CN102149088A - Method for protecting mobile subscriber data integrity - Google Patents
Method for protecting mobile subscriber data integrity Download PDFInfo
- Publication number
- CN102149088A CN102149088A CN2010101106734A CN201010110673A CN102149088A CN 102149088 A CN102149088 A CN 102149088A CN 2010101106734 A CN2010101106734 A CN 2010101106734A CN 201010110673 A CN201010110673 A CN 201010110673A CN 102149088 A CN102149088 A CN 102149088A
- Authority
- CN
- China
- Prior art keywords
- user
- data
- face
- algorithm
- enb
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method for protecting mobile subscriber data integrity. The method comprises the following steps that: user equipment (UE) transmits an access request to a mobility management entity (MME); the MME requests the subscription information of the UE from a home subscriber server (HSS) according to the access request; the MME judges whether subscriber plane integrity is required to be protected or not according to the subscription information which is returned by the HSS, and transmits a judgment result to an evolved node B (eNB); the eNB selects an algorithm according to the judgment result and transmits the identifier of the algorithm to the UE; and the UE calculates subscriber plane data according to the algorithm so as to acquire abstract information, and transmits subscriber plane integrity protective data which comprises the abstract information and the subscriber plane data to the eNB. By applying the embodiment of the invention, the accuracy and the security of the subscriber plane data are ensured.
Description
Technical field
The present invention relates to the mobile communication technology field, more specifically, relate to a kind of method of protecting the mobile user data integrality.
Background technology
In mobile communication network technology, need usually the signaling of transmitting between the mobile subscriber and the network equipment is carried out integrity protection.The signaling integrity protection promptly calculates eap-message digest at user side to the signaling of being transmitted; after server receives signaling; with corresponding method signaling is calculated the eap-message digest of checking,, just illustrate that signaling message is complete if the two is identical.And the user face data amount at user place is very big, can not protect with the method that is similar to the protection signaling for the data of transmission of large capacity between the mobile subscriber and the network equipment.The transmission data are easy to be distorted by the third party between the mobile subscriber and the network equipment.Therefore need carry out the protection of integrality to user face data.Integrity protection is meant and guarantees that data are not distorted by the third party in transmission course.
In actual application, very big if the user face data of all users and LA Management Room transmission is carried out integrity protection to the consumption of the network bandwidth resources and the network equipment, and certain customers do not need integrity protection.For security requirement than higher user, mobile payment service for example, integrity protection is of great value.Therefore be necessary to carry out the user data integrity protection, to guarantee the correctness and the fail safe of user face data at different users.
Summary of the invention
The embodiment of the invention proposes a kind of method of mobile subscriber's protected data integrality, guarantees the correctness and the fail safe of mobile subscriber's user face data.
The technical scheme of the embodiment of the invention is as follows:
A kind of method of protecting the mobile user data integrality, this method comprises:
User UE sends the access request include the user's face list of integrity algorithms that is used to reflect UE security capabilities to mobile management entity MME, comprises more than one algorithm that is used for user's face integrity protection and the algorithm that need not to carry out user's face integrity protection in this tabulation;
MME is according to inserting the CAMEL-Subscription-Information of request to home subscriber server HSS request UE;
The CAMEL-Subscription-Information that MME returns according to HSS judges whether needs user face integrity protection, and judged result is sent to base-station node eNB by the setting to algorithm in described user's face list of integrity algorithms;
ENB is according to the described selection algorithm that is provided with, and the sign of described algorithm is sent to UE;
UE calculates summary info according to described algorithm to user face data, and user's face integrity protection data that will comprise described summary info and described user face data are sent to eNB.
Described UE is after MME sends the request of access, and MME comprised further that UE was by MME and HSS mutual authentication according to inserting request before the CAMEL-Subscription-Information of HSS request UE.
Described MME comprises further that according to inserting the CAMEL-Subscription-Information of request to home subscriber server HSS request UE after the UE position was upgraded, MME upgraded the position of UE to HSS.
The CAMEL-Subscription-Information that described MME returns according to HSS is judged needs user face integrity protection, and eNB selects EIA1 or EIA2 as user's face protection algorithm integrallty.
Described EIA1 is the Advanced Encryption Standard aes algorithm, and described EIA2 is a Snow 3G algorithm.
The CAMEL-Subscription-Information that described MME returns according to HSS is judged not needs user face integrity protection, and eNB selects the EIA0 algorithm.
Described UE calculates user's face integrity protection data according to described algorithm to user face data, and comprises that further UE sends response message to eNB after user's face integrity protection data are sent to eNB, and eNB starts user's face integrity protection.
Described eNB starts user's face integrity protection and comprises, eNB receives described user's face integrity protection data that the user sends, the summary info that utilizes described algorithm to be verified by described user's face integrity protection data, if the summary info of described checking is identical with summary info in described user's face integrity protection data, the user face data in then described user's face integrity protection data is not distorted; Otherwise, abandon described user face data.
Described judgement comprises, the current business of described CAMEL-Subscription-Information and UE is compared
As can be seen, in embodiments of the present invention, MME is according to inserting the CAMEL-Subscription-Information of request to HSS request UE from technique scheme, and the CAMEL-Subscription-Information that MME returns according to HSS judges whether needs user face integrity protection, and judged result is sent to eNB; MME, is determined whether for the user provides user's face integrity protection system resource rationally to be utilized by the information that is stored among the HSS at different situations for different users.ENB is by the judged result selection algorithm; and the sign of described algorithm is sent to UE; UE calculates summary info according to described algorithm to user face data, and user's face integrity protection data that will comprise described summary info and described user face data are sent to eNB.The summary info that in eNB, utilizes user's face integrity protection data computation to be verified; relatively whether these two summary infos are identical; avoid in transmission course third party to the distorting of user face data, thereby guaranteed the correctness and the fail safe of user face data.
Description of drawings
Fig. 1 is the schematic flow sheet of embodiment of the invention protection mobile user data integrality method.
Embodiment
For making the purpose, technical solutions and advantages of the present invention express clearlyer, the present invention is further described in more detail below in conjunction with drawings and the specific embodiments.
In embodiments of the present invention, home subscriber server (HSS) is preserved the CAMEL-Subscription-Information of the integrity protection that whether needs user face data, user (UE) sends to mobile management entity (MME) and inserts request message, MME sends the signatory message of request to HSS, HSS is sent to UE by MME and base-station node (eNB) with the sign of user's face protection algorithm integrallty of CAMEL-Subscription-Information correspondence, UE can calculate corresponding summary info to the user face data that will transmit according to user's face protection algorithm integrallty, and user's face integrity protection data that will comprise user face data and summary info are sent to eNB; The summary info that eNB utilizes selected user's face protection algorithm integrallty to be verified by user's face integrity protection data; when summary info identical with the summary info of checking; then this user face data is not distorted, thereby has guaranteed the correctness and the fail safe of user face data.
Referring to Fig. 1 is the schematic flow sheet of embodiment of the invention protection mobile user data integrality method, specifically may further comprise the steps:
Step 101, UE send the request of access, i.e. initiation layer 3 message to MME.UE is to the ability of MME report UE, i.e. user's face list of integrity algorithms in this message.
Step 102, UE are by MME and HSS mutual authentication.To judge whether UE belongs within the service range of HSS.Authentication process is a prior art, just repeats no more at this.
Step 103, MME are according to inserting the CAMEL-Subscription-Information of request to home subscriber server HSS request UE, and when upgrading in the UE position, to the position of HSS renewal UE, upgrading the position is prior art, no longer repeats to introduce herein.
Step 104, HSS send the indication information of the CAMEL-Subscription-Information that comprises the user to MME, in indication information with the source identity user's of a bit CAMEL-Subscription-Information.
When the user contracts at the operator place, inform which service needed integrity protection of operator, operator will be kept at user's CAMEL-Subscription-Information among the HSS.Therefore, HSS just can send user's CAMEL-Subscription-Information to MME.
Step 105, MME are according to the indication information of receiving, whether the current business of judging the user needs user's face integrity protection.
Do not need to carry out user's face integrity protection if MME judges user's current business, then the user's face list of integrity algorithms in the MME UE security capabilities is set to only comprise EIA0; If MME judges that the user need carry out user's face integrity protection, then the user's face list of integrity algorithms in the MME UE security capabilities is set to comprise EIA1 or EIA2.
Step 106, MME send the eRANAP message of the user's face list of integrity algorithms that comprises UE security capabilities to eNB, and whether the current business that is about to the user needs the information notification eNB of user's face integrity protection.
Step 107, eNB carry out the selection of algorithm according to the eRANAP message of receiving.
If user's current business does not need to carry out user's face integrity protection, eNB with EIA0 as user's face protection algorithm integrallty.EIA0 does not promptly need to use related algorithm.
If user's current business need be carried out user's face integrity protection, eNB selects EIA1 or EIA2 as user's face protection algorithm integrallty.Wherein, EIA1 is meant Advanced Encryption Standard (AES) algorithm in the middle of the prior art, and EIA2 is meant the Snow 3G algorithm in the middle of the prior art.Specifically how selecting from EIA1, EIA2, is to determine that according to operator and national regulation this paper just repeats no more.
Step 108, eNB send the Access Layer safe mode command to UE, wherein comprise the sign of selected user's face protection algorithm integrallty in the step 107, and the user starts user's face integrity protection.
The user utilizes the sign of selected user's face protection algorithm integrallty, obtains the corresponding user's face protection algorithm integrallty of this sign from user's face protection algorithm integrallty of self storing.And utilize this user's face protection algorithm integrallty that user face data is calculated corresponding summary info, user's face integrity protection data that will comprise user face data and summary info are sent to eNB.
Step 109, UE reply the Access Layer safe mode command to eNB and finish message, thereby start user's face integrity protection in the eNB side.
ENB receives the user's face integrity protection data that comprise user face data and summary info that the user sends; the summary info that utilizes selected user's face protection algorithm integrallty of self storing that user's face integrity protection data computation is verified; if the two is identical for the summary info of summary info and checking; then this user face data is not distorted, thereby has guaranteed the correctness and the fail safe of user face data.How to verify the summary info of summary info and checking identical be prior art, this paper repeats no more.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (9)
1. a method of protecting the mobile user data integrality is characterized in that, this method comprises:
User UE sends the access request include the user's face list of integrity algorithms that is used to reflect UE security capabilities to mobile management entity MME, comprises more than one algorithm that is used for user's face integrity protection and the algorithm that need not to carry out user's face integrity protection in this tabulation;
MME is according to inserting the CAMEL-Subscription-Information of request to home subscriber server HSS request UE;
The CAMEL-Subscription-Information that MME returns according to HSS judges whether needs user face integrity protection, and judged result is sent to base-station node eNB by the setting to algorithm in described user's face list of integrity algorithms;
ENB is according to the described selection algorithm that is provided with, and the sign of described algorithm is sent to UE;
UE calculates summary info according to described algorithm to user face data, and user's face integrity protection data that will comprise described summary info and described user face data are sent to eNB.
2. according to the method for the described protection mobile user data of claim 1 integrality; it is characterized in that; described UE is after MME sends the request of access, and MME comprised further that UE was by MME and HSS mutual authentication according to inserting request before the CAMEL-Subscription-Information of HSS request UE.
3. according to the method for the described protection mobile user data of claim 1 integrality; it is characterized in that; described MME comprises further that according to inserting the CAMEL-Subscription-Information of request to home subscriber server HSS request UE after the UE position was upgraded, MME upgraded the position of UE to HSS.
4. according to the method for the described protection mobile user data of claim 1 integrality, it is characterized in that the CAMEL-Subscription-Information that described MME returns according to HSS is judged needs user face integrity protection, eNB selects EIA1 or EIA2 as user's face protection algorithm integrallty.
5. according to the method for the described protection mobile user data of claim 4 integrality, it is characterized in that described EIA1 is the Advanced Encryption Standard aes algorithm, described EIA2 is a Snow 3G algorithm.
6. according to the method for the described protection mobile user data of claim 1 integrality, it is characterized in that the CAMEL-Subscription-Information that described MME returns according to HSS is judged not needs user face integrity protection, eNB selects the EIA0 algorithm.
7. according to the method for the described protection mobile user data of claim 1 integrality; it is characterized in that; described UE calculates user's face integrity protection data according to described algorithm to user face data; and further comprise after user's face integrity protection data are sent to eNB; UE sends response message to eNB, and eNB starts user's face integrity protection.
8. according to the method for the described protection mobile user data of claim 7 integrality, it is characterized in that, described eNB starts user's face integrity protection and comprises, eNB receives described user's face integrity protection data that the user sends, the summary info that utilizes described algorithm to be verified by described user's face integrity protection data, if the summary info of described checking is identical with summary info in described user's face integrity protection data, the user face data in then described user's face integrity protection data is not distorted; Otherwise, abandon described user face data.
9. according to the method for the described protection mobile user data of claim 1 integrality, it is characterized in that described judgement comprises, the current business of described CAMEL-Subscription-Information and UE is compared.
。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101106734A CN102149088A (en) | 2010-02-09 | 2010-02-09 | Method for protecting mobile subscriber data integrity |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101106734A CN102149088A (en) | 2010-02-09 | 2010-02-09 | Method for protecting mobile subscriber data integrity |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102149088A true CN102149088A (en) | 2011-08-10 |
Family
ID=44423023
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010101106734A Pending CN102149088A (en) | 2010-02-09 | 2010-02-09 | Method for protecting mobile subscriber data integrity |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102149088A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102595406A (en) * | 2012-02-15 | 2012-07-18 | 电信科学技术研究院 | Management method and equipment for subscription information |
| CN106714159A (en) * | 2015-11-16 | 2017-05-24 | 普天信息技术有限公司 | Network access control method and system |
| CN106851649A (en) * | 2015-12-07 | 2017-06-13 | 普天信息技术有限公司 | The method for repairing and mending that completeness of platform in GSM differentiates |
| WO2018196852A1 (en) * | 2017-04-28 | 2018-11-01 | 维沃移动通信有限公司 | Integrity detection method, terminal and network device |
| WO2018201506A1 (en) * | 2017-05-05 | 2018-11-08 | 华为技术有限公司 | Communication method and related device |
| CN109560929A (en) * | 2016-07-01 | 2019-04-02 | 华为技术有限公司 | Cipher key configuration and security strategy determine method, apparatus |
| WO2019174296A1 (en) * | 2018-03-15 | 2019-09-19 | Oppo广东移动通信有限公司 | Data processing method, access network device, and core network device |
| CN110493774A (en) * | 2017-05-06 | 2019-11-22 | 华为技术有限公司 | Cipher key configuration method, apparatus and system |
| CN110831007A (en) * | 2018-08-10 | 2020-02-21 | 华为技术有限公司 | User plane integrity protection method, device and equipment |
| CN113711567A (en) * | 2019-03-26 | 2021-11-26 | Idac控股公司 | Method, apparatus and system for secure Radio Resource Control (RRC) signaling over PC5 interface for unicast communication |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1599485A (en) * | 2003-09-19 | 2005-03-23 | 华为技术有限公司 | Method for changing group key in group system |
| CN101128061A (en) * | 2007-09-27 | 2008-02-20 | 中兴通讯股份有限公司 | Method and system for mobile management unit, evolving base station and identifying whether UI is encrypted |
| CN101155424A (en) * | 2007-09-28 | 2008-04-02 | 中兴通讯股份有限公司 | Method for not executing user face encryption |
| CN101242629A (en) * | 2007-02-05 | 2008-08-13 | 华为技术有限公司 | Method, system and device for selection algorithm of user plane |
-
2010
- 2010-02-09 CN CN2010101106734A patent/CN102149088A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1599485A (en) * | 2003-09-19 | 2005-03-23 | 华为技术有限公司 | Method for changing group key in group system |
| CN101242629A (en) * | 2007-02-05 | 2008-08-13 | 华为技术有限公司 | Method, system and device for selection algorithm of user plane |
| CN101128061A (en) * | 2007-09-27 | 2008-02-20 | 中兴通讯股份有限公司 | Method and system for mobile management unit, evolving base station and identifying whether UI is encrypted |
| CN101155424A (en) * | 2007-09-28 | 2008-04-02 | 中兴通讯股份有限公司 | Method for not executing user face encryption |
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102595406B (en) * | 2012-02-15 | 2014-08-20 | 电信科学技术研究院 | Management method and equipment for subscription information |
| CN102595406A (en) * | 2012-02-15 | 2012-07-18 | 电信科学技术研究院 | Management method and equipment for subscription information |
| CN106714159B (en) * | 2015-11-16 | 2019-12-20 | 普天信息技术有限公司 | Network access control method and system |
| CN106714159A (en) * | 2015-11-16 | 2017-05-24 | 普天信息技术有限公司 | Network access control method and system |
| CN106851649A (en) * | 2015-12-07 | 2017-06-13 | 普天信息技术有限公司 | The method for repairing and mending that completeness of platform in GSM differentiates |
| US11689934B2 (en) | 2016-07-01 | 2023-06-27 | Huawei Technologies Co., Ltd. | Key configuration method, security policy determining method, and apparatus |
| CN109560929A (en) * | 2016-07-01 | 2019-04-02 | 华为技术有限公司 | Cipher key configuration and security strategy determine method, apparatus |
| US11057775B2 (en) | 2016-07-01 | 2021-07-06 | Huawei Technologies Co., Ltd. | Key configuration method, security policy determining method, and apparatus |
| CN109560929B (en) * | 2016-07-01 | 2020-06-16 | 华为技术有限公司 | Secret key configuration and security policy determination method and device |
| WO2018196852A1 (en) * | 2017-04-28 | 2018-11-01 | 维沃移动通信有限公司 | Integrity detection method, terminal and network device |
| US11910195B2 (en) | 2017-04-28 | 2024-02-20 | Vivo Mobile Communication Co., Ltd. | Method of integrity check, terminal, and network-side equipment |
| CN108810899A (en) * | 2017-04-28 | 2018-11-13 | 维沃移动通信有限公司 | Integrality detection method, terminal and network side equipment |
| CN109219965A (en) * | 2017-05-05 | 2019-01-15 | 华为技术有限公司 | A kind of communication means and relevant apparatus |
| CN109618335A (en) * | 2017-05-05 | 2019-04-12 | 华为技术有限公司 | A kind of communication means and relevant apparatus |
| WO2018201506A1 (en) * | 2017-05-05 | 2018-11-08 | 华为技术有限公司 | Communication method and related device |
| CN109561427B (en) * | 2017-05-05 | 2019-11-19 | 华为技术有限公司 | A kind of communication means and relevant apparatus |
| CN109561427A (en) * | 2017-05-05 | 2019-04-02 | 华为技术有限公司 | A kind of communication means and relevant apparatus |
| CN109618335B (en) * | 2017-05-05 | 2020-03-17 | 华为技术有限公司 | Communication method and related device |
| US11272360B2 (en) | 2017-05-05 | 2022-03-08 | Huawei Technologies Co., Ltd. | Communication method and related apparatus |
| US10798579B2 (en) | 2017-05-05 | 2020-10-06 | Huawei Technologies Co., Ltd | Communication method and related apparatus |
| US10798578B2 (en) | 2017-05-05 | 2020-10-06 | Huawei Technologies Co., Ltd. | Communication method and related apparatus |
| CN110493774A (en) * | 2017-05-06 | 2019-11-22 | 华为技术有限公司 | Cipher key configuration method, apparatus and system |
| CN110493774B (en) * | 2017-05-06 | 2023-09-26 | 华为技术有限公司 | Key configuration method, device and system |
| CN110574406A (en) * | 2017-05-06 | 2019-12-13 | 华为技术有限公司 | Key configuration method, device and system |
| WO2019174296A1 (en) * | 2018-03-15 | 2019-09-19 | Oppo广东移动通信有限公司 | Data processing method, access network device, and core network device |
| US11317291B2 (en) | 2018-03-15 | 2022-04-26 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Data processing method, access network device, and core network device |
| US11722899B2 (en) | 2018-03-15 | 2023-08-08 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Data processing method, access network device, and core network device |
| CN110831007A (en) * | 2018-08-10 | 2020-02-21 | 华为技术有限公司 | User plane integrity protection method, device and equipment |
| CN113711567A (en) * | 2019-03-26 | 2021-11-26 | Idac控股公司 | Method, apparatus and system for secure Radio Resource Control (RRC) signaling over PC5 interface for unicast communication |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102149088A (en) | Method for protecting mobile subscriber data integrity | |
| CN102594555B (en) | Security protection method for data, entity on network side and communication terminal | |
| CN109314861B (en) | Method, device and communication system for obtaining secret key | |
| CN101237444B (en) | Secret key processing method, system and device | |
| US9294916B2 (en) | Methods and apparatuses generating a radio base station key in a cellular radio system | |
| CN101102186B (en) | Method for implementing general authentication framework service push | |
| CN101060712B (en) | Wireless connecting establishment method | |
| CN101202936B (en) | Method, system realizing RRC signal order integrality protection referring to SRNS relocation and wireless network controller | |
| KR101929699B1 (en) | GPRS system key enforcement method, SGSN device, UE, HLR / HSS, and GPRS system | |
| CN100488281C (en) | Method for acquring authentication cryptographic key context from object base station | |
| CN103795692A (en) | Open authorization method, open authorization system and authentication and authorization server | |
| CN101720086B (en) | Identity protection method for mobile communication user | |
| CN102625299B (en) | A kind of data transmission method, system and equipment | |
| CN102916808A (en) | Method and arrangement in a telecommunication system | |
| CN101340443A (en) | Session key negotiating method, system and server in communication network | |
| US20150229620A1 (en) | Key management in machine type communication system | |
| CN101895882A (en) | Data transmission method, system and device in WiMAX system | |
| CN103841547A (en) | Downlink data transmission method, device and system | |
| CN101521873A (en) | Method for enabling local security context | |
| CN101128061B (en) | Method and system for mobile management unit, evolving base station and identifying whether UI is encrypted | |
| CN101645771A (en) | Method, device and system for key synchronization | |
| CN109819439B (en) | Method for updating key and related entity | |
| CN109479194A (en) | Cryptographic security and integrity protection | |
| CN104854891A (en) | Mtc key management for sending key from network to ue | |
| KR20150095801A (en) | Method and apparatus for communication security processing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110810 |