CN108513289A - A kind of processing method of terminal iidentification, device and relevant device - Google Patents
A kind of processing method of terminal iidentification, device and relevant device Download PDFInfo
- Publication number
- CN108513289A CN108513289A CN201710108849.4A CN201710108849A CN108513289A CN 108513289 A CN108513289 A CN 108513289A CN 201710108849 A CN201710108849 A CN 201710108849A CN 108513289 A CN108513289 A CN 108513289A
- Authority
- CN
- China
- Prior art keywords
- terminal
- functional entity
- identification information
- network functional
- instruction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/02—Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
- H04W8/04—Registration at HLR or HSS [Home Subscriber Server]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
- H04W8/24—Transfer of terminal data
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of processing methods of terminal iidentification, including:Validity of the first network functional entity according to the Ciphering Key for terminal accordingly sends corresponding identity type instruction to the terminal;The identity type instruction is used to indicate the terminal identification information carried when the terminal continues message after transmission;The Ciphering Key is received from the second network functional entity.The present invention also discloses a kind of processing unit of terminal iidentification, network functional entity and terminals.
Description
Technical field
This application involves a kind of communications field more particularly to processing method of terminal iidentification, device and relevant devices.
Background technology
In the communications field, terminal iidentification corresponding terminal for identification, i.e., for being authenticated to terminal.
In order to ensure the safety of terminal, avoid identifying counterpart terminal, third generation affiliate using a terminal iidentification
Plan (3GPP, 3rd Generation Partnership Project) proposes a kind of transformation side of mobile terminal identification
Case.
In this scheme, the authentication operation process CIMS of terminal iidentification bothers, this affects the signaling effect of authentication operation
Rate.
Invention content
To solve existing technical problem, the embodiment of the present invention provides a kind of processing method of terminal iidentification, device
And relevant device.
What the technical solution of the embodiment of the present invention was realized in:
An embodiment of the present invention provides a kind of processing methods of terminal iidentification, are applied to first network functional entity, described
Method includes:
According to the validity of the Ciphering Key for terminal, accordingly corresponding identity type instruction is sent to the terminal;
The identity type instruction is used to indicate the terminal identification information carried when the terminal continues message after transmission;The certification to
Amount is received from the second network functional entity.
In said program, the foundation accordingly sends to the terminal and corresponds to for the validity of the Ciphering Key of terminal
Identity type instruction when, the method includes:
When not being directed to the Ciphering Key that can be used of the terminal, the identity type sent to the terminal indicates
It is indicated for the first kind;The first kind instruction characterizes the first network functional entity can be according to corresponding terminal iidentification
Information identifies the terminal.
In said program, the foundation accordingly sends to the terminal and corresponds to for the validity of the Ciphering Key of terminal
Identity type instruction when, the method includes:
When there is the Ciphering Key that can be used for the terminal, the identity type sent to the terminal is designated as
Second Type indicates;The Second Type instruction, which characterizes second network functional entity, to be believed according to corresponding terminal iidentification
Breath identifies the terminal.
In said program, the form of expression of the identity type instruction is specific identification information or is nonspecific mark letter
Breath.
In said program, the method further includes:
Receive the identification information of the terminal of the second network functional entity transmission;The identification information of the terminal received
The relevant information of the terminal is interacted with second network functional entity for the first network functional entity.
The embodiment of the present invention additionally provides a kind of processing method of terminal iidentification, is applied to terminal, the method includes:
Receive the identity type instruction that first network functional entity is sent;
It is indicated according to the identity type, corresponding end is carried in the message sent to the first network functional entity
Hold identification information.
In said program, the method further includes:
When the identity type is designated as first kind instruction, first terminal mark is carried in the message of the transmission
Information;The first kind instruction, which characterizes the first network functional entity, to be identified according to the first terminal identification information
The terminal;The first terminal identification information is received from the first network functional entity.
In said program, the method further includes:
When the identity type is designated as Second Type instruction, second terminal mark is carried in the message of the transmission
Information;Described in the second network functional entity of the Second Type instruction characterization can be identified according to the second terminal identification information
Terminal.
In said program, the method further includes:
According to the information shared with the second network functional entity, second terminal identification information is generated;The second network work(
Energy entity can identify the terminal according to the second terminal identification information.
In said program, the method further includes:
Receive the calculating parameter that the first network functional entity is sent;The calculating parameter is the second network functional entity
It issues;
According to the information and calculating parameter shared with second network functional entity, second terminal identification information is generated;
Second network functional entity can identify the terminal according to the second terminal identification information.
In said program, the form of expression of the identity type instruction is specific identification information or is nonspecific mark letter
Breath.
The embodiment of the present invention provides a kind of processing unit of terminal iidentification again, including:
Determination unit;
Transmission unit, the validity of the Ciphering Key for terminal for being determined according to the determination unit, accordingly to
The terminal sends corresponding identity type instruction;The identity type instruction is used to indicate the terminal and continues message after transmission
When the terminal identification information that carries;The Ciphering Key is received from the second network functional entity.
In said program, when not being directed to the Ciphering Key that can be used of the terminal, the transmission unit is to institute
The identity type for stating terminal transmission is designated as first kind instruction;It is real that the first kind instruction characterizes the first network function
Body can identify the terminal according to corresponding terminal identification information.
In said program, when there is the Ciphering Key that can be used for the terminal, the transmission unit is to described
The identity type that terminal is sent indicates for Second Type;The Second Type instruction characterizes second network functional entity can
The terminal is identified according to corresponding terminal identification information.
The embodiment of the present invention additionally provides a kind of processing unit of terminal iidentification, including:
Second receiving unit, the identity type instruction for receiving the transmission of first network functional entity;
Processing unit, for being indicated according to the identity type, in the message sent to the first network functional entity
It is middle to carry corresponding terminal identification information.
In said program, when the identity type is designated as first kind instruction, the processing unit is in the transmission
Message in carry first terminal identification information;The first kind instruction characterizes the first network functional entity being capable of basis
The first terminal identification information identifies the terminal;The first terminal identification information connects from the first network functional entity
It receives.
In said program, when the identity type is designated as Second Type instruction, the processing unit disappears transmission
Second terminal identification information is carried in breath;Second Type instruction second network functional entity of characterization can be according to described second
Terminal identification information identifies the terminal.
The embodiment of the present invention provides a kind of network functional entity again, is first network functional entity, the first network
Functional entity includes:
First processor;
First communication interface, the validity of the Ciphering Key for terminal for being determined according to the first processor,
Accordingly corresponding identity type instruction is sent to the terminal;The identity type instruction is used to indicate the terminal after transmission
The terminal identification information carried when continuous message;The Ciphering Key is received from the second network functional entity.
In said program, when not being directed to the Ciphering Key that can be used of the terminal, first communication interface
The identity type sent to the terminal is designated as first kind instruction;The first kind instruction characterizes the first network work(
Energy entity can identify the terminal according to corresponding terminal identification information.
In said program, when there is the Ciphering Key that can be used for the terminal, first communication interface to
The identity type that the terminal is sent indicates for Second Type;The Second Type instruction characterizes second network functional entity
The terminal can be identified according to corresponding terminal identification information.
The embodiment of the present invention additionally provides a kind of terminal, including:
Second communication interface, the identity type instruction for receiving the transmission of first network functional entity;
Second processor, for being indicated according to the identity type, by second communication interface to described first
Corresponding terminal identification information is carried in the message that network functional entity is sent.
In said program, when the identity type is designated as first kind instruction, the second processor is in the hair
First terminal identification information is carried in the message sent;The first kind instruction characterizes the first network functional entity being capable of root
The terminal is identified according to the first terminal identification information;The first terminal identification information is from the first network functional entity
It receives.
In said program, when the identity type is designated as Second Type instruction, the second processor is in transmission
Second terminal identification information is carried in message;The second network functional entity of Second Type instruction characterization can be according to described the
Two terminal identification informations identify the terminal.
Processing method, device and the relevant device of terminal iidentification provided in an embodiment of the present invention, first network functional entity
According to the validity of the Ciphering Key for terminal, accordingly corresponding identity type instruction is sent to the terminal;The certification
Vector is received from the second network functional entity;After the terminal receives the identity type instruction of first network functional entity transmission,
It is indicated according to the identity type, corresponding terminal iidentification letter is carried in the message sent to the first network functional entity
Breath, due to indicating identity type to terminal, so terminal can carry corresponding terminal in the message according to the type of instruction
Mark is recognized subsequently can be directly authenticated operation by first network functional entity and the terminal so as to improve
Demonstrate,prove the signalling efficiency of operation.
Description of the drawings
In attached drawing (it is not necessarily drawn to scale), similar reference numeral phase described in different views
As component.Similar reference numerals with different letter suffix can indicate the different examples of similar component.Attached drawing with example and
Unrestricted mode generally shows each embodiment discussed herein.
Fig. 1 is a kind of shift process schematic diagram of mobile terminal identification in the related technology;
Fig. 2 is a kind of method flow schematic diagram of the processing of one terminal iidentification of the embodiment of the present invention;
Fig. 3 is the method flow schematic diagram of the processing of another terminal iidentification of the embodiment of the present invention one;
Fig. 4 is the method flow schematic diagram of two terminal iidentification of embodiment of the present invention transformation;
Fig. 5 is the method flow schematic diagram of three terminal iidentification of embodiment of the present invention transformation;
Fig. 6 is the method flow schematic diagram of four terminal iidentification of embodiment of the present invention transformation;
Fig. 7 is a kind of processing device structure diagram of five terminal iidentification of the embodiment of the present invention;
Fig. 8 is the processing device structure diagram of another terminal iidentification of the embodiment of the present invention five.
Specific implementation mode
The present invention is described in further detail again with reference to the accompanying drawings and embodiments.
As previously mentioned, a kind of conversion scheme of mobile terminal identification is proposed in 3GPP, as shown in Figure 1, the stream of this method
Journey includes the following steps:
Step 101:Terminal (UE, User Equipment) sends attach request to core network element, for example sends attachment
(Attach Request) message, message is asked to carry the mark ID1 of UE;
Here, core network element can be mobile network feature entity (MME, Mobility Management Entity)
Or mobile management function (MMF, Mobility Management Function) etc..
The ID1 can be International Mobile Subscriber Identity (IMSI, International Mobile Subscriber
Identification Number), or the mark etc. that receives before.
Step 102:Core network element issues network element to authentication data and sends authentication data request, carries the ID1 received;
Here, it can be home signature user server (HSS, Home Subscriber that the authentication data, which issues network element,
) or authentication service function (AUSF, Authentication Server Function) etc. Server.
Authentication data request is sent, can be specifically to send authentication data request (Authentication Data
Request) message etc..
Step 103:It is that the UE generates new mark ID2 that authentication data, which issues network element,;
Step 104:Authentication data issue network element to core network element send authentication data response, carry a certification to
Amount, also carries encrypted ID2 and calculating parameter;
Here, authentication data response is sent, can be specifically to send authentication data response (Authentication Data
Response) message etc..
Wherein, the calculating parameter verifies ID2 for UE.
Step 105:Core network element sends user authentication request to UE, carries the partial information in the Ciphering Key received
The parameters for authentication of composition, and carry encrypted ID2 and calculating parameter;
Here, user authentication request is sent, can be specifically to send User Authentication Request message
Deng.
The parameters for authentication can include random number (RAND) and network authentication token (AUTN) etc..
Wherein, AUTN verifies network for UE, and RAND is used for the user of network verification UE.
Step 106:UE is based on AUTN and verifies network;And response RES is calculated based on RAND, and sent out to core network element
User authentication response, message is sent to carry authentication information, i.e. RES;Core network element compares the XRES in RES and the Ciphering Key;
Network verification user passes through if RES=XRES, executes step 107;
Here, core network element can be MME etc..
User authentication response is sent, can be specifically to send User Authentication Response message.
Step 107:Core network element issues network element to authentication data and sends identity validation message, for example sends SYNC and disappear
Breath carries identifying code.
Here, the identifying code is for verifying identity validation message.
So far, it issues network element with authentication data after UE decryption ID2 and can mutually be communicated using ID2, to prevent other people
Lead to the leakage of UE location informations by tracking ID1.
From the above description, it will be seen that in the related technology, authentication data, which issues network element once and can only issue one, recognizes
Syndrome vector, subsequent authentication operation must issue network element execution by the authentication data of home network, this affects the letter of authentication operation
Enable efficiency.
Based on this, in various embodiments of the present invention:First network functional entity is according to the Ciphering Key for being directed to terminal
Validity, accordingly send the instruction of corresponding identity type to the terminal;The identity type instruction is used to indicate the end
The terminal identification information that end carries when continuing message after transmission;The Ciphering Key is received from the second network functional entity;It is described
It after terminal receives the identity type instruction of first network functional entity transmission, is indicated according to the identity type, to described the
Corresponding terminal identification information is carried in the message that one network functional entity is sent.
Embodiment one
An embodiment of the present invention provides a kind of processing methods of terminal iidentification, are applied to first network functional entity, such as Fig. 2
Shown, this method includes:
Step 201:Validity of the first network functional entity according to the Ciphering Key for terminal, determines terminal
The corresponding identity type instruction of identity type;
In other words, the first network functional entity is (available according to the service condition of the Ciphering Key for terminal
Property), determine the corresponding identity type instruction of the identity type of terminal.
Here, the identity type instruction is used to indicate the terminal iidentification letter carried when the terminal continues message after transmission
Breath.
Specifically, when not being directed to the Ciphering Key that can be used of the terminal, the mark class of the terminal is determined
Type corresponds to identity type and is designated as first kind instruction;The first kind instruction characterizes the first network functional entity can
The terminal is identified according to corresponding terminal identification information.
When there is the Ciphering Key that can be used for the terminal, determine that the identity type of the terminal corresponds to mark
Type is designated as Second Type instruction;Second Type instruction second network functional entity of characterization can be according to counterpart terminal mark
Know information and identifies the terminal.
Wherein, the Ciphering Key is the Ciphering Key that second network functional entity issues, i.e., the described Ciphering Key
Received from the second network functional entity.
From the above description, it will be seen that the service condition of the Ciphering Key can be had for the terminal
The Ciphering Key that can be used, or can be not be directed to the terminal the Ciphering Key that can be used.Briefly,
The service condition of the Ciphering Key, which can be divided into, two kinds of the Ciphering Key that can be used and the Ciphering Key that can not use
Situation.
Here, the Ciphering Key is mutually authenticated for the terminal with corresponding network.
When practical application, the second network functional entity can issue at least one Ciphering Key as needed.Each certification
Vector includes multiple parameters for authentication, this multiple parameters for authentication forms a vector, authentication authorization and accounting vector.
When practical application, the first network functional entity can access the key control node of network, such as core
Network element can be specifically MME or MMF etc..
When practical application, second network functional entity can be that authentication data issues network element, that is, control user data
Node, such as HSS or AUSF etc..
In one embodiment, the form of expression of the identity type instruction can be specific identification information, or non-
Specific identification information.
Wherein, when the form of expression of identity type instruction is specific identification information, illustrate that first network function is real
Body is determined notifies the identity type to indicate by implicit mode.For example, can by a kind of specific terminal identification information,
Such as not be complete zero identification information, that is, indicate the corresponding terminal identification information of the terminal, while having also indicated that mark class
Type be the first kind or Second Type, in this way can be with saving signaling resource.
When the form of expression of identity type instruction is specific identification information, illustrate that first network functional entity determines
The identity type is notified to indicate by explicit mode.For example, the corresponding terminal identification information of the terminal can be indicated, together
When, it is the first kind or Second Type to recycle a field to carry out sign type.
In one embodiment, this method can also include:
Receive the identification information of the terminal of the second network functional entity transmission;The identification information of the terminal received
The relevant information of the terminal is interacted with second network functional entity for the first network functional entity.
Here, when practical application, a kind of situation is that second network functional entity can't pass through first net
Network functional entity directly issues the terminal identification information of Second Type to the terminal, and the terminal can be based on and described the at this time
The shared information of two network functional entities generates the terminal identification information of Second Type, at this point, second network functional entity
The identification information of the terminal can be sent to the first network functional entity, so as to the first network functional entity with it is described
Second network functional entity interacts the relevant information of the terminal.
Wherein, when generating the identification information of terminal, when second network functional entity passes through the first network work(
When energy entity has sent calculating parameter to the terminal, the terminal can be based on the letter shared with second network functional entity
Breath and calculating parameter generate the terminal identification information of Second Type.
Step 202:The first network functional entity sends corresponding mark according to the identity type determined, to the terminal
Know type instruction.
Specifically, when not being directed to the Ciphering Key that can be used of the terminal, to the mark of terminal transmission
Type is designated as first kind instruction.
When there is the Ciphering Key that can be used for the terminal, the identity type sent to the terminal is designated as
Second Type indicates.
In one embodiment, after sending identity type instruction to the terminal, this method can also include:
The first network functional entity receives the message that the terminal is sent;
When the terminal identification information carried in the message according to reception cannot identify the terminal, the first network work(
Can the terminal identification information that carry in the message that is received to second network functional entity forwarding of entity, with to the terminal into
Row identification, to be mutually authenticated based on corresponding Ciphering Key with the terminal by the second network functional entity.
Wherein, when the terminal identification information carried in the message according to reception can identify the terminal, first net
Network functional entity is mutually authenticated with the terminal based on corresponding Ciphering Key.
View of the above, it will be seen that in the embodiment of the present invention, the first network functional entity is according to for terminal
Ciphering Key validity, accordingly send the instruction of corresponding identity type to the terminal;The identity type instruction is used for
Indicate the terminal identification information carried when the terminal continues message after transmission;The Ciphering Key is received from the second network function
Entity.
In addition, validity of the foundation for the Ciphering Key of terminal, accordingly sends corresponding mark to the terminal
Type indicate when, when not be directed to the terminal the Ciphering Key that can be used when, when not be directed to the terminal can
When the Ciphering Key used, the identity type sent to the terminal is designated as first kind instruction;The first kind instruction
The terminal can be identified according to corresponding terminal identification information by characterizing the first network functional entity.It is directed to the end when having
When the Ciphering Key that can be used at end, the identity type sent to the terminal is designated as Second Type instruction;Described second
Type instruction, which characterizes second network functional entity, to identify the terminal according to counterpart terminal identification information.
Accordingly, the embodiment of the present invention additionally provides a kind of processing method of terminal iidentification, is applied to terminal, such as Fig. 3 institutes
Show, this method includes:
Step 301:The terminal receives the identity type instruction that first network functional entity is sent;
Here, the identity type instruction is used to indicate the terminal and sends the terminal identification information carried when message.
In one embodiment, the form of expression of the identity type instruction can be specific identification information, or non-
Specific identification information.
Wherein, when the form of expression of identity type instruction is specific identification information, illustrate that first network function is real
Body is determined notifies the identity type to indicate by implicit mode.For example, can by a kind of specific terminal identification information,
Such as not be complete zero identification information, that is, indicate the corresponding terminal identification information of the terminal, while having also indicated that mark class
Type be the first kind or Second Type, in this way can be with saving signaling resource.
When the form of expression of identity type instruction is specific identification information, illustrate that first network functional entity determines
The identity type is notified to indicate by explicit mode.For example, the corresponding terminal identification information of the terminal can be indicated, together
When, it is the first kind or Second Type to recycle a field to carry out sign type.
Step 302:It is indicated according to the identity type, the terminal disappears what is sent to the first network functional entity
Corresponding terminal identification information is carried in breath.
Wherein, when the identity type of reception is designated as first kind instruction, first terminal is carried in the message of transmission
Identification information;The first kind instruction characterizes the first network functional entity can be according to the first terminal identification information
It identifies the terminal, and then is mutually authenticated based on corresponding Ciphering Key with the terminal.
When the identity type of reception is designated as Second Type instruction, second terminal mark letter is carried in the message of transmission
Breath;The second network functional entity of the Second Type instruction characterization can identify the end according to the second terminal identification information
End, and then be mutually authenticated based on corresponding Ciphering Key with the terminal by the second network functional entity.
Wherein, the first terminal identification information is received from the first network functional entity, for example can be the end
It holds and obtains first terminal identification information from the message for receiving identity type instruction.
Here, when practical application, a kind of situation is that the second network functional entity can't pass through the first network work(
Energy entity directly issues the terminal identification information of Second Type, at this time before executing step 302, the terminal to the terminal
Second terminal identification information can be generated based on the information shared with second network functional entity, at this point, the second network function
Entity can send the identification information of the terminal to the first network functional entity, so as to the first network functional entity with
Second network functional entity interacts the relevant information of the terminal.
In addition, in one embodiment, this method can also include:
The terminal receives the calculating parameter that the first network functional entity is sent;The calculating parameter is described second
What network functional entity issued;
Certainly, the terminal generates described second according to the information and calculating parameter shared with the second network functional entity
Terminal identification information.
Wherein, view of the above, it will be seen that second network functional entity can identify letter according to second terminal
Breath identifies the terminal, and then is mutually recognized each other based on corresponding Ciphering Key with the terminal by the second network functional entity
Card.
Based on the above method, the present embodiment additionally provides a kind of processing method of terminal iidentification, includes the following steps:
Step A:Validity of the first network functional entity according to the Ciphering Key for terminal, accordingly sends out to the terminal
Corresponding identity type is sent to indicate;
Step B:After the terminal receives the identity type instruction of first network functional entity transmission, according to the mark
Type indicates, corresponding terminal identification information is carried in the message sent to first network functional entity hair.
It should be noted that:When practical application, terminal identification information described in the embodiment of the present invention can be as needed
It selects, as long as the information of terminal can be identified, the embodiment of the present invention limits not to this.
In addition, the concrete processing procedure of first network functional entity and terminal is as detailed above, which is not described herein again.
The processing method of terminal iidentification provided in an embodiment of the present invention, first network functional entity is according to recognizing for terminal
The validity of syndrome vector accordingly sends corresponding identity type instruction to the terminal;The Ciphering Key is received from the second net
Network functional entity;After the terminal receives the identity type instruction of first network functional entity transmission, according to the identity type
Instruction, carries corresponding terminal identification information, due to referring to terminal in the message sent to the first network functional entity
Identity type is shown, so terminal can carry corresponding terminal iidentification in the message according to the type of instruction, subsequently may be used
To be directly authenticated operation by first network functional entity and the terminal, so as to improve the signaling effect of authentication operation
Rate.
When not being directed to the Ciphering Key that can be used of the terminal, sends identity type to the terminal and be designated as
The first kind indicates;The first kind instruction, which characterizes the first network functional entity, to be believed according to corresponding terminal iidentification
Breath identifies the terminal, to be directly authenticated operation by first network functional entity and the terminal, does not need the second net
The participation of network functional entity, to improve the signalling efficiency of authentication operation.
Embodiment two
On the basis of embodiment one, the process of terminal iidentification transformation is described in detail in the present embodiment.
The method of the present embodiment terminal iidentification transformation, as shown in figure 4, including the following steps:
Step 401:UE sends attach request to core network element;
Here, when practical application, core network element can be MME or MMF etc..
Attach request is sent, can be specifically to send Attach Request message.
The mark ID1 of UE is carried in the attach request of transmission.
Wherein, the ID1 can be the mark etc. received before IMSI or UE.
Step 402:After core network element receives attach request, issues network element to authentication data and send authentication data request;
Here, when practical application, it can be HSS or AUSF etc. that the authentication data, which issues network element,.
Authentication data request is sent, can be specifically hair Authentication Data Request message etc..
ID1 is carried in the authentication data request of transmission.
Step 403:Authentication data issues after network element receives request, and new mark ID2 is generated for UE;
Step 404:Authentication data issues network element and sends authentication data response to core network element;
Here, when practical application, authentication data response is sent, can be specifically to send Authentication Data
Response message etc..
One group of Ciphering Key and ID2 are carried in the authentication data response of transmission.
Step 405:After core network element receives response, user authentication request is sent to UE;
Here, when practical application, user authentication request is sent, can be specifically to send User Authentication
Request message etc..
The partial information group of a Ciphering Key in one group of Ciphering Key is carried in the user authentication request of transmission
At parameters for authentication, such as RAND and AUTN, and carry ID2.
Wherein, AUTN verifies network for UE, and RAND is used for the user of network verification UE.
Step 406:After UE receives request, network is verified based on AUTN;Response RES is calculated based on RAND, and to core
Heart network element sends user authentication response;
Here, when practical application, user authentication response is sent, can be specifically to send User Authentication
Response message etc..
Authentication information, i.e. RES are carried in the user response.
Step 407:After core network element receives response, the XRES in RES and corresponding Ciphering Key is compared, if
Then network verification user passes through RES=XRES, executes step 408;
Step 408:Core network element sends attachment received message to UE;
Here, when practical application, attachment received message is sent, can be specifically to send attachment to receive (Attach
Accept) message etc..
The temporary identifier TID1 of core network element distribution is carried in the attachment received message.
Wherein, the TID1 is not specific identification information, for example is not the identification information of full 0, therefore UE can be regarded it as
Identity type indicates.
Alternatively, TID1 and identity type instruction can also be carried in the attachment received message, for example carry id-type
Field is to indicate that UE uses TID1.
After terminal receives attachment received message, in subsequent process, terminal sends message using temporary identifier TID1.
Step 409:UE sends attach request to core network element again;
Here, TID1 is carried in the attach request.
Step 410:After core network element receives request, user authentication request is sent to UE;
Here, when practical application, user authentication request is sent, can be specifically to send User Authentication
Request message etc..
The partial information group in a Ciphering Key for the UE being not used by is carried in the user authentication request
At parameters for authentication, such as RAND and AUTN.
Step 411:After UE receives user authentication request, network is verified based on AUTN;UE calculates response based on RAND
RES, and send user authentication response to core network element;
Here, when practical application, user authentication response is sent, can be specifically to send User Authentication
Response message etc..
Authentication information, i.e. RES are carried in the user response.
Step 412:After core network element receives response, the XRES in RES and corresponding Ciphering Key is compared, if
Then network verification user passes through RES=XRES, thens follow the steps 413;
Step 413:Core network element sends attachment received message to terminal.
Here, when practical application, attachment received message is sent, can be specifically to send Attach Accept message etc..
Wherein, before sending attachment received message, what core network element determined whether also use is directed to this
The Ciphering Key of UE, if in addition, if adhere to received message carry core network element distribution temporary identifier TID2.With TID1 classes
As, TID2 is not specific identification information, for example is not the identification information of full 0, therefore UE can regard it as identity type instruction,
Identity type instruction can also be carried within the message, for example carries id-type fields and TID2 is used with instruction terminal.If not yet
Have the Ciphering Key for the UE that can be used, then adhere to received message carry identity type instruction and core net distribution
Temporary identifier information TID2 or message will carry specific temporary identifier as identification information, such as full 0 identification information, to refer to
Show that terminal temporary identifier is unavailable, ID2 need to be used.
After receiving attachment received message, UE can indicate to carry corresponding mark in the message of transmission according to identity type
Information.When carrying ID2 in the message that UE is sent, due to core network element None- identified UE, so core network element can be by ID2
It is transmitted to authentication data and issues network element, issuing network element by authentication data identifies UE, and issues the new Ciphering Key group for UE
To core network element, so that core network element can again be identified UE.
It should be noted that:When practical application, in step 409, UE can also be that sending business to core network element asks
It asks, for example service request (Service Request) message, subsequent processes are identical with step 410~413.
Embodiment three
On the basis of embodiment one, two, the process of terminal iidentification transformation is described in detail in the present embodiment.
The method of the present embodiment terminal iidentification transformation, as shown in figure 5, including the following steps:
Step 501:UE sends attach request to core network element;
Here, when practical application, core network element can be MME or MMF etc..
Attach request is sent, can be specifically to send Attach Request message.
The mark ID1 of UE is carried in the attach request of transmission.
Wherein, the ID1 can be the mark etc. received before IMSI or UE.
Step 502:After core network element receives attach request, issues network element to authentication data and send authentication data request;
Here, when practical application, it can be HSS or AUSF etc. that the authentication data, which issues network element,.
Authentication data request is sent, can be specifically hair Authentication Data Request message etc..
ID1 is carried in the authentication data request of transmission.
Step 503:Authentication data issues after network element receives request, according to the key Ki, ID1 or the terminal shared with the UE
Initial marking ID0, generate new mark ID2;
Here, when practical application, when generating new mark ID2, can also according to the UE share key Ki, ID1 or
The initial marking ID0 and calculating parameter (such as other numerical value etc. in random number or parameters for authentication group) of the terminal are generated new
Mark ID2.
Wherein, when practical application, other numerical value can be the other numerical value changed in parameters for authentication group.
Step 504:Authentication data issues network element and sends authentication data response to core network element;
Here, when practical application, authentication data response is sent, can be specifically to send Authentication Data
Response message etc..
One group of Ciphering Key is carried in the authentication data response of transmission.It is used when authentication data issues when network element generates ID2
When calculating parameter, the authentication data response of transmission can also further carry calculating parameter.
Step 505:After core network element receives response, user authentication request is sent to UE;
Here, when practical application, user authentication request is sent, can be specifically to send User Authentication
Request message etc..
The partial information group of a Ciphering Key in one group of Ciphering Key is carried in the user authentication request of transmission
At parameters for authentication, such as RAND and AUTN.
Correspondingly, when carrying calculating parameter in the response that core network element receives, the user authentication request of transmission is also
Calculating parameter can be carried.
Step 506:After UE receives request, new mark ID2 is calculated using the identical information of network element is issued with authentication data;
Specifically, when not carrying calculating parameter in request, UE is according to key Ki, the initial marking ID0 of ID1 or the terminal
Calculate ID2;When carrying calculating parameter in request, UE is according to key Ki, the initial marking ID0 of ID1 or the terminal, and calculates
Parameter calculates ID2.
It is described that the identical information of network element is issued with authentication data, it is believed that be to issue the shared letter of network element with authentication data
Breath.
Step 507:UE is based on AUTN and verifies network;UE calculates response RES based on RAND, and is sent out to core network element
Send user authentication response;
Here, when practical application, user authentication response is sent, can be specifically to send User Authentication
Response message etc..
Authentication information, i.e. RES are carried in the user response.
Step 508:After core network element receives response, the XRES in RES and the Ciphering Key is compared, if
Then network verification user passes through RES=XRES, executes step 509;
Step 509:Core network element sends attachment received message to UE;
Here, when practical application, attachment received message is sent, can be specifically to send attachment to receive (Attach
Accept) message etc..
The temporary identifier TID1 of core network element distribution is carried in the attachment received message.
Wherein, the TID1 is not specific identification information, for example is not the identification information of full 0, therefore UE can be regarded it as
Identity type indicates.
Alternatively, TID1 and identity type instruction can also be carried in the attachment received message, for example carry id-type
Field uses TID1 with instruction terminal.
After terminal receives attachment received message, in subsequent process, terminal sends message using temporary identifier TID1.
Step 510:UE sends attach request to core network element again;
Here, TID1 is carried in the attach request.
Step 511:After core network element receives request, user authentication request is sent to UE;
Here, when practical application, user authentication request is sent, can be specifically to send User Authentication
Request message etc..
The partial information group in a Ciphering Key for the UE being not used by is carried in the user authentication request
At parameters for authentication, such as RAND and AUTN.
Step 512:After UE receives user authentication request, network is verified based on AUTN;UE calculates response based on RAND
RES, and send user authentication response to core network element;
Here, when practical application, user authentication response is sent, can be specifically to send User Authentication
Response message etc..
Authentication information, i.e. RES are carried in the user response.
Step 513:After core network element receives response, the XRES in RES and corresponding Ciphering Key is compared, if
Then network verification user passes through RES=XRES, thens follow the steps 514;
Step 514:Core network element sends attachment received message to terminal.
Here, when practical application, attachment received message is sent, can be specifically to send Attach Accept message etc..
Wherein, before sending attachment received message, what core network element determined whether also use is directed to this
The Ciphering Key of UE, if in addition, if adhere to received message carry core network element distribution temporary identifier TID2.With TID1 classes
As, TID2 is not specific identification information, for example is not the identification information of full 0, therefore UE can regard it as identity type instruction,
Identity type instruction can also be carried within the message, for example carries id-type fields and TID2 is used with instruction terminal.If not yet
Have the Ciphering Key for the UE that can be used, then adhere to received message carry identity type instruction and core net distribution
Temporary identifier information TID2 or message will carry specific temporary identifier as identification information, such as full 0 identification information, to refer to
Show that terminal temporary identifier is unavailable, ID2 need to be used.
After receiving attachment received message, UE can indicate to carry corresponding mark in the message of transmission according to identity type
Information.When carrying ID2 in the message that UE is sent, due to core network element None- identified UE, so core network element can be by ID2
It is transmitted to authentication data and issues network element, issuing network element by authentication data identifies UE, and issues the new Ciphering Key group for UE
To core network element.
It should be noted that:When practical application, in step 510, UE can also be that centripetal network element sends service request,
For example Service Request message, subsequent processes are identical with step 511~514.
Example IV
The process of terminal iidentification transformation is described in detail in the present embodiment.
The method of the present embodiment terminal iidentification transformation, as shown in fig. 6, including the following steps:
Step 601:UE sends attach request to core network element;
Here, when practical application, core network element can be MME or MMF etc..
Attach request is sent, can be specifically to send Attach Request message.
The mark ID1 of UE is carried in the attach request of transmission.
Wherein, the ID1 can be the mark etc. received before IMSI or UE.
Step 602:After core network element receives attach request, issues network element to authentication data and send authentication data request;
Here, when practical application, it can be HSS or AUSF etc. that the authentication data, which issues network element,.
Authentication data request is sent, can be specifically hair Authentication Data Request message etc..
ID1 is carried in the authentication data request of transmission.
Step 603:Authentication data issues after network element receives request, according to the key Ki, ID1 or the terminal shared with the UE
Initial marking ID0, generate new mark ID2;
Here, when practical application, when generating new mark ID2, can also according to the UE share key Ki, ID1 or
The initial marking ID0 and calculating parameter (such as other numerical value etc. in random number or parameters for authentication group) of the terminal are generated new
Mark ID2.
Wherein, when practical application, other numerical value can be the other numerical value changed in parameters for authentication group.
Step 604:Authentication data issues network element and sends authentication data response to core network element;
Here, when practical application, authentication data response is sent, can be specifically to send Authentication Data
Response message etc..
One group of Ciphering Key and anchoring mark AID1 are carried in the authentication data response of transmission.
Wherein, AID1 issues the relevant information that network element interacts the UE for core network element with authentication data.
When authentication data, which issues, has used calculating parameter when network element generates ID2, the authentication data response of transmission can be with
Further carry calculating parameter.
Step 605:After core network element receives response, user authentication request is sent to UE;
Here, when practical application, user authentication request is sent, can be specifically to send User Authentication
Request message etc..
The partial information group of a Ciphering Key in one group of Ciphering Key is carried in the user authentication request of transmission
At parameters for authentication, such as RAND and AUTN.
Correspondingly, when carrying calculating parameter in the response that core network element receives, the user authentication request of transmission is also
Calculating parameter can be carried.
Step 606:After UE receives request, new mark ID2 is calculated using the identical information of network element is issued with authentication data;
Specifically, when not carrying calculating parameter in request, UE is according to key Ki, the initial marking ID0 of ID1 or the terminal
Calculate ID2;When carrying calculating parameter in request, UE is according to key Ki, the initial marking ID0 of ID1 or the terminal, and calculates
Parameter calculates ID2.
It is described that the identical information of network element is issued with authentication data, it is believed that be to issue the shared letter of network element with authentication data
Breath.
Step 607:UE is based on AUTN and verifies network;UE calculates response RES based on RAND, and is sent out to core network element
Send user authentication response;
Here, when practical application, user authentication response is sent, can be specifically to send User Authentication
Response message etc..
Authentication information, i.e. RES are carried in the user response.
Step 608:After core network element receives response, the XRES in RES and the Ciphering Key is compared, if
Then network verification user passes through RES=XRES, executes step 609;
Step 609:Core network element sends attachment received message to UE;
Here, when practical application, attachment received message is sent, can be specifically to send attachment to receive (Attach
Accept) message etc..
The temporary identifier TID1 of core network element distribution is carried in the attachment received message.
Wherein, the TID1 is not specific identification information, for example is not the identification information of full 0, therefore UE can be regarded it as
Identity type indicates.
Alternatively, TID1 and identity type instruction can also be carried in the attachment received message, for example carry id-type
Field uses TID1 with instruction terminal.
After terminal receives attachment received message, in subsequent process, terminal sends message using temporary identifier TID1.
Step 610:UE sends attach request to core network element again;
Here, TID1 is carried in the attach request.
When practical application,
Step 611:After core network element receives request, user authentication request is sent to UE;
Here, when practical application, user authentication request is sent, can be specifically to send User Authentication
Request message etc..
The partial information group in a Ciphering Key for the UE being not used by is carried in the user authentication request
At parameters for authentication, such as RAND and AUTN.
Step 612:After UE receives user authentication request, network is verified based on AUTN;UE calculates response based on RAND
RES, and send user authentication response to core network element;
Here, when practical application, user authentication response is sent, can be specifically to send User Authentication
Response message etc..
Authentication information, i.e. RES are carried in the user response.
Step 613:After core network element receives response, the XRES in RES and corresponding Ciphering Key is compared, if
Then network verification user passes through RES=XRES, thens follow the steps 614;
Step 614:Core network element sends attachment received message to terminal.
Here, when practical application, attachment received message is sent, can be specifically to send Attach Accept message etc..
Wherein, before sending attachment received message, what core network element determined whether also use is directed to this
The Ciphering Key of UE, if in addition, if adhere to received message carry core network element distribution temporary identifier TID2.With TID1 classes
As, TID2 is not specific identification information, for example is not the identification information of full 0, therefore UE can regard it as identity type instruction,
Identity type instruction can also be carried within the message, for example carries id-type fields and TID2 is used with instruction terminal.If not yet
Have the Ciphering Key for the UE that can be used, then adhere to received message carry identity type instruction and core net distribution
Temporary identifier information TID2 or message will carry specific temporary identifier as identification information, such as full 0 identification information, to refer to
Show that terminal temporary identifier is unavailable, ID2 need to be used.
After receiving attachment received message, UE can indicate to carry corresponding mark in the message of transmission according to identity type
Information.When carrying ID2 in the message that UE is sent, due to core network element None- identified UE, so core network element can be by ID2
It is transmitted to authentication data and issues network element, issuing network element by authentication data identifies UE, and issues the new Ciphering Key group for UE
To core network element.
It should be noted that:When practical application, in step 610, UE can also be that centripetal network element sends service request,
For example Service Request message, subsequent processes are identical with step 611~614.
From embodiment two to four as can be seen that scheme provided in an embodiment of the present invention, uses two kinds of terminal identification informations:One
Kind is distributed by core network element, another to issue network element distribution by authentication data, and which uses by core network element notice terminal
Kind terminal identification information, authentication data, which issues network element, can once issue multiple Ciphering Key so that authentication operation can visit
The core network element for visiting ground executes, to improve the signalling efficiency of authentication operation.
Embodiment five
The method of embodiment to realize the present invention, the present embodiment provides a kind of processing unit of terminal iidentification, setting is the
One network functional entity, as shown in fig. 7, the device includes:
Determination unit 71;
Transmission unit 72, the validity of the Ciphering Key for terminal for being determined according to the determination unit 71, phase
Corresponding identity type instruction should be sent to the terminal;The identity type instruction is used to indicate the terminal and continues after transmission
The terminal identification information carried when message.
That is, the determination unit 71 according to the Ciphering Key for terminal validity (it can be appreciated that making
With situation), determine the corresponding identity type instruction of the identity type of terminal;Correspondingly, the transmission unit 72 is according to determining
Identity type indicates, corresponding identity type instruction is sent to the terminal.
Specifically, when not being directed to the Ciphering Key that can be used of the terminal, the determination unit 71 determines institute
State terminal identity type correspond to identity type be designated as the first kind instruction;The first kind instruction characterizes first net
Network functional entity can identify the terminal according to corresponding terminal identification information.
When there is the Ciphering Key that can be used for the terminal, first determination unit 71 determines the terminal
Identity type correspond to identity type be designated as Second Type instruction;Second Type instruction second network functional entity of characterization
The terminal can be identified according to counterpart terminal identification information.
Accordingly for transmission unit 72, when not being directed to the Ciphering Key that can be used of the terminal, to described
The identity type that terminal is sent is designated as first kind instruction;When there is the Ciphering Key that can be used for the terminal,
The identity type sent to the terminal indicates for Second Type;It is real that the Second Type instruction characterizes second network function
Body can identify the terminal according to corresponding terminal identification information.
Wherein, the Ciphering Key is the Ciphering Key that second network functional entity issues, i.e., the described Ciphering Key
Received from the second network functional entity.
From the above description, it will be seen that the service condition of the Ciphering Key can be had for the terminal
The Ciphering Key that can be used, or can be not be directed to the terminal the Ciphering Key that can be used.Briefly,
The service condition of the Ciphering Key, which can be divided into, two kinds of the Ciphering Key that can be used and the Ciphering Key that can not use
Situation.
Here, the Ciphering Key is mutually authenticated for the terminal with corresponding network.
When practical application, the second network functional entity can issue at least one Ciphering Key as needed.Each certification
Vector includes multiple parameters for authentication, this multiple parameters for authentication forms a vector, authentication authorization and accounting vector.
When practical application, the first network functional entity can access the key control node of network, such as core
Network element can be specifically MME or MMF etc..
When practical application, second network functional entity can be that authentication data issues network element, that is, control user data
Node, such as HSS or AUSF etc..
In one embodiment, the form of expression of the identity type instruction can be specific identification information, or non-
Specific identification information.
Wherein, when the form of expression of identity type instruction is specific identification information, illustrate that first network function is real
Body is determined notifies the identity type to indicate by implicit mode.For example, can by a kind of specific terminal identification information,
Such as not be complete zero identification information, that is, indicate the corresponding terminal identification information of the terminal, while having also indicated that mark class
Type be the first kind or Second Type, in this way can be with saving signaling resource.
When the form of expression of identity type instruction is specific identification information, illustrate that first network functional entity determines
The identity type is notified to indicate by explicit mode.For example, the corresponding terminal identification information of the terminal can be indicated, together
When, it is the first kind or Second Type to recycle a field to carry out sign type.
In one embodiment, which can also include:
First receiving unit, the identification information of the terminal for receiving the transmission of the second network functional entity;It receives
The identification information of the terminal interacts the terminal for the first network functional entity with second network functional entity
Relevant information.
Here, when practical application, a kind of situation is that second network functional entity can't pass through first net
Network functional entity directly issues the terminal identification information of Second Type to the terminal, and the terminal can be based on and described the at this time
The shared information of two network functional entities generates the terminal identification information of Second Type, at this point, second network functional entity
The identification information of the terminal can be sent to the first network functional entity, so as to the first network functional entity with it is described
Second network functional entity interacts the relevant information of the terminal.
Wherein, when generating the identification information of terminal, when second network functional entity passes through the first network work(
When energy entity has sent calculating parameter to the terminal, the terminal can be based on the letter shared with second network functional entity
Breath and calculating parameter generate the terminal identification information of Second Type.
In one embodiment, the first receiving unit, the message sent for receiving the terminal;
The transmission unit 72 is additionally operable to described when that cannot be identified according to the terminal identification information carried in the message of reception
When terminal, the terminal identification information carried in the message received to second network functional entity forwarding, with to the terminal
It is identified, to be mutually authenticated based on corresponding Ciphering Key with the terminal by the second network functional entity.
Wherein, when the terminal identification information carried in the message according to reception can identify the terminal, first net
Network functional entity is mutually authenticated with the terminal based on corresponding Ciphering Key.
When practical application, determination unit 71 can be realized by the processor in the processing unit of terminal iidentification;The transmission is single
Member 72 and the first receiving unit can be realized by the communication interface in the processing unit of terminal iidentification.
Based on this, the embodiment of the present invention additionally provides a kind of network functional entity, is first network functional entity, and described the
One network functional entity includes:
First processor;
First communication interface, the validity of the Ciphering Key for terminal for being determined according to the first processor,
Accordingly corresponding identity type instruction is sent to the terminal;The identity type instruction is used to indicate the terminal after transmission
The terminal identification information carried when continuous message;The Ciphering Key is received from the second network functional entity.
Wherein, when not being directed to the Ciphering Key that can be used of the terminal, first communication interface is to described
The identity type that terminal is sent is designated as first kind instruction;The first kind instruction characterizes the first network functional entity
The terminal can be identified according to corresponding terminal identification information.
When there is the Ciphering Key that can be used for the terminal, first communication interface is sent to the terminal
Identity type be Second Type instruction;The Second Type instruction characterizes second network functional entity can be according to correspondence
Terminal identification information identify the terminal.
The realization function of first processor and the first communication interface can refer to the associated description of preceding method and device and manage
Solution, which is not described herein again.
Accordingly, the processing method of the terminal iidentification of embodiment end side, the embodiment of the present invention also carry to realize the present invention
A kind of processing unit of terminal iidentification is supplied, as shown in figure 8, the device includes:
Second receiving unit 81, the identity type instruction for receiving the transmission of first network functional entity;
Processing unit 82 disappears for being indicated according to the identity type what is sent to the first network functional entity
Corresponding terminal identification information is carried in breath.
Here, the identity type instruction is used to indicate the terminal and sends the terminal identification information carried when message.
In one embodiment, the form of expression of the identity type instruction can be specific identification information, or non-
Specific identification information.
Wherein, when the form of expression of identity type instruction is specific identification information, illustrate that first network function is real
Body is determined notifies the identity type to indicate by implicit mode.For example, can by a kind of specific terminal identification information,
Such as not be complete zero identification information, that is, indicate the corresponding terminal identification information of the terminal, while having also indicated that mark class
Type be the first kind or Second Type, in this way can be with saving signaling resource.
When the form of expression of identity type instruction is specific identification information, illustrate that first network functional entity determines
The identity type is notified to indicate by explicit mode.For example, the corresponding terminal identification information of the terminal can be indicated, together
When, it is the first kind or Second Type to recycle a field to carry out sign type.
In one embodiment, for the processing unit 82:
When the identity type of reception is designated as first kind instruction, first terminal mark letter is carried in the message of transmission
Breath;The first kind instruction, which characterizes the first network functional entity, to identify institute according to the first terminal identification information
Terminal is stated, and then is mutually authenticated based on corresponding Ciphering Key with the terminal;
Alternatively,
When the identity type of reception is designated as Second Type instruction, second terminal mark letter is carried in the message of transmission
Breath;The second network functional entity of the Second Type instruction characterization can identify the end according to the second terminal identification information
End, and then be mutually authenticated based on corresponding Ciphering Key with the terminal by the second network functional entity.
Wherein, the first terminal identification information is received from the first network functional entity, for example can be the end
It holds and obtains first terminal identification information from the message for receiving identity type instruction.
Here, when practical application, a kind of situation is that the second network functional entity can't pass through the first network work(
Can entity the terminal identification information of Second Type is directly issued to the terminal, at this time the processing unit 82 can be based on it is described
The shared information of second network functional entity generates second terminal identification information, at this point, the second network functional entity can be to described
First network functional entity sends the identification information of the terminal, so as to the first network functional entity and second network
Functional entity interacts the relevant information of the terminal.
In addition, in one embodiment, second receiving unit 81 is additionally operable to receive what first network functional entity was sent
Calculating parameter;The calculating parameter is that second network functional entity issues;
The processing unit 82, is used for:According to the information and calculating parameter shared with the second network functional entity, institute is generated
State second terminal identification information.
Wherein, view of the above, it will be seen that second network functional entity can identify letter according to second terminal
Breath identifies the terminal, and then is mutually recognized each other based on corresponding Ciphering Key with the terminal by the second network functional entity
Card.
When practical application, the second receiving unit 81 can be realized by the communication interface in the processing unit of terminal iidentification;It is described
Processing unit 82 can be realized by the processor in the processing unit of terminal iidentification.
Based on this, the embodiment of the present invention additionally provides a kind of terminal, including:
Second communication interface, the identity type instruction for receiving the transmission of first network functional entity;
Second processor, for being indicated according to the identity type, by second communication interface to described first
Corresponding terminal identification information is carried in the message that network functional entity is sent.
Wherein, when the identity type is designated as first kind instruction, the second processor disappears the transmission
First terminal identification information is carried in breath;The first kind instruction characterizes the first network functional entity can be according to described
First terminal identification information identifies the terminal;The first terminal identification information is received from the first network functional entity.
When the identity type is designated as Second Type instruction, the second processor carries the in the message of transmission
Two terminal identification informations;The second network functional entity of the Second Type instruction characterization can be identified according to the second terminal to be believed
Breath identifies the terminal.
The realization function of second communication interface and second processor can refer to the associated description of preceding method and device and manage
Solution, which is not described herein again.
Based on above-mentioned apparatus, the embodiment of the present invention additionally provides a kind of processing system of terminal iidentification, which includes:
First network functional entity is accordingly sent out to the terminal for the validity according to the Ciphering Key for terminal
Corresponding identity type is sent to indicate;
Terminal, after the identity type instruction for receiving the transmission of first network functional entity, according to the identity type
Instruction, corresponding terminal identification information is carried in the message sent to the first network functional entity.
It should be noted that:When practical application, terminal identification information described in the embodiment of the present invention can be as needed
It selects, as long as the information of terminal can be identified, the embodiment of the present invention limits not to this.
In addition, the concrete processing procedure of first network functional entity and terminal is as detailed above, which is not described herein again.
It should be understood by those skilled in the art that, the embodiment of the present invention can be provided as method, system or computer program
Product.Therefore, the shape of hardware embodiment, software implementation or embodiment combining software and hardware aspects can be used in the present invention
Formula.Moreover, the present invention can be used can use storage in the computer that one or more wherein includes computer usable program code
The form for the computer program product implemented on medium (including but not limited to magnetic disk storage and optical memory etc.).
The present invention be with reference to according to the method for the embodiment of the present invention, the flow of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that can be realized by computer program instructions every first-class in flowchart and/or the block diagram
The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided
Instruct the processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine so that the instruction executed by computer or the processor of other programmable data processing devices is generated for real
The device for the function of being specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to
Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or
The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in a box or multiple boxes.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the scope of the present invention.
Claims (23)
1. a kind of processing method of terminal iidentification, which is characterized in that it is applied to first network functional entity, the method includes:
According to the validity of the Ciphering Key for terminal, accordingly corresponding identity type instruction is sent to the terminal;It is described
Identity type instruction is used to indicate the terminal identification information carried when the terminal continues message after transmission;The Ciphering Key connects
It receives from the second network functional entity.
2. according to the method described in claim 1, it is characterized in that, the foundation for terminal Ciphering Key validity,
When accordingly sending corresponding identity type instruction to the terminal, the method includes:
When not being directed to the Ciphering Key that can be used of the terminal, the identity type sent to the terminal is designated as the
One type indicates;The first kind instruction characterizes the first network functional entity can be according to corresponding terminal identification information
Identify the terminal.
3. according to the method described in claim 1, it is characterized in that, the foundation for terminal Ciphering Key validity,
When accordingly sending corresponding identity type instruction to the terminal, the method includes:
When there is the Ciphering Key that can be used for the terminal, the identity type sent to the terminal is designated as second
Type indicates;The Second Type instruction, which characterizes second network functional entity, to be known according to corresponding terminal identification information
The not described terminal.
4. according to the method described in claim 1, it is characterized in that, the form of expression of identity type instruction is specific identifier
Information is nonspecific identification information.
5. according to the method described in claim 1, it is characterized in that, the method further includes:
Receive the identification information of the terminal of the second network functional entity transmission;The identification information of the terminal received is used for
The first network functional entity interacts the relevant information of the terminal with second network functional entity.
6. a kind of processing method of terminal iidentification, which is characterized in that it is applied to terminal, the method includes:
Receive the identity type instruction that first network functional entity is sent;
It is indicated according to the identity type, corresponding terminal mark is carried in the message sent to the first network functional entity
Know information.
7. according to the method described in claim 6, it is characterized in that, the method further includes:
When the identity type is designated as first kind instruction, first terminal mark letter is carried in the message of the transmission
Breath;The first kind instruction, which characterizes the first network functional entity, to identify institute according to the first terminal identification information
State terminal;The first terminal identification information is received from the first network functional entity.
8. according to the method described in claim 6, it is characterized in that, the method further includes:
When the identity type is designated as Second Type instruction, second terminal mark letter is carried in the message of the transmission
Breath;The second network functional entity of the Second Type instruction characterization can identify the end according to the second terminal identification information
End.
9. according to the method described in claim 6, it is characterized in that, the method further includes:
According to the information shared with the second network functional entity, second terminal identification information is generated;Second network function is real
Body can identify the terminal according to the second terminal identification information.
10. according to the method described in claim 6, it is characterized in that, the method further includes:
Receive the calculating parameter that the first network functional entity is sent;The calculating parameter is that the second network functional entity issues
's;
According to the information and calculating parameter shared with second network functional entity, second terminal identification information is generated;It is described
Second network functional entity can identify the terminal according to the second terminal identification information.
11. according to the method described in claim 6, it is characterized in that, the form of expression of identity type instruction is specific mark
Knowledge information is nonspecific identification information.
12. a kind of processing unit of terminal iidentification, which is characterized in that described device includes:
Determination unit;
Transmission unit, the validity of the Ciphering Key for terminal for being determined according to the determination unit, accordingly to described
Terminal sends corresponding identity type instruction;The identity type instruction is used to indicate when the terminal continues message after transmission and takes
The terminal identification information of band;The Ciphering Key is received from the second network functional entity.
13. device according to claim 12, which is characterized in that
When not being directed to the Ciphering Key that can be used of the terminal, mark that the transmission unit is sent to the terminal
Type is designated as first kind instruction;The first kind instruction characterizes the first network functional entity can be according to corresponding
Terminal identification information identifies the terminal.
14. device according to claim 12, which is characterized in that
When there is the Ciphering Key that can be used for the terminal, mark class that the transmission unit is sent to the terminal
Type indicates for Second Type;The Second Type instruction characterizes second network functional entity can be according to corresponding terminal mark
Know information and identifies the terminal.
15. a kind of processing unit of terminal iidentification, which is characterized in that described device includes:
Second receiving unit, the identity type instruction for receiving the transmission of first network functional entity;
Processing unit is taken for being indicated according to the identity type in the message sent to the first network functional entity
With corresponding terminal identification information.
16. device according to claim 15, which is characterized in that
When the identity type is designated as first kind instruction, the processing unit carries first in the message of the transmission
Terminal identification information;The first kind instruction, which characterizes the first network functional entity, to be identified according to the first terminal
Information identifies the terminal;The first terminal identification information is received from the first network functional entity.
17. device according to claim 15, which is characterized in that
When the identity type is designated as Second Type instruction, the processing unit carries second terminal in the message of transmission
Identification information;Second Type instruction second network functional entity of characterization can be identified according to the second terminal identification information
The terminal.
18. a kind of network functional entity, which is characterized in that be first network functional entity, the first network functional entity packet
It includes:
First processor;
First communication interface, the validity of the Ciphering Key for terminal for being determined according to the first processor, accordingly
Corresponding identity type instruction is sent to the terminal;Identity type instruction, which is used to indicate the terminal and continues after transmission, to disappear
The terminal identification information carried when breath;The Ciphering Key is received from the second network functional entity.
19. network functional entity according to claim 18, which is characterized in that
When not being directed to the Ciphering Key that can be used of the terminal, what first communication interface was sent to the terminal
Identity type is designated as first kind instruction;The first kind instruction characterizes the first network functional entity can be according to right
The terminal identification information answered identifies the terminal.
20. network functional entity according to claim 18, which is characterized in that
When there is the Ciphering Key that can be used for the terminal, mark that first communication interface is sent to the terminal
Know type to indicate for Second Type;The Second Type instruction characterizes second network functional entity can be according to corresponding end
Identification information is held to identify the terminal.
21. a kind of terminal, which is characterized in that the terminal includes:
Second communication interface, the identity type instruction for receiving the transmission of first network functional entity;
Second processor, for being indicated according to the identity type, by second communication interface to the first network
Corresponding terminal identification information is carried in the message that functional entity is sent.
22. terminal according to claim 21, which is characterized in that
When the identity type is designated as first kind instruction, the second processor carries the in the message of the transmission
One terminal identification information;The first kind instruction characterizes the first network functional entity can be according to the first terminal mark
Know information and identifies the terminal;The first terminal identification information is received from the first network functional entity.
23. terminal according to claim 21, which is characterized in that
When the identity type is designated as Second Type instruction, the second processor carries second eventually in the message of transmission
Hold identification information;Second Type instruction second network functional entity of characterization can be known according to the second terminal identification information
The not described terminal.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710108849.4A CN108513289A (en) | 2017-02-27 | 2017-02-27 | A kind of processing method of terminal iidentification, device and relevant device |
PCT/CN2018/072029 WO2018153173A1 (en) | 2017-02-27 | 2018-01-10 | Terminal identification processing method, apparatus, and related device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710108849.4A CN108513289A (en) | 2017-02-27 | 2017-02-27 | A kind of processing method of terminal iidentification, device and relevant device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108513289A true CN108513289A (en) | 2018-09-07 |
Family
ID=63253117
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710108849.4A Pending CN108513289A (en) | 2017-02-27 | 2017-02-27 | A kind of processing method of terminal iidentification, device and relevant device |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN108513289A (en) |
WO (1) | WO2018153173A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111641498A (en) * | 2019-03-01 | 2020-09-08 | 中兴通讯股份有限公司 | Key determination method and device |
WO2020207156A1 (en) * | 2019-04-12 | 2020-10-15 | 华为技术有限公司 | Verification method, apparatus, and device |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102625306A (en) * | 2011-01-31 | 2012-08-01 | 电信科学技术研究院 | Method, system and equipment for authentication |
CN102905266B (en) * | 2012-10-11 | 2015-05-20 | 大唐移动通信设备有限公司 | Mobile equipment (ME) attaching method and device |
CN102917332B (en) * | 2012-10-11 | 2015-06-03 | 大唐移动通信设备有限公司 | Method and device for achieving attachment of mobile equipment |
-
2017
- 2017-02-27 CN CN201710108849.4A patent/CN108513289A/en active Pending
-
2018
- 2018-01-10 WO PCT/CN2018/072029 patent/WO2018153173A1/en active Application Filing
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111641498A (en) * | 2019-03-01 | 2020-09-08 | 中兴通讯股份有限公司 | Key determination method and device |
WO2020207156A1 (en) * | 2019-04-12 | 2020-10-15 | 华为技术有限公司 | Verification method, apparatus, and device |
US11871223B2 (en) | 2019-04-12 | 2024-01-09 | Huawei Technologies Co., Ltd. | Authentication method and apparatus and device |
Also Published As
Publication number | Publication date |
---|---|
WO2018153173A1 (en) | 2018-08-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10848970B2 (en) | Network authentication method, and related device and system | |
WO2020177768A1 (en) | Network verification method, apparatus, and system | |
CN110311883B (en) | Identity management method, device, communication network and storage medium | |
US11496320B2 (en) | Registration method and apparatus based on service-based architecture | |
CN109428875B (en) | Discovery method and device based on service architecture | |
EP2549785B1 (en) | Method and network side entity for authenticating communication devices | |
CN107800539B (en) | Authentication method, authentication device and authentication system | |
KR101485230B1 (en) | Secure multi-uim authentication and key exchange | |
US9654284B2 (en) | Group based bootstrapping in machine type communication | |
CN112105021B (en) | Authentication method, device and system | |
CN109104726A (en) | The authentication method and related device, system and medium of network slice | |
CN111630882A (en) | Method for determining a key for protecting a communication between a user equipment and an application server | |
CN103581154A (en) | Authentication method and device in system of Internet of Things | |
CN110417563A (en) | A kind of methods, devices and systems of network slice access | |
CN115567931A (en) | Key generation method and device | |
CN102487506B (en) | Access authentication method, system and server based on WAPI (wireless local access network authentication and privacy infrastructure) protocol | |
CN108513289A (en) | A kind of processing method of terminal iidentification, device and relevant device | |
CN109451504A (en) | Internet of Things mould group method for authenticating and system | |
CN111464306A (en) | Authentication processing method, authentication processing device, storage medium, and electronic device | |
KR20140030518A (en) | Mutual authentication method and system with network in machine type communication, key distribution method and system, and uicc and device pair authentication method and system in machine type communication | |
CN110933670A (en) | Security USIM card for realizing main authentication enhancement and main authentication method of terminal | |
CN109729057A (en) | Identifying code sending method, system and relevant device | |
CN102131191A (en) | Method, authentication server, terminal and system for realizing key mapping | |
CN116390088A (en) | Security authentication method and device for terminal under open loop transmission, electronic equipment and medium | |
CN117353928A (en) | Authentication method, authentication system, UDM and terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180907 |