CN107911814B - HSS (home subscriber server) -enhanced user identity information protection method and system - Google Patents
HSS (home subscriber server) -enhanced user identity information protection method and system Download PDFInfo
- Publication number
- CN107911814B CN107911814B CN201711188905.6A CN201711188905A CN107911814B CN 107911814 B CN107911814 B CN 107911814B CN 201711188905 A CN201711188905 A CN 201711188905A CN 107911814 B CN107911814 B CN 107911814B
- Authority
- CN
- China
- Prior art keywords
- identity information
- user
- hss
- subscription identity
- temporary subscription
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 230000007774 longterm Effects 0.000 claims abstract description 57
- 230000008569 process Effects 0.000 claims abstract description 14
- 230000004044 response Effects 0.000 claims description 13
- 239000000126 substance Substances 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 abstract description 2
- 238000012544 monitoring process Methods 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 7
- 230000007246 mechanism Effects 0.000 description 6
- 238000010295 mobile communication Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000011664 signaling Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
- CSRZQMIRAZTJOY-UHFFFAOYSA-N trimethylsilyl iodide Substances C[Si](C)(C)I CSRZQMIRAZTJOY-UHFFFAOYSA-N 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/02—Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
- H04W8/08—Mobility data transfer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/26—Network addressing or numbering for mobility support
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a user identity information protection method and a user identity information protection system based on HSS (home subscriber server) enhancement. The invention enhances the function of the HSS of the existing mobile core network, and after the HSS receives the user identity information updating notice sent by the user identity position protection server, the new temporary subscription identity information of the user needs to be bound with the long-term subscription identity information or the old temporary subscription identity information of the user. When the user uses the temporary subscription identity information to access the HSS, if the binding information related to the temporary subscription identity information exists in the HSS, the authentication process of the user identity information is started, otherwise, the user is directly refused to access the mobile network. The invention can greatly reduce or completely avoid the transmission of the long-term signing identity information of the user in a plaintext form on an air interface, avoid the active or passive interception/monitoring by malicious molecules, and improve the protection of privacy information such as the identity position of the user.
Description
Technical Field
The invention belongs to the technical field of network communication safety, and relates to a method and a system for protecting user identity information in a mobile communication network.
Background
Mobile communication network services have been widely used in people's daily life due to their mobility and convenience. With the large-scale deployment of 4G mobile communication networks, more and more people start using 4G network services. Communication interception and privacy disclosure of individuals are becoming increasingly serious problems while enjoying the convenience of mobile communication networks.
In the process that a mobile network user uses 3G, 4G and other network services, a malicious user acquires user identity information by intercepting an access request of the user to access a wireless network without safety protection of a signaling message, or maliciously acquires the user identity information, namely real IMSI information, by simulating a core network through malicious software to initiate a user identity information request mechanism, and then acquires the user identity represented by the mobile user subscription information perception IMSI by combining an illegal way. Therefore, by intercepting the signaling and flow information related to the specific IMSI, the user position is illegally tracked, and sensitive information of the user is leaked.
In order to reduce the risk of leakage of the true IMSI information of a user, the existing 3G and 4G mobile networks adopt temporary identity information, namely P-TMSI and GUTI, and the user uses the temporary identity information allocated by a network side to identify the identity of the user when the user successfully accesses the network for the first time and then accesses the network service. The network side changes the temporary subscription identity information dynamically, so that the risk of revealing the true identity information IMSI of the user is reduced.
The existing mechanism can reduce the risk of revealing the real identity information of the user to a certain extent by means of the temporary identity information. But there are certain vulnerabilities in current 4G network design. When the user accesses the mobile network, if the network element of the core network receives the temporary subscription identity information and cannot identify the temporary subscription identity information, the network element actively requires the user to report the real identity information in a plaintext mode. This mechanism can now disguise the core network by malicious software or mechanisms to obtain the true identity information of the user. Illegal use of the user's real identity information may cause leakage of user location information. Therefore, the current 4G mobile network mechanism has certain defects and cannot solve the security threats that the real identity information of the user is leaked and the position is tracked.
The invention provides a method for protecting the user identity information of a mobile communication network, which can avoid the leakage of the long-term signed identity information of a user, thereby protecting the privacy information such as the identity, the position and the like of the user from being discovered.
Disclosure of Invention
The invention provides a method and a system for protecting long-term subscription identity information of a mobile communication network user. According to the method, the temporary subscription identity information (the form of the temporary subscription identity information is still IMSI) is dynamically allocated to the user, and the user accesses the mobile network by using the temporary subscription identity information for access authentication each time the user accesses the mobile network, so that the real identity information of the user is prevented from being maliciously intercepted and the position of the user is prevented from being tracked due to the fact that the real identity information of the user is exposed in an unsafe network environment.
The technical scheme of the invention is as follows:
a subscriber identity information protection method based on HSS enhancement comprises the following steps:
1) when a user terminal is started or mobile network connection is opened, a mobile network attachment process is initiated by using long-term subscription identity information or temporary subscription identity information of a user to complete network attachment;
2) the user terminal sends an identity request message to an identity position protection server, wherein the identity request message comprises current temporary subscription identity information IMSIN or long-term subscription identity information IMSI0 of the user;
3) after receiving the user identity request message, the identity position protection server distributes new temporary signing identity information IMSIn +1 for the user from the temporary signing identity information pool and sends a dynamic identity request message to inform HSS of updating the user identity information; the dynamic identity request message includes the current temporary subscription identity information IMSIn or the long-term subscription identity information IMSI0 of the user, and the new temporary subscription identity information IMSI information to be used in the future;
4) if the dynamic identity request message contains new temporary subscription identity information IMSIn +1 and current temporary subscription identity information IMSIn, the HSS replaces the currently stored temporary subscription identity information with the new temporary subscription identity information IMSIn +1 of the user; if the dynamic identity request message contains the temporary subscription identity information IMSIn and the long-term subscription identity information IMSI0, the HSS binds the temporary subscription identity information IMSIn and the IMSI 0;
5) HSS sends update success message to identity position protection server;
6) the identity position protection server replies a response message to the user terminal, wherein the response message contains new temporary subscription identity information IMSIn +1 of the user;
7) after MME receives an attachment request message initiated by user terminal equipment, MME sends an authentication data request message to HSS, if the user identity information in the authentication data request message is temporary subscription identity information and binding information related to the temporary subscription identity information exists, HSS starts a user identity information authentication process, otherwise authentication data is not generated;
the attach request message contains the subscriber long-term subscription identity information IMSI0 or the temporary subscription identity information IMSIn.
The data format of the temporary subscription identity information IMSIn and the new temporary subscription identity information IMSIn +1 is the same as that of the long-term subscription identity information IMSI.
In the step 7), if the identity information in the authentication data request is the long-term subscription identity information of the user and there is no binding relationship, the HSS executes according to the existing 3GPP specification.
And the HSS releases the binding between the previous temporary subscription identity information of the user and the long-term subscription identity information of the user after receiving the new temporary subscription identity information attached network used by the user.
After receiving the new temporary subscription identity information attached network used by the user, the HSS starts a timer, and after the timer is overtime, the HSS releases the binding between the previous temporary subscription identity information of the user and the long-term subscription identity information of the user.
The HSS binds one or more temporary subscription identity information for the long-term subscription identity information of the same user.
A user identity information protection system based on HSS enhancement is characterized by comprising an identity position protection server, an HSS and an MME; wherein the content of the first and second substances,
the identity position protection server is used for distributing new temporary subscription identity information IMSIn +1 for the user from the temporary subscription identity information pool and sending a dynamic identity request message to inform the HSS of updating the user identity information; the dynamic identity request message includes the current temporary subscription identity information IMSIn or the long-term subscription identity information IMSI0 of the user, and the new temporary subscription identity information IMSI information to be used in the future; after receiving the update success message sent by the HSS, replying a response message to the user terminal, wherein the response message contains new temporary subscription identity information IMSIn +1 of the user;
the HSS is used for updating the user identity information according to the received dynamic identity request message, and if the dynamic identity request message contains new temporary subscription identity information IMSIn +1 and current temporary subscription identity information IMSIn, the HSS replaces the currently stored temporary subscription identity information with the new temporary subscription identity information IMSIn +1 of the user; if the dynamic identity request message contains the temporary subscription identity information IMSIn and the long-term subscription identity information IMSI0, the HSS binds the temporary subscription identity information IMSIn and the IMSI 0; HSS sends update success message to identity position protection server;
the MME is used for receiving an attachment request message initiated by user terminal equipment and sending an authentication data request message to the HSS, if the user identity information in the authentication data request message is temporary subscription identity information and binding information related to the temporary subscription identity information exists, the HSS starts a user identity information authentication process, otherwise, authentication data are not generated; the attach request message contains the subscriber long-term subscription identity information IMSI0 or the temporary subscription identity information IMSIn.
The invention enhances the function of the HSS of the existing mobile core network, and after the HSS receives the user identity information updating notice sent by the user identity position protection server, the new temporary subscription identity information of the user needs to be bound with the long-term subscription identity information or the old temporary subscription identity information of the user. When the user uses the temporary subscription identity information to access the HSS, if the binding information related to the temporary subscription identity information exists in the HSS, the authentication process of the user identity information is started, otherwise, the user is directly refused to access the mobile network.
The architecture of the present invention is shown in fig. 1, and the present invention enhances the HSS function in the existing mobile core network, and introduces a new network function, an identity location protection server. A new interface is defined between the enhanced HSS and the identity location protection server to realize the function of dynamic user identity updating. After the identity location protection server is the user temporary subscription identity information (the form of the temporary subscription identity information is the same as that of the long-term subscription identity information IMSI), the identity location protection server sends an interface message to inform the HSS to update the user identity information. After receiving the user identity information update notification sent by the user identity location protection server, the HSS needs to replace the permanent subscription identity information with the temporary subscription identity information of the user, or needs to replace the old dynamic identity information with the new temporary subscription identity information of the user. When the user carries out network attachment next time, the HSS determines whether to generate authentication data for the user according to the temporary subscription identity information in the authentication data request message sent by the MME. If the user identity information in the authentication data request message is temporary subscription identity information and the related binding information of the temporary subscription identity information exists, starting a user identity information authentication process, otherwise, not generating authentication data, and indirectly refusing the user to access the mobile network.
Specifically, the scheme mainly comprises the following invention points:
if the message contains the subscriber long-term subscription identity IMSI0 and the temporary subscription identity IMSIn to be used, the HSS binds the temporary subscription identity to the long-term subscription identity, i.e. the temporary subscription identity is equivalent to the long-term subscription identity. And writes the binding information to the database.
If the message contains the current temporary subscription identity IMSIn and the next temporary subscription identity IMSIn +1 to be used, the HSS replaces the current temporary subscription identity IMSIn or the previous IMSIn-1 with the next temporary subscription identity IMSIn +1 to be used.
rejecting the user if the identity information is temporary subscription identity information and no long-term subscription identity information is bound;
if the user is the temporary subscription identity information and the user is bound with the long-term subscription identity information, the user authentication request is accepted, and meanwhile, the user is authenticated by using the credential information corresponding to the long-term subscription identity information.
Compared with the prior art, the invention has the following positive effects:
the invention can greatly reduce or completely avoid the transmission of the long-term signing identity information of the user in a plaintext form (namely contained in the attachment request or the identity response message) on an air interface, avoid the active or passive interception/monitoring by malicious molecules, and improve the protection of privacy information such as the identity position of the user.
Drawings
FIG. 1 is a diagram of a user identity and location information protection scheme architecture;
FIG. 2 is a flow chart of user dynamic identity information distribution;
fig. 3 is a diagram illustrating a process of enabling user dynamic identity information and releasing a binding relationship.
Detailed Description
In order to make the aforementioned and other features and advantages of the invention more comprehensible, embodiments accompanied with figures are described in detail below.
1) Dynamic identity information distribution process
As shown in fig. 2, the main steps of dynamic identity information allocation are as follows:
(1) when the user equipment is started or the mobile network connection is opened, the protocol stack function on the user terminal equipment initiates a mobile network attachment process by using the long-term subscription identity information or the temporary subscription identity information to complete network attachment.
(2) After the attachment is completed, the user terminal sends an identity request message to the identity location protection server, where the identity request message includes temporary subscription identity information (IMSIn) or long-term subscription identity information (IMSI0) currently being used by the user.
(3) And after receiving the user identity request message, the identity position protection server distributes new temporary signing identity information IMSIn +1 for the user from the temporary signing identity information pool.
(4) The hlr sends an identity update message to the HSS associated with the subscriber, where the message includes the current temporary subscriber identity IMSIn (or the long-term subscriber identity IMSI0) and the new temporary subscriber identity IMSIn + 1.
And 5A, if the message contains the new temporary subscription identity information IMSIn +1 and the current temporary subscription identity information IMSIn, the HSS replaces the currently stored temporary subscription identity information with the new temporary subscription identity information IMSIn +1 of the user.
If the message contains the temporary subscription identity information IMSIn and the long-term subscription identity information IMSI0, the HSS binds the temporary subscription identity information IMSIn and the IMSI0, i.e. the IMSIn and the IMSI0 are equivalent, and stores the binding relationship in the database.
(6) And the HSS replies a response message to the identity position protection server to indicate that the user temporary subscription identity information is successfully updated.
(7) The identity position protection server replies a response message to the user terminal equipment, wherein the message contains new temporary subscription identity information IMSIn +1 of the user.
2) Dynamic identity credit enabling and binding relation releasing process
As shown in fig. 3, the main steps of recovering the temporary subscription identity information are as follows:
(1) the user terminal device is (re-) started.
(2) The user terminal equipment initiates an attach request message to the MME, which contains the user long-term subscription identity information IMSI0 or the temporary subscription identity information IMSIn previously allocated by the identity location protection server.
(3) The MME sends an authentication data request message to the HSS, which contains the user current identity information IMSIn or IMSI 0.
After receiving the message, the 4A HSS checks the identity information and the related database in the message. And if the user is the long-term subscription identity information and no binding relation exists, executing according to the existing 3GPP specification. And if the user is the long-term subscription identity information and the temporary subscription identity information is bound, determining whether to generate subscription data for the user according to the configured security policy. A security policy may specify a period of use (hours, days, etc.) or a number of times (1, 5) that a user uses a particular dynamic identity information. If the user uses a certain dynamic identity information too long, the security is reduced, the user can return to the existing mechanism under the limit condition, and the dynamic subscription identity is the long-term subscription identity information; the security policy may be configured in the HSS as part of the subscription information of the user, and different users may have different requirements for privacy protection, so that user-level customization may be implemented.
After receiving the message, the 4B HSS checks the identity information and the relevant database in the message. If the user is the temporary subscription identity information and no binding relation exists, authentication data is not generated to reject the user to access the network. And if the user is the temporary subscription identity information and the long-term subscription identity information is bound, generating authentication data information for the user by using the credential information corresponding to the long-term subscription identity information.
(4) And the HSS replies to the MME with a response message, wherein the message can contain authentication data and result information, and the MME completes mutual authentication with the user according to the authentication data information.
(5) And the MME replies an attachment response message of the user terminal equipment.
In summary, the present invention discloses a method for protecting long-term subscription identity information and location of a mobile network subscriber.
The description of the present invention has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the invention in the form disclosed. It will be apparent to those skilled in the art that various modifications and variations can be made in the present examples without departing from the spirit and scope of the invention. The embodiment was chosen and described in order to best explain the principles of the invention and the practical application, and to enable others of ordinary skill in the art to understand the invention for various embodiments with various modifications as are suited to the particular use contemplated.
Claims (10)
1. A subscriber identity information protection method based on HSS enhancement comprises the following steps:
1) when a user terminal is started or mobile network connection is opened, a mobile network attachment process is initiated by using long-term subscription identity information or temporary subscription identity information of a user to complete network attachment;
2) the user terminal sends an identity request message to an identity position protection server, wherein the identity request message comprises current temporary subscription identity information IMSIN or long-term subscription identity information IMSI0 of the user;
3) after receiving the user identity request message, the identity position protection server distributes new temporary signing identity information IMSIn +1 for the user from the temporary signing identity information pool and sends a dynamic identity request message to inform HSS of updating the user identity information; if the temporary subscription identity information of the user is used for attaching to the network in the step 1), the dynamic identity request message includes: after the network attachment is completed, the current temporary subscription identity information IMSIN of the user and the new temporary subscription identity information IMSI information which is used in the future are obtained; if the network is attached by using the long-term subscription identity information of the user in the step 1), the dynamic identity request message includes: long-term subscription identity information IMSI0 after completing network attachment and new temporary subscription identity information IMSI information to be used in the future;
4) if the dynamic identity request message contains new temporary subscription identity information IMSIn +1 after the network attachment is completed and current temporary subscription identity information IMSIn after the network attachment is completed, the HSS replaces the currently stored temporary subscription identity information with the new temporary subscription identity information IMSIn +1 of the user; if the dynamic identity request message contains temporary subscription identity information IMSin after the completion of network attachment and long-term subscription identity information IMSI0 after the completion of network attachment, the HSS binds the temporary subscription identity information IMSin and IMSI 0;
5) HSS sends update success message to identity position protection server;
6) the identity position protection server replies a response message to the user terminal, wherein the response message contains new temporary subscription identity information IMSIn +1 of the user;
7) when the user terminal is attached again, after the MME receives an attachment request message initiated by user terminal equipment, the MME sends an authentication data request message to the HSS, if the user identity information in the authentication data request message is temporary subscription identity information and binding information related to the temporary subscription identity information exists, the HSS starts a user identity information authentication process, otherwise, authentication data are not generated; the attach request message contains temporary subscription identity information IMSIn.
2. The method of claim 1, wherein the temporary subscription identity information IMSIn, the new temporary subscription identity information IMSIn +1 and the long-term subscription identity information IMSI have the same data format.
3. The method as claimed in claim 1, wherein in step 7), if the identity information in the authentication data request is the user long-term subscription identity information and there is no binding relationship, the HSS performs according to the existing 3GPP specifications.
4. The method of claim 1, wherein the HSS releases the binding between the previous temporary subscription identity information of the subscriber and the long-term subscription identity information of the subscriber after receiving the new temporary subscription identity information attached to the network by the subscriber.
5. The method as claimed in claim 1, wherein the HSS starts a timer after receiving the new temporary subscription identity information attached to the network by the subscriber, and releases the binding between the previous temporary subscription identity information of the subscriber and the long-term subscription identity information of the subscriber after the timer expires.
6. The method of claim 1, wherein the HSS binds one or more temporary subscription identities for long-term subscription identities of the same user.
7. A user identity information protection system based on HSS enhancement is characterized by comprising an identity position protection server, an HSS and an MME; wherein the content of the first and second substances,
the identity position protection server is used for distributing new temporary subscription identity information IMSIn +1 for the user from the temporary subscription identity information pool and sending a dynamic identity request message to inform the HSS of updating the user identity information; if the network is attached by using the temporary subscription identity information of the user, the dynamic identity request message includes: after the network attachment is completed, the current temporary subscription identity information IMSIn of the user and the new temporary subscription identity information IMSI information to be used in the future are obtained, and if the network is attached by using the long-term subscription identity information of the user, the dynamic identity request message includes: long-term subscription identity information IMSI0 after completing network attachment and new temporary subscription identity information IMSI information to be used in the future; after receiving the update success message sent by the HSS, replying a response message to the user terminal, wherein the response message contains new temporary subscription identity information IMSIn +1 of the user;
the HSS is used for updating the user identity information according to the received dynamic identity request message, and if the dynamic identity request message contains new temporary subscription identity information IMSIn +1 after the network attachment is completed and current temporary subscription identity information IMSIn after the network attachment is completed, the HSS replaces the currently stored temporary subscription identity information with the new temporary subscription identity information IMSIn +1 of the user; if the dynamic identity request message contains temporary subscription identity information IMSin after the completion of network attachment and long-term subscription identity information IMSI0 after the completion of network attachment, the HSS binds the temporary subscription identity information IMSin and IMSI 0; HSS sends update success message to identity position protection server;
the MME is used for receiving an attachment request message initiated when the user terminal equipment is attached again and sending an authentication data request message to the HSS, if the user identity information in the authentication data request message is temporary subscription identity information and binding information related to the temporary subscription identity information exists, the HSS starts a user identity information authentication process, otherwise, authentication data are not generated; the attach request message contains temporary subscription identity information IMSIn.
8. The system of claim 7, wherein the temporary subscription identity information IMSIn, the new temporary subscription identity information IMSIn +1 and the long-term subscription identity information IMSI have the same data format.
9. The system of claim 7, wherein the HSS releases the binding between the previous temporary subscription identity information of the subscriber and the long-term subscription identity information of the subscriber after receiving the new temporary subscription identity information attached to the network by the subscriber.
10. The system of claim 7, wherein the HSS binds one or more temporary subscription identities for long-term subscription identities of the same user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711188905.6A CN107911814B (en) | 2017-11-24 | 2017-11-24 | HSS (home subscriber server) -enhanced user identity information protection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711188905.6A CN107911814B (en) | 2017-11-24 | 2017-11-24 | HSS (home subscriber server) -enhanced user identity information protection method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107911814A CN107911814A (en) | 2018-04-13 |
| CN107911814B true CN107911814B (en) | 2020-08-25 |
Family
ID=61847617
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711188905.6A Expired - Fee Related CN107911814B (en) | 2017-11-24 | 2017-11-24 | HSS (home subscriber server) -enhanced user identity information protection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107911814B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108901018B (en) * | 2018-07-27 | 2021-02-12 | 中国电子科技集团公司第三十研究所 | Method for hiding user identity of mobile communication system initiated by terminal |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101720086A (en) * | 2009-12-23 | 2010-06-02 | 成都三零瑞通移动通信有限公司 | Identity protection method for mobile communication user |
| CN101771992A (en) * | 2009-01-04 | 2010-07-07 | 中国移动通信集团公司 | Method, equipment and system for protection of confidentiality of international mobile subscriber identifier IMSI |
| CN101959183A (en) * | 2010-09-21 | 2011-01-26 | 中国科学院软件研究所 | A kind of mobile subscriber identification code IMSI guard method based on assumed name |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102014114B (en) * | 2010-07-09 | 2013-10-23 | 北京哈工大计算机网络与信息安全技术研究中心 | Method and device for protecting location privacies of objects in Internet of things |
| WO2011157142A2 (en) * | 2011-05-31 | 2011-12-22 | 华为技术有限公司 | Method and apparatus for message transmission |
| US9042902B1 (en) * | 2013-01-11 | 2015-05-26 | Polaris Wireless, Inc. | Third-party control of call-related services for a mobile station and subscriber |
-
2017
- 2017-11-24 CN CN201711188905.6A patent/CN107911814B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101771992A (en) * | 2009-01-04 | 2010-07-07 | 中国移动通信集团公司 | Method, equipment and system for protection of confidentiality of international mobile subscriber identifier IMSI |
| CN101720086A (en) * | 2009-12-23 | 2010-06-02 | 成都三零瑞通移动通信有限公司 | Identity protection method for mobile communication user |
| CN101959183A (en) * | 2010-09-21 | 2011-01-26 | 中国科学院软件研究所 | A kind of mobile subscriber identification code IMSI guard method based on assumed name |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107911814A (en) | 2018-04-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Norrman et al. | Protecting IMSI and user privacy in 5G networks | |
| CN108293223B (en) | Data transmission method, user equipment and network side equipment | |
| US11503469B2 (en) | User authentication method and apparatus | |
| WO2017028737A1 (en) | Security configuration method, related device and system | |
| CN105142136B (en) | A kind of method of anti-pseudo-base station attack | |
| EP3525503A1 (en) | Registering or authenticating user equipment to a visited public land mobile network | |
| CN108235300B (en) | Method and system for protecting user data security of mobile communication network | |
| CN101483870A (en) | Cross-platform mobile communication security system implementing method | |
| Bitsikas et al. | You have been warned: Abusing 5G’s Warning and Emergency Systems | |
| EP3518491A1 (en) | Registering or authenticating user equipment to a visited public land mobile network | |
| CN107911814B (en) | HSS (home subscriber server) -enhanced user identity information protection method and system | |
| EP3673675B1 (en) | Registering user equipment with a visited public land mobile network | |
| CN105873059A (en) | United identity authentication method and system for power distribution communication wireless private network | |
| CN108093402B (en) | User privacy information protection method and system based on terminal enhancement | |
| CN108200007B (en) | Dynamic identity management method and system for mobile network | |
| CN107911813B (en) | Transparent mode mobile user identity management method and system | |
| CN114095929B (en) | Account security enhancement method in B-trunk system | |
| CN102124767B (en) | A kind of method and apparatus for providing identity Confidentiality protection for user of communication terminal | |
| CN101431754B (en) | Method for preventing clone terminal access | |
| WO2016184057A1 (en) | Access authentication method, apparatus, system, and computer storage medium | |
| US11381387B2 (en) | Proof-of-presence indicator | |
| KR100968522B1 (en) | Mobile Authentication Method for Strengthening the Mutual Authentication and Handover Security | |
| EP3439344A1 (en) | Registering user equipment to a visited public land mobile network | |
| CN108282775A (en) | Dynamic Additional Verification method towards mobile ad hoc network and system | |
| CN112235736B (en) | User identification method in roaming scene |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200825 |