CN104883339B

CN104883339B - A kind of method, apparatus and system of privacy of user protection

Info

Publication number: CN104883339B
Application number: CN201410070160.3A
Authority: CN
Inventors: 何文裕; 何承东
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2014-02-27
Filing date: 2014-02-27
Publication date: 2019-06-21
Anticipated expiration: 2034-02-27
Also published as: CN104883339A; WO2015127736A1

Abstract

The embodiment of the present invention discloses a kind of method, apparatus and system of privacy of user protection, is related to communication network application technology, by hiding the true ID of user using random user ID, solves the problems, such as privacy of user exposure, improves the sense of security of user network experience.This method comprises: user equipment (UE) sends login request message to location server by router；The UE receives the random value that the location server is sent by the router;The UE is according to the shared key, the user identifier of the UE, and the identifier of the random value and the location server obtained in advance generates the interim subscriber identity, and the common key is corresponding with the user identifier of the UE.The embodiment of the present invention is applied to hide the true ID of user equipment.

Description

A kind of method, apparatus and system of privacy of user protection

Technical field

The present invention relates to the method, apparatus and system that communication network application technology more particularly to a kind of privacy of user are protected.

Background technique

With network security increasingly by the whole world it is of interest, IP (Internet Protocol, Internet Protocol) address The safety of safety and User ID has obtained extensive concern, wherein since IP address is both that identifier is (i.e. main for a long time Identity mark), and be finger URL (i.e. network location identifier), this makes the separation of transport layer and network layer not thorough enough.This So that conventional TCP/IP network can not support the more host's scenes of host, i.e., multiple network interface cards of same host access network simultaneously, cut Draping card will lead to IP variation, service disconnection.

In a mobile network, it may cause IP address reassignment when terminal is mobile, although in the same use of the same terminal Under the use of family, but the four-tuple (<local IP, far-end IP, local port, remote port>) of transport layer is but changed, this will Lead to disconnecting and rebuilds.If occur user's multiple devices scene, it is desirable that service traffics need in multiple devices Between seamless switching, and traditional TCP/IP network can not be supported.

In existing solution technology, in user identity agreement UIP(User Identity Protocol) the network architecture In, user identifier UserID is distributed by operator, permanent；Device identifier DeviceID is by device manufacturer or operation Quotient's distribution, a UserID can be associated with multiple DeviceID；Finger URL Locator is usually IP address, is distributed by operator Or user is specified, a DeviceID can be associated with multiple Locator.But about network security, attacker probably will The location information of user is tracked according to User ID, wherein since the User ID of certain countries may take certain coding rule, Such as the prefix of the user of different regions its ID is different.Therefore attacker can believe according to its privacy of the prefix guessing of User ID Breath, such as geographical location.If attacker will obtain a large amount of privacy information of user according to the business that User ID obtains its subscription, Privacy of user safety and property safety are threatened.

Summary of the invention

The embodiment of the present invention provides a kind of method, apparatus and system of privacy of user protection, by utilizing random user ID hides the true ID of user, solves the problems, such as privacy of user exposure, improves the sense of security of user network experience.

In order to achieve the above objectives, the embodiment of the present invention adopts the following technical scheme that

In a first aspect, a kind of method of privacy of user protection, comprising:

User equipment (UE) sends login request message to location server by router, so that the location server Random value is generated when receiving the login request message of the UE, and the random value is sent to the UE, the registration It include the user identifier of the UE in request message, so that the location server is according to the random value, common key, institute The identifier of the user identifier and the location server of stating UE generates interim subscriber identity, and saves casual user's mark The corresponding relationship of the mark of knowledge, the user identifier of the UE, UE mark and the location server, so that the position takes Business device identifies the message comprising the interim subscriber identity of the transmission of the UE, the common key according to the corresponding relationship It is corresponding with the user identifier of the UE；

The UE receives the random value that the location server is sent by the router;

The UE is according to the shared key, the user identifier of the UE, the random value and obtains in advance described The identifier of location server generates the interim subscriber identity, and the common key is corresponding with the user identifier of the UE.

With reference to first aspect, it specifically includes in the first possible implementation, the UE is connect by the router Receiving the random value that the location server is sent includes:

The UE receives the authentication request message that the location server is sent, the certification request by the router It include the random value in message.

With reference to first aspect, it specifically includes in the second possible implementation, the UE is connect by the router Receiving the random value that the location server is sent includes:

The UE receives the registration reply message that the location server is sent, the registration response by the router It include the random value in message.

Second aspect, a kind of method of privacy of user protection, comprising:

Location server receives the login request message that user equipment (UE) is sent, the login request message by router In include the UE user identifier, wherein when the location server receives the login request message that the UE is sent, institute It states location server and generates random value；

The random value is sent to the UE by the router by the location server so that the UE according to The shared key, the user identifier of the UE, the identifier of the random value and the location server obtained in advance Generate interim subscriber identity；

The location server obtains common key according to the user identifier of the UE, and according to the shared key, institute State the user identifier of UE, the identifier generation interim subscriber identity of the random value and the location server；

The location server saves the interim subscriber identity, the user identifier of the UE, UE mark and institute State the corresponding relationship of the mark of location server, and by the corresponding relationship identify that the UE sends comprising the interim use The message of family mark.

It in conjunction with second aspect, specifically includes in the first possible implementation, the location server passes through described The random value is sent to the UE by router

The location server sends authentication request message, the authentication request message to the UE by the router In include random value so that the UE is according to the shared key, the user identifier of the UE, the random value and in advance The identifier of the location server obtained generates interim subscriber identity, the user identifier pair of the common key and the UE It answers.

It in conjunction with second aspect, specifically includes in the second possible implementation, the location server passes through described The random value is sent to the UE by router

The location server forwards registration reply message, the registration reply message to the UE by the router In include random value so that the UE is according to the shared key, the user identifier of the UE, the random value and in advance The identifier of the location server obtained generates interim subscriber identity, the user identifier pair of the common key and the UE It answers.

The third aspect, a kind of method of privacy of user protection, comprising:

User equipment (UE) sends login request message to location server by router, wraps in the login request message User identifier containing the UE, so that the location server generates at random when receiving the login request message of the UE Value, and casual user's mark is generated according to the identifier of the random value, the user identifier of the UE and the location server Know, and saves pair of the mark of the interim subscriber identity, the user identifier of the UE, UE mark and the location server Should be related to so that the location server according to the corresponding relationship identify the UE transmission comprising the casual user The message of mark；

The UE receives the interim subscriber identity by the router.

It in conjunction with the third aspect, specifically includes in the first possible implementation, the UE is connect by the router Receiving the interim subscriber identity includes:

The UE receives the registration reply message that the location server is sent, the registration response by the router It include the interim subscriber identity in message.

Fourth aspect, a kind of method of privacy of user protection, comprising:

Location server receives the login request message that user equipment (UE) is sent, the login request message by router In include the UE user identifier, wherein when the location server receives the registration request that the user equipment (UE) is sent When message, the location server generates random value；

The location server is according to the mark of the random value, the user identifier of the UE and the location server Symbol generates interim subscriber identity；

The location server saves the interim subscriber identity, the user identifier of the UE, UE mark and institute's rheme The corresponding relationship of the mark of server is set, so that the location server identifies the transmission of the UE according to the corresponding relationship The message comprising the interim subscriber identity；

The interim subscriber identity is forwarded to the UE by the router by the location server.

In conjunction with fourth aspect, specifically included in the first mode in the cards, the location server is according to The identifier of random value, the user identifier of the UE and the location server generates interim subscriber identity

The location server takes according to the random value, shared key, the user identifier of the UE and the position The identifier of business device generates interim subscriber identity, and the common key is corresponding with the user identifier of the UE.

It in conjunction with fourth aspect, is specifically included in second of mode in the cards, the location server passes through described The interim subscriber identity is forwarded to the UE by router, comprising:

The location server forwards registration reply message to the UE, the registration reply message by the router In include the interim subscriber identity.

5th aspect, a kind of user equipment, comprising:

Communication unit, for sending login request message to location server by router, so that the position takes Business device generates random value when receiving the login request message of the UE, and the random value is sent to the UE, described It include the user identifier of the UE in login request message, so that the location server is according to the random value, common close The identifier of key, the user identifier of the UE and the location server generates interim subscriber identity, and saves described interim User identifier, the user identifier of the UE, UE are identified and the corresponding relationship of the mark of the location server, so that described Location server identifies the message comprising the interim subscriber identity of the transmission of the UE according to the corresponding relationship, described total It is corresponding with the user identifier of the UE with key；

The communication unit is also used to receive the random value that the location server is sent by the router;

Generation unit, for according to the shared key, the user identifier of the UE, the random value and in advance acquisition The identifier of the location server generate the interim subscriber identity, the user identifier pair of the common key and the UE It answers.

In conjunction with the 5th aspect, specifically included in the first mode in the cards, the communication unit is specifically also used In:

The authentication request message that the location server is sent is received by the router, in the authentication request message Including the random value.

In conjunction with the 5th aspect, specifically include in the second possible implementation, the communication unit is specifically also used In:

The registration reply message that the location server is sent is received by the router, in the registration reply message Including the random value.

6th aspect, a kind of location server, comprising:

Communication unit, for receiving the login request message that user equipment (UE) is sent, the registration request by router It include the user identifier of the UE in message, wherein when the location server receives the login request message that the UE is sent When, the location server generates random value；

The communication unit is also used to that the random value is sent to the UE by the router, so that described UE is according to the shared key, the user identifier of the UE, the random value and the location server obtained in advance Identifier generates interim subscriber identity；

Generation unit, it is described for obtaining common key according to the user identifier of the UE, and according to the shared key The identifier of the user identifier of UE, the random value and the location server generates the interim subscriber identity；

Storage unit, for save the interim subscriber identity, the UE that the generation unit generates user identifier, The corresponding relationship of the UE mark and the mark of the location server, and identify that the UE is sent by the corresponding relationship The message comprising the interim subscriber identity.

In conjunction with the 6th aspect, specifically include in the first possible implementation, the communication unit is specifically also used In:

Authentication request message is sent to the UE by the router, includes random value in the authentication request message, So that the UE is according to the shared key, the user identifier of the UE, the random value and the institute's rheme obtained in advance The identifier for setting server generates interim subscriber identity, and the common key is corresponding with the user identifier of the UE.

In conjunction with the 6th aspect, specifically include in the second possible implementation, the communication unit is specifically also used In:

Registration reply message is forwarded to the UE by the router, includes random value in the registration reply message, So that the UE is according to the shared key, the user identifier of the UE, the random value and the institute's rheme obtained in advance The identifier for setting server generates interim subscriber identity, and the common key is corresponding with the user identifier of the UE.

7th aspect, a kind of user equipment, comprising:

Transmission unit, for sending login request message, the login request message to location server by router In include the UE user identifier so that location server generation when receiving the login request message of the UE Random value, and interim use is generated according to the identifier of the random value, the user identifier of the UE and the location server Family mark, and save the mark of the interim subscriber identity, the user identifier of the UE, UE mark and the location server Corresponding relationship so that the location server according to the corresponding relationship identify the UE transmission comprising described interim The message of user identifier；

Receiving unit, for receiving the interim subscriber identity by the router.

In conjunction with the 7th aspect, specifically included in the first mode in the cards, the receiving unit is specifically also used In:

The registration reply message that the location server is sent is received by the router, in the registration reply message Including the interim subscriber identity.

Eighth aspect, a kind of location server, comprising:

Communication unit, for receiving the login request message that user equipment (UE) is sent, the registration request by router It include the user identifier of the UE in message, wherein when the location server receives the registration that the user equipment (UE) is sent When request message, the location server generates random value；

Generation unit, for according to the user identifier of the random value, the UE and the mark of the location server Symbol generates interim subscriber identity；

Storage unit, for save the interim subscriber identity, the UE that the generation unit generates user identifier, The corresponding relationship of UE mark and the mark of the location server, so that the location server is according to the corresponding relationship Identify the message comprising the interim subscriber identity of the transmission of the UE；

The communication unit is also used to the interim subscriber identity for generating the generation unit by the router It is forwarded to the UE.

It in conjunction with eighth aspect, is specifically included in the first mode in the cards, the generation unit is specifically also used In:

It is raw according to the identifier of the random value, shared key, the user identifier of the UE and the location server At interim subscriber identity, the common key is corresponding with the user identifier of the UE.

It in conjunction with eighth aspect, specifically includes in the second possible implementation, the communication unit is specifically also used In:

It include described interim by router forwarding registration reply message to the UE, in the registration reply message User identifier.

9th aspect, a kind of communication system, comprising: location server, router and the use being connected to the router Family equipment UE, wherein

The location server is position clothes described in any possible implementation in the 6th aspect or the 6th aspect Business device；

The user equipment (UE) is that user described in any possible implementation sets in the 5th aspect or the 5th aspect It is standby；

Alternatively,

The location server is the clothes of position described in any possible implementation in eighth aspect or eighth aspect Business device；

The user equipment (UE) is that user described in any possible implementation sets in the 7th aspect or the 7th aspect It is standby.

The method, apparatus and system of privacy of user protection provided in an embodiment of the present invention, user equipment (UE) are asked by registration Ask message that the user identifier of user equipment is sent to location server, and according to the user identifier of the UE obtain it is described share it is close Key, the user identifier of user equipment, the mark and shared key for the location server being obtained ahead of time generate interim subscriber identity, By hiding the true ID of user using random user ID, solves the problems, such as privacy of user exposure, improve user network experience The sense of security.

Detailed description of the invention

To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other Attached drawing.

Fig. 1 is a kind of UIP(User Identity Protocol provided in an embodiment of the present invention, user identity agreement) Network topology structure schematic diagram；

Fig. 2 is a kind of flow diagram of the method for privacy of user protection provided in an embodiment of the present invention；

Fig. 3 is the flow diagram of the method for another privacy of user protection provided in an embodiment of the present invention；

Fig. 4 be another embodiment of the present invention provides a kind of privacy of user protection method flow diagram；

Fig. 5 be another embodiment of the present invention provides another privacy of user protection method flow diagram；

Fig. 6 is a kind of flow diagram of the method for privacy of user protection that further embodiment of this invention provides；

Fig. 7 is the flow diagram of the method for another privacy of user protection that further embodiment of this invention provides；

Fig. 8 is the flow diagram of the method for another privacy of user protection that further embodiment of this invention provides；

Fig. 9 is a kind of structural schematic diagram of user equipment provided in an embodiment of the present invention；

Figure 10 is a kind of structural schematic diagram of location server provided in an embodiment of the present invention；

Figure 11 be another embodiment of the present invention provides a kind of user equipment structural schematic diagram；

Figure 12 be another embodiment of the present invention provides a kind of location server structural schematic diagram；

Figure 13 is a kind of structural schematic diagram for user equipment that further embodiment of this invention provides；

Figure 14 is a kind of structural schematic diagram for location server that further embodiment of this invention provides；

Figure 15 is a kind of structural schematic diagram for user equipment that yet another embodiment of the invention provides；

Figure 16 is a kind of structural schematic diagram for location server that yet another embodiment of the invention provides；

Figure 17 is a kind of structural schematic diagram of communication system provided in an embodiment of the present invention.

Specific embodiment

Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.

The present invention is suitable for user identity agreement UIP(User Identity Protocol) network architecture, wherein such as Fig. 1 Shown, UIP network is made of one or more domains UIP, and a domain UIP is by a location server SLS(Subscriber Location Server), one or more domain router DR(Domain Router), one or more gateway GW(Gate Way it) forms.Wherein, DR is used to save mapping relations, the user of user identifier UserID and the finger URL Locator of the user Data forwarding and message address convert, and the DR in domain, between domain is interconnected.SLS is for saving user identifier UserID and use The mapping relations of the current DR in family.UE accesses the domain UIP by wireless access network.And the present invention provides a kind of side of privacy of user protection Method, referring to shown in Fig. 2, in user equipment side, it is described that specific step is as follows:

101, user equipment (UE) sends login request message to location server by router, so that the location-based service Device generates random value in the login request message for receiving UE, and the random value is sent to the UE.

It wherein, include the user identifier of the UE in login request message, so that the location server is according to Random value, common key, the user identifier of the UE and the location server identifier generate interim subscriber identity, and The corresponding of mark for saving the interim subscriber identity, the user identifier of the UE, UE mark and the location server is closed System so that the location server according to the corresponding relationship identify the UE transmission comprising the interim subscriber identity Message, the common key is corresponding with the user identifier of the UE.

Here the method for obtaining shared key can be certifiede-mail protocol AKA (Authentication and Key ) or other cryptographic key negotiation methods Agreement.

Here user equipment (UE) (User Equipment) can pass through domain router DR(Domain Router) forwarding note Volume request message, by the essential information of UE itself, such as user identifier UserID, device identifier Device ID and finger URL Locator is sent to subscriber location servers SLS(Subscriber Location Server), so that SLS is according to the note of UE Volume request message obtains the essential information (i.e. underlying parameter) of UE.

Wherein, login request message further include: the finger URL of device identifier and/or UE.

102, UE receives the random value of location server transmission by router.

103, UE is according to shared key, the user identifier of UE, the mark of random value and the location server obtained in advance Symbol generates interim subscriber identity.

Wherein, the common key is corresponding with the user identifier of the UE.

Here UE can negotiate the authentication request message received before obtaining shared key SKey according to SLS, obtain The random value nonce generated by SLS, and according to the nonce, the SLS ID's, SKey and UE itself of the SLS obtained in advance UserID generates interim subscriber identity TempUser ID；

Alternatively,

Negotiate after obtaining shared key SKey according to SLS, obtains random value in received registration reply message Nonce, and interim subscriber identity TempUser is generated according to the nonce, the UserID of the SLS ID, SKey and UE itself of SLS ID；

Alternatively,

In addition to the nonce that UE itself is sent according to SLS generates TempUser ID, optionally, UE is sent by receiving SLS Registration reply message receive the interim subscriber identity TempUser ID that has generated of SLS.

The present invention provides a kind of method of privacy of user protection, referring to shown in Fig. 3, in position server side, specific steps It is as described below:

201, location server receives the login request message that user equipment (UE) is sent by router.

It here include the user identifier of the UE in login request message, wherein when location server receives the note that UE is sent When volume request message, location server generates random value.

Wherein, which further includes the finger URL of user equipment identifiers Device ID and/or UE Locator。

202, random value is sent to UE by router by location server, so that the UE is according to shared key, UE's The identifier of user identifier, random value and the location server obtained in advance generates interim subscriber identity.

203, location server is according to the shared key, the user identifier of UE, the mark of random value and location server Symbol generates interim subscriber identity.

Wherein, the method for obtaining shared key can be certifiede-mail protocol AKA (Authentication and Key ) or other cryptographic key negotiation methods Agreement.

Here subscriber location servers SLS(Subscriber Location Server) it can negotiate to obtain according to UE Before shared key SKey, the random value nonce that SLS is generated, and according to the nonce, SLS ID, SKey and the UE of SLS itself UserID generate interim subscriber identity TempUser ID；

Alternatively,

Negotiate after obtaining shared key SKey according to UE, SLS generates random value nonce, and carries nonce sending Registration reply message before SLS according to the nonce, the UserID of the SLS ID, SKey and UE itself of SLS generates casual user Identify TempUser ID；

Alternatively,

For SLS after the authentication response message for receiving UE transmission, SLS generates nonce, and is generated according to nonce The TempUser ID of generation is sent to UE by sending registration reply message by TempUser ID.

204, location server saves the mark of interim subscriber identity, the user identifier of UE, UE mark and location server The corresponding relationship of knowledge, and the message comprising interim subscriber identity that UE is sent is identified by the corresponding relationship.

Wherein, optionally, which saves is the user identifier User of interim subscriber identity TempUser ID and UE The mapping relations of ID, device identifier Device ID and finger URL Locator.

The method of privacy of user protection provided in an embodiment of the present invention, user equipment (UE) pass through login request message for user The user identifier of equipment is sent to location server, and obtains the shared key, user equipment according to the user identifier of the UE User identifier, the mark and shared key of the location server being obtained ahead of time generate interim subscriber identity, by using with Machine User ID hides the true ID of user, solves the problems, such as privacy of user exposure, improves the sense of security of user network experience.

The present invention provides the method for another privacy of user protection, referring to shown in Fig. 4, in user equipment side, specific steps It is as described below:

301, user equipment (UE) sends login request message to location server by router.

It wherein, include the user identifier of the UE in login request message, so that the location server is receiving Random value is generated when the login request message of the UE, and according to the random value, the user identifier of the UE and institute's rheme The identifier for setting server generates interim subscriber identity, and saves the interim subscriber identity, the user identifier of the UE, UE mark The corresponding relationship of the mark of knowledge and the location server, so that the location server is identified according to the corresponding relationship The message comprising the interim subscriber identity of the transmission of the UE.

302, UE receives interim subscriber identity by router.

Wherein, UE receives the registration reply message that the location server is sent by the router, and the registration is rung Answering includes the interim subscriber identity in message.

The present invention provides the method for another privacy of user protection, referring to Figure 5, specific to walk in position server side It is rapid as described below:

401, location server receives the login request message that user equipment (UE) is sent by router.

It here include the user identifier of the UE in login request message, wherein described in being received when the location server When the login request message that user equipment (UE) is sent, the location server generates random value.

402, location server generates interim use according to the identifier of random value, the user identifier of UE and location server Family mark.

403, location server saves the interim subscriber identity, the user identifier of UE, UE mark and location server The corresponding relationship of mark so that the location server according to the corresponding relationship identify UE transmission include interim subscriber identity Message.

404, the interim subscriber identity is forwarded to UE by router by location server.

Wherein, location server forwards registration reply message to the UE by the router, and the registration response disappears It include the interim subscriber identity in breath.

The method of privacy of user protection provided in an embodiment of the present invention, location server are raw according to the random value generated at random At interim subscriber identity, and interim subscriber identity is carried by registration reply message and is sent to user equipment (UE) via router, And then by hiding the true ID of user using random user ID, solves the problems, such as privacy of user exposure, improve user network The sense of security of experience.

Router in the embodiment of the present invention is with domain router DR, and location server is by taking subscriber location servers SLS as an example It is illustrated, is subject to the method for realizing privacy of user provided in an embodiment of the present invention protection, be not especially limited.

Specifically, being illustrated below in conjunction with specific embodiment.

Embodiment one

Can be on the basis of Fig. 2 or embodiment shown in Fig. 3, referring to shown in Fig. 6, the embodiment provides one The method of kind privacy of user protection generates for subscriber location servers SLS with user equipment (UE) through consultation referring to shown in Fig. 6 Shared key SKey, and according to the process of the ID of SKey, SLS and/or UE generation interim subscriber identity TempUserID, it is specific to walk It is rapid as follows:

501, user equipment (UE) sends login request message to location server by router, so that changing location-based service Device generates random value in the login request message for receiving UE, and the random value is sent to the UE.

Optionally, login request message further include: the finger URL of device identifier and/or UE.

502, location server receives the login request message that user equipment (UE) is sent by router.

Here router DR in domain is used to undertake the function of Signalling exchange message between forwarding UE and SLS.

503, random value is sent to UE by router by location server, so that the UE is according to shared key, UE's The identifier of user identifier, random value and the location server obtained in advance generates interim subscriber identity.

Wherein random value can be indicated with nonce.To realize a kind of privacy of user protection provided in an embodiment of the present invention Subject to method, specifically without limitation.

Here location server carries random value in authentication request message, and is sent to UE by router.

504, UE receives the random value of location server transmission by router.

Wherein UE receives the authentication request message that the location server is sent, the certification request by the router It include the random value in message.

505, UE sends authentication response message to location server by router according to the authentication request message.

506, location server receives the authentication response message that UE is sent by router.

507, location server is according to the shared key, the user identifier of UE, the mark of random value and location server Symbol generates interim subscriber identity.

Here interim subscriber identity is by taking interim subscriber identity TempUser ID as an example:

Wherein, the generation method of TempUser ID may be expressed as:

TempUser ID=KDF(SKey,UserID,SLS ID,nonce)

That is interim subscriber identity TempUser ID be SLS according to negotiation obtained SKey, the UserID of UE, SLS ID with And the nonce that SLS is generated is generated；

Wherein:

SKey is some shared key of SLS and UE；

SLS ID(SLS mark) be SLS ID, such as UUID (Universally Unique Identifier) form Identifier；

Nonce is the random value that SLS is generated.

508, UE is according to shared key, the user identifier of UE, the mark of random value and the location server obtained in advance Symbol generates interim subscriber identity.

Wherein, the common key is corresponding with the user identifier of the UE.

Here UE is according to the random value nonce got in authentication request message, the SKey negotiated with SLS, in advance The UserID of the ID and UE itself of the SLS of acquisition generates interim subscriber identity TempUser ID.

509, location server saves the mark of interim subscriber identity, the user identifier of UE, UE mark and location server The corresponding relationship of knowledge, and the message comprising interim subscriber identity that UE is sent is identified by the corresponding relationship.

510, location server sends registration reply message to UE by router.

511, UE receives the registration reply message that location server is sent by router.

Embodiment two

Can be on the basis of Fig. 2 or embodiment shown in Fig. 3, referring to shown in Fig. 7, the embodiment provides one The method of kind privacy of user protection generates for subscriber location servers SLS with user equipment (UE) through consultation referring to shown in Fig. 7 Shared key SKey, wherein SLS generates random value nonce after UE and SLS negotiates to generate SKey, SLS is according to SKey, SLS And/or the ID of UE generates interim subscriber identity TempUserID, then nonce is sent to UE via DR forwarding registration reply message, So that UE is according to the process of nonce generation TempUserID, the specific steps are as follows:

601 user equipment (UE)s send login request message to location server by router, so that changing location-based service Device generates random value in the login request message for receiving UE, and the random value is sent to the UE.

602, location server receives the login request message that user equipment (UE) is sent by router.

603, random value is sent to UE by router by location server, so that the UE is according to shared key, UE's The identifier of user identifier, random value and the location server obtained in advance generates interim subscriber identity.

Location server sends authentication request message to UE by router.

Here it is not limited to whether random value nonce is generation in the authentication request message that SLS is sent by DR to UE Random value nonce needed for TempUser ID.It is in the embodiment of the present invention with the difference in embodiment one for generating The random value nonce of TempUser ID can be the new nonce that SLS is regenerated, it can not reuse in this step The nonce in authentication request message sent to UE.

604, UE receives the random value of location server transmission by router.

605, UE sends authentication response message to location server by router according to the authentication request message.

606, location server receives the authentication response message that UE is sent by router.

607, location server is according to the shared key, the user identifier of UE, the mark of random value and location server Symbol generates interim subscriber identity.

Wherein, the generation method of TempUser ID may be expressed as:

TempUser ID=KDF(SKey,UserID,SLS ID,nonce)

Wherein:

SKey is some shared key of SLS and UE；

Nonce is the random value that SLS is generated.

608, random value is sent to UE by router by location server.

Wherein, registration reply message, further includes: the random value nonce that SLS is generated, so that UE is raw according to random value nonce At the TempUser ID.

Location server forwards registration reply message to the UE by the router, wraps in the registration reply message Random value is included, so that the UE is according to the shared key, the user identifier of the UE, the random value and in advance acquisition The location server identifier generate interim subscriber identity, the UE according to the user identifier of the UE obtain it is described total Enjoy key.

609, location server saves the mark of interim subscriber identity, the user identifier of UE, UE mark and location server The corresponding relationship of knowledge, and the message comprising interim subscriber identity that UE is sent is identified by the corresponding relationship.

Here specifically, SLS save be user identifier User ID of interim subscriber identity TempUser ID and UE, set The mapping relations of standby identifier Device ID and finger URL Locator.

610, UE receives the random value that location server is sent by router.

Wherein, UE receives the registration reply message that the location server is sent by the router, and the registration is rung Answering includes the random value in message.

611, UE is according to shared key, the user identifier of UE, the mark of random value and the location server obtained in advance Symbol generates interim subscriber identity.

Wherein, UE obtains the shared key according to the user identifier of the UE

The method of privacy of user protection provided in an embodiment of the present invention, user equipment (UE) pass through login request message for user The user identifier of equipment is sent to location server, and by negotiating to obtain shared key with location server, further according to user The user identifier of equipment, the mark and shared key for the location server being obtained ahead of time generate interim subscriber identity, pass through benefit The true ID of user is hidden with random user ID, privacy of user exposure is solved the problems, such as, improves the safety of user network experience Sense.

The difference of the embodiment of the present invention and embodiment one is that random value nonce of the SLS for generating TempUser ID is After negotiating to obtain shared key SKey with UE, and the random of TempUser ID will be generated after generating TempUser ID Value nonce is sent to UE by DR by registration reply message.Wherein, the random value nonce for generating TempUser ID is It can be different from nonce entrained when transmission authentication request message.

Embodiment three

Can be on the basis of Fig. 4 or embodiment shown in fig. 5, referring to shown in Fig. 8, the embodiment provides one The method of kind privacy of user protection generates for subscriber location servers SLS with user equipment (UE) through consultation referring to shown in Fig. 8 Shared key SKey, SLS generate interim subscriber identity TempUserID according to the ID of SKey, SLS and UE, then forward via DR The process of TempUserID to UE, the specific steps are as follows:

701, user equipment (UE) sends login request message to location server by router.

702, location server receives the login request message that user equipment (UE) is sent by router.

It wherein, include the user identifier of the UE in login request message, wherein described in being received when the location server When the login request message that user equipment (UE) is sent, the location server generates random value；

703, location server sends authentication request message to UE by router.

704, UE receives the authentication request message that location server is sent by router.

705, UE sends authentication response message to location server by router according to the authentication request message.

706, location server receives the authentication response message that UE is sent by router.

707, location server generates interim use according to the identifier of random value, the user identifier of UE and location server Family mark.

Wherein, which includes at least the random value, the user identifier of the UE and the location server Identifier；

Optionally, which further includes common key, and location server is according to the random value, shared key, institute The identifier of the user identifier and the location server of stating UE generates interim subscriber identity.

Wherein, which obtains common key according to the user identifier of the UE.

Here SLS as described above can be if method described in embodiment one and embodiment two be according to SKey, and UE's is basic The identifier SLS ID of information, random value nonce and SLS generates interim subscriber identity TempUser ID.

SLS can also generate TempUser ID according to random value nonce in the present embodiment.

708, location server saves the mark of interim subscriber identity, the user identifier of UE, UE mark and location server The corresponding relationship of knowledge so that the location server according to the corresponding relationship identify UE transmission comprising interim subscriber identity Message.

709, interim subscriber identity is forwarded to UE by router by location server.

710, UE receives interim subscriber identity by router.

The present invention provides a kind of user equipment (UE) 8, which is provided so that the embodiment of the present invention may be implemented Any user secret protection method subject to, referring to shown in Fig. 9, comprising:

Communication unit 81, for sending login request message to location server by router, so that the position Server generates random value when receiving the login request message of the UE, and the random value is sent to the UE, institute State include in login request message the UE user identifier so that the location server is according to the random value, common The identifier of key, the user identifier of the UE and the location server generates interim subscriber identity, and faces described in preservation When user identifier, the user identifier of the UE, UE mark and the location server mark corresponding relationship so that institute The message comprising the interim subscriber identity that location server identifies the transmission of the UE according to the corresponding relationship is stated, it is described Common key is corresponding with the user identifier of the UE；

Communication unit 81 is also used to receive the random value that the location server is sent by the router;

Generation unit 82, for according to the shared key, the user identifier of the UE and obtains the random value in advance The identifier of the location server taken generates the interim subscriber identity, the user identifier of the common key and the UE It is corresponding.

User equipment provided in an embodiment of the present invention, user equipment (UE) pass through login request message for the user of user equipment Mark is sent to location server, and obtains the shared key according to the user identifier of the UE, the user identifier of user equipment, The mark and shared key for the location server being obtained ahead of time generate interim subscriber identity, by being hidden using random user ID The true ID of user solves the problems, such as privacy of user exposure, improves the sense of security of user network experience.

Optionally, communication unit 81 are specifically also used to: receiving recognizing for the location server transmission by the router Request message is demonstrate,proved, includes the random value in the authentication request message.

Optionally, communication unit 81 are specifically also used to: receiving the note that the location server is sent by the router Volume response message includes the random value in the registration reply message.

The present invention provides a kind of location server SLS9, and location server SLS9 is may be implemented the embodiment of the present invention Subject to the method for provided any user secret protection, referring to Fig.1 shown in 0, comprising:

Communication unit 91, for receiving the login request message that user equipment (UE) is sent by router, the registration is asked Seek the user identifier in message comprising the UE, wherein disappear when the location server receives the registration request that the UE is sent When breath, the location server generates random value；

Communication unit 91 is also used to that the random value is sent to the UE by the router, so that the UE According to the shared key, the user identifier of the UE, the mark of the random value and the location server obtained in advance Know symbol and generates interim subscriber identity；

Generation unit 92, for obtaining common key according to the user identifier of the UE, and according to the shared key, institute State the user identifier of UE, the identifier generation interim subscriber identity of the random value and the location server；

Storage unit 93, for saving the interim subscriber identity of the generation unit generation, user's mark of the UE The corresponding relationship of the mark of knowledge, UE mark and the location server, and the UE is identified by the corresponding relationship The message comprising the interim subscriber identity sent.

Location server provided in an embodiment of the present invention, user equipment (UE) pass through login request message for the use of user equipment Family mark is sent to location server, and obtains the shared key, user's mark of user equipment according to the user identifier of the UE Know, the mark and shared key for the location server being obtained ahead of time generate interim subscriber identity, by utilizing random user ID The true ID of user is hidden, privacy of user exposure is solved the problems, such as, improves the sense of security of user network experience.

Optionally, communication unit 91 are specifically also used to: authentication request message is sent to the UE by the router, It include random value in the authentication request message, so that the UE is according to the shared key, the user identifier of the UE, institute The identifier for the location server stating random value and obtaining in advance generates interim subscriber identity, the common key and institute The user identifier for stating UE is corresponding.

Optionally, communication unit 91 are specifically also used to: registration reply message is forwarded to the UE by the router, It include random value in the registration reply message, so that the UE is according to the shared key, the user identifier of the UE, institute The identifier for the location server stating random value and obtaining in advance generates interim subscriber identity, the common key and institute The user identifier for stating UE is corresponding.

The present invention provides a kind of user equipment (UE) 10, which is mentioned so that the embodiment of the present invention may be implemented Subject to the method for any user secret protection of confession, referring to Fig.1 shown in 1, comprising:

Transmission unit 1001, for sending login request message, the registration request to location server by router It include the user identifier of the UE in message, so that the location server is when receiving the login request message of the UE Random value is generated, and is faced according to the generation of the identifier of the random value, the user identifier of the UE and the location server When user identifier, and save the interim subscriber identity, the user identifier of the UE, UE mark and the location server The corresponding relationship of mark so that the location server according to the corresponding relationship identify the UE transmission comprising described The message of interim subscriber identity；

Receiving unit 1002, for receiving the interim subscriber identity by the router.

Further, receiving unit 1002 are specifically also used to: being received the location server by the router and sent Registration reply message, include the interim subscriber identity in the registration reply message.

User equipment provided in an embodiment of the present invention, location server generate casual user according to the random value generated at random Mark, and interim subscriber identity is carried by registration reply message and is sent to user equipment (UE) via router, and then passes through benefit The true ID of user is hidden with random user ID, privacy of user exposure is solved the problems, such as, improves the safety of user network experience Sense.

The present invention provides a kind of location server SLS11, and location server SLS11 is may be implemented implementation of the invention Subject to the method for any user secret protection provided by example, referring to Fig.1 shown in 2, comprising:

Communication unit 1101, for receiving the login request message that user equipment (UE) is sent, the registration by router It include the user identifier of the UE in request message, wherein when the location server receives what the user equipment (UE) was sent When login request message, the location server generates random value；

Generation unit 1102, for according to the user identifier of the random value, the UE and the location server Identifier generates interim subscriber identity；

Storage unit 1103, for saving the interim subscriber identity of the generation unit generation, the user of the UE The corresponding relationship of the mark of mark, UE mark and the location server, so that the location server is according to described right Answer the message comprising the interim subscriber identity of the transmission of UE described in relation recognition；

Communication unit 1101 is also used to the interim subscriber identity for generating the generation unit by the router It is forwarded to the UE.

Optionally, generation unit 1102 are specifically also used to: being marked according to the user of the random value, shared key, the UE Know and the identifier of the location server generates interim subscriber identity, the user identifier pair of the common key and the UE It answers.

Optionally, communication unit 1101 are specifically also used to: forwarding registration reply message to described by the router UE includes the interim subscriber identity in the registration reply message.

Location server provided in an embodiment of the present invention, location server generate interim use according to the random value generated at random Family mark, and interim subscriber identity is carried by registration reply message and is sent to user equipment (UE) via router, and then is passed through The true ID of user is hidden using random user ID, privacy of user exposure is solved the problems, such as, improves the peace of user network experience Full sense.

The embodiment of the present invention provides a kind of user equipment (UE) 12, referring to Fig.1 shown in 3, the user equipment (UE) 12 include: to A few processor 1201, memory 1202, communication port 1203 and bus 1204, at least one processor 1201, storage Device 1202 and communication interface 1203 connect by bus 1204 and complete mutual communication.

The bus 1204 can be industry standard architecture (Industry Standard Architecture, abbreviation For ISA) bus, external equipment interconnection (Peripheral Component, referred to as PCI) bus or extension Industry Standard Architecture Structure (Extended Industry Standard Architecture, referred to as EISA) bus etc..The bus 1304 can be with It is divided into address bus, data/address bus, control bus etc..Only to be indicated with a thick line in Figure 13 convenient for indicating, it is not intended that Only a bus or a type of bus.Wherein:

For memory 1202 for storing executable program code, which includes computer operation instruction.Memory 1202 may include high-speed RAM (Random Access Memory, random access memory), it is also possible to further include non-volatile memories Device (non-volatile memory), for example, at least a magnetic disk storage.

Processor 1201 may be a central processing unit (Central Processing Unit, referred to as CPU), or Person is specific integrated circuit (Application Specific Integrated Circuit, referred to as ASIC) or quilt It is configured to implement one or more integrated circuits of the embodiment of the present invention.

Communication interface 1203 is mainly used for realizing the communication between the device in the present embodiment.

Wherein, processor 1201, for being sent out by router to location server by least one communication interface 1203 Login request message is sent, so that the location server generates random value when receiving the login request message of the UE, And the random value is sent to the UE, it include the user identifier of the UE in the login request message, so that described Location server is according to the identifier of the random value, common key, the user identifier of the UE and the location server Interim subscriber identity is generated, and saves the interim subscriber identity, the user identifier of the UE, UE mark and position clothes The corresponding relationship of the mark of business device, so that the location server identifies the packet of the transmission of the UE according to the corresponding relationship Message containing the interim subscriber identity, the common key are corresponding with the user identifier of the UE；

Processor 1201 is also used to receive the position clothes by the router by least one communication interface 1203 The random value that business device is sent;

Processor 1201 is also used to according to the shared key, the user identifier of the UE, the random value and in advance The identifier of the location server obtained generates the interim subscriber identity, user's mark of the common key and the UE Know and corresponds to.

Optionally, processor 1201 are specifically also used to: being connect by least one communication interface 1203 by the router The authentication request message that the location server is sent is received, includes the random value in the authentication request message.

Optionally, processor 1201 are specifically also used to: being connect by least one communication interface 1203 by the router The registration reply message that the location server is sent is received, includes the random value in the registration reply message.

The embodiment of the present invention provides a kind of location server SLS13, referring to Fig.1 shown in 4, location server SLS13 It include: at least one processor 1301, memory 1302, communication port 1303 and bus 1304, at least one processor 1301, memory 1302 and communication interface 1303 connect by bus 1304 and complete mutual communication.

The bus 1304 can be industry standard architecture (Industry Standard Architecture, abbreviation For ISA) bus, external equipment interconnection (Peripheral Component, referred to as PCI) bus or extension Industry Standard Architecture Structure (Extended Industry Standard Architecture, referred to as EISA) bus etc..The bus 1304 can be with It is divided into address bus, data/address bus, control bus etc..Only to be indicated with a thick line in Figure 14 convenient for indicating, it is not intended that Only a bus or a type of bus.Wherein:

For memory 1302 for storing executable program code, which includes computer operation instruction.Memory 1302 may include high speed RAM memory, it is also possible to further include nonvolatile memory (non-volatile memory), example Such as at least one magnetic disk storage.

Processor 1301 may be a central processing unit (Central Processing Unit, referred to as CPU), or Person is specific integrated circuit (Application Specific Integrated Circuit, referred to as ASIC) or quilt It is configured to implement one or more integrated circuits of the embodiment of the present invention.

Communication interface 1303 is mainly used for realizing the communication between the device in the present embodiment.

Wherein, processor 1301, for receiving user equipment (UE) by router by least one communication interface 1303 The login request message of transmission includes the user identifier of the UE in the login request message, wherein when the location-based service When device receives the login request message that the UE is sent, the location server generates random value；

Processor 1301 is also used to send out the random value by the router by least one communication interface 1303 The UE is given, so that the UE is according to the shared key, the user identifier of the UE and obtains the random value in advance The identifier of the location server taken generates interim subscriber identity；

Processor 1301 is also used to obtain common key according to the user identifier of the UE, and according to the shared key, The identifier of the user identifier of the UE, the random value and the location server generates the interim subscriber identity；

Memory 1302, for saving the interim subscriber identity of the generation unit generation, user's mark of the UE The corresponding relationship of the mark of knowledge, UE mark and the location server, and the UE is identified by the corresponding relationship The message comprising the interim subscriber identity sent.

Optionally, processor 1301 are specifically also used to: by least one communication interface 1303 by the router to The UE sends authentication request message, includes random value in the authentication request message, so that the UE is according to described shared The identifier of key, the user identifier of the UE, the random value and the location server obtained in advance generates interim User identifier, the common key are corresponding with the user identifier of the UE.

Optionally, processor 1301 are specifically also used to: by least one communication interface 1303 by the router to The UE forwards registration reply message, includes random value in the registration reply message, so that the UE is according to described shared The identifier of key, the user identifier of the UE, the random value and the location server obtained in advance generates interim User identifier, the common key are corresponding with the user identifier of the UE.

The embodiment of the present invention provides a kind of user equipment (UE) 14, referring to Fig.1 shown in 5, the user equipment (UE) 14 include: to A few processor 1401, memory 1402, communication port 1403 and bus 1404, at least one processor 1401, storage Device 1402 and communication interface 1403 connect by bus 1404 and complete mutual communication.

The bus 1404 can be industry standard architecture (Industry Standard Architecture, abbreviation For ISA) bus, external equipment interconnection (Peripheral Component, referred to as PCI) bus or extension Industry Standard Architecture Structure (Extended Industry Standard Architecture, referred to as EISA) bus etc..The bus 1404 can be with It is divided into address bus, data/address bus, control bus etc..Only to be indicated with a thick line in Figure 15 convenient for indicating, it is not intended that Only a bus or a type of bus.Wherein:

For memory 1402 for storing executable program code, which includes computer operation instruction.Memory 1402 may include high speed RAM memory, it is also possible to further include nonvolatile memory (non-volatile memory), example Such as at least one magnetic disk storage.

Processor 1401 may be a central processing unit (Central Processing Unit, referred to as CPU), or Person is specific integrated circuit (Application Specific Integrated Circuit, referred to as ASIC) or quilt It is configured to implement one or more integrated circuits of the embodiment of the present invention.

Communication interface 1403 is mainly used for realizing the communication between the device in the present embodiment.

Wherein, processor 1401, for being sent out by router to location server by least one communication interface 1403 Login request message is sent, includes the user identifier of the UE in the login request message, so that the location server exists Generate random value when receiving the login request message of the UE, and according to the random value, the UE user identifier and The identifier of the location server generates interim subscriber identity, and saves user's mark of the interim subscriber identity, the UE The corresponding relationship of the mark of knowledge, UE mark and the location server, so that the location server is according to the correspondence The message comprising the interim subscriber identity of the transmission of UE described in relation recognition；

Processor 1401 is also used to receive the interim use by the router by least one communication interface 1403 Family mark.

Further, processor 1401 are specifically also used to pass through the router by least one communication interface 1403 The registration reply message that the location server is sent is received, includes the interim subscriber identity in the registration reply message.

The embodiment of the present invention provides a kind of location server SLS15, referring to Fig.1 shown in 6, location server SLS15 It include: at least one processor 1501, memory 1502, communication port 1503 and bus 1504, at least one processor 1501, memory 1502 and communication interface 1503 connect by bus 1504 and complete mutual communication.

The bus 1504 can be industry standard architecture (Industry Standard Architecture, abbreviation For ISA) bus, external equipment interconnection (Peripheral Component, referred to as PCI) bus or extension Industry Standard Architecture Structure (Extended Industry Standard Architecture, referred to as EISA) bus etc..The bus 1504 can be with It is divided into address bus, data/address bus, control bus etc..Only to be indicated with a thick line in Figure 16 convenient for indicating, it is not intended that Only a bus or a type of bus.Wherein:

For memory 1502 for storing executable program code, which includes computer operation instruction.Memory 1502 may include high speed RAM memory, it is also possible to further include nonvolatile memory (non-volatile memory), example Such as at least one magnetic disk storage.

Processor 1501 may be a central processing unit (Central Processing Unit, referred to as CPU), or Person is specific integrated circuit (Application Specific Integrated Circuit, referred to as ASIC) or quilt It is configured to implement one or more integrated circuits of the embodiment of the present invention.

Communication interface 1503 is mainly used for realizing the communication between the device in the present embodiment.

Wherein, processor 1501, for receiving user equipment (UE) by router by least one communication interface 1503 The login request message of transmission includes the user identifier of the UE in the login request message, wherein when the location-based service When device receives the login request message that the user equipment (UE) is sent, the location server generates random value；

Processor 1501 is also used to according to the random value, the user identifier of the UE and the location server Identifier generates interim subscriber identity；

Memory 1502, for saving the interim subscriber identity of the generation unit generation, user's mark of the UE The corresponding relationship of the mark of knowledge, UE mark and the location server, so that the location server is according to the correspondence The message comprising the interim subscriber identity of the transmission of UE described in relation recognition；

Processor 1501 is also used to the generation unit through at least one communication interface 1503 through the router The interim subscriber identity generated is forwarded to the UE.

Optionally, processor 1501 are specifically also used to: according to the random value, shared key, the user identifier of the UE And the identifier of the location server generates interim subscriber identity, the user identifier pair of the common key and the UE It answers.

Optionally, processor 1501 are specifically also used to: being turned by least one communication interface 1503 by the router Registration reply message is sent out to the UE, includes the interim subscriber identity in the registration reply message.

The embodiment of the present invention provides a kind of communication system 16, referring to Fig.1 shown in 7, comprising: location server SLS1601, Domain router DR1602 and the user equipment (UE) 1603 being connect with DR, wherein

Location server SLS1601 is location server SLS shown in Fig. 10；

The user equipment (UE) 1603 is user equipment (UE) shown in Fig. 9；

Alternatively,

Location server SLS1601 is location server SLS shown in Figure 12；

The user equipment (UE) 1603 is user equipment (UE) shown in Figure 11；

Alternatively,

Location server SLS1601 is location server SLS shown in Figure 14；

The user equipment (UE) 1603 is user equipment (UE) shown in Figure 13；

Alternatively,

Location server SLS1601 is location server SLS shown in Figure 16；

The user equipment (UE) 1603 is user equipment (UE) shown in figure 15.

Communication system provided in an embodiment of the present invention, user equipment (UE) pass through login request message for the user of user equipment Mark is sent to location server, and obtains the shared key according to the user identifier of the UE, the user identifier of user equipment, The mark and shared key for the location server being obtained ahead of time generate interim subscriber identity, by being hidden using random user ID The true ID of user solves the problems, such as privacy of user exposure, improves the sense of security of user network experience.

Through the above description of the embodiments, it is apparent to those skilled in the art that the present invention can be with It is realized with hardware realization or firmware realization or their combination mode.It when implemented in software, can be by above-mentioned function Storage in computer-readable medium or as on computer-readable medium one or more instructions or code transmitted.Meter Calculation machine readable medium includes computer storage media and communication media, and wherein communication media includes convenient for from a place to another Any medium of a place transmission computer program.Storage medium can be any usable medium that computer can access.With For this but be not limited to: computer-readable medium may include RAM, ROM(Read Only Memory, read-only memory) or its His optical disc storage, magnetic disk storage medium or other magnetic storage apparatus or it can be used in carrying or storing that there is instruction or number According to structure type desired program code and can be by any other medium of computer access.Furthermore.Any connection can be with It is appropriate to become computer-readable medium.For example, if software is using coaxial cable, optical fiber cable, twisted pair, digital subscriber Line (DSL) either such as infrared ray, radio and microwave etc wireless technology from website, server or other remote sources pass Defeated, then the wireless technology of coaxial cable, optical fiber cable, twisted pair, DSL or such as infrared ray, wireless and microwave etc Including in the fixing of affiliated medium.As used in the present invention, disk (Disk) and dish (disc) include compression optical disc (CD), swash Optical disc, optical disc, Digital Versatile Disc (DVD), floppy disk and Blu-ray Disc, the usually magnetic replicate data of which disk, and dish is then used Laser carrys out optical replicate data.Combination above should also be as including within the protection scope of computer-readable medium.

The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain Lid is within protection scope of the present invention.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims

1. a kind of method of privacy of user protection characterized by comprising

User equipment (UE) sends login request message to location server by router, so that the location server is connecing Random value is generated when receiving the login request message of the UE, and the random value is sent to the UE, the registration request It include the user identifier of the UE in message, so that the location server is according to the random value, shared key, the UE User identifier and the location server identifier generate interim subscriber identity, and save the interim subscriber identity, The user identifier of the UE, UE are identified and the corresponding relationship of the mark of the location server, so that the location-based service Device identifies the message comprising the interim subscriber identity of the transmission of the UE according to the corresponding relationship, the shared key with The user identifier of the UE is corresponding；

The UE receives the random value that the location server is sent by the router；

The UE is according to the shared key, the user identifier of the UE, the random value and the position obtained in advance The identifier of server generates the interim subscriber identity, and the shared key is corresponding with the user identifier of the UE.

2. the method according to claim 1, wherein the UE receives the location-based service by the router Device send the random value include:

The UE receives the authentication request message that the location server is sent, the authentication request message by the router In include the random value.

3. the method according to claim 1, wherein the UE receives the location-based service by the router Device send the random value include:

The UE receives the registration reply message that the location server is sent, the registration reply message by the router In include the random value.

4. a kind of method of privacy of user protection characterized by comprising

Location server receives the login request message that user equipment (UE) is sent by router, wraps in the login request message User identifier containing the UE, wherein when the location server receives the login request message that the UE is sent, institute's rheme It sets server and generates random value；

The random value is sent to the UE by the router by the location server, so that the UE is according to shared The identifier of key, the user identifier of the UE, the random value and the location server obtained in advance generates interim User identifier；

The location server obtains shared key according to the user identifier of the UE, and according to the shared key, the UE User identifier, the identifier of the random value and the location server generates the interim subscriber identity；

The location server saves the interim subscriber identity, the user identifier of the UE, UE mark and institute's rheme The corresponding relationship of the mark of server is set, and marking comprising the casual user for the UE transmission is identified by the corresponding relationship The message of knowledge.

5. according to the method described in claim 4, it is characterized in that, the location server by the router will it is described with Machine value is sent to the UE

The location server sends authentication request message to the UE by the router, wraps in the authentication request message Random value is included, so that the UE is according to the shared key, the user identifier of the UE, the random value and in advance acquisition The identifier of the location server generate interim subscriber identity, the shared key is corresponding with the user identifier of the UE.

6. according to the method described in claim 4, it is characterized in that, the location server by the router will it is described with Machine value is sent to the UE

The location server forwards registration reply message to the UE by the router, wraps in the registration reply message Random value is included, so that the UE is according to the shared key, the user identifier of the UE, the random value and in advance acquisition The identifier of the location server generate interim subscriber identity, the shared key is corresponding with the user identifier of the UE.

7. a kind of method of privacy of user protection characterized by comprising

User equipment (UE) sends login request message to location server by router, includes institute in the login request message The user identifier of UE is stated, so that the location server generates random value when receiving the login request message of the UE, And interim subscriber identity is generated according to the identifier of the random value, the user identifier of the UE and the location server, And save the correspondence of the mark of the interim subscriber identity, the user identifier of the UE, UE mark and the location server Relationship so that the location server according to the corresponding relationship identify the UE transmission comprising the casual user mark The message of knowledge；

The UE receives the interim subscriber identity by the router.

8. the method according to the description of claim 7 is characterized in that the UE receives the casual user by the router Mark includes:

The UE receives the registration reply message that the location server is sent, the registration reply message by the router In include the interim subscriber identity.

9. a kind of method of privacy of user protection characterized by comprising

Location server receives the login request message that user equipment (UE) is sent by router, wraps in the login request message User identifier containing the UE, wherein when the location server receives the login request message that the user equipment (UE) is sent When, the location server generates random value；

The location server is raw according to the identifier of the random value, the user identifier of the UE and the location server At interim subscriber identity；

The location server saves the interim subscriber identity, the user identifier of the UE, UE mark and position clothes The corresponding relationship of the mark of business device, so that the location server identifies the packet of the transmission of the UE according to the corresponding relationship Message containing the interim subscriber identity；

10. according to the method described in claim 9, it is characterized in that, the location server is according to the random value, the UE User identifier and the location server identifier generate interim subscriber identity include:

The location server is according to the random value, shared key, the user identifier of the UE and the location server Identifier generate interim subscriber identity, the shared key is corresponding with the user identifier of the UE.

11. according to the method described in claim 9, it is characterized in that, the location server will be described by the router Interim subscriber identity is forwarded to the UE, comprising:

The location server forwards registration reply message to the UE by the router, wraps in the registration reply message Include the interim subscriber identity.

12. a kind of user equipment characterized by comprising

Communication unit, for sending login request message to location server by router, so that the location server Random value is generated in the login request message for receiving UE, and the random value is sent to the UE, the registration request It include the user identifier of the UE in message, so that the location server is according to the random value, shared key, the UE User identifier and the location server identifier generate interim subscriber identity, and save the interim subscriber identity, The user identifier of the UE, UE are identified and the corresponding relationship of the mark of the location server, so that the location-based service Device identifies the message comprising the interim subscriber identity of the transmission of the UE according to the corresponding relationship, the shared key with The user identifier of the UE is corresponding；

The communication unit is also used to receive the random value that the location server is sent by the router；

Generation unit, for according to the shared key, the user identifier of the UE, the random value and the institute obtained in advance The identifier for stating location server generates the interim subscriber identity, and the shared key is corresponding with the user identifier of the UE.

13. user equipment according to claim 12, which is characterized in that the communication unit is specifically also used to:

The authentication request message that the location server is sent is received by the router, includes in the authentication request message The random value.

14. user equipment according to claim 12, which is characterized in that the communication unit is specifically also used to:

The registration reply message that the location server is sent is received by the router, includes in the registration reply message The random value.

15. a kind of location server characterized by comprising

Communication unit, for receiving the login request message that user equipment (UE) is sent, the login request message by router In include the UE user identifier, wherein when the location server receives the login request message that the UE is sent, institute It states location server and generates random value；

The communication unit is also used to that the random value is sent to the UE by the router, so that the UE root According to shared key, the user identifier of the UE, the identifier life of the random value and the location server obtained in advance At interim subscriber identity；

Generation unit, for obtaining shared key according to the user identifier of the UE, and according to the shared key, the UE's The identifier of user identifier, the random value and the location server generates the interim subscriber identity；

Storage unit, for saving the user identifier, described of the interim subscriber identity, the UE that the generation unit generates The corresponding relationship of UE mark and the mark of the location server, and the packet that the UE is sent is identified by the corresponding relationship Message containing the interim subscriber identity.

16. location server according to claim 15, which is characterized in that the communication unit is specifically also used to:

Authentication request message is sent to the UE by the router, includes random value in the authentication request message, so that The UE is obtained according to the shared key, the user identifier of the UE, the random value and the position obtained in advance clothes The identifier of business device generates interim subscriber identity, and the shared key is corresponding with the user identifier of the UE.

17. location server according to claim 15, which is characterized in that the communication unit is specifically also used to:

Registration reply message is forwarded to the UE by the router, includes random value in the registration reply message, so that The UE is obtained according to the shared key, the user identifier of the UE, the random value and the position obtained in advance clothes The identifier of business device generates interim subscriber identity, and the shared key is corresponding with the user identifier of the UE.

18. a kind of user equipment characterized by comprising

Transmission unit wraps in the login request message for sending login request message to location server by router User identifier containing user equipment (UE), so that the location server generates at random in the login request message for receiving UE Value, and casual user's mark is generated according to the identifier of the random value, the user identifier of the UE and the location server Know, and saves pair of the mark of the interim subscriber identity, the user identifier of the UE, UE mark and the location server Should be related to so that the location server according to the corresponding relationship identify the UE transmission comprising the casual user The message of mark；

Receiving unit, for receiving the interim subscriber identity by the router.

19. user equipment according to claim 18, which is characterized in that the receiving unit is specifically also used to:

The registration reply message that the location server is sent is received by the router, includes in the registration reply message The interim subscriber identity.

20. a kind of location server characterized by comprising

Communication unit, for receiving the login request message that user equipment (UE) is sent, the login request message by router In include the UE user identifier, wherein when the location server receives the registration request that the user equipment (UE) is sent When message, the location server generates random value；

Generation unit, for raw according to the user identifier of the random value, the UE and the identifier of the location server At interim subscriber identity；

Storage unit, for saving the interim subscriber identity, the user identifier of the UE, UE mark that the generation unit generates The corresponding relationship of the mark of knowledge and the location server, so that the location server is identified according to the corresponding relationship The message comprising the interim subscriber identity of the transmission of the UE；

The communication unit is also used to forward by the interim subscriber identity that the router generates the generation unit To the UE.

21. location server according to claim 20, which is characterized in that the generation unit is specifically also used to:

Faced according to the generation of the identifier of the random value, shared key, the user identifier of the UE and the location server When user identifier, the shared key is corresponding with the user identifier of the UE.

22. location server according to claim 20, which is characterized in that the communication unit is specifically also used to:

It include the casual user in the registration reply message by router forwarding registration reply message to the UE Mark.

23. a kind of communication system characterized by comprising location server, router and the use being connected to the router Family equipment UE, wherein

The location server is location server described in any one of claim 15~17；

The user equipment (UE) is user equipment described in any one of claim 12~14；

Alternatively,

The location server is location server described in any one of claim 20~22；

The user equipment (UE) is user equipment described in any one of claim 18~19.