CN107580324B - Method for protecting IMSI privacy of mobile communication system - Google Patents
Method for protecting IMSI privacy of mobile communication system Download PDFInfo
- Publication number
- CN107580324B CN107580324B CN201710866359.0A CN201710866359A CN107580324B CN 107580324 B CN107580324 B CN 107580324B CN 201710866359 A CN201710866359 A CN 201710866359A CN 107580324 B CN107580324 B CN 107580324B
- Authority
- CN
- China
- Prior art keywords
- imsi
- new
- information
- amf
- sends
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method for protecting IMSI privacy of a mobile communication system, wherein a functional entity comprises UE, an access and mobility management function AMF, a trusted UDM/AUSF, a trusted SMF and a trusted UPF, wherein the UE is used for executing IMSI change behaviors and initiating a network attachment request, and simultaneously, new security context negotiation is completed based on a new IMSI; the AMF is used for replacing IMSI information and related GUTI information in a CP mode or an UP mode and completing security context negotiation again based on the new IMSI; the UDM/AUSF is used for generating new IMSI information for the UE; the SMF is used for informing the trusted UPF to generate in-band IMSI change control information in the UP mode. The invention can increase the difficulty of an attacker in tracking a specific user or deducing the real identity of the user without violating the requirement of international legal monitoring, and can not introduce the consumption of extra IMSI identification space.
Description
Technical Field
The invention relates to a method for protecting IMSI privacy in a mobile communication system.
Background
Mobile communication systems have evolved from 2G to 4G and have now progressed to the research and standardization stage of 5G. The standardization of mobile communication systems is internationally dominated by international standards, all research reports and standard specifications of which are based on the assumption that operators of mobile communication systems in various countries and network elements within their jurisdiction are equally trusted.
With the theoretical research and the technical development of China in the field of mobile communication systems, national strategies of military and civil integration are gradually established, the mobile communication systems are not only facing common public users, and special industries with high safety requirements have more and more requirements on the development of high safety application based on the mobile communication systems, but a 5G network which is to be applied to vertical industries is provided at the beginning of design, so that the establishment of the military and civil integration strategy is just brought forward, and the national clearly provides that the military and civil integration is taken as an important requirement to be researched in 5G research.
However, under this background, the assumption of the international standard is no longer true for two reasons:
firstly, with the development of the 5G technology, the fusion of the ICT technology will make the originally closed mobile communication system open, various security risks of the internet will exist in the future mobile communication system, and the operator will be only one link in the whole mobile communication ecology, so that the security of the network in the jurisdiction of the operator is only relative to users in special industries.
Secondly, from the perspective of ownership, operators, especially foreign operators, have unequal trust relationships to users in special industries in China, and therefore the security of the operators and the network in the jurisdiction of the operators is only relative to the users in the special industries.
Therefore, the security model of the conventional mobile terminal-service network-home network-application system is evolved into a mobile terminal-service network-trusted network-application system, wherein the trusted network is a network under the jurisdiction of users in a special industry. As shown in fig. 1.
However, under this security model, neither the roaming architecture nor the non-roaming architecture specified by the current international standards can ensure that the mobile terminal UE can be directly attached to the network element of the trusted network in the jurisdiction of the user in the special industry during the attachment process, and the network element of the service network will become a necessary path for the mobile terminal to attach to the trusted network.
Under the framework of international standards, in order to ensure normal communication of a UE, a network element of a serving network is used as a termination point to which the UE is attached, AMF in 5G, MME in 4G, as a network element for mobility management, and various pieces of context information indexed by IMSI (international mobile subscriber identity, colloquially called permanent identity) are necessarily recorded thereon, such as MSISDN (mobile station ISDN number, colloquially called mobile phone number), GUTI (globally unique temporary identifier, colloquially called temporary identity), security context information (following key Kseaf, control plane key Kcp, user plane key Kup), AKA AV (bidirectional authentication vector), subscription information of the UE, TAI List (tracking area List) in an idle state of the UE, CGI (cell location information) in a session state of the UE, and NSSAI (network slice identifier). The information may not be important for common public users, but belongs to user privacy information for users in special industries, because the IMSI and the MSISDN and the IMSI and the GUTI are tightly coupled, by capturing one of the IMSI, MSISDN or GUTI information, it is possible to track a specific user or deduce the real identity of the user in real space of the UE, thereby creating conditions for further APT attacks.
Due to special security protection measures, even though the risk that the information recorded by the network element of the trusted network reveals the user privacy information is low, for the serving network (international standards allow no MSISDN information to be provided for the serving network, so that no special attention can be paid to the problem of capturing the MSISDN on the serving network), there is a risk that an attacker can track a specific user or deduce the real identity of the user in the real space corresponding to the UE by capturing the IMSI or GUTI information recorded on the AMF/MME of the serving network. Although IMSI encryption or false IMSI mechanisms can be used to solve this problem, the international standard specifies that the international lawful interception requirement requires the serving network to be able to identify the true identity of the subscriber without the assistance of the home network, i.e. even if IMSI encryption or false IMSI is used, the serving network still needs to maintain the mapping relationship between the true IMSI and the encrypted IMSI/false IMSI in order to meet the international lawful interception requirement. It can be seen that even if the UE completes network attachment by encrypting IMSI or false IMSI, the serving network still obtains and records real IMSI information from the home network, and there is still a risk of tracking a specific user or deriving the real identity of the user of the UE in real space by capturing IMSI or GUTI on the serving network, and in addition, a large amount of IMSI identification space, which is already limited, is wasted, because each UE actually consumes at least 2 IMSI identifications (one is real IMSI, and the other is encrypted/IMSI or false IMSI).
Therefore, there is an urgent need to solve the privacy protection problem of IMSI in the application of mobile communication system for users in special industry without introducing extra IMSI identity space consumption, but without violating the international lawful interception requirement.
Disclosure of Invention
In order to overcome the above disadvantages of the prior art, the present invention provides a method for protecting IMSI privacy in a mobile communication system, which can not only increase the difficulty of an attacker tracking a specific user or deducing the real identity of the user of the UE in the real space by capturing IMSI or GUTI, but also avoid violating the requirement of lawful interception internationally, and at the same time, avoid introducing the consumption of extra IMSI identification space, so as to meet the requirement of users in special industries on user privacy protection by realizing the dual decoupling effect between IMSI and MSISDN and between IMSI and GUTI.
The technical scheme adopted by the invention for solving the technical problems is as follows: a method for protecting IMSI privacy of a mobile communication system, wherein a functional entity comprises a mobile terminal UE, an access and mobility management function AMF, a trusted unified data management/authentication service function UDM/AUSF, a trusted session management function SMF and a trusted user plane function UPF, wherein: the mobile terminal UE is used for executing IMSI change behavior and initiating a network attachment request, and simultaneously completing new security context negotiation based on the new IMSI; the access and mobility management function AMF is used for replacing IMSI information and GUTI information related to the IMSI information in a CP mode or an UP mode and completing security context negotiation again based on the new IMSI; the credible unified data management/authentication service function UDM/AUSF is used for generating new IMSI information for the UE; the trusted session management function SMF is configured to notify the trusted user plane function UPF to generate in-band IMSI change control information in the UP mode.
Compared with the prior art, the invention has the following positive effects:
the invention adopts a method for protecting IMSI privacy in a mobile communication system, so that a special industry user with high security requirement can achieve the aim of protecting IMSI privacy in a mode of not changing an international standard architecture, slightly changing (CP mode) or not changing (UP mode) an international standard flow and not increasing the requirement (CP mode) or not increasing the requirement (UP mode) on a standard network element. The dual decoupling between the IMSI and the MSISDN as well as between the IMSI and the GUTI is realized, the difficulty of tracking a specific user or deducing the identity of the user in a real space by an attacker through capturing the IMSI is increased by changing the IMSI, and the IMSIs are all the true IMSIs for a service network because the IMSI of the UE is changed to be randomly distributed based on a true IMSI pool, so that the international legal monitoring requirement is not violated, and the consumption of additional IMSI identification space is not introduced. The method has wide application range, and is not only suitable for 5G networks, but also suitable for 4G networks and future mobile communication systems taking IMSI as permanent identity. The method can meet the privacy protection requirement when the users in special industries use the public infrastructure of the mobile communication system to develop high-security applications, and meet the national military and civil integration strategy.
Drawings
The invention will now be described, by way of example, with reference to the accompanying drawings, in which:
fig. 1 is a schematic diagram illustrating the functional entity components of a conventional mobile communication system;
FIG. 2 is a functional entity block diagram of a mobile communication system according to the present invention;
fig. 3 is a diagram illustrating a CP-mode IMSI update process;
fig. 4 is a diagram illustrating an UP IMSI update procedure.
Detailed Description
The method of the invention follows the standard architecture of international standard, the functional entities include mobile terminal UE, radio access network RAN, access and mobility management function AMF, credible unified data management/authentication service function UDM/AUSF, credible network slice (credible session management function SMF, credible user plane function UPF) and application system, as shown in figure 2:
the mobile terminal UE is configured to perform an IMSI change behavior and initiate a network attach request, and complete a new security context negotiation based on the new IMSI.
The serving AMF/MME is used for actively (CP mode) or passively (UP mode) replacing the IMSI information and the related GUTI information, and completing the security context negotiation again based on the new IMSI.
And the trusted UDM/AUSF/HSS is used for generating new IMSI information for the UE according to a certain policy.
And the trusted SMF/SGW is used for informing the UPF/PGW to generate in-band IMSI change control information in the case of the UP mode.
The trusted UPF/PGW is used to generate in-band IMSI change control information.
Aiming at the problem that the real IMSI of the UE is difficult to hide in a service network in the prior art, the invention provides a method for protecting the IMSI privacy of a mobile communication system, so as to solve the privacy protection problem of the IMSI on the premise of not violating the international legal monitoring requirement.
The method comprises two conditions, one is that a network element UDM/AUSF/HSS which maintains UE subscription information or provides authentication generates new IMSI information for UE according to a certain policy, replaces the former old IMSI of the UE, then the network element which maintains the UE subscription information or provides authentication informs AMF/MME to execute the action of changing IMSI of the UE through a CP (control plane) mechanism, and simultaneously generates new GUTI information for the new IMSI, and then the AMF/MME informs the UE to change IMSI and GUTI. And secondly, a network element UDM/AUSF/HSS which maintains UE subscription information or provides authentication generates new IMSI information for the UE according to a certain strategy, replaces the former old IMSI of the UE, then the network element which maintains the UE subscription information or provides authentication informs the UE to execute an IMSI changing action through an UP (user plane) mechanism, simultaneously deletes GUTI information related to the old IMSI, then the UE carries the new IMSI to initiate a network attachment process again, and establishes various context information by using the new IMSI in the AMF/MME, thereby achieving the effect of changing the IMSI on the AMF/MME.
Firstly, for the IMSI changing process of the CP mode:
firstly, UDM/AUSF generates new IMSI of UE, and sends IMSI UPDATE REQUEST message to AMF, wherein the message carries new IMSI information.
After receiving the IMSI UPDATE REQUEST, the AMF UPDATEs the IMSI of the UE, deletes the GUTI information associated with the old IMSI, generates associated GUTI information based on the new IMSI, and then sends an IMSI UPDATE REQUEST message to the UE, wherein the GUTI information is associated with the new IMSI and the new IMSI.
And after receiving the IMSI UPDATE REQUEST message, the UE executes IMSI changing action, deletes the GUTI associated with the old IMSI, records the GUTI associated with the new IMSI, and sends an IMSI UPDATE ACCEPT message to the AMF.
And after receiving the IMSI UPDATE ACCEPT message, the AMF sends the IMSI UPDATE ACCEPT message to the UDM/AUSF, generates new NAS integrity and confidentiality protection keys Knasi and Knase based on the root key Kseaf, and re-initiates a security context negotiation action to the UE.
The UE generates new Knase, Knasi, Krrce, Krrci, Kupe and Kupi with AMF according to the standard security context negotiation flow.
The specific modification process is shown in fig. 3, and includes the following steps:
step S101, the UDM/AUSF/HSS generates new IMSI information for the UE according to a certain policy, and replaces the former old IMSI of the UE;
step S102, UDM/AUSF/HSS sends IMSI change request of UE to AMF/MME;
step S103, AMF/MME executes IMSI change of the UE, replaces the old IMSI of the UE, deletes the GUTI associated with the old IMSI and generates a new GUTI for the new IMSI;
step S104, the AMF/MME sends an IMSI change request to the UE, and the GUTI carrying the new IMSI is carried;
step S105, the UE executes the IMSI changing action and records the GUTI of the new IMSI;
step S106, after the UE completes the IMSI change, the UE sends an IMSI change confirmation message to the AMF/MME/MSC;
step S107, AMF/MME sends IMSI change confirmation message to UDM/AUSF/HSS;
step S108, the AMF/MME and the UE complete the security context negotiation based on the new IMSI.
Secondly, for the IMSI changing process of the UP mode:
firstly, UDM/AUSF generates new IMSI of UE, and sends IMSI UPDATE REQUEST message to SMF, wherein the message carries new IMSI information.
After receiving the IMSI UPDATE REQUEST, the SMF sends an IMSI UPDATE REQUEST message to the UPF, wherein the IMSI UPDATE REQUEST message carries new IMSI information.
UPF sends IMSI UPDATE REQUEST message to UE through in-band control information in user plane, wherein the message carries new IMSI information.
After receiving the IMSI UPDATE REQUEST message, the UE executes an IMSI change action, deletes the GUTI associated with the old IMSI, and initiates a network ATTACH procedure ATTACH REQUEST to the AMF, where the new IMSI information is carried.
And the AMF records the new IMSI of the UE and carries out subsequent actions according to a standard network attachment flow.
The specific modification process is shown in fig. 4, and includes the following steps:
step S101, the UDM/AUSF/HSS generates new IMSI information for the UE according to a certain policy, and replaces the former old IMSI of the UE;
step S102, the UDM/AUSF/HSS sends an IMSI change request to the SMF/SGW;
step S103, the SMF/SGW sends an IMSI change request to the UPF/PGW;
step S104, UPF/PGW sends IMSI change request to UE through in-band control information in UP;
step S105, the UE executes the IMSI changing action and deletes the GUTI associated with the old IMSI;
step S106, UE sends IMSI change confirmation message to UPF/PGW;
step S107, the UPF/PGW sends an IMSI change confirmation message to the SMF/SGW;
step S108, SMF/SGW sends IMSI change confirmation message to UDM/AUSF/HSS;
step S109, after the UE completes the IMSI change action, the UE carries the new IMSI to initiate a network attachment process to the AMF/MME again;
in step S110, the AMF/MME establishes various context information with the new IMSI, and does not know that the UE has changed IMSI information.
In the UP IMSI change procedure, AMF only passively completes IMSI change behavior, and does not know that UE performs IMSI change processing, and AMF is an attach of a new UE.
By adopting the technical scheme, the beneficial effects of the invention are embodied in four aspects: firstly, double decoupling between the IMSI and the MSISDN and between the IMSI and the GUTI is realized, the difficulty of tracking a specific user or deducing the identity of the user in a real space by capturing the IMSI by an attacker is increased by changing the IMSI, and the IMSI of the UE is the true IMSI for a service network because the IMSI of the UE is changed to be randomly distributed based on a true IMSI pool, so that the requirement of lawful interception in the world is not violated. Secondly, the CP mode has little change to the standard flow and has little requirement on the network element of the service network; the UP mode does not change the standard flow and does not require the network element of the service network. Thirdly, no extra IMSI identity space is consumed, and each UE still consumes only 1 IMSI identity. Fourthly, the method has wide application range, is not only suitable for 5G networks, but also suitable for 4G networks and future mobile communication systems taking IMSI as permanent identity.
Claims (3)
1. A method for IMSI privacy protection in a mobile communication system, characterized by: the system comprises functional entities such as a mobile terminal UE, an access and mobility management function AMF, a trusted unified data management/authentication service function UDM/AUSF, a trusted session management function SMF and a trusted user plane function UPF, wherein: the mobile terminal UE is used for executing permanent identity IMSI change behavior and initiating a network attachment request, and simultaneously completing new security context negotiation based on the new IMSI; the access and mobility management function AMF is used for replacing IMSI information and associated temporary identity identifier GUTI information in a control plane CP mode or a user plane UP mode, and completing security context negotiation again based on the new IMSI; the credible unified data management/authentication service function UDM/AUSF is used for generating new IMSI information for the UE; the trusted session management function SMF is configured to notify the trusted user plane function UPF to generate in-band IMSI change control information in the UP mode, where:
1) the changing process of the IMSI information in the CP mode comprises the following steps:
(1) the UDM/AUSF generates a new IMSI to replace the old IMSI, and sends a change request carrying the new IMSI to the AMF;
(2) AMF updates IMSI, deletes GUTI information associated with old IMSI, generates associated GUTI information based on new IMSI, and sends change request carrying new IMSI and associated GUTI information to UE;
(3) the UE executes the IMSI changing action, deletes the GUTI associated with the old IMSI, records the GUTI associated with the new IMSI, and sends an IMSI changing confirmation message to the AMF;
(4) AMF sends IMSI change confirmation message to UDM/AUSF, and completes security context negotiation with UE based on new IMSI;
2) the changing process of the IMSI information in the UP mode comprises the following steps:
(1) the UDM/AUSF generates a new IMSI and sends a change request carrying the new IMSI to the SMF;
(2) SMF sends a change request carrying a new IMSI to UPF;
(3) UPF sends a change request carrying new IMSI to UE through in-band control information in a user plane;
(4) the UE executes the IMSI changing action, deletes the GUTI associated with the old IMSI and initiates a network attachment request carrying the new IMSI to the AMF;
(5) and the AMF records the new IMSI and performs subsequent actions according to the network attachment flow.
2. A method for IMSI privacy protection in a mobile communication system according to claim 1, characterized in that: and the UE generates a new confidentiality protection key Knase and an integrity protection key Knasi of the NAS signaling, a confidentiality protection key Krrce and an integrity protection key Krrci of the RRC, and a confidentiality protection key Kupe and an integrity protection key Kupi of the service data according to the security context negotiation flow and the AMF.
3. A method for IMSI privacy protection in a mobile communication system according to claim 1, characterized in that: the process of the UE executing the IMSI changing action comprises the following steps: UE sends IMSI change confirmation message to UPF; UPF sends IMSI change confirmation message to SMF; and the SMF sends an IMSI change confirmation message to the UDM/AUSF.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710866359.0A CN107580324B (en) | 2017-09-22 | 2017-09-22 | Method for protecting IMSI privacy of mobile communication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710866359.0A CN107580324B (en) | 2017-09-22 | 2017-09-22 | Method for protecting IMSI privacy of mobile communication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107580324A CN107580324A (en) | 2018-01-12 |
| CN107580324B true CN107580324B (en) | 2020-05-08 |
Family
ID=61038731
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710866359.0A Active CN107580324B (en) | 2017-09-22 | 2017-09-22 | Method for protecting IMSI privacy of mobile communication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107580324B (en) |
Families Citing this family (36)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109587745A (en) * | 2017-09-29 | 2019-04-05 | 华为技术有限公司 | Cut-in method, equipment and system |
| CN110049503B (en) * | 2018-01-15 | 2022-07-15 | 中国移动通信有限公司研究院 | Method and equipment for acquiring data |
| CN110062381B (en) * | 2018-01-18 | 2020-11-17 | 华为技术有限公司 | Method and device for obtaining user identification |
| CN108307380B (en) * | 2018-01-26 | 2021-05-07 | 中国电子科技集团公司电子科学研究院 | Mobile user position privacy protection method and mobile gateway |
| KR102389867B1 (en) * | 2018-01-30 | 2022-04-22 | 삼성전자주식회사 | Method, apparatus and system for establishing a session for comunication with a local network in wireless communication system |
| CN110167013B (en) * | 2018-02-13 | 2020-10-27 | 华为技术有限公司 | Communication method and device |
| CN116017772A (en) * | 2018-02-13 | 2023-04-25 | 华为技术有限公司 | Communication method and communication device |
| CN110166414B (en) * | 2018-02-14 | 2021-10-26 | 华为技术有限公司 | Communication method, device and system |
| CN110234112B (en) | 2018-03-05 | 2020-12-04 | 华为技术有限公司 | Message processing method, system and user plane function device |
| KR102405412B1 (en) | 2018-04-06 | 2022-06-07 | 삼성전자주식회사 | Apparatus and method for security of information in wireless communication |
| CN110366213A (en) * | 2018-04-08 | 2019-10-22 | 中兴通讯股份有限公司 | A kind of method for switching languages and device and terminal |
| CN110351725B (en) * | 2018-04-08 | 2022-08-09 | 华为技术有限公司 | Communication method and device |
| CN110620748B (en) * | 2018-06-20 | 2021-12-21 | 中国电信股份有限公司 | Data packet identification method, device, system and computer readable storage medium |
| CN110636518B (en) * | 2018-06-21 | 2020-12-25 | 华为技术有限公司 | Performance data statistical method and related equipment |
| WO2020001099A1 (en) * | 2018-06-25 | 2020-01-02 | Oppo广东移动通信有限公司 | Method for configuring terminal device by means of network device, and terminal device and network device |
| CN110708693B (en) * | 2018-07-10 | 2022-03-01 | 中兴通讯股份有限公司 | User routing method, device and computer readable storage medium |
| CN110719611B (en) * | 2018-07-11 | 2021-02-23 | 华为技术有限公司 | Message sending method and device |
| CN110769420B (en) * | 2018-07-25 | 2022-05-13 | 中兴通讯股份有限公司 | Network access method, device, terminal, base station and readable storage medium |
| CN109041054B (en) * | 2018-07-27 | 2021-04-13 | 中国电子科技集团公司第三十研究所 | Privacy protection method for initiating number change at network side |
| CN108901018B (en) * | 2018-07-27 | 2021-02-12 | 中国电子科技集团公司第三十研究所 | Method for hiding user identity of mobile communication system initiated by terminal |
| CN110798833B (en) * | 2018-08-03 | 2023-10-24 | 华为技术有限公司 | Method and device for verifying user equipment identification in authentication process |
| CN110830990B (en) | 2018-08-09 | 2021-04-20 | 华为技术有限公司 | Identity information processing method and device and storage medium |
| CN110830989B (en) * | 2018-08-09 | 2021-06-08 | 华为技术有限公司 | Communication method and device |
| CN110830991B (en) | 2018-08-10 | 2023-02-03 | 华为技术有限公司 | Secure session method and device |
| BR112021002880A2 (en) * | 2018-08-20 | 2021-05-11 | Telefonaktiebolaget Lm Ericsson (Publ) | network exposure node and methods implemented in network exposure nodes, subscriber management, session management, mobility management and policy decision |
| US20220086691A1 (en) * | 2018-12-21 | 2022-03-17 | Telefonaktiebolaget Lm Ericsson (Publ) | User Data Traffic Handling |
| KR102489245B1 (en) | 2018-12-28 | 2023-01-17 | 삼성전자 주식회사 | A method and an apparatus for providing rule information in a wireless communication system |
| CN110049483A (en) * | 2019-04-09 | 2019-07-23 | 中国电子科技集团公司第三十研究所 | Mobile communication system user network identity jumps the implementation method for hiding network function |
| CN109842877B (en) * | 2019-04-09 | 2022-03-18 | 中国电子科技集团公司第三十研究所 | Method for realizing IMSI changing function in SIM card |
| JP7324863B2 (en) * | 2019-04-25 | 2023-08-10 | テレフオンアクチーボラゲット エルエム エリクソン(パブル) | Method and network node for tracking user equipment |
| CN111866874B (en) * | 2019-04-29 | 2022-05-10 | 华为技术有限公司 | Registration method and device |
| CN112105021B (en) * | 2019-06-17 | 2022-05-10 | 华为技术有限公司 | Authentication method, device and system |
| CN112218287B (en) * | 2019-07-12 | 2023-05-12 | 华为技术有限公司 | Communication method and device |
| CN111385794B (en) * | 2020-03-19 | 2022-03-18 | 中国电子科技集团公司第三十研究所 | Mobile communication network privacy protection method and system for industry users |
| CN111414645B (en) * | 2020-03-19 | 2022-07-05 | 中国电子科技集团公司第三十研究所 | Safe HSS/UDM design method and system for realizing privacy protection function |
| CN113316269B (en) * | 2021-04-28 | 2022-07-19 | 武汉虹旭信息技术有限责任公司 | Session management method and device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101998362A (en) * | 2009-08-27 | 2011-03-30 | 中兴通讯股份有限公司 | Method and system for switching international mobile subscriber identity (IMSI) |
| CN101969638B (en) * | 2010-09-30 | 2013-08-14 | 中国科学院软件研究所 | Method for protecting international mobile subscriber identity (IMSI) in mobile communication |
| CN103249033A (en) * | 2013-05-10 | 2013-08-14 | 东信和平科技股份有限公司 | Method and terminal for achieving self-help number changing of SIM card |
| CN103501493A (en) * | 2013-09-16 | 2014-01-08 | 深圳市中兴物联科技有限公司 | Method, device and system for on-line number allocation |
| CN104411021A (en) * | 2014-12-01 | 2015-03-11 | 恒宝股份有限公司 | Dual-IMSI automatic switching method and system for realizing global roaming |
| WO2016140823A1 (en) * | 2015-03-05 | 2016-09-09 | Qualcomm Incorporated | Identity privacy in wireless networks |
| CN105979504A (en) * | 2016-05-12 | 2016-09-28 | 中国联合网络通信集团有限公司 | Signaling monitoring number backfill method and device |
-
2017
- 2017-09-22 CN CN201710866359.0A patent/CN107580324B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101998362A (en) * | 2009-08-27 | 2011-03-30 | 中兴通讯股份有限公司 | Method and system for switching international mobile subscriber identity (IMSI) |
| CN101969638B (en) * | 2010-09-30 | 2013-08-14 | 中国科学院软件研究所 | Method for protecting international mobile subscriber identity (IMSI) in mobile communication |
| CN103249033A (en) * | 2013-05-10 | 2013-08-14 | 东信和平科技股份有限公司 | Method and terminal for achieving self-help number changing of SIM card |
| CN103501493A (en) * | 2013-09-16 | 2014-01-08 | 深圳市中兴物联科技有限公司 | Method, device and system for on-line number allocation |
| CN104411021A (en) * | 2014-12-01 | 2015-03-11 | 恒宝股份有限公司 | Dual-IMSI automatic switching method and system for realizing global roaming |
| WO2016140823A1 (en) * | 2015-03-05 | 2016-09-09 | Qualcomm Incorporated | Identity privacy in wireless networks |
| CN105979504A (en) * | 2016-05-12 | 2016-09-28 | 中国联合网络通信集团有限公司 | Signaling monitoring number backfill method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107580324A (en) | 2018-01-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107580324B (en) | Method for protecting IMSI privacy of mobile communication system | |
| EP3906652B1 (en) | Protecting a telecommunications network using network components as blockchain nodes | |
| US10548012B2 (en) | Method, system and apparatus for negotiating security capabilities during movement of UE | |
| CN109041054B (en) | Privacy protection method for initiating number change at network side | |
| CN101083839B (en) | Cipher key processing method for switching among different mobile access systems | |
| EP2315371A2 (en) | Security protected non-access stratum protocol operation supporting method in a mobile telecommunication system | |
| CN101801102B (en) | PDN connection establishment method, relevant device and system | |
| CN102457844B (en) | Group key management method and system in the certification of a kind of M2M group | |
| CN101102600B (en) | Secret key processing method for switching between different mobile access systems | |
| EP2103165A1 (en) | Imsi handling system | |
| US11405788B2 (en) | Wireless network service access control with subscriber identity protection | |
| US20190014509A1 (en) | Network node for use in a communication network, a communication device and methods of operating the same | |
| CN105830476A (en) | Method and system for providing security from a radio access network | |
| CN105828413A (en) | Safety method of D2D mode B discovery, terminal and system | |
| EP3534562A1 (en) | Data transmission method, apparatus, and system, and storage medium | |
| JP2023052573A (en) | Multi-sim device and method and process for verifying subscription information | |
| US10154369B2 (en) | Deterrence of user equipment device location tracking | |
| CN102833743B (en) | Transmission, update method and the relevant device of public warning system key updating information | |
| CN108200007B (en) | Dynamic identity management method and system for mobile network | |
| CN1937840B (en) | Method and device for obtaining safety alliance information during mobile terminal switching | |
| CN101431754B (en) | Method for preventing clone terminal access | |
| US9525980B2 (en) | Method and system for triggering terminal group | |
| US11576232B2 (en) | Method for establishing a connection of a mobile terminal to a mobile radio communication network and communication network device | |
| EP3488627B1 (en) | Proof-of-presence indicator | |
| Cao et al. | Security analysis of DoS attack against the LTE-A system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |