CN107147614A - A kind of method, signal processor, user equipment and the system of communication security processing - Google Patents
A kind of method, signal processor, user equipment and the system of communication security processing Download PDFInfo
- Publication number
- CN107147614A CN107147614A CN201710150989.8A CN201710150989A CN107147614A CN 107147614 A CN107147614 A CN 107147614A CN 201710150989 A CN201710150989 A CN 201710150989A CN 107147614 A CN107147614 A CN 107147614A
- Authority
- CN
- China
- Prior art keywords
- signal processor
- anonymous
- request message
- security gateway
- user equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
Abstract
The present invention provides a kind of method, signal processor, user equipment and the system of communication security processing, and methods described includes:The signal processor of user equipment receives the first paging request message;The signal processor, to security gateway, so that the security gateway sends first paging request message to core network element, realizes secure communication by the first paging request message described in the Anonymous Secure channel transfer that pre-establishes;Wherein, the Anonymous Secure passage is the passage that information exchange is carried out between the signal processor that the security gateway is pre-established according to the anonymous information of the user equipment.The method of the present invention is by the signal processor being arranged in user equipment, and the first paging request message can realize secure communication to security gateway as described in the Anonymous Secure channel transfer pre-established.
Description
Technical field
The present invention relates to a kind of communication technical field, particularly a kind of communication security processing method, signal processor, user
Equipment and system.
Background technology
The tracking information of user equipment (User Equipment, UE) mainly comprising UE base station location, GPS location and
Subscriber identity information.At present, by taking mobile phone as an example, the research that the communication information on mobile phone is protected is concentrated mainly on preventing mobile phone positioning
In work.
The technical scheme of existing preventing mobile phone positioning is mainly deployed in terms of following two:
The 1st, anti-information leakage software program is installed on mobile phone, user may be selected to use " safety call " function, carry out
During talk business, sent after the data of speech business are encapsulated by software cryptography.
2nd, using the secret mobile phone for being provided with encryption chip, correspondingly, user may be selected the data encryption of speech business
Sent after encapsulation.
The defect of prior art is mainly reflected at following 4 points:
First, encapsulation can only be encrypted to the data of speech business, but as long as being the data transmitted by operator base station,
From air interface, such as UU mouthfuls (interface of Interface between the UTRAN and the UE, base station and mobile phone) still
It would know that the information such as the caller of call, called, base station location, it is impossible to which the information such as caller, called, base station location to call is carried out
Protection.
Secondly, in the location-based service that operator provides, mobile phone can not be avoided by operator's positive location.
Again, the baseband chip of mobile phone is responsible for signal transacting and protocol processes, and the communication function of mobile phone is main by base band core
Piece is completed, but currently without the commercial baseband chip increased income, therefore constrains the security protection development of customer position information significantly,
In addition, baseband chip is also possible to can have leak and back door, grave danger is brought to customer position information protection.
Finally, the anti-positioning product of identical must be used with called using the caller of encrypted transmission, identical software is installed
Or using the mobile phone with producer, the development of communication security is limited to a certain extent.
Therefore, existing anti-information leakage software and secret mobile phone can provide good to the mobile phone increased income to a certain extent
Safeguard protection, but the communication for mobile phone does not have any safeguard procedures, it is impossible to prevent malice base station, such as pseudo-base station opponent
The acquisition problem of machine information.
The content of the invention
For the defect of prior art, the present invention provides a kind of communication security processing method, signal processor, user equipment
And system, by the signal processor being arranged in user equipment, first as described in the Anonymous Secure channel transfer pre-established
Paging request message can realize secure communication to security gateway.
In a first aspect, the present invention provides a kind of method of communication security processing, including:
The signal processor of user equipment receives the first paging request message;
The signal processor is by the first paging request message described in the Anonymous Secure channel transfer that pre-establishes to pacifying
Full gateway, so that the security gateway sends first paging request message to core network element, realizes secure communication;
Wherein, the Anonymous Secure passage is that the security gateway is pre-established according to the anonymous information of the user equipment
Between the signal processor carry out information exchange passage.
Alternatively, the second paging that the signal processor is sent by the Anonymous Secure channel reception security gateway please
Seek message;
The signal processor sends second paging request message to the baseband processing chip of user equipment, realizes
Secure communication.
Alternatively, the Anonymous Secure passage is set up by following steps:
The signal processor obtains the anonymous information prestored;
The signal processor sendaisle sets up request message to security gateway, is taken in the Path Setup request message
With the anonymous information, so that the security gateway sets up the Anonymous Secure passage according to the anonymous information.
Alternatively, methods described also includes:
The signal processor receives the first paging request message after the encryption/decryption module encryption of user equipment;
The signal processor sends the first paging request message of the encryption to security gateway, so that the safety
First paging request message is decrypted gateway;
Correspondingly,
The signal processor is received after the second paging request message of the encryption that security gateway is sent, by the encryption
Second paging request message is sent to the encryption/decryption module, makes the encryption/decryption module to the second paging request of the encryption
Message is decrypted;
Wherein, the encryption/decryption module and the security gateway carry out encryption and decryption by the encryption and decryption mode consulted in advance.
Alternatively, methods described also includes:
The signal processor receives the signaling that security gateway is sent, and the signaling is sent to the information of user equipment
Hidden module, so that described information hidden module is judged;
When judging that the signaling includes user identity inquiry message, hideing for user equipment is sent to the signal processor
Name information;
The signal processor receives the anonymous information, and the anonymous information is sent to security gateway;
When judging that the signaling includes user's location information, refusal instruction is sent to the signal processor;
The signal processor receives the refusal instruction, and the refusal instruction is sent to security gateway;
When judging that the signaling includes sensitive information, the sensitive information is shielded.
Second aspect, the present invention also provides a kind of signal processor of communication security processing, including:
First receiving unit, the first paging request message for receiving user equipment;
First transmitting element, for the first paging request message described in the Anonymous Secure channel transfer by pre-establishing extremely
Security gateway, so that the security gateway sends first paging request message to core network element, realizes secure communication;
Wherein, the Anonymous Secure passage is that the security gateway is pre- according to the anonymous information of the user equipment obtained in advance
That first sets up carries out the passage of information exchange between the signal processor.
Alternatively, the signal processor also includes:
Second receiving unit, the second paging request for being sent by the Anonymous Secure channel reception security gateway disappears
Breath;
Second transmitting element, for second paging request message to be sent to the baseband processing chip of user equipment,
Realize secure communication.
Alternatively, the signal processor also includes:
First acquisition unit, for obtaining the anonymous information prestored;
The transmitting element of first transmitting element/second, is additionally operable to sendaisle and sets up request message to security gateway, described logical
Road, which is set up in request message, carries the anonymous information, so that the security gateway is hidden according to being set up the anonymous information
Name escape way.
The third aspect, the present invention also provides a kind of user equipment of communication security processing, including:
Described signal processor.
Fourth aspect, the present invention also provides a kind of system of communication security processing, including:
The user equipment, and security gateway.
As shown from the above technical solution, a kind of communication security processing method of the invention, signal processor, user equipment and it is
System, methods described is by the signal processor that is arranged in user equipment, as described in the Anonymous Secure channel transfer pre-established
First paging request message can realize secure communication to security gateway.
Brief description of the drawings
Fig. 1 is existing Femto network architecture schematic diagrams;
Fig. 2 is a kind of schematic flow sheet of the method for communication security processing that the embodiment of the present invention one is provided;
Fig. 3 shows the network architecture schematic diagram that the present embodiment one is provided.
Fig. 4 shows a kind of structural representation of the signal processor for communication security processing that the present embodiment four is provided.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is explicitly described, it is clear that described embodiment be the present invention
A part of embodiment, rather than whole embodiments.
For clearer description embodiment, fly honeycomb (Femto cell), be that one kind is applied in family's indoor environment, done
Base station equipment under public environment or other small covering indoor environments, provides wireless signal covering, it uses IP for indoor mobile phone
Agreement, is operated in licensed band, has the advantages that low-power, high security.
Fig. 1 shows existing Femto network architecture schematic diagrams.
As shown in figure 1, the existing Femto network architectures are divided into three parts:
Part I, Femto access networks:UE is connected to Home eNodeB (Home eNode B) by UU interfaces;
Part II, gateway:Home eNodeB is connected to home gateway (Home eNode B GW) or peace by Iuh interfaces
Full gateway (SeGW, Security Gateway);
It it should be noted that security gateway can exist as stand-alone network elements, may alternatively be integrated within home gateway, be Femto
One necessary logic function of planar network architecture, is mainly responsible for setting up ipsec security tunnel (Internet Protocol Security
TUNNEL, procotol secure tunnel), it is authentication ciphering of the Home eNodeB to the data between core net, to ensure service security
Property and privacy of user.
In IPSEC Establishing process, HLR (Home Location Register, attaching position register) is to family's base
The user equipment stood is carried out after SIM authentications, record SIM card information, and the secure tunnel between Home eNodeB and security gateway is
It can set up, and IUH interface IP addresses are distributed for base station, it is ensured that the normal forwarding of Home eNodeB and security gateway signaling and business.
Wherein, ipsec security tunnel can be to provide Home eNodeB to the management system HeMS of Home eNodeB safety and connect
Enter tunnel or Home eNodeB to the secure accessing of security gateway, can also be connect further to core net MME safety
Enter.
Part III, core net:Home gateway or security gateway are connected to the MME of core net by lu interfaces.
Wherein, security gateway accesses existing network, i.e. core net, interface protocol and RNC complete one by luCS, luPS interface
Cause.
Existing Home eNodeB is available for multiple user equipmenies to network, mainly with two functions:
The signaling process that Home eNodeB is interacted with the processor of user equipment, such as sets up carrying flow, and Home eNodeB
Interacted with security gateway, be such as forwarded from NAS message, SIP signalings that core net is transmitted.
Fig. 2 shows a kind of schematic flow sheet of the method for communication security processing that the embodiment of the present invention one is provided.
Reference picture 2, the method that the embodiment of the present invention one is proposed specifically includes following steps:
201st, the signal processor of user equipment receives the first paging request message;
202nd, the signal processor passes through the first paging request message described in the Anonymous Secure channel transfer that pre-establishes
To security gateway, so that the security gateway sends first paging request message to core network element, realize that safety is logical
Letter;
Wherein, the Anonymous Secure passage is that the security gateway is pre-established according to the anonymous information of the user equipment
Between the signal processor carry out information exchange passage.
Signal processor in the present embodiment has wireless transmission/reception function, realizes Home eNodeB in Femto networks
Effect so that the user equipment of such as mobile phone has the signaling forwarding function of Home eNodeB, that is to say, that due to by signaling
Reason device is integrated in mobile phone, therefore the signaling process that the baseband chip of user equipment is interacted with Home eNodeB in the prior art can lead to
The Signalling exchange in user equipment between processor and signal processor is crossed to realize;Correspondingly, existing Home eNodeB and safety
The Signalling exchange of gateway can be realized by the Signalling exchange in user equipment between signal processor and security gateway.
Signal processor in the present embodiment is integrated in mobile phone, is available for a phone network.
Fig. 3 shows the network architecture schematic diagram that the present embodiment one is provided.
Reference picture 3, the network architecture of the present embodiment one is divided into three parts:
Access network:The processor of user equipment is connected to signal processor, the self defined interface using self defined interface
Follow 3GPP standards.
Malice base station is typically to intercept and capture user profile by UU interfaces in the prior art, it is contemplated that UU interfaces have data letter
Make in the risk of leakage, the present embodiment, signal processor is integrated in mobile phone, UU interfaces are eliminated therewith, in a mobile phone
The interaction flow of the middle mobile phone and base station for completing prior art, thus can realize the purpose for preventing that signaling from revealing.
Gateway:IP address-based wireless connection between signal processor and home gateway or security gateway.
The Anonymous Secure passage is set up by following not shown sub-step:
2021st, the signal processor obtains the anonymous information prestored;
2022nd, the signal processor sendaisle sets up request message to security gateway, and the Path Setup request disappears
The anonymous information is carried in breath, so that the security gateway sets up the Anonymous Secure passage according to the anonymous information.
Specifically, in IPSEC Establishing process, HLR carries out SIM authentications, letter to the user equipment of signal processor
Make processor send the anonymous information of user equipment to HLR, HLR is recorded SIM card information, signal processor and security gateway
Between set up Anonymous Secure passage, it is ensured that the normal forwarding of signal processor and security gateway signaling and business.
For example, the Anonymous Secure passage can be by business telecommunication Path Setup, the business telecommunication passage
The data communication channels such as GSM, CDMA, CDMA2000, TD-SCDMA, WCDMA or LTE.
In the present embodiment, anonymous information memory module can be set in user equipment, for storing anonymous information, anonymous setting up
Anonymous information is used during escape way.
Anonymous information memory module can be space card, for setting up Anonymous Secure passage, can with right and wrong real name or not
Show the SIM card or card of surfing Internet of card information.
Further to ensure information safety, space card can be replaced after certain interval of time in the present embodiment.
It should be noted that setting up Anonymous Secure passage using anonymous information in the present embodiment, user equipment is to ensure peace
Set up entirely, and the real user's mark of user equipment is stored in subscriber identification module SIM card, the subscriber identification module
User mark need to pass through registered in advance.
As it was previously stated, signal processor is corresponded with user equipment in mobile phone, signal processor sends registration request extremely
Security gateway, the registration request includes user's mark that signal processor is obtained, and security gateway will create user by internal memory
Mark and the linked list of signal processor, and registration received message is sent to signal processor, therefore the user that is stored with is true
The SIM card of user's mark can only connect the signal processor of owning user equipment, and be not connected to macro base station.
The dial-up key of user equipment is pressed in user, the processor of user equipment receives call instruction, Yong Hushe
Standby processor obtains the user profile in SIM card information, the first paging request sent to the signal processor of user equipment
(PAGING REQUEST), user profile is carried in the first paging request and user's mark is paged;
The signal processor by the first paging request message described in the Anonymous Secure channel transfer to security gateway,
The security gateway sends first paging request message to core network element MME (Mobility Management
Entity, mobility management entity), make MME according to user profile in first paging request message and be paged user's mark
Know and carry out follow-up talk business flow.
Due to signal processor is integrally disposed in mobile phone, and by Anonymous Secure channel transfer comprising user profile
First paging request, it can be ensured that the macro base station position belonging to user equipment is not perceived by core net.
Further, user profile includes user's access grade (ACCESS CLASS) in SIM card, is defined as 0 to 9, this
Numbering is stored in SIM card.First paging request may include user's access grade information, and for core-network side to user profile
Classified, user profile is included due to signal processor is integrally disposed in mobile phone, and by Anonymous Secure channel transfer
The first paging request, it can be ensured that user's access grade is not perceived by macro base station.
The method that the present embodiment is provided, by the way that the signal processor with wireless transmission/reception function is arranged at into user
In equipment, the risk UU interfaces that there is data signaling to reveal in the prior art are eliminated therewith, exposed user profile is solved
Problem.Meanwhile, set up Anonymous Secure passage using anonymous information so that in paging as caller user equipment user
Relevant information (identity information and positional information) is isolated well with the external world, can thoroughly be avoided empty from base station side by macro base station
Mouth obtains user profile and positional information, and it is safe to be ensured of user related information in access net side transmission.
When user equipment as it is called when communication security processing method, perform following not shown step:
401st, the second paging request that the signal processor is sent by the Anonymous Secure channel reception security gateway
Message;
402nd, the signal processor sends second paging request message to the baseband processing chip of user equipment,
Realize secure communication.
Core net is by parsing the first paging request, and acquisition is therein to be paged user's mark, sends the second paging request
Message (Paging request) is to security gateway.
If being paged user is designated the user equipment that Anonymous Secure passage is set up with security gateway, then security gateway
Second paging request is reached into the user equipment being paged by Anonymous Secure passage.Specifically, security gateway is according to storage
User's mark and the linked list of signal processor are created, the second beep-page message is sent to correspondence quilt by Anonymous Secure passage
The signal processor of calling user mark.
The signal processor sends second paging request message to user equipment baseband chip, is forwarded to user
Device handler, makes user's device handler respond second paging request message, realizes secure communication.
If being paged user is designated the user equipment for not setting up Anonymous Secure passage with security gateway, that is, user
Equipment is not include the regular handset of signal processor, then security gateway equipment leads to the second paging request and follow-up business
Letter data is passed on called subscriber's mobile phone by mobile operator macro base stations.
The method that the present embodiment is provided, by the way that the signal processor with wireless transmission/reception function is arranged at into user
In equipment, the risk UU interfaces that there is data signaling to reveal in the prior art are eliminated therewith, exposed user profile is solved
Problem.Meanwhile, set up Anonymous Secure passage using anonymous information so that the user of called user equipment is used as in paging
Information is isolated well with positional information with the external world, can thoroughly avoid obtaining user profile and positional information by macro base station.
In embodiments of the invention two, the step 201 and step 202 of the above method specifically also include following not shown
The sub-step A1 and A2 gone out, other steps are similar to embodiment one, are no longer described in detail.
A1, the signal processor receive the first paging request message after the encryption/decryption module encryption of user equipment;
A2, the signal processor send the first paging request message of the encryption to security gateway, so that described
First paging request message is decrypted security gateway;
Wherein, the encryption/decryption module and the security gateway carry out encryption and decryption by the encryption and decryption mode consulted in advance.
In this step, encryption/decryption module need to carry out key agreement in advance with security gateway, arrange encryption and decryption mode, make letter
The Signalling exchange between processor and security gateway is made on the basis of Anonymous Secure passage, further in Anonymous Secure passage
The content of interior transmission, i.e. the first paging request message are encrypted, and realize bidirectional identity authentication.
Security gateway not only has routing function, also with decryption function, the first paging request message is decrypted, also
Original is forwarded to core network element into clear data.
After paging success, subsequent voice communicating data content, signal processor and peace are transmitted in Anonymous Secure passage
Full gateway can carry out encryption and decryption by the encryption and decryption mode consulted in advance to communicating data.
For example, the cipher mode consulted in advance and the manner of decryption consulted in advance can be protection algorithm integrallties,
Concretely (cryptographic Hash size is 256 by MD5 (Message Digest Algorithm 5), SHA1 (Secure Hash Algorithm), SHA256
Hash algorithm) or the close SM3 of state (the close office's hash algorithm of state) etc. algorithm.
For example, the cipher mode consulted in advance and the manner of decryption consulted in advance can be DES (data encryption standards
Method), the enciphering and deciphering algorithm such as 3DES (triple DEAs) or the close SM2 of state (the asymmetric commercial cipher algorithm of close office of state).
It is understood that the safety of the signaling of transmission in Anonymous Secure passage can be ensured using other existing algorithms.
In the present embodiment, encryption/decryption module is set in a user device, can to the content transmitted in Anonymous Secure passage,
That is the first paging request message and follow-up communicating data are encrypted, equivalent to the base in this encipherment protection of Anonymous Secure passage
On plinth, a heavy safety guarantee is added again, while the first paging request message and follow-up communicating data are decrypted security gateway,
So that user profile can safety and precise transfer to core network element, make core-network side can according to user profile carry out call business at
Reason.By the cipher mode and link standard of diversification, true identity information, the positional information of user equipment are ensure that well
And security of the communicating data in transmitting procedure.
Correspondingly, user equipment as it is called when, in embodiments of the invention two, specifically also include following not shown
Sub-step B1.
B1, the signal processor are received after the second paging request message of the encryption that security gateway is sent, and described will be added
The second close paging request message is sent to the encryption/decryption module of user equipment, encryption/decryption module is sought to the second of the encryption
Request message is exhaled to be decrypted;
Wherein, the encryption/decryption module and the security gateway carry out encryption and decryption by the encryption and decryption mode consulted in advance.
In the present embodiment, security gateway has encryption function, to that will be sent to signaling processing by Anonymous Secure passage
The content (such as the second call request, follow-up communicating data) of device is encrypted, and is protected equivalent to this encryption in Anonymous Secure passage
On the basis of shield, a heavy safety guarantee is added again, meanwhile, encryption/decryption module is set in user equipment, can be to logical from Anonymous Secure
Road receive content be decrypted so that user processor can safety and precise obtain receive content.Pass through the encryption of diversification
Mode and link standard, ensure that true identity information, positional information and the communicating data of user equipment are being transmitted across well
Security in journey.
In embodiments of the invention three, if the user equipment of caller and when not setting up Anonymous Secure passage, called use
The data of reception need to be examined by the data that family equipment is transmitted by Generally Recognized as safe channel reception by the method for the present embodiment four
Look into, to ensure communication security.
Above-described embodiment method also includes following not shown sub-step, and other steps are similar to embodiment one, no longer
It is described in detail.
Methods described also includes:
The signal processor receives the signaling that security gateway is sent, and the signaling is sent to the information of user equipment
Hidden module, so that described information hidden module is judged;
When judging that the signaling includes user identity inquiry message, hideing for user equipment is sent to the signal processor
Name information;
The signal processor receives the anonymous information, and the anonymous information is sent to security gateway.
In this step, configuration information hidden module (Information hiding module) in a user device, can
Design software program is realized, makes to check the signaling of reception and hide subscriber identity information, to ensure communication security.
When judging that the signaling includes user's location information, refusal instruction is sent to the signal processor;
The signal processor receives the refusal instruction, and the refusal instruction is sent to security gateway.
When judging that the signaling includes sensitive information, the sensitive information is shielded.
In the present embodiment, information hiding module can be examined effectively to the communication data sent from user equipment
Look into, if be encrypted, the communication data of reception can also be checked, if including illegal contents, and whether wrap
Sensitive information is included, when network side sends Location Request, information hiding module can be refused, the position of camouflage also can be transmitted
Information.It is possible thereby to effectively be checked mobile data and Information hiding, and then it ensure that the hidden of user profile
Property.
In summary, the embodiment of the present invention one to embodiment three elaborates a kind of communication security processing method, at least has
Following technique effect.
First, by the way that the signal processor with wireless transmission/reception function is arranged in user equipment, eliminate therewith
There is the risk UU interfaces that data signaling is revealed, the problem of solving exposed user profile in the prior art.
2nd, set up Anonymous Secure passage using anonymous information so that in paging as caller user equipment use
Family relevant information (such as subscriber identity information and positional information) is isolated well with the external world, prevents base station from air interface
Steal information, it is ensured that user related information is safe in access net side transmission.
3rd, will be transmitted after paging request and encryption of communicated data by escape way, equivalent to Anonymous Secure passage this
On the basis of one encipherment protection, a heavy safety guarantee is added again, the cipher mode and link standard of diversification ensure that well
The security of user profile and positional information in transmitting procedure.
4th, configuration information hidden module is increased in a user device, signaling that can be effectively to reception is checked, by
This effectively can be checked and Information hiding two-way mobile data, and then ensure that the hidden of user profile
Property.
Fig. 4 shows a kind of structural representation of the signal processor for communication security processing that the present embodiment four is provided.
The signal processor 4 includes:First receiving unit 41 and the first transmitting element 42.
First receiving unit 41, the first paging request message for receiving user equipment 5;
First transmitting element 42, for the first paging request message described in the Anonymous Secure channel transfer by pre-establishing
To security gateway 6, so that the security gateway 6 sends first paging request message to core network element 7, safety is realized
Communication;
Wherein, the Anonymous Secure passage is anonymous information of the security gateway 6 according to the user equipment 5 obtained in advance
What is pre-established carries out the passage of information exchange between the signal processor 4.
Signal processor 4 in the present embodiment has wireless transmission/reception function, by the way that signal processor 4 is integrated to
Signal processor 4 is caused to carry out Signalling exchange between baseband chip in such as user equipment 5 with user equipment in user equipment 5;
Correspondingly, signal processor 4 can carry out Signalling exchange between security gateway 6.
The network structure description of the present embodiment four is summarized as follows, such as embodiment one is described in detail.
Access network:The processor of user equipment is connected to signal processor 4, the self defined interface using self defined interface
Follow 3GPP standards.
Malice base station is typically to intercept and capture user profile by UU interfaces in the prior art, it is contemplated that UU interfaces have data letter
Make in the risk of leakage, the present embodiment five, signal processor is integrated in mobile phone, UU interfaces are eliminated therewith, in a hand
The mobile phone of prior art and the interaction flow of base station are completed in machine, the purpose for preventing that signaling from revealing thus can be realized.
Gateway:IP address-based wireless connection between signal processor 4 and security gateway 6.
The signal processor 4 also includes first acquisition unit, the first acquisition unit, for the signal processor
4 obtain the anonymous information prestored;
First transmitting element 41, is additionally operable to sendaisle and sets up request to security gateway 6, the Path Setup request includes
Anonymous information, so that the security gateway 6 sets up the Anonymous Secure passage according to the anonymous information.
In the present embodiment, anonymous information memory module can be set in user equipment, for storing anonymous information, anonymous setting up
Anonymous information is used during escape way.
Anonymous information memory module can be space card, for setting up Anonymous Secure passage, can with right and wrong real name or not
Show the SIM card or card of surfing Internet of card information.
It should be noted that setting up Anonymous Secure passage using anonymous information in the present embodiment, user equipment is to ensure peace
Set up entirely, and the real user's mark of user equipment is stored in subscriber identification module SIM card, the subscriber identification module
User mark need to pass through registered in advance.
As it was previously stated, signal processor is corresponded with user equipment in mobile phone, signal processor sends registration request extremely
Security gateway, the registration request includes user's mark that signal processor is obtained, and security gateway will create user by internal memory
Mark and the linked list of signal processor, and registration received message is sent to signal processor, therefore the user that is stored with is true
The SIM card of user's mark can only connect the signal processor of owning user equipment, and be not connected to macro base station.
The dial-up key of user equipment is pressed in user, the processor of user equipment receives call instruction, Yong Hushe
Standby processor obtains the user profile in SIM card information, the first paging request sent to the signal processor 4 of user equipment
(PAGING REQUEST), user profile is carried in the first paging request and user's mark, the signal processor 4 is paged
The first receiving unit 41 receive first paging request.
First transmitting element 42 of the signal processor 4 please by the first paging described in the Anonymous Secure channel transfer
Message is sought to security gateway, the security gateway 6 sends first paging request message to core network element MME, makes MME
According to user profile in first paging request message and it is paged user's mark and carries out follow-up talk business flow.
The signal processor 4 that the present embodiment is provided, by the way that the signal processor 4 with wireless transmission/reception function is set
It is placed in user equipment 5, the risk UU interfaces that there is data signaling to reveal in the prior art is eliminated therewith, exposed use is solved
The problem of family information.Meanwhile, set up Anonymous Secure passage using anonymous information so that set in paging as the user of caller
Standby user related information (identity information and positional information) is isolated well with the external world, can thoroughly avoid by macro base station from
Base station side eats dishes without rice or wine to obtain user profile and positional information, and it is safe to be ensured of user related information in access net side transmission.
The method that the present embodiment four performs preceding method embodiment, the principle of work and power is no longer described in detail.
Alternatively, the signal processor 4 also includes not shown the second receiving unit and the second transmitting element.
Second receiving unit, for the second paging request sent by the Anonymous Secure channel reception security gateway 6
Message;
Second transmitting element, for second paging request message to be sent to the baseband processing chip of user equipment 5,
Realize secure communication.
Core net, which is obtained, is paged user's mark, sends the second paging request message (Paging request) to safety net
Close 6.
If being paged user is designated the user equipment 5 that Anonymous Secure passage is set up with security gateway 6, then safety net
Close 6 and second paging request is reached to the user equipment 5 being paged by Anonymous Secure passage.Specifically, security gateway is according to depositing
The linked list for creating user's mark and signal processor of storage, the second beep-page message is sent to right by Anonymous Secure passage
The second receiving unit of the signal processor 4 of user's mark should be paged.
Second transmitting element of the signal processor 4 sends second paging request message to user equipment base band
Chip, is forwarded to user equipment processor, makes the second paging request message described in processor response, realizes secure communication.
If being paged user is designated the user equipment for not setting up Anonymous Secure passage with security gateway, that is, user
Equipment is not include the regular handset of signal processor, then security gateway equipment leads to the second paging request and follow-up business
Letter data is passed on called subscriber's mobile phone by mobile operator macro base stations.
The signal processor 4 that the present embodiment is provided, by the way that the signal processor 4 with wireless transmission/reception function is set
It is placed in user equipment, the risk UU interfaces that there is data signaling to reveal in the prior art is eliminated therewith, exposed use is solved
The problem of family information.Meanwhile, set up Anonymous Secure passage using anonymous information so that set in paging as called user
Standby user related information (identity information and positional information) is isolated well with the external world, can thoroughly avoid by macro base station from
Base station side eats dishes without rice or wine to obtain user profile and positional information, and it is safe to be ensured of user related information in access net side transmission.
As shown in figure 4, the embodiment of the present invention five provides a kind of user equipment 5 of communication security processing, including example IV
Signal processor 4.
In the present embodiment, by the user equipment of the signal processor with wireless transmission/reception function, make a user
Equipment both has the function of itself, the also function with base station, and eliminating therewith in the prior art has what data signaling was revealed
Risk UU interfaces, the problem of solving exposed user profile.And set up Anonymous Secure passage using anonymous information so that paging
The user related information (identity information and positional information) of user equipment in journey as caller is isolated well with the external world,
It can thoroughly avoid being eated dishes without rice or wine to obtain user profile and positional information from base station side by macro base station, be ensured of user related information in access
Net side transmission is safe.
The method that the present embodiment five performs preceding method embodiment, the principle of work and power is no longer described in detail.
Further, as shown in figure 4, the embodiment of the present invention six provides a kind of system of communication security processing, including implement
The user equipment 5 of example five, and security gateway 6.
In the present embodiment, pass through the user equipment of the signal processor with wireless transmission/reception function, and safety net
The interaction of pass, eliminates the risk UU interfaces that there is data signaling to reveal in the prior art, solves asking for exposed user profile
Topic.And setting up Anonymous Secure passage using anonymous information so that the user of the user equipment in paging as caller is related
Information (identity information and positional information) is isolated well with the external world, can thoroughly avoid being eated dishes without rice or wine to obtain from base station side by macro base station
User profile and positional information are taken, it is safe to be ensured of user related information in access net side transmission.
The method that the present embodiment six performs preceding method embodiment, the principle of work and power is no longer described in detail.
Although it will be appreciated by those of skill in the art that some embodiments described herein include being wrapped in other embodiments
The some features rather than further feature included, but not the combination of the feature of be the same as Example mean in the scope of the present invention it
It is interior and form different embodiments.
It will be understood by those skilled in the art that each step in embodiment can be realized with hardware, or with one or
The software module run on the multiple processors of person is realized, or is realized with combinations thereof.Those skilled in the art should manage
Solution, can realize according to embodiments of the present invention one using microprocessor or digital signal processor (DSP) in practice
The some or all functions of a little or whole parts.The present invention is also implemented as performing method as described herein
Some or all equipment or program of device (for example, computer program and computer program product).
Although being described in conjunction with the accompanying embodiments of the present invention, those skilled in the art can not depart from this hair
Various modifications and variations are made in the case of bright spirit and scope, such modifications and variations are each fallen within by appended claims
Within limited range.
Claims (10)
1. a kind of method of communication security processing, it is characterised in that including:
The signal processor of user equipment receives the first paging request message;
The signal processor passes through the first paging request message described in the Anonymous Secure channel transfer that pre-establishes to safety net
Close, so that the security gateway sends first paging request message to core network element, realize secure communication;
Wherein, the Anonymous Secure passage be the security gateway pre-established according to the anonymous information of the user equipment with
The passage of information exchange is carried out between the signal processor.
2. according to the method described in claim 1, it is characterised in that also include:
The second paging request message that the signal processor is sent by the Anonymous Secure channel reception security gateway;
The signal processor sends second paging request message to the baseband processing chip of user equipment, realizes safety
Communication.
3. method according to claim 1 or 2, it is characterised in that the Anonymous Secure passage is set up by following steps:
The signal processor obtains the anonymous information prestored;
The signal processor sendaisle sets up request message to security gateway, is carried in the Path Setup request message
The anonymous information, so that the security gateway sets up the Anonymous Secure passage according to the anonymous information.
4. method according to claim 3, it is characterised in that methods described also includes:
The signal processor receives the first paging request message after the encryption/decryption module encryption of user equipment;
The signal processor sends the first paging request message of the encryption to security gateway, so that the security gateway
First paging request message is decrypted;
Correspondingly,
The signal processor is received after the second paging request message of the encryption that security gateway is sent, by the second of the encryption
Paging request message is sent to the encryption/decryption module, makes the encryption/decryption module to the second paging request message of the encryption
It is decrypted;
Wherein, the encryption/decryption module and the security gateway carry out encryption and decryption by the encryption and decryption mode consulted in advance.
5. method according to claim 4, it is characterised in that methods described also includes:
The signal processor receives the signaling that security gateway is sent, and the signaling is sent to the Information hiding of user equipment
Module, so that described information hidden module is judged;
When judging that the signaling includes user identity inquiry message, the anonymous letter of user equipment is sent to the signal processor
Breath;
The signal processor receives the anonymous information, and the anonymous information is sent to security gateway;
When judging that the signaling includes user's location information, refusal instruction is sent to the signal processor;
The signal processor receives the refusal instruction, and the refusal instruction is sent to security gateway;
When judging that the signaling includes sensitive information, the sensitive information is shielded.
6. a kind of signal processor of communication security processing, it is characterised in that including:
First receiving unit, the first paging request message for receiving user equipment;
First transmitting element, for the first paging request message described in the Anonymous Secure channel transfer by pre-establishing to safety
Gateway, so that the security gateway sends first paging request message to core network element, realizes secure communication;
Wherein, the Anonymous Secure passage is that the security gateway is built in advance according to the anonymous information of the user equipment obtained in advance
The vertical passage that information exchange is carried out between the signal processor.
7. signal processor according to claim 6, it is characterised in that also include:
Second receiving unit, for the second paging request message sent by the Anonymous Secure channel reception security gateway;
Second transmitting element, for second paging request message to be sent to the baseband processing chip of user equipment, is realized
Secure communication.
8. the signal processor according to claim 7 or 8, it is characterised in that also include:
First acquisition unit, for obtaining the anonymous information prestored;
The transmitting element of first transmitting element/second, is additionally operable to sendaisle and sets up request message to security gateway, the passage is built
The anonymous information is carried in vertical request message, so that the security gateway sets up the anonymous peace according to the anonymous information
Full tunnel.
9. a kind of user equipment of communication security processing, it is characterised in that including:
Signal processor described in any one of claim 6 to 8.
10. a kind of system of communication security processing, it is characterised in that including:
User equipment described in claim 9, and security gateway.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710150989.8A CN107147614A (en) | 2017-03-14 | 2017-03-14 | A kind of method, signal processor, user equipment and the system of communication security processing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710150989.8A CN107147614A (en) | 2017-03-14 | 2017-03-14 | A kind of method, signal processor, user equipment and the system of communication security processing |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107147614A true CN107147614A (en) | 2017-09-08 |
Family
ID=59784157
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710150989.8A Pending CN107147614A (en) | 2017-03-14 | 2017-03-14 | A kind of method, signal processor, user equipment and the system of communication security processing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107147614A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110536290A (en) * | 2018-05-24 | 2019-12-03 | 华为技术有限公司 | A kind of paging processing method and device |
| CN112468468A (en) * | 2020-11-16 | 2021-03-09 | 厦门亿联网络技术股份有限公司 | Voice transmission method and device based on IP, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1949591A2 (en) * | 2005-11-04 | 2008-07-30 | Isis Innovation Limited | Security in computing networks |
| CN101529883A (en) * | 2006-10-16 | 2009-09-09 | 摩托罗拉公司 | System and method to provide combinational services to anonymous callers |
| CN101841525A (en) * | 2010-03-02 | 2010-09-22 | 中国联合网络通信集团有限公司 | Secure access method, system and client |
| CN102045314A (en) * | 2009-10-10 | 2011-05-04 | 中兴通讯股份有限公司 | Anonymous communication method, registration method, information transmitting and receiving method and system |
| CN106454813A (en) * | 2016-11-17 | 2017-02-22 | 珠海市魅族科技有限公司 | Wireless communication mode setting method and device |
-
2017
- 2017-03-14 CN CN201710150989.8A patent/CN107147614A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1949591A2 (en) * | 2005-11-04 | 2008-07-30 | Isis Innovation Limited | Security in computing networks |
| CN101529883A (en) * | 2006-10-16 | 2009-09-09 | 摩托罗拉公司 | System and method to provide combinational services to anonymous callers |
| CN102045314A (en) * | 2009-10-10 | 2011-05-04 | 中兴通讯股份有限公司 | Anonymous communication method, registration method, information transmitting and receiving method and system |
| CN101841525A (en) * | 2010-03-02 | 2010-09-22 | 中国联合网络通信集团有限公司 | Secure access method, system and client |
| CN106454813A (en) * | 2016-11-17 | 2017-02-22 | 珠海市魅族科技有限公司 | Wireless communication mode setting method and device |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110536290A (en) * | 2018-05-24 | 2019-12-03 | 华为技术有限公司 | A kind of paging processing method and device |
| CN110536290B (en) * | 2018-05-24 | 2022-03-29 | 华为技术有限公司 | Paging processing method and device |
| CN112468468A (en) * | 2020-11-16 | 2021-03-09 | 厦门亿联网络技术股份有限公司 | Voice transmission method and device based on IP, electronic equipment and storage medium |
| CN112468468B (en) * | 2020-11-16 | 2022-10-28 | 厦门亿联网络技术股份有限公司 | Voice transmission method and device based on IP, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Schneider et al. | Towards 5G security | |
| WO2019184736A1 (en) | Access authentication method and device, and server | |
| US7660417B2 (en) | Enhanced security design for cryptography in mobile communication systems | |
| US20210329456A1 (en) | Signalling storm mitigation in a secured radio access network | |
| CN100353787C (en) | Security guarantee for memory data information of mobile terminal | |
| CN113329407A (en) | Mutual authentication between user equipment and evolved packet core | |
| CN102143487B (en) | Negotiation method and negotiation system for end-to-end session key | |
| JP2002084276A (en) | Improved method for authentication of user subscription identity module | |
| CN104219650B (en) | Send the method and user equipment of user's ID authentication information | |
| CN108377495A (en) | A kind of data transmission method, relevant device and system | |
| Mobarhan et al. | Evaluation of security attacks on UMTS authentication mechanism | |
| CN114189343A (en) | Mutual authentication method and device | |
| CN101262669B (en) | A secure guarantee method for information stored in a mobile terminal | |
| CN107147614A (en) | A kind of method, signal processor, user equipment and the system of communication security processing | |
| CN101534236A (en) | Encryption method and device for relay station communication | |
| Pavia et al. | The evolution and future perspective of security in mobile communications networks | |
| CN107872793B (en) | Base station identification method, terminal and server | |
| Simate | Evaluation of mobile network security | |
| CN104185160A (en) | Mobile service application migration system and agent terminal thereof | |
| CN106878989A (en) | A kind of connection control method and device | |
| van den Broek et al. | Femtocell security in theory and practice | |
| CN105430150A (en) | Method and device for implementing secure call | |
| Lei et al. | 5G security system design for all ages | |
| Catania et al. | IoT Privacy in 5G Networks. | |
| CN108282775A (en) | Dynamic Additional Verification method towards mobile ad hoc network and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170908 |