WO2010040259A1 - Method and apparatus for providing user of communication terminal with identity confidentiality protection - Google Patents

Method and apparatus for providing user of communication terminal with identity confidentiality protection Download PDF

Info

Publication number
WO2010040259A1
WO2010040259A1 PCT/CN2008/072641 CN2008072641W WO2010040259A1 WO 2010040259 A1 WO2010040259 A1 WO 2010040259A1 CN 2008072641 W CN2008072641 W CN 2008072641W WO 2010040259 A1 WO2010040259 A1 WO 2010040259A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
communication terminal
pseudo
identity
name
Prior art date
Application number
PCT/CN2008/072641
Other languages
French (fr)
Chinese (zh)
Other versions
WO2010040259A8 (en
Inventor
胡志远
骆志刚
万志坤
王楠
Original Assignee
上海贝尔阿尔卡特股份有限公司
阿尔卡特朗讯公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海贝尔阿尔卡特股份有限公司, 阿尔卡特朗讯公司 filed Critical 上海贝尔阿尔卡特股份有限公司
Priority to PCT/CN2008/072641 priority Critical patent/WO2010040259A1/en
Priority to CN200880130771.5A priority patent/CN102124767B/en
Publication of WO2010040259A1 publication Critical patent/WO2010040259A1/en
Publication of WO2010040259A8 publication Critical patent/WO2010040259A8/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden

Definitions

  • the present invention relates to the field of communications, and more particularly to a method, device, and computer for providing confidentiality protection for a communication terminal user, particularly an identity identifier such as an IMSI (International Mobile Subscriber Identity) for a communication terminal user. program. Background technique
  • IMSI International Mobile Subscriber Identity
  • FIG. 1 shows an example of a SAE/LTE architecture conforming to the 3GPP TS 23.401 standard.
  • the user equipment UE Whenever the user wants to access the service provided by the operator, for example, the IMS service, the user equipment UE first needs to be authenticated by the MME (Mobility Management Entity) via the E-UTRAN, and the MME performs the UE according to the related information provided by the HSS. Certification operation.
  • an access request from the UE is sent to the PDN gateway via the E-UTRAN and the service gateway.
  • the PDN gateway forwards the user request to the operator's IP service according to a policy obtained in advance or temporarily from the PCRF, such as an access rights policy and a charging policy.
  • the MME may provide a function of paging, selecting a PDN-GW, and an S-GW for a UE in an MME-IDLE state (ie, a state of staying but no message transmission);
  • the HSS is a database for storing user subscription information, User security information such as user identification, number, network access control information for authentication and authorization, user location information, and the like are stored.
  • the MME on the network side allocates a GUTI (Globally Unique Temporary Identity) to each mobile user who has an IMSI.
  • the network side MME obtains the IMSI of the user according to the GUTI of the user, and then according to The obtained IMSI is used to authenticate the user. After the authentication succeeds, the UE owned by the user can access the service provided by the operator.
  • the MME may not be able to identify the user identity IMSI in the user UE based on the user's GUTI.
  • the ME USIM is registered for the first time in the service network and does not receive a valid GUTI within a certain period of time, or the GUTI cannot regain the IMSI of the UE user due to a database failure in the service network, or After the UE roams to the new service network, the new service network cannot contact the previous old service network.
  • the GUTI cannot effectively identify the UE user. That is, the MME cannot obtain the IMSI of the user according to the GUTI, which causes the MME to send a request to the UE to send its permanent IMSI identity, as shown in FIG. 2 . Subsequently, in the user's response, the UE transmits the IMSI in plaintext so that the MME redistributes the new GUTL according to the IMSI which exposes the user's IMSI on the LTE radio link.
  • IMSI is also commonly referred to as a user identification code, consisting of a country code (MCC), a network code (MNC), and a user identity code (MSIN).
  • MCC country code
  • MNC network code
  • MSIN user identity code
  • IMSI uniquely identifies the user. It is the most information that users want to be protected.
  • IMSI is a unique identifier on a global scale, it provides a lot of users' private information, such as the home network and the country to which it belongs. Therefore, transmitting IMSI in plain text is very vulnerable to attackers. By collecting IMSI, attacking The IMSI can be associated with the user identity.
  • the UE also has the possibility of accepting IMSI requests from untrusted entities.
  • the service network originally intended to hide the user's IMSI for any device other than HE (Home Environment), rather than any device that can obtain the user's IMSI as described above.
  • the present invention provides a method for providing identity confidentiality protection for a user of a communication terminal, including the steps of:
  • the network entity identified by the management user assigns at least two pseudo-names to users of the communication terminal;
  • a related entity in the network sends a message requesting the user's permanent identity to the communication terminal to identify the communication terminal user;
  • the communication terminal In response to receiving the message, instead of transmitting the permanent identity, the communication terminal transmits a response message including an inactive pseudonym assigned to the user to a related entity in the network.
  • the network entity that manages the user identifier allocates a new pseudo-name to the communication terminal according to the pseudo-name usage of the communication terminal or according to a request of a related entity in the network.
  • the network entity managing the user identity When assigning a new pseudo-name to the communication terminal, the network entity managing the user identity sends a new pseudo-name to the communication terminal, or sends the new pseudo-name via a related entity in the network To the communication terminal.
  • integrity protection or cryptographic protection is provided for the transmission of the pseudonym.
  • the related entity in the network has the right to extract the new pseudo-name, or the network entity that manages the user identifier sends the new pseudo-name to the related entity in the network in an encrypted manner, so that When the communication terminal is still in the network where the related entity in the network is located, the related entity in the network does not send the identity request message to the mobile terminal when needed, but directly uses the New pseudonym.
  • the present invention also provides an apparatus for providing identity confidentiality protection to a user of a communication terminal, comprising:
  • a pseudo-name distribution device configured to allocate a pseudo-name to the communication terminal user
  • Network interface used to interact with other network devices; Wherein, when the communication terminal is requested to send the identity of the user, instead of transmitting the identity, the communication terminal sends a pseudo name assigned thereto.
  • the present invention also provides an apparatus for providing identity confidentiality protection for a user of a communication terminal, the apparatus being configured to assign a pseudonym to the communication terminal user, and to transmit the assigned pseudonym To the required network entity, so that when the communication terminal is requested to transmit the identity of the user, instead of transmitting the identity, the communication terminal sends a pseudo name assigned thereto.
  • the present invention also provides an apparatus for providing identity confidentiality protection for a communication terminal user, comprising:
  • a pseudo-name maintenance device configured to manage a user pseudo-name received by the communication terminal
  • the identity management device when receiving the message requesting the user to send the permanent identity of the user, instead of sending the permanent identity, sending a response message including the inactive pseudo name in the user pseudo name;
  • the network interface is used to interact with other network devices.
  • the present invention also provides an apparatus for providing identity confidentiality protection for a user of a communication terminal, the apparatus being configured to manage a user pseudo name received by the communication terminal for receiving a request to send the user When the message of the permanent identity is sent, instead of sending the permanent identity, a response message including the inactive pseudo-name in the user pseudo-name is sent.
  • the present invention also provides an apparatus for providing identity confidentiality protection to a user of a communication terminal, comprising:
  • a GUTI management device when receiving a message containing a user pseudo name from the communication terminal, assigning a GUTI to the communication terminal user;
  • the network interface is used to interact with other network devices.
  • the present invention also provides an apparatus for providing identity confidentiality protection for a user of a communication terminal, the apparatus being configured to send a message requesting a permanent identity to the communication terminal for receiving from the When the communication terminal contains a message of a user pseudo name, the communication terminal user is assigned a GUTI.
  • the network entity Providing the device for providing identity confidentiality protection to the user of the communication terminal to identify the management user
  • the network entity sends a message requesting the assignment of a pseudonym for the communication terminal user for future use by the communication terminal user.
  • the present invention also provides a computer program comprising instruction code for performing any of the above methods, or instruction code for executing any of the above means.
  • the present invention also provides a computer system comprising a processor configured to perform the above-described computational ordering.
  • the present invention also provides a computer readable storage medium having the above computer program stored thereon.
  • User identity is an important and sensitive message that should be kept confidential in communications.
  • the invention allocates a pseudo-name to the UE user, so that when the UE receives the permanent identity message requesting the user to send the user, the pseudo-name assigned to the UE is carried in the response message instead of the permanent identity of the sending user. Therefore, the invention eliminates the security risk caused by the UE transmitting the permanent identity of the user, provides the UE user with better identity confidentiality, thereby better protecting the privacy of the user and avoiding leakage of the user identity information.
  • Figure 1 schematically shows an example of a SAE/LTE architecture conforming to the 3GPP TS 23.401 standard
  • Figure 2 is a schematic diagram showing a flow chart of requesting ME/USIM to send IMSI in a 3GPP TS33.401 standard;
  • Figure 3 is a schematic diagram showing a flow chart of a method according to the invention in a SAE/LTE architecture
  • Figure 4 is a schematic diagram showing the flow of a method according to the invention in another SAE/LTE architecture
  • Figure 5 is a schematic diagram showing the flow of a method in accordance with the present invention in a UMTS network environment
  • Figure 6 is a block diagram schematically showing an example of the structure of a device included in an HE according to the present invention.
  • Figure 7 is a diagrammatic view showing an example of a device structure included in a UE according to the present invention.
  • Fig. 8 diagrammatically shows a block diagram of an example of a device structure included in an MME according to the present invention.
  • the basic idea of the present invention is that a network entity that is managed by a user, such as an HE, assigns a pseudo-name to a UE user having an identity such as an IMSI.
  • the service network cannot identify the user by using the temporary identifier GUTI, the related entity such as the MME sends the UE to the UE.
  • the message when requesting to send the permanent identity of the UE user, the UE no longer responds to the MME with a message containing its IMSI, but instead sends the pseudo-name assigned to it to the MME in the response message.
  • the present invention eliminates the risk of user identity leakage when IMSI is sent in clear text.
  • Figure 3 shows an example of assigning two pseudo names to a user.
  • the vertical line below the box indicating UE, MME, and HE represents time, and as the time continues, the above vertical line extends downward.
  • the HE allocates two pseudo-names TIMSU and T MSI 2 to the UE user to represent the IMSI of the UE user.
  • a pseudo-name TIM SI ⁇ is used for the current wireless connection, and its status is "active" (active), and another pseudo-name T IMSI _ 2 will be used when the MME requests the UE to send a permanent identity, the status of which is "Use in the future”.
  • the UE maintains two pseudo names assigned to it.
  • the correspondence between the UE user and the two pseudo names assigned thereto is maintained in the UE and the HE, respectively.
  • the MME When the service network cannot identify the user, that is, the MME cannot obtain the IMSI of the user according to the current GUTI, the MME sends a message requesting the permanent identity to the UE. In response to the received identity request, the UE sends a response message containing the second pseudo-name T msi 2 with the "future use" status to the MME. Preferably, the UE stops using the current "active" pseudo-name T IMSI 1 and sets its status to "expired” and sets the two pseudo-names TWsi-2 to "active".
  • the MME After receiving the response message, the MME allocates a new GUTI to the user, maintains the association between the GUTI and the 11 ⁇ 2 81 _ 2 , and informs the UE that the GUTI has been assigned to it. Subsequently, preferably, since the user's first pseudo-name Tsi1 is no longer available, the MME creates a message to request a new pseudo-name for the user for future use and sends the message to the HE. Roger that After the request from the MME, the HE assigns the user a new pseudo-name TIM SI _ 3 whose status is for future use. Preferably, in order to save resources, the HE releases the T!MSU for use by other users, and sets ⁇ 8 ⁇ _ 2 as active.
  • the HE can safely transmit a new pseudo-name TIM SI _ 3 in the usual AKA step and improved.
  • the HE sends a message containing the AUTN_T IMSI 3 (containing the third pseudo-name T-slot SI 3 ) and other relevant AKA authentication vectors back to the MME.
  • the AKA other related authentication vector is not different from the vector generated by the original AKA, so that when the new pseudo-name T msi _ 3 is sent, the AKA process is reused, and the only changed field is the authentication token AUTN.
  • SQN (Sequence Number) factor because the SQN factor in the original AUTN is replaced by T si 3 , the purpose is to transmit the new pseudo-name T MSI 3 .
  • the MME After receiving the message from the HE, the MME forwards the message to the UE.
  • the UE using the same method as the original AKA, to generate the same authentication vector and the authenticity of the authentication HE network, after successful authentication, the UE in the same method to extract the AKA SQN to extract the new pseudo name TIM SI _ 3.
  • the UE then replaces Tsu with the third pseudo-name ⁇ 8 ⁇ _ 3 and sets it for future use.
  • the HE may also directly transmit the newly assigned pseudonym to the MME.
  • the HE transmits a message containing a new pseudo-name assigned to the UE to the MME
  • it is not limited to use the AKA method described above to protect the new pseudo-name.
  • the original root key between the HE and the UE may also be used to directly encrypt the message to be transmitted, or to use any method known to those skilled in the art to encrypt the data content, such as HE and UE pre-negotiating.
  • the key is encrypted.
  • the UE may overwrite/replace the old invalid pseudonym with a new pseudonym when a new pseudonym is assigned, instead of stopping the use of the current state as "active" when sending a response message to the MME to the MME.
  • the HE may also actively allocate a new pseudo according to the usage of the pseudo-name of the UE end. Name.
  • the MME sends the message to the HE for the UE that satisfies a certain condition, for example, a certain i-person authentication mechanism or a UE with certain authority.
  • a certain condition for example, a certain i-person authentication mechanism or a UE with certain authority.
  • a message requesting a pseudonym for the user is requested, or the HE spontaneously assigns a new pseudonym to the user.
  • the user is assigned a plurality of pseudo-names, that is, at least three pseudo-names, so that the MME can select an appropriate timing for the user to request the user to use the pseudo for future use according to various factors such as the busyness of the user, the network load, and the like. name.
  • the MME may choose to send a message requesting a pseudonym to the HE upon receiving a message from the UE containing TIMSI_3 instead of T msi 2 .
  • the HE may alternatively not maintain the pseudo-name assigned to the UE user.
  • pseudo-names assigned to UE users such as a dedicated database, etc., may also be maintained by dedicated devices in the network.
  • the MME may also not send a message requesting a pseudo-name to the HE, that is, when a pseudo-name is assigned to the user for the first time, a certain number of pseudo-names are allocated, which may further improve security.
  • the user's pseudo-name is exhausted, the user can be set to pass a certain authentication mechanism, or set to be a user with certain authority, to further assign more pseudo-names, and a pseudo-name is required.
  • it needs to carry out further identity verification for example, when the UE is a mobile phone, the mobile phone user can obtain more pseudo-names by calling the customer service or going to the business hall.
  • the MME when the HE sends a message including the third pseudo name and the generated vector to the MME, the MME has the right to extract ⁇ 8 ⁇ _ 3 in the message.
  • does not have the right to extract TIMSI_3, so the message containing T IMSI _ 3 is encrypted and transmitted by the HE to the MME.
  • MME maintains the association between the user and both the UE 3 TIM SI _.
  • the MME does not have to send an identity request to the UE, and can directly use the T maintained by the MME.
  • UE using a pseudo-name for the new GUTIc UE partitioned between three symmetrical HE information, after the allocation of new GUTI MME may notify the UE of the event, it is preferable to use the TIM SI _ 3 Love The information related to the pseudonym, the status information, and the like, and the allocation of the new GUTI notify the UE once in one message. After receiving the message, the UE maintains the pseudo-name information it holds and performs corresponding status update. Similarly, the MME also notifies the HE of the event, and the HE maintains its stored pseudonym information for the user accordingly. Preferably, the MME using TIM SI _ 3 hour / after sending a request message to the new pseudo name to UE user HE.
  • the pseudonym for the user can be implemented by HLR/AuC (Home Location/Authentication Center) or HSS (Home Subscriber Server) of the HE.
  • HLR/AuC Home Location/Authentication Center
  • HSS Home Subscriber Server
  • it may be implemented by other network entities in the network as long as it can obtain user-related information required to assign a pseudonym to the user, such as the user's IMSI, the IMSI-related root key, and the like.
  • the solution provided by the present invention can reuse the messages defined in the existing network protocols to implement the solution of the present invention with minimal modifications to minimize the cost of implementing the present invention.
  • an existing identity request, identity response, etc. message may continue to be used, and a message for assigning a third pseudo name to the user is required.
  • the foregoing added message may also be an improvement to an existing message, for example, an authentication data request/response between the MME and the HE, a user authentication request from the MME to the ME USIM of the UE, and the like. Improve.
  • Figure 4 shows a flow chart for providing integrity protection in the embodiment shown in Figure 3.
  • most of the interaction process between the MME, the HE, and the UE in the figure is the same as that shown in FIG. 3.
  • the difference is that, in response to the identity request sent by the MME, when the UE sends the TIM SI _ 2 to the MME, it provides integrity protection, that is, in the response message including the T si 2 sent by the UE to the MME, and
  • the MME sends a specific verification vector to the message sent by the HE for the user request pseudo-name, and performs verification at the HE.
  • the UE sends a response message identity request (T!M SI 2 , RAND M E
  • the message sent by the MME to the HE is an identity request for future use (T IMSI 2 , SNID, network type, RAND ME
  • security policies such as encryption may also be provided in this embodiment to further improve security.
  • the process of providing protection for the pseudo name of the UE user is for example only, and those skilled in the art should understand that other various feasible ways may be used to provide integrity. protection.
  • other check vectors are added to the message, or are verified by the MME when receiving a message from the UE, rather than having to be implemented by the HE.
  • Figure 5 shows a flow diagram of a solution for implementing the present invention in a UMTS network environment.
  • the vertical line below the box representing the UE, VLR/SGSN. HSS indicates the time, and as the time continues, the above vertical line extends downward.
  • the communication flow of the UE, the VLR/SGSN HSS is similar to that of FIG. 4, except that the entity communicating with the UE is a VLR/SGSN instead of an MME due to different network architectures.
  • a vulnerability that may leak user privacy due to the UE transmitting IMSI to an entity in the network when the network cannot identify the user is eliminated.
  • the present invention can be used with any type of network architecture, and is not limited to mobile networks or mobile devices.
  • the solution provided by the present invention may be used, that is, the user is allocated.
  • a pseudonym, and the user's private information is replaced with the assigned pseudonym in the message sent to other network entities.
  • FIG. 6 shows an example of a device that can be included in an HE device to assign a pseudo name to a UE user.
  • the apparatus includes: a pseudo-name assignment means for having an IMSI such as The identity of the UE user is assigned a pseudo-name.
  • the network interface is configured to interact with other network devices to send the assigned pseudonym to a network entity that requires the pseudo name, such as an HE, a UE, or an MME.
  • a storage device such as a database, is used to maintain information such as a correspondence between the UE user and the pseudo name assigned thereto, a pseudo-name status, and the like.
  • the pseudo-name maintenance device may be further included for updating the state of the user pseudo-name (ie, active or future use), preferably, for saving resources, for releasing the pseudo-name that is no longer used.
  • the operations performed by the storage device and the pseudo-name maintenance device may be implemented by an HE in the network, or other devices such as a dedicated pseudo-name database, a pseudo-name server, or the like.
  • Fig. 7 shows an example of a device that can be included in a UE using a pseudonym.
  • the apparatus includes: a pseudo-name maintenance device, configured to maintain a pseudo-name received by the UE and allocated to the user, and preferably, is responsible for updating the status of the pseudo-name.
  • the pseudo-name maintenance device sets the state of the received pseudo-name to be used in the future, and overwrites/replaces the invalid pseudo-name with it.
  • the identity management device when receiving the identity request from the MME, sends a response message containing the pseudonym to the MME instead of transmitting the IMSI of the user, preferably stopping using the current "active" pseudonym.
  • the network ⁇ port is used to interact with other network devices to obtain pseudo-names assigned to them, or to send their pseudo-names to the required devices.
  • a storage device is further included for storing the pseudo name of the received user.
  • Fig. 8 shows an example of a device included in the MME according to the present invention.
  • the apparatus includes: a GUTI management apparatus, when receiving a message including a user pseudo name from a UE, assigning a GUTI to the UE user.
  • the network interface is used to interact with other network devices.
  • the method further includes user management means for transmitting an identity request message to the UE when the user cannot be identified, preferably sending a message to the HE when needed, in order to request the HE to allocate a new pseudo for the future use of the user. name.
  • the storage device is further configured to store the related information of the GTUI, the user's IMSI, and the like.
  • the MME has the pseudo name assigned to the user by the HE, the obtained pseudo name is stored.
  • the present invention also provides a method and apparatus for implementing the above methods.
  • a computer program, and a computer system, including a processor, is configured to execute a computer program for implementing the method or apparatus of the present invention.
  • the present invention takes MME, VLR/SGSN as an example, those skilled in the art should understand that the MME or VLR/SGSN can be replaced with any identifier in the network responsible for maintaining the UE user, or requesting identity when the UE user cannot be identified.
  • the present invention assigns pseudo-names to users by HE, those skilled in the art should understand that, as the network environment is different, the allocation pseudo-name is not limited to be implemented by the HE, which may be obtained by any relevant information of the user and has This is implemented by a network entity that assigns a pseudo-name authority to the user. To this end, the present invention collectively refers to the network entity that manages the user identity.
  • the network entity of the present invention may be any type of network element, either alone or in combination, such as a server or a router.
  • the present invention is exemplified by IMSI, those skilled in the art will appreciate that any other information including user privacy content may be protected by the solution provided by the present invention.
  • the present invention collectively refers to the permanent identity of the communication terminal user. It should be noted that the term "permanent" as used herein is relative, not absolute.
  • the user equipment UE refers to any communication terminal that can access a service provided by a network access operator, such as a mobile phone, a PDA, a desktop computer, a portable computer or the like.
  • the network interface of the present invention refers to any software, hardware or combination thereof that can be used to communicate with other network entities, devices, and the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method, apparatus and computer program are provided in the present invention for providing the user of the communication terminal with identity confidentiality protection. In the present invention, at least two pseudonyms are allocated, by the network entity that manages user identities, to the user of the communication terminal; when the relative entity in the network sends a message, which requests to obtain the user permanent identity, to the communication terminal to identify the user of it, the communication terminal replaces the permanent identity with the non-current pseudonym allocated to the user in response to the message it receives, and sends a response message to the relative entity in the network, thereby eliminating the potential safety hazard that is resulted from the transmission of permanent identity from the communication terminal to the entities in the network.

Description

一种为通信终端用户提供身份机密性保护的方法和装置 技术领域  Method and device for providing identity confidentiality protection for communication terminal users
本发明涉及通信领域, 更具体地, 涉及为通信终端用户, 特别是为通 信终端用户的诸如 IMSI ( International Mobile Subscriber Identity, 国际 移动用户标识)等身份标识, 提供机密性保护的方法、 设备以及计算机程 序。 背景技术  The present invention relates to the field of communications, and more particularly to a method, device, and computer for providing confidentiality protection for a communication terminal user, particularly an identity identifier such as an IMSI (International Mobile Subscriber Identity) for a communication terminal user. program. Background technique
随着通信技术的发展, 各种通信技术以及以通信技术为平台的应用得 到越来越多的重视和推广。 与此同时, 通信中的安全问题也正受到越来越 多的关注, 人们对通信中的信息安全也提出了更高的要求。 随着提供了较 好的安全性保护的 3G系统的发展, 用户通信的安全性得到了一定的保障。  With the development of communication technologies, various communication technologies and applications based on communication technologies have received more and more attention and promotion. At the same time, security issues in communications are receiving increasing attention, and people are placing higher demands on information security in communications. With the development of 3G systems that provide better security protection, the security of user communications has been guaranteed.
图 1示出了符合 3GPP TS23.401标准的 SAE/LTE架构的实例。 每当 用户要访问运营商提供的业务时, 例如 IMS业务, 用户设备 UE首先需要 经由 E-UTRAN通过 MME( Mobility Management Entity,移动管理实体) 的认证, MME根据 HSS提供的相关信息来执行对 UE的认证操作。 通过 认证之后,经由 E-UTRAN和业务网关,来自 UE的访问请求被发送至 PDN 网关。 PDN网关根据提前或临时从 PCRF获取的策略,诸如访问权限策略、 计费策略等, 向运营商的 IP业务转发用户请求。 最后, 运营商 IP业务为 用户提供其请求的业务。 其中, MME可以提供对处于 MME-IDLE状态 (即保持连接但没有消息传输的状态)的 UE进行寻呼、选择 PDN-GW和 S-GW等功能; HSS是用来存储用户签约信息的数据库, 保存例如用户标 识、 编号、 用于认证和授权的网絡接入控制信息等用户安全信息、 用户位 置信息等。  Figure 1 shows an example of a SAE/LTE architecture conforming to the 3GPP TS 23.401 standard. Whenever the user wants to access the service provided by the operator, for example, the IMS service, the user equipment UE first needs to be authenticated by the MME (Mobility Management Entity) via the E-UTRAN, and the MME performs the UE according to the related information provided by the HSS. Certification operation. After authentication, an access request from the UE is sent to the PDN gateway via the E-UTRAN and the service gateway. The PDN gateway forwards the user request to the operator's IP service according to a policy obtained in advance or temporarily from the PCRF, such as an access rights policy and a charging policy. Finally, the operator's IP service provides the user with the service he requested. The MME may provide a function of paging, selecting a PDN-GW, and an S-GW for a UE in an MME-IDLE state (ie, a state of staying but no message transmission); the HSS is a database for storing user subscription information, User security information such as user identification, number, network access control information for authentication and authorization, user location information, and the like are stored.
移动用户接入网络时, 网络侧的 MME会为每个拥有 IMSI的移动用 户分配一个 GUTI ( Globally Unique Temporary Identity,全球唯一的临时 身份) 。 网络侧 MME根据用户的 GUTI来获得用户的 IMSI, 然后根据 获得的 IMSI来认证用户。 认证成功后, 用户拥有的 UE才能够访问运营 商提供的业务。 然而, 在某些情况中, MME可能不能根据用户的 GUTI 识别用户 UE中的用户身份标识 IMSI。 例如, 在 LTE/SAE系统架构中, ME USIM 首次在业务网络中注册并且在一定时间内没有收到有效的 GUTI,或者由于业务网络中数据库的故障导致 GUTI无法重新获得 UE用 户的 IMSI, 或者在 UE漫游到新的业务网絡之后,新的业务网络无法与之 前的旧的业务网络进行联系等情况。 在上述情况中, GUTI均不能有效的 识别 UE用户, 也就是说, MME不能根据 GUTI获得用户的 IMSI, 这导 致 MME向 UE发出发送其永久的 IMSI标识的请求, 如图 2所示。 随后, 在用户的响应中, UE以明文的方式传送 IMSI, 以便 MME根据 IMSI再 分配新的 GUTL 这使得在 LTE无线链路上暴露了用户的 IMSI。 When a mobile user accesses the network, the MME on the network side allocates a GUTI (Globally Unique Temporary Identity) to each mobile user who has an IMSI. The network side MME obtains the IMSI of the user according to the GUTI of the user, and then according to The obtained IMSI is used to authenticate the user. After the authentication succeeds, the UE owned by the user can access the service provided by the operator. However, in some cases, the MME may not be able to identify the user identity IMSI in the user UE based on the user's GUTI. For example, in the LTE/SAE system architecture, the ME USIM is registered for the first time in the service network and does not receive a valid GUTI within a certain period of time, or the GUTI cannot regain the IMSI of the UE user due to a database failure in the service network, or After the UE roams to the new service network, the new service network cannot contact the previous old service network. In the above case, the GUTI cannot effectively identify the UE user. That is, the MME cannot obtain the IMSI of the user according to the GUTI, which causes the MME to send a request to the UE to send its permanent IMSI identity, as shown in FIG. 2 . Subsequently, in the user's response, the UE transmits the IMSI in plaintext so that the MME redistributes the new GUTL according to the IMSI which exposes the user's IMSI on the LTE radio link.
然而, IMSI通常也被称为用户识别码, 由国家代码(MCC ) 、 网络 代码 ( MNC ) 以及用户身份代码 ( MSIN )组成, 从用户的私密性角度来 看, IMSI唯一地标识了用户, 因而对用户来说是最希望被加以保护的信 息。 而且, 由于 IMSI是全球范围内唯一性的标识, 其提供了很多用户的 私密信息, 例如归属网络和所属的国家, 因而以明文的方式传送 IMSI非 常容易受到攻击者的攻击, 通过收集 IMSI, 攻击者可以将 IMSI和用户身 份关联在一起。 而且, 在上述现有技术的处理方式中, UE 也有接受来自 不可信实体的 IMSI请求的可能。  However, IMSI is also commonly referred to as a user identification code, consisting of a country code (MCC), a network code (MNC), and a user identity code (MSIN). From the perspective of user privacy, IMSI uniquely identifies the user. It is the most information that users want to be protected. Moreover, since IMSI is a unique identifier on a global scale, it provides a lot of users' private information, such as the home network and the country to which it belongs. Therefore, transmitting IMSI in plain text is very vulnerable to attackers. By collecting IMSI, attacking The IMSI can be associated with the user identity. Moreover, in the above prior art processing method, the UE also has the possibility of accepting IMSI requests from untrusted entities.
由此可见, 现有技术中在提供用户身份机密性方面存在漏洞。 另一方 面, 业务网络原本希望对除了 HE ( Home Environment, 归属环境)之外 的任何设备均隐藏用户的 IMSI, 而不是像上述以明文方式传送那样,任何 设备均可以获取用户的 IMSI。  Thus, in the prior art, there is a loophole in providing confidentiality of user identity. On the other hand, the service network originally intended to hide the user's IMSI for any device other than HE (Home Environment), rather than any device that can obtain the user's IMSI as described above.
同时,尽管在 3GPP TR33.821中提出了基于公共密钥以 ^于伪名的 方式, 然而, 仅仅是概述并没有提供 IMSI机密性保护的具体机制。 可见, 仍然存在改进的对用户身份机密性提供更好的保护的需求。 发明内容 本发明通过提供伪名的方式避免了用户设备以明文方式传送诸如Meanwhile, although a method based on a public key to pseudo-name is proposed in 3GPP TR33.821, only the overview does not provide a specific mechanism for IMSI confidentiality protection. It can be seen that there is still an improved need to provide better protection for user identity confidentiality. Summary of the invention The present invention avoids the user equipment transmitting in plain text, such as by providing a pseudonym.
IMSI等用户的身份标识, 从而克服了现有技术中的上述缺陷。 The identity of the user such as IMSI overcomes the above-mentioned drawbacks of the prior art.
本发明提供了一种用于为通信终端的用户提供身份机密性保护的方 法, 包括步骤:  The present invention provides a method for providing identity confidentiality protection for a user of a communication terminal, including the steps of:
A. 由管理用户标识的网絡实体为所述通信终端的用户分配至少两个 伪名;  A. The network entity identified by the management user assigns at least two pseudo-names to users of the communication terminal;
B. 当无法识别所述通信终端的用户时,网络中的相关实体向所述通信 终端发送请求用户永久身份标识的消息, 以识别所述通信终端用户;  B. When the user of the communication terminal cannot be identified, a related entity in the network sends a message requesting the user's permanent identity to the communication terminal to identify the communication terminal user;
C. 响应于接收到的所述消息,替代发送所述永久身份标识, 所述通信 终端向所述网絡中的相关实体发送包括为用户分配的非现用的伪名的响应 消息。  C. In response to receiving the message, instead of transmitting the permanent identity, the communication terminal transmits a response message including an inactive pseudonym assigned to the user to a related entity in the network.
其中, 所述管理用户标识的网络实体根据所述通信终端的伪名使用情 况, 或者根据所述网络中的相关实体的请求, 为所述通信终端分配新的伪 名。  The network entity that manages the user identifier allocates a new pseudo-name to the communication terminal according to the pseudo-name usage of the communication terminal or according to a request of a related entity in the network.
当为所述通信终端分配新的伪名时, 所述管理用户标识的网络实体将 新的伪名发送至所述通信终端, 或经由所述网络中的相关实体将所述新的 伪名发送至所述通信终端。 优选地, 为所述伪名的传输提供完整性保护或 加密性保护。  When assigning a new pseudo-name to the communication terminal, the network entity managing the user identity sends a new pseudo-name to the communication terminal, or sends the new pseudo-name via a related entity in the network To the communication terminal. Preferably, integrity protection or cryptographic protection is provided for the transmission of the pseudonym.
其中, 所述网絡中的相关实体具有提取所述新的伪名的权限, 或者所 述管理用户标识的网络实体以加密方式将所述新的伪名发送至所述网絡中 的相关实体, 以便当所述通信终端仍处于所述网络中的相关实体所在的网 络时, 在需要的时候所述网络中的相关实体不再向所述移动终端发送所述 身份请求消息, 而是直接使用所述新的伪名。  The related entity in the network has the right to extract the new pseudo-name, or the network entity that manages the user identifier sends the new pseudo-name to the related entity in the network in an encrypted manner, so that When the communication terminal is still in the network where the related entity in the network is located, the related entity in the network does not send the identity request message to the mobile terminal when needed, but directly uses the New pseudonym.
在所述步骤 C中, 为所述伪名的传输提供完整性保护或加密性保护。 本发明还提供了一种用于为通信终端的用户提供身份机密性保护的装 置, 包括:  In the step C, integrity protection or cryptographic protection is provided for the transmission of the pseudonym. The present invention also provides an apparatus for providing identity confidentiality protection to a user of a communication terminal, comprising:
伪名分配装置, 用于为所述通信终端用户分配伪名;  a pseudo-name distribution device, configured to allocate a pseudo-name to the communication terminal user;
网洛接口, 用于与其他网络设备进行交互; 其中, 当所述通信终端被请求发送用户的身份标识时, 替代发送所述 身份标识, 所述通信终端发送为其分配的伪名。 Network interface, used to interact with other network devices; Wherein, when the communication terminal is requested to send the identity of the user, instead of transmitting the identity, the communication terminal sends a pseudo name assigned thereto.
本发明还提供了一种用于为通信终端的用户提供身份机密性保护的装 置, 所述装置被配置用来为所述通信终端用户分配伪名, 以及用来将所述 分配的伪名发送至需要的网絡实体, 以便当所述通信终端被请求发送用户 的身份标识时, 替代发送所述身份标识, 所述通信终端发送为其分配的伪 名。  The present invention also provides an apparatus for providing identity confidentiality protection for a user of a communication terminal, the apparatus being configured to assign a pseudonym to the communication terminal user, and to transmit the assigned pseudonym To the required network entity, so that when the communication terminal is requested to transmit the identity of the user, instead of transmitting the identity, the communication terminal sends a pseudo name assigned thereto.
本发明还提供了一种用于为通信终端用户提供身份机密性保护的装 置, 包括:  The present invention also provides an apparatus for providing identity confidentiality protection for a communication terminal user, comprising:
伪名维护装置, 用于管理所述通信终端收到的用户伪名;  a pseudo-name maintenance device, configured to manage a user pseudo-name received by the communication terminal;
身份标识管理装置, 当接收到请求其发送用户的永久身份标识的消息 时, 替代发送所述永久身份标识, 发送包括所述用户伪名中的非现用伪名 的响应消息;  The identity management device, when receiving the message requesting the user to send the permanent identity of the user, instead of sending the permanent identity, sending a response message including the inactive pseudo name in the user pseudo name;
网绍接口, 用于与其他网络设备进行交互。  The network interface is used to interact with other network devices.
本发明还提供了一种用于为通信终端的用户提供身份机密性保护的装 置, 所述装置被配置用来管理所述通信终端收到的用户伪名, 用来当接收 到请求其发送用户的永久身份标识的消息时,替代发送所述永久身份标识, 发送包括所述用户伪名中的非现用伪名的响应消息。  The present invention also provides an apparatus for providing identity confidentiality protection for a user of a communication terminal, the apparatus being configured to manage a user pseudo name received by the communication terminal for receiving a request to send the user When the message of the permanent identity is sent, instead of sending the permanent identity, a response message including the inactive pseudo-name in the user pseudo-name is sent.
本发明还提供了一种用于为通信终端的用户提供身份机密性保护的装 置, 包括:  The present invention also provides an apparatus for providing identity confidentiality protection to a user of a communication terminal, comprising:
GUTI 管理装置, 当接收到来自所述通信终端的包含用户伪名的消息 时, 为所述通信终端用户分配 GUTI;  a GUTI management device, when receiving a message containing a user pseudo name from the communication terminal, assigning a GUTI to the communication terminal user;
网绍接口, 用于与其他网络设备进行交互。  The network interface is used to interact with other network devices.
本发明还提供了一种用于为通信终端的用户提供身份机密性保护的装 置, 所述装置被配置用来向所述通信终端发送请求永久身份标识的消息, 用来当接收到来自所述通信终端的包含用户伪名的消息时, 为所述通信终 端用户分配 GUTI。  The present invention also provides an apparatus for providing identity confidentiality protection for a user of a communication terminal, the apparatus being configured to send a message requesting a permanent identity to the communication terminal for receiving from the When the communication terminal contains a message of a user pseudo name, the communication terminal user is assigned a GUTI.
所述为通信终端的用户提供身份机密性保护的装置向管理用户标识的 网絡实体发送请求分配用于所述通信终端用户的伪名的消息, 以便所述通 信终端用户将来使用。 Providing the device for providing identity confidentiality protection to the user of the communication terminal to identify the management user The network entity sends a message requesting the assignment of a pseudonym for the communication terminal user for future use by the communication terminal user.
本发明还提供了一种计算机程序, 其包括用于执行上述任一方法的指 令代码, 或用于执行上述任一装置的指令代码。  The present invention also provides a computer program comprising instruction code for performing any of the above methods, or instruction code for executing any of the above means.
本发明还提供了一种计算机系统, 其包括处理器, 处理器中被配置来 执行上述计算 呈序。  The present invention also provides a computer system comprising a processor configured to perform the above-described computational ordering.
本发明还提供了一种计算机可读存储介质, 其上存储有上述计算机程 序。  The present invention also provides a computer readable storage medium having the above computer program stored thereon.
用户身份是重要而又敏感的信息, 在通信中应该保证这些信息的机密 性。 本发明通过为 UE用户分配伪名的方案, 使得当 UE接收到请求其发 送用户的永久身份标识消息时, 将为其分配的伪名承载在响应消息中, 来 替代发送用户的永久身份标识。 从而, 本发明消除了 UE发送用户的永久 身份标识所引发的安全隐患, 为 UE用户提供了更好地身份保密性, 进而 更好的保护了用户的隐私, 避免了用户身份信息的泄漏。 附图说明  User identity is an important and sensitive message that should be kept confidential in communications. The invention allocates a pseudo-name to the UE user, so that when the UE receives the permanent identity message requesting the user to send the user, the pseudo-name assigned to the UE is carried in the response message instead of the permanent identity of the sending user. Therefore, the invention eliminates the security risk caused by the UE transmitting the permanent identity of the user, provides the UE user with better identity confidentiality, thereby better protecting the privacy of the user and avoiding leakage of the user identity information. DRAWINGS
图 1概略地示出了一个符合 3GPP TS23.401标准的 SAE/LTE架构实 例;  Figure 1 schematically shows an example of a SAE/LTE architecture conforming to the 3GPP TS 23.401 standard;
图 2概略地示出了一个 3GPP TS33.401标准中 ΜΜΕ请求 ME/USIM 发送 IMSI的流程图;  Figure 2 is a schematic diagram showing a flow chart of requesting ME/USIM to send IMSI in a 3GPP TS33.401 standard;
图 3概略地示出了一个 SAE/LTE架构中根据本发明的方法的流程图; 图 4概略地示出了另一个 SAE/LTE架构中根据本发明的方法的流程 图;  Figure 3 is a schematic diagram showing a flow chart of a method according to the invention in a SAE/LTE architecture; Figure 4 is a schematic diagram showing the flow of a method according to the invention in another SAE/LTE architecture;
图 5概略地示出了一个 UMTS 网络环境中根据本发明的方法的流程 图;  Figure 5 is a schematic diagram showing the flow of a method in accordance with the present invention in a UMTS network environment;
图 6概略地示出了一个根据本发明的包含在 HE中的装置结构的实例 的框图;  Figure 6 is a block diagram schematically showing an example of the structure of a device included in an HE according to the present invention;
图 7概略地示出了一个根据本发明的包含在 UE中的装置结构的实例 的框图; Figure 7 is a diagrammatic view showing an example of a device structure included in a UE according to the present invention. Block diagram
图 8概略地示出了一个根据本发明的包含在 MME中的装置结构的实 例的框图。 实施方式  Fig. 8 diagrammatically shows a block diagram of an example of a device structure included in an MME according to the present invention. Implementation
本发明的基本思想是, 由 HE等管理用户标识的网络实体为具有诸如 IMSI等身份标识的 UE 用户分配伪名, 当业务网络不能通过临时标识 GUTI来识别用户, 使得 MME等相关实体向 UE发送消息, 以请求发送 UE用户的永久身份标识时, UE不再以包含其 IMSI的消息来响应 MME, 替代地, 而是在响应消息中将为其分配的伪名发送至 MME。 从而, 本发 明消除了以明文方式发送 IMSI时用户身份泄漏的风险。  The basic idea of the present invention is that a network entity that is managed by a user, such as an HE, assigns a pseudo-name to a UE user having an identity such as an IMSI. When the service network cannot identify the user by using the temporary identifier GUTI, the related entity such as the MME sends the UE to the UE. The message, when requesting to send the permanent identity of the UE user, the UE no longer responds to the MME with a message containing its IMSI, but instead sends the pseudo-name assigned to it to the MME in the response message. Thus, the present invention eliminates the risk of user identity leakage when IMSI is sent in clear text.
图 3示出了为用户分配两个伪名的实例。 其中, 表示 UE、 MME, HE 三者的方框下方的竖线表示时间, 并且随着时间的延续, 上述竖线向下延 展。 如图 3所示, HE为 UE用户分配了两个伪名 TIMSU和 TMSI 2来代表 UE用户的 IMSI。 其中, 一个伪名 TIMSI ^用于当前的无线连接, 其状态为 "现用的" ( active ) , 另一个伪名 TIMSI_2将在 MME请求 UE发送永久 身份标识时使用, 其状态为 "将来使用" 。 UE维护为其分配的两个伪名。 优选地, 在 UE和 HE中分别维护 UE用户和为其分配的两个伪名之间的 对应关系。 Figure 3 shows an example of assigning two pseudo names to a user. Wherein, the vertical line below the box indicating UE, MME, and HE represents time, and as the time continues, the above vertical line extends downward. As shown in FIG. 3, the HE allocates two pseudo-names TIMSU and T MSI 2 to the UE user to represent the IMSI of the UE user. Wherein, a pseudo-name TIM SI ^ is used for the current wireless connection, and its status is "active" (active), and another pseudo-name T IMSI _ 2 will be used when the MME requests the UE to send a permanent identity, the status of which is "Use in the future". The UE maintains two pseudo names assigned to it. Preferably, the correspondence between the UE user and the two pseudo names assigned thereto is maintained in the UE and the HE, respectively.
当业务网络不能识别用户时, 即 MME不能根据当前的 GUTI获得用 户的 IMSI时, MME发送请求永久身份标识的消息至 UE。 响应于收到的 身份请求, UE向 MME发送包含具有 "将来使用"状态的第二个伪名 Tmsi 2 的响应消息。 优选地, UE停止使用当前 "现用的" 伪名 TIMSI 1并将其状 态设为 "过期" , 并将笫二个伪名 TWsi— 2设置为 "现用的" 。 接收到响应 消息之后, MME为用户分配一个新的 GUTI, 并保持该 GUTI和 1½81_2 两者之间的关联, 并且通知 UE 已经为其分配 GUTI。 随后, 优选地, 由 于用户的第一个伪名 T si l已经不能再使用, 因此, MME创建消息以便 为用户请求一个新的伪名, 供其将来使用, 并将该消息发送至 HE。 收到 来自 MME的请求之后, HE为用户分配新的伪名 TIMSI_3, 其状态为将来 使用。 优选地, 为了节省资源, HE将 T!MSU释放, 以供其他用户使用, 并将 ΤΪΜ_2设置为现用的。 可选地, HE可以以通常的 AKA步骤并加以 改进来安全地发送新的伪名 TIMSI_3。 例如 EPS ( Evolved Packet System, 演进的分组系统) 认证向量中包含有认证令牌 AUTN ( = SQN © AK||AMF||MAC )字段, 经过重用和改进后, 可以将该 AUTN字段改为 _AUTN_TIMSI_3 ( = TIMSI_3 ® AK||AMF||MAC ) 来安全发送新的伪名 TIMSI 3。 此后, HE将包含了 AUTN— TIMSI 3 (包含了第三个伪名 T皿 SI 3 ) 和 AKA其他相关的认证向量的消息发送回 MME。 其中, 优选地, AKA 其他相关的认证向量与原 AKA所生成的向量并无差别, 这样, 发送新伪 名 Tmsi_3时是重用了 AKA过程,唯一改动的字段是认证令牌 AUTN中的 SQN ( Sequence Number, 序列号) 因子, 因为原 AUTN中的 SQN因子 被 T si 3取代了, 目的是用来传输新伪名 TMSI 3。 收到来自 HE的消息之 后, MME将该消息转发给 UE。 此后, UE使用与原 AKA同样的方法, 生成相同的认证向量并认证网络侧 HE的真实性, 成功认证后, UE以与 AKA中提取 SQN相同的方法来提取新的伪名 TIMSI_3。 然后 UE用第三个 伪名 ΤΪΜ_3替代 T su, 并将其设置为将来使用。 When the service network cannot identify the user, that is, the MME cannot obtain the IMSI of the user according to the current GUTI, the MME sends a message requesting the permanent identity to the UE. In response to the received identity request, the UE sends a response message containing the second pseudo-name T msi 2 with the "future use" status to the MME. Preferably, the UE stops using the current "active" pseudo-name T IMSI 1 and sets its status to "expired" and sets the two pseudo-names TWsi-2 to "active". After receiving the response message, the MME allocates a new GUTI to the user, maintains the association between the GUTI and the 11⁄2 81 _ 2 , and informs the UE that the GUTI has been assigned to it. Subsequently, preferably, since the user's first pseudo-name Tsi1 is no longer available, the MME creates a message to request a new pseudo-name for the user for future use and sends the message to the HE. Roger that After the request from the MME, the HE assigns the user a new pseudo-name TIM SI _ 3 whose status is for future use. Preferably, in order to save resources, the HE releases the T!MSU for use by other users, and sets ΤΪΜ _ 2 as active. Alternatively, the HE can safely transmit a new pseudo-name TIM SI _ 3 in the usual AKA step and improved. For example, the EPS (Evolved Packet System) authentication vector contains the authentication token AUTN (= SQN © AK||AMF||MAC) field. After reuse and improvement, the AUTN field can be changed to _AUTN_TIMSI_3. ( = TIMSI_3 ® AK||AMF||MAC ) to securely send a new pseudonym T IMSI 3 . Thereafter, the HE sends a message containing the AUTN_T IMSI 3 (containing the third pseudo-name T-slot SI 3 ) and other relevant AKA authentication vectors back to the MME. Preferably, the AKA other related authentication vector is not different from the vector generated by the original AKA, so that when the new pseudo-name T msi _ 3 is sent, the AKA process is reused, and the only changed field is the authentication token AUTN. SQN (Sequence Number) factor, because the SQN factor in the original AUTN is replaced by T si 3 , the purpose is to transmit the new pseudo-name T MSI 3 . After receiving the message from the HE, the MME forwards the message to the UE. Thereafter, the UE using the same method as the original AKA, to generate the same authentication vector and the authenticity of the authentication HE network, after successful authentication, the UE in the same method to extract the AKA SQN to extract the new pseudo name TIM SI _ 3. The UE then replaces Tsu with the third pseudo-name ΤΪΜ _ 3 and sets it for future use.
替代地, HE也可以不经由 MME, 而是直接将新分配的伪名传送给 Alternatively, the HE may also directly transmit the newly assigned pseudonym to the MME.
UE„ UE„
需要注意的是, 当 HE向 MME传送包含为 UE分配的新的伪名的消 息时, 不限于使用上述 AKA方法来保护该新的伪名。 例如, 还可以使用 HE和 UE之间原有的根密钥来对要传送的消息直接进行加密,或者使用任 何本领域技术人员所知晓的对数据内容进行加密的方法, 诸如 HE和 UE 预先协商的密钥进行加密。  It should be noted that when the HE transmits a message containing a new pseudo-name assigned to the UE to the MME, it is not limited to use the AKA method described above to protect the new pseudo-name. For example, the original root key between the HE and the UE may also be used to directly encrypt the message to be transmitted, or to use any method known to those skilled in the art to encrypt the data content, such as HE and UE pre-negotiating. The key is encrypted.
替代地, UE可以在被分配了新的伪名时, 以新的伪名覆盖 /替换旧的 失效的伪名, 而不是在向 MME发送身份请求的响应消息时停止使用当时 状态为 "现用的" 伪名 T si l或改变其状态。 Alternatively, the UE may overwrite/replace the old invalid pseudonym with a new pseudonym when a new pseudonym is assigned, instead of stopping the use of the current state as "active" when sending a response message to the MME to the MME. The pseudonym T si l or change its state.
可选地, HE也可以根据 UE端伪名的使用情况主动地为其分配新的伪 名。 Optionally, the HE may also actively allocate a new pseudo according to the usage of the pseudo-name of the UE end. Name.
可选地, 当 UE向 MME发送了第二个伪名 TIMSI 2之后, 对于满足一 定奈件的 UE,例如,通过了一定的 i人证机制或具备一定权限的 UE, MME 才向 HE发送请求为用户分配伪名的消息, 或者 HE才自发地为用户分配 新的伪名。 Optionally, after the UE sends the second pseudo-name T IMSI 2 to the MME, the MME sends the message to the HE for the UE that satisfies a certain condition, for example, a certain i-person authentication mechanism or a UE with certain authority. A message requesting a pseudonym for the user is requested, or the HE spontaneously assigns a new pseudonym to the user.
优选地, 为用户分配多个伪名, 即至少三个伪名, 从而 MME可以根 据自身的繁忙程度、 网络负载情况等多方面因素, 选择合适的时机为用户 向 HE请求用于将来使用的伪名。 例如, MME可以选择在收到来自 UE 的包含有 TIMSI_3而不是 Tmsi 2的消息时, 向 HE发送请求伪名的消息。在 这种情况中, 为了减轻 HE的负载, 可选地, HE也可以不维护为 UE用户 分配的伪名。 可选地, 也可以由网络中的专用设备来维护为 UE用户分配 的伪名, 例如专用的数据库等。 Preferably, the user is assigned a plurality of pseudo-names, that is, at least three pseudo-names, so that the MME can select an appropriate timing for the user to request the user to use the pseudo for future use according to various factors such as the busyness of the user, the network load, and the like. name. For example, the MME may choose to send a message requesting a pseudonym to the HE upon receiving a message from the UE containing TIMSI_3 instead of T msi 2 . In this case, in order to alleviate the load of the HE, the HE may alternatively not maintain the pseudo-name assigned to the UE user. Optionally, pseudo-names assigned to UE users, such as a dedicated database, etc., may also be maintained by dedicated devices in the network.
可选地, MME也可以不向 HE发送请求伪名的消息, 也就是说, 首 次为用户分配伪名时, 便分配一定数量的伪名, 这可以进一步的提高安全 性。 在这种情况下, 当用户的伪名用尽时, 可以设置使用户通过一定的认 证机制, 或设置为对于具有一定权限的用户, 才为其进一步分配更多的伪 名, 而需要伪名但是又没有通过认证或者不具有相应权限的用户, 则需要 对其进行进一步的身份核实。 例如, 当 UE为手机时, 手机用户可以通过 客服电话或者到营业厅办理, 从而获得更多的伪名。  Optionally, the MME may also not send a message requesting a pseudo-name to the HE, that is, when a pseudo-name is assigned to the user for the first time, a certain number of pseudo-names are allocated, which may further improve security. In this case, when the user's pseudo-name is exhausted, the user can be set to pass a certain authentication mechanism, or set to be a user with certain authority, to further assign more pseudo-names, and a pseudo-name is required. However, if there is no user who has passed the certification or does not have the corresponding authority, it needs to carry out further identity verification. For example, when the UE is a mobile phone, the mobile phone user can obtain more pseudo-names by calling the customer service or going to the business hall.
可选地, 当 HE将包含了第三个伪名和上述生成的向量的消息发送回 MME时, MME具有提取该消息中的 ΤΪΜ_3的权限。 优选地, 出于安全 考虑, ΜΜΕ不具有提取 TIMSI_3的权限, 因而由 HE将包含有 TIMSI_3的消 息加密传输至 MME。 获得 TIMSI 3之后, MME维护 UE用户和 TIMSI_3两 者之间的关联。 当 UE还处于当前的网络中, 并且网络无法识别用户时, 由于 MME已经维护有 UE用户和 TIMSI_3之间的关联, 因而 MME不必向 UE发送身份请求, 便可以直接使用其维护的 TMSI 3来为 UE 分配新的 GUTIc 为了保持 MME、 UE、 HE三者之间伪名使用信息的对称, MME 分配新的 GUTI之后, 可以通知 UE该事件, 优选地, 将 TIMSI_3的使用情 况、 状态信息等与伪名相关的信息和新的 GUTI的分配在一个消息中一次 通知 UE。 接收到该消息之后, UE对其保存的伪名信息进行维护, 并进行 相应的状态更新。 类似地, MME也将该事件通知 HE, HE相应地维护其 存储的该用户的伪名信息。 优选地, MME在使用 TIMSI_3时 /之后, 向 HE 发送为 UE用户请求新的伪名的消息。 Optionally, when the HE sends a message including the third pseudo name and the generated vector to the MME, the MME has the right to extract ΤΪΜ _ 3 in the message. Preferably, for security reasons, 权限 does not have the right to extract TIMSI_3, so the message containing T IMSI _ 3 is encrypted and transmitted by the HE to the MME. After obtaining T IMSI 3, MME maintains the association between the user and both the UE 3 TIM SI _. When the UE is still in the current network and the network cannot identify the user, since the MME has maintained the association between the UE user and the TIM SI _ 3 , the MME does not have to send an identity request to the UE, and can directly use the T maintained by the MME. 3 in order to maintain the MSI to the MME, UE, using a pseudo-name for the new GUTIc UE partitioned between three symmetrical HE information, after the allocation of new GUTI MME may notify the UE of the event, it is preferable to use the TIM SI _ 3 Love The information related to the pseudonym, the status information, and the like, and the allocation of the new GUTI notify the UE once in one message. After receiving the message, the UE maintains the pseudo-name information it holds and performs corresponding status update. Similarly, the MME also notifies the HE of the event, and the HE maintains its stored pseudonym information for the user accordingly. Preferably, the MME using TIM SI _ 3 hour / after sending a request message to the new pseudo name to UE user HE.
优选地, 为用户分配伪名可以由 HE 的 HLR/AuC ( Home Location/Authentication Center,归属位置寄存器 /认证中心)或 HSS( Home Subscriber Server, 归属用户服务器)来实现。 替代地, 也可以由网络中 的其他网络实体来实现, 只要其能够获得为用户分配伪名所需要的用户相 关信息, 例如用户的 IMSI、 与 IMSI相关的根密钥等信息。  Preferably, the pseudonym for the user can be implemented by HLR/AuC (Home Location/Authentication Center) or HSS (Home Subscriber Server) of the HE. Alternatively, it may be implemented by other network entities in the network as long as it can obtain user-related information required to assign a pseudonym to the user, such as the user's IMSI, the IMSI-related root key, and the like.
优选地, 本发明提供的方案可以对于现有的网络协议中定义的消息进 行再利用, 以便以最小的改动来实现本发明的方案, 以最大程度的降低实 施本发明的成本。 例如, 对应于上述实施例, 对于现有的 3GPP TS33.401, 可以继续使用现有的身份请求、 身份响应等消息, 需要增加的是用于为用 户分配第三个伪名的消息。 可选地, 上述增加的消息也可以是对现有的消 息的改进, 例如对 MME和 HE两者之间的认证数据请求 /响应、 从 MME 到 UE的 ME USIM的用户认证请求等消息进行的改进。  Preferably, the solution provided by the present invention can reuse the messages defined in the existing network protocols to implement the solution of the present invention with minimal modifications to minimize the cost of implementing the present invention. For example, corresponding to the above embodiment, for the existing 3GPP TS33.401, an existing identity request, identity response, etc. message may continue to be used, and a message for assigning a third pseudo name to the user is required. Optionally, the foregoing added message may also be an improvement to an existing message, for example, an authentication data request/response between the MME and the HE, a user authentication request from the MME to the ME USIM of the UE, and the like. Improve.
图 4示出了一个以图 3中示出的实施例为 J^, 提供完整性保护的流 程图。 如图 4所示, 该图中 MME、 HE、 UE三者之间的大部分交互过程 与图 3示出的相同。不同之处在于, 响应于 MME发送的身份请求, 当 UE 向 MME发送 TIMSI_2时, 为其提供完整性的保护, 即, 在 UE向 MME发 送的包含 T si 2的响应消息中, 以及 MME向 HE发送的为用户请求伪名 的消息中增加特定的验证向量,并在 HE处进行校验。具体地, UE向 MME 发送响应消息身份请求(T!MSI 2, RANDME| |MACTIMSI_2 KSIASME_0 ) , 其中, RA DME由 UE中的 ME生成, KSIASME— O为之前的 KSIASME, MACTIMSI_2== AKASME (TmsI 2| |RANDME||IMSI); MME向 HE发送的消息 为将来使用的身份请求(TIMSI 2, SNID, 网络类型, RANDME||MACTIMSI 2, KSIASME_0 ) , 类似地, RANDME由 UE中的 ME生成, KSIASME— O为之 前的 KSIASME 。 此 夕卜 , HE 生成 HEMACTIMSI 2 ( = flKASME (TIMSI_2|| ANDME||IMSI ) , 并检验 ΗΕΜΑ(¾Μ8ι 2是否等于 MACTIMSI 2。 如果相等, 则表示 TIMSI 2在传输过程中没有被篡改, MME在接收到来自 HE的包括 TIMSI_3的响应消息后, 为用户分配 GUTI。 Figure 4 shows a flow chart for providing integrity protection in the embodiment shown in Figure 3. As shown in FIG. 4, most of the interaction process between the MME, the HE, and the UE in the figure is the same as that shown in FIG. 3. The difference is that, in response to the identity request sent by the MME, when the UE sends the TIM SI _ 2 to the MME, it provides integrity protection, that is, in the response message including the T si 2 sent by the UE to the MME, and The MME sends a specific verification vector to the message sent by the HE for the user request pseudo-name, and performs verification at the HE. Specifically, the UE sends a response message identity request (T!M SI 2 , RAND M E| |MACTIMSI_2 KSI AS ME_0 ) to the MME, where the RA D ME is generated by the ME in the UE, and the KSI ASME — O is the previous KSI ASME , MACTIMSI_2== AKASME (T msI 2 | | RAND ME ||IMSI); The message sent by the MME to the HE is an identity request for future use (T IMSI 2 , SNID, network type, RAND ME ||MAC TIMSI 2 , KSI AS ME_0) , Similarly, RAND ME is generated by the ME in the UE, KSI ASME — O for Former KSI ASME . Furthermore, HE generates HEMAC TIMSI 2 ( = flK ASME (TIMSI_2|| AND M E||IMSI ) and checks if 3(3⁄4Μ 8ι 2 is equal to MAC TIMSI 2 . If equal, it means that T IMSI 2 is in transit has not been tampered with, the MME after receiving the response message from the TIM SI _ HE include 3, users are assigned GUTI.
优选地, 除了提供完整性保护, 在本实施例中还可以提供加密等安全 策略, 以进一步提高安全性。  Preferably, in addition to providing integrity protection, security policies such as encryption may also be provided in this embodiment to further improve security.
需要注意的是, 在图 4示出的实施例中, 为 UE用户的伪名提供保护 的流程仅用于举例, 本领域技术人员应当理解, 还可以采用其他各种可行 的方式来提供完整性保护。 例如, 在消息中增加其他的校验向量, 或者由 MME在接收到来自 UE的消息时进行校验, 而不是必须由 HE来实现。  It should be noted that in the embodiment shown in FIG. 4, the process of providing protection for the pseudo name of the UE user is for example only, and those skilled in the art should understand that other various feasible ways may be used to provide integrity. protection. For example, other check vectors are added to the message, or are verified by the MME when receiving a message from the UE, rather than having to be implemented by the HE.
上文以 SAE/LTE 系统架构为例描述了本发明的方案。 然而, 上述实 施例仅仅为了举例以说明本发明的方案, 事实上, 本发明的方案不限于 SAE/LTE架构。  The solution of the present invention has been described above by taking the SAE/LTE system architecture as an example. However, the above embodiments are merely for the purpose of illustrating the solution of the present invention. In fact, the solution of the present invention is not limited to the SAE/LTE architecture.
例如, 图 5示出了一个在 UMTS网絡环境中实现本发明的方案的流程 图。 类似地, 表示 UE、 VLR/SGSN. HSS三者的方框下方的竖线表示时 间, 并且随着时间的延续, 上述竖线向下延展。 由图 5 可见, UE、 VLR/SGSN HSS三者的通信流程与图 4相似, 不同之处仅在于, 由于网 络架构的不同, 与 UE通信的实体为 VLR/SGSN而不是 MME。  For example, Figure 5 shows a flow diagram of a solution for implementing the present invention in a UMTS network environment. Similarly, the vertical line below the box representing the UE, VLR/SGSN. HSS indicates the time, and as the time continues, the above vertical line extends downward. It can be seen from FIG. 5 that the communication flow of the UE, the VLR/SGSN HSS is similar to that of FIG. 4, except that the entity communicating with the UE is a VLR/SGSN instead of an MME due to different network architectures.
由上述图 3至图 5的实例可见, 根据本发明的方案, 消除了当网絡无 法识别用户时由于 UE向网络中的实体发送 IMSI而引发的可能泄漏用户 隐私的漏洞。 并且, 本领域技术人员可以理解, 本发明可以用于任何类型 的网络架构, 而不限于移动网络或移动设备。 只要网络为用户分配了任何 包含用户隐私的信息, 并且用户设备 UE需要将上述包含用户隐私的信息 发送至其他网络实体以标识 /识别用户, 均可以使用本发明提供的方案, 也 就是为用户分配伪名, 并在向其他网络实体发送的消息中用所分配的伪名 来替代用户的隐私信息。  As can be seen from the above-described examples of Figs. 3 to 5, according to the solution of the present invention, a vulnerability that may leak user privacy due to the UE transmitting IMSI to an entity in the network when the network cannot identify the user is eliminated. Moreover, those skilled in the art will appreciate that the present invention can be used with any type of network architecture, and is not limited to mobile networks or mobile devices. As long as the network allocates any information including user privacy to the user, and the user equipment UE needs to send the above information including user privacy to other network entities to identify/recognize the user, the solution provided by the present invention may be used, that is, the user is allocated. A pseudonym, and the user's private information is replaced with the assigned pseudonym in the message sent to other network entities.
图 6示出了一个可以包括在 HE设备中的为 UE用户分配伪名的装置 的实例。 如图 6所示, 该装置包括: 伪名分配装置用于为具有诸如 IMSI 等身份标识的 UE用户分配伪名。 网^ ^口, 用于与其他的网絡设备进行 交互, 以便将所述分配的伪名发送至 HE、 UE或 MME等需要所述伪名的 网絡实体。 优选地, 还可以包括存储装置, 例如数据库, 用于维护 UE用 户以及为其分配的伪名之间的对应关系、 伪名状态等信息。 优选地, 还可 以包括伪名维护装置, 用于对用户伪名的状态(即现用或将来使用)进行 更新, 优选地, 为了节约资源, 用于释放不再使用的伪名。 可选地, 可以 由网络中 HE, 或者例如专用的伪名数据库、 伪名服务器等其他设备来实 现上述存储装置、 伪名维护装置的所执行的操作。 FIG. 6 shows an example of a device that can be included in an HE device to assign a pseudo name to a UE user. As shown in FIG. 6, the apparatus includes: a pseudo-name assignment means for having an IMSI such as The identity of the UE user is assigned a pseudo-name. The network interface is configured to interact with other network devices to send the assigned pseudonym to a network entity that requires the pseudo name, such as an HE, a UE, or an MME. Preferably, a storage device, such as a database, is used to maintain information such as a correspondence between the UE user and the pseudo name assigned thereto, a pseudo-name status, and the like. Preferably, the pseudo-name maintenance device may be further included for updating the state of the user pseudo-name (ie, active or future use), preferably, for saving resources, for releasing the pseudo-name that is no longer used. Alternatively, the operations performed by the storage device and the pseudo-name maintenance device may be implemented by an HE in the network, or other devices such as a dedicated pseudo-name database, a pseudo-name server, or the like.
图 7示出了一个可以包括在 UE中的使用伪名的装置的实例。 如图 7 所示, 该装置包括: 伪名维护装置, 用于维护 UE收到的分配给用户的伪 名, 优选地, 负责更新伪名的状态。 可选地, 当接收到为用户分配的新的 伪名时, 伪名维护装置将接收到的伪名的状态设置为将来使用, 并以其覆 盖 /替代失效的伪名。身份标识管理装置,当收到来自 MME的身份请求时, 替代发送用户的 IMSI, 向 MME发送包含伪名的响应消息,优选地,停止 使用当前 "现用的" 伪名。 网^ ^口, 用于与其他网络设备进行交互, 以 获得为其分配的伪名, 或将其伪名发送至需要的设备。 优选地, 还包括存 储装置, 用于存储接收到的用户的伪名。  Fig. 7 shows an example of a device that can be included in a UE using a pseudonym. As shown in FIG. 7, the apparatus includes: a pseudo-name maintenance device, configured to maintain a pseudo-name received by the UE and allocated to the user, and preferably, is responsible for updating the status of the pseudo-name. Alternatively, when receiving a new pseudo-name assigned to the user, the pseudo-name maintenance device sets the state of the received pseudo-name to be used in the future, and overwrites/replaces the invalid pseudo-name with it. The identity management device, when receiving the identity request from the MME, sends a response message containing the pseudonym to the MME instead of transmitting the IMSI of the user, preferably stopping using the current "active" pseudonym. The network ^^ port is used to interact with other network devices to obtain pseudo-names assigned to them, or to send their pseudo-names to the required devices. Preferably, a storage device is further included for storing the pseudo name of the received user.
图 8示出了一个根据本发明的包括在 MME中的装置的实例。 如图 8 所示, 该装置包括: GUTI管理装置, 当接收到来自 UE的包含用户伪名 的消息时, 为 UE用户分配 GUTI。 网洛接口, 用于与其他网络设备进行 交互。 优选地, 还包括用户管理装置, 用于当无法识别用户时, 向 UE发 送身份请求消息, 优选地, 在需要的时候, 向 HE发送消息, 以便请求 HE 分配新的用于用户将来使用的伪名。 优选地, 还包括存储装置, 用于存储 GTUI、 用户的 IMSI等相关信息, 可选地, 当 MME具有提取 HE为用户 分配的伪名时, 存储获取的伪名。  Fig. 8 shows an example of a device included in the MME according to the present invention. As shown in FIG. 8, the apparatus includes: a GUTI management apparatus, when receiving a message including a user pseudo name from a UE, assigning a GUTI to the UE user. The network interface is used to interact with other network devices. Preferably, the method further includes user management means for transmitting an identity request message to the UE when the user cannot be identified, preferably sending a message to the HE when needed, in order to request the HE to allocate a new pseudo for the future use of the user. name. Preferably, the storage device is further configured to store the related information of the GTUI, the user's IMSI, and the like. Optionally, when the MME has the pseudo name assigned to the user by the HE, the obtained pseudo name is stored.
上文概略地描述了本发明的方案。 根据本发明的方案, 其可以由硬件 来实现, 也可以由软件来实现, 或者其组合来实现。  The solution of the present invention has been roughly described above. According to the solution of the present invention, it may be implemented by hardware, may be implemented by software, or a combination thereof.
除了上文所述的方法、 设备, 本发明还提供了实现上述方法、 设备的 计算机程序, 以及计算机系统, 其中包括处理器, 处理器被配置来执行实 现本发明的方法或设备的计算机程序。 In addition to the methods and devices described above, the present invention also provides a method and apparatus for implementing the above methods. A computer program, and a computer system, including a processor, is configured to execute a computer program for implementing the method or apparatus of the present invention.
尽管本发明以 MME、 VLR/SGSN为例, 但是本领域技术人员应当理 解, MME或 VLR/SGSN可以被替换为网络中任何负责维护 UE用户的标 识, 或者当无法识别 UE用户时向其请求身份标识的网絡实体, 对此, 本 发明将其统称为网絡中的相关实体。  Although the present invention takes MME, VLR/SGSN as an example, those skilled in the art should understand that the MME or VLR/SGSN can be replaced with any identifier in the network responsible for maintaining the UE user, or requesting identity when the UE user cannot be identified. The identified network entities, to which the present invention is collectively referred to as related entities in the network.
尽管本发明以 HE为用户分配伪名为例, 但是本领域技术人员应当了 解, 随着网络环境的不同, 分配伪名不限于由 HE来实现, 其可以由任何 可以获得用户的相关信息并具有为用户分配伪名权限的网络实体来实现, 对此, 本发明将其统称为管理用户标识的网絡实体。  Although the present invention assigns pseudo-names to users by HE, those skilled in the art should understand that, as the network environment is different, the allocation pseudo-name is not limited to be implemented by the HE, which may be obtained by any relevant information of the user and has This is implemented by a network entity that assigns a pseudo-name authority to the user. To this end, the present invention collectively refers to the network entity that manages the user identity.
本发明所述的网络实体可以为服务器、 路由器等单独的或是组合的任 何类型的网絡元件。  The network entity of the present invention may be any type of network element, either alone or in combination, such as a server or a router.
尽管本发明以 IMSI为例, 但是本领域技术人员应当理解, 其他任何 包括用户隐私内容的信息, 均可以由本发明提供的方案来保护。 对此, 由 于包含用户隐私内容的信息往往是不易改变的, 因而本发明将其统称为通 信终端用户的永久身份标识。 需要注意的是, 这里所称的 "永久" 是相对 的, 而不是绝对的。  Although the present invention is exemplified by IMSI, those skilled in the art will appreciate that any other information including user privacy content may be protected by the solution provided by the present invention. In this regard, since the information containing the user's private content is often difficult to change, the present invention collectively refers to the permanent identity of the communication terminal user. It should be noted that the term "permanent" as used herein is relative, not absolute.
本发明所述的用户设备 UE指手机、 PDA、 台式计算机、 便携式计算 机等任何可以接入网絡访问运营商提供的业务的通信终端。  The user equipment UE according to the present invention refers to any communication terminal that can access a service provided by a network access operator, such as a mobile phone, a PDA, a desktop computer, a portable computer or the like.
本发明所述的网络接口指任何可以用来与其他的网络实体、 装置等进 行通信的软件、 硬件或其组合。  The network interface of the present invention refers to any software, hardware or combination thereof that can be used to communicate with other network entities, devices, and the like.
本发明的所列举的实施例仅用于举例, 以说明本发明的方案, 其不应 当被理解为对本发明的限制。 本领域技术人员应该理解, 在不脱离本发明 的思想的前提下, 可以对上述实施例做任何的变形、 拆分以及组合, 其仍 然落在本发明的保护范围之内。  The exemplified embodiments of the present invention are intended to be illustrative only and not to limit the invention. It will be understood by those skilled in the art that the present invention may be modified, split, and combined without departing from the spirit and scope of the invention.

Claims

权 利 要 求 Rights request
1. 一种用于为通信终端的用户提供身份机密性保护的方法, 包括步 骤:  A method for providing identity confidentiality protection to a user of a communication terminal, comprising the steps of:
A. 由管理用户标识的网络实体为所述通信终端的用户分配至少两个 伪名;  A. The network entity identified by the management user assigns at least two pseudo-names to users of the communication terminal;
B. 当无法识别所述通信终端的用户时,网络中的相关实体向所述通信 终端发送请求用户永久身份标识的消息, 以识别所述通信终端用户;  B. When the user of the communication terminal cannot be identified, a related entity in the network sends a message requesting the user's permanent identity to the communication terminal to identify the communication terminal user;
C. 响应于接收到的所述消息,替代发送所述永久身份标识, 所述通信 终端向所述网络中的相关实体发送包括为用户分配的非现用的伪名的响应 消息。  C. In response to receiving the message, instead of transmitting the permanent identity, the communication terminal transmits a response message including an inactive pseudonym assigned to the user to a related entity in the network.
2. 根据权利要求 1所述的方法, 其中, 所述管理用户标识的网絡实 体根据所述通信终端的伪名使用情况, 或者根据所述网络中的相关实体的 请求, 为所述通信终端分配新的伪名。  2. The method according to claim 1, wherein the network entity that manages the user identity allocates to the communication terminal according to a pseudo-name usage of the communication terminal, or according to a request of a related entity in the network. New pseudonym.
3. 根据权利要求 2所述的方法, 其中, 当为所述通信终端分配新的 伪名时, 所述管理用户标识的网络实体将新的伪名发送至所述通信终端, 或经由所述网络中的相关实体将所述新的伪名发送至所述通信终端。  3. The method according to claim 2, wherein, when a new pseudo-name is assigned to the communication terminal, the network entity managing the user identity sends a new pseudo-name to the communication terminal, or via the A related entity in the network sends the new pseudonym to the communication terminal.
4. 根据权利要求 3所述的方法, 其中, 所述网络中的相关实体具有 提取所述新的伪名的权限, 或者所述管理用户标识的网络实体以加密方式 将所述新的伪名发送至所述网络中的相关实体, 以便当所述通信终端仍处 于所述网絡中的相关实体所在的网絡时, 在需要的时候所述网絡中的相关 实体不再向所述移动终端发送所述身份请求消息, 而是直接使用所述新的 伪名。  4. The method according to claim 3, wherein the related entity in the network has the right to extract the new pseudo name, or the network entity managing the user identifier encrypts the new pseudo name Transmitting to a related entity in the network, so that when the communication terminal is still in the network where the related entity in the network is located, the related entity in the network no longer sends the relevant entity to the mobile terminal when needed The identity request message is described, but the new pseudo-name is used directly.
5. 根据前述任一权利要求所述的方法,在步骤 C中, 为所述伪名的 传输提供完整性保护和 /或加密性保护。  5. A method according to any of the preceding claims, in step C, providing integrity protection and/or cryptographic protection for the transmission of the pseudonym.
6. 一种用于为通信终端的用户提供身份机密性保护的装置, 包括: 伪名分配装置, 用于为所述通信终端用户分配伪名;  6. An apparatus for providing identity confidentiality protection for a user of a communication terminal, comprising: a pseudo-name assignment means for assigning a pseudo-name to the communication terminal user;
网绍接口, 用于与其他网络设备进行交互;  Network interface, used to interact with other network devices;
其中, 当所述通信终端被请求发送用户的身份标识时, 替代发送所述 身份标识, 所述通信终端发送为其分配的伪名。 Wherein, when the communication terminal is requested to send the identity of the user, instead of sending the An identity identifier, the communication terminal sends a pseudo name assigned to it.
7. 一种用于为通信终端的用户提供身份机密性保护的装置, 所述装 置被配置用来为所述通信终端用户分配伪名, 以及用来将所述分配的伪名 发送至需要的网络实体, 以便当所述通信终端被请求发送用户的身份标识 时, 替代发送所述身份标识, 所述通信终端发送为其分配的伪名。  7. An apparatus for providing identity confidentiality protection for a user of a communication terminal, the apparatus being configured to assign a pseudonym to the communication terminal user, and to transmit the assigned pseudonym to a desired a network entity, such that when the communication terminal is requested to transmit the identity of the user, instead of transmitting the identity, the communication terminal sends a pseudonym assigned thereto.
8. 一种用于为通信终端用户提供身份机密性保护的装置, 包括: 伪名维护装置, 用于管理所述通信终端收到的用户伪名;  8. An apparatus for providing identity confidentiality protection for a communication terminal user, comprising: a pseudonym maintenance apparatus, configured to manage a user pseudo name received by the communication terminal;
身份标识管理装置, 当接收到请求其发送用户的永久身份标识的消息 时, 替代发送所述永久身份标识, 发送包括所述用户伪名中的非现用伪名 的响应消息;  The identity management device, when receiving the message requesting the user to send the permanent identity of the user, instead of sending the permanent identity, sending a response message including the inactive pseudo name in the user pseudo name;
网络接口, 用于与其他网络设备进行交互。  Network interface, used to interact with other network devices.
9. 一种用于为通信终端的用户提供身份机密性保护的装置, 所述装 置被配置用来管理所述通信终端收到的用户伪名, 用来当接收到请求其发 送用户的永久身份标识的消息时, 替代发送所述永久身份标识, 发送包括 所述用户伪名中的非现用伪名的响应消息。  9. An apparatus for providing identity confidentiality protection to a user of a communication terminal, the apparatus being configured to manage a user pseudo name received by the communication terminal for receiving a permanent identity of the user when receiving the request When the message is identified, instead of sending the permanent identity, a response message including the inactive pseudo-name in the user pseudo-name is sent.
10. 一种用于为通信终端的用户提供身份机密性保护的装置, 包括: GUTI 管理装置, 当接收到来自所述通信终端的包含用户伪名的消息 时, 为所述通信终端用户分配 GUTI;  10. An apparatus for providing identity confidentiality protection for a user of a communication terminal, comprising: a GUTI management apparatus, assigning a GUTI to the communication terminal user when receiving a message containing a user pseudo name from the communication terminal ;
网洛接口, 用于与其他网絡设备进行交互。  The network interface is used to interact with other network devices.
11. 一种用于为通信终端的用户提供身份机密性保护的装置, 所述装 置被配置用来向所述通信终端发送请求永久身份标识的消息, 用来当接收 到来自所述通信终端的包含用户伪名的消息时, 为所述通信终端用户分配 GUTL  11. A device for providing identity confidentiality protection to a user of a communication terminal, the device being configured to send a message requesting a permanent identity to the communication terminal for receiving a message from the communication terminal When the message containing the user pseudo name is included, the communication terminal user is assigned a GUTL
12.根据权利要求 10或 11所述的装置, 其特征在于, 所述装 置向管理用户标识的网络实体发送请求分配用于所述通信终端用 户的伪名的消息, 以便所述通信终端用户将来使用。  The device according to claim 10 or 11, wherein the device sends a message requesting to allocate a pseudo name for the communication terminal user to a network entity that manages the user identity, so that the communication terminal user may use.
13.一种计算机程序,其包括用于执行权利要求 1至 5所述的 任一方法的指令代码, 或包括用于执行权利要求 6至 12所述的任 一装置的指令代码 13. A computer program comprising instruction code for performing any of the methods of claims 1 to 5, or comprising for performing any of claims 6 to 12 Instruction code of a device
PCT/CN2008/072641 2008-10-10 2008-10-10 Method and apparatus for providing user of communication terminal with identity confidentiality protection WO2010040259A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2008/072641 WO2010040259A1 (en) 2008-10-10 2008-10-10 Method and apparatus for providing user of communication terminal with identity confidentiality protection
CN200880130771.5A CN102124767B (en) 2008-10-10 2008-10-10 A kind of method and apparatus for providing identity Confidentiality protection for user of communication terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2008/072641 WO2010040259A1 (en) 2008-10-10 2008-10-10 Method and apparatus for providing user of communication terminal with identity confidentiality protection

Publications (2)

Publication Number Publication Date
WO2010040259A1 true WO2010040259A1 (en) 2010-04-15
WO2010040259A8 WO2010040259A8 (en) 2010-12-29

Family

ID=42100188

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/072641 WO2010040259A1 (en) 2008-10-10 2008-10-10 Method and apparatus for providing user of communication terminal with identity confidentiality protection

Country Status (2)

Country Link
CN (1) CN102124767B (en)
WO (1) WO2010040259A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107205173B (en) * 2017-06-26 2020-07-31 武汉斗鱼网络科技有限公司 Live webcast interaction method and device
CN107911813B (en) * 2017-11-24 2020-07-07 中国科学院信息工程研究所 Transparent mode mobile user identity management method and system
CN111612467A (en) * 2019-02-26 2020-09-01 陈善席 Data management method and device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1571529A (en) * 2003-07-15 2005-01-26 华为技术有限公司 A method of user terminal identification for service server
US20080188200A1 (en) * 2007-02-02 2008-08-07 Nokia Corporation Security key generation for wireless communications

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1571529A (en) * 2003-07-15 2005-01-26 华为技术有限公司 A method of user terminal identification for service server
US20080188200A1 (en) * 2007-02-02 2008-08-07 Nokia Corporation Security key generation for wireless communications

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project, Technical Specification Group Services and System Aspects, General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access, Release 8", 3GPPTS 23.401 V8.3.0, 30 September 2008 (2008-09-30), pages 51 - 56 *
"3rd Generation Partnership Project, Technical Specification Group Services and System Aspects, Rationale and track of security decisions in Long Term Evolved (LTE) RAN /3GPP System Architecture Evolution (SAE), Release 8", 3GPP TR 33.821 V1.0.0, 31 December 2007 (2007-12-31), pages 11 - 13 *
ATENIESE G ET AL.: "Untraceable mobility or how to travel incognito", COMPUTER NETWORKS, vol. 31, no. 8, 23 April 1999 (1999-04-23), pages 871 - 884 *

Also Published As

Publication number Publication date
CN102124767B (en) 2017-03-15
WO2010040259A8 (en) 2010-12-29
CN102124767A (en) 2011-07-13

Similar Documents

Publication Publication Date Title
CN109511115B (en) Authorization method and network element
US20200228511A1 (en) Reoccuring Keying System
CN109842880B (en) Routing method, device and system
US9768961B2 (en) Encrypted indentifiers in a wireless communication system
US11974132B2 (en) Routing method, apparatus, and system
US9344881B2 (en) Identifiers in a communication system
KR100961087B1 (en) Context limited shared secret
US9853965B2 (en) Authentication service for third party applications
JP5952308B2 (en) Mobile device security
JP4620755B2 (en) Method and apparatus for operating a wireless home area network
Khan et al. Defeating the downgrade attack on identity privacy in 5G
CN114846764A (en) Method, apparatus and system for updating anchor keys in a communication network for encrypted communication with service applications
JP2009538096A (en) Authentication of tamper resistant modules in base station routers
KR20220128993A (en) Method, device, and system for generating and managing anchor keys in a communication network for encrypted communication with service applications
TW202142011A (en) A method for preventing encrypted user identity from replay attacks
US20230269690A1 (en) Registration methods using one-time identifiers for user equipments and nodes implementing the registration methods
WO2010040259A1 (en) Method and apparatus for providing user of communication terminal with identity confidentiality protection
CN114946153A (en) Method, device and system for application key generation and management in a communication network in encrypted communication with a service application
JP2012060357A (en) Remote access control method for mobile body system
WO2012000313A1 (en) Method and system for home gateway certification
JP6892846B2 (en) User authentication method for core network system including authentication device and service device
KR100968522B1 (en) Mobile Authentication Method for Strengthening the Mutual Authentication and Handover Security
Køien Privacy enhanced mobile authentication
WO2022183427A1 (en) Method, device, and system for protecting sequence number in wireless network
CN116711387A (en) Method, device and system for authentication and authorization by using edge data network

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200880130771.5

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08877228

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08877228

Country of ref document: EP

Kind code of ref document: A1