CN108513289A - A kind of processing method of terminal iidentification, device and relevant device - Google Patents

A kind of processing method of terminal iidentification, device and relevant device Download PDF

Info

Publication number
CN108513289A
CN108513289A CN201710108849.4A CN201710108849A CN108513289A CN 108513289 A CN108513289 A CN 108513289A CN 201710108849 A CN201710108849 A CN 201710108849A CN 108513289 A CN108513289 A CN 108513289A
Authority
CN
China
Prior art keywords
terminal
functional entity
identification information
network functional
instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710108849.4A
Other languages
Chinese (zh)
Inventor
谢振华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201710108849.4A priority Critical patent/CN108513289A/en
Priority to PCT/CN2018/072029 priority patent/WO2018153173A1/en
Publication of CN108513289A publication Critical patent/CN108513289A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
    • H04W8/04Registration at HLR or HSS [Home Subscriber Server]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of processing methods of terminal iidentification, including:Validity of the first network functional entity according to the Ciphering Key for terminal accordingly sends corresponding identity type instruction to the terminal;The identity type instruction is used to indicate the terminal identification information carried when the terminal continues message after transmission;The Ciphering Key is received from the second network functional entity.The present invention also discloses a kind of processing unit of terminal iidentification, network functional entity and terminals.

Description

A kind of processing method of terminal iidentification, device and relevant device
Technical field
This application involves a kind of communications field more particularly to processing method of terminal iidentification, device and relevant devices.
Background technology
In the communications field, terminal iidentification corresponding terminal for identification, i.e., for being authenticated to terminal.
In order to ensure the safety of terminal, avoid identifying counterpart terminal, third generation affiliate using a terminal iidentification Plan (3GPP, 3rd Generation Partnership Project) proposes a kind of transformation side of mobile terminal identification Case.
In this scheme, the authentication operation process CIMS of terminal iidentification bothers, this affects the signaling effect of authentication operation Rate.
Invention content
To solve existing technical problem, the embodiment of the present invention provides a kind of processing method of terminal iidentification, device And relevant device.
What the technical solution of the embodiment of the present invention was realized in:
An embodiment of the present invention provides a kind of processing methods of terminal iidentification, are applied to first network functional entity, described Method includes:
According to the validity of the Ciphering Key for terminal, accordingly corresponding identity type instruction is sent to the terminal; The identity type instruction is used to indicate the terminal identification information carried when the terminal continues message after transmission;The certification to Amount is received from the second network functional entity.
In said program, the foundation accordingly sends to the terminal and corresponds to for the validity of the Ciphering Key of terminal Identity type instruction when, the method includes:
When not being directed to the Ciphering Key that can be used of the terminal, the identity type sent to the terminal indicates It is indicated for the first kind;The first kind instruction characterizes the first network functional entity can be according to corresponding terminal iidentification Information identifies the terminal.
In said program, the foundation accordingly sends to the terminal and corresponds to for the validity of the Ciphering Key of terminal Identity type instruction when, the method includes:
When there is the Ciphering Key that can be used for the terminal, the identity type sent to the terminal is designated as Second Type indicates;The Second Type instruction, which characterizes second network functional entity, to be believed according to corresponding terminal iidentification Breath identifies the terminal.
In said program, the form of expression of the identity type instruction is specific identification information or is nonspecific mark letter Breath.
In said program, the method further includes:
Receive the identification information of the terminal of the second network functional entity transmission;The identification information of the terminal received The relevant information of the terminal is interacted with second network functional entity for the first network functional entity.
The embodiment of the present invention additionally provides a kind of processing method of terminal iidentification, is applied to terminal, the method includes:
Receive the identity type instruction that first network functional entity is sent;
It is indicated according to the identity type, corresponding end is carried in the message sent to the first network functional entity Hold identification information.
In said program, the method further includes:
When the identity type is designated as first kind instruction, first terminal mark is carried in the message of the transmission Information;The first kind instruction, which characterizes the first network functional entity, to be identified according to the first terminal identification information The terminal;The first terminal identification information is received from the first network functional entity.
In said program, the method further includes:
When the identity type is designated as Second Type instruction, second terminal mark is carried in the message of the transmission Information;Described in the second network functional entity of the Second Type instruction characterization can be identified according to the second terminal identification information Terminal.
In said program, the method further includes:
According to the information shared with the second network functional entity, second terminal identification information is generated;The second network work( Energy entity can identify the terminal according to the second terminal identification information.
In said program, the method further includes:
Receive the calculating parameter that the first network functional entity is sent;The calculating parameter is the second network functional entity It issues;
According to the information and calculating parameter shared with second network functional entity, second terminal identification information is generated; Second network functional entity can identify the terminal according to the second terminal identification information.
In said program, the form of expression of the identity type instruction is specific identification information or is nonspecific mark letter Breath.
The embodiment of the present invention provides a kind of processing unit of terminal iidentification again, including:
Determination unit;
Transmission unit, the validity of the Ciphering Key for terminal for being determined according to the determination unit, accordingly to The terminal sends corresponding identity type instruction;The identity type instruction is used to indicate the terminal and continues message after transmission When the terminal identification information that carries;The Ciphering Key is received from the second network functional entity.
In said program, when not being directed to the Ciphering Key that can be used of the terminal, the transmission unit is to institute The identity type for stating terminal transmission is designated as first kind instruction;It is real that the first kind instruction characterizes the first network function Body can identify the terminal according to corresponding terminal identification information.
In said program, when there is the Ciphering Key that can be used for the terminal, the transmission unit is to described The identity type that terminal is sent indicates for Second Type;The Second Type instruction characterizes second network functional entity can The terminal is identified according to corresponding terminal identification information.
The embodiment of the present invention additionally provides a kind of processing unit of terminal iidentification, including:
Second receiving unit, the identity type instruction for receiving the transmission of first network functional entity;
Processing unit, for being indicated according to the identity type, in the message sent to the first network functional entity It is middle to carry corresponding terminal identification information.
In said program, when the identity type is designated as first kind instruction, the processing unit is in the transmission Message in carry first terminal identification information;The first kind instruction characterizes the first network functional entity being capable of basis The first terminal identification information identifies the terminal;The first terminal identification information connects from the first network functional entity It receives.
In said program, when the identity type is designated as Second Type instruction, the processing unit disappears transmission Second terminal identification information is carried in breath;Second Type instruction second network functional entity of characterization can be according to described second Terminal identification information identifies the terminal.
The embodiment of the present invention provides a kind of network functional entity again, is first network functional entity, the first network Functional entity includes:
First processor;
First communication interface, the validity of the Ciphering Key for terminal for being determined according to the first processor, Accordingly corresponding identity type instruction is sent to the terminal;The identity type instruction is used to indicate the terminal after transmission The terminal identification information carried when continuous message;The Ciphering Key is received from the second network functional entity.
In said program, when not being directed to the Ciphering Key that can be used of the terminal, first communication interface The identity type sent to the terminal is designated as first kind instruction;The first kind instruction characterizes the first network work( Energy entity can identify the terminal according to corresponding terminal identification information.
In said program, when there is the Ciphering Key that can be used for the terminal, first communication interface to The identity type that the terminal is sent indicates for Second Type;The Second Type instruction characterizes second network functional entity The terminal can be identified according to corresponding terminal identification information.
The embodiment of the present invention additionally provides a kind of terminal, including:
Second communication interface, the identity type instruction for receiving the transmission of first network functional entity;
Second processor, for being indicated according to the identity type, by second communication interface to described first Corresponding terminal identification information is carried in the message that network functional entity is sent.
In said program, when the identity type is designated as first kind instruction, the second processor is in the hair First terminal identification information is carried in the message sent;The first kind instruction characterizes the first network functional entity being capable of root The terminal is identified according to the first terminal identification information;The first terminal identification information is from the first network functional entity It receives.
In said program, when the identity type is designated as Second Type instruction, the second processor is in transmission Second terminal identification information is carried in message;The second network functional entity of Second Type instruction characterization can be according to described the Two terminal identification informations identify the terminal.
Processing method, device and the relevant device of terminal iidentification provided in an embodiment of the present invention, first network functional entity According to the validity of the Ciphering Key for terminal, accordingly corresponding identity type instruction is sent to the terminal;The certification Vector is received from the second network functional entity;After the terminal receives the identity type instruction of first network functional entity transmission, It is indicated according to the identity type, corresponding terminal iidentification letter is carried in the message sent to the first network functional entity Breath, due to indicating identity type to terminal, so terminal can carry corresponding terminal in the message according to the type of instruction Mark is recognized subsequently can be directly authenticated operation by first network functional entity and the terminal so as to improve Demonstrate,prove the signalling efficiency of operation.
Description of the drawings
In attached drawing (it is not necessarily drawn to scale), similar reference numeral phase described in different views As component.Similar reference numerals with different letter suffix can indicate the different examples of similar component.Attached drawing with example and Unrestricted mode generally shows each embodiment discussed herein.
Fig. 1 is a kind of shift process schematic diagram of mobile terminal identification in the related technology;
Fig. 2 is a kind of method flow schematic diagram of the processing of one terminal iidentification of the embodiment of the present invention;
Fig. 3 is the method flow schematic diagram of the processing of another terminal iidentification of the embodiment of the present invention one;
Fig. 4 is the method flow schematic diagram of two terminal iidentification of embodiment of the present invention transformation;
Fig. 5 is the method flow schematic diagram of three terminal iidentification of embodiment of the present invention transformation;
Fig. 6 is the method flow schematic diagram of four terminal iidentification of embodiment of the present invention transformation;
Fig. 7 is a kind of processing device structure diagram of five terminal iidentification of the embodiment of the present invention;
Fig. 8 is the processing device structure diagram of another terminal iidentification of the embodiment of the present invention five.
Specific implementation mode
The present invention is described in further detail again with reference to the accompanying drawings and embodiments.
As previously mentioned, a kind of conversion scheme of mobile terminal identification is proposed in 3GPP, as shown in Figure 1, the stream of this method Journey includes the following steps:
Step 101:Terminal (UE, User Equipment) sends attach request to core network element, for example sends attachment (Attach Request) message, message is asked to carry the mark ID1 of UE;
Here, core network element can be mobile network feature entity (MME, Mobility Management Entity) Or mobile management function (MMF, Mobility Management Function) etc..
The ID1 can be International Mobile Subscriber Identity (IMSI, International Mobile Subscriber Identification Number), or the mark etc. that receives before.
Step 102:Core network element issues network element to authentication data and sends authentication data request, carries the ID1 received;
Here, it can be home signature user server (HSS, Home Subscriber that the authentication data, which issues network element, ) or authentication service function (AUSF, Authentication Server Function) etc. Server.
Authentication data request is sent, can be specifically to send authentication data request (Authentication Data Request) message etc..
Step 103:It is that the UE generates new mark ID2 that authentication data, which issues network element,;
Step 104:Authentication data issue network element to core network element send authentication data response, carry a certification to Amount, also carries encrypted ID2 and calculating parameter;
Here, authentication data response is sent, can be specifically to send authentication data response (Authentication Data Response) message etc..
Wherein, the calculating parameter verifies ID2 for UE.
Step 105:Core network element sends user authentication request to UE, carries the partial information in the Ciphering Key received The parameters for authentication of composition, and carry encrypted ID2 and calculating parameter;
Here, user authentication request is sent, can be specifically to send User Authentication Request message Deng.
The parameters for authentication can include random number (RAND) and network authentication token (AUTN) etc..
Wherein, AUTN verifies network for UE, and RAND is used for the user of network verification UE.
Step 106:UE is based on AUTN and verifies network;And response RES is calculated based on RAND, and sent out to core network element User authentication response, message is sent to carry authentication information, i.e. RES;Core network element compares the XRES in RES and the Ciphering Key; Network verification user passes through if RES=XRES, executes step 107;
Here, core network element can be MME etc..
User authentication response is sent, can be specifically to send User Authentication Response message.
Step 107:Core network element issues network element to authentication data and sends identity validation message, for example sends SYNC and disappear Breath carries identifying code.
Here, the identifying code is for verifying identity validation message.
So far, it issues network element with authentication data after UE decryption ID2 and can mutually be communicated using ID2, to prevent other people Lead to the leakage of UE location informations by tracking ID1.
From the above description, it will be seen that in the related technology, authentication data, which issues network element once and can only issue one, recognizes Syndrome vector, subsequent authentication operation must issue network element execution by the authentication data of home network, this affects the letter of authentication operation Enable efficiency.
Based on this, in various embodiments of the present invention:First network functional entity is according to the Ciphering Key for being directed to terminal Validity, accordingly send the instruction of corresponding identity type to the terminal;The identity type instruction is used to indicate the end The terminal identification information that end carries when continuing message after transmission;The Ciphering Key is received from the second network functional entity;It is described It after terminal receives the identity type instruction of first network functional entity transmission, is indicated according to the identity type, to described the Corresponding terminal identification information is carried in the message that one network functional entity is sent.
Embodiment one
An embodiment of the present invention provides a kind of processing methods of terminal iidentification, are applied to first network functional entity, such as Fig. 2 Shown, this method includes:
Step 201:Validity of the first network functional entity according to the Ciphering Key for terminal, determines terminal The corresponding identity type instruction of identity type;
In other words, the first network functional entity is (available according to the service condition of the Ciphering Key for terminal Property), determine the corresponding identity type instruction of the identity type of terminal.
Here, the identity type instruction is used to indicate the terminal iidentification letter carried when the terminal continues message after transmission Breath.
Specifically, when not being directed to the Ciphering Key that can be used of the terminal, the mark class of the terminal is determined Type corresponds to identity type and is designated as first kind instruction;The first kind instruction characterizes the first network functional entity can The terminal is identified according to corresponding terminal identification information.
When there is the Ciphering Key that can be used for the terminal, determine that the identity type of the terminal corresponds to mark Type is designated as Second Type instruction;Second Type instruction second network functional entity of characterization can be according to counterpart terminal mark Know information and identifies the terminal.
Wherein, the Ciphering Key is the Ciphering Key that second network functional entity issues, i.e., the described Ciphering Key Received from the second network functional entity.
From the above description, it will be seen that the service condition of the Ciphering Key can be had for the terminal The Ciphering Key that can be used, or can be not be directed to the terminal the Ciphering Key that can be used.Briefly, The service condition of the Ciphering Key, which can be divided into, two kinds of the Ciphering Key that can be used and the Ciphering Key that can not use Situation.
Here, the Ciphering Key is mutually authenticated for the terminal with corresponding network.
When practical application, the second network functional entity can issue at least one Ciphering Key as needed.Each certification Vector includes multiple parameters for authentication, this multiple parameters for authentication forms a vector, authentication authorization and accounting vector.
When practical application, the first network functional entity can access the key control node of network, such as core Network element can be specifically MME or MMF etc..
When practical application, second network functional entity can be that authentication data issues network element, that is, control user data Node, such as HSS or AUSF etc..
In one embodiment, the form of expression of the identity type instruction can be specific identification information, or non- Specific identification information.
Wherein, when the form of expression of identity type instruction is specific identification information, illustrate that first network function is real Body is determined notifies the identity type to indicate by implicit mode.For example, can by a kind of specific terminal identification information, Such as not be complete zero identification information, that is, indicate the corresponding terminal identification information of the terminal, while having also indicated that mark class Type be the first kind or Second Type, in this way can be with saving signaling resource.
When the form of expression of identity type instruction is specific identification information, illustrate that first network functional entity determines The identity type is notified to indicate by explicit mode.For example, the corresponding terminal identification information of the terminal can be indicated, together When, it is the first kind or Second Type to recycle a field to carry out sign type.
In one embodiment, this method can also include:
Receive the identification information of the terminal of the second network functional entity transmission;The identification information of the terminal received The relevant information of the terminal is interacted with second network functional entity for the first network functional entity.
Here, when practical application, a kind of situation is that second network functional entity can't pass through first net Network functional entity directly issues the terminal identification information of Second Type to the terminal, and the terminal can be based on and described the at this time The shared information of two network functional entities generates the terminal identification information of Second Type, at this point, second network functional entity The identification information of the terminal can be sent to the first network functional entity, so as to the first network functional entity with it is described Second network functional entity interacts the relevant information of the terminal.
Wherein, when generating the identification information of terminal, when second network functional entity passes through the first network work( When energy entity has sent calculating parameter to the terminal, the terminal can be based on the letter shared with second network functional entity Breath and calculating parameter generate the terminal identification information of Second Type.
Step 202:The first network functional entity sends corresponding mark according to the identity type determined, to the terminal Know type instruction.
Specifically, when not being directed to the Ciphering Key that can be used of the terminal, to the mark of terminal transmission Type is designated as first kind instruction.
When there is the Ciphering Key that can be used for the terminal, the identity type sent to the terminal is designated as Second Type indicates.
In one embodiment, after sending identity type instruction to the terminal, this method can also include:
The first network functional entity receives the message that the terminal is sent;
When the terminal identification information carried in the message according to reception cannot identify the terminal, the first network work( Can the terminal identification information that carry in the message that is received to second network functional entity forwarding of entity, with to the terminal into Row identification, to be mutually authenticated based on corresponding Ciphering Key with the terminal by the second network functional entity.
Wherein, when the terminal identification information carried in the message according to reception can identify the terminal, first net Network functional entity is mutually authenticated with the terminal based on corresponding Ciphering Key.
View of the above, it will be seen that in the embodiment of the present invention, the first network functional entity is according to for terminal Ciphering Key validity, accordingly send the instruction of corresponding identity type to the terminal;The identity type instruction is used for Indicate the terminal identification information carried when the terminal continues message after transmission;The Ciphering Key is received from the second network function Entity.
In addition, validity of the foundation for the Ciphering Key of terminal, accordingly sends corresponding mark to the terminal Type indicate when, when not be directed to the terminal the Ciphering Key that can be used when, when not be directed to the terminal can When the Ciphering Key used, the identity type sent to the terminal is designated as first kind instruction;The first kind instruction The terminal can be identified according to corresponding terminal identification information by characterizing the first network functional entity.It is directed to the end when having When the Ciphering Key that can be used at end, the identity type sent to the terminal is designated as Second Type instruction;Described second Type instruction, which characterizes second network functional entity, to identify the terminal according to counterpart terminal identification information.
Accordingly, the embodiment of the present invention additionally provides a kind of processing method of terminal iidentification, is applied to terminal, such as Fig. 3 institutes Show, this method includes:
Step 301:The terminal receives the identity type instruction that first network functional entity is sent;
Here, the identity type instruction is used to indicate the terminal and sends the terminal identification information carried when message.
In one embodiment, the form of expression of the identity type instruction can be specific identification information, or non- Specific identification information.
Wherein, when the form of expression of identity type instruction is specific identification information, illustrate that first network function is real Body is determined notifies the identity type to indicate by implicit mode.For example, can by a kind of specific terminal identification information, Such as not be complete zero identification information, that is, indicate the corresponding terminal identification information of the terminal, while having also indicated that mark class Type be the first kind or Second Type, in this way can be with saving signaling resource.
When the form of expression of identity type instruction is specific identification information, illustrate that first network functional entity determines The identity type is notified to indicate by explicit mode.For example, the corresponding terminal identification information of the terminal can be indicated, together When, it is the first kind or Second Type to recycle a field to carry out sign type.
Step 302:It is indicated according to the identity type, the terminal disappears what is sent to the first network functional entity Corresponding terminal identification information is carried in breath.
Wherein, when the identity type of reception is designated as first kind instruction, first terminal is carried in the message of transmission Identification information;The first kind instruction characterizes the first network functional entity can be according to the first terminal identification information It identifies the terminal, and then is mutually authenticated based on corresponding Ciphering Key with the terminal.
When the identity type of reception is designated as Second Type instruction, second terminal mark letter is carried in the message of transmission Breath;The second network functional entity of the Second Type instruction characterization can identify the end according to the second terminal identification information End, and then be mutually authenticated based on corresponding Ciphering Key with the terminal by the second network functional entity.
Wherein, the first terminal identification information is received from the first network functional entity, for example can be the end It holds and obtains first terminal identification information from the message for receiving identity type instruction.
Here, when practical application, a kind of situation is that the second network functional entity can't pass through the first network work( Energy entity directly issues the terminal identification information of Second Type, at this time before executing step 302, the terminal to the terminal Second terminal identification information can be generated based on the information shared with second network functional entity, at this point, the second network function Entity can send the identification information of the terminal to the first network functional entity, so as to the first network functional entity with Second network functional entity interacts the relevant information of the terminal.
In addition, in one embodiment, this method can also include:
The terminal receives the calculating parameter that the first network functional entity is sent;The calculating parameter is described second What network functional entity issued;
Certainly, the terminal generates described second according to the information and calculating parameter shared with the second network functional entity Terminal identification information.
Wherein, view of the above, it will be seen that second network functional entity can identify letter according to second terminal Breath identifies the terminal, and then is mutually recognized each other based on corresponding Ciphering Key with the terminal by the second network functional entity Card.
Based on the above method, the present embodiment additionally provides a kind of processing method of terminal iidentification, includes the following steps:
Step A:Validity of the first network functional entity according to the Ciphering Key for terminal, accordingly sends out to the terminal Corresponding identity type is sent to indicate;
Step B:After the terminal receives the identity type instruction of first network functional entity transmission, according to the mark Type indicates, corresponding terminal identification information is carried in the message sent to first network functional entity hair.
It should be noted that:When practical application, terminal identification information described in the embodiment of the present invention can be as needed It selects, as long as the information of terminal can be identified, the embodiment of the present invention limits not to this.
In addition, the concrete processing procedure of first network functional entity and terminal is as detailed above, which is not described herein again.
The processing method of terminal iidentification provided in an embodiment of the present invention, first network functional entity is according to recognizing for terminal The validity of syndrome vector accordingly sends corresponding identity type instruction to the terminal;The Ciphering Key is received from the second net Network functional entity;After the terminal receives the identity type instruction of first network functional entity transmission, according to the identity type Instruction, carries corresponding terminal identification information, due to referring to terminal in the message sent to the first network functional entity Identity type is shown, so terminal can carry corresponding terminal iidentification in the message according to the type of instruction, subsequently may be used To be directly authenticated operation by first network functional entity and the terminal, so as to improve the signaling effect of authentication operation Rate.
When not being directed to the Ciphering Key that can be used of the terminal, sends identity type to the terminal and be designated as The first kind indicates;The first kind instruction, which characterizes the first network functional entity, to be believed according to corresponding terminal iidentification Breath identifies the terminal, to be directly authenticated operation by first network functional entity and the terminal, does not need the second net The participation of network functional entity, to improve the signalling efficiency of authentication operation.
Embodiment two
On the basis of embodiment one, the process of terminal iidentification transformation is described in detail in the present embodiment.
The method of the present embodiment terminal iidentification transformation, as shown in figure 4, including the following steps:
Step 401:UE sends attach request to core network element;
Here, when practical application, core network element can be MME or MMF etc..
Attach request is sent, can be specifically to send Attach Request message.
The mark ID1 of UE is carried in the attach request of transmission.
Wherein, the ID1 can be the mark etc. received before IMSI or UE.
Step 402:After core network element receives attach request, issues network element to authentication data and send authentication data request;
Here, when practical application, it can be HSS or AUSF etc. that the authentication data, which issues network element,.
Authentication data request is sent, can be specifically hair Authentication Data Request message etc..
ID1 is carried in the authentication data request of transmission.
Step 403:Authentication data issues after network element receives request, and new mark ID2 is generated for UE;
Step 404:Authentication data issues network element and sends authentication data response to core network element;
Here, when practical application, authentication data response is sent, can be specifically to send Authentication Data Response message etc..
One group of Ciphering Key and ID2 are carried in the authentication data response of transmission.
Step 405:After core network element receives response, user authentication request is sent to UE;
Here, when practical application, user authentication request is sent, can be specifically to send User Authentication Request message etc..
The partial information group of a Ciphering Key in one group of Ciphering Key is carried in the user authentication request of transmission At parameters for authentication, such as RAND and AUTN, and carry ID2.
Wherein, AUTN verifies network for UE, and RAND is used for the user of network verification UE.
Step 406:After UE receives request, network is verified based on AUTN;Response RES is calculated based on RAND, and to core Heart network element sends user authentication response;
Here, when practical application, user authentication response is sent, can be specifically to send User Authentication Response message etc..
Authentication information, i.e. RES are carried in the user response.
Step 407:After core network element receives response, the XRES in RES and corresponding Ciphering Key is compared, if Then network verification user passes through RES=XRES, executes step 408;
Step 408:Core network element sends attachment received message to UE;
Here, when practical application, attachment received message is sent, can be specifically to send attachment to receive (Attach Accept) message etc..
The temporary identifier TID1 of core network element distribution is carried in the attachment received message.
Wherein, the TID1 is not specific identification information, for example is not the identification information of full 0, therefore UE can be regarded it as Identity type indicates.
Alternatively, TID1 and identity type instruction can also be carried in the attachment received message, for example carry id-type Field is to indicate that UE uses TID1.
After terminal receives attachment received message, in subsequent process, terminal sends message using temporary identifier TID1.
Step 409:UE sends attach request to core network element again;
Here, TID1 is carried in the attach request.
Step 410:After core network element receives request, user authentication request is sent to UE;
Here, when practical application, user authentication request is sent, can be specifically to send User Authentication Request message etc..
The partial information group in a Ciphering Key for the UE being not used by is carried in the user authentication request At parameters for authentication, such as RAND and AUTN.
Step 411:After UE receives user authentication request, network is verified based on AUTN;UE calculates response based on RAND RES, and send user authentication response to core network element;
Here, when practical application, user authentication response is sent, can be specifically to send User Authentication Response message etc..
Authentication information, i.e. RES are carried in the user response.
Step 412:After core network element receives response, the XRES in RES and corresponding Ciphering Key is compared, if Then network verification user passes through RES=XRES, thens follow the steps 413;
Step 413:Core network element sends attachment received message to terminal.
Here, when practical application, attachment received message is sent, can be specifically to send Attach Accept message etc..
Wherein, before sending attachment received message, what core network element determined whether also use is directed to this The Ciphering Key of UE, if in addition, if adhere to received message carry core network element distribution temporary identifier TID2.With TID1 classes As, TID2 is not specific identification information, for example is not the identification information of full 0, therefore UE can regard it as identity type instruction, Identity type instruction can also be carried within the message, for example carries id-type fields and TID2 is used with instruction terminal.If not yet Have the Ciphering Key for the UE that can be used, then adhere to received message carry identity type instruction and core net distribution Temporary identifier information TID2 or message will carry specific temporary identifier as identification information, such as full 0 identification information, to refer to Show that terminal temporary identifier is unavailable, ID2 need to be used.
After receiving attachment received message, UE can indicate to carry corresponding mark in the message of transmission according to identity type Information.When carrying ID2 in the message that UE is sent, due to core network element None- identified UE, so core network element can be by ID2 It is transmitted to authentication data and issues network element, issuing network element by authentication data identifies UE, and issues the new Ciphering Key group for UE To core network element, so that core network element can again be identified UE.
It should be noted that:When practical application, in step 409, UE can also be that sending business to core network element asks It asks, for example service request (Service Request) message, subsequent processes are identical with step 410~413.
Embodiment three
On the basis of embodiment one, two, the process of terminal iidentification transformation is described in detail in the present embodiment.
The method of the present embodiment terminal iidentification transformation, as shown in figure 5, including the following steps:
Step 501:UE sends attach request to core network element;
Here, when practical application, core network element can be MME or MMF etc..
Attach request is sent, can be specifically to send Attach Request message.
The mark ID1 of UE is carried in the attach request of transmission.
Wherein, the ID1 can be the mark etc. received before IMSI or UE.
Step 502:After core network element receives attach request, issues network element to authentication data and send authentication data request;
Here, when practical application, it can be HSS or AUSF etc. that the authentication data, which issues network element,.
Authentication data request is sent, can be specifically hair Authentication Data Request message etc..
ID1 is carried in the authentication data request of transmission.
Step 503:Authentication data issues after network element receives request, according to the key Ki, ID1 or the terminal shared with the UE Initial marking ID0, generate new mark ID2;
Here, when practical application, when generating new mark ID2, can also according to the UE share key Ki, ID1 or The initial marking ID0 and calculating parameter (such as other numerical value etc. in random number or parameters for authentication group) of the terminal are generated new Mark ID2.
Wherein, when practical application, other numerical value can be the other numerical value changed in parameters for authentication group.
Step 504:Authentication data issues network element and sends authentication data response to core network element;
Here, when practical application, authentication data response is sent, can be specifically to send Authentication Data Response message etc..
One group of Ciphering Key is carried in the authentication data response of transmission.It is used when authentication data issues when network element generates ID2 When calculating parameter, the authentication data response of transmission can also further carry calculating parameter.
Step 505:After core network element receives response, user authentication request is sent to UE;
Here, when practical application, user authentication request is sent, can be specifically to send User Authentication Request message etc..
The partial information group of a Ciphering Key in one group of Ciphering Key is carried in the user authentication request of transmission At parameters for authentication, such as RAND and AUTN.
Correspondingly, when carrying calculating parameter in the response that core network element receives, the user authentication request of transmission is also Calculating parameter can be carried.
Step 506:After UE receives request, new mark ID2 is calculated using the identical information of network element is issued with authentication data;
Specifically, when not carrying calculating parameter in request, UE is according to key Ki, the initial marking ID0 of ID1 or the terminal Calculate ID2;When carrying calculating parameter in request, UE is according to key Ki, the initial marking ID0 of ID1 or the terminal, and calculates Parameter calculates ID2.
It is described that the identical information of network element is issued with authentication data, it is believed that be to issue the shared letter of network element with authentication data Breath.
Step 507:UE is based on AUTN and verifies network;UE calculates response RES based on RAND, and is sent out to core network element Send user authentication response;
Here, when practical application, user authentication response is sent, can be specifically to send User Authentication Response message etc..
Authentication information, i.e. RES are carried in the user response.
Step 508:After core network element receives response, the XRES in RES and the Ciphering Key is compared, if Then network verification user passes through RES=XRES, executes step 509;
Step 509:Core network element sends attachment received message to UE;
Here, when practical application, attachment received message is sent, can be specifically to send attachment to receive (Attach Accept) message etc..
The temporary identifier TID1 of core network element distribution is carried in the attachment received message.
Wherein, the TID1 is not specific identification information, for example is not the identification information of full 0, therefore UE can be regarded it as Identity type indicates.
Alternatively, TID1 and identity type instruction can also be carried in the attachment received message, for example carry id-type Field uses TID1 with instruction terminal.
After terminal receives attachment received message, in subsequent process, terminal sends message using temporary identifier TID1.
Step 510:UE sends attach request to core network element again;
Here, TID1 is carried in the attach request.
Step 511:After core network element receives request, user authentication request is sent to UE;
Here, when practical application, user authentication request is sent, can be specifically to send User Authentication Request message etc..
The partial information group in a Ciphering Key for the UE being not used by is carried in the user authentication request At parameters for authentication, such as RAND and AUTN.
Step 512:After UE receives user authentication request, network is verified based on AUTN;UE calculates response based on RAND RES, and send user authentication response to core network element;
Here, when practical application, user authentication response is sent, can be specifically to send User Authentication Response message etc..
Authentication information, i.e. RES are carried in the user response.
Step 513:After core network element receives response, the XRES in RES and corresponding Ciphering Key is compared, if Then network verification user passes through RES=XRES, thens follow the steps 514;
Step 514:Core network element sends attachment received message to terminal.
Here, when practical application, attachment received message is sent, can be specifically to send Attach Accept message etc..
Wherein, before sending attachment received message, what core network element determined whether also use is directed to this The Ciphering Key of UE, if in addition, if adhere to received message carry core network element distribution temporary identifier TID2.With TID1 classes As, TID2 is not specific identification information, for example is not the identification information of full 0, therefore UE can regard it as identity type instruction, Identity type instruction can also be carried within the message, for example carries id-type fields and TID2 is used with instruction terminal.If not yet Have the Ciphering Key for the UE that can be used, then adhere to received message carry identity type instruction and core net distribution Temporary identifier information TID2 or message will carry specific temporary identifier as identification information, such as full 0 identification information, to refer to Show that terminal temporary identifier is unavailable, ID2 need to be used.
After receiving attachment received message, UE can indicate to carry corresponding mark in the message of transmission according to identity type Information.When carrying ID2 in the message that UE is sent, due to core network element None- identified UE, so core network element can be by ID2 It is transmitted to authentication data and issues network element, issuing network element by authentication data identifies UE, and issues the new Ciphering Key group for UE To core network element.
It should be noted that:When practical application, in step 510, UE can also be that centripetal network element sends service request, For example Service Request message, subsequent processes are identical with step 511~514.
Example IV
The process of terminal iidentification transformation is described in detail in the present embodiment.
The method of the present embodiment terminal iidentification transformation, as shown in fig. 6, including the following steps:
Step 601:UE sends attach request to core network element;
Here, when practical application, core network element can be MME or MMF etc..
Attach request is sent, can be specifically to send Attach Request message.
The mark ID1 of UE is carried in the attach request of transmission.
Wherein, the ID1 can be the mark etc. received before IMSI or UE.
Step 602:After core network element receives attach request, issues network element to authentication data and send authentication data request;
Here, when practical application, it can be HSS or AUSF etc. that the authentication data, which issues network element,.
Authentication data request is sent, can be specifically hair Authentication Data Request message etc..
ID1 is carried in the authentication data request of transmission.
Step 603:Authentication data issues after network element receives request, according to the key Ki, ID1 or the terminal shared with the UE Initial marking ID0, generate new mark ID2;
Here, when practical application, when generating new mark ID2, can also according to the UE share key Ki, ID1 or The initial marking ID0 and calculating parameter (such as other numerical value etc. in random number or parameters for authentication group) of the terminal are generated new Mark ID2.
Wherein, when practical application, other numerical value can be the other numerical value changed in parameters for authentication group.
Step 604:Authentication data issues network element and sends authentication data response to core network element;
Here, when practical application, authentication data response is sent, can be specifically to send Authentication Data Response message etc..
One group of Ciphering Key and anchoring mark AID1 are carried in the authentication data response of transmission.
Wherein, AID1 issues the relevant information that network element interacts the UE for core network element with authentication data.
When authentication data, which issues, has used calculating parameter when network element generates ID2, the authentication data response of transmission can be with Further carry calculating parameter.
Step 605:After core network element receives response, user authentication request is sent to UE;
Here, when practical application, user authentication request is sent, can be specifically to send User Authentication Request message etc..
The partial information group of a Ciphering Key in one group of Ciphering Key is carried in the user authentication request of transmission At parameters for authentication, such as RAND and AUTN.
Correspondingly, when carrying calculating parameter in the response that core network element receives, the user authentication request of transmission is also Calculating parameter can be carried.
Step 606:After UE receives request, new mark ID2 is calculated using the identical information of network element is issued with authentication data;
Specifically, when not carrying calculating parameter in request, UE is according to key Ki, the initial marking ID0 of ID1 or the terminal Calculate ID2;When carrying calculating parameter in request, UE is according to key Ki, the initial marking ID0 of ID1 or the terminal, and calculates Parameter calculates ID2.
It is described that the identical information of network element is issued with authentication data, it is believed that be to issue the shared letter of network element with authentication data Breath.
Step 607:UE is based on AUTN and verifies network;UE calculates response RES based on RAND, and is sent out to core network element Send user authentication response;
Here, when practical application, user authentication response is sent, can be specifically to send User Authentication Response message etc..
Authentication information, i.e. RES are carried in the user response.
Step 608:After core network element receives response, the XRES in RES and the Ciphering Key is compared, if Then network verification user passes through RES=XRES, executes step 609;
Step 609:Core network element sends attachment received message to UE;
Here, when practical application, attachment received message is sent, can be specifically to send attachment to receive (Attach Accept) message etc..
The temporary identifier TID1 of core network element distribution is carried in the attachment received message.
Wherein, the TID1 is not specific identification information, for example is not the identification information of full 0, therefore UE can be regarded it as Identity type indicates.
Alternatively, TID1 and identity type instruction can also be carried in the attachment received message, for example carry id-type Field uses TID1 with instruction terminal.
After terminal receives attachment received message, in subsequent process, terminal sends message using temporary identifier TID1.
Step 610:UE sends attach request to core network element again;
Here, TID1 is carried in the attach request.
When practical application,
Step 611:After core network element receives request, user authentication request is sent to UE;
Here, when practical application, user authentication request is sent, can be specifically to send User Authentication Request message etc..
The partial information group in a Ciphering Key for the UE being not used by is carried in the user authentication request At parameters for authentication, such as RAND and AUTN.
Step 612:After UE receives user authentication request, network is verified based on AUTN;UE calculates response based on RAND RES, and send user authentication response to core network element;
Here, when practical application, user authentication response is sent, can be specifically to send User Authentication Response message etc..
Authentication information, i.e. RES are carried in the user response.
Step 613:After core network element receives response, the XRES in RES and corresponding Ciphering Key is compared, if Then network verification user passes through RES=XRES, thens follow the steps 614;
Step 614:Core network element sends attachment received message to terminal.
Here, when practical application, attachment received message is sent, can be specifically to send Attach Accept message etc..
Wherein, before sending attachment received message, what core network element determined whether also use is directed to this The Ciphering Key of UE, if in addition, if adhere to received message carry core network element distribution temporary identifier TID2.With TID1 classes As, TID2 is not specific identification information, for example is not the identification information of full 0, therefore UE can regard it as identity type instruction, Identity type instruction can also be carried within the message, for example carries id-type fields and TID2 is used with instruction terminal.If not yet Have the Ciphering Key for the UE that can be used, then adhere to received message carry identity type instruction and core net distribution Temporary identifier information TID2 or message will carry specific temporary identifier as identification information, such as full 0 identification information, to refer to Show that terminal temporary identifier is unavailable, ID2 need to be used.
After receiving attachment received message, UE can indicate to carry corresponding mark in the message of transmission according to identity type Information.When carrying ID2 in the message that UE is sent, due to core network element None- identified UE, so core network element can be by ID2 It is transmitted to authentication data and issues network element, issuing network element by authentication data identifies UE, and issues the new Ciphering Key group for UE To core network element.
It should be noted that:When practical application, in step 610, UE can also be that centripetal network element sends service request, For example Service Request message, subsequent processes are identical with step 611~614.
From embodiment two to four as can be seen that scheme provided in an embodiment of the present invention, uses two kinds of terminal identification informations:One Kind is distributed by core network element, another to issue network element distribution by authentication data, and which uses by core network element notice terminal Kind terminal identification information, authentication data, which issues network element, can once issue multiple Ciphering Key so that authentication operation can visit The core network element for visiting ground executes, to improve the signalling efficiency of authentication operation.
Embodiment five
The method of embodiment to realize the present invention, the present embodiment provides a kind of processing unit of terminal iidentification, setting is the One network functional entity, as shown in fig. 7, the device includes:
Determination unit 71;
Transmission unit 72, the validity of the Ciphering Key for terminal for being determined according to the determination unit 71, phase Corresponding identity type instruction should be sent to the terminal;The identity type instruction is used to indicate the terminal and continues after transmission The terminal identification information carried when message.
That is, the determination unit 71 according to the Ciphering Key for terminal validity (it can be appreciated that making With situation), determine the corresponding identity type instruction of the identity type of terminal;Correspondingly, the transmission unit 72 is according to determining Identity type indicates, corresponding identity type instruction is sent to the terminal.
Specifically, when not being directed to the Ciphering Key that can be used of the terminal, the determination unit 71 determines institute State terminal identity type correspond to identity type be designated as the first kind instruction;The first kind instruction characterizes first net Network functional entity can identify the terminal according to corresponding terminal identification information.
When there is the Ciphering Key that can be used for the terminal, first determination unit 71 determines the terminal Identity type correspond to identity type be designated as Second Type instruction;Second Type instruction second network functional entity of characterization The terminal can be identified according to counterpart terminal identification information.
Accordingly for transmission unit 72, when not being directed to the Ciphering Key that can be used of the terminal, to described The identity type that terminal is sent is designated as first kind instruction;When there is the Ciphering Key that can be used for the terminal, The identity type sent to the terminal indicates for Second Type;It is real that the Second Type instruction characterizes second network function Body can identify the terminal according to corresponding terminal identification information.
Wherein, the Ciphering Key is the Ciphering Key that second network functional entity issues, i.e., the described Ciphering Key Received from the second network functional entity.
From the above description, it will be seen that the service condition of the Ciphering Key can be had for the terminal The Ciphering Key that can be used, or can be not be directed to the terminal the Ciphering Key that can be used.Briefly, The service condition of the Ciphering Key, which can be divided into, two kinds of the Ciphering Key that can be used and the Ciphering Key that can not use Situation.
Here, the Ciphering Key is mutually authenticated for the terminal with corresponding network.
When practical application, the second network functional entity can issue at least one Ciphering Key as needed.Each certification Vector includes multiple parameters for authentication, this multiple parameters for authentication forms a vector, authentication authorization and accounting vector.
When practical application, the first network functional entity can access the key control node of network, such as core Network element can be specifically MME or MMF etc..
When practical application, second network functional entity can be that authentication data issues network element, that is, control user data Node, such as HSS or AUSF etc..
In one embodiment, the form of expression of the identity type instruction can be specific identification information, or non- Specific identification information.
Wherein, when the form of expression of identity type instruction is specific identification information, illustrate that first network function is real Body is determined notifies the identity type to indicate by implicit mode.For example, can by a kind of specific terminal identification information, Such as not be complete zero identification information, that is, indicate the corresponding terminal identification information of the terminal, while having also indicated that mark class Type be the first kind or Second Type, in this way can be with saving signaling resource.
When the form of expression of identity type instruction is specific identification information, illustrate that first network functional entity determines The identity type is notified to indicate by explicit mode.For example, the corresponding terminal identification information of the terminal can be indicated, together When, it is the first kind or Second Type to recycle a field to carry out sign type.
In one embodiment, which can also include:
First receiving unit, the identification information of the terminal for receiving the transmission of the second network functional entity;It receives The identification information of the terminal interacts the terminal for the first network functional entity with second network functional entity Relevant information.
Here, when practical application, a kind of situation is that second network functional entity can't pass through first net Network functional entity directly issues the terminal identification information of Second Type to the terminal, and the terminal can be based on and described the at this time The shared information of two network functional entities generates the terminal identification information of Second Type, at this point, second network functional entity The identification information of the terminal can be sent to the first network functional entity, so as to the first network functional entity with it is described Second network functional entity interacts the relevant information of the terminal.
Wherein, when generating the identification information of terminal, when second network functional entity passes through the first network work( When energy entity has sent calculating parameter to the terminal, the terminal can be based on the letter shared with second network functional entity Breath and calculating parameter generate the terminal identification information of Second Type.
In one embodiment, the first receiving unit, the message sent for receiving the terminal;
The transmission unit 72 is additionally operable to described when that cannot be identified according to the terminal identification information carried in the message of reception When terminal, the terminal identification information carried in the message received to second network functional entity forwarding, with to the terminal It is identified, to be mutually authenticated based on corresponding Ciphering Key with the terminal by the second network functional entity.
Wherein, when the terminal identification information carried in the message according to reception can identify the terminal, first net Network functional entity is mutually authenticated with the terminal based on corresponding Ciphering Key.
When practical application, determination unit 71 can be realized by the processor in the processing unit of terminal iidentification;The transmission is single Member 72 and the first receiving unit can be realized by the communication interface in the processing unit of terminal iidentification.
Based on this, the embodiment of the present invention additionally provides a kind of network functional entity, is first network functional entity, and described the One network functional entity includes:
First processor;
First communication interface, the validity of the Ciphering Key for terminal for being determined according to the first processor, Accordingly corresponding identity type instruction is sent to the terminal;The identity type instruction is used to indicate the terminal after transmission The terminal identification information carried when continuous message;The Ciphering Key is received from the second network functional entity.
Wherein, when not being directed to the Ciphering Key that can be used of the terminal, first communication interface is to described The identity type that terminal is sent is designated as first kind instruction;The first kind instruction characterizes the first network functional entity The terminal can be identified according to corresponding terminal identification information.
When there is the Ciphering Key that can be used for the terminal, first communication interface is sent to the terminal Identity type be Second Type instruction;The Second Type instruction characterizes second network functional entity can be according to correspondence Terminal identification information identify the terminal.
The realization function of first processor and the first communication interface can refer to the associated description of preceding method and device and manage Solution, which is not described herein again.
Accordingly, the processing method of the terminal iidentification of embodiment end side, the embodiment of the present invention also carry to realize the present invention A kind of processing unit of terminal iidentification is supplied, as shown in figure 8, the device includes:
Second receiving unit 81, the identity type instruction for receiving the transmission of first network functional entity;
Processing unit 82 disappears for being indicated according to the identity type what is sent to the first network functional entity Corresponding terminal identification information is carried in breath.
Here, the identity type instruction is used to indicate the terminal and sends the terminal identification information carried when message.
In one embodiment, the form of expression of the identity type instruction can be specific identification information, or non- Specific identification information.
Wherein, when the form of expression of identity type instruction is specific identification information, illustrate that first network function is real Body is determined notifies the identity type to indicate by implicit mode.For example, can by a kind of specific terminal identification information, Such as not be complete zero identification information, that is, indicate the corresponding terminal identification information of the terminal, while having also indicated that mark class Type be the first kind or Second Type, in this way can be with saving signaling resource.
When the form of expression of identity type instruction is specific identification information, illustrate that first network functional entity determines The identity type is notified to indicate by explicit mode.For example, the corresponding terminal identification information of the terminal can be indicated, together When, it is the first kind or Second Type to recycle a field to carry out sign type.
In one embodiment, for the processing unit 82:
When the identity type of reception is designated as first kind instruction, first terminal mark letter is carried in the message of transmission Breath;The first kind instruction, which characterizes the first network functional entity, to identify institute according to the first terminal identification information Terminal is stated, and then is mutually authenticated based on corresponding Ciphering Key with the terminal;
Alternatively,
When the identity type of reception is designated as Second Type instruction, second terminal mark letter is carried in the message of transmission Breath;The second network functional entity of the Second Type instruction characterization can identify the end according to the second terminal identification information End, and then be mutually authenticated based on corresponding Ciphering Key with the terminal by the second network functional entity.
Wherein, the first terminal identification information is received from the first network functional entity, for example can be the end It holds and obtains first terminal identification information from the message for receiving identity type instruction.
Here, when practical application, a kind of situation is that the second network functional entity can't pass through the first network work( Can entity the terminal identification information of Second Type is directly issued to the terminal, at this time the processing unit 82 can be based on it is described The shared information of second network functional entity generates second terminal identification information, at this point, the second network functional entity can be to described First network functional entity sends the identification information of the terminal, so as to the first network functional entity and second network Functional entity interacts the relevant information of the terminal.
In addition, in one embodiment, second receiving unit 81 is additionally operable to receive what first network functional entity was sent Calculating parameter;The calculating parameter is that second network functional entity issues;
The processing unit 82, is used for:According to the information and calculating parameter shared with the second network functional entity, institute is generated State second terminal identification information.
Wherein, view of the above, it will be seen that second network functional entity can identify letter according to second terminal Breath identifies the terminal, and then is mutually recognized each other based on corresponding Ciphering Key with the terminal by the second network functional entity Card.
When practical application, the second receiving unit 81 can be realized by the communication interface in the processing unit of terminal iidentification;It is described Processing unit 82 can be realized by the processor in the processing unit of terminal iidentification.
Based on this, the embodiment of the present invention additionally provides a kind of terminal, including:
Second communication interface, the identity type instruction for receiving the transmission of first network functional entity;
Second processor, for being indicated according to the identity type, by second communication interface to described first Corresponding terminal identification information is carried in the message that network functional entity is sent.
Wherein, when the identity type is designated as first kind instruction, the second processor disappears the transmission First terminal identification information is carried in breath;The first kind instruction characterizes the first network functional entity can be according to described First terminal identification information identifies the terminal;The first terminal identification information is received from the first network functional entity.
When the identity type is designated as Second Type instruction, the second processor carries the in the message of transmission Two terminal identification informations;The second network functional entity of the Second Type instruction characterization can be identified according to the second terminal to be believed Breath identifies the terminal.
The realization function of second communication interface and second processor can refer to the associated description of preceding method and device and manage Solution, which is not described herein again.
Based on above-mentioned apparatus, the embodiment of the present invention additionally provides a kind of processing system of terminal iidentification, which includes:
First network functional entity is accordingly sent out to the terminal for the validity according to the Ciphering Key for terminal Corresponding identity type is sent to indicate;
Terminal, after the identity type instruction for receiving the transmission of first network functional entity, according to the identity type Instruction, corresponding terminal identification information is carried in the message sent to the first network functional entity.
It should be noted that:When practical application, terminal identification information described in the embodiment of the present invention can be as needed It selects, as long as the information of terminal can be identified, the embodiment of the present invention limits not to this.
In addition, the concrete processing procedure of first network functional entity and terminal is as detailed above, which is not described herein again.
It should be understood by those skilled in the art that, the embodiment of the present invention can be provided as method, system or computer program Product.Therefore, the shape of hardware embodiment, software implementation or embodiment combining software and hardware aspects can be used in the present invention Formula.Moreover, the present invention can be used can use storage in the computer that one or more wherein includes computer usable program code The form for the computer program product implemented on medium (including but not limited to magnetic disk storage and optical memory etc.).
The present invention be with reference to according to the method for the embodiment of the present invention, the flow of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that can be realized by computer program instructions every first-class in flowchart and/or the block diagram The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided Instruct the processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine so that the instruction executed by computer or the processor of other programmable data processing devices is generated for real The device for the function of being specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in a box or multiple boxes.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the scope of the present invention.

Claims (23)

1. a kind of processing method of terminal iidentification, which is characterized in that it is applied to first network functional entity, the method includes:
According to the validity of the Ciphering Key for terminal, accordingly corresponding identity type instruction is sent to the terminal;It is described Identity type instruction is used to indicate the terminal identification information carried when the terminal continues message after transmission;The Ciphering Key connects It receives from the second network functional entity.
2. according to the method described in claim 1, it is characterized in that, the foundation for terminal Ciphering Key validity, When accordingly sending corresponding identity type instruction to the terminal, the method includes:
When not being directed to the Ciphering Key that can be used of the terminal, the identity type sent to the terminal is designated as the One type indicates;The first kind instruction characterizes the first network functional entity can be according to corresponding terminal identification information Identify the terminal.
3. according to the method described in claim 1, it is characterized in that, the foundation for terminal Ciphering Key validity, When accordingly sending corresponding identity type instruction to the terminal, the method includes:
When there is the Ciphering Key that can be used for the terminal, the identity type sent to the terminal is designated as second Type indicates;The Second Type instruction, which characterizes second network functional entity, to be known according to corresponding terminal identification information The not described terminal.
4. according to the method described in claim 1, it is characterized in that, the form of expression of identity type instruction is specific identifier Information is nonspecific identification information.
5. according to the method described in claim 1, it is characterized in that, the method further includes:
Receive the identification information of the terminal of the second network functional entity transmission;The identification information of the terminal received is used for The first network functional entity interacts the relevant information of the terminal with second network functional entity.
6. a kind of processing method of terminal iidentification, which is characterized in that it is applied to terminal, the method includes:
Receive the identity type instruction that first network functional entity is sent;
It is indicated according to the identity type, corresponding terminal mark is carried in the message sent to the first network functional entity Know information.
7. according to the method described in claim 6, it is characterized in that, the method further includes:
When the identity type is designated as first kind instruction, first terminal mark letter is carried in the message of the transmission Breath;The first kind instruction, which characterizes the first network functional entity, to identify institute according to the first terminal identification information State terminal;The first terminal identification information is received from the first network functional entity.
8. according to the method described in claim 6, it is characterized in that, the method further includes:
When the identity type is designated as Second Type instruction, second terminal mark letter is carried in the message of the transmission Breath;The second network functional entity of the Second Type instruction characterization can identify the end according to the second terminal identification information End.
9. according to the method described in claim 6, it is characterized in that, the method further includes:
According to the information shared with the second network functional entity, second terminal identification information is generated;Second network function is real Body can identify the terminal according to the second terminal identification information.
10. according to the method described in claim 6, it is characterized in that, the method further includes:
Receive the calculating parameter that the first network functional entity is sent;The calculating parameter is that the second network functional entity issues 's;
According to the information and calculating parameter shared with second network functional entity, second terminal identification information is generated;It is described Second network functional entity can identify the terminal according to the second terminal identification information.
11. according to the method described in claim 6, it is characterized in that, the form of expression of identity type instruction is specific mark Knowledge information is nonspecific identification information.
12. a kind of processing unit of terminal iidentification, which is characterized in that described device includes:
Determination unit;
Transmission unit, the validity of the Ciphering Key for terminal for being determined according to the determination unit, accordingly to described Terminal sends corresponding identity type instruction;The identity type instruction is used to indicate when the terminal continues message after transmission and takes The terminal identification information of band;The Ciphering Key is received from the second network functional entity.
13. device according to claim 12, which is characterized in that
When not being directed to the Ciphering Key that can be used of the terminal, mark that the transmission unit is sent to the terminal Type is designated as first kind instruction;The first kind instruction characterizes the first network functional entity can be according to corresponding Terminal identification information identifies the terminal.
14. device according to claim 12, which is characterized in that
When there is the Ciphering Key that can be used for the terminal, mark class that the transmission unit is sent to the terminal Type indicates for Second Type;The Second Type instruction characterizes second network functional entity can be according to corresponding terminal mark Know information and identifies the terminal.
15. a kind of processing unit of terminal iidentification, which is characterized in that described device includes:
Second receiving unit, the identity type instruction for receiving the transmission of first network functional entity;
Processing unit is taken for being indicated according to the identity type in the message sent to the first network functional entity With corresponding terminal identification information.
16. device according to claim 15, which is characterized in that
When the identity type is designated as first kind instruction, the processing unit carries first in the message of the transmission Terminal identification information;The first kind instruction, which characterizes the first network functional entity, to be identified according to the first terminal Information identifies the terminal;The first terminal identification information is received from the first network functional entity.
17. device according to claim 15, which is characterized in that
When the identity type is designated as Second Type instruction, the processing unit carries second terminal in the message of transmission Identification information;Second Type instruction second network functional entity of characterization can be identified according to the second terminal identification information The terminal.
18. a kind of network functional entity, which is characterized in that be first network functional entity, the first network functional entity packet It includes:
First processor;
First communication interface, the validity of the Ciphering Key for terminal for being determined according to the first processor, accordingly Corresponding identity type instruction is sent to the terminal;Identity type instruction, which is used to indicate the terminal and continues after transmission, to disappear The terminal identification information carried when breath;The Ciphering Key is received from the second network functional entity.
19. network functional entity according to claim 18, which is characterized in that
When not being directed to the Ciphering Key that can be used of the terminal, what first communication interface was sent to the terminal Identity type is designated as first kind instruction;The first kind instruction characterizes the first network functional entity can be according to right The terminal identification information answered identifies the terminal.
20. network functional entity according to claim 18, which is characterized in that
When there is the Ciphering Key that can be used for the terminal, mark that first communication interface is sent to the terminal Know type to indicate for Second Type;The Second Type instruction characterizes second network functional entity can be according to corresponding end Identification information is held to identify the terminal.
21. a kind of terminal, which is characterized in that the terminal includes:
Second communication interface, the identity type instruction for receiving the transmission of first network functional entity;
Second processor, for being indicated according to the identity type, by second communication interface to the first network Corresponding terminal identification information is carried in the message that functional entity is sent.
22. terminal according to claim 21, which is characterized in that
When the identity type is designated as first kind instruction, the second processor carries the in the message of the transmission One terminal identification information;The first kind instruction characterizes the first network functional entity can be according to the first terminal mark Know information and identifies the terminal;The first terminal identification information is received from the first network functional entity.
23. terminal according to claim 21, which is characterized in that
When the identity type is designated as Second Type instruction, the second processor carries second eventually in the message of transmission Hold identification information;Second Type instruction second network functional entity of characterization can be known according to the second terminal identification information The not described terminal.
CN201710108849.4A 2017-02-27 2017-02-27 A kind of processing method of terminal iidentification, device and relevant device Pending CN108513289A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201710108849.4A CN108513289A (en) 2017-02-27 2017-02-27 A kind of processing method of terminal iidentification, device and relevant device
PCT/CN2018/072029 WO2018153173A1 (en) 2017-02-27 2018-01-10 Terminal identification processing method, apparatus, and related device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710108849.4A CN108513289A (en) 2017-02-27 2017-02-27 A kind of processing method of terminal iidentification, device and relevant device

Publications (1)

Publication Number Publication Date
CN108513289A true CN108513289A (en) 2018-09-07

Family

ID=63253117

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710108849.4A Pending CN108513289A (en) 2017-02-27 2017-02-27 A kind of processing method of terminal iidentification, device and relevant device

Country Status (2)

Country Link
CN (1) CN108513289A (en)
WO (1) WO2018153173A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111641498A (en) * 2019-03-01 2020-09-08 中兴通讯股份有限公司 Key determination method and device
WO2020207156A1 (en) * 2019-04-12 2020-10-15 华为技术有限公司 Verification method, apparatus, and device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102625306A (en) * 2011-01-31 2012-08-01 电信科学技术研究院 Method, system and equipment for authentication
CN102905266B (en) * 2012-10-11 2015-05-20 大唐移动通信设备有限公司 Mobile equipment (ME) attaching method and device
CN102917332B (en) * 2012-10-11 2015-06-03 大唐移动通信设备有限公司 Method and device for achieving attachment of mobile equipment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111641498A (en) * 2019-03-01 2020-09-08 中兴通讯股份有限公司 Key determination method and device
WO2020207156A1 (en) * 2019-04-12 2020-10-15 华为技术有限公司 Verification method, apparatus, and device
US11871223B2 (en) 2019-04-12 2024-01-09 Huawei Technologies Co., Ltd. Authentication method and apparatus and device

Also Published As

Publication number Publication date
WO2018153173A1 (en) 2018-08-30

Similar Documents

Publication Publication Date Title
US10848970B2 (en) Network authentication method, and related device and system
WO2020177768A1 (en) Network verification method, apparatus, and system
CN110311883B (en) Identity management method, device, communication network and storage medium
US11496320B2 (en) Registration method and apparatus based on service-based architecture
CN109428875B (en) Discovery method and device based on service architecture
EP2549785B1 (en) Method and network side entity for authenticating communication devices
CN107800539B (en) Authentication method, authentication device and authentication system
KR101485230B1 (en) Secure multi-uim authentication and key exchange
US9654284B2 (en) Group based bootstrapping in machine type communication
CN112105021B (en) Authentication method, device and system
CN109104726A (en) The authentication method and related device, system and medium of network slice
CN111630882A (en) Method for determining a key for protecting a communication between a user equipment and an application server
CN103581154A (en) Authentication method and device in system of Internet of Things
CN110417563A (en) A kind of methods, devices and systems of network slice access
CN115567931A (en) Key generation method and device
CN102487506B (en) Access authentication method, system and server based on WAPI (wireless local access network authentication and privacy infrastructure) protocol
CN108513289A (en) A kind of processing method of terminal iidentification, device and relevant device
CN109451504A (en) Internet of Things mould group method for authenticating and system
CN111464306A (en) Authentication processing method, authentication processing device, storage medium, and electronic device
KR20140030518A (en) Mutual authentication method and system with network in machine type communication, key distribution method and system, and uicc and device pair authentication method and system in machine type communication
CN110933670A (en) Security USIM card for realizing main authentication enhancement and main authentication method of terminal
CN109729057A (en) Identifying code sending method, system and relevant device
CN102131191A (en) Method, authentication server, terminal and system for realizing key mapping
CN116390088A (en) Security authentication method and device for terminal under open loop transmission, electronic equipment and medium
CN117353928A (en) Authentication method, authentication system, UDM and terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180907