSI to MME;
Receiver module 1002 is used to receive the subsequent use sign of the HSS of MME feedback according to the IMSI generation;
Mapping block 1003 is used for subsequent use sign and IMSI are shone upon.
Among the embodiment, mapping block 1003 can also be used for when subsequent use sign and IMSI are shone upon, on ME, preserving subsequent use sign; When ME lost efficacy at user's temporary mark GUTI, subsequent use sign is provided to MME;
Then shown in figure 11, UE shown in Figure 10 can also comprise:
Remove module 1004, be used for when the ME of UE separates with USIM, the subsequent use sign on the ME is removed.
Among the embodiment, sending module 1001 can also be used for when user's temporary mark GUTI lost efficacy, to MME subsequent use sign being provided;
Receiver module 1002 can also be used to receive the newly-generated subsequent use sign of HSS of MME feedback;
It is new subsequent use sign that mapping block 1003 can also be used for former subsequent use identification renewal.
Among the embodiment, receiver module 1002 can also be used to receive the GUTI that MME generates according to subsequent use sign.
Based on same inventive concept, the embodiment of the invention also provides a kind of IMSI Confidentiality protection system, and its structure is shown in figure 12, can comprise:
Network equipment 1201, be used for IMSI according to the user for the user generates subsequent use sign; When user's temporary mark GUTI lost efficacy, the user is discerned according to subsequent use sign;
Subscriber equipment 1202 is used for providing to network equipment user's IMSI, and, receive the subsequent use sign that network equipment generates, and subsequent use sign and IMSI are shone upon.
The embodiment of the invention is that the user generates subsequent use sign by network side according to user's IMSI when IMSI is carried out Confidentiality protection; When user's temporary mark GUTI lost efficacy, network side was discerned the user according to subsequent use sign, so just can avoid on Radio Link user's IMSI information is exposed.And be different from the prior art and independently calculate the scheme of temporary mark, but generate subsequent use sign according to IMSE, can avoid identifying stationary problem and sign collision problem by network side with protection IMSI by UE and network side; In addition, the embodiment of the invention is not changed existing message authentication flow process, and is less to the change of existing message signaling format yet, can reuse existing signaling system fully, remedied the deficiency of existing public key safety mechanism yet.
Network side generates also and preserves subsequent use sign, can guarantee that subsequent use sign can not lose; During practical implementation, generate and preserve two subsequent use signs, can also guarantee that UE can not produce the sign stationary problem in the process of upgrading subsequent use sign yet by network side HSS.
The present invention has only network side HSS to have more the computational process of the subsequent use sign of IMSI on calculating, and also can not cause extra time delay.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, belong within the scope of claim of the present invention and equivalent technologies thereof if of the present invention these are revised with modification, then the present invention also is intended to comprise these changes and modification interior.

Claims (13)

1. a protection of confidentiality of international mobile subscriber identifier IMSI method is characterized in that, this method comprises:
Mobile management entity MME is forwarded to home signature user server HSS with IMSI after receiving the IMSI of reported by user equipment UE;
HSS generates subsequent use sign and feeds back to MME according to IMSI;
MME gives UE with subsequent use identification feedback, subsequent use sign and IMSI is shone upon in this locality by UE;
MME obtains subsequent use sign and is forwarded to HSS from UE, and after MME obtains subsequent use sign from UE, further generates new GUTI according to subsequent use sign;
After HSS receives subsequent use sign, search the corresponding list item of database and should subsequent use mark and label be user mode, generate new subsequent use sign and be masked as stand-by state, with new subsequent use identification feedback to MME; Said database list item stores the corresponding relation of IMSI and subsequent use sign and the state of subsequent use sign;
MME gives UE with new subsequent use identification feedback, is new subsequent use sign in this locality with former subsequent use identification renewal by UE, and MME will new subsequent use identification feedback during to UE, further will feed back to UE according to the new GUTI of subsequent use sign generation.
2. the method for claim 1 is characterized in that, MME further generates GUTI according to IMSI after receiving the IMSI that UE reports;
When MME gives UE with subsequent use identification feedback, further will feed back to UE according to the GUTI that IMSI generates.
3. method as claimed in claim 2 is characterized in that, when UE shines upon subsequent use sign and IMSI in this locality, further is included in portable terminal ME and goes up and preserve subsequent use sign;
When user's temporary mark GUTI lost efficacy, to network side subsequent use sign is provided by ME;
When the ME of UE separates with UMTS subscriber identity module USIM, the subsequent use sign on the ME is removed.
4. the method for claim 1 is characterized in that, and is when feeding back new subsequent use sign, if mistake occurs in the network, then according to being masked as the subsequent use sign of user mode, that subsequent use sign on the HSS and the subsequent use identification recovery on the UE is synchronous.
5. like each described method of claim 1 to 4, it is characterized in that HSS generates alternative sign indicating number with mobile identification number MSIN and random number among the IMSI through one-way function when generating subsequent use sign;
The alternative sign indicating number of the Mobile Country Code MCC MCC among the IMSI, mobile network MNC and generation is made up, generate subsequent use sign.
6. method as claimed in claim 5 is characterized in that, said alternative sign indicating number has same length with MSIN.
7. method as claimed in claim 4 is characterized in that, if the subsequent use sign that HSS generates exists, then HSS changes random number and regenerates subsequent use sign.
8. a HSS is characterized in that, comprising:
Receiver module is used to receive the IMSI that the UE that transmitted by MME reports;
Generation module is used for generating subsequent use sign according to IMSI;
Sending module is used for giving MME with the subsequent use identification feedback that generates, and indication MME give UE with subsequent use identification feedback, subsequent use sign and IMSI shone upon in this locality by UE;
When the temporary mark GUTI that said receiver module is further used for the user lost efficacy, receive the subsequent use sign that MME obtains from UE;
Said HSS also comprises:
The database processing module is used for after said receiver module receives subsequent use sign, searches the corresponding list item of database and should subsequent use mark and label be user mode; Said database list item stores the corresponding relation of IMSI and subsequent use sign and the state of subsequent use sign;
Said generation module is further used for generating new subsequent use sign;
It is stand-by state that said database processing module is further used for new subsequent use mark and label;
Said sending module is further used for giving MME with new subsequent use identification feedback.
9. HSS as claimed in claim 8 is characterized in that, also comprises:
Recover synchronization module, be used for when feeding back new subsequent use sign, if it is mistake occurs in the network, then, that subsequent use sign on the HSS and the subsequent use identification recovery on the UE is synchronous according to being masked as the subsequent use sign of user mode.
10. like claim 8 or 9 described HSS, it is characterized in that said generation module generates alternative sign indicating number with MSIN among the IMSI and random number through one-way function when generating subsequent use sign; The alternative sign indicating number of the MCC among the IMSI, MNC and generation is made up, generate subsequent use sign.
11. a MME is characterized in that, comprising:
Receiver module is used to receive the IMSI that UE reports; And, receive the subsequent use sign that HSS feeds back according to the IMSI generation;
Sending module is used for after said receiver module receives the IMSI that UE reports, IMSI being forwarded to HSS; Receive the subsequent use sign of HSS feedback at said receiver module after, give UE with subsequent use identification feedback;
Acquisition module is used for when user's temporary mark GUTI lost efficacy, obtaining subsequent use sign from UE;
Said sending module is further used for the subsequent use sign of obtaining is forwarded to HSS:
Said receiver module is further used for receiving the newly-generated subsequent use sign of HSS feedback;
Said sending module is further used for the subsequent use sign that HSS is newly-generated and is transmitted to UE;
Generation module is used for after said acquisition module gets access to subsequent use sign from UE, generates new GUTI according to subsequent use sign;
Said sending module is further used for when giving UE with new subsequent use identification feedback, will feed back to UE according to the new GUTI that subsequent use sign generates.
12. a UE is characterized in that, comprising:
Sending module is used for reporting IMSI to MME;
Receiver module is used to receive the subsequent use sign of the HSS of MME feedback according to the IMSI generation;
Mapping block is used for subsequent use sign and IMSI are shone upon;
Said mapping block is further used for when subsequent use sign and IMSI are shone upon, on portable terminal ME, preserving subsequent use sign; When said ME lost efficacy at user's temporary mark GUTI, subsequent use sign is provided to MME;
Said UE also comprises:
Remove module, be used for when the ME of UE separates with USIM, the subsequent use sign on the ME is removed;
When the temporary mark GUTI that said sending module is further used for the user lost efficacy, subsequent use sign is provided to MME;
Said receiver module is further used for receiving the newly-generated subsequent use sign of HSS of MME feedback;
It is new subsequent use sign that said mapping block is further used for former subsequent use identification renewal;
Said receiver module is further used for receiving the GUTI that MME generates according to subsequent use sign.
13. an IMSI Confidentiality protection system is characterized in that, comprises network equipment and subscriber equipment:
Said network equipment comprises mobile management entity MME and home signature user server HSS, wherein:
MME is used to receive the IMSI of user equipment to report, and IMSI is forwarded to HSS; And receive the subsequent use sign that HSS feeds back, and give subscriber equipment with subsequent use identification feedback, obtain subsequent use sign and be forwarded to HSS from subscriber equipment; And after obtaining subsequent use sign from subscriber equipment, further generate new GUTI, and the new subsequent use sign that receives the HSS feedback according to subsequent use sign; Give subscriber equipment with new subsequent use identification feedback; Is new subsequent use sign in this locality with former subsequent use identification renewal by subscriber equipment, when giving subscriber equipment with new subsequent use identification feedback, also further will feed back to subscriber equipment according to the new GUTI that subsequent use sign generates;
HSS is used for according to IMSI, generates subsequent use sign and feeds back to MME; After receiving subsequent use sign; Search the corresponding list item of database and should subsequent use mark and label be user mode; Generate new subsequent use sign and be masked as stand-by state; Give MME with new subsequent use identification feedback, said database list item stores the corresponding relation of IMSI and subsequent use sign and the state of subsequent use sign;
Subscriber equipment is used for providing to MME user's IMSI, and, receive the subsequent use sign that MME generates, and subsequent use sign and IMSI are shone upon.
CN2009100764512A 2009-01-04 2009-01-04 Method, equipment and system for protection of confidentiality of international mobile subscriber identifier IMSI Active CN101771997B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009100764512A CN101771997B (en) 2009-01-04 2009-01-04 Method, equipment and system for protection of confidentiality of international mobile subscriber identifier IMSI

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009100764512A CN101771997B (en) 2009-01-04 2009-01-04 Method, equipment and system for protection of confidentiality of international mobile subscriber identifier IMSI

Publications (2)

Publication Number Publication Date
CN101771997A CN101771997A (en) 2010-07-07
CN101771997B true CN101771997B (en) 2012-07-04

Family

ID=42504519

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009100764512A Active CN101771997B (en) 2009-01-04 2009-01-04 Method, equipment and system for protection of confidentiality of international mobile subscriber identifier IMSI

Country Status (1)

Country Link
CN (1) CN101771997B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107911813B (en) * 2017-11-24 2020-07-07 中国科学院信息工程研究所 Transparent mode mobile user identity management method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1885995A (en) * 2005-06-23 2006-12-27 北京三星通信技术研究有限公司 Method for enhancing network security by setting dynamic user identification code
CN1961605A (en) * 2004-05-28 2007-05-09 皇家飞利浦电子股份有限公司 Privacy-preserving information distributing system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1961605A (en) * 2004-05-28 2007-05-09 皇家飞利浦电子股份有限公司 Privacy-preserving information distributing system
CN1885995A (en) * 2005-06-23 2006-12-27 北京三星通信技术研究有限公司 Method for enhancing network security by setting dynamic user identification code

Also Published As

Publication number Publication date
CN101771997A (en) 2010-07-07

Similar Documents

Publication Publication Date Title
CN109067724B (en) Block chain data transaction method, device, equipment and storage medium
CN101771992B (en) Method, equipment and system for protection of confidentiality of international mobile subscriber identifier IMSI
US7570941B2 (en) Method enabling detection of stolen mobile communication devices and systems thereof
US7860488B2 (en) Device detection in mobile networks
CN100433910C (en) Method for protecting mobile terminal identity in mobile communication system
CN102469458B (en) Group authentication method in a kind of M2M communication and system
CN102480727A (en) Group authentication method and system in machine-to-machine (M2M) communication
US9572023B2 (en) Method and system for providing services to mobile communication subscribers
CN101720086A (en) Identity protection method for mobile communication user
CN101631310A (en) Locking method, unlocking method and device thereof, network equipment and communication terminal
CN104125280B (en) The user management method of onboard system
CN101959183A (en) A kind of mobile subscriber identification code IMSI guard method based on assumed name
KR20200053609A (en) Method for transmitting an encrypted subscription identifier stored in a secure element to a physical or virtual element of a telecommunication network, a corresponding secure element, a physical or virtual element and a terminal cooperating with the secure element
CN101227731A (en) Mobile phone tracing method and system
CN101674179B (en) Method for predistributing and establishing key of sensor network
WO2006115741B1 (en) Method and apparatus for generating session keys
CN101730096B (en) Safety management method, device and equipment for number portability
CN100536483C (en) Allocation and safety transfer method of base station identifier in broadband radio metropolitan area network
CN103841547A (en) Downlink data transmission method, device and system
CN110197379A (en) A kind of anti-counterfeiting system and method for electronic tag
CN101860844A (en) Method, device and system for monitoring SIM card
CN105407479A (en) Information recognition method, information gateway, SIM card, and system
CN101771997B (en) Method, equipment and system for protection of confidentiality of international mobile subscriber identifier IMSI
JP2012044674A (en) Notification signal transmission method and mobile station
CN101080051B (en) Method for service station indication of terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant