CN104883339A

CN104883339A - User privacy protecting method, equipment and system thereof

Info

Publication number: CN104883339A
Application number: CN201410070160.3A
Authority: CN
Inventors: 何文裕; 何承东
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2014-02-27
Filing date: 2014-02-27
Publication date: 2015-09-02
Anticipated expiration: 2034-02-27
Also published as: WO2015127736A1; CN104883339B

Abstract

An embodiment of the invention discloses a user privacy protecting method, equipment and a system thereof, which relate to mobile network application technology. Through using a random user ID for hiding a real user ID, a problem of user privacy exposure is settled, and a safety feeling in network experience by a user is improved. The method comprises the steps of transmitting registering request information by user equipment (UE) to a position server through a router; receiving a random value which is transmitted by the position server by the user equipment through the router; and generating a temporary user identification by the user equipment according to a common key, the user identification of the UE, the random value and a pre-acquired identifier of the position server, wherein the common key corresponds with the user identification of the user equipment UE. The user privacy protecting method, the equipment and the system, according to the embodiment of the invention, are used for hiding the real ID of the user equipment.

Description

A kind of method, apparatus and system of privacy of user protection

Technical field

The present invention relates to communication network application technology, particularly relate to the method, apparatus and system of a kind of privacy of user protection.

Background technology

Along with network security more and more pay close attention to by the whole world, IP (Internet Protocol, Internet Protocol) safety of address, and the safety of user ID obtains and pays close attention to widely, wherein, because IP address is identifier (i.e. host identities mark) for a long time, be again finger URL (i.e. network location identifier), this makes transport layer thorough not with being separated of network layer.This makes conventional TCP/IP network cannot support main frame many hosts scene, i.e. multiple network interface cards of same main frame access network simultaneously, switches network interface card and can cause IP change, service disconnection.

In a mobile network, IP address code reassignment may be caused during fast mobile terminal, although under the same user of same terminal uses, but the four-tuple of transport layer (the local IP of <, far-end IP, local port, remote port >) but there occurs change, this will cause disconnecting and rebuild.If there is the scene of user's multiple devices, the service traffics of requirement need seamless switching between multiple devices, and traditional TCP/IP network cannot be supported.

In existing technical solution, at user identity agreement UIP(User Identity Protocol) the network architecture in, user identifier UserID is distributed by operator, forever constant; Device identifier DeviceID is distributed by equipment manufacturers or operator, and a UserID can associate multiple DeviceID; Finger URL Locator is generally IP address, and distributed by operator or user's appointment, a DeviceID can associate multiple Locator.Such as, but about network security, assailant probably will follow the tracks of the positional information of user according to user ID, and wherein because the user ID of some country may take certain coding rule, the prefix of its ID of user of different regions is different.Therefore assailant can according to its privacy information of the prefix guessing of user ID, such as geographical position.If assailant obtains its business of subscribing to according to user ID will obtain a large amount of privacy information of user, privacy of user safety and property safety are threatened.

Summary of the invention

The method, apparatus and system that embodiments of the invention provide a kind of privacy of user to protect, by utilizing random user ID to hide the true ID of user, solving the problem that privacy of user exposes, improving the sense of security that user network is experienced.

For achieving the above object, embodiments of the invention adopt following technical scheme:

First aspect, a kind of method of privacy of user protection, comprising:

User equipment (UE) sends login request message by router to location server, random value is generated when receiving the login request message of described UE to make described location server, and described random value is sent to described UE, the user ID of described UE is comprised in described login request message, to make described location server according to described random value, common key, the user ID of described UE and the identifier of described location server generate interim subscriber identity, and preserve described interim subscriber identity, the user ID of described UE, the corresponding relation of the mark of UE mark and described location server, to make the message comprising described interim subscriber identity of described location server transmission of UE according to described corresponding relation identification, described common key is corresponding with the user ID of described UE,

Described UE receives the described random value of described location server transmission by described router;

Described UE is according to described shared key, and the user ID of described UE, described random value and the identifier of described location server obtained in advance generate described interim subscriber identity, and described common key is corresponding with the user ID of described UE.

In conjunction with first aspect, specifically comprise in the implementation that the first is possible, the described random value that described UE receives the transmission of described location server by described router comprises:

Described UE receives the authentication request message of described location server transmission by described router, and described authentication request message comprises described random value.

In conjunction with first aspect, specifically comprise in the implementation that the second is possible, the described random value that described UE receives the transmission of described location server by described router comprises:

Described UE receives the registration reply message of described location server transmission by described router, and described registration reply message comprises described random value.

Second aspect, a kind of method of privacy of user protection, comprising:

Location server receives the login request message of user equipment (UE) transmission by router, the user ID of described UE is comprised in described login request message, wherein, when described location server receives the login request message of described UE transmission, described location server generates random value;

Described random value is sent to described UE by described router by described location server, to make described UE according to described shared key, the user ID of described UE, described random value and the identifier of described location server obtained in advance generate interim subscriber identity;

Described location server obtains common key according to the user ID of described UE, and according to described shared key, the user ID of described UE, the identifier of described random value and described location server generates described interim subscriber identity;

Described location server preserves described interim subscriber identity, the user ID of described UE, described UE identify and the corresponding relation of mark of described location server, and by the message comprising described interim subscriber identity that UE described in described corresponding relation identification sends.

In conjunction with second aspect, specifically comprise in the implementation that the first is possible, described random value sends to described UE to comprise by described router by described location server:

Described location server sends authentication request message by described router to described UE, described authentication request message comprises random value, to make described UE according to described shared key, the user ID of described UE, described random value and the identifier of described location server obtained in advance generate interim subscriber identity, and described common key is corresponding with the user ID of described UE.

In conjunction with second aspect, specifically comprise in the implementation that the second is possible, described random value sends to described UE to comprise by described router by described location server:

Described location server forwards registration reply message by described router to described UE, described registration reply message comprises random value, to make described UE according to described shared key, the user ID of described UE, described random value and the identifier of described location server obtained in advance generate interim subscriber identity, and described common key is corresponding with the user ID of described UE.

The third aspect, a kind of method of privacy of user protection, comprising:

User equipment (UE) sends login request message by router to location server, the user ID of described UE is comprised in described login request message, random value is generated when receiving the login request message of described UE to make described location server, and according to described random value, the user ID of described UE and the identifier of described location server generate interim subscriber identity, and preserve described interim subscriber identity, the user ID of described UE, the corresponding relation of the mark of UE mark and described location server, to make the message comprising described interim subscriber identity of described location server transmission of UE according to described corresponding relation identification,

Described UE receives described interim subscriber identity by described router.

In conjunction with the third aspect, specifically comprise in the implementation that the first is possible, described UE receives described interim subscriber identity by described router and comprises:

Described UE receives the registration reply message of described location server transmission by described router, and described registration reply message comprises described interim subscriber identity.

Fourth aspect, a kind of method of privacy of user protection, comprising:

Location server receives the login request message of user equipment (UE) transmission by router, the user ID of described UE is comprised in described login request message, wherein, when described location server receives the login request message of described user equipment (UE) transmission, described location server generates random value;

Described location server generates interim subscriber identity according to the identifier of the user ID of described random value, described UE and described location server;

Described location server preserves the corresponding relation of mark of described interim subscriber identity, the user ID of described UE, UE mark and described location server, to make the message comprising described interim subscriber identity of described location server transmission of UE according to described corresponding relation identification;

Described interim subscriber identity is forwarded to described UE by described router by described location server.

In conjunction with fourth aspect, specifically comprise in the first mode in the cards, described location server comprises according to the identifier generation interim subscriber identity of the user ID of described random value, described UE and described location server:

Described location server generates interim subscriber identity according to the identifier of the user ID of described random value, shared key, described UE and described location server, and described common key is corresponding with the user ID of described UE.

In conjunction with fourth aspect, specifically comprise in the second mode in the cards, described interim subscriber identity is forwarded to described UE by described router by described location server, comprising:

Described location server forwards registration reply message to described UE by described router, and described registration reply message comprises described interim subscriber identity.

5th aspect, a kind of subscriber equipment, comprising:

Communication unit, for sending login request message by router to location server, random value is generated when receiving the login request message of described UE to make described location server, and described random value is sent to described UE, the user ID of described UE is comprised in described login request message, to make described location server according to described random value, common key, the user ID of described UE and the identifier of described location server generate interim subscriber identity, and preserve described interim subscriber identity, the user ID of described UE, the corresponding relation of the mark of UE mark and described location server, to make the message comprising described interim subscriber identity of described location server transmission of UE according to described corresponding relation identification, described common key is corresponding with the user ID of described UE,

Described communication unit, also for being received the described random value that described location server sends by described router;

Generation unit, for according to described shared key, the user ID of described UE, described random value and the identifier of described location server obtained in advance generate described interim subscriber identity, and described common key is corresponding with the user ID of described UE.

In conjunction with the 5th aspect, specifically comprise in the first mode in the cards, described communication unit, specifically also for:

Received the authentication request message of described location server transmission by described router, described authentication request message comprises described random value.

In conjunction with the 5th aspect, specifically comprise in the implementation that the second is possible, described communication unit, specifically also for:

Received the registration reply message of described location server transmission by described router, described registration reply message comprises described random value.

6th aspect, a kind of location server, comprising:

Communication unit, for being received the login request message that user equipment (UE) sends by router, comprise the user ID of described UE in described login request message, wherein, when described location server receives the login request message of described UE transmission, described location server generates random value;

Described communication unit, also for described random value being sent to described UE by described router, to make described UE according to described shared key, the user ID of described UE, described random value and the identifier of described location server obtained in advance generate interim subscriber identity;

Generation unit, obtains common key for the user ID according to described UE, and according to described shared key, the user ID of described UE, the identifier of described random value and described location server generates described interim subscriber identity;

Memory cell, for preserving described interim subscriber identity that described generation unit generates, the user ID of described UE, described UE identify and the corresponding relation of mark of described location server, and by the message comprising described interim subscriber identity that UE described in described corresponding relation identification sends.

In conjunction with the 6th aspect, specifically comprise in the implementation that the first is possible, described communication unit, specifically also for:

Authentication request message is sent to described UE by described router, described authentication request message comprises random value, to make described UE according to described shared key, the user ID of described UE, described random value and the identifier of described location server obtained in advance generate interim subscriber identity, and described common key is corresponding with the user ID of described UE.

In conjunction with the 6th aspect, specifically comprise in the implementation that the second is possible, described communication unit, specifically also for:

Registration reply message is forwarded to described UE by described router, described registration reply message comprises random value, to make described UE according to described shared key, the user ID of described UE, described random value and the identifier of described location server obtained in advance generate interim subscriber identity, and described common key is corresponding with the user ID of described UE.

7th aspect, a kind of subscriber equipment, comprising:

Transmitting element, for sending login request message by router to location server, the user ID of described UE is comprised in described login request message, random value is generated when receiving the login request message of described UE to make described location server, and according to described random value, the user ID of described UE and the identifier of described location server generate interim subscriber identity, and preserve described interim subscriber identity, the user ID of described UE, the corresponding relation of the mark of UE mark and described location server, to make the message comprising described interim subscriber identity of described location server transmission of UE according to described corresponding relation identification,

Receiving element, for receiving described interim subscriber identity by described router.

In conjunction with the 7th aspect, specifically comprise in the first mode in the cards, described receiving element, specifically also for:

Received the registration reply message of described location server transmission by described router, described registration reply message comprises described interim subscriber identity.

Eighth aspect, a kind of location server, comprising:

Communication unit, for being received the login request message that user equipment (UE) sends by router, the user ID of described UE is comprised in described login request message, wherein, when described location server receives the login request message of described user equipment (UE) transmission, described location server generates random value;

Generation unit, for generating interim subscriber identity according to the user ID of described random value, described UE and the identifier of described location server;

Memory cell, for preserving the corresponding relation of mark of the described interim subscriber identity that described generation unit generates, the user ID of described UE, UE mark and described location server, to make the message comprising described interim subscriber identity of described location server transmission of UE according to described corresponding relation identification;

Described communication unit, the described interim subscriber identity also for being generated by described generation unit by described router is forwarded to described UE.

In conjunction with eighth aspect, specifically comprise in the first mode in the cards, described generation unit, specifically also for:

Generate interim subscriber identity according to the user ID of described random value, shared key, described UE and the identifier of described location server, described common key is corresponding with the user ID of described UE.

In conjunction with eighth aspect, specifically comprise in the implementation that the second is possible, described communication unit, specifically also for:

Forward registration reply message to described UE by described router, described registration reply message comprises described interim subscriber identity.

9th aspect, a kind of communication system, comprising: location server, router and the user equipment (UE) be connected with described router, wherein,

Described location server is the location server in the 6th aspect or the 6th aspect described in any one possible implementation;

Described user equipment (UE) is the subscriber equipment in the 5th aspect or the 5th aspect described in any one possible implementation;

Or,

Described location server is the location server in eighth aspect or eighth aspect described in any one possible implementation;

Described user equipment (UE) is the subscriber equipment in the 7th aspect or the 7th aspect described in any one possible implementation.

The method, apparatus and system of the privacy of user protection that the embodiment of the present invention provides; the user ID of subscriber equipment is sent to location server by login request message by user equipment (UE); and obtain described shared key according to the user ID of this UE; the user ID of subscriber equipment; the mark of the location server obtained in advance and shared key generate interim subscriber identity; the true ID of user is hidden by utilizing random user ID; solve the problem that privacy of user exposes, improve the sense of security that user network is experienced.

Accompanying drawing explanation

In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.

A kind of UIP(User Identity Protocol that Fig. 1 provides for the embodiment of the present invention, user identity agreement) network topology structure schematic diagram;

The schematic flow sheet of the method for a kind of privacy of user protection that Fig. 2 provides for the embodiment of the present invention;

The schematic flow sheet of the method for the another kind of privacy of user protection that Fig. 3 provides for the embodiment of the present invention;

The schematic flow sheet of the method for a kind of privacy of user protection that Fig. 4 provides for another embodiment of the present invention;

The schematic flow sheet of the method for the another kind of privacy of user protection that Fig. 5 provides for another embodiment of the present invention;

The schematic flow sheet of the method for a kind of privacy of user protection that Fig. 6 provides for further embodiment of this invention;

The schematic flow sheet of the method for the another kind of privacy of user protection that Fig. 7 provides for further embodiment of this invention;

The schematic flow sheet of the method for another privacy of user protection that Fig. 8 provides for further embodiment of this invention;

The structural representation of a kind of subscriber equipment that Fig. 9 provides for the embodiment of the present invention;

The structural representation of a kind of location server that Figure 10 provides for the embodiment of the present invention;

The structural representation of a kind of subscriber equipment that Figure 11 provides for another embodiment of the present invention;

The structural representation of a kind of location server that Figure 12 provides for another embodiment of the present invention;

The structural representation of a kind of subscriber equipment that Figure 13 provides for further embodiment of this invention;

The structural representation of a kind of location server that Figure 14 provides for further embodiment of this invention;

The structural representation of a kind of subscriber equipment that Figure 15 provides for yet another embodiment of the invention;

The structural representation of a kind of location server that Figure 16 provides for yet another embodiment of the invention;

The structural representation of a kind of communication system that Figure 17 provides for the embodiment of the present invention.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.

The present invention is applicable to user identity agreement UIP(User Identity Protocol) network architecture, wherein as shown in Figure 1, UIP network is made up of one or more UIP territory, a UIP territory is by a location server SLS(Subscriber Location Server), one or more territory router DR(Domain Router), one or more gateway GW(Gate Way) composition.Wherein, DR for preserving the mapping relations of the finger URL Locator of user ID UserID and this user, user data forwards and message address conversion, the DR in territory, between territory is interconnected.SLS is for preserving the mapping relations of user ID UserID and the current DR of user.UE is by wireless access network access UIP territory.And the invention provides the method for a kind of privacy of user protection, with reference to shown in Fig. 2, in user equipment side, concrete steps are as described below:

101, user equipment (UE) sends login request message by router to location server, to make this location server generate random value when receiving the login request message of UE, and this random value is sent to this UE.

Wherein, the user ID of described UE is comprised in login request message, to make described location server according to described random value, common key, the user ID of described UE and the identifier of described location server generate interim subscriber identity, and preserve described interim subscriber identity, the user ID of described UE, the corresponding relation of the mark of UE mark and described location server, to make the message comprising described interim subscriber identity of described location server transmission of UE according to described corresponding relation identification, described common key is corresponding with the user ID of described UE.

Here the method obtaining shared key can be certifiede-mail protocol AKA (Authentication and Key Agreement) or other cryptographic key negotiation methods.

Here user equipment (UE) (User Equipment) can pass through territory router DR(DomainRouter) forward login request message, by the essential information of UE itself, such as user ID UserID, device identifier Device ID and finger URL Locator are sent to subscriber location servers SLS(Subscriber Location Server) so that SLS obtains the essential information (i.e. underlying parameter) of UE according to the login request message of UE.

Wherein, login request message also comprises: the finger URL of device identifier and/or UE.

102, UE receives the random value of this location server transmission by router.

103, UE is according to shared key, the user ID of UE, and random value and the identifier of location server obtained in advance generate interim subscriber identity.

Wherein, this common key is corresponding with the user ID of described UE.

Here UE can according to the authentication request message received before consulting to obtain shared key SKey with SLS, obtain the random value nonce generated by SLS, and according to this nonce, the UserID of the SLS ID of the SLS obtained in advance, SKey and UE self generates interim subscriber identity TempUser ID;

Or,

After consulting to obtain shared key SKey with SLS, in the registration reply message of reception, obtain random value nonce, and generate interim subscriber identity TempUser ID according to the UserID of the SLS ID of this nonce, SLS, SKey and UE self;

Or,

Except UE self generates except TempUser ID according to the nonce that SLS sends, optionally, the interim subscriber identity TempUser ID that the registration reply message reception SLS that UE passes through to receive SLS transmission has generated.

The invention provides the method for a kind of privacy of user protection, with reference to shown in Fig. 3, at position server side, concrete steps are as described below:

201, location server receives the login request message of user equipment (UE) transmission by router.

Here comprise the user ID of this UE in login request message, wherein, when location server receives the login request message of UE transmission, location server generates random value.

Wherein, this login request message also comprises the finger URL Locator of user equipment identifiers Device ID and/or UE.

202, random value is sent to UE by router by location server, and to make this UE according to shared key, the user ID of UE, random value and the identifier of location server obtained in advance generate interim subscriber identity.

203, location server is according to this shared key, the user ID of UE, and the identifier of random value and location server generates interim subscriber identity.

Wherein, the method obtaining shared key can be certifiede-mail protocol AKA (Authentication and Key Agreement) or other cryptographic key negotiation methods.

Here subscriber location servers SLS(Subscriber Location Server) can according to before consulting to obtain shared key SKey with UE, the random value nonce that SLS generates, and according to this nonce, the UserID of the SLS ID of SLS self, SKey and UE generates interim subscriber identity TempUser ID;

Or,

After consulting to obtain shared key SKey with UE, SLS generates random value nonce, and SLS generates interim subscriber identity TempUser ID according to the UserID of the SLS ID of this nonce, SLS, SKey and UE self before the registration reply message of nonce is carried in transmission;

Or,

SLS is after the authentication response message receiving UE transmission, and SLS generates nonce, and generates TempUser ID according to nonce, by sending registration reply message, the TempUser ID of generation is sent to UE.

204, location server preserves the corresponding relation of mark of interim subscriber identity, the user ID of UE, UE mark and location server, and by the message comprising interim subscriber identity that this corresponding relation identification UE sends.

Wherein, optionally, what this SLS preserved is user ID User ID, the device identifier Device ID of interim subscriber identity TempUser ID and UE and the mapping relations of finger URL Locator.

The method of the privacy of user protection that the embodiment of the present invention provides; the user ID of subscriber equipment is sent to location server by login request message by user equipment (UE); and obtain described shared key according to the user ID of this UE; the user ID of subscriber equipment; the mark of the location server obtained in advance and shared key generate interim subscriber identity; by utilizing random user ID to hide the true ID of user, solving the problem that privacy of user exposes, improving the sense of security that user network is experienced.

The invention provides the method for another kind of privacy of user protection, with reference to shown in Fig. 4, in user equipment side, concrete steps are as described below:

301, user equipment (UE) sends login request message by router to location server.

Wherein, the user ID of described UE is comprised in login request message, random value is generated when receiving the login request message of described UE to make described location server, and generate interim subscriber identity according to the user ID of described random value, described UE and the identifier of described location server, and preserve the corresponding relation of mark of described interim subscriber identity, the user ID of described UE, UE mark and described location server, to make the message comprising described interim subscriber identity of described location server transmission of UE according to described corresponding relation identification.

302, UE receives interim subscriber identity by router.

Wherein, UE receives the registration reply message of described location server transmission by described router, and described registration reply message comprises described interim subscriber identity.

The invention provides the method for another kind of privacy of user protection, with reference to shown in Fig. 5, at position server side, concrete steps are as described below:

401, location server receives the login request message of user equipment (UE) transmission by router.

Here comprise the user ID of described UE in login request message, wherein, when described location server receives the login request message of described user equipment (UE) transmission, described location server generates random value.

402, location server generates interim subscriber identity according to the identifier of the user ID of random value, UE and location server.

403, location server preserves the corresponding relation of mark of this interim subscriber identity, the user ID of UE, UE mark and location server, to make this location server according to the message comprising interim subscriber identity of the transmission of this corresponding relation identification UE.

404, this interim subscriber identity is forwarded to UE by router by location server.

Wherein, location server forwards registration reply message to described UE by described router, and described registration reply message comprises described interim subscriber identity.

The method of the privacy of user protection that the embodiment of the present invention provides; location server generates interim subscriber identity according to the random value of stochastic generation; and carry interim subscriber identity by registration reply message and be sent to user equipment (UE) via router; and then by utilizing random user ID to hide the true ID of user; solve the problem that privacy of user exposes, improve the sense of security that user network is experienced.

Router in the embodiment of the present invention is with territory router DR, and location server is described for subscriber location servers SLS, is as the criterion, does not do concrete restriction with the method realizing the privacy of user protection that the embodiment of the present invention provides.

Concrete, be described below in conjunction with specific embodiment.

Embodiment one

Can on the basis of the embodiment shown in Fig. 2 or Fig. 3; with reference to shown in Fig. 6; The embodiment provides the method for a kind of privacy of user protection; with reference to shown in Fig. 6; for subscriber location servers SLS and user equipment (UE) generate shared key SKey through consultation; and according to SKey, SLS and or the ID of UE generate the process of interim subscriber identity TempUserID, concrete steps are as follows:

501, user equipment (UE) sends login request message by router to location server, generates random value, and this random value is sent to this UE to make changing location server when receiving the login request message of UE.

Optionally, login request message also comprises: the finger URL of device identifier and/or UE.

502, location server receives the login request message of user equipment (UE) transmission by router.

Here router DR in territory is for bearing the function forwarding Signalling exchange message between UE and SLS.

503, random value is sent to UE by router by location server, and to make this UE according to shared key, the user ID of UE, random value and the identifier of location server obtained in advance generate interim subscriber identity.

Wherein random value can represent with nonce.Be as the criterion with the method realizing a kind of privacy of user protection that the embodiment of the present invention provides, specifically do not limit.

Here location server carries random value in authentication request message, and is sent to UE by router.

504, UE receives the random value of this location server transmission by router.

Wherein UE receives the authentication request message of described location server transmission by described router, and described authentication request message comprises described random value.

505, UE sends authentication response message by router to location server according to this authentication request message.

506, location server receives the authentication response message that UE is sent by router.

507, location server is according to this shared key, the user ID of UE, and the identifier of random value and location server generates interim subscriber identity.

Here interim subscriber identity is for interim subscriber identity TempUser ID:

Wherein, the generation method of TempUser ID can be expressed as:

TempUser ID=KDF(SKey,UserID,SLS ID,nonce)

Namely interim subscriber identity TempUser ID is that SLS generates according to the nonce of the SKey consulting to obtain, the UserID of UE, SLS ID and SLS generation;

Wherein:

SKey is certain key shared of SLS and UE;

SLS ID(SLS identifies) be the ID of SLS, the such as identifier of UUID (Universally UniqueIdentifier) form;

Nonce is the random value that SLS produces.

508, UE is according to shared key, the user ID of UE, and random value and the identifier of location server obtained in advance generate interim subscriber identity.

Wherein, this common key is corresponding with the user ID of described UE.

Here UE is according to the random value nonce got in authentication request message, consults with SLS the SKey that obtains, and the UserID of ID and UE of the SLS obtained in advance self generates interim subscriber identity TempUser ID.

509, location server preserves the corresponding relation of mark of interim subscriber identity, the user ID of UE, UE mark and location server, and by the message comprising interim subscriber identity that this corresponding relation identification UE sends.

510, location server sends registration reply message by router to UE.

511, UE is by the registration reply message of router receiving position server transmission.

Embodiment two

Can on the basis of the embodiment shown in Fig. 2 or Fig. 3, with reference to shown in Fig. 7, The embodiment provides the method for a kind of privacy of user protection, with reference to shown in Fig. 7, for subscriber location servers SLS and user equipment (UE) generate shared key SKey through consultation, wherein after UE and SLS consults to generate SKey, SLS generates random value nonce, SLS is according to SKey, SLS and or the ID of UE generate interim subscriber identity TempUserID, forward registration reply message via DR again and nonce is sent to UE, so that UE generates the process of TempUserID according to nonce, concrete steps are as follows:

601 user equipment (UE)s send login request message by router to location server, generate random value, and this random value is sent to this UE to make changing location server when receiving the login request message of UE.

602, location server receives the login request message of user equipment (UE) transmission by router.

603, random value is sent to UE by router by location server, and to make this UE according to shared key, the user ID of UE, random value and the identifier of location server obtained in advance generate interim subscriber identity.

Location server sends authentication request message by router to UE.

Here whether random value nonce is not defined as in the authentication request message that SLS is sent to UE by DR for generating the random value nonce needed for TempUser ID.One that is can to regenerate for SLS for the random value nonce generating TempUser ID in the embodiment of the present invention with the difference in embodiment one new nonce, namely can not reuse the nonce in the authentication request message sent to UE in this step.

604, UE receives the random value of this location server transmission by router.

605, UE sends authentication response message by router to location server according to this authentication request message.

606, location server receives the authentication response message that UE is sent by router.

607, location server is according to this shared key, the user ID of UE, and the identifier of random value and location server generates interim subscriber identity.

Wherein, the generation method of TempUser ID can be expressed as:

TempUser ID=KDF(SKey,UserID,SLS ID,nonce)

Wherein:

SKey is certain key shared of SLS and UE;

Nonce is the random value that SLS produces.

608, random value is sent to UE by router by location server.

Wherein, registration reply message, also comprises: the random value nonce that SLS generates, so that UE generates described TempUser ID according to random value nonce.

Location server forwards registration reply message by described router to described UE, described registration reply message comprises random value, to make described UE according to described shared key, the user ID of described UE, described random value and the identifier of described location server obtained in advance generate interim subscriber identity, and described UE obtains described shared key according to the user ID of described UE.

609, location server preserves the corresponding relation of mark of interim subscriber identity, the user ID of UE, UE mark and location server, and by the message comprising interim subscriber identity that this corresponding relation identification UE sends.

Here concrete, what SLS preserved is user ID User ID, the device identifier Device ID of interim subscriber identity TempUser ID and UE and the mapping relations of finger URL Locator.

610, UE is by the random value of router receiving position server transmission.

Wherein, UE receives the registration reply message of described location server transmission by described router, and described registration reply message comprises described random value.

611, UE is according to shared key, the user ID of UE, and random value and the identifier of location server obtained in advance generate interim subscriber identity.

Wherein, UE obtains described shared key according to the user ID of described UE

The method of the privacy of user protection that the embodiment of the present invention provides; the user ID of subscriber equipment is sent to location server by login request message by user equipment (UE); and by consulting to obtain shared key with location server; again according to the user ID of subscriber equipment; the mark of the location server obtained in advance and shared key generate interim subscriber identity; the true ID of user is hidden by utilizing random user ID; solve the problem that privacy of user exposes, improve the sense of security that user network is experienced.

The difference of the embodiment of the present invention and embodiment one is that SLS is for generating the random value nonce of TempUser ID for after consulting to obtain shared key SKey with UE, and after generating TempUser ID, the random value nonce generating TempUser ID is sent to UE by registration reply message by DR.Wherein, be can be different from entrained nonce when sending authentication request message for generating the random value nonce of TempUser ID.

Embodiment three

Can on the basis of the embodiment shown in Fig. 4 or Fig. 5; with reference to shown in Fig. 8; The embodiment provides the method for a kind of privacy of user protection; with reference to shown in Fig. 8; for subscriber location servers SLS and user equipment (UE) generate shared key SKey through consultation, SLS generates interim subscriber identity TempUserID according to the ID of SKey, SLS and UE; forward the process of TempUserID to UE again via DR, concrete steps are as follows:

701, user equipment (UE) sends login request message by router to location server.

702, location server receives the login request message of user equipment (UE) transmission by router.

Wherein, comprise the user ID of described UE in login request message, wherein, when described location server receives the login request message of described user equipment (UE) transmission, described location server generates random value;

703, location server sends authentication request message by router to UE.

704, UE is by the authentication request message of router receiving position server transmission.

705, UE sends authentication response message by router to location server according to this authentication request message.

706, location server receives the authentication response message that UE is sent by router.

707, location server generates interim subscriber identity according to the identifier of the user ID of random value, UE and location server.

Wherein, this relevant parameter at least comprises described random value, the user ID of described UE and the identifier of described location server;

Optionally, this relevant parameter also comprises common key, and location server generates interim subscriber identity according to the identifier of the user ID of described random value, shared key, described UE and described location server.

Wherein, this location server obtains common key according to the user ID of described UE.

Here SLS can if embodiment one and the method described in embodiment two be according to the essential information of SKey, UE as mentioned above, and the identifier SLS ID of random value nonce and SLS generates interim subscriber identity TempUser ID.

In the present embodiment, SLS can also generate TempUser ID according to random value nonce.

708, location server preserves the corresponding relation of mark of interim subscriber identity, the user ID of UE, UE mark and location server, to make this location server according to the message comprising interim subscriber identity of the transmission of this corresponding relation identification UE.

709, interim subscriber identity is forwarded to UE by router by location server.

710, UE receives interim subscriber identity by router.

The invention provides a kind of user equipment (UE) 8, this user equipment (UE) 8 is as the criterion with the method that can realize arbitrary privacy of user protection that embodiments of the invention provide, and with reference to shown in Fig. 9, comprising:

Communication unit 81, for sending login request message by router to location server, random value is generated when receiving the login request message of described UE to make described location server, and described random value is sent to described UE, the user ID of described UE is comprised in described login request message, to make described location server according to described random value, common key, the user ID of described UE and the identifier of described location server generate interim subscriber identity, and preserve described interim subscriber identity, the user ID of described UE, the corresponding relation of the mark of UE mark and described location server, to make the message comprising described interim subscriber identity of described location server transmission of UE according to described corresponding relation identification, described common key is corresponding with the user ID of described UE,

Communication unit 81, also for being received the described random value that described location server sends by described router;

Generation unit 82, for according to described shared key, the user ID of described UE, described random value and the identifier of described location server obtained in advance generate described interim subscriber identity, and described common key is corresponding with the user ID of described UE.

The subscriber equipment that the embodiment of the present invention provides, the user ID of subscriber equipment is sent to location server by login request message by user equipment (UE), and obtain described shared key according to the user ID of this UE, the user ID of subscriber equipment, the mark of the location server obtained in advance and shared key generate interim subscriber identity, by utilizing random user ID to hide the true ID of user, solving the problem that privacy of user exposes, improving the sense of security that user network is experienced.

Optionally, communication unit 81, specifically also for: by described router receive described location server send authentication request message, described authentication request message comprises described random value.

Optionally, communication unit 81, specifically also for: by described router receive described location server send registration reply message, described registration reply message comprises described random value.

The invention provides a kind of location server SLS9, this location server SLS9 is as the criterion with the method that can realize arbitrary privacy of user protection that embodiments of the invention provide, and with reference to shown in Figure 10, comprising:

Communication unit 91, for being received the login request message that user equipment (UE) sends by router, comprise the user ID of described UE in described login request message, wherein, when described location server receives the login request message of described UE transmission, described location server generates random value;

Communication unit 91, also for described random value being sent to described UE by described router, to make described UE according to described shared key, the user ID of described UE, described random value and the identifier of described location server obtained in advance generate interim subscriber identity;

Generation unit 92, obtains common key for the user ID according to described UE, and according to described shared key, the user ID of described UE, the identifier of described random value and described location server generates described interim subscriber identity;

Memory cell 93, for preserving described interim subscriber identity that described generation unit generates, the user ID of described UE, described UE identify and the corresponding relation of mark of described location server, and by the message comprising described interim subscriber identity that UE described in described corresponding relation identification sends.

The location server that the embodiment of the present invention provides, the user ID of subscriber equipment is sent to location server by login request message by user equipment (UE), and obtain described shared key according to the user ID of this UE, the user ID of subscriber equipment, the mark of the location server obtained in advance and shared key generate interim subscriber identity, by utilizing random user ID to hide the true ID of user, solving the problem that privacy of user exposes, improving the sense of security that user network is experienced.

Optionally, communication unit 91, concrete also for: send authentication request message by described router to described UE, described authentication request message comprises random value, to make described UE according to described shared key, the user ID of described UE, described random value and the identifier of described location server obtained in advance generate interim subscriber identity, and described common key is corresponding with the user ID of described UE.

Optionally, communication unit 91, concrete also for: forward registration reply message by described router to described UE, described registration reply message comprises random value, to make described UE according to described shared key, the user ID of described UE, described random value and the identifier of described location server obtained in advance generate interim subscriber identity, and described common key is corresponding with the user ID of described UE.

The invention provides a kind of user equipment (UE) 10, this user equipment (UE) 10 is as the criterion with the method that can realize arbitrary privacy of user protection that embodiments of the invention provide, and with reference to shown in Figure 11, comprising:

Transmitting element 1001, for sending login request message by router to location server, the user ID of described UE is comprised in described login request message, random value is generated when receiving the login request message of described UE to make described location server, and according to described random value, the user ID of described UE and the identifier of described location server generate interim subscriber identity, and preserve described interim subscriber identity, the user ID of described UE, the corresponding relation of the mark of UE mark and described location server, to make the message comprising described interim subscriber identity of described location server transmission of UE according to described corresponding relation identification,

Receiving element 1002, for receiving described interim subscriber identity by described router.

Further, receiving element 1002, specifically also for: by described router receive described location server send registration reply message, described registration reply message comprises described interim subscriber identity.

The subscriber equipment that the embodiment of the present invention provides, location server generates interim subscriber identity according to the random value of stochastic generation, and carry interim subscriber identity by registration reply message and be sent to user equipment (UE) via router, and then by utilizing random user ID to hide the true ID of user, solve the problem that privacy of user exposes, improve the sense of security that user network is experienced.

The invention provides a kind of location server SLS11, this location server SLS11 is as the criterion with the method that can realize arbitrary privacy of user protection that embodiments of the invention provide, and with reference to shown in Figure 12, comprising:

Communication unit 1101, for being received the login request message that user equipment (UE) sends by router, the user ID of described UE is comprised in described login request message, wherein, when described location server receives the login request message of described user equipment (UE) transmission, described location server generates random value;

Generation unit 1102, for generating interim subscriber identity according to the user ID of described random value, described UE and the identifier of described location server;

Memory cell 1103, for preserving the corresponding relation of mark of the described interim subscriber identity that described generation unit generates, the user ID of described UE, UE mark and described location server, to make the message comprising described interim subscriber identity of described location server transmission of UE according to described corresponding relation identification;

Communication unit 1101, the described interim subscriber identity also for being generated by described generation unit by described router is forwarded to described UE.

Optionally, generation unit 1102, specifically also for: the identifier according to the user ID of described random value, shared key, described UE and described location server generates interim subscriber identity, and described common key is corresponding with the user ID of described UE.

Optionally, communication unit 1101, specifically also for: forward registration reply message to described UE by described router, described registration reply message comprises described interim subscriber identity.

The location server that the embodiment of the present invention provides, location server generates interim subscriber identity according to the random value of stochastic generation, and carry interim subscriber identity by registration reply message and be sent to user equipment (UE) via router, and then by utilizing random user ID to hide the true ID of user, solve the problem that privacy of user exposes, improve the sense of security that user network is experienced.

Embodiments of the invention provide a kind of user equipment (UE) 12, with reference to shown in Figure 13, this user equipment (UE) 12 comprises: at least one processor 1201, memory 1202, communication port 1203 and bus 1204, and this at least one processor 1201, memory 1202 and communication interface 1203 are connected by bus 1204 and complete mutual communication.

This bus 1204 can be industry standard architecture (Industry StandardArchitecture, referred to as ISA) bus, peripheral component interconnect (Peripheral Component, referred to as PCI) bus or extended industry-standard architecture (Extended Industry StandardArchitecture, referred to as EISA) bus etc.This bus 1304 can be divided into address bus, data/address bus, control bus etc.For ease of representing, only representing with a thick line in Figure 13, but not representing the bus only having a bus or a type.Wherein:

Memory 1202 is for stores executable programs code, and this program code comprises computer-managed instruction.Memory 1202 may comprise high-speed RAM (Random Access Memory, random asccess memory), still may comprise nonvolatile memory (non-volatile memory), such as at least one magnetic disc store.

Processor 1201 may be a central processing unit (Central Processing Unit, referred to as CPU), or specific integrated circuit (Application Specific IntegratedCircuit, referred to as ASIC), or be configured to the one or more integrated circuits implementing the embodiment of the present invention.

Communication interface 1203, is mainly used in realizing the communication between the device in the present embodiment.

Wherein, processor 1201, for sending login request message by router to location server by least one communication interface 1203, random value is generated when receiving the login request message of described UE to make described location server, and described random value is sent to described UE, the user ID of described UE is comprised in described login request message, to make described location server according to described random value, common key, the user ID of described UE and the identifier of described location server generate interim subscriber identity, and preserve described interim subscriber identity, the user ID of described UE, the corresponding relation of the mark of UE mark and described location server, to make the message comprising described interim subscriber identity of described location server transmission of UE according to described corresponding relation identification, described common key is corresponding with the user ID of described UE,

Processor 1201, also for being received the described random value of described location server transmission by described router by least one communication interface 1203;

Processor 1201, also for according to described shared key, the user ID of described UE, described random value and the identifier of described location server obtained in advance generate described interim subscriber identity, and described common key is corresponding with the user ID of described UE.

Optionally, processor 1201, specifically also for: by least one communication interface 1203 by described router receive described location server send authentication request message, described authentication request message comprises described random value.

Optionally, processor 1201, specifically also for: by least one communication interface 1203 by described router receive described location server send registration reply message, described registration reply message comprises described random value.

Embodiments of the invention provide a kind of location server SLS13, with reference to shown in Figure 14, this location server SLS13 comprises: at least one processor 1301, memory 1302, communication port 1303 and bus 1304, and this at least one processor 1301, memory 1302 and communication interface 1303 are connected by bus 1304 and complete mutual communication.

This bus 1304 can be industry standard architecture (Industry StandardArchitecture, referred to as ISA) bus, peripheral component interconnect (Peripheral Component, referred to as PCI) bus or extended industry-standard architecture (Extended Industry StandardArchitecture, referred to as EISA) bus etc.This bus 1304 can be divided into address bus, data/address bus, control bus etc.For ease of representing, only representing with a thick line in Figure 14, but not representing the bus only having a bus or a type.Wherein:

Memory 1302 is for stores executable programs code, and this program code comprises computer-managed instruction.Memory 1302 may comprise high-speed RAM memory, still may comprise nonvolatile memory (non-volatile memory), such as at least one magnetic disc store.

Processor 1301 may be a central processing unit (Central Processing Unit, referred to as CPU), or specific integrated circuit (Application Specific IntegratedCircuit, referred to as ASIC), or be configured to the one or more integrated circuits implementing the embodiment of the present invention.

Communication interface 1303, is mainly used in realizing the communication between the device in the present embodiment.

Wherein, processor 1301, for being received the login request message of user equipment (UE) transmission by router by least one communication interface 1303, the user ID of described UE is comprised in described login request message, wherein, when described location server receives the login request message of described UE transmission, described location server generates random value;

Processor 1301, also for described random value being sent to described UE by least one communication interface 1303 by described router, to make described UE according to described shared key, the user ID of described UE, described random value and the identifier of described location server obtained in advance generate interim subscriber identity;

Processor 1301, also obtains common key for the user ID according to described UE, and according to described shared key, the user ID of described UE, the identifier of described random value and described location server generates described interim subscriber identity;

Memory 1302, for preserving described interim subscriber identity that described generation unit generates, the user ID of described UE, described UE identify and the corresponding relation of mark of described location server, and by the message comprising described interim subscriber identity that UE described in described corresponding relation identification sends.

Optionally, processor 1301, concrete also for: by least one communication interface 1303 by described router to described UE transmission authentication request message, described authentication request message comprises random value, to make described UE according to described shared key, the user ID of described UE, described random value and the identifier of described location server obtained in advance generate interim subscriber identity, and described common key is corresponding with the user ID of described UE.

Optionally, processor 1301, concrete also for: forward registration reply message by described router to described UE by least one communication interface 1303, described registration reply message comprises random value, to make described UE according to described shared key, the user ID of described UE, described random value and the identifier of described location server obtained in advance generate interim subscriber identity, and described common key is corresponding with the user ID of described UE.

Embodiments of the invention provide a kind of user equipment (UE) 14, with reference to shown in Figure 15, this user equipment (UE) 14 comprises: at least one processor 1401, memory 1402, communication port 1403 and bus 1404, and this at least one processor 1401, memory 1402 and communication interface 1403 are connected by bus 1404 and complete mutual communication.

This bus 1404 can be industry standard architecture (Industry StandardArchitecture, referred to as ISA) bus, peripheral component interconnect (Peripheral Component, referred to as PCI) bus or extended industry-standard architecture (Extended Industry StandardArchitecture, referred to as EISA) bus etc.This bus 1404 can be divided into address bus, data/address bus, control bus etc.For ease of representing, only representing with a thick line in Figure 15, but not representing the bus only having a bus or a type.Wherein:

Memory 1402 is for stores executable programs code, and this program code comprises computer-managed instruction.Memory 1402 may comprise high-speed RAM memory, still may comprise nonvolatile memory (non-volatile memory), such as at least one magnetic disc store.

Processor 1401 may be a central processing unit (Central Processing Unit, referred to as CPU), or specific integrated circuit (Application Specific IntegratedCircuit, referred to as ASIC), or be configured to the one or more integrated circuits implementing the embodiment of the present invention.

Communication interface 1403, is mainly used in realizing the communication between the device in the present embodiment.

Wherein, processor 1401, for sending login request message by router to location server by least one communication interface 1403, the user ID of described UE is comprised in described login request message, random value is generated when receiving the login request message of described UE to make described location server, and according to described random value, the user ID of described UE and the identifier of described location server generate interim subscriber identity, and preserve described interim subscriber identity, the user ID of described UE, the corresponding relation of the mark of UE mark and described location server, to make the message comprising described interim subscriber identity of described location server transmission of UE according to described corresponding relation identification,

Processor 1401, also for receiving described interim subscriber identity by least one communication interface 1403 by described router.

Further, processor 1401, specifically also for being received the registration reply message of described location server transmission by described router by least one communication interface 1403, described registration reply message comprises described interim subscriber identity.

Embodiments of the invention provide a kind of location server SLS15, with reference to shown in Figure 16, this location server SLS15 comprises: at least one processor 1501, memory 1502, communication port 1503 and bus 1504, and this at least one processor 1501, memory 1502 and communication interface 1503 are connected by bus 1504 and complete mutual communication.

This bus 1504 can be industry standard architecture (Industry StandardArchitecture, referred to as ISA) bus, peripheral component interconnect (Peripheral Component, referred to as PCI) bus or extended industry-standard architecture (Extended Industry StandardArchitecture, referred to as EISA) bus etc.This bus 1504 can be divided into address bus, data/address bus, control bus etc.For ease of representing, only representing with a thick line in Figure 16, but not representing the bus only having a bus or a type.Wherein:

Memory 1502 is for stores executable programs code, and this program code comprises computer-managed instruction.Memory 1502 may comprise high-speed RAM memory, still may comprise nonvolatile memory (non-volatile memory), such as at least one magnetic disc store.

Processor 1501 may be a central processing unit (Central Processing Unit, referred to as CPU), or specific integrated circuit (Application Specific IntegratedCircuit, referred to as ASIC), or be configured to the one or more integrated circuits implementing the embodiment of the present invention.

Communication interface 1503, is mainly used in realizing the communication between the device in the present embodiment.

Wherein, processor 1501, for being received the login request message of user equipment (UE) transmission by router by least one communication interface 1503, the user ID of described UE is comprised in described login request message, wherein, when described location server receives the login request message of described user equipment (UE) transmission, described location server generates random value;

Processor 1501, also for generating interim subscriber identity according to the user ID of described random value, described UE and the identifier of described location server;

Memory 1502, for preserving the corresponding relation of mark of the described interim subscriber identity that described generation unit generates, the user ID of described UE, UE mark and described location server, to make the message comprising described interim subscriber identity of described location server transmission of UE according to described corresponding relation identification;

Processor 1501, the described interim subscriber identity also for being generated by described generation unit by described router by least one communication interface 1503 is forwarded to described UE.

Optionally, processor 1501, specifically also for: the identifier according to the user ID of described random value, shared key, described UE and described location server generates interim subscriber identity, and described common key is corresponding with the user ID of described UE.

Optionally, processor 1501, specifically also for: forward registration reply message to described UE by least one communication interface 1503 by described router, described registration reply message comprises described interim subscriber identity.

Embodiments of the invention provide a kind of communication system 16, with reference to shown in Figure 17, comprising: location server SLS1601, territory router DR1602 and the user equipment (UE) 1603 be connected with DR, wherein,

This location server SLS1601 is the location server SLS shown in Figure 10;

This user equipment (UE) 1603 is the user equipment (UE) shown in Fig. 9;

Or,

This location server SLS1601 is the location server SLS shown in Figure 12;

This user equipment (UE) 1603 is the user equipment (UE) shown in Figure 11;

Or,

This location server SLS1601 is the location server SLS shown in Figure 14;

This user equipment (UE) 1603 is the user equipment (UE) shown in Figure 13;

Or,

This location server SLS1601 is the location server SLS shown in Figure 16;

This user equipment (UE) 1603 is the user equipment (UE) shown in Figure 15.

The communication system that the embodiment of the present invention provides, the user ID of subscriber equipment is sent to location server by login request message by user equipment (UE), and obtain described shared key according to the user ID of this UE, the user ID of subscriber equipment, the mark of the location server obtained in advance and shared key generate interim subscriber identity, by utilizing random user ID to hide the true ID of user, solving the problem that privacy of user exposes, improving the sense of security that user network is experienced.

Through the above description of the embodiments, those skilled in the art can be well understood to the present invention can use hardware implementing, or firmware realizes, or their compound mode realizes.When implemented in software, above-mentioned functions can be stored in computer-readable medium or as the one or more instruction on computer-readable medium or code and transmit.Computer-readable medium comprises computer-readable storage medium and communication media, and wherein communication media comprises any medium being convenient to transmit computer program from a place to another place.Storage medium can be any usable medium that computer can access.As example but be not limited to: computer-readable medium can comprise RAM, ROM(Read Only Memory, read-only memory) or other optical disc storage, magnetic disk storage medium or other magnetic storage apparatus or can be used in carrying or storing the expectation with instruction or data structure form program code and can by any other medium of computer access.In addition.Any connection can be suitable become computer-readable medium.Such as, if software be use coaxial cable, optical fiber cable, twisted-pair feeder, Digital Subscriber Line (DSL) or such as infrared ray, radio and microwave and so on wireless technology from website, server or other remote source, so the wireless technology of coaxial cable, optical fiber cable, twisted-pair feeder, DSL or such as infrared ray, wireless and microwave and so on be included in affiliated medium fixing in.As used in the present invention, dish (Disk) and dish (disc) comprise compression laser disc (CD), laser dish, laser disc, Digital Versatile Disc (DVD), floppy disk and Blu-ray Disc, the copy data of the usual magnetic of its mid-game, dish then carrys out the copy data of optics with laser.Combination above also should be included within the protection range of computer-readable medium.

The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; change can be expected easily or replace, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should described be as the criterion with the protection range of claim.

Claims

1. a method for privacy of user protection, is characterized in that, comprising:

2. method according to claim 1, is characterized in that, the described random value that described UE receives the transmission of described location server by described router comprises:

3. method according to claim 1, is characterized in that, the described random value that described UE receives the transmission of described location server by described router comprises:

4. a way for privacy of user protection, is characterized in that, comprising:

5. method according to claim 4, is characterized in that, described random value sends to described UE to comprise by described router by described location server:

6. the method as requested described in 4, is characterized in that, described random value sends to described UE to comprise by described router by described location server:

7. a method for privacy of user protection, is characterized in that, comprising:

8. method according to claim 7, is characterized in that, described UE receives described interim subscriber identity by described router and comprises:

9. a method for privacy of user protection, is characterized in that, comprising:

10. method according to claim 9, is characterized in that, described location server comprises according to the identifier generation interim subscriber identity of the user ID of described random value, described UE and described location server:

11. methods according to claim 9, is characterized in that, described interim subscriber identity is forwarded to described UE by described router by described location server, comprising:

12. 1 kinds of subscriber equipmenies, is characterized in that, comprising:

13. subscriber equipmenies according to claim 12, is characterized in that, described communication unit, specifically also for:

14. subscriber equipmenies according to claim 12, is characterized in that, described communication unit, specifically also for:

15. 1 kinds of location servers, is characterized in that, comprising:

16. location servers according to claim 15, is characterized in that, described communication unit, specifically also for:

17. location servers according to claim 15, is characterized in that, described communication unit, specifically also for:

18. 1 kinds of subscriber equipmenies, is characterized in that, comprising:

19. subscriber equipmenies according to claim 18, is characterized in that, described receiving element, specifically also for:

20. 1 kinds of location servers, is characterized in that, comprising:

21. location servers according to claim 20, is characterized in that, described generation unit, specifically also for:

22. location servers according to claim 20, is characterized in that, described communication unit, specifically also for:

23. 1 kinds of communication systems, is characterized in that, comprising: location server, router and the user equipment (UE) be connected with described router, wherein,

Described location server is the location server described in claim 15 ~ 17;

Described user equipment (UE) is the subscriber equipment described in claim 12 ~ 14;

Or,

Described location server is the location server described in claim 20 ~ 22;

Described user equipment (UE) is the subscriber equipment described in claim 18 ~ 19.