CN103391536B

CN103391536B - Protective method, terminal, core network control entity and system of terminal temporary identifications

Info

Publication number: CN103391536B
Application number: CN201210141696.0A
Authority: CN
Inventors: 田野; 齐旻鹏; 朱红儒
Original assignee: China Mobile Communications Group Co Ltd
Current assignee: China Mobile Communications Group Co Ltd
Priority date: 2012-05-09
Filing date: 2012-05-09
Publication date: 2017-02-08
Anticipated expiration: 2032-05-09
Also published as: CN103391536A

Abstract

The invention discloses a protective method, terminal, core network control entity and system of terminal temporary identifications, and relates to the field of information safety. The protective method solves the technical problem that in the prior art, the temporary identifications can not be timely updated due to the low mobility of the terminal. The protective method mainly comprises the step of providing a device. The method comprises the steps of setting lift cycle for the first temporary identification allocated to the terminal, and starting a timer to conduct timing; when timing of the timer reaches the life cycle, allocating the second temporary identification to the terminal. The protective method is mainly used for protecting the terminal temporary identifications.

Description

The guard method of terminal temporary mark, terminal, core net controlled entity and system

Technical field

The present invention relates to the information security field in wireless communication network system technology, more particularly, to a kind of terminal is marked temporarily Guard method, terminal, core net controlled entity and the system known.

Background technology

In a 3 gpp system, IMSI is the global unique identification of mobile network contracted user, is forever effective.For life Deposit the privacy of user, should avoid on a wireless interface identifying the end of user using contracted user's permanent identification IMSI as far as possible End, eats dishes without rice or wine to eavesdrop the tracking to user after obtaining terminal IMSI information to prevent attacker from passing through.

Therefore, for above-mentioned phenomenon, 3GPP system common practice is：Core net controlled entity（MSC/VLR, SGSN and MME）User terminal for being successfully attached in network distributes a temporary mark（TMSI, P-TMSI and GUTI）.Core network control Entity processed safeguards the corresponding relation of temporary mark and IMSI in terminal context information.Terminal is receiving network side distribution After temporary mark, will be identified oneself using temporary mark in follow-up signalling interactive process.The attachment removal from network when terminal Afterwards, the temporary mark being distributed also will continue to preserve.When terminal initiates attach request to network again, it may use that last time During attachment, the temporary mark of network allocation to be identifying oneself, thus avoiding using IMSI.After introducing temporary mark, most In the case of terminal the temporary mark using network allocation is identified oneself.Although attacker passes through to eat dishes without rice or wine to eavesdrop to obtain user The temporary mark of terminal, is randomly assigned by network side yet with temporary mark, attacker cannot obtain user's temporary mark with The corresponding relation of permanent identification, therefore attacker cannot be tracked to user using temporary mark.Furthermore, meeting certain bar In the case of part, network is by the temporary mark new to terminal distribution.Accordingly even when attacker utilizes temporary mark to a certain user Followed the tracks of, after temporary mark updates, also cannot be continued with original acquisition because mark corresponding relation changes him Temporary mark continues to follow the tracks of to user, has so just reached the purpose preventing following the tracks of.

In 3GPP system, terminal will obtain different temporary marks when being attached to different core network controlled entity.Work as end When end is attached to GSM/UMTS CS domain system, service MSC/VLR will distribute TMSI for it；When terminal is attached to GSM/UMTS PS During domain system, service SGSN will distribute P-TMSI for it；When terminal is attached to EPS, MME will distribute GUTI for it.

Temporary mark assigning process taking EPS is as a example described here.Defined in 3GPP TS23.401/24.301 The following two kinds temporary mark redistribution method：

1st, MME distributes new GUTI by Attach process or TAU process to UE.

2nd, MME passes through GUTI Reallocation（GUTI reassigns）Process distributes new GUTI to UE.UE is in During EMM-REGISTERED state, MME can initiate GUTI Reallocation process and come for the new GUTI of UE distribution.

At present, the comprehensive analysis to existing temporary mark distribution mechanism can be seen that existing 3GPP network mainly several as follows It is the new temporary mark of terminal distribution in the case of kind：

1. terminal does not have effective temporary mark；

2. terminal changes core network service nodes；

3. according to network needs（There is no and be specifically defined）.

But, during distributing temporary mark by such scheme, at least also there is following technology and ask in prior art Topic：

Existing 3GPP system is very effective using temporary mark mechanism for the mobile terminal in network, but for Hypomobility in network（Moving area is limited or maintains static）Terminal, there are still certain security risk.

For example：Described according to existing protocol, for a terminal having been obtained for effective temporary mark, generally only exist When it changes core network service nodes, network can be just the new temporary mark of its distribution, and this is mainly by the shifting of terminal Dynamic property causes.So, for Hypomobility terminal in network, they after obtaining a temporary mark from network, very Have few opportunities and be updated, therefore will be using same temporary mark in some time section.Now, temporary mark general of terminal etc. Effect becomes a long term identification, is one long-term " code name " of terminal.Attacker is possible with it after obtaining this " code name " Terminal is persistently followed the tracks of.Thus lead to attacker terminal can be identified follow the tracks of, and then obtain the work of a certain terminal Make status information.Because passing through location matches, attacker even can know the corresponding relation of temporary mark and true terminal, this Just overall monitor can be carried out to terminal, so that privacy of user is compromised.Particularly in Internet of Things application, a large amount of M2M terminals Generally maintain static after deployment, there is the marked feature of Hypomobility, therefore will particularly for this Terminal Type the problems referred to above Prominent, there is larger potential safety hazard.

Content of the invention

The present invention is to overcome the temporary mark of terminal in prior art cannot upgrade in time the poor stability leading to Defect, there is provided a kind of guard method of terminal temporary mark, terminal, core net controlled entity and system.

A kind of guard method of terminal temporary mark, including：

For distributing to the first temporary mark setting life cycle of terminal, and start intervalometer timing；

When the timing of intervalometer reaches life cycle, it is terminal distribution second temporary mark.

The said method that the present invention provides, by arranging life cycle using to temporary mark, and when reaching life cycle, more Newly the technological means of interim life cycle, solve in prior art, the temporary mark that some terminals are led to due to its Hypomobility The technical problem that cannot upgrade in time, and then achieve the temporary mark that can upgrade in time, improve the technology of Terminal security Effect.

A kind of core net controlled entity, including：

Setup module, for the first temporary mark setting life cycle for distributing to terminal；

Timing module, for the life cycle timing being arranged according to setup module；

Distribute module, for for described terminal distribution first temporary mark, and when the timing of timing module reaches existence During the phase, it is terminal distribution second temporary mark.

The above-mentioned core net controlled entity that the present invention provides arranges life cycle because having to temporary mark, and in life cycle During arrival, update the function of interim life cycle, so can solve in prior art, some terminals are led to due to its Hypomobility The technical problem that temporary mark cannot upgrade in time, and then achieve the temporary mark that can upgrade in time, improve terminal security The technique effect of property.

A kind of core net controlled entity, including：

Distribute module, for for described terminal distribution first temporary mark, and when know reach life cycle when, be terminal Distribute the second temporary mark.

This core net controlled entity that the present invention provides, because have arranging life cycle to temporary mark, and is knowing life Phase of depositing reassigns the function of temporary mark when reaching, can solve in prior art, temporary mark is infrequently moved due to terminal The problem that cannot update leading to, so can make terminal temporary mark renewal no longer place one's entire reliance upon terminal move, but Can be updated according to life cycle, therefore obtain the technique effect that can improve Terminal security.

A kind of core net controlled entity, including：

Timing module, for the life cycle timing according to the first temporary mark receiving；

Distribute module, for the first temporary mark described in terminal distribution, and when the timing of timing module reaches existence During the phase, it is terminal distribution second temporary mark.

The above-mentioned core net controlled entity that the present invention provides, because have the existence according to the first temporary mark receiving Phase timing, and update when timing reaches the first temporary mark function it is possible to solve prior art in, temporary mark by Infrequently move, in terminal, the problem that cannot update leading to, so can obtain make terminal temporary mark renewal no longer complete Depend on terminal to move, can be updated according to life cycle, improve the technique effect of Terminal security.

A kind of terminal, including：

Notification module, for when the timing of timing module reaches life cycle, request core network entity is terminal distribution the Two temporary marks.

The above-mentioned terminal that the present invention provides, because having the temporary mark setting life cycle to distribution, and arrives in life cycle When reaching, actively ask to update the function of temporary mark to network side it is possible to help terminal to solve to lead due to its Hypomobility The technical problem that cannot update of temporary mark causing, so the renewal time to temporary mark that can obtain carry out management and control, convenient Network side updates the technique effect of temporary mark to the terminal of Hypomobility.

A kind of terminal, including：

Timing module, for according to the life cycle timing receiving the first temporary mark；

The terminal that the present invention provides, because having the life cycle receiving the first temporary mark, is counted according to this life cycle When, and when reaching life cycle, actively ask to update the function of temporary mark to network side, terminal can be helped to solve due to it The useful life of the temporary mark that Hypomobility leads to cannot measure, and then cannot update the technical problem of temporary mark, and then The renewal time to temporary mark that can obtain carries out management and control, facilitates network side to update temporary mark to the terminal of Hypomobility Technique effect.

A kind of terminal, including：

Notification module, for notifying core net controlled entity life cycle.

The terminal that the present embodiment provides, because having the temporary mark setting life cycle to distribution, and this life cycle is led to Know the function of core net controlled entity, solve the temporary mark of terminal in prior art because the Hypomobility of terminal and no Method does time restriction, the technical problem that therefore cannot update for a long time to temporary mark, and then can obtain terminal help network Side carries out time control to the renewal of temporary mark, is easy to network side and upgrades in time temporary mark, improves the skill of Terminal security Art effect.

A kind of protection system of terminal temporary mark, including：Core net controlled entity and terminal；

Core net controlled entity, for the first temporary mark setting life cycle for distributing to terminal, and according to giving birth to temporarily Grow up to be a useful person timing, when timing reaches life cycle, be terminal distribution second temporary mark；

Terminal, for receiving the first temporary mark and the second temporary mark.

Core net controlled entity, for the first temporary mark setting life cycle for distributing to terminal and interim by first Mark and life cycle be sent to terminal, when know reach life cycle when, be terminal distribution second temporary mark.

Terminal, the life cycle timing receiving for basis, and when timing reaches life cycle, request core network entity is Terminal distribution second temporary mark.

Terminal, for the first temporary mark setting life cycle for distributing to terminal, and the life according to setup module setting Deposit phase timing, when timing reaches life cycle, request core network entity is terminal distribution second temporary mark；

Core network entity, for for terminal distribution first temporary mark, and in the request receiving terminal, is that terminal is divided Join the second temporary mark.

Core net controlled entity, for distributing temporary mark to terminal, and according to the life cycle timing receiving, works as timing When reaching life cycle, it is terminal distribution second temporary mark；

Terminal, for the first temporary mark setting life cycle for distributing to terminal, and will notify core net life cycle Controlled entity.

A kind of protection system of terminal temporary mark, including：Setup module, timing module and distribute module；

Distribute module, for when the timing of timing module reaches life cycle, being terminal distribution second temporary mark.

Above-mentioned each system that the present invention provides, by arranging life cycle using to temporary mark, and when reaching life cycle, Update the technological means of interim life cycle, solve in prior art, the interim mark that some terminals are led to due to its Hypomobility The technical problem that knowledge cannot upgrade in time, and then achieve the temporary mark that can upgrade in time, improve the skill of Terminal security Art effect.

Brief description

Accompanying drawing is used for providing a further understanding of the present invention, and constitutes a part for description, the reality with the present invention Apply example and be used for explaining the present invention together, be not construed as limiting the invention.In the accompanying drawings：

Fig. 1 is the schematic flow sheet of the guard method of terminal temporary mark in the embodiment of the present invention 1；

Fig. 2 is to be arranged by network side in the embodiment of the present invention 2 and realize the protection of terminal temporary mark by way of safeguarding The schematic flow sheet of method；

Fig. 3 is to arrange, by network side, the guarantor realizing terminal temporary mark by way of terminal maintenance in the embodiment of the present invention 3 The schematic flow sheet of maintaining method；

Fig. 4 is to be arranged by terminal in the embodiment of the present invention 4 and realize the protection side of terminal temporary mark by way of safeguarding The schematic flow sheet of method；

Fig. 5 is to arrange, by terminal, the guarantor realizing terminal temporary mark by way of network side is safeguarded in the embodiment of the present invention 5 The schematic flow sheet of maintaining method；

Fig. 6 is based on being arranged by network side in the case of multiple terminals and realize end by way of safeguarding in the embodiment of the present invention 6 The schematic flow sheet of the guard method of end temporary mark；

Fig. 7 is the structural representation of the core net controlled entity in the embodiment of the present invention 7；

Fig. 8 is the structural representation of the core net controlled entity in the embodiment of the present invention 8；

Fig. 9 is the structural representation of the terminal in the embodiment of the present invention 8；

Figure 10 is the structural representation of the core net controlled entity in the embodiment of the present invention 9 and terminal；

Figure 11 is the structural representation of the core net controlled entity in the embodiment of the present invention 10 and terminal；

Figure 12 is the structural representation of the protection system of terminal temporary mark in the embodiment of the present invention 11；

Figure 13 is the structural representation of the protection system of another terminal temporary mark in the embodiment of the present invention 11.

Specific embodiment

Below in conjunction with the accompanying drawings, the specific embodiment of the present invention is described in detail, it is to be understood that the life of the present invention Deposit scope not limited by specific embodiment.

Embodiment 1

The present embodiment provides a kind of guard method of terminal temporary mark, as shown in figure 1, the method includes：

101, for distributing to the first temporary mark setting life cycle of terminal, and start intervalometer timing；

102, when the timing of intervalometer reaches life cycle, it is terminal distribution second temporary mark.

Said method can individually be deployed to be realized in terminal it is also possible to the core net being individually deployed to network side controls in fact Realize on body, or partial deployment is in terminal, on partial deployment to core net controlled entity, both sides are passed through to exchange common realization.

The method that the present embodiment provides, arranges a life cycle by the temporary mark being distributed by terminal, marks interim In the case of the life cycle of knowledge is overdue, the mode that network redistributes temporary mark for terminal solves temporary mark due to terminal The low technical problem that cannot upgrade in time of mobility, and then achieve the renewal that temporary mark can obtain timing, prevent end The technique effect of user terminal safety is usurped, ensured to the temporary mark at end by illegal tracking.

The length of the life cycle in the present embodiment can adopt regular time length, it would however also be possible to employ randomly select when Between length, thus realizing that terminal temporary mark is regular or irregular renewal.Specifically, set time length can be in net The time span of configuration on network or terminal system, random time length can be produced at random in the range of the time period of a configuration Raw time span.

The life cycle of temporary mark can be arranged/be safeguarded by network side, also can be arranged/be safeguarded by end side.

Whether it is can be selected as needed by core net controlled entity or terminal a temporary mark setting life cycle Select, such as selected based on terminal type.In practical application, system can be only certain form of terminal setting life cycle, for example, For M2M（Machine to Machine/Man, machine and machine/people）Terminal, Hypomobility terminal, fixed terminal etc., and Life cycle is not provided with to other types terminal.

Wherein, the Hypomobility mentioned in the present embodiment（Or infrequently move）Terminal refer to：1st, the terminal not moved； 2nd, infrequently move（As at least one more than the moon does not move）, but once movement will occur position area, tracking area or Route Area more New terminal；3rd, often move, but moving range is less, generally because of mobile, position area, tracking area or Route Area will not occur The terminal updating.

It should be noted that：, be applied to 3GPP system, terminal is when being attached to different core network controlled entity for the present invention Different temporary marks will be obtained.When terminal is attached to GSM（Global System for Mobile Communications, Global system for mobile communications）/UMTS（Universal Mobile Telecommunications System, General Mobile leads to Letter system）CS（Circuit Switched, circuit switching）During domain system, the core net controlled entity MSC of service（Mobile Switching Center, mobile switching centre）/VLR（Visited Location Register, VLR Visitor Location Register） Temporary mark TMSI will be distributed for it（Temporary Mobile Subscriber Identities, temporarily moved subscriber mark Know）；When terminal is attached to GSM/UMTS PS（Packet Switched, packet switch）During domain system, the core network control of service Entity SGSN processed（Serving GPRS Support Node, Serving GPRS Support Node）Temporary mark P- will be distributed for it TMSI（Packet Temporary Mobile Subscriber Identities, packet TMSI）；Work as end End is attached to EPS（Evolved Packet System, evolved packet system）During system, the core net controlled entity MME of service （Mobile Management Entity, Mobility Management Entity）Temporary mark GUTI will be distributed for it.

Below mainly, just above-mentioned several implementations exist respectively taking distribution temporary mark GUTI in EPS as a example Describe in detail in embodiment.Specifically, above-mentioned several implementations can be generally divided into：Embodiment 2 is used for network is described Side is arranged（Life cycle）Network side is safeguarded（Life cycle）Implementation；Embodiment 3 is used for illustrating that network side is arranged（Life cycle） Terminal maintenance（Life cycle）Implementation；Embodiment 4 is used for illustrating that terminal is arranged（Life cycle）Terminal maintenance（Life cycle）'s Implementation；Embodiment 5 is used for illustrating that terminal is arranged（Life cycle）Network side is safeguarded（Life cycle）Implementation.

Embodiment 2

The present embodiment provides a kind of guard method of terminal temporary mark, and the method is mainly realized by being deployed in network side The life cycle of temporary mark is arranged by network side and safeguards the scheme of renewal.As shown in Fig. 2 the method includes：

201, after core net controlled entity is terminal distribution first temporary mark, core net controlled entity is arranged for terminal Life cycle；

Mentioning in the present embodiment and following embodiment is terminal distribution first temporary mark in core net controlled entity Afterwards, refer to core net controlled entity according to normal temporary mark allocation flow（As GUTI allocation flow, Attach flow process or TAU flow process）After terminal distribution temporary mark, after terminal receives the temporary mark of this distribution.

202, core net controlled entity starts intervalometer timing；

Core net controlled entity is according to the attachment defined in existing protocol（Attach）, tracing section updating（Tracking Area Update, TAU）Or global unique temporary identity（Globally Unique Temporary Identity, GUTI） Reassignment process, is the new GUTI of terminal distribution.After this, core net controlled entity arranges a GUTI existence for this terminal Phase simultaneously starts corresponding intervalometer.

203, when the timing of intervalometer reaches life cycle, core net controlled entity starts temporary mark and reassigns flow process, For terminal distribution second temporary mark, and this second temporary mark is reassigned command messages by GUTI it is sent to terminal；

204, after terminal receives this instruction, return GUTI Reallocation Complete message to core net controlled entity.

Supplementary notes be：The above is with EPS, and core net controlled entity is the facing of explanation as a example MME situation Markers weight sensing assigning process.When in GSM/UMTS CS domain, when core controlled entity is in the case of MSC/VLR, in above-mentioned GUTI Reallocation（GUTI reassigns）Process will be replaced by TMSIReallocation process；When in GSM/UMTS ps domain, core When heart net controlled entity is SGSN, will be by P-TMSI Reallocation process generation in above-mentioned GUTI Reallocation process Replace.Because, in the case of other system, specific implementation is that those skilled in the art can be light according to above-described embodiment content Easily learn, therefore will not be described here.

The method that the present embodiment provides, by, after distribution the first temporary mark, core net controlled entity is that this first faces When mark setting life cycle, and when reaching this life cycle, be the means that user terminal updates the first temporary mark, solve and show Have the terminal of Hypomobility in technology cannot upgrade in time due to the temporary mark leading to that is infrequently moved, poor stability Technical problem, and then achieve the temporary mark of the terminal that can upgrade in time, improve the technique effect of Terminal security.

Embodiment 3

The present embodiment provides a kind of guard method of terminal temporary mark, and the method is mainly by dividing in network side and terminal Do not carry out deployment to realize arranging life cycle by network side, the scheme that terminal maintenance life cycle updates.As shown in figure 3, the method bag Include：

301, when core net controlled entity is terminal distribution one GUTI（Concrete opportunity may be considered core network entity Before also a GUTI of distribution not being sent to terminal）, core net controlled entity is terminal setting life cycle；

Specifically, step 301 is during ongoing Attach or TAU, or network will initiate GUTI weight During assigning process, core network control node is terminal distribution the GUTI and arranges the life cycle of a GUTI.

Mention in the present embodiment and following embodiment " is terminal distribution first temporary mark in core net controlled entity When " refer to：Core net controlled entity is according to normal temporary mark allocation flow（As GUTI reassigns flow process, Attach flow process Or TAU flow process）For terminal distribution temporary mark, but also in the flow process of network side, this temporary mark is not sent to end Before end.

302, a GUTI and its life cycle are issued to terminal by core net controlled entity.

Specifically, a GUTI and its life cycle are issued to terminal can realize in the following way：

Core net controlled entity sends Attach received message, TAU received message or GUTI reassignment order to terminal and disappears Any one in breath, carries the life cycle of a GUTI and a GUTI in these message.

Illustrate a bit：The difference of the network system types according to terminal attachment, when core net controlled entity is SGSN, Above-mentioned GUTI Reallocation process and TAU received message, will be by P-TMSIReallocation process and Route Area Update（Routing Area Update, RAU）Received message is replaced, when core net controlled entity is MSC/VLR, upper State GUTI Reallocation process and TAU received message, will by TMSI Reallocation process and position area more Newly（Location Area Update, LAU）Received message replaces.

303, terminal starts intervalometer timing after receiving life cycle；

304, terminal responds back to core net controlled entity；

Herein, return corresponding response according to the type of message carrying life cycle receiving in end step 302 to disappear Breath, such as one of Attach completion message, TAU completion message, GUTI Reallocation Complete message.

In the same manner, when core net controlled entity is SGSN, TAU completion message will be replaced by RAU completion message, work as core When net controlled entity is MSC/VLR, TAU completion message will be replaced by LAU completion message.

It should be noted which kind of signalling interactive process specifically used depends on the net accompanying by terminal in actual applications Network type and under this network type ongoing flow process.If for example in ESP system, core net controlled entity is MME, Using for TAU flow process, then can be then TAU received message in above-mentioned steps 302, in step 304, correspondence should complete to disappear for TAU Breath；In the same manner, if in GSM, UMTS communication system, core net controlled entity is MSC and SGSN, and above-mentioned TAU process will be by phase LAU the or RAU process answered replaces, and can be then LAU or RAU received message in step 302, in step 304, correspondence should be LAU Or RAU completion message.Which kind of message to be those skilled in the art according to the description of this part with regard to which kind of flow process concrete using and The various embodiments of the present invention can be with apparent, and partly relevant content will not be described in great detail in the following.

305, when the timing of intervalometer reaches life cycle, terminal sends reassignment request to core net controlled entity and disappears Breath, request core net controlled entity distributes the 2nd GUTI；

Wherein, above-mentioned reassignment request message is TAU request message, carries request distribution second in TAU request message The configured information of GUTI.

When core net controlled entity is SGSN, TAU request message will be replaced by RAU request message, when core network control When entity processed is MSC/VLR, TAU request message will be replaced by LAU request message.

306, after core net controlled entity receives above-mentioned reassignment request message, it is terminal distribution the 2nd GUTI, and sets Put corresponding life cycle；

307, core net controlled entity sends TAU and accepts message to terminal, carries the second of distribution in TAU received message GUTI and the 2nd GUTI corresponding life cycle；

Herein, also according to the system type of attachment, due to the request message in corresponding step 305, so this TAU accepts Message could alternatively be LAU received message or RAU received message.

308, terminal sends TAU completion message to core net controlled entity.

In the same manner, LAU the or RAU received message in corresponding step 307, the permissible LAU that replaces with of this TAU completion message completes Message or RAU completion message.

In the method that the present embodiment provides, core net controlled entity is provided with life cycle in the lump when distributing GUTI, and will This GUTI and life cycle have been issued to terminal, and carry out timing by terminal according to this life cycle.At the end of timing, terminal notification Core net controlled entity demonstrates the need for distributing again temporary mark.By way of the interacting of terminal and core net controlled entity, Solve the technical problem being difficult to update that in prior art, temporary mark leads to because terminal infrequently moves, and then achieve Prevent user terminal from being followed the trail of by malice, improve the technique effect of Terminal security.

Embodiment 4

The present embodiment provides a kind of guard method of terminal temporary mark, and the method is mainly by way of being deployed in terminal Realize, the life cycle of temporary mark is arranged by terminal and safeguards the scheme of this life cycle renewal.As shown in figure 4, the method includes：

401, after core net controlled entity is terminal distribution first temporary mark, terminal receives core net controlled entity First GUTI of distribution.

Core net controlled entity reassigns process according to the Attach defined in existing protocol, TAU or GUTI, is terminal Distribute new GUTI, i.e. a GUTI in the present embodiment.

402, terminal is a GUTI setting life cycle, and starts intervalometer；

After terminal receives a GUTI, one corresponding life cycle of setting simultaneously starts intervalometer timing.

403, when the timing of intervalometer reaches life cycle, terminal request core net controlled entity distribution second is marked temporarily Know.

Specifically, above-mentioned terminal request core net controlled entity distributes the second temporary mark and is specially：

Terminal sends TAU to core net controlled entity（Tracking Area Update, tracing section updating）Request message, Carry the configured information of request distribution the second temporary mark in TAU request message, demonstrate the need for application distribution the second temporary mark.

Illustrate a bit：The difference of the system type according to terminal attachment, when core net controlled entity is SGSN, above-mentioned TAU request message, will be replaced by RAU request message, and when core net controlled entity is MSC/VLR, above-mentioned TAU request disappears Breath, will be replaced by LAU request message.

404, core net controlled entity can be terminal distribution second temporary mark according to the mode of prior art；

405, core net controlled entity sends TAU and accepts message to terminal, and carry distribution in TAU received message second faces When mark；

TAU request message in the corresponding step 403 of this TAU received message, in the same manner, according to system type, could alternatively be Which kind of received message one of LAU received message or RAU received message, specifically adopt, depending on currently ongoing stream Journey.

406, terminal sends TAU completion message to core net controlled entity.

TAU received message in the corresponding step 405 of this TAU completion message, in the same manner, according to system type, this TAU completes to disappear Breath could alternatively be LAU completion message or RAU completion message.

In the method that the present embodiment provides, it is the temporary mark setting life cycle receiving by terminal, and in life cycle knot Network side is notified, request distributes temporary mark again during bundle.The interim mark that terminal is led to equally can be solved due to Hypomobility The technical problem that knowledge can not often update, and then the temporary mark that upgrades in time can be obtained, prevent terminal tracked, improve terminal The technique effect of safety.

Embodiment 5

The present embodiment provides a kind of guard method of terminal temporary mark, and the method is mainly by dividing in network side and terminal Do not carry out deployment to realize arranging life cycle by terminal, network side safeguards the scheme of life cycle renewal.As shown in figure 5, the method master Including：

501, core net controlled entity is terminal distribution first temporary mark；

Core net controlled entity reassigns process according to the Attach defined in existing protocol, TAU or GUTI, is terminal Distribute new GUTI.

502, after terminal receives a GUTI of distribution, life cycle is set.

503, terminal will notify core net controlled entity life cycle.

Specifically, above-mentioned core net controlled entity will be notified life cycle can to realize by following several ways：

Terminal sends one of ATTACH completion message, TAU completion message or GUTI Reallocation Complete message and arrives core Net controlled entity, the life cycle of carried terminal setting in completion message.

Wherein, which completion message, the GUTI allocation flow adopting depending on network side in step 501 and end are specifically adopted The network type of end attachment.For example when core net controlled entity is SGSN, TAU completion message will be by RAU completion message institute's generation Replace, when core net controlled entity is MSC/VLR, TAU completion message will be replaced by LAU completion message.

504, core net controlled entity starts intervalometer timing according to this life cycle；

Preferably, also can return to a response message to complete to terminal in order to determine operation.

505, when the timing of intervalometer reaches life cycle, core net controlled entity triggering temporary mark reassigns process, For terminal distribution the 2nd GUTI.

In step 505, the reassignment process of triggering can be carried out according to prior art, such as divide according to existing temporary mark again Flow journey, difference is, will reassign command messages by temporary mark and carry the 2nd GUTI to terminal.

Above-described embodiment 2-5 is the behaviour taking EPS as a example illustrating the present invention proposed terminal temporary mark guard method Make method and flow process, but institute's extracting method is applied equally to GSM, UMTS mobile communication system.For example：In GSM, UMTS communication In system, core net controlled entity is MSC and SGSN, and above-mentioned TAU process will be replaced by corresponding LAU or RAU process, above-mentioned GUTI reassigns process and will be replaced by TMSI Reallocation process or P-TMSI Reallocation process.Answer actual With in which kind of signalling interactive process specifically used depend on terminal accompanying by network type.And specific embodiment is also Those skilled in the art can be known easily according to above-mentioned content, will not be described here.

Embodiment 6

In embodiment 2 offer in the method that network side arranges and safeguards life cycle, can also exist based on different Granularity arranges the preferred version of temporary mark life cycle.Below, will in the present embodiment this preferred version be illustrated.

In the method that the present embodiment provides, when being arranged by network side the life cycle of temporary mark, network side core network control Entity processed can arrange temporary mark life cycle based on different granularities.Substantially can be divided into：Core network entity divides for each terminal She Zhi not temporary mark, such as following A situation；Or, core network entity is multiple terminals unified setting temporary mark, such as following B Situation with C.

A. it is temporary mark one single life cycle of setting of each terminal；

B. it is one group of terminal（For example belong to the terminal of same user, belong to the terminal of the same area）One unification of setting Life cycle；

C. all terminal nodes by being serviced arrange a unified life cycle.

Because above-mentioned A situation has passed through embodiment 2（If core net controlled entity is the temporary mark setting one being distributed The life cycle of individual temporary mark, and start an intervalometer accordingly.When the timer has lapsed, core net controlled entity passes through GUTI Reassignment process is the new temporary mark of terminal distribution）Method in be described, therefore will not be described here, require supplementation with Bright is：For above-described embodiment 2, when terminal attachment removal from network, the intervalometer being started stops.

Main this of the present embodiment illustrates to the situation of B and C, including：

When any terminal in multiple terminals is attached on core net controlled entity, core network entity starts intervalometer.

Accordingly, now when the timing of intervalometer reaches life cycle, it is that terminal distribution second temporary mark specifically includes：

When the timing of intervalometer reaches life cycle, core network entity is that each terminal distribution second in multiple terminals is faced When mark；

When all attachment removals from core net controlled entity of multiple terminals, stop intervalometer timing.

Specifically, as shown in fig. 6, during for B, when in one group, at least one terminal is attached to core net control During entity, core net controlled entity is that this group of terminal arranges a life cycle and starts intervalometer accordingly；When intervalometer expires When, core net controlled entity reassigns, by GUTI, one new temporary mark of each terminal distribution that process is in this group, And reset this intervalometer；In group, all when this core net controlled entity attachment removal, this intervalometer stops timing to all terminals.

For C situation, start working in core net controlled entity or be at least one Terminal for service（At least one Individual terminal is attached to this core net controlled entity）When, core net controlled entity arranges a life cycle and starts intervalometer accordingly； When the timing of intervalometer reaches life cycle, core net controlled entity reassigns each that process is its service eventually by GUTI One new temporary mark of end distribution；And reset this intervalometer；Quit work or not for appointing in this core net controlled entity What Terminal for service（All terminals are all from this core net controlled entity attachment removal）When stop timing.

In the method that the present embodiment provides, there is provided a kind of when when network side is arranged and safeguards life cycle, can be to many The method of individual terminal unified setting life cycle, more can enrich the implementation to life cycle, and save network side expense, It is easy to the renewal of temporary mark is managed collectively.

Embodiment 7

The present embodiment provides a kind of core net controlled entity, and this core net controlled entity can be used for implementing to realize network in 2 Side arranges the method that network side is safeguarded.As shown in fig. 7, comprises：Setup module 71, timing module 72, distribute module 73.

Setup module 71, for the first temporary mark setting life cycle for distributing to terminal；Timing module 72, for root Life cycle timing according to setup module setting 71；Distribute module 73, for for terminal distribution first temporary mark, and works as timing When the timing of module 72 reaches life cycle, it is terminal distribution second temporary mark.

In preferred version, setup module 71, specifically for, after distribute module 73 is terminal distribution first temporary mark, being Terminal arranges life cycle；Correspondingly, distribute module 73, specifically for when the timing of timing module 72 reaches life cycle, starting Temporary mark reassigns process, is terminal distribution second temporary mark.

Further, setup module 71 can also include：Set up and put submodule, group setting submodule.

Set up and put submodule, for being respectively provided with life cycle for the corresponding temporary mark of each terminal；Group setting submodule, For arranging life cycle for the corresponding temporary mark of multiple terminals is unified.

Correspondingly, in such cases, timing module 72, specifically for being attached to core when any terminal in multiple terminals Network control system physically when, start intervalometer timing.

Distribute module 73 includes：

Multiple terminals allocation unit, for when the timing of timing module 72 reaches life cycle, being each in multiple terminals Terminal distribution second temporary mark；

Multiple terminals stop element, for when all attachment removals from core net controlled entity of multiple terminals, stopping timing The timing of module 72.

The core net controlled entity that the present embodiment provides can be the first temporary mark setting life cycle, and in this life cycle During arrival, it is user terminal renewal temporary mark, and then achieves the temporary mark of the terminal that can upgrade in time, improve terminal security The technique effect of property.

Embodiment 8

The present embodiment provides a kind of core net controlled entity, and this core network entity can be used as in embodiment 3, to realize net The method that network side arranges terminal maintenance.As shown in figure 8, including：

Setup module 81, for the first temporary mark setting life cycle for distributing to terminal；

Distribute module 82, for for terminal distribution first temporary mark, and when know reach life cycle when, be that terminal is divided Join the second temporary mark.

In preferred version, setup module 81, specifically for when distribute module 82 is terminal distribution the first temporary mark, being Terminal arranged for the first life cycle, and the first temporary mark and the first life cycle are issued to terminal.

Specifically, setup module 81 includes：Transmitting element, for sending Attach received message to terminal, LAU accepts Message, RAU received message, TAU received message or GUTI reassign one of command messages, carry first and mark temporarily in message Know and life cycle.

Additionally, this core net controlled entity also includes：Receiver module 83, updates request for the LAU that receiving terminal sends One of message, RAU request message or TAU request message, carry the finger of request distribution the second temporary mark in request message Show information；

Correspondingly, distribute module 82, specifically for when receiving configured information, being terminal distribution second temporary mark.

Further, distribute module 82 may also include：Distribution transmitting element, is used for receiving distribution the second temporary mark Request after, be terminal distribution second temporary mark, and the life cycle of the second temporary mark be set, send LAU received message, One of RAU received message or TAU received message arrive terminal, carry second temporary mark and second of distribution in received message The life cycle of temporary mark.

The above-mentioned core net controlled entity that the present embodiment provides is because being provided with to be the first temporary mark setting existence The function of phase, so prior art can be solved for realizing the first temporary mark offer strong event horizon that upgrades in time In, for the terminal of some Hypomobilities, the temporary mark due to leading to for being moved illegally usurped, the technology followed the trail of is asked Topic, and then the temporary mark that upgrades in time, the technique effect of offer Terminal security are provided.

In order to the method in embodiment 3 can completely be implemented, the present embodiment additionally provides a kind of terminal, can be used as implementing Terminal in example 3 uses.As shown in figure 9, this terminal includes：

Timing module 91, for according to the life cycle timing receiving；

Notification module 92, for when the timing of timing module 91 reaches life cycle, request core network entity divides for terminal Join the second temporary mark.

Further, timing module 91, the attach received message sending specifically for reception core net controlled entity, LAU received message, RAU received message, TAU received message or temporary mark reassign one of command messages, take in message Carry the first temporary mark and life cycle, and according to life cycle timing.

In corresponding preferred version, notification module 92 includes：

Transmit-Receive Unit, for when the timing of timing module 91 reached for the first life cycle, sending to core net controlled entity One of location area updating request message, Routing Area Update request message or TAU request message, carry request in request message Distribute the configured information of the second temporary mark；And receive location area updating received message, the road that core net controlled entity returns One of received message or TAU received message are updated to terminal by area, in received message, carries the second temporary mark of distribution With the life cycle of the second temporary mark, and send location area updating completion message, Routing Area Update completion message or TAU and complete One of message arrives core net controlled entity.

The terminal that the present embodiment provides, carries out timing due to being provided with according to life cycle, and when timing reaches this life cycle When, the function of notifying network side that the first temporary mark is updated in time, solve in prior art, due to terminal infrequently The temporary mark that leads to of movement cannot upgrade in time, reduce the technical problem of Terminal security, and then achieves help network Side is realized updating temporary mark for terminal in time, improves the technique effect of Terminal security.

Embodiment 9

The present embodiment provides a kind of core net controlled entity, and this core net controlled entity can be used as in embodiment 5, realizes eventually Side arranges the guard method of the terminal temporary mark that network side is safeguarded.As shown in Figure 10, including：Timing module 11, distributes mould Block 12.

Timing module 11, for the life cycle timing according to the first temporary mark receiving；Distribute module 12, for for Terminal distribution first temporary mark, and when the timing of timing module 11 reaches life cycle, be that terminal distribution second is marked temporarily Know.

Further, timing module 11, specifically for receiving terminal, to send attachment completion message, location area updating complete One of message, Routing Area Update completion message, TAU completion message or temporary mark Reallocation Complete message is become to arrive core net During controlled entity, carry the life cycle of the first temporary mark in completion message, according to this life cycle timing；Distribute module 12, tool Body is used for when the timing of timing module 11 reaches life cycle, and triggering temporary mark reassigns process, is that terminal distribution second is faced When mark, and send carry the second temporary mark temporary mark reassign command messages to terminal.

The life cycle that the core net controlled entity that the present embodiment provides has according to receiving carries out timing, and arrives in timing When reaching, start the function of reassigning temporary mark, the terminal temporary mark infrequently moving therefore can be avoided tracked or steal Technical problem, and then the temporary mark that upgrades in time can be obtained, improve the technique effect of Terminal security.

Additionally, in order to preferably realize the method in embodiment 5, the present embodiment additionally provides a kind of terminal, such as Figure 10, should Terminal includes：

Setup module 13, for the first temporary mark setting life cycle for distributing to terminal；

Notification module 14, for notifying core net controlled entity life cycle.

Further, setup module 13, after in core net controlled entity for terminal distribution first temporary mark, Setting life cycle；Notification module 14, completes specifically for attachment completion message, location area updating completion message, Routing Area Update One of message, TAU completion message or temporary mark Reallocation Complete message arrive core net controlled entity, take in completion message Band life cycle.

The terminal that the present embodiment provides is passed through to arrange life cycle using to the temporary mark receiving, and this life cycle is reported Accuse the core net controlled entity of network side, so that this core net controlled entity controls dividing of temporary mark according to this life cycle again Join process, and then solve the technical problem of the poor stability that terminal is led to due to Hypomobility in prior art, it is right to achieve Temporary mark arranges life cycle, helps core net controlled entity that expired temporary mark is updated, and is easy to improve terminal peace The technique effect of full property.

Embodiment 10

The present embodiment provides a kind of terminal, and this terminal can be used in embodiment 4, realizes the interim of terminal maintenance terminal setting The guard method of mark.As shown in figure 11, including：Setup module 21, timing module 22, notification module 23.

Wherein, setup module 21, for the first temporary mark setting life cycle for distributing to terminal；Timing module 22, For the life cycle timing being arranged according to setup module 21；Notification module 23, reaches existence for the timing when timing module 22 During the phase, request core network entity is terminal distribution second temporary mark.

Further, setup module 21, after in core net controlled entity for terminal distribution first temporary mark, Setting life cycle；

Correspondingly, notification module 23 includes：Transmit-Receive Unit, sends LAU request message to core net controlled entity, RAU please Ask one of message or TAU request message, in request message, carry the configured information of request distribution the second temporary mark；And Receive core net controlled entity to send in location area updating received message, Routing Area Update received message or TAU received message One kind to terminal, carry the second temporary mark of distribution in received message, and send location area updating completion message, Route Area Update one of completion message or TAU completion message and arrive core net controlled entity.

The terminal that the present embodiment provides can arrange life cycle timing to the temporary mark receiving, also can be in this existence When phase reaches, the temporary mark that please look for novelty to the core net controlled entity of network side, so solve in prior art mark temporarily Know due to the low technical problem of the safety causing cannot be updated for a long time, achieving can in the case of the low movement of terminal still Request network side is updated to temporary mark, improves the technique effect of Terminal security.

Because the network controlling entity in above-described embodiment 7-10 or terminal are used to realize the method in embodiment 2-6, It is all that those skilled in the art can be by reference to right in place of the not most detailed description of unit or module therefore in embodiment 7-10 Run away with embodiment 2-6 answered, will not be described here.

Embodiment 11

A kind of protection system of the present embodiment terminal temporary mark, as shown in figure 12, this system includes：Setup module 31, Timing module 32 and distribute module 33；

Setup module 31, for the first temporary mark setting life cycle for distributing to terminal；Timing module 32, for root Life cycle timing according to setup module 31 setting；Distribute module 33, for for terminal distribution first temporary mark, and works as timing When the timing of module 22 reaches life cycle, it is terminal distribution second temporary mark.

In preferred version, setup module 31 includes：

Set up and put submodule, for being respectively provided with life cycle for the corresponding temporary mark of each terminal；

Group setting submodule, for for multiple terminals（The plurality of terminal can be to belong to same user, or belongs to same area One group of terminal in domain or be attached on core net controlled entity, and provide the institute of service by this core network entity for it There is terminal）Corresponding temporary mark unified setting life cycle.

Correspondingly, timing module 32 is specifically for the life cycle timing respectively for each terminal；And/or for for multiple The unified life cycle of terminal carries out timing.

Correspondingly, in preferred version, distribute module 33 includes：

Multiple terminals allocation unit, for when the timing of timing module 32 reaches life cycle（It is specially unified life cycle When）, it is each terminal distribution second temporary mark in multiple terminals；

Multiple terminals stop element, for when all attachment removals from core net controlled entity of multiple terminals, stopping timing The timing of module.

The system that the present embodiment provides, because the temporary mark having for terminal arranges life cycle, to life cycle timing, and When the life cycle that timing is arrived, the function of can reassigning temporary mark for terminal exists it is possible to solve terminal in existing timing After being attached on certain core net controlled entity, the problems such as due to seldom moving that the temporary mark causing is easily tracked, usurping, and then The temporary mark of the terminal that upgrades in time can be obtained, improve the technique effect of Terminal security.

The above-mentioned module that the present embodiment provides, can all be deployed in terminal, can all be deployed in core net control Physically, or can also partial deployment in terminal, partial deployment is on core net controlled entity.Concrete dispositions method has very Multiple, four kinds of embodiments are specifically provided below in the present embodiment.

A kind of embodiment of the protection system of terminal temporary mark, this embodiment can be real by core net controlled entity The repertoire that existing temporary mark updates.As shown in figure 13, including：Core net controlled entity and terminal；

Core net controlled entity, for for terminal distribution first temporary mark, and is distribute to terminal first interim Mark setting life cycle, and according to interim maker timing, when timing reaches life cycle, be that terminal distribution second is marked temporarily Know；

Terminal, for receiving the first temporary mark and the second temporary mark.

Or, the embodiment of the protection system of second terminal temporary mark, this embodiment can be by core network control Entity setting up life cycle processed, timing is carried out by this life cycle of terminal-pair, by interacting and then realizing temporary mark renewal Function.As shown in figure 13, including：Core net controlled entity and terminal；

Core net controlled entity, for for terminal distribution first temporary mark, and is distribute to terminal first interim Mark setting life cycle, and the first temporary mark and life cycle are sent to terminal, when know reach life cycle when, be that terminal is divided Join the second temporary mark；.

Or, the embodiment of the protection system of the third terminal temporary mark, this embodiment is realized being faced by terminal-pair When the update status that identify be monitored, and request core net controlled entity completes the function of temporary mark renewal in time.As figure Shown in 13, including：Core net controlled entity and terminal；

Core network entity, for for terminal distribution first temporary mark, and is terminal distribution first temporary mark, and Receive terminal request when, be terminal distribution second temporary mark.

Or, the embodiment of the protection system of the 4th kind of terminal temporary mark, this embodiment realize by terminal with The interaction of core net controlled entity completes the function that temporary mark is updated.As shown in figure 13, including：Core net controlled entity and Terminal；

Core net controlled entity, for distributing the first temporary mark to terminal, and according to the life cycle timing receiving, when When timing reaches life cycle, it is terminal distribution second temporary mark；

Terminal, for distributing to the first temporary mark setting life cycle of terminal for core net controlled entity, and will survive Phase notifies core net controlled entity.

Existing scheme by distributing, for user terminal, the protection that temporary mark is capable of to contracted user's permanent identification, but It is that it has terminal temporary mark because updating and permanently effective possibility.So temporary mark actually will become eventually Long-term " code name " at end, exists by the security risk of attacker's malicious exploitation.This situation is outstanding for the relatively low terminal of mobility For being susceptible to.In existing H2H communications applications, a lot of terminals have low mobility, and a large amount of after Internet of Things application introduces M2M terminal maintains static after all having the characteristics that deployment or Hypomobility is it is therefore desirable to strengthen safety precaution to this situation. However, existing scheme obviously can not meet reaches such purpose.The said system that therefore the present embodiment provides, can be terminal The temporary mark being distributed arranges a life cycle, and in the case of the life cycle of temporary mark is overdue, network side is terminal Redistribute temporary mark.On the basis of existing protocol, it is strengthened, can not only be to the permanent identification of user terminal Carry out effective protection additionally it is possible to periodically or aperiodically be updated to the temporary mark of certain type terminals as needed, Effectively eliminate above-mentioned potential safety hazard.

The present invention can have the specific embodiment of multiple multi-forms, combine accompanying drawing to this above taking Fig. 1-Fig. 5 as a example The explanation for example of bright technical scheme, this is not meant to that the instantiation that the present invention is applied can only be confined to specific flow process Or in example structure, those of ordinary skill in the art is it is to be appreciated that specific embodiments presented above are multiple Some examples in its preferred usage, the embodiment of any embodiment the claims in the present invention all should be wanted in technical solution of the present invention Within the scope of seeking survival.

Finally it should be noted that：These are only the preferred embodiments of the present invention, be not limited to the present invention, although With reference to the foregoing embodiments the present invention is described in detail, for a person skilled in the art, it still can be right Technical scheme described in foregoing embodiments is modified, or carries out equivalent to wherein some technical characteristics.All Within the spirit and principles in the present invention, any modification, equivalent substitution and improvement made etc., should be included in the existence of the present invention Within the scope of.

Claims

1. a kind of guard method of terminal temporary mark is it is characterised in that be applied to the terminal of middle Hypomobility, including：

When the timing of described intervalometer reaches described life cycle, it is described terminal distribution second temporary mark；

Core net controlled entity is respectively provided with life cycle for the corresponding temporary mark of each terminal, or corresponding for multiple terminals Temporary mark unified setting life cycle；The method also includes：

When any terminal in the plurality of terminal is attached on described core net controlled entity, described core net controlled entity Start intervalometer.

2. method according to claim 1 is it is characterised in that described the first temporary mark setting for distributing to terminal is given birth to Deposit the phase, and start intervalometer timing and specifically include：

After core net controlled entity is terminal distribution first temporary mark, described core net controlled entity is described terminal setting Life cycle, and start intervalometer timing；

When the timing of described intervalometer reaches described life cycle, it is that described terminal distribution second temporary mark specifically includes：

When the timing of described intervalometer reaches described life cycle, described core net controlled entity starts temporary mark and reassigned Journey, is described terminal distribution second temporary mark.

3. method according to claim 1 is it is characterised in that the described timing when described intervalometer reaches described life cycle When, it is that described terminal distribution second temporary mark specifically includes：

When the timing of described intervalometer reaches described life cycle, described core net controlled entity is every in the plurality of terminal Individual terminal distribution second temporary mark；

When all attachment removals from described core net controlled entity of the plurality of terminal, stop described intervalometer timing.

4. a kind of guard method of terminal temporary mark is it is characterised in that be applied to the terminal of middle Hypomobility, including：

Described the first temporary mark setting life cycle for distributing to terminal, and start intervalometer timing and specifically include：

After core net controlled entity is terminal distribution first temporary mark, described terminal arranges life cycle, and starts intervalometer；

When the described timing when described intervalometer reaches described life cycle, it is that described terminal distribution second temporary mark specifically wraps Include：

When the timing of described intervalometer reaches described life cycle, core net controlled entity distribution second described in described terminal request Temporary mark.

5. method according to claim 4 is it is characterised in that core net controlled entity distribution the described in described terminal request Two temporary marks are specially：

Described terminal to described core net controlled entity send location area updating request message, Routing Area Update request message or with Track area updates one of request message, carries the configured information of request distribution the second temporary mark in described request message.

6. the method according to claim 4 or 5 is it is characterised in that the described timing when described intervalometer reaches described life When depositing the phase, it is that described terminal distribution second temporary mark also includes：

After described core net controlled entity receives the request of described distribution the second temporary mark, it is the described in described terminal distribution Two temporary marks, and send in location area updating received message, Routing Area Update received message or tracing section updating received message One kind to described terminal, carry the second temporary mark of distribution in described received message.

7. a kind of guard method of terminal temporary mark is it is characterised in that be applied to the terminal of middle Hypomobility, including：

Described the first temporary mark setting life cycle for distributing to terminal specifically includes：

When core net controlled entity is terminal distribution the first temporary mark, described core net controlled entity is described terminal setting Life cycle, and described first temporary mark and described life cycle are issued to described terminal；

Described startup intervalometer timing；When the timing of described intervalometer reaches described life cycle, it is described terminal distribution second Temporary mark specifically includes：

Described terminal starts intervalometer timing, and when the timing of described intervalometer reaches described life cycle, described terminal is to described Core net controlled entity sends in location area updating request message, Routing Area Update request message or tracing section updating request message One kind, carry in described request message request distribution the second temporary mark configured information.

8. method according to claim 7 it is characterised in that described by described first temporary mark with described life cycle It is dealt into described terminal to specifically include：

Described core net controlled entity sends attachment received message, location area updating received message, Route Area more to described terminal New received message, tracing section updating received message or temporary mark reassign one of command messages, carry in described message Described first temporary mark and described life cycle.

9. method according to claim 7 is it is characterised in that described startup intervalometer timing；Meter when described intervalometer When reaching described life cycle, be that described terminal distribution second temporary mark specifically also includes：

After described core net controlled entity receives the request of described distribution the second temporary mark, it is the described in described terminal distribution Two temporary marks, and the life cycle of described second temporary mark is set, send location area updating received message, Routing Area Update connects Arrived described terminal by one of message or tracing section updating received message, carry distribution in described received message second is interim Mark and the life cycle of described second temporary mark.

10. a kind of guard method of terminal temporary mark is it is characterised in that be applied to the terminal of middle Hypomobility, including：

After core net controlled entity is terminal distribution first temporary mark, terminal arranges life cycle, and described life cycle is led to Know described core net controlled entity；

Described core net controlled entity starts intervalometer timing, when the timing of described intervalometer reaches described life cycle, triggering Temporary mark reassigns process, is described terminal distribution second temporary mark, and sends and carry facing of described second temporary mark Markers weight sensing assignment command message is to described terminal, and distributes new life cycle.

11. methods according to claim 10 it is characterised in that described described life cycle notified described core network control Entity processed specifically includes：

Described terminal sends attachment completion message, location area updating completion message, Routing Area Update completion message, tracing section updating One of completion message or temporary mark Reallocation Complete message arrive described core net controlled entity, take in described completion message Carry described life cycle.

12. methods according to claim 10 it is characterised in that described life cycle be the time limit being fixedly installed or setting Time range in randomly choose time limit.

A kind of 13. core net controlled entities it is characterised in that being applied to the terminal of middle Hypomobility, including：

Distribute module, for for described terminal distribution first temporary mark, and when the timing of described timing module reach described During life cycle, it is described terminal distribution second temporary mark；

Described setup module includes：

Group setting submodule, for arranging life cycle for the corresponding temporary mark of multiple terminals is unified；

Described timing module, specifically for being attached on described core net controlled entity when any terminal in the plurality of terminal When, start intervalometer timing.

14. core net controlled entities according to claim 13 it is characterised in that

Described setup module, specifically for, after described distribute module is terminal distribution first temporary mark, being that described terminal sets Put life cycle；

Described distribute module, specifically for when the timing of described timing module reaches described life cycle, starting temporary mark weight Assigning process, is described terminal distribution second temporary mark.

15. core net controlled entities according to claim 13 are it is characterised in that described distribute module includes：

Multiple terminals allocation unit, for when the timing of described timing module reaches described life cycle, being in the plurality of terminal Each terminal distribution second temporary mark；

Multiple terminals stop element, for when all attachment removals from described core net controlled entity of the plurality of terminal, stopping The timing of described timing module.

A kind of 16. core net controlled entities it is characterised in that being applied to the terminal of middle Hypomobility, including：

Distribute module, for for described terminal distribution first temporary mark, and when know reach described life cycle when, for described Terminal distribution second temporary mark；

Described setup module, specifically for when described distribute module is terminal distribution the first temporary mark, being that described terminal sets Put life cycle, and described first temporary mark and described life cycle are issued to described terminal；

Described setup module, also includes：

Receiving unit, for receive the location area updating request message that described terminal sends, Routing Area Update request message or with Track area updates one of request message, carries the configured information of request distribution the second temporary mark in described request message；

Described distribute module, specifically for when receiving described configured information, being described terminal distribution second temporary mark.

17. core net controlled entities according to claim 16 are it is characterised in that described setup module includes：

Transmitting element, for sending attachment received message, location area updating received message, Routing Area Update acceptance to described terminal Message, tracing section updating received message or temporary mark reassign one of command messages, carry institute in described received message State the first temporary mark and described life cycle.

18. core net controlled entities according to claim 16 are it is characterised in that described distribute module includes：

Distribution transmitting element, for receiving after the request of described distribution the second temporary mark, is the described in described terminal distribution Two temporary marks, and the life cycle of described second temporary mark is set, send location area updating received message, Routing Area Update connects Arrived described terminal by one of message or tracing section updating received message, carry distribution in described received message second is interim Mark and the life cycle of described second temporary mark.

A kind of 19. core net controlled entities it is characterised in that being applied to the terminal of middle Hypomobility, including：

Distribute module, for the first temporary mark described in terminal distribution, and when the timing arrival of described timing module is described During life cycle, it is described terminal distribution second temporary mark；

Described timing module, specifically for receive described terminal send attachment completion message, location area updating completion message, One of Routing Area Update completion message, tracing section updating completion message or temporary mark Reallocation Complete message arrive described core During heart net controlled entity, carry the life cycle of described first temporary mark in described completion message, according to described life cycle timing；

Described distribute module, specifically for when the timing of described timing module reaches described life cycle, triggering temporary mark weight Assigning process, is described terminal distribution second temporary mark, and sends and carry the temporary mark of described second temporary mark and divide again Join command messages to described terminal.

A kind of 20. terminals it is characterised in that for middle Hypomobility terminal, including：

Notification module, for when the timing of described timing module reaches described life cycle, request core net controlled entity is institute State terminal distribution second temporary mark.

21. terminals according to claim 20 it is characterised in that

Described setup module, specifically for, after core net controlled entity is terminal distribution first temporary mark, arranging life cycle；

Described notification module includes：

Transmit-Receive Unit, to described core net controlled entity send location area updating request message, Routing Area Update request message or One of tracing section updating request message, carries the configured information of request distribution the second temporary mark in described request message； And receive location area updating received message, Routing Area Update received message or the tracking area that described core net controlled entity sends Update one of received message and arrive described terminal, in described received message, carry the second temporary mark of distribution.

A kind of 22. terminals it is characterised in that for middle Hypomobility terminal, including：

23. terminals according to claim 22 it is characterised in that

Described timing module, specifically for receiving attachment received message, the location area updating acceptance that core net controlled entity sends Message, Routing Area Update received message, tracing section updating received message or temporary mark reassign one of command messages, institute State and in message, carry described first temporary mark and described life cycle, and according to described life cycle timing.

24. terminals according to claim 23 are it is characterised in that described notification module includes：

Transmit-Receive Unit, for when the timing of described timing module reaches described life cycle, sending out to described core net controlled entity Send one of location area updating request message, Routing Area Update request message or tracing section updating request message, described request The configured information of request distribution the second temporary mark is carried in message；And receive the position that described core net controlled entity returns Area updates one of received message, Routing Area Update received message or tracing section updating received message and arrives described terminal, described The second temporary mark of distribution and the life cycle of described second temporary mark is carried in received message.

A kind of 25. protection systems of terminal temporary mark it is characterised in that being applied to the terminal of middle Hypomobility, including：Core Net controlled entity and terminal；

Described core net controlled entity, for the first temporary mark setting life cycle for distributing to terminal, and sets according to described The life cycle timing put, when described timing reaches described life cycle, is described terminal distribution second temporary mark；

Described core net controlled entity is respectively provided with life cycle for the corresponding temporary mark of each terminal, or is multiple terminal-pairs The temporary mark unified setting life cycle answered；

When any terminal in the plurality of terminal is attached on described core net controlled entity, described core net controlled entity Start intervalometer；

Described terminal, for receiving described first temporary mark and the second temporary mark.

A kind of 26. protection systems of terminal temporary mark it is characterised in that being applied to the terminal of middle Hypomobility, including：Core Net controlled entity and terminal；

Described core net controlled entity, for the first temporary mark setting life cycle for distributing to terminal, and by described first Temporary mark and described life cycle are sent to terminal, when know reach described life cycle when, be that described terminal distribution second is interim Mark；

Described terminal, the life cycle timing receiving for basis, and when timing reaches described life cycle, ask core network control Entity processed is described terminal distribution second temporary mark；

Described terminal specifically for, start intervalometer timing, when described intervalometer timing reach described life cycle when, described end Holding please to described core net controlled entity transmission location area updating request message, Routing Area Update request message or tracing section updating Seek one of message, in described request message, carry the configured information of request distribution the second temporary mark.

A kind of 27. protection systems of terminal temporary mark it is characterised in that being applied to the terminal of middle Hypomobility, including：Core Net controlled entity and terminal；

Described terminal, for the first temporary mark setting life cycle for distributing to terminal, and the life cycle timing according to setting, When timing reaches described life cycle, request core net controlled entity is described terminal distribution second temporary mark；

Described core net controlled entity, for for terminal distribution first temporary mark, and in the request receiving terminal, is institute State terminal distribution second temporary mark.

A kind of 28. protection systems of terminal temporary mark it is characterised in that being applied to the terminal of middle Hypomobility, including：Core Net controlled entity and terminal；

Described core net controlled entity, for distributing the first temporary mark to described terminal, and according to the life cycle meter receiving When, when timing reaches described life cycle, it is described terminal distribution second temporary mark；

Described terminal, for the first temporary mark setting life cycle for distributing to terminal, and described life cycle is notified core Heart net controlled entity；

Described core net controlled entity is specifically for starting intervalometer timing, when the timing of described intervalometer reaches described existence During the phase, triggering temporary mark reassigns process, is described terminal distribution second temporary mark, and sends that to carry described second interim The temporary mark of mark reassigns command messages to described terminal, and distributes new life cycle.

A kind of 29. protection systems of terminal temporary mark it is characterised in that being applied to the terminal of middle Hypomobility, including：Setting Module, timing module and distribute module；

Described setup module, for the first temporary mark setting life cycle for distributing to terminal；

Described timing module, for the life cycle timing being arranged according to setup module；

Described distribute module, for for described terminal distribution first temporary mark, and when the timing of described timing module reaches During described life cycle, it is described terminal distribution second temporary mark；

Described distribute module includes：

Multiple terminals stop element, described for when all attachment removals from core net controlled entity of the plurality of terminal, stopping The timing of timing module.

30. systems according to claim 29 are it is characterised in that described setup module includes：

Group setting submodule, for arranging life cycle for the corresponding temporary mark of multiple terminals is unified.