CN101790877A - Delivery of subscriber identity information - Google Patents
Delivery of subscriber identity information Download PDFInfo
- Publication number
- CN101790877A CN101790877A CN200880100772A CN200880100772A CN101790877A CN 101790877 A CN101790877 A CN 101790877A CN 200880100772 A CN200880100772 A CN 200880100772A CN 200880100772 A CN200880100772 A CN 200880100772A CN 101790877 A CN101790877 A CN 101790877A
- Authority
- CN
- China
- Prior art keywords
- subscriber identity
- user terminal
- message
- individual subscriber
- encryption key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 claims abstract description 71
- 238000012795 verification Methods 0.000 claims abstract description 12
- 238000003860 storage Methods 0.000 claims description 42
- 238000012545 processing Methods 0.000 claims description 31
- 238000004891 communication Methods 0.000 claims description 15
- 238000012544 monitoring process Methods 0.000 claims description 10
- 230000005540 biological transmission Effects 0.000 claims description 9
- 238000012797 qualification Methods 0.000 claims description 7
- 238000004590 computer program Methods 0.000 claims description 4
- 230000004913 activation Effects 0.000 claims description 3
- 230000008878 coupling Effects 0.000 claims description 3
- 238000010168 coupling process Methods 0.000 claims description 3
- 238000005859 coupling reaction Methods 0.000 claims description 3
- 230000004044 response Effects 0.000 claims 7
- 230000008569 process Effects 0.000 description 17
- 238000007726 management method Methods 0.000 description 15
- 230000006870 function Effects 0.000 description 13
- 230000007246 mechanism Effects 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 6
- 238000013475 authorization Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 4
- 230000008859 change Effects 0.000 description 4
- 238000007789 sealing Methods 0.000 description 3
- 239000000284 extract Substances 0.000 description 2
- 230000002349 favourable effect Effects 0.000 description 2
- KLDZYURQCUYZBL-UHFFFAOYSA-N 2-[3-[(2-hydroxyphenyl)methylideneamino]propyliminomethyl]phenol Chemical compound OC1=CC=CC=C1C=NCCCN=CC1=CC=CC=C1O KLDZYURQCUYZBL-UHFFFAOYSA-N 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 201000001098 delayed sleep phase syndrome Diseases 0.000 description 1
- 208000033921 delayed sleep phase type circadian rhythm sleep disease Diseases 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/06—Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W52/00—Power management, e.g. TPC [Transmission Power Control], power saving or power classes
- H04W52/02—Power saving arrangements
- H04W52/0209—Power saving arrangements in terminal devices
- H04W52/0225—Power saving arrangements in terminal devices using monitoring of external events, e.g. the presence of a signal
- H04W52/0248—Power saving arrangements in terminal devices using monitoring of external events, e.g. the presence of a signal dependent on the time of the day, e.g. according to expected transmission activity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/26—Network addressing or numbering for mobility support
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/76—Group identity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A method for a telecommunication system. A user terminal is configured to receive messages addressed to a group subscriber identity. The user terminal receives an individual subscriber identity included in a payload of a message addressed to the group subscriber identity. The payload is provided with verification means for verifying the right of the user terminal to use the individual subscriber identity. If the verification succeeds, the user terminal adopts to use the individual subscriber identity. The solution allows quick and efficient deployment of subscriber identities without requiring essential changes to the existing radio interface.
Description
Technical field
The present invention relates to telecommunications, more particularly, relate to the delivering method of subscriber identity information and corresponding network element, user terminal and the computer program in the telecommunication system.
Background technology
In order to visit the service of telecommunication system, subscriber (subscriber) needs user terminal and reservation (subscription).For the user, have only combination when user terminal and user's reservation by system validation when effective, be only possible as the service of two-way communication.
The technology that depends on application can be implemented in user terminal in every way and take to subscribe.In most public mobile network, subscription data is configured in the separable reservation identity module.The combination of user terminal and subscriber identity is delivered to exchange and management infrastructure (SwMI) by the signaling procedure of definition.In some other the technology as Terrestrial Trunked Radio (TETRA), subscriber identity information also can be stored in the user terminal self.Typically, be used for user terminal the is come into operation process of (commission a user terminal) is dual.User terminal generally provides privacy key and terminal equipment identity by manufacturer, and the combination of this key and terminal equipment identity is delivered to SwMI in the mode of safety.Operator's receiving terminal apparatus identity of network for it distributes body subscriber identity at least one by one, and is forwarded to SwMI in the mode of safety with the combination of privacy key and subscriber identity.Subscriber data and activation that SwMI is synthetic complete with these two information sets are subscribed, the feasible this specific combined access service that can use user terminal and subscriber identity.
But, have some problems relevant with this layout.For some specific formation configurations (fleet configurations), the scope of available number is not enough for all possible users.For example, following the tracks of under the situation of a large amount of vehicles with automatic vehicle location system, it is not enough that the scope of number becomes for this purpose easily.Will need to reuse number, still, owing to be used to adopt and to discharge the process of individual subscriber identity too slow and implement very labor intensive, so this is impossible.
Summary of the invention
Therefore, an object of the present invention is to provide the device that is used to alleviate the method for above problem and is used to realize this method.By realizing purpose of the present invention by method, user terminal, network element, communication system and the computer program of the characteristic present described in the independent claims.Be disclosed in the dependent claims the preferred embodiments of the present invention.
The present invention is based on and make it possible to from the thought that exchanges and management infrastructure is dynamically sent the subscriber identity the payload that is contained in message to user terminal.Be not registered and the therefore service of access system fully even be appreciated that the user terminal that disposes the group subscriber identity, this user terminal also can monitor and receive some downlinlc message.Payload has been arranged a kind of like this mechanism, that is, by this mechanism, specific user terminal can be determined independently: the message that receives by group address individually is addressed to it.When this specific user terminal detected this message, it was used for the use of himself with this subscriber identity and is registered in the system.Typically, registration needs successful authentication (authentication), and this authentication provides additional automatically safety measure for this process.Can be correspondingly payload order in the short message of individual subscriber address by being delivered to user terminal stop use to the subscriber identity that is received.
The principal advantages of method of the present invention and layout is that it makes it possible to dispose subscriber identity rapidly, efficiently under the situation that does not need the existing radio interface of essence change.Together with the description of advantageous embodiments of the present invention, other advantage is discussed in further detail.
Description of drawings
Below, by preferred embodiment the present invention is described in further detail with reference to the accompanying drawings, wherein,
Fig. 1 illustrates the main element as the radio system of embodiment;
Fig. 2 A and Fig. 2 B illustrate the reference hardware configuration as the user terminal of embodiment and exchange and management infrastructure element;
Fig. 3 illustrates the method that is used for user terminal as embodiment;
Fig. 4 illustrates another method that is used for user terminal as embodiment;
Fig. 5 illustrates the advantageous embodiments that is used to stop using the individual subscriber identity;
Fig. 6 illustrates the method that is used for exchange and management infrastructure (SwMI) element as embodiment;
Fig. 7 illustrates another method that is used for exchange and management infrastructure (SwMI) element as embodiment;
Fig. 8 illustrates another embodiment of the use that is used to optimize the main channel resource; And
Fig. 9 illustrates another embodiment of the power consumption that is used to optimize user terminal.
Embodiment
Following embodiment is an illustrative embodiments of the present invention.Though specification may be mentioned " certain ", " one " or " some " embodiment, this may not refer to identical embodiment, and/or, feature not only is applied to single embodiment.The single feature of the different embodiment of this specification can be combined so that additional embodiments to be provided.
Below, by using at European Telecommunication Standards ETSIEN 300392-2; European Standard (Telecommunications series); Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 2:Air Interface (AI) and ETSI EN 300392-7; European Standard (Telecommunications series); Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); The term and the element of the TETRA air interface of stipulating among the Part 7:Security are described the present invention, still, the invention is not restricted to so a kind of radio system technology.The present invention can be applicable to wherein pass through any communication system of the main body of individual subscriber identity (individualsubscriber identity) identification communication service operations.
Fig. 1 illustrates the simplification diagrammatic sketch as the main element of the radio system 10 of embodiment.Radio system 100 comprises exchange and management infrastructure (SwMI) 102 and mobile radio station (MS) 104.SwMI 102 is the equipment that is used for voice plus data (V+D) network, and this equipment makes subscriber's terminal to intercom mutually.In Fig. 1, SwMI comprises 106 and base stations of a digital switch (DXT) (TBS) 108, and still, certainly, the quantity of element and their mutual interconnection can change according to realization.
In the middle of subscriber's terminal, mobile radio station (MS) 104 is arranged to by air interface 110 visit SwMI.Subscriber's terminal of another type, be can communicate by letter with SwMI 102 by dispatch interface 114 in traffic control station (dispatch workstation) 112, this dispatch interface 114 can provide connection by for example using E1, ISDN BA or IP agreement.In the reality, radio system can comprise dissimilar a plurality of traffic controls station 112 and corresponding interface 114.In addition, SwMI 102 comprises the interface 116 that is used for such as other network interconnection of PSTN, GSM, WCDMA, conventional analog network, LAN and WAN etc.The agreement relevant with different interfaces be know in the prior art for realizing specific layout.
Block diagram among Fig. 2 A and Fig. 2 B illustrates the reference hardware configuration according to user terminal and the network element as embodiment of the present invention.User terminal is presented as the mobile radio station that can realize the TETRA air interface specification here as embodiment.The mobile radio station 200 of Fig. 2 A comprises processing unit 202, and described processing unit 202 is used to carry out the operated system execution to data storage and/or that receive.Processing unit 202 is the central member that comprise ALU, some special registers and control circuit basically.For example, the function that is realized by processing unit 202 in transmission course typically comprises: encode, sort, interweave (interleaving), scrambling (scrambling), channel is multiplexed and burst sequence construct (burst building).
Mobile radio station also comprises memory cell 203, but the data medium that this memory cell 203 is storage computation machine readable data or program or user data.Mobile radio station also comprises the transceiver unit 204 that comprises reflector 205 and receiver 206 at least.Reflector 205 receives bit stream and converts thereof into from processing unit 202 and is used for by antenna 207 radio signals transmitted.Correspondingly, the radio signal that is received by antenna 207 is drawn towards receiver 206, and this receiver 206 converts radio signal to bit stream, and this bit stream is forwarded to processing unit 202 for further processing.
Mobile radio station can comprise interface unit 201, this interface unit 201 has at least one input unit 208 and output unit 209, described input unit 208 is used for importing the data of the inter-process that is used for mobile radio station, and described output unit 209 is used for the inter-process dateout from mobile radio station.Described interface unit can cover the interface of hardware and software, and described hardware and software is integrated into, is attached to maybe and can be attached to described mobile radio station.Its example comprises automotive vehicle control system and navigation system, and as the user interface element of keyboard, screen, touch-screen, microphone and loud speaker etc.
Processing unit 202, memory cell 203, interface unit 201 and transceiver unit 204 electric interconnections carry out device (means) to the operated system execution of data that receive and/or storage to provide according to the processing predefined, that be programmed basically of mobile radio station.In according to the solution of the present invention, operation comprises the function of user terminal in the individual subscriber identity is sent.With reference to Fig. 3~5 these operations are described in further detail.Fig. 2 A illustrates the logical block of user terminal, and the device of mentioning can comprise the function of a unit in the unit that presents, and perhaps can be implemented as the combination of the function of the unit that presents.
The network element of Fig. 2 B is embodied as exchange and management infrastructure (SwMI) element that comprises processing unit 251 as embodiment, and this processing unit 251 is the elements that comprise arithmetical logic function, some special registers and control circuit at least.What be connected with processing unit is memory cell 252, but the data medium that this memory cell 252 is storage computation machine readable data or program or user data.The SwMI element also comprises interface block 253, and this interface block 253 has input unit 254 and output unit 255, and described input unit 254 is used for importing the data that are used in the element inter-process, and described output unit 255 is used for the inter-process dateout from element.The example of described input unit comprises as the plug-in unit for delivery to the gateway of the information of its outside tie point.The example of described output unit comprises the plug-in unit to the circuit fed information that is connected with its outside tie point.
Processing unit 251, memory cell 252 and interface block 253 electric interconnections are to be provided for carrying out device to the operated system execution of the data that receive and/or store according to the processing predefined, that be programmed basically of the exchange and the element of management infrastructure.With reference to figure 6~7 these operations are described in further detail.Fig. 2 B illustrates the logical block of network element, and the device of mentioning can comprise the function of a unit in the unit that presents, and perhaps can be implemented as the combination of the function of the unit that presents.
Can realize operation described below by using disclosed element in every way.For example, can realize the operation of user terminal and exchange and management infrastructure element with hardware (one or more device), firmware (one or more device), software (one or more module) or their combination.Realize that for hardware processing unit can be realized in one or more application-specific integrated circuit (ASIC)s (ASIC), digital signal processor (DSP), digital signal processor spare (DSPD), programmable logic device (PLD), field programmable gate array (FPGA), processor, controller, microcontroller, microprocessor, other electronic unit that is designed to carry out the function of describing herein or their combination.For firmware or software, can realize by the module (for example, process, function etc.) of carrying out the function of describing herein.Software code can be stored in the memory cell and processed unit is carried out.Memory cell can realize in processor or outside processor that in this case, memory cell can be by various means known in the art and processor communication coupling.In addition, it will be understood to those of skill in the art that, the parts of the system of Miao Shuing can be rearranged and/or be replenished by other parts herein, so that the various aspects that help realizing describing relatively with them, target, advantage etc., and the definite configuration that is not limited in Fig. 2, set forth.
The flow chart of Fig. 3 illustrates the method according to this invention, and the step of this method is corresponding to the embodiment of user terminal.This embodiment describes with the TETRA user terminal, still, does not come limited field by term and mechanism in this example communication technology.User terminal be ready to use and situation about being come into operation for the operation in the TETRA network under, this method begins.In step 30, user terminal is configured with the element (element) of storage, user terminal can use the element of this storage to be addressed to this user terminal to verify this user terminal by the message of specific subscriber number reception, and this user terminal has the authority of the content of this message of consumption.In the first basic embodiment, the element that receives is realized by using equipment identities.
In the TETRA system, TETRA equipment identities (TEI) is Electronic Serial Number typically, and this Electronic Serial Number forever is connected with a TETRA equipment and identifies this part equipment uniquely, and this part equipment is a portable terminal or a network terminal.Typically at the forbidding that makes it possible to forbid and enable user terminal/enable and utilize TEI in the process.The element of the storage of step 30 is represented as terminal equipment identity TEI
s, be the specific terminal equipment of sign and be stored in identifier in the user terminal to hint it.
In step 31, user terminal is configured with group subscriber identity GSSI1, and described group of subscriber identity GSSI1 makes terminal can receive the message of definition by the TETRA network.In the TETRA system, subscriber identity exists with two kinds of sizes, that is, and and 48 long TETRA subscriber identities (TSI) and 24 long short subscriber identities (SSI).Typically, SSI is the intercepting part of TSI.TSI is unique in whole TETRA territory, and it is unique in a TETRA subdomain only that SSI needs.Typically, the TETRA terminal comprises at least one family (family) of TSI.Each family comprises body TETRA subscriber identity (ITSI) one by one, and can have an another name TETRA subscriber identity (ATSI) and several group TETRA subscriber identities (GTSI).In current embodiment, user terminal is configured with the GTSI that intercepts into GSSI.Followingly be described, still, for those skilled in the art it is clear that and in this scheme, can use GTSI or GSSI under the situation that does not deviate from protection range with reference to GSSI.
Can comprise for example short message and broadcast by the message that subscriber identity visit is organized in use.Below, openly utilize the embodiment of the short data service of TETRA in further detail.Should point out that under the situation that does not deviate from protection range, can use can be by other information receiving and transmitting mechanism of group subscriber identity delivery of downlink message.
The short data service of TETRA (SDS) is to make the user can exchange the quick service of the predefine message of short user defined message or weak point.Can send or receive message concurrently with ongoing audio call.In order to obtain to serve fast, carrying or embedding SDS message in the single ul transmissions of a for example delivery unit.Usually, SDS delivery applications random access procedure.The SDS service comprises point-to-point and the point-to-multipoint ability, and can use short number addressing (SNA), complete TETRA subscriber identity (ITSI/GTSI) and short subscriber identity (SSI) addressing or even outside subscriber's number.In scheme as embodiment, with SDS on the down link be SSI as the addressing of destination-address relatively, be GSSI here therefore.
For can be registered to the TETRA system and carry out up link and downlink communication the two, user terminal need have the individual subscriber identity of successfully registering to SwMI.But in order to receive SDS message, user terminal does not need to be registered to the TETRA system, and it only needs to receive the transmission of the associated control channel that is used for the SDS transmission.Therefore, in the example of Fig. 3, the user terminal that disposes GSSI1 enters monitoring mode, and in this monitoring mode, it monitors (step 32) master control channel (MCCH) transmission, and can detect and receive the short message that is addressed to GSSI1.This short message comprises the element that receives, and user terminal can use this element that receives to be addressed to the authority that this user terminal and this user terminal have the content of this message of consumption to verify message that this user terminal receives by GSSI1.In addition, this short message comprises individual subscriber identity ISSI2.
In the example as embodiment, this element that receives is TEI
r, this TEI
rIt is the Terminal Equipment Identifier symbol that SwMI comprises in the payload of the short message of GSSI1 addressing.Therefore, when short message is received (step 33), user terminal read (step 34) it, and extract the element T EI that receives from this short message
rIn this basic embodiment, by comparing the element T EI of (step 35) storage
sWith the element T EI that receives
rThe mechanism of the authority of the content of realization checking consumption message.If element does not match (step 36), then user terminal is ignored this short message and is returned step 32, further monitors the short message by GSSI1.If element coupling (step 36), user terminal extracts individual subscriber identity ISSI2 from short message so, and configuration (step 37) ISSI2 is with the individual subscriber identity as himself.By doing like this, user terminal can be used as the mobile radio station operation, and this mobile radio station comprises provides the access protocal equipment of operating needed function and the reservation that allows to be visited by SwMI.In step 38, mobile radio station is registered to the TETRA system by using ISSI2 in the mode of routine, and thus can be according to the service of visiting the TETRA network for the authority of ISSI2 definition.Typically, registration comprises the authentication that an additional elements is provided, and described additional elements is used to verify that the individual subscriber identity only used by the user terminal of proper authorization.
Above embodiment's is such layout on the other hand, and promptly user terminal disposes some group addresss, and user terminal is configured to monitor by the GSSI of all storages the reception (step 32,33) of short message.
Above-mentioned process makes it possible to send the individual subscriber identity rapidly to the TETRA user terminal under the situation that does not change any existing TETRA air interface definition in essence.Not manually to take user terminal to coming into operation center, but aloft (over the air) and under the situation that does not have previous individual subscriber identity of distributing, realize being used for the necessary function of system that the individual subscriber identity is applied to, this has saved the time, even and also be possible when available individual subscriber identity range limited.Needed information is sent in the payload of short message, makes to realize this mechanism pellucidly on the SwMI element beyond the subscriber management entity of user terminal and SwMI.These subscriber management entities comprise the entity of the operational administrative of realizing TETRA at least, as traffic control station and dispatch server system.
Should point out, send short message, but the invention is not restricted to use the master control channel even embodiment has described in TETRA master control channel.For those skilled in the art it is clear that under the condition that does not deviate from protection range any physics or the logic channel that can send the short message that has variable payload and can be received by user terminal via group address all are applicable.
Fig. 4 illustrates another embodiment of the scheme of Fig. 3.In the method for Fig. 4, improve the fail safe that the individual subscriber identity is sent by using to encrypt.In step 40, user terminal disposes Sealing mechanism, and described Sealing mechanism makes it possible to exchange encrypt message between the subscriber management entity of SwMI and user terminal.In the example as embodiment of Fig. 4, Sealing mechanism comprises cryptographic algorithm and the encryption key for the user terminal configuration.For those skilled in the art it is clear that, need use corresponding cryptographic algorithm in the respective subscriber management entity in SwMI.In protection range, the encryption of application can be symmetry or asymmetric.In the encryption of symmetry, each side show with each side share but the knowledge of the secret information that the third party can not obtain or can not derive easily.In asymmetric encryption, use public-key-private key is to with data encryption and deciphering.In the embodiment of Fig. 4, utilize symmetric cryptography.This means that user terminal disposes cryptographic algorithm and secret key K.Secret key K can for example be the TETRA air interface authenticate key of user terminal.But the sending of TETRA air interface authenticate key is subjected to very strict control, therefore, in some applications, can use another key for example to be exclusively used in second key of this purpose, so that the operation of subscriber management is simpler.
Being used for the step 41 of the configuration of GSSI1, the step 42 and being used to that is used to monitor the short message of GSSI1, to detect the step 43 of short message of reception corresponding with step 31~33 of Fig. 3.In the present embodiment, the payload of short message is encrypted, makes it to be deciphered with being stored in the encryption key in the user terminal and the combination of cryptographic algorithm.Basically, encryption can be static, makes between SwMI element and user terminal all use encryption key self in encrypting.In the embodiment of Fig. 4, show that by making user terminal to be sure of the information of described knowledge is not to produce from early stage message of communicating by letter with resetting by record, even further strengthen this process.This is that new random number R N1 realizes by only sending on the interface aloft for each communication instance.
The SwMI entity that sends message produces random number R N1, and by the privacy key of user terminal it is fed in the cryptographic algorithm.Algorithm obtains session key KS, uses this session key KS when encryption is regarded as the short message that must encrypt a part of.When user terminal detects the short message of reception in step 43, its extraction (step 44) may be included in the random number in the interior plaintext code (clear code) of short message, by using this random number, cryptographic algorithm and encryption key to obtain session key KS (step 45), and use the encryption section of this session key KS with the payload of deciphering (step 46) short message.In the present embodiment, the mechanism of authority that is used to verify the content of consumption message is based on the success of decryption step or failure.User terminal checks that (step 47) deciphering is success or failure.Under the situation of failure, process moves to the step 42 of the short message that is used for GSSI1 that is used to monitor arrival.Under the situation of the session key KS success decrypt that individual privacy key and the random number used by user terminal produce, but the user terminal acknowledge messages be with it be target and consume this message according to predefined process.In the present embodiment, this process comprises the configure user terminal to use individual subscriber identity ISSI2 (step 48) and to register (step 49) to system as mobile radio station that can two-way communication.Registration comprises the authentication that an add ons is provided, and a described add ons is used to verify that the user terminal that the individual subscriber identity is only authorized in good time uses.
The embodiment of Fig. 4 makes it possible to realize the advantage of embodiment shown in Figure 3, and also increases the fail safe of this process in addition.For those skilled in the art it is clear that, can be individually or use the key element of the embodiment of Fig. 3 and Fig. 4 in combination.For example, the individual process of sending in the air of subscribing can comprise with TEI identification recipient and by assign to the limited section that is stored in the individual privacy key decrypt in the user terminal verifying authorization the two.
Fig. 5 illustrates the advantageous embodiments that is used to stop using the individual subscriber identity.Disposed under ISSI2 and the situation as the mobile radio station in TETRA network operation at user terminal, Fig. 5 begins as the continuation of the combination of the process of Fig. 3 or Fig. 4 or their qualification.During its normal running, user terminal monitors that routinely (step 51) is addressed to the MCCH of the short message of ISSI2.When user terminal according to the present invention was noticed the short message (step 52) of reception, it read the payload (step 53) of message, and checked that it has the termination request (step 54) that stops using ISSI2 that is not used in.If do not detect this message (step 55), process is returned step 51 to monitor the short message that arrives so.Under the situation that detects message (step 55) with the request of stopping, the user terminal ISSI2 (step 56) that stops using, and enter monitored state is addressed to the arrival of the group address GSSI1 that sends that is exclusively used in individual reservation in the air with supervision short message.
The flow chart of Fig. 6 illustrates the method according to this invention, and this method comprises and the corresponding step of embodiment that is used for exchange and management infrastructure (SwMI) element.With TETRA SwMI element illustration SwMI element, this TETRA SwMI element comprise be used to manage individually subscribe, be the application that the individuality that can send is in the air subscribed at least.In step 60, the SwMI arrangements of components has at least one the group address GSSI1 that can be used for sending the individual subscriber identity.In step 61, the SwMI element is waited for the individual subscriber identity request.This request can be for example by the operator of user interface from the SwMI element, or by network interface from the remote operation point of authorizing.If detect this request (step 62), the SwMI element produces the message that is addressed to GSSI1 and carries individual subscriber identity ISSI2 in its payload so.As in the embodiments of figure 3, in payload, also comprise terminal equipment identity TEI
r, this terminal equipment identity TEI
rMake user terminal can verify that message individually is addressed to this user terminal, and this user terminal is requested to use the individual subscriber identity that is contained in this message.After sending (step 63) message, the SwMI element begins to be registered in the system by the ISSI2 whether system monitoring (step 64) mobile radio station has used this SwMI element to send in short message.This supervision can for example be implemented as the notice from local subscriber database from the repeat queries of local subscriber database or transmission when location registration request is received.Whenever the SwMI element obtains the notice (step 65) of attempting about Location Registration or Location Registration, it just activates ISSI2 and makes it possible to thus by using ISSI2 to realize two-way communication.Registration comprises the authentication that an additional elements is provided, and a described additional elements is used to verify that the individual subscriber identity only used by the user terminal of proper authorization.
The flow chart of Fig. 7 illustrates another embodiment of the scheme of Fig. 6.In the method for Fig. 7, also be to improve the fail safe that the individual subscriber identity is sent by using to encrypt.Be used for the configuration of GSSI1 step 700, be used to monitor the step 710 of individual subscriber identity request and be used to the step 720 of the request that detects corresponding with the step 60 of Fig. 6~62.As among the embodiment of Fig. 4, in the present embodiment, the payload of short message is encrypted, makes it to be deciphered with being stored in the encryption key in the user terminal and the combination of cryptographic algorithm.Equally, encrypt based on random number R N1, this random number R N1 is new for each communication instance, and can be delivered to user terminal with TETRA in the plaintext code.
The SwMI element can the calling party terminal privacy key, perhaps can visit another SwMI that for example puts letter side, it can be put letter side to this by encryption seed at random and send payload.Therefore, the SwMI element produces random number R N1, and, himself or subcontract (subcontracted) and give another element, the privacy key by the destination user terminal is fed to RN1 in the cryptographic algorithm.This algorithm obtains session key KS (step 725).This session key is used for the part of the short message that is regarded as must secret sending is encrypted (step 730).The SwMI entity is addressed to GSSI1 with this short message, and by radio interface its group addressing short message as routine is sent (step 735).When sending this short message, the SwMI element also can start (step 740) timer TIM, this timer TIM measure to GSSI1 send SMS message and may the responding of user terminal between time.Therefore, as among the embodiment of Fig. 6, whether the SwMI element begins for example to be registered in the system by carrying out Location Registration with ISSI2 by system monitoring (step 745) mobile radio station.If, sends so and be regarded as getting nowhere by timer expiration (step 750) before using the ISSI2 registration at user terminal, and the SwMI element is retracted step 710 to monitor additional requests.If received the location registration request (step 755) of using ISSI2 before timer expiration, the SwMI element activates (step 760) ISSI2 so, and this makes user terminal can be used as the mobile radio station of the authority two-way communication of the enough ISSI2 of distributing to of energy.
For those skilled in the art, very clear, also can be individually or use the key element of the embodiment of Fig. 6 and Fig. 7 in combination.For example, the process of Fig. 6 can be timed device and replenishes.And, individual subscribe send in the air can comprise by TEI identification recipient and by with the qualifying part verifying authorization that is stored in the individual privacy key decrypt in the user terminal the two.In addition, TEI also can be used to replenish this process in other mode, for example be provided for the verification of encrypting and.In the time of in being embodied in user terminal, from the description to function corresponding, for those skilled in the art, the realization of the termination of the use of the individual subscriber identity in the payload of the short message that is addressed to ISSI2 in the SwMI element is clearly.
In the embodiment that describes, the subscriber identity that is used to receive short message is the group identity.This is being favourable layout aspect use of master control channel capacity, can be delivered to several the potential recipients with shared radio resource by this way because have the payload of variable content.But, for those skilled in the art it is clear that, under the condition that does not depart from protection range, also can use predefined individual subscriber identity to be used to send configurable individual subscriber identity.For example, one group of user terminal is configurable the first individual subscriber identity, and all such user terminals monitor the short message that is addressed to this specific individual subscriber identity.When they receive this short message and adopt the second individual subscriber identity, their inactive first individual subscriber identities.
Fig. 8 illustrates another embodiment, and this another embodiment is used to optimize the use to the master control channel resource that is used to send the individual subscriber identity.Total overlay area of system can be divided into the subregion (SA) more than, and each subregion is associated with different GSSIx, and new individual subscriber identity can be sent by this GSSIx.In the example of Fig. 8, total overlay area 80 is divided into three sub regions SA1 81, SA2 82 and SA3 83, and the group address that is used to send the individual subscriber identity is respectively GSSI1, GSSI2 and GSSI3.In system, be designed to use the user terminal of individual subscriber identity delivering method disclosed herein to dispose among above-mentioned group address GSSI1, GSSI2 and the GSSI3 at least two, but preferred disposition have whole above-mentioned group addresss as embodiment.The operator who manages assignable individual subscriber identity pond typically has certain understanding to the possibility that specific user terminal is arranged in specific subregion.For example, the operator can recognize that user terminal belongs to the city and forms into columns, and can suppose well that therefore the most probable subregion that arrives user terminal is SA2, and it covers corresponding down town.According to the present invention, the operator at first attempts being addressed to corresponding GSSI2 and only being sent dynamic individual subscriber identity by in the short message of sending in subregion SA2.As disclosed among the embodiment of Fig. 7, the operator can wait for the Location Registration of target terminal user, for example up to timer expiration, and continue then to move to attempt in being addressed to another group identity and the short message in another subregion, sending dynamic individual subscriber identity.Advantageously, second selection is second largest subregion of possibility that arrives target terminal user.Can continue this process by moving on to the smaller subregion of possibility, respond by the system of being registered to or attempted up to all subregions until user terminal.This subregion is sent the use of having optimized the master control channel resource.The master control channel is crucial but is very easy to the resource of blocking, typically must all optimize its use in the case of any possible.
Fig. 9 illustrates another embodiment of the present invention, in this embodiment, under the situation of the favourable operation that does not damage method of sending dynamic individual subscriber identity of the present invention, optimizes the power consumption of the user terminal under the monitoring mode.Fig. 9 illustrate continuous descending chain circuit frame F1, F2 as the radio interface of embodiment, F3 ..., and the respective horizontal of the power consumption in the receiver of user terminal.The power level that illustrates is 0 and P, here, the sleep pattern that 0 expression receiver is turned off basically, P represents to be in the power level of the receiver in the receiving mode, and in this receiving mode, receiver is in the operation and can receives transmission from SwMI.Each frame comprises time slot (being represented by X), is used to realize that the control channel of sending of dynamic individual subscriber identity is mapped to this time slot.In the example early of TETRA system, each TETRA air interface frame comprises the master control channel that user terminal is listened to.
Although one of purpose of method of the present invention is to realize the quick configuration of dynamic individual subscriber identity, but, in order to make user terminal have the longer isolated period (standaloneperiod), promptly can not can accept certain delay of sending of individual subscriber identity to the operation time period of battery charge.Have and point out that the circulation of TETRA frame is too fast, to such an extent as to some frames may be missed, still compare with the method for routine, Delivery time still improves greatly.Fig. 9 illustrates such layout, wherein to sending of the short message that carries dynamic individual subscriber identity be assigned to the predefined frame F1 of time slot, F4 ....In Fig. 9, distribute to control channel, particularly be allocated for send the carrying dynamic individual subscriber identity short message time slot by the band circle X represent, and, be assigned to control channel but be regardless of the time slot that is used in the short message of sending the dynamic individual subscriber identity of carrying and represent by simple X.Correspondingly, the user terminal that is in the monitoring mode and only operates along the down link direction is configured at power level P operation receiver.
It will be apparent to those skilled in the art that along with development of technology, can accomplished in various ways notion of the present invention.The present invention and embodiment are not limited to example described above, and can change within the scope of the claims.
Claims (53)
1. method that is used for user terminal comprises:
Receiving in described user terminal can be by the message of use group subscriber identity visit;
Obtain the individual subscriber identity and be used to verify that user terminal uses the verification tool of the authority of described individual subscriber identity from the payload of described message;
Verify that with the described verification tool that is arranged in the described message described user terminal uses the authority of described individual subscriber identity;
Respond successful checking, in described user terminal, use described individual subscriber identity.
2. method according to claim 1 is characterized in that,
The stored Terminal Equipment Identifier symbol of storage in described user terminal;
In the payload of message, receive the Terminal Equipment Identifier symbol that is received;
When stored Terminal Equipment Identifier symbol and the Terminal Equipment Identifier symbol coupling that is received, the authority of described individual subscriber identity is used in good authentication.
3. method according to claim 1 and 2 is characterized in that,
Receive described message, make that the part that comprises described individual subscriber identity of payload is encrypted at least;
Trial is with the encryption section deciphering of described payload;
When the successful decryption of the encryption section of described payload, the authority of described individual subscriber identity is used in good authentication.
4. method according to claim 3 is characterized in that,
Store the cryptographic algorithm of storage and the encryption key of storage into user terminal;
Attempt by the encryption key that the uses storage encryption section deciphering of the cryptographic algorithm of storage described payload.
5. method according to claim 4 is characterized in that,
With the cryptographic algorithm of storage and the encryption key session key of storage;
Attempt by using the session key that calculates that the encryption section of described payload is deciphered.
6. according to claim 4 or 5 described methods, it is characterized in that, use the encryption key of the air-interface encryption key of user terminal as storage.
7. according to claim 4 or 5 described methods, it is characterized in that, use the encryption key of the encryption key different as storage with the air-interface encryption key of user terminal.
8. method according to claim 7, it is characterized in that, use the encryption key of the private key of user terminal as storage, this private key can be applied to described user terminal and be responsible in the rivest, shamir, adelman between described individual subscriber Exchange of Identity and the management infrastructure.
9. method according to claim 1 is characterized in that,
Receive described message in the control channel of in the time slot of the qualification of air interface frame continuously, sending;
Time period between the time slot that limits, described user terminal is switched to sleep pattern.
10. method according to claim 1 is characterized in that,
In the payload of the short message that is addressed to described individual subscriber identity, receive the request of the described individual subscriber identity of stopping using; With
Inactive described individual subscriber identity in described user terminal.
11. method according to claim 1 is characterized in that,
Dispose described user terminal with monitoring mode, make in described monitoring mode, described user terminal can be by described group of subscriber identity receiving downlink message, but can not communicate by letter with management infrastructure with exchange along uplink direction.
12. each the described method according in the claim 1~11 is characterized in that, described message is that the short message that is addressed to described group of subscriber identity maybe can pass through the broadcast that described group of subscriber identity of use visited.
13. a method that is used for network element comprises:
Producing user terminal can be by the message of use group subscriber identity visit, and the payload of described message comprises the individual subscriber identity, and described message has and is used to verify that a user terminal uses the verification tool of the authority of described individual subscriber identity.
14. method according to claim 13 is characterized in that,
Receive message from the user terminal of verifying the authority that it uses described individual subscriber identity;
In response to receiving the described individual subscriber identity of described message activation.
15. method according to claim 13 is characterized in that, encrypts the part of comprising of payload of described individual subscriber identity at least.
16. method according to claim 15 is characterized in that,
The encryption key and the cryptographic algorithm of storage target terminal user in network element;
The encryption key of the storage by using target terminal user is encrypted the described part of comprising of described payload of described individual subscriber identity with the cryptographic algorithm of storing.
17. method according to claim 16 is characterized in that,
With the cryptographic algorithm of storage and the encryption key session key of storage;
By the session key that use to calculate with comprising of payload described individual subscriber identity described part encrypt.
18. according to claim 16 or 17 described methods, it is characterized in that,
The air-interface encryption key that uses described user terminal is as described encryption key.
19. according to claim 16 or 17 described methods, it is characterized in that,
Use the encryption key different as described encryption key with the described air-interface encryption key of described user terminal.
20. method according to claim 19 is characterized in that,
The PKI that uses described user terminal is as described encryption key, and this PKI can be applied in the rivest, shamir, adelman between described user terminal and the described network element.
21. method according to claim 13 is characterized in that,
Use the group subscriber identity more than to dispose the described network equipment, each group subscriber identity is corresponding with single geographic area;
Transmission is addressed to the message of the carrying individual subscriber identity of first group of identity;
In the time period that limits, wait for response from the user terminal that limits;
Response does not receive response from the user terminal that limits in the time period that limits, send the message of the carrying individual subscriber identity that is addressed to second group of identity.
22. method according to claim 21 is characterized in that,
For each group identity, determine that the user is arranged in the possibility of the geographic area corresponding with the group identity; With
Order with definite possibility sends a message to and respectively organizes identity.
23. method according to claim 13 is characterized in that,
Send described message in the control channel of in the time slot of the qualification of air interface frame continuously, sending.
24. method according to claim 13 is characterized in that,
In the payload of the message that is addressed to described individual subscriber identity, send the request of the described individual subscriber identity of stopping using.
25. each the described method according in the claim 12~24 is characterized in that,
Described message is the broadcast that is addressed to the short message of described group of subscriber identity or can passes through to use described group of subscriber identity visit.
26. a user terminal comprises:
Interface arrangement, being used to receive can be by the message of use group subscriber identity visit; With
Processing unit is used for obtaining the individual subscriber identity and being used to verify that described user terminal uses the verification tool of the authority of described individual subscriber identity from the payload of described message,
This processing unit also is suitable for:
Verify that by the described verification tool that is arranged in the described message described user terminal uses the authority of described individual subscriber identity; With
Respond successful checking, use described individual subscriber identity.
27. user terminal according to claim 26 is characterized in that:
Storage device, it comprises the Terminal Equipment Identifier symbol of storage; And
Described processing unit is suitable for the Terminal Equipment Identifier symbol that obtains receiving from the payload of described message, and the authority of described individual subscriber identity is used in good authentication when the Terminal Equipment Identifier symbol of storage and the Terminal Equipment Identifier symbol that receives mate.
28. user terminal according to claim 26 is characterized in that,
Described processing unit is suitable for:
Receive message, make that the part that comprises described individual subscriber identity of described at least payload is encrypted;
Trial is with the encryption section deciphering of payload;
When the successful decryption of the encryption section of described payload, the authority of described individual subscriber identity is used in good authentication.
29. user terminal according to claim 28 is characterized in that:
Storage device is used for storage encryption algorithm and encryption key;
The encryption key that described processing unit is suitable for attempting by using storage is deciphered the encryption section of described payload with the cryptographic algorithm of storage.
30. according to claim 28 or 29 described user terminals, it is characterized in that,
Described processing unit is suitable for:
With the cryptographic algorithm of storage and the encryption key session key of storage;
Trial is deciphered the encryption section of described payload by using the session key that calculates.
31. according to claim 28 or 29 described user terminals, it is characterized in that,
The encryption key of storage is the air-interface encryption key of described user terminal.
32., it is characterized in that the encryption key of storage is the encryption key different with the air-interface encryption key of described user terminal according to claim 28 or 29 described user terminals.
33. user terminal according to claim 32 is characterized in that,
The encryption key of storage is the private key of user terminal, and this private key can be applied to user terminal and be responsible in the rivest, shamir, adelman between the network element of described individual subscriber identity.
34. user terminal according to claim 26 is characterized in that,
Receive the message that comprises described individual subscriber identity in the control channel that described interface arrangement is configured to send in the qualification time slot of continuous air interface frame; And
For the time period that limits between the time slot, described interface arrangement is configured to sleep pattern.
35. user terminal according to claim 26 is characterized in that,
Described interface arrangement is suitable for receiving the request of the described individual subscriber identity of stopping using in the payload of the message that is addressed to described individual subscriber identity;
Described processing unit is suitable for responding request inactive described individual subscriber identity in described user terminal of reception.
36. user terminal according to claim 26 is characterized in that,
Described user terminal is equipped with monitoring mode, makes in described monitoring mode, and described user terminal can be by described group of subscriber identity receiving downlink message, but can not communicate by letter with management infrastructure with exchange along uplink direction.
37. each the described user terminal according in the claim 26~36 is characterized in that,
Described message is the broadcast that is addressed to the short message of described group of subscriber identity or can passes through to use described group of subscriber identity visit.
38. a network element comprises:
Processing unit is used to produce message, and the payload of this message comprises the individual subscriber identity and is used to verify that user terminal uses the verification tool of the authority of described individual subscriber identity; With
Interface arrangement, the message that is used for producing sends to the group subscriber identity of qualification.
39. according to the described network element of claim 38, it is characterized in that,
Described interface arrangement is configured to receive message from the user terminal of verifying the authority that it uses the individual subscriber identity;
Described processing unit is configured to respond the described individual subscriber identity of message activation of reception.
40., it is characterized in that described processing unit is configured to the part encryption with comprising of described at least payload of described individual subscriber identity according to the described network element of claim 38.
41. according to the described network element of claim 40, it is characterized in that,
Storage device, the encryption key and the cryptographic algorithm of its storage target terminal user;
Described processing unit is suitable for encrypting with the cryptographic algorithm of storage by the encryption key of the storage of using target terminal user the described part of comprising of described payload of described individual subscriber identity.
42. according to the described network element of claim 41, it is characterized in that,
Described processing unit is suitable for:
With the cryptographic algorithm of storage and the encryption key session key of storage;
By using the described part that comprises described individual subscriber identity of the described payload of calculating of session key.
43. according to claim 41 or 42 described network elements, it is characterized in that,
Described encryption key is the air-interface encryption key of described user terminal.
44., it is characterized in that described encryption key is the encryption key different with the air-interface encryption key of described user terminal according to claim 41 or 42 described network elements.
45. according to the described network element of claim 44, it is characterized in that,
Described encryption key is the PKI of described user terminal, and this PKI can be applied in the rivest, shamir, adelman between described user terminal and the described network element.
46. according to the described network element of claim 38, it is characterized in that,
Storage device, described storage device comprise the group subscriber identity more than, and each group subscriber identity is corresponding with single geographic area,
Described processing unit is configured to:
Transmission is addressed to the message of the carrying individual subscriber identity of first group of identity;
In the time period that limits, wait for response from the user terminal that limits;
Response in the time period that limits not the user terminal from described qualification receive response, send the message of the carrying individual subscriber identity that is addressed to second group of identity.
47. according to the described network element of claim 46, it is characterized in that,
Described processing unit is configured to:
For described group of identity, determine that the user is arranged in the possibility of the geographic area corresponding with the group identity; With
Order with definite possibility sends a message to described group of identity.
48. according to the described network element of claim 38, it is characterized in that,
Send message in the control channel that interface arrangement is suitable for sending in the qualification time slot of continuous air interface frame.
49. according to the described network element of claim 38, it is characterized in that,
Described processing unit is configured to send the request of the described individual subscriber identity of stopping using in the payload of the message that is addressed to described individual subscriber identity.
50. each the described network element according in the claim 38~49 is characterized in that,
Described message is that the short message that is addressed to described group of subscriber identity maybe can pass through the broadcast that described group of subscriber identity of use visited.
51. a communication system, this communication system comprise according to each the described user terminal in the claim 26~37 with according to each the described network element in the claim 38~50.
52. a method that is used for communication system comprises:
Producing in network node can be by the message of use group subscriber identity by user terminal access, the payload of this message comprises the individual subscriber identity, and this message has and is used to verify that a user terminal uses the verification tool of the authority of described individual subscriber identity;
By using described group of subscriber identity in described user terminal, to receive described message;
Payload from described message in described user terminal obtains the individual subscriber identity and is used to verify that described user terminal uses the verification tool of the authority of described individual subscriber identity;
By being arranged on the authority of the described individual subscriber identity of verification tool checking use in the message; With
Respond successful checking, in user terminal, use the individual subscriber identity.
53. a computer program distribution media can be read and will be used for the computer program code of the instruction that object computer handles by computer, this pack processing contain right require 1~25 or claim 52 in the step of any method.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| FI20075484 | 2007-06-25 | ||
| FI20075484A FI121256B (en) | 2007-06-25 | 2007-06-25 | Transport of subscriber identity information |
| PCT/FI2008/050382 WO2009000968A2 (en) | 2007-06-25 | 2008-06-23 | Delivery of subscriber identity information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101790877A true CN101790877A (en) | 2010-07-28 |
| CN101790877B CN101790877B (en) | 2015-07-22 |
Family
ID=38212455
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200880100772.5A Expired - Fee Related CN101790877B (en) | 2007-06-25 | 2008-06-23 | User terminal, network element, communication system, and method thereof |
Country Status (6)
| Country | Link |
|---|---|
| EP (1) | EP2171962A2 (en) |
| KR (1) | KR101532401B1 (en) |
| CN (1) | CN101790877B (en) |
| FI (1) | FI121256B (en) |
| RU (1) | RU2010102222A (en) |
| WO (1) | WO2009000968A2 (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101048017B1 (en) | 2009-08-17 | 2011-07-13 | 이화여자대학교 산학협력단 | How to restrict service delivery based on your users |
| FR2959087B1 (en) * | 2010-04-20 | 2012-09-21 | Eads Defence & Security Sys | METHOD FOR CONFIGURING IDENTIFICATION MODULES OF USERS OF A TELECOMMUNICATION NETWORK |
| US9179303B2 (en) | 2010-11-17 | 2015-11-03 | Qualcomm Incorporated | Methods and apparatus for transmitting and receiving secure and non-secure data |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1883180A (en) * | 2003-10-20 | 2006-12-20 | 诺基亚公司 | System, method and computer program product for downloading pushed content |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FI114180B (en) * | 2001-06-12 | 2004-08-31 | Nokia Corp | Improved method and device arrangement for encrypting data transmission at the interface of the radio network terminal equipment and such terminal equipment |
| FI20020160A (en) * | 2002-01-29 | 2003-07-30 | Nokia Corp | Cell reselection in a cellular radio network |
| GB2393613B (en) * | 2002-09-30 | 2005-06-01 | Motorola Inc | Mobile communications methods systems processor and terminals |
| GB2416279B (en) * | 2004-07-16 | 2009-02-11 | Motorola Inc | A cellular communication system, a communication unit and a method of call initiation therefor |
| GB2423887B (en) * | 2005-03-01 | 2007-05-30 | Motorola Inc | Wireless communication systems and apparatus and methods and protocols for use therein |
-
2007
- 2007-06-25 FI FI20075484A patent/FI121256B/en not_active IP Right Cessation
-
2008
- 2008-06-23 WO PCT/FI2008/050382 patent/WO2009000968A2/en active Application Filing
- 2008-06-23 RU RU2010102222/09A patent/RU2010102222A/en not_active Application Discontinuation
- 2008-06-23 CN CN200880100772.5A patent/CN101790877B/en not_active Expired - Fee Related
- 2008-06-23 KR KR1020107001711A patent/KR101532401B1/en not_active IP Right Cessation
- 2008-06-23 EP EP08775507A patent/EP2171962A2/en not_active Withdrawn
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1883180A (en) * | 2003-10-20 | 2006-12-20 | 诺基亚公司 | System, method and computer program product for downloading pushed content |
Also Published As
| Publication number | Publication date |
|---|---|
| KR20100028651A (en) | 2010-03-12 |
| WO2009000968A2 (en) | 2008-12-31 |
| FI20075484A (en) | 2008-12-26 |
| FI121256B (en) | 2010-08-31 |
| KR101532401B1 (en) | 2015-06-30 |
| CN101790877B (en) | 2015-07-22 |
| RU2010102222A (en) | 2011-08-10 |
| WO2009000968A3 (en) | 2009-05-22 |
| FI20075484A0 (en) | 2007-06-25 |
| EP2171962A2 (en) | 2010-04-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR0181566B1 (en) | Method and apparatus for efficient real-time authentication and encryption in a communication system | |
| KR101877733B1 (en) | Method and system of securing group communication in a machine-to-machine communication environment | |
| EP0841770B1 (en) | Method for sending a secure message in a telecommunications system | |
| US7079656B1 (en) | Method and communications system for ciphering information for a radio transmission and for authenticating subscribers | |
| US5889861A (en) | Identity confidentiality method in radio communication system | |
| CN108011715B (en) | Key distribution method, related equipment and system | |
| US9554280B2 (en) | Method for managing data communication between a communication device and another device and communication device | |
| WO2011032605A1 (en) | Method and device for processing data in a wireless network | |
| US8230218B2 (en) | Mobile station authentication in tetra networks | |
| US20130061037A1 (en) | Encryption communication method, apparatus and system | |
| JP2015165673A (en) | Services on demand in mobile communications system | |
| CN111246477B (en) | Access method, terminal, micro base station and access system | |
| KR20010090797A (en) | Subscription portability for wireless systems | |
| CN103533539A (en) | Virtual SIM (subscriber identity module) card parameter management method and device | |
| CN102291680A (en) | Encrypted group calling method based on long term evolution (TD-LTE) trunking communication system | |
| CN101889421A (en) | End-to-end encrypted communication | |
| EP2670176A1 (en) | Method for tracking a mobile device onto a remote displaying unit through a mobile switching center and a head-end | |
| CN101635924A (en) | CDMA port-to-port encryption communication system and key distribution method thereof | |
| EP1376924B1 (en) | End-to-end encryption key management in a mobile communications system | |
| CN101459875A (en) | A method for security handling in a wireless access system supporting multicast broadcast services | |
| CN101790877B (en) | User terminal, network element, communication system, and method thereof | |
| CN114374550A (en) | Electric power measurement platform that possesses high security | |
| EP1359778A1 (en) | System, method and station for use in secure communication | |
| CN101529796B (en) | Mobile station authentication of TETRA network | |
| KR101002829B1 (en) | Method for protecting mbms service data in multimedia broadcast/multicast service system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB02 | Change of applicant information |
Address after: Helsinki Applicant after: Cassidian Finland OY Address before: Helsinki Applicant before: Eads Secure Networks OY |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: EADS SECURE NETWORKS OY TO: CASSIDIAN FINLAND OY |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: AIRBUS DEFENCE AND SPACE OY Free format text: FORMER NAME: CASSIDIAN FINLAND OY |
|
| CP01 | Change in the name or title of a patent holder |
Address after: Helsinki Patentee after: EADS SECURE NETWORKS OY Address before: Helsinki Patentee before: Cassidian Finland OY |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150722 Termination date: 20160623 |