CN107911814A - A kind of subscriber identity information guard method and system based on HSS enhancings - Google Patents

A kind of subscriber identity information guard method and system based on HSS enhancings Download PDF

Info

Publication number
CN107911814A
CN107911814A CN201711188905.6A CN201711188905A CN107911814A CN 107911814 A CN107911814 A CN 107911814A CN 201711188905 A CN201711188905 A CN 201711188905A CN 107911814 A CN107911814 A CN 107911814A
Authority
CN
China
Prior art keywords
identity information
user
hss
subscription identity
imsin
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711188905.6A
Other languages
Chinese (zh)
Other versions
CN107911814B (en
Inventor
张顺亮
周卫华
汪永明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201711188905.6A priority Critical patent/CN107911814B/en
Publication of CN107911814A publication Critical patent/CN107911814A/en
Application granted granted Critical
Publication of CN107911814B publication Critical patent/CN107911814B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
    • H04W8/08Mobility data transfer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of subscriber identity information guard method based on HSS enhancings and system.The present invention strengthens existing mobile core network HSS functions; HSS is received after the subscriber identity information update notification that user identity guarded by location server is sent, it is necessary to which the new interim signing identity information of user and user are contracted identity information or old interim signing identity information binding for a long time.When user is using interim signing identity information access HSS, if in HSS there are during the interim signing identity information correlation binding information if start subscriber identity information verification process, otherwise direct refusal the user's access to mobile network.The present invention can greatly reduce, or avoid user to contract identity information for a long time with plaintext version interface transmission in the air completely, avoid actively or passively being intercepted and captured/being monitored by malefactor, improve the protection to privacy informations such as user identity positions.

Description

HSS (home subscriber server) -enhanced user identity information protection method and system
Technical Field
The invention belongs to the technical field of network communication safety, and relates to a method and a system for protecting user identity information in a mobile communication network.
Background
Mobile communication network services have been widely used in people's daily life due to their mobility and convenience. With the large-scale deployment of 4G mobile communication networks, more and more people start using 4G network services. Communication interception and privacy disclosure of individuals are becoming increasingly serious problems while enjoying the convenience of mobile communication networks.
In the process that a mobile network user uses 3G, 4G and other network services, a malicious user acquires user identity information by intercepting an access request of the user to access a wireless network without safety protection of a signaling message, or maliciously acquires the user identity information, namely real IMSI information, by simulating a core network through malicious software to initiate a user identity information request mechanism, and then acquires the user identity represented by the mobile user subscription information perception IMSI by combining an illegal way. Therefore, by intercepting the signaling and flow information related to the specific IMSI, the user position is illegally tracked, and sensitive information of the user is leaked.
In order to reduce the risk of leakage of the true IMSI information of a user, the existing 3G and 4G mobile networks adopt temporary identity information, namely P-TMSI and GUTI, and the user uses the temporary identity information allocated by a network side to identify the identity of the user when the user successfully accesses the network for the first time and then accesses the network service. The network side changes the temporary subscription identity information dynamically, so that the risk of revealing the true identity information IMSI of the user is reduced.
The existing mechanism can reduce the risk of revealing the real identity information of the user to a certain extent by means of the temporary identity information. But there are certain vulnerabilities in current 4G network design. When the user accesses the mobile network, if the network element of the core network receives the temporary subscription identity information and cannot identify the temporary subscription identity information, the network element actively requires the user to report the real identity information in a plaintext mode. This mechanism can now disguise the core network by malicious software or mechanisms to obtain the true identity information of the user. Illegal use of the user's real identity information may cause leakage of user location information. Therefore, the current 4G mobile network mechanism has certain defects and cannot solve the security threats that the real identity information of the user is leaked and the position is tracked.
The invention provides a method for protecting the user identity information of a mobile communication network, which can avoid the leakage of the long-term signed identity information of a user, thereby protecting the privacy information such as the identity, the position and the like of the user from being discovered.
Disclosure of Invention
The invention provides a method and a system for protecting long-term subscription identity information of a mobile communication network user. According to the method, the temporary subscription identity information (the form of the temporary subscription identity information is still IMSI) is dynamically allocated to the user, and the user accesses the mobile network by using the temporary subscription identity information for access authentication each time the user accesses the mobile network, so that the real identity information of the user is prevented from being maliciously intercepted and the position of the user is prevented from being tracked due to the fact that the real identity information of the user is exposed in an unsafe network environment.
The technical scheme of the invention is as follows:
a subscriber identity information protection method based on HSS enhancement comprises the following steps:
1) when a user terminal is started or mobile network connection is opened, a mobile network attachment process is initiated by using long-term subscription identity information or temporary subscription identity information of a user to complete network attachment;
2) the user terminal sends an identity request message to an identity position protection server, wherein the identity request message comprises current temporary subscription identity information IMSIN or long-term subscription identity information IMSI0 of the user;
3) after receiving the user identity request message, the identity position protection server distributes new temporary signing identity information IMSIn +1 for the user from the temporary signing identity information pool and sends a dynamic identity request message to inform HSS of updating the user identity information; the dynamic identity request message includes the current temporary subscription identity information IMSIn or the long-term subscription identity information IMSI0 of the user, and the new temporary subscription identity information IMSI information to be used in the future;
4) if the dynamic identity request message contains new temporary subscription identity information IMSIn +1 and current temporary subscription identity information IMSIn, the HSS replaces the currently stored temporary subscription identity information with the new temporary subscription identity information IMSIn +1 of the user; if the dynamic identity request message contains the temporary subscription identity information IMSIn and the long-term subscription identity information IMSI0, the HSS binds the temporary subscription identity information IMSIn and the IMSI 0;
5) HSS sends update success message to identity position protection server;
6) the identity position protection server replies a response message to the user terminal, wherein the response message contains new temporary subscription identity information IMSIn +1 of the user;
7) after MME receives an attachment request message initiated by user terminal equipment, MME sends an authentication data request message to HSS, if the user identity information in the authentication data request message is temporary subscription identity information and binding information related to the temporary subscription identity information exists, HSS starts a user identity information authentication process, otherwise authentication data is not generated;
the attach request message contains the subscriber long-term subscription identity information IMSI0 or the temporary subscription identity information IMSIn.
The data format of the temporary subscription identity information IMSIn and the new temporary subscription identity information IMSIn +1 is the same as that of the long-term subscription identity information IMSI.
In the step 7), if the identity information in the authentication data request is the long-term subscription identity information of the user and there is no binding relationship, the HSS executes according to the existing 3GPP specification.
And the HSS releases the binding between the previous temporary subscription identity information of the user and the long-term subscription identity information of the user after receiving the new temporary subscription identity information attached network used by the user.
After receiving the new temporary subscription identity information attached network used by the user, the HSS starts a timer, and after the timer is overtime, the HSS releases the binding between the previous temporary subscription identity information of the user and the long-term subscription identity information of the user.
The HSS binds one or more temporary subscription identity information for the long-term subscription identity information of the same user.
A user identity information protection system based on HSS enhancement is characterized by comprising an identity position protection server, an HSS and an MME; wherein,
the identity position protection server is used for distributing new temporary subscription identity information IMSIn +1 for the user from the temporary subscription identity information pool and sending a dynamic identity request message to inform the HSS of updating the user identity information; the dynamic identity request message includes the current temporary subscription identity information IMSIn or the long-term subscription identity information IMSI0 of the user, and the new temporary subscription identity information IMSI information to be used in the future; after receiving the update success message sent by the HSS, replying a response message to the user terminal, wherein the response message contains new temporary subscription identity information IMSIn +1 of the user;
the HSS is used for updating the user identity information according to the received dynamic identity request message, and if the dynamic identity request message contains new temporary subscription identity information IMSIn +1 and current temporary subscription identity information IMSIn, the HSS replaces the currently stored temporary subscription identity information with the new temporary subscription identity information IMSIn +1 of the user; if the dynamic identity request message contains the temporary subscription identity information IMSIn and the long-term subscription identity information IMSI0, the HSS binds the temporary subscription identity information IMSIn and the IMSI 0; HSS sends update success message to identity position protection server;
the MME is used for receiving an attachment request message initiated by user terminal equipment and sending an authentication data request message to the HSS, if the user identity information in the authentication data request message is temporary subscription identity information and binding information related to the temporary subscription identity information exists, the HSS starts a user identity information authentication process, otherwise, authentication data are not generated; the attach request message contains the subscriber long-term subscription identity information IMSI0 or the temporary subscription identity information IMSIn.
The invention enhances the function of the HSS of the existing mobile core network, and after the HSS receives the user identity information updating notice sent by the user identity position protection server, the new temporary subscription identity information of the user needs to be bound with the long-term subscription identity information or the old temporary subscription identity information of the user. When the user uses the temporary subscription identity information to access the HSS, if the binding information related to the temporary subscription identity information exists in the HSS, the authentication process of the user identity information is started, otherwise, the user is directly refused to access the mobile network.
The architecture of the present invention is shown in fig. 1, and the present invention enhances the HSS function in the existing mobile core network, and introduces a new network function, an identity location protection server. A new interface is defined between the enhanced HSS and the identity location protection server to realize the function of dynamic user identity updating. After the identity location protection server is the user temporary subscription identity information (the form of the temporary subscription identity information is the same as that of the long-term subscription identity information IMSI), the identity location protection server sends an interface message to inform the HSS to update the user identity information. After receiving the user identity information update notification sent by the user identity location protection server, the HSS needs to replace the permanent subscription identity information with the temporary subscription identity information of the user, or needs to replace the old dynamic identity information with the new temporary subscription identity information of the user. When the user carries out network attachment next time, the HSS determines whether to generate authentication data for the user according to the temporary subscription identity information in the authentication data request message sent by the MME. If the user identity information in the authentication data request message is temporary subscription identity information and the related binding information of the temporary subscription identity information exists, starting a user identity information authentication process, otherwise, not generating authentication data, and indirectly refusing the user to access the mobile network.
Specifically, the scheme mainly comprises the following invention points:
and defining a new interface between the newly defined network function and the enhanced HSS, and finishing the dynamic identity updating function by the interaction between the enhanced HSS and the HSS through the interface.
The identity position protection server informs the related HSS to update the user identity information by sending a dynamic identity request message. The request message includes the temporary subscription identity information IMSI0 currently used by the user and the new temporary subscription identity information IMSI information to be used in the future.
After receiving the request message from the security access server, the HSS performs different operations according to the message content to complete the dynamic identity information update:
if the message contains the subscriber long-term subscription identity IMSI0 and the temporary subscription identity IMSIn to be used, the HSS binds the temporary subscription identity to the long-term subscription identity, i.e. the temporary subscription identity is equivalent to the long-term subscription identity. And writes the binding information to the database.
If the message contains the current temporary subscription identity IMSIn and the next temporary subscription identity IMSIn +1 to be used, the HSS replaces the current temporary subscription identity IMSIn or the previous IMSIn-1 with the next temporary subscription identity IMSIn +1 to be used.
After the user long-term subscription identity information IMSI0 binds the dynamic identity information IMSIn, the HSS may determine whether to accept the user to access the network using the long-term subscription identity information, and related conditions, according to the security policy.
After the temporary subscription identity information is updated, the HSS notifies the identity location protection server that the user identity information is updated, that is, the user can access the network using the new temporary subscription identity information.
When a user is attached and receives an authentication data request from an MME, HSS searches a database to determine whether the temporary subscription identity information is correspondingly bound:
rejecting the user if the identity information is temporary subscription identity information and no long-term subscription identity information is bound;
if the user is the temporary subscription identity information and the user is bound with the long-term subscription identity information, the user authentication request is accepted, and meanwhile, the user is authenticated by using the credential information corresponding to the long-term subscription identity information.
In addition, the HSS can immediately release after receiving the new temporary subscription identity information attached network used by the user, or start a timer, and release the binding between the old temporary subscription identity information and the long-term subscription identity information of the user after the timer is overtime. The HSS may bind one or more temporary subscription identities for a long-term subscription identity of a particular user.
Compared with the prior art, the invention has the following positive effects:
the invention can greatly reduce or completely avoid the transmission of the long-term signing identity information of the user in a plaintext form (namely contained in the attachment request or the identity response message) on an air interface, avoid the active or passive interception/monitoring by malicious molecules, and improve the protection of privacy information such as the identity position of the user.
Drawings
FIG. 1 is a diagram of a user identity and location information protection scheme architecture;
FIG. 2 is a flow chart of user dynamic identity information distribution;
fig. 3 is a diagram illustrating a process of enabling user dynamic identity information and releasing a binding relationship.
Detailed Description
In order to make the aforementioned and other features and advantages of the invention more comprehensible, embodiments accompanied with figures are described in detail below.
1) Dynamic identity information distribution process
As shown in fig. 2, the main steps of dynamic identity information allocation are as follows:
(1) when the user equipment is started or the mobile network connection is opened, the protocol stack function on the user terminal equipment initiates a mobile network attachment process by using the long-term subscription identity information or the temporary subscription identity information to complete network attachment.
(2) After the attachment is completed, the user terminal sends an identity request message to the identity location protection server, where the identity request message includes temporary subscription identity information (IMSIn) or long-term subscription identity information (IMSI0) currently being used by the user.
(3) And after receiving the user identity request message, the identity position protection server distributes new temporary signing identity information IMSIn +1 for the user from the temporary signing identity information pool.
(4) The hlr sends an identity update message to the HSS associated with the subscriber, where the message includes the current temporary subscriber identity IMSIn (or the long-term subscriber identity IMSI0) and the new temporary subscriber identity IMSIn + 1.
And 5A, if the message contains the new temporary subscription identity information IMSIn +1 and the current temporary subscription identity information IMSIn, the HSS replaces the currently stored temporary subscription identity information with the new temporary subscription identity information IMSIn +1 of the user.
If the message contains the temporary subscription identity information IMSIn and the long-term subscription identity information IMSI0, the HSS binds the temporary subscription identity information IMSIn and the IMSI0, i.e. the IMSIn and the IMSI0 are equivalent, and stores the binding relationship in the database.
(6) And the HSS replies a response message to the identity position protection server to indicate that the user temporary subscription identity information is successfully updated.
(7) The identity position protection server replies a response message to the user terminal equipment, wherein the message contains new temporary subscription identity information IMSIn +1 of the user.
2) Dynamic identity credit enabling and binding relation releasing process
As shown in fig. 3, the main steps of recovering the temporary subscription identity information are as follows:
(1) the user terminal device is (re-) started.
(2) The user terminal equipment initiates an attach request message to the MME, which contains the user long-term subscription identity information IMSI0 or the temporary subscription identity information IMSIn previously allocated by the identity location protection server.
(3) The MME sends an authentication data request message to the HSS, which contains the user current identity information IMSIn or IMSI 0.
After receiving the message, the 4A HSS checks the identity information and the related database in the message. And if the user is the long-term subscription identity information and no binding relation exists, executing according to the existing 3GPP specification. And if the user is the long-term subscription identity information and the temporary subscription identity information is bound, determining whether to generate subscription data for the user according to the configured security policy. A security policy may specify a period of use (hours, days, etc.) or a number of times (1, 5) that a user uses a particular dynamic identity information. If the user uses a certain dynamic identity information too long, the security is reduced, the user can return to the existing mechanism under the limit condition, and the dynamic subscription identity is the long-term subscription identity information; the security policy may be configured in the HSS as part of the subscription information of the user, and different users may have different requirements for privacy protection, so that user-level customization may be implemented.
After receiving the message, the 4B HSS checks the identity information and the relevant database in the message. If the user is the temporary subscription identity information and no binding relation exists, authentication data is not generated to reject the user to access the network. And if the user is the temporary subscription identity information and the long-term subscription identity information is bound, generating authentication data information for the user by using the credential information corresponding to the long-term subscription identity information.
(4) And the HSS replies to the MME with a response message, wherein the message can contain authentication data and result information, and the MME completes mutual authentication with the user according to the authentication data information.
(5) And the MME replies an attachment response message of the user terminal equipment.
In summary, the present invention discloses a method for protecting long-term subscription identity information and location of a mobile network subscriber.
The description of the present invention has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the invention in the form disclosed. It will be apparent to those skilled in the art that various modifications and variations can be made in the present examples without departing from the spirit and scope of the invention. The embodiment was chosen and described in order to best explain the principles of the invention and the practical application, and to enable others of ordinary skill in the art to understand the invention for various embodiments with various modifications as are suited to the particular use contemplated.

Claims (10)

1. A subscriber identity information protection method based on HSS enhancement comprises the following steps:
1) when a user terminal is started or mobile network connection is opened, a mobile network attachment process is initiated by using long-term subscription identity information or temporary subscription identity information of a user to complete network attachment;
2) the user terminal sends an identity request message to an identity position protection server, wherein the identity request message comprises current temporary subscription identity information IMSIN or long-term subscription identity information IMSI0 of the user;
3) after receiving the user identity request message, the identity position protection server distributes new temporary signing identity information IMSIn +1 for the user from the temporary signing identity information pool and sends a dynamic identity request message to inform HSS of updating the user identity information; the dynamic identity request message includes the current temporary subscription identity information IMSIn or the long-term subscription identity information IMSI0 of the user, and the new temporary subscription identity information IMSI information to be used in the future;
4) if the dynamic identity request message contains new temporary subscription identity information IMSIn +1 and current temporary subscription identity information IMSIn, the HSS replaces the currently stored temporary subscription identity information with the new temporary subscription identity information IMSIn +1 of the user; if the dynamic identity request message contains the temporary subscription identity information IMSIn and the long-term subscription identity information IMSI0, the HSS binds the temporary subscription identity information IMSIn and the IMSI 0;
5) HSS sends update success message to identity position protection server;
6) the identity position protection server replies a response message to the user terminal, wherein the response message contains new temporary subscription identity information IMSIn +1 of the user;
7) after MME receives an attachment request message initiated by user terminal equipment, MME sends an authentication data request message to HSS, if the user identity information in the authentication data request message is temporary subscription identity information and binding information related to the temporary subscription identity information exists, HSS starts a user identity information authentication process, otherwise authentication data is not generated; the attach request message contains the subscriber long-term subscription identity information IMSI0 or the temporary subscription identity information IMSIn.
2. The method of claim 1, wherein the temporary subscription identity information IMSIn, the new temporary subscription identity information IMSIn +1 and the long-term subscription identity information IMSI have the same data format.
3. The method as claimed in claim 1, wherein in step 7), if the identity information in the authentication data request is the user long-term subscription identity information and there is no binding relationship, the HSS performs according to the existing 3GPP specifications.
4. The method of claim 1, wherein the HSS releases the binding between the previous temporary subscription identity information of the subscriber and the long-term subscription identity information of the subscriber after receiving the new temporary subscription identity information attached to the network by the subscriber.
5. The method as claimed in claim 1, wherein the HSS starts a timer after receiving the new temporary subscription identity information attached to the network by the subscriber, and releases the binding between the previous temporary subscription identity information of the subscriber and the long-term subscription identity information of the subscriber after the timer expires.
6. The method of claim 1, wherein the HSS binds one or more temporary subscription identities for long-term subscription identities of the same user.
7. A user identity information protection system based on HSS enhancement is characterized by comprising an identity position protection server, an HSS and an MME; wherein,
the identity position protection server is used for distributing new temporary subscription identity information IMSIn +1 for the user from the temporary subscription identity information pool and sending a dynamic identity request message to inform the HSS of updating the user identity information; the dynamic identity request message includes the current temporary subscription identity information IMSIn or the long-term subscription identity information IMSI0 of the user, and the new temporary subscription identity information IMSI information to be used in the future; after receiving the update success message sent by the HSS, replying a response message to the user terminal, wherein the response message contains new temporary subscription identity information IMSIn +1 of the user;
the HSS is used for updating the user identity information according to the received dynamic identity request message, and if the dynamic identity request message contains new temporary subscription identity information IMSIn +1 and current temporary subscription identity information IMSIn, the HSS replaces the currently stored temporary subscription identity information with the new temporary subscription identity information IMSIn +1 of the user; if the dynamic identity request message contains the temporary subscription identity information IMSIn and the long-term subscription identity information IMSI0, the HSS binds the temporary subscription identity information IMSIn and the IMSI 0; HSS sends update success message to identity position protection server;
the MME is used for receiving an attachment request message initiated by user terminal equipment and sending an authentication data request message to the HSS, if the user identity information in the authentication data request message is temporary subscription identity information and binding information related to the temporary subscription identity information exists, the HSS starts a user identity information authentication process, otherwise, authentication data are not generated; the attach request message contains the subscriber long-term subscription identity information IMSI0 or the temporary subscription identity information IMSIn.
8. The system of claim 7, wherein the temporary subscription identity information IMSIn, the new temporary subscription identity information IMSIn +1 and the long-term subscription identity information IMSI have the same data format.
9. The system of claim 7, wherein the HSS releases the binding between the previous temporary subscription identity information of the subscriber and the long-term subscription identity information of the subscriber after receiving the new temporary subscription identity information attached to the network by the subscriber.
10. The system of claim 7, wherein the HSS binds one or more temporary subscription identities for long-term subscription identities of the same user.
CN201711188905.6A 2017-11-24 2017-11-24 HSS (home subscriber server) -enhanced user identity information protection method and system Expired - Fee Related CN107911814B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711188905.6A CN107911814B (en) 2017-11-24 2017-11-24 HSS (home subscriber server) -enhanced user identity information protection method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711188905.6A CN107911814B (en) 2017-11-24 2017-11-24 HSS (home subscriber server) -enhanced user identity information protection method and system

Publications (2)

Publication Number Publication Date
CN107911814A true CN107911814A (en) 2018-04-13
CN107911814B CN107911814B (en) 2020-08-25

Family

ID=61847617

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711188905.6A Expired - Fee Related CN107911814B (en) 2017-11-24 2017-11-24 HSS (home subscriber server) -enhanced user identity information protection method and system

Country Status (1)

Country Link
CN (1) CN107911814B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108901018A (en) * 2018-07-27 2018-11-27 中国电子科技集团公司第三十研究所 A kind of mobile communication system user identity hiding method that terminal is initiated

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101720086A (en) * 2009-12-23 2010-06-02 成都三零瑞通移动通信有限公司 Identity protection method for mobile communication user
CN101771992A (en) * 2009-01-04 2010-07-07 中国移动通信集团公司 Method, equipment and system for protection of confidentiality of international mobile subscriber identifier IMSI
CN101959183A (en) * 2010-09-21 2011-01-26 中国科学院软件研究所 A kind of mobile subscriber identification code IMSI guard method based on assumed name
CN102014114A (en) * 2010-07-09 2011-04-13 北京哈工大计算机网络与信息安全技术研究中心 Method and device for protecting location privacies of objects in Internet of things
CN102918878A (en) * 2011-05-31 2013-02-06 华为技术有限公司 Method and apparatus for message transmission
US9042902B1 (en) * 2013-01-11 2015-05-26 Polaris Wireless, Inc. Third-party control of call-related services for a mobile station and subscriber

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101771992A (en) * 2009-01-04 2010-07-07 中国移动通信集团公司 Method, equipment and system for protection of confidentiality of international mobile subscriber identifier IMSI
CN101720086A (en) * 2009-12-23 2010-06-02 成都三零瑞通移动通信有限公司 Identity protection method for mobile communication user
CN102014114A (en) * 2010-07-09 2011-04-13 北京哈工大计算机网络与信息安全技术研究中心 Method and device for protecting location privacies of objects in Internet of things
CN101959183A (en) * 2010-09-21 2011-01-26 中国科学院软件研究所 A kind of mobile subscriber identification code IMSI guard method based on assumed name
CN102918878A (en) * 2011-05-31 2013-02-06 华为技术有限公司 Method and apparatus for message transmission
US9042902B1 (en) * 2013-01-11 2015-05-26 Polaris Wireless, Inc. Third-party control of call-related services for a mobile station and subscriber

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108901018A (en) * 2018-07-27 2018-11-27 中国电子科技集团公司第三十研究所 A kind of mobile communication system user identity hiding method that terminal is initiated

Also Published As

Publication number Publication date
CN107911814B (en) 2020-08-25

Similar Documents

Publication Publication Date Title
Norrman et al. Protecting IMSI and user privacy in 5G networks
CN108293223B (en) Data transmission method, user equipment and network side equipment
CN110476397B (en) User authentication method and device
CN102415119B (en) Managing undesired service requests in a network
WO2017028737A1 (en) Security configuration method, related device and system
CN105142136B (en) A kind of method of anti-pseudo-base station attack
JP2020536461A (en) How to send an encrypted subscription identifier stored in a security element to a physical or virtual element of a telecommunications network, the corresponding security element, the physical or virtual element and the terminal that works with this security element
EP3525503A1 (en) Registering or authenticating user equipment to a visited public land mobile network
CN110419248A (en) Method and apparatus for the secret protection in paging user equipment
WO2013185709A1 (en) Call authentication method, device, and system
CN101483870A (en) Cross-platform mobile communication security system implementing method
Bitsikas et al. You have been warned: Abusing 5G’s Warning and Emergency Systems
EP3518491A1 (en) Registering or authenticating user equipment to a visited public land mobile network
CN107911814B (en) HSS (home subscriber server) -enhanced user identity information protection method and system
CN110944300B (en) Short message service system, forwarding interface device and defense server
CN108093402B (en) User privacy information protection method and system based on terminal enhancement
CN108200007B (en) Dynamic identity management method and system for mobile network
CN107911813B (en) Transparent mode mobile user identity management method and system
CN114095929B (en) Account security enhancement method in B-trunk system
CN102124767B (en) A kind of method and apparatus for providing identity Confidentiality protection for user of communication terminal
CN101431754B (en) Method for preventing clone terminal access
US11381387B2 (en) Proof-of-presence indicator
EP3439344A1 (en) Registering user equipment to a visited public land mobile network
CN108282775A (en) Dynamic Additional Verification method towards mobile ad hoc network and system
KR102440411B1 (en) Method and apparatus for detecting abnormal roaming request

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200825

CF01 Termination of patent right due to non-payment of annual fee