CN101094531A - Decision method of not carrying out encryption on customers - Google Patents
Decision method of not carrying out encryption on customers Download PDFInfo
- Publication number
- CN101094531A CN101094531A CNA2007101378667A CN200710137866A CN101094531A CN 101094531 A CN101094531 A CN 101094531A CN A2007101378667 A CNA2007101378667 A CN A2007101378667A CN 200710137866 A CN200710137866 A CN 200710137866A CN 101094531 A CN101094531 A CN 101094531A
- Authority
- CN
- China
- Prior art keywords
- user
- customer side
- encryption
- side encryption
- enb
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention is used for reducing the processing load of evolution packet system. The method comprises: when user device is attached, the information for indicating there is no need to encrypt the user plane is added into user subscription data sent from the home subscriber server (HSS) to the mobile management unit; according to the identification capability of said indication information capable of being identified by said mobile management unit and the support capability of the evolved base station to the encryption of user plane, determining that the user plane encryption is not executed.
Description
Technical field
The present invention relates to the mobile communication technology field, specifically, relate to the method that a kind of decision does not carry out encryption on customers.
Background technology
As shown in Figure 1, grouping system (the EPS of 3GPP evolution, Evolved Packet System) by the land radio access web (EUTRAN of evolution, Evolved UMTS Terrestrial Radio AccessNetwork, UMTS), EPS core net (EPC, Evolved Packet Core) by mobile management unit (MME, Mobility Management Entity), gateway (S-GW, ServingGateway), packet data network gateway (PDN GW, Packet Data Network), home subscriber server (HSS, Home Subscriber Server), and other support nodes are formed.Interface between EUTRAN and the mobile management unit is that the interface between S1-MME and the gateway is S1-U, interface between mobile management unit and the home subscriber server is that the interface between S6a and the gateway is S11, and the interface between gateway and the packet data network gateway is S5.Packet data network gateway is SGi to the interface of external network.
Wherein, mobile management unit is responsible for mobile management, the processing of Non-Access Stratum signaling, chain of command related works such as user's safe mode management.Home subscriber server mainly is responsible for storage user's subscription data, the position in network, and the configuration of network etc.
In the UTRAN of evolution, base station equipment is the base station (eNB, evolved Node-B) of evolution, mainly is responsible for wireless telecommunications, mobility context management and/or user's safe mode management.
The user contracting data of preserving in home subscriber server comprises the whether network service of signatory certain operator and this user signatory a certain business whether of this user, or the like.
When subscriber equipment (UE, User Equipment) when being attached to certain EPC, after successfully carrying out authentication between UE and the network, MME upgrades user's position to the HSS request, and HSS writes user contracting data to MME, and detailed process comprises step as shown in Figure 2:
Step 208-209, MME require S-GW and PDN GW to set up carrying;
Step 211-212, UE and UTRAN set up radio bearer;
In EPS, need to carry out the integrity protection and the encryption of Non-Access Stratum (NAS, Non AccessStratum) signaling between UE and the MME.Need to carry out the encryption and the integrity protection of AS (Access Layer, Access Stratum) signaling between the eNB of UE and UTRAN.Also need to carry out the encryption of user's face between UE and the eNB.UE is with the security capabilities (security capability) of UE, it is the algorithm list that UE supports, comprise that the customer side encryption algorithm list that UE supports sends to evolved packet system, encryption for user's face, the algorithm of user plane tabulation that customer side encryption algorithm list of UE being supported by the eNB of evolved packet system or MME and eNB are supported compares, if support identical algorithm of user plane, then the eNB of evolved packet system or MME select an identical algorithm of user plane to send to UE, detailed process comprises step as shown in Figure 3:
Step 301, UE sends to evolved packet system with the security capabilities of UE by eNB in Attach Request message.
The security capabilities of UE is meant the integrality of UE support and the algorithm list of encryption, comprises the customer side encryption algorithm list.Select if MME carries out algorithm of user plane, then eNB need send the security capabilities of eNB simultaneously to MME when transmitting Attach Request message.
Step 302 is carried out authentication between UE and the evolved packet system.
Step 303, after the successful authentication, the customer side encryption algorithm that evolved packet system functional entity MME or eNB select a UE and evolved packet system to support.
If carrying out algorithm of user plane, evolved packet system functional entity MME selects; MME sends the wireless access network application protocol (eRANAP of evolution; evolved Radio Access NetworkApplication Part) message is given eNB, comprises protection algorithm integrallty and the cryptographic algorithm and the customer side encryption algorithm of selected Access Layer.If carrying out algorithm of user plane, evolved packet system functional entity eNB selects; MME sends eRANAP message to eNB; the protection algorithm integrallty tabulation and the cryptographic algorithm that comprise the Access Layer of UE permission are tabulated and the customer side encryption algorithm list, are selected protection algorithm integrallty and the cryptographic algorithm and the customer side encryption algorithm of Access Layer again by eNB.
Step 304, eNB sends Access Layer safe mode command (SMC, Security ModeCommand) and gives UE, comprises selected customer side encryption algorithm.
Step 305, UE returns safe mode command to eNB and finishes (SMC complete) message.
Step 306, receive that safe mode command is finished message after, eNB begins customer side encryption.
The encryption of user's face mainly is that the content of user's face is encrypted, and for the certain user, only carries out common communication with mobile communcations system, does not involve the content of need to be keep secret, with regard to there is no need the content of user's face is encrypted so.Such as certain user only uses terminal to make a phone call to carry out common chat or contact, and his dialog context there is no need to encrypt so.
For eNB,, can bring bigger processing load (processing load) to eNB so if all will carry out the encryption of user's face to each user.If can encrypt user's face according to specific user's demand, then can significantly reduce the processing load of evolved packet system functional entity eNB.Further, operator can offer the user who needs with customer side encryption as a kind of business.
Summary of the invention
Technical problem to be solved by this invention is that the method that need provide a kind of decision not carry out encryption on customers for mobile communcations system is provided, to reduce the processing load of evolved packet system.
In order to solve the problems of the technologies described above, the invention provides the method that a kind of decision does not carry out encryption on customers, when subscriber equipment adheres to, in the user contracting data that mobile management unit sends, add the indication information that does not need customer side encryption at home subscriber server, can identify the recognition capability of described indication information according to described mobile management unit, and the base station of evolution can not carry out the tenability of described customer side encryption, and decision does not carry out encryption on customers.
In the said method, described not carrying out encryption on customers can be by the base station decision of described mobile management unit or described evolution.
Said method may further include, and need then can determine to carry out customer side encryption to the indication information of customer side encryption if add in described user contracting data; If described mobile management unit does not possess described recognition capability, then can determine to carry out customer side encryption; If the base station of described evolution does not possess described tenability, then also can determine to carry out customer side encryption.
Further, the described customer side encryption that carries out can be by the base station decision of described mobile management unit or described evolution.But also can select the customer side encryption algorithm, and send to described subscriber equipment.Particularly, described customer side encryption algorithm can be selected by described mobile management unit, and sends to described subscriber equipment by the base station of described evolution, perhaps can be directly base station selected by described evolution, and send to described subscriber equipment.
Said method can further send the message that does not carry out encryption on customers to described subscriber equipment.Particularly, the described message that does not carry out encryption on customers can be sent by the base station of described mobile management unit by described evolution, perhaps can be directly by the base station transmission of described evolution.
Compared with prior art, the present invention is owing to have the following advantages:
1) can carry out according to user's selection certain customers are not carried out encryption on customers, therefore reduce the processing load of evolved packet system functional entity eNB;
2) operator can offer the user who needs as a kind of business with customer side encryption, has therefore enriched the service selection of operator.
Description of drawings
Fig. 1 is an EPS system architecture diagram in the prior art.
Fig. 2 writes the signaling process of user contracting data to MME for HSS in the prior art.
Fig. 3 is the signaling process of user encryption negotiating algorithm in the prior art.
Fig. 4 is the inventive method embodiment step schematic diagram.
Fig. 5 is the schematic flow sheet of first Application Example of the inventive method.
Fig. 6 is the schematic flow sheet of the 4th Application Example of the inventive method.
Embodiment
Below in conjunction with accompanying drawing and the present invention is described in further detail.Wherein, provide following examples with provide to of the present invention comprehensively and thorough, rather than the present invention carried out any restriction.
Thought of the present invention is, the user is in user contracting data, and whether add needs indication information that user's face is encrypted; Can identify the recognition capability of the indication information that needs whether encrypt user's face according to evolved packet system functional entity MME self, and can evolved packet system functional entity eNB self support tenability that described user's face is not encrypted, determine whether user's face is encrypted, if promptly the user does not need to carry out customer side encryption yet, and MME can identify this information that does not need to carry out customer side encryption, and eNB supports not carry out encryption on customers, and so just do not carry out encryption on customers; Otherwise just carry out customer side encryption.
Whether, need improve user contracting data, adding therein needs user's face is carried out information encrypted for this reason.In addition, also need evolved packet system functional entity MME is improved, allow it possess to identify whether need recognition capability that user's face is encrypted, and allow evolved packet system functional entity eNB support as required user's face is not encrypted.Certainly, if MME does not possess this recognition capability, whether needing of then ignoring in the user contracting data to be added carried out information encrypted to user's face, directly by prior art user's face encrypted.Perhaps, though MME possesses the ability of the above-mentioned indication information of identification, eNB does not support user's face is not encrypted, and then no matter whether the user needs user's face is encrypted, and all will encrypt user's face.
Fig. 4 shows the step of the inventive method, comprising:
In the evolved packet system above-mentioned steps 407, select if MME carries out algorithm of user plane, then MME sends eRANAP message to eNB, comprises the selected customer side encryption algorithm of MME in this message, by eNB selected customer side encryption algorithm is sent to UE again; Select if eNB carries out algorithm of user plane, MME then sends eRANAP message to eNB, comprises the customer side encryption algorithm list that UE allows, and by eNB the customer side encryption algorithm is selected, and selected customer side encryption algorithm is sent to UE.
Provide first Application Example of the present invention below, identify the user in the user contracting data and do not needed to carry out customer side encryption, and the evolved packet system functional entity possesses according to user's needs and discerns the whether needs ability of encrypting of user's face, and possesses selection whether to the tenability of customer side encryption, as shown in Figure 5, whether need the signaling process that user's face is encrypted is comprised by the MME decision:
Step 501, UE sends to eNB and adheres to request, be initiation layer 3 message, in this message, UE has reported the security capabilities of UE to evolved packet system, be Non-Access Stratum integrity protection and the cryptographic algorithm tabulation that UE supports, the algorithm list of Access Layer integrity protection and cryptographic algorithm tabulation and customer side encryption;
Step 502, eNB gives MME with above initiation layer 3 forwards, eNB is to the security capabilities of MME report eNB itself simultaneously, be the algorithm list of the integrity protection of the Access Layer supported of eNB and cryptographic algorithm tabulation, customer side encryption, and whether eNB possess the ability that support is not encrypted user's face;
Step 503 is optionally carried out authentication between UE and the evolved packet system;
Step 504, MME upgrades the position of UE to HSS;
Step 505, HSS has this user of indication not need to carry out the information of customer side encryption to the subscription data that MME sends the user in this subscription data;
Step 506, because evolved packet system functional entity MME possesses the ability of the above information of identification, just according to this information, judging the user does not need to carry out customer side encryption;
Step 507, eNB possesses the ability that support is not encrypted user's face, so the process that do not carry out encryption on customers of MME decision, and MME does not carry out algorithm of user plane yet and selects;
Step 508, MME sends eRANAP message to eNB, comprises the announcement information that does not need customer side encryption in this message;
Step 509, eNB sends the Access Layer Security Mode Command message to UE, comprises the announcement information that does not need customer side encryption in this command messages;
Step 510, UE replys the Access Layer safe mode command to eNB and finishes message;
Step 511, receive that the Access Layer safe mode command is finished after, eNB does not start customer side encryption.
In step 506, if operator all is configured to possess the ability that support is not encrypted user's face to all eNB that this MME connects, the direct process that do not carry out encryption on customers of decision of MME so, step 507 can be ignored.Simultaneously, in the step 502, whether eNB also can possess the ability that support is not encrypted user's face to the MME report.
In the middle of second Application Example of the present invention, evolved packet system functional entity MME does not possess the ability that the user does not need to carry out customer side encryption that identifies, then can not discern the information that the user does not need to carry out customer side encryption, therefore MME just ignores this information, and enters the flow process that need encrypt user's face.
In the middle of the 3rd Application Example of the present invention, evolved packet system functional entity MME possesses the ability that the user does not need to carry out customer side encryption that identifies, but evolved packet system functional entity eNB itself does not have the ability that support is not encrypted user's face, so the MME judgement still need be encrypted user's face.
Provide the 4th Application Example of the present invention below, identify the user in the user contracting data and do not needed to carry out customer side encryption, and the evolved packet system functional entity possesses according to user's needs and discerns the whether needs ability of encrypting of user's face, and possesses selection whether to the tenability of customer side encryption, as shown in Figure 6, whether need the signaling process that user's face is encrypted is comprised by the eNB decision:
Step 603 is optionally carried out authentication between UE and the evolved packet system;
In step 606, if operator all is configured to possess the ability that support is not encrypted user's face to all eNB that this MME connects, eNB does not directly carry out encryption on customers according to the notice decision of MME in the step 608 so, and need not carry out algorithm of user plane and select.
In the middle of the 5th Application Example of the present invention, evolved packet system functional entity MME possesses the ability that the user does not need to carry out customer side encryption that identifies, but evolved packet system functional entity eNB does not have the ability that support is not encrypted user's face, so eNB judges that still decision need be encrypted user's face.
In the middle of other Application Examples of the present invention, identify the user in the user contracting data and need carry out customer side encryption, then no matter whether the evolved packet system functional entity possesses identification user face and whether needs the ability of encrypting, and whether possess according to user's needs and whether select the tenability of customer side encryption is all needed user's face is encrypted.The flow process of encrypting is same as the prior art, repeats no more herein.
The above only is the preferred embodiments of the present invention; be not limited to the present invention; for a person skilled in the art; the present invention can have various changes and variation; all any modifications of being done within the spirit and principles in the present invention, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1, the method that do not carry out encryption on customers of a kind of decision, it is characterized in that, when subscriber equipment adheres to, in the user contracting data that mobile management unit sends, add the indication information that does not need customer side encryption at home subscriber server, can identify the recognition capability of described indication information according to described mobile management unit, and the base station of evolution can not carry out the tenability of described customer side encryption, and decision does not carry out encryption on customers.
2, the method for claim 1 is characterized in that, described not carrying out encryption on customers by the base station decision of described mobile management unit or described evolution.
3, the method for claim 1 is characterized in that, further comprises, need be if in described user contracting data, add to the indication information of customer side encryption, and then customer side encryption is carried out in decision.
4, the method for claim 1 is characterized in that, further comprises, if described mobile management unit does not possess described recognition capability, then customer side encryption is carried out in decision.
5, the method for claim 1 is characterized in that, further comprises, if the base station of described evolution does not possess described tenability, then customer side encryption is carried out in decision.
As claim 3,4 or 5 described methods, it is characterized in that 6, the described customer side encryption that carries out is by the base station decision of described mobile management unit or described evolution.
7, as claim 3,4 or 5 described methods, it is characterized in that, further select the customer side encryption algorithm, and send to described subscriber equipment.
8, method as claimed in claim 7, it is characterized in that described customer side encryption algorithm is selected by described mobile management unit, and send to described subscriber equipment by the base station of described evolution, perhaps direct base station selected by described evolution, and send to described subscriber equipment.
9, the method for claim 1 is characterized in that, further sends the message that does not carry out encryption on customers to described subscriber equipment.
10, method as claimed in claim 9 is characterized in that, the described message that does not carry out encryption on customers is sent by the base station of described mobile management unit by described evolution, and perhaps direct base station by described evolution sends.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2007101378667A CN101094531A (en) | 2007-07-24 | 2007-07-24 | Decision method of not carrying out encryption on customers |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2007101378667A CN101094531A (en) | 2007-07-24 | 2007-07-24 | Decision method of not carrying out encryption on customers |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101094531A true CN101094531A (en) | 2007-12-26 |
Family
ID=38992471
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNA2007101378667A Pending CN101094531A (en) | 2007-07-24 | 2007-07-24 | Decision method of not carrying out encryption on customers |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101094531A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101262337B (en) * | 2008-02-05 | 2012-06-06 | 中兴通讯股份有限公司 | Secure function control method and system |
CN101128066B (en) * | 2007-09-27 | 2012-07-18 | 中兴通讯股份有限公司 | Method and system without user interface encryption |
CN102595406A (en) * | 2012-02-15 | 2012-07-18 | 电信科学技术研究院 | Management method and equipment for subscription information |
CN108702303A (en) * | 2016-03-08 | 2018-10-23 | 华为技术有限公司 | One kind is that radio bearer carries out security configuration method and apparatus |
-
2007
- 2007-07-24 CN CNA2007101378667A patent/CN101094531A/en active Pending
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101128066B (en) * | 2007-09-27 | 2012-07-18 | 中兴通讯股份有限公司 | Method and system without user interface encryption |
CN101262337B (en) * | 2008-02-05 | 2012-06-06 | 中兴通讯股份有限公司 | Secure function control method and system |
CN102595406A (en) * | 2012-02-15 | 2012-07-18 | 电信科学技术研究院 | Management method and equipment for subscription information |
CN102595406B (en) * | 2012-02-15 | 2014-08-20 | 电信科学技术研究院 | Management method and equipment for subscription information |
CN108702303A (en) * | 2016-03-08 | 2018-10-23 | 华为技术有限公司 | One kind is that radio bearer carries out security configuration method and apparatus |
CN108702303B (en) * | 2016-03-08 | 2020-07-07 | 华为技术有限公司 | Method and equipment for carrying out security configuration on radio bearer |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102986258B (en) | Deliver the method and system of short message service message in mobile communication system | |
JP4475377B2 (en) | Wireless communication system, common key management server, and wireless terminal device | |
CN101142790B (en) | Secure switching system for networks and method for secure switching | |
CN101128061B (en) | Method and system for mobile management unit, evolving base station and identifying whether UI is encrypted | |
CN102869007B (en) | The method of secure algorithm negotiation, device and network system | |
CN1835436B (en) | General power authentication frame and method of realizing power auttientication | |
EP2928220B1 (en) | Method, system, base station and cluster epc for establishing group call context | |
US20120033815A1 (en) | Method of handling security key change and related communication device | |
CN101883346A (en) | Safe consultation method and device based on emergency call | |
CN101128066B (en) | Method and system without user interface encryption | |
US8463239B1 (en) | Secure reconfiguration of wireless communication devices | |
CN104735052A (en) | WiFi hot spot safe login method and system | |
CN103139769B (en) | A kind of wireless communications method and network subsystem | |
CN107979835A (en) | A kind of eSIM cards and its management method | |
CN104244189A (en) | Paging method in TD-LTE cluster fail-soft communication system | |
CN101119381B (en) | Method and system for preventing playback attack | |
CN101925050B (en) | Generation method and device of security context | |
KR101589562B1 (en) | Relay Frame structure for supporting transparent and bidirectional relays | |
CN101094531A (en) | Decision method of not carrying out encryption on customers | |
CN101355507A (en) | Method and system for generating cipher key for updating tracking zonetime | |
KR100842868B1 (en) | Spam short message blocking system using call back short message and spam short message blocking method using the same | |
CN100433911C (en) | Safety communication method | |
CN102065417B (en) | Method, equipment and system for realizing security context information synchronization | |
CN108702303B (en) | Method and equipment for carrying out security configuration on radio bearer | |
CN101166177A (en) | A method and system for initialization signaling transmission at non access layer |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20071226 |