CN104581710A - Method and system for securely transmitting IMSI of LTE user on idle port - Google Patents
Method and system for securely transmitting IMSI of LTE user on idle port Download PDFInfo
- Publication number
- CN104581710A CN104581710A CN201410795421.8A CN201410795421A CN104581710A CN 104581710 A CN104581710 A CN 104581710A CN 201410795421 A CN201410795421 A CN 201410795421A CN 104581710 A CN104581710 A CN 104581710A
- Authority
- CN
- China
- Prior art keywords
- imsi
- base station
- safe transmission
- terminal
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method and a system for securely transmitting an IMSI of an LTE user on an idle port. The method comprises the steps of 1) respectively configuring the secure IMSI transmission capacities of a base station and a terminal, wherein the base station broadcasts configured secure transmission capacity information; 2) analyzing the broadcast information by the terminal, and carrying out secure IMSI transmission negotiation with the base station to select a key extraction method and an encryption and decryption algorithm between the terminal and the base station; 3) extracting an encrypted key from physical layer information of a set downlink subframe by the terminal according to the negotiated key extraction method, and sending an uplink signal to the base station in an uplink slot; 4) extracting a decrypted key from the uplink signal according to the key extraction method; 5) encrypting the IMSI in an attachment request message and an identification response message of an initial attachment process, and sending the IMSI to the base station, wherein the base station decrypts the IMSI from the received messages by the decrypted key and the selected decryption algorithm. The method is easy to implement, and high in security and compatibility.
Description
Technical field
The present invention relates to radio communication physical layer field, particularly relate to LTE wireless communication system, propose the method and system of a kind of safe transmission LTE user IMSI on eating dishes without rice or wine.
Background technology
International mobile subscriber identity (IMSI) belongs to the privacy of mobile subscriber, particularly for sensitive users and responsible consumer, the leakage of its IMSI may cause important security incident, therefore, should avoid transmitting IMSI in mode expressly on eating dishes without rice or wine.But in current public land mobile network, some operation flow still needs in mode expressly at air interface transmission IMSI.Although also there be multiple improving one's methods, but still cannot avoid completely in mode expressly at air interface transmission IMSI.For LTE network, in initial attaching process or when network error, all need terminal IMSI to network-reporting user in Non-Access Stratum signaling (NAS) message, otherwise network cannot determine the user corresponding to this terminal.Meanwhile, in current LTE network security architecture, owing to not knowing that at this phase Network message is from which user, does not also establish security association, thus end side cannot encrypt signaling, and network side cannot be deciphered.In the lte networks, two are had in the NAS message of air interface transmission IMSI: the Attach Request message (AttachRequest) in initial attaching process and identification response message (IdentityResponse), wherein the former the RRC connection establishment be encapsulated in initial attaching process completes in (RRCConnectionComplete) message with clear-text way.Assailant can be easy to allow terminal again initiate initial attaching process, and obtains the IMSI of user from eating dishes without rice or wine before two-way authentication; Also the AttachRequest message in normal flow or IdentityResponse message can be utilized from eating dishes without rice or wine to obtain the IMSI of user.
In addition, many broadbands private network builds based on the packet-based core networks (EPC) of LTE and evolution, in the AttachRequest message of same needs in initial attaching process and IdentityResponse message in mode expressly at air interface transmission IMSI, this is concerning private network user being an important security risk.
Summary of the invention
The present invention proposes the method and system of a kind of upper safe transmission LTE user IMSI that eats dishes without rice or wine, its object is under do not change LTE network framework and security architecture, minimized situation being affected on LTE network, avoid completely transmitting IMSI in mode expressly on eating dishes without rice or wine, also to adapt to different base station and different terminals to the different tenabilities of IMSI safe transmission simultaneously, and ensure with the network equipment and terminal not supporting IMSI safe transmission compatible.
Radio physical layer safe practice can utilize uniqueness and the reciprocity feature of wireless channel, realize key agreement and encrypted transmission, for this reason, the present invention safety of physical layer technological incorporation in LTE physical layer process, and according to current LTE signaling and message flow, design the method and apparatus that is enclosed within the upper safe transmission LTE user IMSI that eats dishes without rice or wine, thus can avoid completely transmitting IMSI in mode expressly on eating dishes without rice or wine.
In current LTE network, only have the AttachRequest message in initial attaching process, IdentityResponse message can transmit IMSI with clear-text way on eating dishes without rice or wine.In order to avoid with clear-text way at air interface transmission IMSI, need to complete IMSI safe transmission when initial attaching process sends AttachRequest and consult and key agreement.
The method of a kind of upper safe transmission LTE user IMSI that eats dishes without rice or wine that the present invention proposes, implementation step is as follows:
1. the IMSI safe transmission configuration of base station.The each parameter of IMSI safe transmission ability of configurating base station, as: whether support IMSI safe transmission, support which key extraction method and enciphering and deciphering algorithm etc.
2. the IMSI safe transmission configuration of terminal.The each parameter of IMSI safe transmission ability of configurating terminal, as: whether support IMSI safe transmission, support which key extraction method and enciphering and deciphering algorithm etc.
3. the IMSI safe transmission ability parameter broadcast of base station.Its IMSI safe transmission ability parameter, in the mode of system information, is broadcasted by broadcast channel in base station in community.
4. terminal receives the IMSI safe transmission ability parameter of resolving base station.Terminal is resolved and is preserved the base station IMSI safe transmission ability information in the system information of base station cell in cell search process, and prioritizing selection has the base station of IMSI safe transmission function in cell selection procedure.
5.IMSI safe transmission is consulted.Terminal and base station utilize and the RRC connection establishment request (RRCConnectionRequest) of extended wireless resources control (RRC) connection establishment process and RRC connection establishment (RRCConnectionSetup) message, complete IMSI safe transmission and consult; Terminal is selected whether to enable IMSI safe transmission function according to the IMSI safe transmission ability of oneself and base station, and key extraction method and enciphering and deciphering algorithm, and is confirmed by base station; After terminal receives RRCConnectionSetup message, resolve IMSI safe transmission consultation and feedback information wherein.
6. the negotiation of encryption and decryption key.
A) terminal extracts encryption key according to the key extraction method negotiated from the physical layer information of the descending sub frame and several descending sub frames below that receive RRCConnectionSetup message; Terminal utilizes community own reference signal (CRS), and base station utilizes uplink demodulation reference signal (DMRS) or detection reference signal (SRS), analyzes radio channel characteristic, extracts encryption and decryption key; And the time slot at CRS and DMRS used (or SRS) signal place is close as far as possible in time.
B) terminal sends RRC connection establishment in the ascending time slot of specifying and completes (RRCConnectionComplete) message dispatching to base station;
C) after base station receives RRCConnectionComplete message, the key-extraction algorithm selected by utilization, extracts decruption key from upward signal, to be kept on base station in IMSI safe transmission linked database.
7. the IMSI encrypt and decrypt in the AttachRequest message in initial attaching process.
A) terminal utilizes encryption key and the cryptographic algorithm chosen, to the IMSI encryption in the AttachRequest message in initial attaching process;
B) terminal is containing adding the AttachRequest message encapsulation of overstocked IMSI in RRCConnectionComplete message, then, is dispatching in the ascending time slot of specifying to base station transmission RRCConnectionComplete message;
C) base station utilizes the decruption key and decipherment algorithm that negotiate, is decrypted the encryption IMSI in AttachRequest message, then AttachRequest message is sent to mobile management entity (MME).
IMSI encrypt and decrypt in 8.IdentityResponse message.When terminal needs to send IdentityResponse message to core net, with the encryption key preserved to the IMSI encryption in IdentityResponse; When base station receives IdentityResponse message, with the decruption key preserved to the IMSI deciphering in IdentityResponse message, then IdentityResponse message is sent to core net.
The system of a kind of upper safe transmission LTE user IMSI that eats dishes without rice or wine that the present invention proposes, comprising: IMSI safe transmission device in IMSI safe transmission device and terminal on base station.
IMSI safe transmission device on the base station that the present invention proposes, comprising: base station IMSI safe transmission capacity scheme module, for configuring and depositing the IMSI safe transmission ability parameter of base station; Base station IMSI safe transmission ability broadcast module, for the IMSI safe transmission ability parameter of the mode of system information to terminal broadcast base station in community; IMSI safe transmission linked database on base station, for depositing the IMSI safe transmission related information with terminal room; IMSI safe transmission negotiation module on base station, for consulting noly to enable IMSI safe transmission function, key extraction method and enciphering and deciphering algorithm with terminal; The negotiation module of encryption and decryption key on base station, for extracting decruption key from ascending physical signal signal; Deciphering module on base station, for deciphering the encryption IMSI in AttachRequest and IdentityResponse message.
IMSI safe transmission device in the terminal that the present invention proposes, comprising: terminal IMSI safe transmission capacity scheme module, for configuring and deposit the IMSI safe transmission ability parameter of terminal; Terminal IMSI safe transmission ability receiver module, for receiving and resolving base station IMSI safe transmission ability parameter; IMSI safe transmission linked database in terminal, for the IMSI safe transmission related information deposited and between base station; IMSI safe transmission negotiation module in terminal, for enabling IMSI safe transmission function, key extraction method and enciphering and deciphering algorithm with base station negotiate is no; The negotiation module of encryption and decryption key in terminal, for extracting encryption key from downlink physical signal; Encrypting module in terminal, for encrypting the IMSI in AttachRequest and IdentityResponse message.
Method of the present invention is not only applicable to LTE system, is also applicable to lte-a system.
Compared with prior art, good effect of the present invention is:
The present invention is under not changing LTE network framework and security architecture, affecting minimized situation to LTE network, avoid completely transmitting IMSI in mode expressly on eating dishes without rice or wine, and adaptable, can ensure with the network equipment and terminal not supporting IMSI safe transmission compatible simultaneously.
Accompanying drawing explanation
Fig. 1 is LTE base station and termination function model;
(a) LTE base station functional mode, (b) LTE terminal functional mode;
Fig. 2 is IMSI safe transmission device on base station;
Fig. 3 is IMSI safe transmission device in terminal;
Fig. 4 be eat dishes without rice or wine upper IMSI safe transmission method realize flow process;
Fig. 5 be eat dishes without rice or wine upper IMSI safe transmission method realize message flow.
Embodiment
Describe embodiments of the present invention in detail below in conjunction with drawings and Examples, case study on implementation is implemented under premised on technical solution of the present invention, gives detailed execution mode and concrete operating process.It should be noted that, only otherwise form conflict, each embodiment in the present invention and each feature in each embodiment can be combined with each other, and the technical scheme formed is all within protection scope of the present invention.
Embodiment:
The present embodiment, in conjunction with TD-LTE system, describes the method for safe transmission LTE user IMSI on eating dishes without rice or wine that the present invention proposes in detail.Fig. 1 is current LTE base station and LTE terminal model.
Current LTE base station comprises the functional modules such as radio-frequency receiving-transmitting, physical layer process, the process of medium education (MAC) layer, the process of wireless spread-spectrum technology (RLC) layer, the process of PDCP (PDCP) layer, wireless heterogeneous networks (RRC) process, Non-Access Stratum signaling (NAS) forwarding, BTS management, and LTE terminal comprises the functional modules such as radio-frequency receiving-transmitting, physical layer process, MAC layer process, rlc layer process, the process of PDCP layer, RRC process, NAS process, interface and management.
Fig. 2 is IMSI safe transmission device 200 block diagram on a kind of base station.Device 200 at the safe transmission LTE user IMSI that eats dishes without rice or wine, to comprise on base station IMSI safe transmission capacity scheme module 201, base station IMSI safe transmission ability broadcast module 202, base station deciphering module 206 on the negotiation module 205 of encryption and decryption key on IMSI safe transmission negotiation module 204, base station on IMSI safe transmission linked database 203, base station, base station.
1) base station IMSI safe transmission capacity scheme module 201, for configuring and depositing the IMSI safe transmission ability parameter of base station, this module is relevant to BTS management module 118, can as the enhancing function of " BTS management ".
2) base station IMSI safe transmission ability broadcast module 202, for with the IMSI safe transmission ability parameter of the mode of system information to terminal broadcast base station in community, this module is relevant to RRC processing module 116 on base station, can as the enhancing function of " on base station RRC process ".
3) IMSI safe transmission linked database 203 on base station, for depositing the IMSI safe transmission related information with terminal room, mainly comprising the result of the negotiation of the negotiation of IMSI safe transmission and encryption and decryption key, and provide decruption key to deciphering module on base station 206, is newly-increased function.
4) IMSI safe transmission negotiation module 204 on base station, for consulting noly to enable IMSI safe transmission function, key extraction method and enciphering and deciphering algorithm with terminal, need to utilize RRC processing module 116 on base station, can as the enhancing function of " on base station RRC process ".
5) negotiation module 205 of encryption and decryption key on base station, for extracting decruption key from ascending physical signal signal, relevant to physical layer process on base station 112, can as the enhancing function of " on base station physical layer process ".
6) deciphering module 206 on base station, for deciphering the encryption IMSI in AttachRequest and IdentityResponse message, forward 117 by NAS on base station again and AttachRequest and the IdentityResponse message of the IMSI carrying deciphering is sent to MME, on base station, deciphering module 206 is relevant to encryption and decryption functions in PDCP layer processing module 115 on base station, can as the enhancing function of " on base station the process of PDCP layer ".
Fig. 3 is IMSI safe transmission device 300 block diagram in a kind of terminal.Device 300, for safe transmission LTE user IMSI on eating dishes without rice or wine, to comprise in terminal IMSI safe transmission capacity scheme module 301, terminal in base station IMSI safe transmission ability receiver module 302, terminal encrypting module 306 in the negotiation module 305 of encryption and decryption key in IMSI safe transmission negotiation module 304, terminal in IMSI safe transmission linked database 303, terminal, terminal.
1) terminal IMSI safe transmission capacity scheme module 301, for configuring and deposit the IMSI safe transmission ability parameter of terminal, this module is relevant with administration module 128 to interface, can as the enhancing function of " interface and management ".
2) base station IMSI safe transmission ability receiver module 302 in terminal, for receiving and resolving base station IMSI safe transmission ability parameter, this module is relevant to RRC processing module 126 in terminal, can as the enhancing function of " in terminal RRC process ".
3) IMSI safe transmission linked database 303 in terminal, for the IMSI safe transmission related information deposited and between base station, mainly comprising the result of the negotiation of the negotiation of IMSI safe transmission and encryption and decryption key, and provide encryption key to encrypting module in terminal 306, is newly-increased function.Key stores in the mode of encryption, can be placed in USIM.
4) IMSI safe transmission negotiation module 304 in terminal, for enabling IMSI safe transmission function, key extraction method and enciphering and deciphering algorithm with base station negotiate is no, need to utilize RRC processing module 126 in terminal, can as the enhancing function of " in terminal RRC process ".
5) negotiation module 305 of encryption and decryption key in terminal, for extracting encryption key from ascending physical signal signal, relevant to physical layer process in terminal 122, can as the enhancing function of " in terminal physical layer process ".
6) encrypting module 306 in terminal, for the IMSI encryption in AttachRequest and IdentityResponse message, relevant to PDCP layer processing module 125 in terminal, can as the enhancing function of " in terminal the process of PDCP layer ".
Fig. 4 is the flow chart of the method for a kind of safe transmission LTE user IMSI on eating dishes without rice or wine according to an embodiment of the invention, and Fig. 5 is then corresponding message flow.Based on the present embodiment, this method is described in detail.
IMSI safe transmission configuration (step 401) of base station.The base station being equipped with IMSI safe transmission device is only had to need to perform step 401.Which by each parameter of IMSI safe transmission ability of base station IMSI safe transmission capacity scheme module (201) configurating base station, comprising: whether support IMSI safe transmission, support key extraction method and enciphering and deciphering algorithm etc.; Then, IMSI safe transmission linked database (203) on base station is created.
IMSI safe transmission configuration (step 402) of terminal.The terminal being equipped with IMSI safe transmission device is only had to need to perform step 402.Be terminal configuration IMSI safe transmission ability parameter by terminal IMSI safe transmission capacity scheme module (301), comprise: the key extraction method and enciphering and deciphering algorithm etc. of whether supporting IMSI safe transmission, support; Then, IMSI safe transmission linked database (303) in terminal is created.
IMSI safe transmission ability parameter broadcast (step 403) of base station.The base station being equipped with IMSI safe transmission device is only had to need to perform step 403.Base station IMSI safe transmission ability broadcast module (202) by RRC processing module (116) on base station with the IMSI safe transmission ability parameter of the mode broadcast base station of system information (501).
Terminal receives IMSI safe transmission ability parameter (step 404) of resolving base station.The terminal being equipped with IMSI safe transmission device is only had to need to perform step 404.Terminal is in cell search process, in terminal, base station IMSI safe transmission ability receiver module (302) resolves " the IMSI safe transmission ability of the base station " information in SIB, and these information to be left in terminal in IMSI safe transmission linked database (303) together with the ID of community; If do not have to find " the IMSI safe transmission ability of base station " information, then think that this base station does not configure IMSI safe transmission device (200); Terminal prioritizing selection in cell selection procedure is equipped with the base station of IMSI safe transmission device (300).
IMSI safe transmission consults (step 405).The terminal with IMSI safe transmission device (300) finds that base station is when being also equipped with IMSI safe transmission device (200), performs step 405.
1) in step 405, in terminal, IMSI safe transmission negotiation module (304) is selected whether to enable IMSI safe transmission function, key extraction method and enciphering and deciphering algorithm according to the IMSI safe transmission ability of terminal and base station; Then, these information are placed in RRCConnectionRequest message (502) and send to base station by RRC processing module (126) in terminal, and to leave in terminal in IMSI safe transmission linked database (303).
2) in step 405, when after the RRCConnectionRequest message (502) receiving self terminal, on base station, IMSI safe transmission negotiation module (204) will resolve IMSI safe transmission negotiation information wherein, and these information to be deposited on base station in IMSI safe transmission linked database (203) together with terminal iidentification (UE-Identity); Then, " consulting to confirm " that key extraction method and enciphering and deciphering algorithm are consulted is placed in RRCConnectionSetup message (503) as consultation and feedback information and issues this terminal by RRC processing module (116) on base station by module 204.
3) in step 405, after receiving RRCConnectionSetup message (503), if IMSI safe transmission negotiation module (304) is resolved to " consulting to confirm " of key extraction method and enciphering and deciphering algorithm negotiation in terminal, " key extraction method and enciphering and deciphering algorithm " is set in terminal IMSI safe transmission linked database (303) and consults successfully; Otherwise terminal selects other to be equipped with the community of IMSI safe transmission device (200), and when not having the community of device 200, terminal will not enable IMSI safe transmission function.
The negotiation (step 406) of encryption and decryption key.Only have when terminal and base station perform step 405, and when enabling IMSI safe transmission function, perform step 406.
1) in a step 406, after receiving RRCConnectionSetup message (503), in terminal, IMSI safe transmission negotiation module (304) resolves IMSI safe transmission consultation and feedback information wherein, and in terminal, encryption and decryption key negotiation module (305) extracts encryption key according to the key extraction method negotiated from the physical layer information of this descending sub frame and several descending sub frames below; Then, in terminal, RRC processing module (126) is being dispatched in the ascending time slot of specifying to base station transmission RRCConnectionComplete message (504).
2) in a step 406, after receiving RRCConnectionComplete message (504), key-extraction algorithm on base station selected by encryption and decryption key negotiation module (205) utilization, from upward signal, extract decruption key, to be kept on base station in IMSI safe transmission linked database (203).
3) in a step 406, in terminal, encryption and decryption key negotiation module (305) utilizes community own reference signal (CRS) to analyze radio channel characteristic, extract encryption key; On base station, encryption and decryption key negotiation module (205) utilizes base station uplink demodulation reference signal (DMRS) or detection reference signal (SRS) to analyze radio channel characteristic, extract decruption key.
IMSI encrypt and decrypt (step 407) in AttachRequest in initial attaching process.Only have when terminal and base station perform in step 406, just perform step 407.
1) in step 407, in terminal, RRC processing module (126) is before dispatching and sending RRCConnectionComplete message (504) to base station in the ascending time slot of specifying, terminal encryption module (306) utilizes encryption key and the cryptographic algorithm chosen to the IMSI encryption in the AttachRequest in initial attaching process, and in terminal, NAS processing module (127) is again being encapsulated in RRCConnectionComplete message (504) containing the AttachRequest message (505) adding overstocked IMSI;
2) in step 407, on base station, deciphering module (206) utilizes the decruption key and decipherment algorithm that negotiate, encryption IMSI in AttachRequest message (505) is decrypted, then, on base station, NAS forwarding module (117) sends to MME by containing IMSI AttachRequest message (506) expressly.
IMSI encrypt and decrypt (step 408) in Identity Response.Only have after terminal and base station perform step 406, just perform step 408.
1) in a step 408, when terminal needs to send IdentityResponse message to core net, terminal encryption module (306) utilizes the encryption key being kept at IMSI safe transmission linked database (303) in terminal to the IMSI encryption in IdentityResponse message; Then in terminal, NAS processing module (127) sends to base station containing the IdentityResponse message (509) adding overstocked IMSI.
2) in a step 408, when base station receives IdentityResponse message (509), on base station, deciphering module (206) is with being kept at the decruption key of IMSI safe transmission linked database (203) on base station to the IMSI deciphering in IdentityResponse message (509), then, on base station, NAS forwarding module (117) sends to core net IdentityResponse message (510).
In sum, the invention discloses the method and system of a kind of safe transmission LTE user IMSI on eating dishes without rice or wine.Description of the invention provides in order to example with for the purpose of describing, and is not exhaustively or limit the invention to disclosed form.Obviously, those of ordinary skill in the art can carry out various change and distortion to example of the present invention and not depart from the spirit and principles in the present invention.Selecting and describing embodiment is in order to principle of the present invention and practical application are better described, and enables those of ordinary skill in the art understand the present invention thus design the various embodiments with various amendment being suitable for special-purpose.
Claims (7)
1. a method of safe transmission LTE user IMSI on eating dishes without rice or wine, the steps include:
1) the difference IMSI safe transmission ability of configurating base station and the IMSI safe transmission ability of terminal; Whether described IMSI safe transmission ability comprises supports IMSI safe transmission, the key extraction method of support and enciphering and deciphering algorithm;
2) the safe transmission ability information that configures of described base station broadcast base station in its community;
3) described terminal receives and resolves the broadcast message of base station transmission, chooses the base station with IMSI safe transmission function and carries out the negotiation of IMSI safe transmission, choose the key extraction method between terminal and base station and enciphering and deciphering algorithm;
4) described terminal extracts encryption key according to the key extraction method negotiated from the physical layer information of setting descending sub frame, and sends upward signal at the ascending time slot of setting to described base station;
5) described base station extracts decruption key according to the key extraction method negotiated from upward signal, and is kept in the IMSI safe transmission linked database of base station;
6) described terminal utilizes this encryption key and selected cryptographic algorithm, to the IMSI encryption in the AttachRequest message in initial attaching process; Then the AttachRequest message encapsulation containing IMSI ciphertext is sent to described base station in RRCConnectionComplete message;
7) described base station utilizes this decruption key and selected decipherment algorithm to decrypt IMSI from this AttachRequest message.
2. the method for claim 1, is characterized in that, when described terminal needs to send IdentityResponse message to core net, this encryption key of described terminal sends to described base station to after the IMSI encryption in IdentityResponse; When described base station receives this IdentityResponse message, with the decruption key preserved to the IMSI deciphering in this IdentityResponse message, then this IdentityResponse message is sent to core net.
3. method as claimed in claim 1 or 2, it is characterized in that, described in carry out the negotiation of IMSI safe transmission method be: the no IMSI of enabling safe transmission function, key extraction method and enciphering and deciphering algorithm are placed in RRCConnectionRequest message and send to described base station by described terminal; After described base station receives this RRCConnectionRequest message, resolve IMSI safe transmission negotiation information wherein, and these information are deposited in the IMSI safe transmission linked database of base station together with terminal iidentification UE-Identity; Then the key extraction method determined and enciphering and deciphering algorithm are placed in RRCConnectionSetup message as consultation and feedback information and issue this terminal.
4. method as claimed in claim 1 or 2, it is characterized in that, described base station cryptographically stores the key be kept in IMSI safe transmission linked database.
5. a system of safe transmission LTE user IMSI on eating dishes without rice or wine, comprise base station and terminal, it is characterized in that, described base station is provided with IMSI safe transmission device, and comprises following assembly:
IMSI safe transmission capacity scheme module, for configuring and deposit the IMSI safe transmission ability of base station; Whether described IMSI safe transmission ability comprises supports IMSI safe transmission, the key extraction method of support and enciphering and deciphering algorithm;
Base station IMSI safe transmission ability broadcast module, for the IMSI safe transmission ability information to terminal broadcast base station in community;
IMSI safe transmission linked database, for depositing the IMSI safe transmission related information with terminal room;
IMSI safe transmission negotiation module, for consulting noly to enable IMSI safe transmission function, key extraction method and enciphering and deciphering algorithm with terminal;
The negotiation module of encryption and decryption key, for extracting decruption key according to the key extraction method consulted from ascending physical signal signal;
Deciphering module, for deciphering the encryption IMSI information in AttachRequest or IdentityResponse message;
Described terminal is provided with IMSI safe transmission device, and comprises following assembly:
IMSI safe transmission capacity scheme module, for configuring and deposit the IMSI safe transmission ability of terminal; Whether described IMSI safe transmission ability comprises supports IMSI safe transmission, the key extraction method of support and enciphering and deciphering algorithm;
IMSI safe transmission ability receiver module, for receiving and resolving base station IMSI safe transmission ability information;
IMSI safe transmission linked database, for the IMSI safe transmission related information deposited and between base station;
IMSI safe transmission negotiation module, for enabling IMSI safe transmission function, key extraction method and enciphering and deciphering algorithm with base station negotiate is no;
The negotiation module of encryption and decryption key, for extracting encryption key according to the key extraction method consulted from downlink physical signal;
Encrypting module, for encrypting the IMSI in AttachRequest or IdentityResponse message.
6. system as claimed in claim 5, it is characterized in that, the no IMSI of enabling safe transmission function, key extraction method and enciphering and deciphering algorithm are placed in RRCConnectionRequest message and send to described base station by described terminal; After described base station receives this RRCConnectionRequest message, resolve IMSI safe transmission negotiation information wherein, and these information are deposited in the IMSI safe transmission linked database of base station together with terminal iidentification UE-Identity; Then the key extraction method determined and enciphering and deciphering algorithm are placed in RRCConnectionSetup message as consultation and feedback information and issue this terminal.
7. system as claimed in claim 5, it is characterized in that, described base station cryptographically stores the key be kept in IMSI safe transmission linked database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410795421.8A CN104581710B (en) | 2014-12-18 | 2014-12-18 | It is a kind of in the method and system of upper safe transmission LTE user IMSI of eating dishes without rice or wine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410795421.8A CN104581710B (en) | 2014-12-18 | 2014-12-18 | It is a kind of in the method and system of upper safe transmission LTE user IMSI of eating dishes without rice or wine |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104581710A true CN104581710A (en) | 2015-04-29 |
| CN104581710B CN104581710B (en) | 2018-11-23 |
Family
ID=53096697
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410795421.8A Expired - Fee Related CN104581710B (en) | 2014-12-18 | 2014-12-18 | It is a kind of in the method and system of upper safe transmission LTE user IMSI of eating dishes without rice or wine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104581710B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106911468A (en) * | 2015-12-23 | 2017-06-30 | 大唐半导体设计有限公司 | A kind of method and apparatus for realizing key agreement |
| CN107710815A (en) * | 2015-08-07 | 2018-02-16 | 夏普株式会社 | Terminal installation, MME, the communication control method of terminal installation and MME communication control method |
| CN107820239A (en) * | 2016-09-12 | 2018-03-20 | 中国移动通信有限公司研究院 | Information processing method and device |
| CN108154590A (en) * | 2018-01-18 | 2018-06-12 | 南京熊猫电子股份有限公司 | Banister control system and method based on mobile phone IMSI number |
| CN108235312A (en) * | 2018-01-16 | 2018-06-29 | 奇酷互联网络科技(深圳)有限公司 | Communication control method, device and the mobile terminal of mobile terminal |
| CN108882233A (en) * | 2018-07-17 | 2018-11-23 | 中国联合网络通信集团有限公司 | A kind of encryption method of IMSI, core net and user terminal |
| CN110299966A (en) * | 2019-07-26 | 2019-10-01 | 华中科技大学 | A kind of data transmission method, terminal and base station |
| WO2019205896A1 (en) * | 2018-04-28 | 2019-10-31 | 中国移动通信有限公司研究院 | Information processing method, network device and terminal |
| WO2020147354A1 (en) * | 2019-01-18 | 2020-07-23 | 中兴通讯股份有限公司 | Pseudo base station prevention method and apparatus, and computer readable storage medium |
| CN111465019A (en) * | 2019-01-18 | 2020-07-28 | 中兴通讯股份有限公司 | Capability reporting method, capability reporting device, key negotiation method, device, terminal, communication equipment and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1941695A (en) * | 2005-09-29 | 2007-04-04 | 华为技术有限公司 | Method and system for generating and distributing key during initial access network process |
| CN101312583A (en) * | 2007-05-21 | 2008-11-26 | 展讯通信(上海)有限公司 | Mobile phone cipher selection method, system and smart card apparatus |
| CN101500229A (en) * | 2008-01-30 | 2009-08-05 | 华为技术有限公司 | Method for establishing security association and communication network system |
| CN101552668A (en) * | 2008-03-31 | 2009-10-07 | 展讯通信(上海)有限公司 | Certificating method, user equipment and base station for accessing user equipment into network |
| WO2011115407A2 (en) * | 2010-03-15 | 2011-09-22 | Samsung Electronics Co., Ltd. | Method and system for secured remote provisioning of a universal integrated circuit card of a user equipment |
| CN104219650A (en) * | 2014-09-22 | 2014-12-17 | 北京电子科技学院 | Method and user device for sending user identity authentication information |
-
2014
- 2014-12-18 CN CN201410795421.8A patent/CN104581710B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1941695A (en) * | 2005-09-29 | 2007-04-04 | 华为技术有限公司 | Method and system for generating and distributing key during initial access network process |
| CN101312583A (en) * | 2007-05-21 | 2008-11-26 | 展讯通信(上海)有限公司 | Mobile phone cipher selection method, system and smart card apparatus |
| CN101500229A (en) * | 2008-01-30 | 2009-08-05 | 华为技术有限公司 | Method for establishing security association and communication network system |
| CN101552668A (en) * | 2008-03-31 | 2009-10-07 | 展讯通信(上海)有限公司 | Certificating method, user equipment and base station for accessing user equipment into network |
| WO2011115407A2 (en) * | 2010-03-15 | 2011-09-22 | Samsung Electronics Co., Ltd. | Method and system for secured remote provisioning of a universal integrated circuit card of a user equipment |
| CN104219650A (en) * | 2014-09-22 | 2014-12-17 | 北京电子科技学院 | Method and user device for sending user identity authentication information |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107710815A (en) * | 2015-08-07 | 2018-02-16 | 夏普株式会社 | Terminal installation, MME, the communication control method of terminal installation and MME communication control method |
| CN107710815B (en) * | 2015-08-07 | 2022-03-22 | 夏普株式会社 | Terminal device, core network, and communication control method thereof |
| CN106911468B (en) * | 2015-12-23 | 2019-09-13 | 大唐半导体设计有限公司 | A kind of method and apparatus for realizing key agreement |
| CN106911468A (en) * | 2015-12-23 | 2017-06-30 | 大唐半导体设计有限公司 | A kind of method and apparatus for realizing key agreement |
| CN107820239A (en) * | 2016-09-12 | 2018-03-20 | 中国移动通信有限公司研究院 | Information processing method and device |
| CN107820239B (en) * | 2016-09-12 | 2021-11-19 | 中国移动通信有限公司研究院 | Information processing method and device |
| CN108235312A (en) * | 2018-01-16 | 2018-06-29 | 奇酷互联网络科技(深圳)有限公司 | Communication control method, device and the mobile terminal of mobile terminal |
| CN108154590A (en) * | 2018-01-18 | 2018-06-12 | 南京熊猫电子股份有限公司 | Banister control system and method based on mobile phone IMSI number |
| WO2019205896A1 (en) * | 2018-04-28 | 2019-10-31 | 中国移动通信有限公司研究院 | Information processing method, network device and terminal |
| CN108882233A (en) * | 2018-07-17 | 2018-11-23 | 中国联合网络通信集团有限公司 | A kind of encryption method of IMSI, core net and user terminal |
| WO2020147354A1 (en) * | 2019-01-18 | 2020-07-23 | 中兴通讯股份有限公司 | Pseudo base station prevention method and apparatus, and computer readable storage medium |
| CN111465020A (en) * | 2019-01-18 | 2020-07-28 | 中兴通讯股份有限公司 | Anti-counterfeiting base station method and device and computer readable storage medium |
| CN111465019A (en) * | 2019-01-18 | 2020-07-28 | 中兴通讯股份有限公司 | Capability reporting method, capability reporting device, key negotiation method, device, terminal, communication equipment and system |
| CN111465019B (en) * | 2019-01-18 | 2023-09-19 | 中兴通讯股份有限公司 | Capability reporting and key negotiation methods and devices, terminal, communication equipment and system |
| US12047394B2 (en) | 2019-01-18 | 2024-07-23 | Zte Corporation | Anti-pseudo base station method and apparatus, and computer-readable storage medium |
| CN110299966A (en) * | 2019-07-26 | 2019-10-01 | 华中科技大学 | A kind of data transmission method, terminal and base station |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104581710B (en) | 2018-11-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104581710A (en) | Method and system for securely transmitting IMSI of LTE user on idle port | |
| US11968533B2 (en) | Methods and apparatus for secure access control in wireless communications | |
| EP3639542B1 (en) | Network, network nodes, wireless communication devices and method therein for handling network slices in a wireless communication network | |
| US20210345104A1 (en) | Relay sidelink communications for secure link establishment | |
| EP3513526B1 (en) | System and method for massive iot group authentication | |
| US20200236554A1 (en) | Information protection to detect fake base stations | |
| US9445443B2 (en) | Network based provisioning of UE credentials for non-operator wireless deployments | |
| EP2903322B1 (en) | Security management method and apparatus for group communication in mobile communication system | |
| CN107710801A (en) | Exempt from method, user equipment, access network equipment and the equipment of the core network of authorized transmissions | |
| CN114615655A (en) | Method and apparatus for accessing a cellular network to obtain a SIM profile | |
| KR20230054421A (en) | Privacy of Repeater Selection in Cellular Sliced Networks | |
| US20170070880A1 (en) | Method of performing an initial access by protecting privacy on a network and user equipment therefor | |
| CN109691154B (en) | On-demand network function re-authentication based on key refresh | |
| US10516994B2 (en) | Authentication with privacy identity | |
| JP7126007B2 (en) | Method and apparatus for dynamically updating routing identifiers | |
| EP3311599B1 (en) | Ultra dense network security architecture and method | |
| CN106256110A (en) | House local breakout in communication system | |
| TW202243439A (en) | Managing an unmanned aerial vehicle identity | |
| WO2024069616A1 (en) | User equipment (ue) access support for a standalone non-public network (snpn) | |
| TW202243440A (en) | Managing an unmanned aerial vehicle identity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20181123 Termination date: 20191218 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |