A kind of mobile phone cipher selection method, system
Technical field
The present invention relates to the mobile phone cipher selection course of a kind of suitable 3GPP (3rd Generation Partnership Project) protocol compatibility, especially based on PLMN (Public Land Mobile Networks, common public land mobile network) finishes IMSI (International Mobile Subscriber Identity, international mobile subscriber identity) mobile phone cipher selection course.
Background technology
Along with the development of wireless communication technique, become more and more easily simultaneously in people's life, because the defective of technology, individual's secret protection problem also faces more and more serious challenge.The IMSI of mobile phone is unique in the world for discerning the number that a mobile subscriber distributes, and as cellphone subscriber's an important privacy information, is this user's distinguishing mark.
The third generation (3G, 3
RdGeneration) mobile communication system is the mobile communication system that present most countries in the world and area are all being used or will used.3GPP finishes all relevant standard operations as the normal structure of 3G.
In UMTS (Universal Mobile Telecommunication System) system, TMSI (Temporary Mobile Subscriber Identity is arranged, Temporary Mobile)/P-TMSI (Packet Temporary Mobile Subscriber Identity, the bag Temporary Mobile), IMSI and IMEI user label methods such as (International Mobile Equipment Identity, International Mobile Station Equipment Identification).TMSI/P-TMSI is used in the identification user by the network system branch, and can periodically update.IMSI is the exclusive unique user identity mark of user, is stored in the SIM (Subscriber Identity Module, identify label module) of mobile phone.IMEI is used for the mark cell phone apparatus, the User Recognition when generally being used for urgent call.
The permanent identity of user in UMTS is IMSI.The user identity identification in network almost under any circumstance all will be by TMSI/P-TMSI, and the confidentiality of user identity just can not revealed to passive stealer like this.Certainly, initial registration can not use temporary identity, because network when also not knowing user's permanent identity, is not understood user's basic conditions such as authority, can not distribute temporary identity.After the initial registration, temporary identity just can use.
If mobile phone enters new territory, can obtain the contact of IMSI and TMSI/P-TMSI by old route.If the route in old territory is not known in new territory, then mobile phone must be applied for new TMSI.In some places such as the airport, because down the crowd of machine opens mobile phone, there is a large amount of IMSI need be by the wave point transmission, this just means that the listener-in can be at an easy rate realizes tracking to the user by IMSI.
For better protection user profile, need carry out strict protection to user's IMSI territory.In the 3GPP agreement, consider when the user registers first, can't obtain key etc. and encrypt for information about, so IMSI adopts the plain code transmission to make user identity to be revealed in this course.
A kind of possible scheme is when mobile telephone registration first IMSI to be encrypted, protection user profile.But this method and present 3GPP agreement are incompatible, need the cost cost to transform existing equipment, and have also brought very big problem for the roaming between the country variant.
Summary of the invention
The objective of the invention is to address the above problem, a kind of mobile phone cipher selection method and system are provided, solved 3GPP and encrypted IMSI incompatible in the signaling aspect, and the mobile phone of new encryption can roam into the old network of not encrypting.
Another object of the present invention also is to provide a kind of smart card apparatus, can selectively handle IMSI.
Technical scheme of the present invention is: the present invention proposes a kind of mobile phone cipher selection method, comprising:
Mobile phone power-on also carries out the selection of PLMN;
Whether the PLMN that judges current selection needs encryption, then by the international mobile subscriber identity encrypted command international mobile subscriber identity is carried out encryption if desired, otherwise according to 3GPP agreement regulation flow processing international mobile subscriber identity;
Mobile phone carries out Radio Resource connection, licensing process and service request/adhere to application, obtains Temporary Mobile, finishes the registration back and uses this Temporary Mobile to carry out work.
Above-mentioned mobile phone cipher selection method, wherein, this method also comprises: the PLMN list of numbers that will need to encrypt international mobile subscriber identity is stored in the mobile phone.
Above-mentioned mobile phone cipher selection method, wherein, this method also comprises the renewal process of needs being encrypted the PLMN list of numbers of international mobile subscriber identity:
The operating console control network devices is upgraded needs the PLMN that encrypts to tabulate;
This network equipment upgrades needs the PLMN that encrypts to tabulate and label;
When mobile telephone registration, the label of the PLMN tabulation that Web broadcast need be encrypted;
Mobile phone checks whether the label of the PLMN tabulation that the needs of its storage are encrypted is up-to-date, if then finish, otherwise enters next step;
The PLMN tabulation that mobile phone need be encrypted to the network application;
Network issues to mobile phone needs the PLMN that encrypts to tabulate;
The mobile phone storage needs the PLMN that encrypts to tabulate.
Above-mentioned mobile phone cipher selection method, wherein, this mobile phone output international mobile subscriber identity encrypted command earlier carries out encryption by this smart card to the international mobile subscriber identity of exporting again to smart card.
The present invention proposes a kind of smart card apparatus, comprising:
Memory cell, the information of storage user's international mobile subscriber identity;
Ciphering unit connects this memory cell, and the international mobile subscriber identity of memory cell output is encrypted;
Selector unit connects this memory cell and this ciphering unit, and the control end connection control signal is selected from the input of memory cell or the ciphering unit output as this selector unit by this control signal.
Above-mentioned smart card apparatus, wherein, whether this control signal needs encryption to decide on the PLMN of current selection.
The present invention has proposed a kind of mobile phone cipher selective system in addition, comprising:
The PLMN choice device is chosen suitable PLMN;
Judgment means judges whether current PLMN needs encryption;
The encrypted command output device is exported the encrypted command of this international mobile subscriber identity;
Smart card apparatus connects this encrypted command output device, and this international mobile subscriber identity is carried out encryption and output;
The international mobile subscriber identity processing unit is according to this international mobile subscriber identity of 3GPP protocol processes;
The Radio Resource jockey is set up Radio Resource and is connected between mobile phone and network;
The service request device is finished service request and distribution between mobile phone and network;
Authorization device is finished the mandate of network to mobile phone, and mobile phone obtains the Temporary Mobile of encryption.
Above-mentioned mobile phone cipher selective system, wherein, this system also comprises a storage device, storage needs to encrypt the PLMN list of numbers of international mobile subscriber identity.
Above-mentioned mobile phone cipher selective system, wherein, this smart card apparatus further comprises:
Memory cell, the information of storage user's international mobile subscriber identity;
Ciphering unit connects this memory cell, and the international mobile subscriber identity of memory cell output is encrypted;
Selector unit connects this memory cell and this ciphering unit, and the control end connection control signal is selected from the input of memory cell or the ciphering unit output as this selector unit by this control signal.
Above-mentioned mobile phone cipher selective system, wherein, this smart card apparatus is output as the content of the relevant international mobile subscriber identity of signaling.
The present invention contrasts prior art following beneficial effect: mobile phone is selected PLMN when start-up logging, then according to selecting whether needs encryption of PLMN, then IMSI is carried out encryption if desired by the IMSI encrypted command, otherwise according to 3GPP agreement regulation flow processing IMSI, last mobile phone carries out Radio Resource connection, licensing process and service request/adhere to application, obtain TMSI, finish the registration back and use TMSI to carry out other work.The contrast prior art, the present invention has increased the confidentiality of original 3GPP system, has guaranteed that simultaneously the mobile phone of new encryption can roam into old not refined net.
Description of drawings
Fig. 1 is the flow chart of a preferred embodiment of mobile phone cipher selection method of the present invention.
Fig. 2 is the signaling process figure that mobile phone cipher of the present invention is selected.
Fig. 3 is the renewal flow chart that needs the PLMN list of numbers of encryption IMSI of the present invention.
Fig. 4 is the block diagram of a preferred embodiment of mobile phone cipher selective system of the present invention.
Fig. 5 is the block diagram of a preferred embodiment of smart card apparatus of the present invention.
Embodiment
The invention will be further described below in conjunction with drawings and Examples.
Fig. 1 shows the flow process of a preferred embodiment of mobile phone cipher selection method of the present invention.Give comparatively detailed description below in conjunction with Fig. 1 to each step in the flow process.
Step S11: mobile phone power-on also carries out the selection of PLMN.The PLMN number is the sign of a kind of mark mobile radio system operator.PLMN is divided into two parts: country code and operator code.Wherein country code is the numeral of 3 0-9, represents country that operator belongs to or regional, and operator code is the numeral of 2 or 3 s' 0-9, represents the different operator in this country or the area.The PLMN of interventional systems is issued by broadcast channel (BCH, Broadcast Channel) broadcasting.
Step S12: judge that whether the PLMN that selects needs to encrypt IMSI (international mobile subscriber identity), then enters step S13 if desired, otherwise enters step S16.The PLMN list of numbers that needs to encrypt IMSI is stored in the mobile phone.If the PLMN of current selection appears in this tabulation, then being judged as needs to encrypt.
Step S13: the output encrypted command is to smart card.
Step S14: smart card is encrypted IMSI.Smart card is encrypted IMSI according to encrypted command and preset encryption algorithm.
Step S15: the IMSI that smart card output is encrypted.The content of output is the content of the IMSI relevant with signaling.Go to step S17 then.
Step S16: according to the protocol processes IMSI of 3GPP.
Step S17: mobile phone obtains TMSI.Apply for/adhere to application comprising Radio Resource connection, licensing process and business.
Step S18: mobile phone is brought into use TMSI after finishing registration.
Fig. 2 shows signaling process of the present invention.See also Fig. 2, at first by mobile phone power-on and carry out that PLMN selects and list query.If current selection PLMN need encrypt IMSI, then mobile phone sends IMSI to smart card and encrypts request.Smart card is encrypted IMSI according to encrypted command and cryptographic algorithm, and the IMSI that returns encryption is to mobile phone.Carry out Radio Resource by the IMSI that encrypts between mobile phone and the network and is connected, treat that Radio Resource connects to set up the back mobile phone and submit service request to that network sends to mobile phone and authorizes, the TMSI and the service assignment of encryption to network.
Fig. 3 shows the more new technological process that the mobile phone end need be encrypted the PLMN list of numbers of IMSI.See also Fig. 3, the renewal of mobile phone end PLMN list of numbers is carried out with following flow process: the operating console control network devices is upgraded the PLMN tabulation that needs encryption, and the network equipment upgrades needs the PLMN that encrypts to tabulate and label.When mobile telephone registration, the label of the PLMN tabulation that Web broadcast need be encrypted.Mobile phone checks whether the label of the PLMN tabulation that the needs of its storage are encrypted is up-to-date, if then do not upgrade, flow process finishes, otherwise the PLMN tabulation that mobile phone need be encrypted to the network application, being issued to mobile phone by network then needs the PLMN that encrypts to tabulate, and last mobile phone storage needs the PLMN that encrypts to tabulate.
Fig. 4 shows the structure of a preferred embodiment of mobile phone cipher selective system of the present invention.See also Fig. 4, the mobile phone cipher selective system mainly comprises: PLMN choice device 20, judgment means 21, encrypted command output device 22, smart card apparatus 23, storage device 24, IMSI processing unit 25, Radio Resource jockey 26, service request device 27 and authorization device 28.Wherein the PLMN choice device is selected suitable PLMN when mobile phone power-on.Judge by judgment means 21 whether the PLMN that selects needs to carry out encryption again.Have the PLMN list of numbers that needs to encrypt IMSI in the storage device 24, if the PLMN that selects appears in the PLMN list of numbers of storage, then this PLMN need encrypt IMSI, by encrypted command output device 22 output IMSI encrypted command.Smart card apparatus 23 connects encrypted command output devices 22, according to encrypted command and cryptographic algorithm IMSI is carried out encryption and output, and the content of output is the content of the IMSI relevant with signaling.If the PLMN that selects does not appear in the PLMN list of numbers of storage, then also export according to 3GPP protocol processes IMSI by IMSI processing unit 25.Radio Resource jockey 26 is finished the foundation of the Radio Resource connection (RRC) between mobile phone and the network by IMSI.Service request device 27 is finished service request and the distribution between mobile phone and network.Authorization device 28 is finished the mandate of network to mobile phone, and mobile phone obtains the TMSI of encryption.
Fig. 5 shows the principle of smart card apparatus.Please in conjunction with Fig. 5, smart card apparatus 24 comprises: smart card Legacy Function Unit 241, memory cell 242, ciphering unit 243 and selector unit 244.The structure of smart card Legacy Function Unit 241 and existing smart card is identical, finishes identical functions, for example finishes traditional PLMN and tabulates, is used for operations such as PLMN selection, does not repeat them here.The information of memory cell 242 storage users' IMSI, ciphering unit 243 connects memory cell 242, and the IMSI that memory cell is exported encrypts.The input of selector unit 244 connects memory cell 242 and ciphering unit 243, the control end connection control signal, this control signal can be the encrypted command of encrypting output device 23 output IMSI, selects which input of memory cell 242 or ciphering unit 243 output as selector unit 244 according to whether receiving encrypted command.Certainly control signal also can be the PLMN that selects.Specifically, if control end receives the encrypted command to IMSI, then will be from the encryption IMSI of ciphering unit 243 input output as selector; If control end receives the not encrypted command to IMSI, then directly will be from the IMSI of the not encrypted of memory cell 242 input output as selector.Smart card apparatus is output as the content of the relevant international mobile subscriber identity of signaling.
The foregoing description provides to those of ordinary skills and realizes or use of the present invention; those of ordinary skills can be under the situation that does not break away from invention thought of the present invention; the foregoing description is made various modifications or variation; thereby protection scope of the present invention do not limit by the foregoing description, and should be the maximum magnitude that meets the inventive features that claims mention.