CN104581710B - It is a kind of in the method and system of upper safe transmission LTE user IMSI of eating dishes without rice or wine - Google Patents

It is a kind of in the method and system of upper safe transmission LTE user IMSI of eating dishes without rice or wine Download PDF

Info

Publication number
CN104581710B
CN104581710B CN201410795421.8A CN201410795421A CN104581710B CN 104581710 B CN104581710 B CN 104581710B CN 201410795421 A CN201410795421 A CN 201410795421A CN 104581710 B CN104581710 B CN 104581710B
Authority
CN
China
Prior art keywords
imsi
safe transmission
base station
terminal
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201410795421.8A
Other languages
Chinese (zh)
Other versions
CN104581710A (en
Inventor
汪永明
王宣宣
曲昕瑶
王颖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201410795421.8A priority Critical patent/CN104581710B/en
Publication of CN104581710A publication Critical patent/CN104581710A/en
Application granted granted Critical
Publication of CN104581710B publication Critical patent/CN104581710B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of in the method and system of upper safe transmission LTE user IMSI of eating dishes without rice or wine.This method is:1) the IMSI safe transmission ability of base station and terminal is respectively configured;The safe transmission ability information that base station broadcast is configured;2) terminal parses broadcast message and carries out the negotiation of IMSI safe transmission with base station, chooses key extraction method and enciphering and deciphering algorithm between terminal and base station;3) terminal extracts encryption key according to the key extraction method negotiated from the physical layer information of setting downlink subframe, and sends uplink signal to base station in ascending time slot;4) decruption key is extracted according to key extraction method in base station from uplink signal;5) terminal is sent to base station after encrypting to the IMSI in the Attach Request message and identification response message of initial attachment flow;Base station decrypts IMSI from the message received using the decruption key and selected decipherment algorithm.The present invention is easily achieved and highly-safe, good compatibility.

Description

It is a kind of in the method and system of upper safe transmission LTE user IMSI of eating dishes without rice or wine
Technical field
The present invention relates to wireless communication physical layer field more particularly to LTE wireless communication systems, propose one kind on eating dishes without rice or wine The method and system of safe transmission LTE user IMSI.
Background technique
International mobile subscriber identity (IMSI) belongs to the privacy of mobile subscriber, especially for sensitive users and important use For family, the leakage of IMSI may result in important safety accident, therefore, should be avoided and passes in clear text manner on eating dishes without rice or wine Defeated IMSI.However, there is still a need for eating dishes without rice or wine certain operation flows in clear text manner in current public land mobile network Transmit IMSI.Although also there are many improved methods, but still can not avoid completely in clear text manner in air interface transmission IMSI.It is right For LTE network, in initial attaching process or when network error, requires terminal and disappear in Non-Access Stratum signaling (NAS) To the IMSI of network report user in breath, otherwise, network can not determine user corresponding to the terminal.Meanwhile in current LTE In Safe Architecture For eNet, since network does not know that message from which user, does not also establish security association in this stage, Thus terminal side can not encrypt signaling, and network side can not be decrypted.In the lte networks, with clear-text way air interface transmission IMSI's There are two NAS messages:Attach Request message (AttachRequest) and identification response message in initial attaching process (IdentityResponse), wherein the former is encapsulated in the RRC connection in initial attaching process and establishes completion (RRCConnectionComplete) in message.Attacker can be easy to allow terminal to re-initiate initial attaching process, and From the IMSI for eating dishes without rice or wine to obtain user before two-way authentication;Can also be used AttachRequest message in normal flow or IdentityResponse message is from the IMSI for eating dishes without rice or wine to obtain user.
In addition, many broadband private networks are constructed based on LTE and the packet-based core networks of evolution (EPC), also need It is eating dishes without rice or wine in clear text manner in AttachRequest message and IdentityResponse message in initial attaching process IMSI is transmitted, this is an important security risk for private network user.
Summary of the invention
The invention proposes the method and systems of upper safe transmission LTE user IMSI that eats dishes without rice or wine a kind of, and its object is to not Change LTE network framework and security architecture, LTE network is influenced in the case where minimizing, is avoided on eating dishes without rice or wine completely in plain text Mode transmit IMSI, while being also adapted to different base station and different terminals to the different tenabilities of IMSI safe transmission, and Guarantee compatible with the network equipment and terminal for not supporting IMSI safe transmission.
Radio physical layer safe practice can use the uniqueness and reciprocity feature of wireless channel, to realize key agreement And encrypted transmission, for this purpose, the present invention safety of physical layer technological incorporation into LTE physical layer process, and according to current LTE signaling With message flow, design it is a set of in the method and apparatus of upper safe transmission LTE user IMSI of eating dishes without rice or wine, so as to avoid completely Transmit IMSI in clear text manner on eating dishes without rice or wine.
In current LTE network, AttachRequest message in only initial attaching process, IdentityResponse message can be with clear-text way in the upper transmission IMSI that eats dishes without rice or wine.In order to avoid with clear-text way in air interface transmission IMSI needs to complete the negotiation of IMSI safe transmission and key agreement when initial attaching process sends AttachRequest.
The method of upper safe transmission LTE user IMSI that eats dishes without rice or wine proposed by the present invention a kind of, implementation step are as follows:
1. the IMSI safe transmission of base station configures.Each parameter of IMSI safe transmission ability of base station is configured, such as:Whether support IMSI safe transmission supports which key extraction method and enciphering and deciphering algorithm etc..
2. the IMSI safe transmission of terminal configures.Each parameter of IMSI safe transmission ability of configurating terminal, such as:Whether support IMSI safe transmission supports which key extraction method and enciphering and deciphering algorithm etc..
3. the IMSI safe transmission ability parameter of base station is broadcasted.Base station is existed in a manner of system information by broadcast channel Its IMSI safe transmission ability parameter is broadcasted in cell.
4. the IMSI safe transmission ability parameter that terminal receives parsing base station.Terminal is parsed and is protected in cell search process The base station IMSI safe transmission ability information in the system information of base station cell is deposited, and preferentially selection has in cell selection procedure The base station of IMSI safe transmission function.
5.IMSI safe transmission is negotiated.Terminal and base station utilize simultaneously extended wireless resources control (RRC) connection establishment process RRC connection establish request (RRCConnectionRequest) foundation (RRCConnectionSetup) message is connected with RRC, IMSI safe transmission is completed to negotiate;Terminal chooses whether to enable IMSI peace according to the IMSI safe transmission ability of oneself and base station Full transfer function and key extraction method and enciphering and deciphering algorithm, and confirmed by base station;When terminal receives After RRCConnectionSetup message, IMSI safe transmission consultation and feedback information therein is parsed.
6. the negotiation of encryption and decryption key.
A) terminal is according to the key extraction method negotiated from the downlink subframe for receiving RRCConnectionSetup message Encryption key is extracted in the physical layer information of several subsequent downlink subframes;Terminal utilizes cell own reference signal (CRS), base station utilizes uplink demodulation reference signal (DMRS) or detection reference signal (SRS), analyzes radio channel characteristic, extracts Encryption and decryption key;And the time slot where CRS and DMRS (or SRS) signal used in time as close to.
B) terminal sends RRC connection to base station in the specified ascending time slot of scheduling and establishes completion (RRCConnectionComplete) message;
C) after base station receives RRCConnectionComplete message, using selected key-extraction algorithm, from uplink Decruption key is extracted in signal, is stored on base station in IMSI safe transmission linked database.
7. IMSI encryption and decryption in the AttachRequest message in initial attaching process.
A) terminal utilizes the Encryption Algorithm of encryption key and selection, disappears to the AttachRequest in initial attaching process IMSI encryption in breath;
B) terminal containing plus the AttachRequest message of overstocked IMSI be encapsulated in In RRCConnectionComplete message, then, sent in the specified ascending time slot of scheduling to base station RRCConnectionComplete message;
C) base station is using the decruption key and decipherment algorithm negotiated, to the encryption IMSI in AttachRequest message It is decrypted, then AttachRequest message is sent to mobile management entity (MME).
IMSI encryption and decryption in 8.IdentityResponse message.When terminal needs to send to core net When IdentityResponse message, the IMSI in IdentityResponse is encrypted with the encryption key of preservation;It receives base station When to IdentityResponse message, the IMSI in IdentityResponse message is decrypted with the decruption key of preservation, Then IdentityResponse message is sent to core net.
The system of upper safe transmission LTE user IMSI that eats dishes without rice or wine proposed by the present invention a kind of, including:IMSI is passed safely on base station IMSI safe transmission device on defeated device and terminal.
IMSI safe transmission device on base station proposed by the present invention, including:Base station IMSI safe transmission ability configuration module, For configuring and storing the IMSI safe transmission ability parameter of base station;Base station IMSI safe transmission ability broadcast module, for The IMSI safe transmission ability parameter of the mode of system information terminal broadcast base station into cell;IMSI safe transmission is closed on base station Join database, for storing and the IMSI safe transmission related information of terminal room;IMSI safe transmission negotiation module on base station is used In negotiating no enabling IMSI safe transmission function, key extraction method and enciphering and deciphering algorithm with terminal;Encryption and decryption key on base station Negotiation module, for extracting decruption key from ascending physical signal signal;Deciphering module on base station, for pair Encryption IMSI decryption in AttachRequest and IdentityResponse message.
IMSI safe transmission device in terminal proposed by the present invention, including:Terminal IMSI safe transmission ability configuration module, For configuring and storing the IMSI safe transmission ability parameter of terminal;Terminal IMSI safe transmission ability receiving module, for connecing Receive and parse base station IMSI safe transmission ability parameter;IMSI safe transmission linked database in terminal, for storage and base station Between IMSI safe transmission related information;IMSI safe transmission negotiation module in terminal, for negotiating no enabling IMSI with base station Safe transmission function, key extraction method and enciphering and deciphering algorithm;The negotiation module of encryption and decryption key in terminal is used for from downlink object Encryption key is extracted in reason signal;Encrypting module in terminal, for AttachRequest and IdentityResponse message In IMSI encryption.
Method of the present invention is applicable not only to LTE system, is also applied for lte-a system.
Compared with prior art, the positive effect of the present invention is:
The present invention is not in the case where changing LTE network framework and security architecture, influencing to minimize on LTE network, completely It avoids transmitting IMSI in clear text manner on eating dishes without rice or wine, and adaptable, while can guarantee to pass safely with IMSI is not supported The defeated network equipment and terminal are compatible.
Detailed description of the invention
Fig. 1 is LTE base station and terminal function model;
(a) LTE base station functional mode, (b) LTE terminal functional mode;
Fig. 2 is IMSI safe transmission device on base station;
Fig. 3 is IMSI safe transmission device in terminal;
Fig. 4 is the process that upper IMSI safe transmission method realizes of eating dishes without rice or wine;
Fig. 5 is the message flow that upper IMSI safe transmission method realizes of eating dishes without rice or wine.
Specific embodiment
Carry out the embodiment that the present invention will be described in detail with reference to the accompanying drawings and embodiments, case study on implementation is with the technology of the present invention Implemented under premised on scheme, the detailed implementation method and specific operation process are given.As long as it should be noted that not Conflict is constituted, each feature in each embodiment and each embodiment in the present invention can be combined with each other, and be formed by skill Art scheme is within the scope of the present invention.
Embodiment:
The present embodiment combination TD-LTE system, the present invention will be described in detail propose in the upper safe transmission LTE user that eats dishes without rice or wine The method of IMSI.Fig. 1 is current LTE base station and LTE terminal model.
Current LTE base station includes radio-frequency receiving-transmitting, physical layer process, the processing of media access control (MAC) layer, Radio Link Control the processing of (RLC) layer, the processing of Packet Data Convergence Protocol (PDCP) layer, wireless heterogeneous networks (RRC) processing, Non-Access Stratum letter The functional modules such as (NAS) forwarding, BTS management are enabled, LTE terminal includes radio-frequency receiving-transmitting, physical layer process, MAC layer processing, rlc layer The functional modules such as processing, PDCP layers of processing, RRC processing, NAS processing, interface and management.
Fig. 2 is 200 block diagram of IMSI safe transmission device on a kind of base station.Device 200 is used in the safe transmission LTE that eats dishes without rice or wine User IMSI, including base station IMSI safe transmission ability configuration module 201, base station IMSI safe transmission ability broadcast module 202, IMSI safe transmission linked database 203 on base station, IMSI safe transmission negotiation module 204 on base station, encryption and decryption is close on base station Deciphering module 206 in the negotiation module 205 of key, base station.
1) base station IMSI safe transmission ability configuration module 201, for configuring and storing the IMSI safe transmission energy of base station Force parameter, the module is related to BTS management module 118, can be used as the enhancing function of " BTS management ".
2) base station IMSI safe transmission ability broadcast module 202, for terminal to be wide into cell in a manner of system information The IMSI safe transmission ability parameter of base station is broadcast, the module is related to RRC processing module 116 on base station, can be used as " on base station The enhancing function of RRC processing ".
3) IMSI safe transmission linked database 203 on base station, is associated with for storing with the IMSI safe transmission of terminal room Information, it is main to negotiate with the negotiation of encryption and decryption key including IMSI safe transmission as a result, and deciphering module 206 mentions on base station It is newly-increased function for decruption key.
4) IMSI safe transmission negotiation module 204 on base station, for terminal negotiate no enabling IMSI safe transmission function, Key extraction method and enciphering and deciphering algorithm need to can be used as " RRC is handled on base station " using RRC processing module 116 on base station Enhancing function.
5) on base station encryption and decryption key negotiation module 205, for extracting decruption key from ascending physical signal signal, with base Upper physical layer process 112 of standing is related, can be used as the enhancing function of " physical layer process on base station ".
6) deciphering module 206 on base station, for the encryption in AttachRequest and IdentityResponse message IMSI decryption, then by base station NAS forwarding 117 carry decryption IMSI AttachRequest and IdentityResponse message is sent to MME, adds in deciphering module 206 and PDCP layers of processing module 115 on base station on base station Function correlation is decrypted, can be used as the enhancing function of " PDCP layers of processing on base station ".
Fig. 3 is 300 block diagram of IMSI safe transmission device in a kind of terminal.Device 300 is used in upper safe transmission of eating dishes without rice or wine Base station IMSI safe transmission ability connects on LTE user IMSI, including terminal IMSI safe transmission ability configuration module 301, terminal Receive module 302, IMSI safe transmission linked database 303 in terminal, IMSI safe transmission negotiation module 304, terminal in terminal Encrypting module 306 in the negotiation module 305 of upper encryption and decryption key, terminal.
1) terminal IMSI safe transmission ability configuration module 301, for configuring and storing the IMSI safe transmission energy of terminal Force parameter, the module is related with management module 128 to interface, can be used as the enhancing function of " interface and management ".
2) base station IMSI safe transmission ability receiving module 302 in terminal passes safely for receiving and parsing base station IMSI Delivery of energy force parameter, the module is related to RRC processing module 126 in terminal, can be used as the enhancing function of " RRC is handled in terminal " Energy.
3) IMSI safe transmission linked database 303 in terminal, is associated with for the IMSI safe transmission between storage and base station Information, it is main to negotiate with the negotiation of encryption and decryption key including IMSI safe transmission as a result, and encrypting module 306 mentions in terminal It is newly-increased function for encryption key.Key is stored in a manner of encrypting, and can be placed in USIM.
4) IMSI safe transmission negotiation module 304 in terminal, for base station negotiate no enabling IMSI safe transmission function, Key extraction method and enciphering and deciphering algorithm need to can be used as " RRC is handled in terminal " using RRC processing module 126 in terminal Enhancing function.
5) in terminal encryption and decryption key negotiation module 305, for extracting encryption key from ascending physical signal signal, with end Physical layer process 122 is related on end, can be used as the enhancing function of " physical layer process in terminal ".
6) encrypting module 306 in terminal, for the IMSI in AttachRequest and IdentityResponse message Encryption, it is related to PDCP layers of processing module 125 in terminal, it can be used as the enhancing function of " PDCP layers of processing in terminal ".
Fig. 4 is according to an embodiment of the invention a kind of in the method for upper safe transmission LTE user IMSI of eating dishes without rice or wine Flow chart, Fig. 5 are then corresponding message flows.This method is described in detail based on the present embodiment.
The IMSI safe transmission of base station configures (step 401).The base station for being only equipped with IMSI safe transmission device needs to hold Row step 401.Respectively joined by the IMSI safe transmission ability that base station IMSI safe transmission ability configuration module (201) configures base station Number, including:Whether support IMSI safe transmission, support which key extraction method and enciphering and deciphering algorithm etc.;Then, base station is created Upper IMSI safe transmission linked database (203).
The IMSI safe transmission of terminal configures (step 402).The terminal needs for being only equipped with IMSI safe transmission device are held Row step 402.It is that terminal configures IMSI safe transmission ability ginseng by terminal IMSI safe transmission ability configuration module (301) Number, including:Whether IMSI safe transmission, the key extraction method of support and enciphering and deciphering algorithm etc. are supported;Then, it creates in terminal IMSI safe transmission linked database (303).
The IMSI safe transmission ability parameter of base station broadcasts (step 403).Only it is equipped with the base of IMSI safe transmission device Station needs to be implemented step 403.Base station IMSI safe transmission ability broadcast module (202) passes through RRC processing module (116) on base station The IMSI safe transmission ability parameter of broadcast base station in a manner of system information (501).
Terminal receives the IMSI safe transmission ability parameter (step 404) of parsing base station.Only it is equipped with IMSI safe transmission The terminal of device needs to be implemented step 404.Terminal is in cell search process, and IMSI safe transmission ability in base station receives in terminal Module (302) parses " the IMSI safe transmission ability of base station " information in SIB, these information and cell ID are stored in together In terminal in IMSI safe transmission linked database (303);If not finding " the IMSI safe transmission ability of base station " information, Then think that the base station does not configure IMSI safe transmission device (200);Preferentially selection is equipped with terminal in cell selection procedure The base station of IMSI safe transmission device (300).
IMSI safe transmission negotiates (step 405).Also match terminal discovery base station with IMSI safe transmission device (300) When standby IMSI safe transmission device (200), step 405 is executed.
1) in step 405, IMSI safe transmission negotiation module (304) is safe according to the IMSI of terminal and base station in terminal Transmittability chooses whether to enable IMSI safe transmission function, key extraction method and enciphering and deciphering algorithm;Then, these are believed Breath, which is placed in RRCConnectionRequest message (502), is sent to base station by RRC processing module (126) in terminal, and Storage is at the terminal in IMSI safe transmission linked database (303).
2) in step 405, after receiving RRCConnectionRequest message (502) for carrying out self terminal, on base station IMSI safe transmission negotiation module (204) will parse IMSI safe transmission negotiation information therein, and these information and terminal (UE-Identity) is identified to store together on base station in IMSI safe transmission linked database (203);Then, module 204 will be " the negotiating confirmation " that key extraction method and enciphering and deciphering algorithm are negotiated is placed on as consultation and feedback information The terminal is issued by RRC processing module (116) on base station in RRCConnectionSetup message (503).
3) after in step 405, receiving RRCConnectionSetup message (503), if IMSI is passed safely in terminal Defeated negotiation module (304) is resolved to " negotiating confirmation " that key extraction method and enciphering and deciphering algorithm are negotiated, in terminal IMSI safety Setting " key extraction method and enciphering and deciphering algorithm " is negotiated successfully in transmission linked database (303);Otherwise, terminal selection is other It is equipped with the cell of IMSI safe transmission device (200), when the cell not with device 200, terminal will not enable IMSI peace Full transfer function.
Negotiation (the step 406) of encryption and decryption key.Only when terminal and base station execution step 405, and enable IMSI peace When full transfer function, step 406 is executed.
1) in a step 406, after receiving RRCConnectionSetup message (503), IMSI safe transmission in terminal Negotiation module (304) parses IMSI safe transmission consultation and feedback information therein, encryption and decryption key negotiation module (305) in terminal It is extracted from the physical layer information of this downlink subframe and several subsequent downlink subframes according to the key extraction method negotiated Encryption key;Then, RRC processing module (126) is sent in the specified ascending time slot of scheduling to base station in terminal RRCConnectionComplete message (504).
2) after in a step 406, receiving RRCConnectionComplete message (504), encryption and decryption key is assisted on base station Quotient module block (205) utilizes selected key-extraction algorithm, and decruption key is extracted from uplink signal, is stored in IMSI on base station In safe transmission linked database (203).
3) in a step 406, encryption and decryption key negotiation module (305) utilizes cell own reference signal (CRS) in terminal It analyzes radio channel characteristic, extract encryption key;Encryption and decryption key negotiation module (205) is joined using base station uplink demodulation on base station It examines signal (DMRS) or detection reference signal (SRS) analysis radio channel characteristic, extract decruption key.
IMSI encryption and decryption (step 407) in AttachRequest in initial attaching process.Only when terminal and Base station executes in step 406, just executes step 407.
1) in step 407, RRC processing module (126) is sent in the specified ascending time slot of scheduling to base station in terminal Before RRCConnectionComplete message (504), terminal encryption module (306) utilizes the encryption of encryption key and selection Algorithm encrypts the IMSI in the AttachRequest in initial attaching process, and NAS processing module (127) is again containing in terminal Have plus the AttachRequest message (505) of overstocked IMSI is encapsulated in RRCConnectionComplete message (504);
2) in step 407, deciphering module (206) is right using the decruption key and decipherment algorithm negotiated on base station Encryption IMSI in AttachRequest message (505) is decrypted, and then, NAS forwarding module (117) will contain on base station The AttachRequest message (506) of IMSI plaintext is sent to MME.
IMSI encryption and decryption (step 408) in Identity Response.Only when terminal and base station execute step After 406, step 408 is just executed.
1) in a step 408, when terminal needs to send IdentityResponse message to core net, terminal encryption mould Block (306) utilizes the encryption key pair for saving IMSI safe transmission linked database (303) at the terminal IMSI encryption in IdentityResponse message;Then in terminal NAS processing module (127) containing plus overstocked IMSI IdentityResponse message (509) be sent to base station.
2) in a step 408, when base station receives IdentityResponse message (509), deciphering module on base station (206) disappeared with the decruption key for being stored in IMSI safe transmission linked database (203) on base station to IdentityResponse The IMSI decryption in (509) is ceased, then, NAS forwarding module (117) sends out IdentityResponse message (510) on base station Give core net.
In conclusion the invention discloses a kind of in the method and system of upper safe transmission LTE user IMSI of eating dishes without rice or wine.This hair Bright description is given for the purpose of illustration and description, and is not exhaustively or to limit the invention to disclosed Form.Obviously, those skilled in the art can carry out various changes and deformation without departing from this to example of the invention The spirit and principle of invention.Selection and description embodiment and are made to more preferably illustrate the principle of the present invention and practical application Those skilled in the art are it will be appreciated that the present invention is suitable for the various realities with various modifications of special-purpose to design Apply example.

Claims (5)

1. a kind of in the method for upper safe transmission LTE user IMSI of eating dishes without rice or wine, step is:
1) the IMSI safe transmission ability of base station and the IMSI safe transmission ability of terminal is respectively configured;The IMSI safe transmission Ability includes whether to support the key extraction method and enciphering and deciphering algorithm of IMSI safe transmission, support;
2) the safe transmission ability information that base station broadcast base station in its cell is configured;
3) terminal receives and parses through the broadcast message of base station transmission, and choosing, there is the base station of IMSI safe transmission function to carry out IMSI safe transmission is negotiated, and key extraction method and enciphering and deciphering algorithm between terminal and base station are chosen;Wherein, the progress IMSI safe transmission negotiate method be:Whether the terminal will enable IMSI safe transmission function, key extraction method and add Decipherment algorithm, which is placed in RRCConnectionRequest message, is sent to the base station;The base station receives this After RRCConnectionRequest message, IMSI safe transmission negotiation information therein is parsed, and these information and terminal Mark UE-Identity is stored together in the IMSI safe transmission linked database of base station;Then by determining cipher key-extraction side Method and enciphering and deciphering algorithm are placed in RRCConnectionSetup message as consultation and feedback information issues the terminal;
4) it is close to extract encryption according to the key extraction method negotiated from the physical layer information of setting downlink subframe for the terminal Key, and uplink signal is sent to the base station in the ascending time slot of setting;
5) decruption key is extracted according to the key extraction method negotiated in the base station from uplink signal, and is stored in base station In IMSI safe transmission linked database;
6) terminal utilizes the encryption key and selected Encryption Algorithm, in initial attaching process IMSI encryption in AttachRequest message;Then the AttachRequest message containing IMSI ciphertext is encapsulated in The base station is sent in RRCConnectionComplete message;
7) base station is decrypted from the AttachRequest message using the decruption key and selected decipherment algorithm IMSI。
2. the method as described in claim 1, which is characterized in that after the step 5), the terminal needs to send out to core net When sending IdentityResponse message, after the terminal encrypts the IMSI in IdentityResponse with the encryption key It is sent to the base station;When the base station receives the IdentityResponse message, with the decruption key of preservation to this IMSI decryption in IdentityResponse message, is then sent to core net for the IdentityResponse message.
3. method according to claim 1 or 2, which is characterized in that the base station is to being stored in IMSI safe transmission incidence number It is cryptographically stored according to the key in library.
4. a kind of in the system of upper safe transmission LTE user IMSI of eating dishes without rice or wine, including base station and terminal, which is characterized in that the base It stands and is equipped with IMSI safe transmission device, and including with lower component:
IMSI safe transmission ability configuration module, for configuring and storing the IMSI safe transmission ability of base station;The IMSI peace Full transmittability includes whether to support the key extraction method and enciphering and deciphering algorithm of IMSI safe transmission, support;
Base station IMSI safe transmission ability broadcast module, the IMSI safe transmission ability letter for the terminal broadcast base station into cell Breath;
IMSI safe transmission linked database, for storing and the IMSI safe transmission related information of terminal room;
IMSI safe transmission negotiation module carries out whether the negotiation of IMSI safe transmission enables IMSI biography safely for negotiating with terminal Transmission function, key extraction method and enciphering and deciphering algorithm;
It is close to extract decryption for the key extraction method according to negotiation from ascending physical signal signal for the negotiation module of encryption and decryption key Key;
Deciphering module, for being decrypted to the encryption IMSI information in AttachRequest or IdentityResponse message;
The terminal is equipped with IMSI safe transmission device, and including with lower component:
IMSI safe transmission ability configuration module, for configuring and storing the IMSI safe transmission ability of terminal;The IMSI peace Full transmittability includes whether to support the key extraction method and enciphering and deciphering algorithm of IMSI safe transmission, support;
IMSI safe transmission ability receiving module, for receiving and parsing base station IMSI safe transmission ability information;
IMSI safe transmission linked database, for the IMSI safe transmission related information between storage and base station;
IMSI safe transmission negotiation module carries out whether the negotiation of IMSI safe transmission enables IMSI biography safely for negotiating with base station Transmission function, key extraction method and enciphering and deciphering algorithm;
It is close to extract encryption for the key extraction method according to negotiation from downlink physical signal for the negotiation module of encryption and decryption key Key;
Encrypting module, for being encrypted to the IMSI in AttachRequest or IdentityResponse message;
Wherein, the method for carrying out the negotiation of IMSI safe transmission is:The terminal whether will enable IMSI safe transmission function, Key extraction method and enciphering and deciphering algorithm, which are placed in RRCConnectionRequest message, is sent to the base station;The base station After receiving the RRCConnectionRequest message, IMSI safe transmission negotiation information therein is parsed, and these information It is stored in the IMSI safe transmission linked database of base station together with terminal iidentification UE-Identity;Then by determining key Extracting method and enciphering and deciphering algorithm are placed in RRCConnectionSetup message as consultation and feedback information issues the terminal.
5. system as claimed in claim 4, which is characterized in that the base station is to being stored in IMSI safe transmission linked database In key cryptographically store.
CN201410795421.8A 2014-12-18 2014-12-18 It is a kind of in the method and system of upper safe transmission LTE user IMSI of eating dishes without rice or wine Expired - Fee Related CN104581710B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410795421.8A CN104581710B (en) 2014-12-18 2014-12-18 It is a kind of in the method and system of upper safe transmission LTE user IMSI of eating dishes without rice or wine

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410795421.8A CN104581710B (en) 2014-12-18 2014-12-18 It is a kind of in the method and system of upper safe transmission LTE user IMSI of eating dishes without rice or wine

Publications (2)

Publication Number Publication Date
CN104581710A CN104581710A (en) 2015-04-29
CN104581710B true CN104581710B (en) 2018-11-23

Family

ID=53096697

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410795421.8A Expired - Fee Related CN104581710B (en) 2014-12-18 2014-12-18 It is a kind of in the method and system of upper safe transmission LTE user IMSI of eating dishes without rice or wine

Country Status (1)

Country Link
CN (1) CN104581710B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3334238A4 (en) * 2015-08-07 2019-03-06 Sharp Kabushiki Kaisha Terminal device, mme, method for controlling communication of terminal device, and method for controlling communication of mme
CN106911468B (en) * 2015-12-23 2019-09-13 大唐半导体设计有限公司 A kind of method and apparatus for realizing key agreement
CN107820239B (en) * 2016-09-12 2021-11-19 中国移动通信有限公司研究院 Information processing method and device
CN108235312A (en) * 2018-01-16 2018-06-29 奇酷互联网络科技(深圳)有限公司 Communication control method, device and the mobile terminal of mobile terminal
CN108154590A (en) * 2018-01-18 2018-06-12 南京熊猫电子股份有限公司 Banister control system and method based on mobile phone IMSI number
CN110418335A (en) * 2018-04-28 2019-11-05 中国移动通信有限公司研究院 A kind of information processing method, the network equipment and terminal
CN108882233B (en) * 2018-07-17 2021-05-25 中国联合网络通信集团有限公司 IMSI encryption method, core network and user terminal
CN111465020A (en) 2019-01-18 2020-07-28 中兴通讯股份有限公司 Anti-counterfeiting base station method and device and computer readable storage medium
CN111465019B (en) * 2019-01-18 2023-09-19 中兴通讯股份有限公司 Capability reporting and key negotiation methods and devices, terminal, communication equipment and system
CN110299966B (en) * 2019-07-26 2020-05-19 华中科技大学 Data transmission method, terminal and base station

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1941695A (en) * 2005-09-29 2007-04-04 华为技术有限公司 Method and system for generating and distributing key during initial access network process
CN101312583A (en) * 2007-05-21 2008-11-26 展讯通信(上海)有限公司 Mobile phone cipher selection method, system and smart card apparatus
CN101500229A (en) * 2008-01-30 2009-08-05 华为技术有限公司 Method for establishing security association and communication network system
CN101552668A (en) * 2008-03-31 2009-10-07 展讯通信(上海)有限公司 Certificating method, user equipment and base station for accessing user equipment into network
WO2011115407A2 (en) * 2010-03-15 2011-09-22 Samsung Electronics Co., Ltd. Method and system for secured remote provisioning of a universal integrated circuit card of a user equipment
CN104219650A (en) * 2014-09-22 2014-12-17 北京电子科技学院 Method and user device for sending user identity authentication information

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1941695A (en) * 2005-09-29 2007-04-04 华为技术有限公司 Method and system for generating and distributing key during initial access network process
CN101312583A (en) * 2007-05-21 2008-11-26 展讯通信(上海)有限公司 Mobile phone cipher selection method, system and smart card apparatus
CN101500229A (en) * 2008-01-30 2009-08-05 华为技术有限公司 Method for establishing security association and communication network system
CN101552668A (en) * 2008-03-31 2009-10-07 展讯通信(上海)有限公司 Certificating method, user equipment and base station for accessing user equipment into network
WO2011115407A2 (en) * 2010-03-15 2011-09-22 Samsung Electronics Co., Ltd. Method and system for secured remote provisioning of a universal integrated circuit card of a user equipment
CN104219650A (en) * 2014-09-22 2014-12-17 北京电子科技学院 Method and user device for sending user identity authentication information

Also Published As

Publication number Publication date
CN104581710A (en) 2015-04-29

Similar Documents

Publication Publication Date Title
CN104581710B (en) It is a kind of in the method and system of upper safe transmission LTE user IMSI of eating dishes without rice or wine
US20240224035A1 (en) Methods and apparatus for secure access control in wireless communications
EP2421292B1 (en) Method and device for establishing security mechanism of air interface link
EP3513526B1 (en) System and method for massive iot group authentication
CN104010309B (en) The method and terminal of connection are established between access point and terminal
US9654972B2 (en) Secure provisioning of an authentication credential
EP2903322B1 (en) Security management method and apparatus for group communication in mobile communication system
US9667413B2 (en) Encryption realization method and system
CN103391541B (en) The collocation method of wireless device and device, system
KR20230054421A (en) Privacy of Repeater Selection in Cellular Sliced Networks
CN113411309A (en) Authentication mechanism for 5G technology
US8954739B2 (en) Efficient terminal authentication in telecommunication networks
CN102056157B (en) Method, system and device for determining keys and ciphertexts
CN103609154B (en) A kind of WLAN access authentication method, equipment and system
CN107736047A (en) Safe Architecture For eNet for honeycomb Internet of Things
CN107005927A (en) Cut-in method, equipment and the system of user equipment (UE)
CN107710801A (en) Exempt from method, user equipment, access network equipment and the equipment of the core network of authorized transmissions
CN108293223A (en) A kind of data transmission method, user equipment and network side equipment
CN108012264A (en) The scheme based on encrypted IMSI for 802.1x carriers hot spot and Wi-Fi call authorizations
WO2016021817A1 (en) Method for authenticating terminal in wireless communication system, and device for same
CN101500229A (en) Method for establishing security association and communication network system
CN105142136B (en) A kind of method of anti-pseudo-base station attack
CN103581901A (en) Method and device for processing Wi-Fi wireless network access configuration information
CN109496412A (en) Use the verifying of privacy identification code
EP4243468A1 (en) Authentication method and related apparatus

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20181123

Termination date: 20191218