CN109586899A - Signaling manipulation and its indicating means, device and computer storage medium - Google Patents

Signaling manipulation and its indicating means, device and computer storage medium Download PDF

Info

Publication number
CN109586899A
CN109586899A CN201710910440.4A CN201710910440A CN109586899A CN 109586899 A CN109586899 A CN 109586899A CN 201710910440 A CN201710910440 A CN 201710910440A CN 109586899 A CN109586899 A CN 109586899A
Authority
CN
China
Prior art keywords
key
signaling
supi
sici
signatory mark
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710910440.4A
Other languages
Chinese (zh)
Other versions
CN109586899B (en
Inventor
周巍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Academy of Telecommunications Technology CATT
Datang Mobile Communications Equipment Co Ltd
Original Assignee
China Academy of Telecommunications Technology CATT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Academy of Telecommunications Technology CATT filed Critical China Academy of Telecommunications Technology CATT
Priority to CN201710910440.4A priority Critical patent/CN109586899B/en
Publication of CN109586899A publication Critical patent/CN109586899A/en
Application granted granted Critical
Publication of CN109586899B publication Critical patent/CN109586899B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

This application discloses a kind of signaling manipulation and its indicating means, device and computer storage medium to improve the safety in utilization of SUPI to realize to the encipherment protection scheme of SUPI.A kind of signaling manipulation method provided by the present application, comprising: receive the relevant signaling of key;Wherein, the key is the corresponding key of contracted user's persistent identifier SUPI;Corresponding operating is carried out according to the signaling.

Description

Signaling manipulation and its indicating means, device and computer storage medium
Technical field
This application involves field of communication technology more particularly to a kind of signaling manipulations and its indicating means, device and computer Storage medium.
Background technique
Secure group (SA3) is for third generation collaborative project (3rd Generation Partnership Project, 3GPP) Public key cryptography is used through determining, is realized to contracted user's persistent identifier (Subscriber Permanent Identifier, SUPI) encipherment protection, but concrete implementation scheme is clear not yet.
Summary of the invention
The embodiment of the present application provides a kind of signaling manipulation and its indicating means, device and computer storage medium, to It realizes to the encipherment protection scheme of SUPI, improves the safety in utilization of SUPI.
A kind of signaling manipulation method provided by the embodiments of the present application, comprising:
Receive the relevant signaling of key;Wherein, the key is the corresponding key of contracted user's persistent identifier SUPI;
Corresponding operating is carried out according to the signaling.
The embodiment of the present application is in the side UE, by receiving the relevant signaling of key;Wherein, the key is that contracted user is permanent The corresponding key of identifier SUPI;Corresponding operating is carried out according to the signaling, so that the encipherment protection scheme to SUPI is realized, And then the safety in utilization of SUPI can be improved.
Optionally, the signaling is Non-Access Stratum NAS signaling.
Optionally, signatory mark symbol is carried in the signaling hides instruction SICI.
Optionally, corresponding operating is carried out according to the signaling, specifically included:
The SICI is parsed, the request instruction of the operation needed to be implemented is obtained;
Corresponding operating is carried out according to the request instruction.
Optionally, corresponding operating is carried out according to the request instruction, specifically included:
According to the request instruction, signatory mark is accorded with and hides configuration file and/or signatory mark symbol encryption key list It is operated.
Optionally, corresponding operating is carried out according to the signaling, further includes:
According to the operating result of the operation, response instruction is generated, and response instruction is encapsulated in SICI.
Optionally, the SICI is the SICI protected by safety.
Optionally, the signatory mark, which accords with, hides configuration file for storing SUPI protection scheme;The signatory mark symbol Encryption key list is used to store the encryption key being applied in SUPI protection scheme.
Optionally, corresponding operating is carried out according to the signaling, specifically included:
Determine the SUPI protection scheme for currently needing to take, and applied to the SUPI protection scheme for currently needing to take The key that SUPI is encrypted;
According to the SUPI protection scheme for currently needing to take, the SUPI protection scheme for being applied to currently need to take is utilized To the key that SUPI is encrypted, SUPI is encrypted.
Correspondingly, in network side, a kind of signaling manipulation indicating means provided by the embodiments of the present application, comprising:
Generate the relevant signaling of key;Wherein, the key is the corresponding key of contracted user's persistent identifier SUPI;
Send the signaling.
Optionally, the signaling is Non-Access Stratum NAS signaling.
Optionally, signatory mark symbol is carried in the signaling hides instruction SICI.
Optionally, the relevant signaling of the generation key, specifically includes:
Generate the request instruction for the operation that user equipment (UE) needs to be implemented;
The request instruction is encapsulated in SICI.
Optionally, the SICI is the SICI protected by safety.
Optionally, before generating the request instruction, this method further include:
The key pair for encrypting and decrypting for SUPI is generated, and identifies the key pair;
Decryption function SIDF entity being accorded with to signatory mark, SUPI decruption key being provided, Xiang Suoshu SIEKPF entity provides SUPI Encryption key.
Optionally, the operation that the UE is needed to be implemented, specifically includes: according with to signatory mark and hides configuration file and/or label About the list of identifier encryption key is operated.
Optionally, the signatory mark, which accords with, hides configuration file for storing SUPI protection scheme;The signatory mark symbol Encryption key list is used to store the encryption key being applied in SUPI protection scheme.
A kind of signaling manipulation device provided by the embodiments of the present application, comprising:
Memory, for storing program instruction;
Processor is executed for calling the program instruction stored in the memory according to the program of acquisition:
Pass through the relevant signaling of transceiver key;Wherein, the key is SUPI pairs of contracted user's persistent identifier The key answered;
Corresponding operating is carried out according to the signaling.
Optionally, the signaling is Non-Access Stratum NAS signaling.
Optionally, signatory mark symbol is carried in the signaling hides instruction SICI.
Optionally, the processor carries out corresponding operating according to the signaling, specifically includes:
The SICI is parsed, the request instruction of the operation needed to be implemented is obtained;
Corresponding operating is carried out according to the request instruction.
Optionally, the processor carries out corresponding operating according to the request instruction, specifically includes:
According to the request instruction, signatory mark is accorded with and hides configuration file and/or signatory mark symbol encryption key list It is operated.
Optionally, the processor carries out corresponding operating according to the signaling, further includes:
According to the operating result of the operation, response instruction is generated, and response instruction is encapsulated in SICI.
Optionally, the SICI is the SICI protected by safety.
Optionally, the signatory mark, which accords with, hides configuration file for storing SUPI protection scheme;The signatory mark symbol Encryption key list is used to store the encryption key being applied in SUPI protection scheme.
Optionally, the processor carries out corresponding operating according to the signaling, specifically includes:
Determine the SUPI protection scheme for currently needing to take, and applied to the SUPI protection scheme for currently needing to take The key that SUPI is encrypted;
According to the SUPI protection scheme for currently needing to take, the SUPI protection scheme for being applied to currently need to take is utilized To the key that SUPI is encrypted, SUPI is encrypted.
A kind of signaling manipulation instruction device provided by the embodiments of the present application, comprising:
Memory, for storing program instruction;
Processor is executed for calling the program instruction stored in the memory according to the program of acquisition:
Generate the relevant signaling of key;Wherein, the key is the corresponding key of contracted user's persistent identifier SUPI;
The signaling is sent by transceiver.
Optionally, the signaling is Non-Access Stratum NAS signaling.
Optionally, signatory mark symbol is carried in the signaling hides instruction SICI.
Optionally, the processor generates the relevant signaling of key, specifically includes:
Generate the request instruction for the operation that user equipment (UE) needs to be implemented;
The request instruction is encapsulated in SICI.
Optionally, the SICI is the SICI protected by safety.
Optionally, before generating the request instruction, the processor is also used to:
The key pair for encrypting and decrypting for SUPI is generated, and identifies the key pair;
Decryption function SIDF entity being accorded with to signatory mark, SUPI decruption key being provided, Xiang Suoshu SIEKPF entity provides SUPI Encryption key.
Optionally, the operation that the UE is needed to be implemented, specifically includes: according with to signatory mark and hides configuration file and/or label About the list of identifier encryption key is operated.
Optionally, the signatory mark, which accords with, hides configuration file for storing SUPI protection scheme;The signatory mark symbol Encryption key list is used to store the encryption key being applied in SUPI protection scheme.
Another kind signaling manipulation device provided by the embodiments of the present application, comprising:
Receiving unit, for receiving the relevant signaling of key;Wherein, the key is contracted user's persistent identifier SUPI Corresponding key;
Operating unit, for carrying out corresponding operating according to the signaling.
Another kind signaling manipulation instruction device provided by the embodiments of the present application, comprising:
Generation unit, for generating the relevant signaling of key;Wherein, the key is contracted user's persistent identifier SUPI Corresponding key;
Transmission unit, for sending the signaling.
Another embodiment of the application provides a kind of computer storage medium, and the computer-readable recording medium storage has Computer executable instructions, the computer executable instructions are for making the computer execute any of the above-described kind of method.
Detailed description of the invention
In order to more clearly explain the technical solutions in the embodiments of the present application, make required in being described below to embodiment Attached drawing is briefly introduced, it should be apparent that, the drawings in the following description are only some examples of the present application, for this For the those of ordinary skill in field, without creative efforts, it can also be obtained according to these attached drawings other Attached drawing.
Fig. 1 is the flow diagram of supply and the configuration of SUPI encryption key provided by the embodiments of the present application;
Fig. 2 is the flow diagram of encryption and the decryption of SUPI provided by the embodiments of the present application;
Fig. 3 is the side of interaction relevant with the hiding configuration of SUPI carried out between a kind of UE and CN provided by the embodiments of the present application The flow diagram of method;
The relevant interaction with the hiding configuration of SUPI that Fig. 4 is carried out between another kind UE and CN provided by the embodiments of the present application The flow diagram of method;
Fig. 5 is a kind of flow diagram of signaling manipulation method provided by the embodiments of the present application;
Fig. 6 is a kind of flow diagram of signaling manipulation indicating means provided by the embodiments of the present application;
Fig. 7 is a kind of structural schematic diagram of signaling manipulation device provided by the embodiments of the present application;
Fig. 8 is a kind of structural schematic diagram of signaling manipulation instruction device provided by the embodiments of the present application;
Fig. 9 is the structural schematic diagram of another signaling manipulation device provided by the embodiments of the present application;
Figure 10 is the structural schematic diagram of another signaling manipulation instruction device provided by the embodiments of the present application.
Specific embodiment
The embodiment of the present application provides a kind of signaling manipulation and its indicating means, device and computer storage medium, to It realizes to the encipherment protection scheme of SUPI, improves the safety in utilization of SUPI.
In the embodiment of the present application, it is equipped with signatory mark symbol in user equipment (User Equipment, UE) and hides configuration File (Subscription Identifier Concealing Configuration File, SICCF) and signatory mark symbol Encryption key list (Subscription Identifier Encryption Key List, SIEKL).By to the two The configuration and modification of file, to control whether UE uses SUPI, to protect the privacy of UE.To reach to both of these documents in UE Configuration and modification, devise the new parameter by Non-Access Stratum (Non-Access Stratum, NAS) messaging, that is, contract Identifier hides instruction (Subscription Identifier Concealing Instruction, SICI).Core net (Core Network, CN) utilizes the ginseng by private key supplying functional (Privacy Key Provision Function) Number SICI transmits various control instructions relevant to secret protection to UE.
It should be noted that the SUPI in the embodiment of the present application can also be referred to as signatory mark symbol.
The introduction of term involved in the embodiment of the present application or functional entity is described below:
The hiding instruction of signatory mark symbol (Subscription Identifier Concealing Instruction, SICI): for encapsulating the request relevant to signatory mark symbol hidden function configuration and response message of interaction between ue and cn, It is transmitted with will pass through NAS signaling.
UE signatory mark accords with hiding system (UE Subscription Identifier Concealing System) and holds It is capable to hide relevant function with contracted user's persistent identifier (Subscriber Permanent Identifier, SUPI), Include following function or functional entity, wherein
Signatory mark, which accords with, hides management function (Subscription Identifier Concealing Management Function, SICMF): it is responsible for maintenance signatory mark and accords with hiding configuration file (Subscription Identifier Concealing Configuration File, SICCF) and signatory mark symbol encryption key list (Subscription Identifier Encryption Key List, SIEKL), it generates and parsing signatory mark symbol hides instruction (SICI), and can Corresponding security function is called to provide confidentiality or integrity protection to SICI when needed.
Signatory mark accords with hidden function (Subscription Identifier Concealing Function, SICF): The information hiding configuration file (SICCF) and providing is provided according to signatory mark, accords with encryption key list (SIEKL) using signatory mark In provide key encryption SUPI or SUPI in partial information.
Signatory mark, which accords with, hides configuration file (Subscription Identifier Concealing Configuration File, SICCF): which kind of encipherment scheme SUPI is protected using for storing.Wherein, " short side case (null- Scheme it is) " a kind of special encipherment scheme, indicates not using any SUPI protection scheme.When selection any non-" short side case " When, it indicates to use certain SUPI protection scheme.System determines whether to protect SUPI according to the information provided in this document Which kind of protected with using scheme.
The encryption key list of signatory mark symbol (Subscription Identifier Encryption Key List, SIEKL): storing the cipher key list for encrypting SUPI.The content that list is included is as shown in following table one.Each ginseng therein Number is described as follows:
Key identifier (Key Identity): the unique identification of key.
Key (Key): key value.
Encipherment scheme (Scheme): encipherment scheme mark.(optional)
Failure period (Expiration Time): key out-of-service time.(optional)
Use mark (In Use): whether key currently can be used.(optional)
Key Identity Key Scheme Expiration Time In use
... ... ... ... ...
... ... ... ... ...
... ... ... ... ...
Table one
CN signatory mark accords with hiding system (CN Subscription Identifier Concealing System) and holds Row hides relevant function to contracted user's persistent identifier (SUPI), and it includes following function or functional entitys:
Signatory mark accords with key systematic function (Subscription Identifier Key Generation Function, SIKGF): it is responsible for encryption key and decrypts the generation of key pair;Encryption key supplying functional is accorded with to signatory mark (SIEKPF) encryption key list (Encryption Key List) is provided, accords with decryption function (SIDF) entity to signatory mark It provides decruption key list (Decryption Key List).Encryption key is identical as the key identification of corresponding decruption key. It should be noted that encryption key described in the embodiment of the present application, such as can be public key, corresponding decruption key, such as can To be private key.Use other cipher modes can also be with, such as encryption key and the identical mode of decruption key certainly.
Signatory mark accords with encryption key supplying functional (Subscription Identifier Encryption Key Provision Function, SIEKPF) entity: 1), to UE provide the cipher key list that for SUPI encrypts;2) it, is set using Which kind of encipherment scheme and use which encryption key;3) configuring condition of the hiding system of signatory mark symbol in UE, is inquired;4), raw Instruction (SICI) is hidden at parsing signatory mark symbol, and corresponding security function can be called when needed, provides machine to SICI Close property or integrity protection.
Signatory mark symbol decryption function (Subscription Identifier De-concealing Function, SIDF) entity: selection decruption key corresponding with encryption key, and encrypted content is solved according to the encipherment scheme used It is close.
Basic operation process provided by the embodiments of the present application is exemplified below:
One typical signatory mark symbol encryption key supply and configuration flow are as shown in Figure 1, specifically include:
Step 1, signatory mark accord with key systematic function (SIKGF) entity, generate the key for encrypting and decrypting for SUPI It is right, and identify the key pair of generation, i.e., encryption key and decruption key are identified respectively, establish the encryption key and decryption The corresponding relationship of key.The encryption and decryption key of generation can be based on asymmetric cryptographic algorithm, and public key is encryption key at this time, private Key is decruption key.The encryption and decryption key of generation is also possible to be based on symmetric cryptographic algorithm, at this time encryption and decryption keys phase Together.
Step 2.1, SIKGF accord with decryption function (SIDF) to signatory mark and provide SUPI decruption key;
Step 2.2, SIKGF provide SUPI encryption key to signatory mark symbol encryption key supplying functional (SIEKPF).
Step 3, signatory mark accord with encryption key supplying functional SIEKPF entity, and the signatory mark symbol generated in UE hides pipe The request instruction for the operation that reason function (SICMF) needs to be implemented, such as key updating, protection scheme setting, configuration status inquiry Deng;If system requirements provides confidentiality or integrity protection to the instruction of transmission, SIEKPF calls relevant security function complete It is operated at the confidentiality or integrity protection of instruction;The operation requests instruction of generation is encapsulated in signatory mark symbol and hidden by SIEKPF It instructs in (SICI).
The SICI of generation is supplied to access and mobile management function to ps domain (Access and by step 4, SIEKPF entity Mobility Management Function, AMF).Wherein, AMF is defined network element in 5G, belongs to the side CN.
Step 5, AMF entity are placed on SICI as an optional parameters of NAS signaling in suitable NAS signaling, concurrently Give UE.
Signatory mark in step 6, UE, which accords with, hides management function (SICMF) entity, obtains the SICI in NAS signaling; The SICI that SICMF entity resolution receives, if SICI has confidentiality or integrity protection, SICMF entity calls relevant safety Function completes decryption or integrity verification, and then gets the operation requests of SIEKPF entity transmission.
Step 7, SICMF entity according to the content in instruction, signatory mark is accorded with hide configuration file (SICCF) and/or Signatory mark accords with encryption key list (SIEKL) and carries out required operation.
Step 8, SICMF entity generate operation requests response instruction according to operating result;If system requirements is to the sound of transmission It should instruct and confidentiality or integrity protection are provided, then SICMF entity calls relevant security function to complete the secret that response instructs Property or integrity protection operation;The instruction of generation is encapsulated in signatory mark symbol and hidden in instruction (SICI) by SICMF entity.
Step 9, UE (the specific can be that existing functional entity, is also possible to SICMF entity) believe SICI as NAS The optional parameters enabled is placed in suitable NAS signaling, and is sent to AMF entity.
SICI in NAS signaling is supplied to SIEKPF entity by step 10, AMF entity.
The SICI that step 11, SIEKPF entity resolution receive;If SICI has confidentiality or integrity protection, SICMF is real Body calls relevant security function to complete decryption or integrity verification, and then gets the operation response of UE transmission.
It should be noted that key described in the embodiment of the present application, both for the key for SUPI.
One typical signatory mark symbol encryption and decryption process are as shown in Fig. 2, specifically include:
Signatory mark in step 21.1, UE accords with hidden function (SICF) entity, and inquiry signatory mark symbol hides configuration text Part (SICCF) obtains the information that use which kind of SUPI protection scheme;
Step 21.2, such as SICF entity obtain scheme (scheme) mark, and being inquired in SIEKL table using the mark can Key (key).
If query result is required using certain non-" short side case ", UE inquires signatory mark and accords with encryption key list (SIEKL), available encryption key is obtained, specifically, scheme mark is found first, is then identified according to scheme Available key is found in SIEKL cipher key list.The rule of selection should be that the key is suitable for defined protection scheme, and close Key is not out of date and/or is in available mode.If signatory mark symbol encryption key list SIEKL do not have any Optional Field (such as Scheme, expiration time, in use), then the key that may be alternatively located at SIEKL list first place is close as SUPI encryption Key.
Signatory mark in step 22, UE accords with hidden function SICF entity, close using encrypting according to the protection scheme of regulation Key encrypts SUPI, thus obtain hiding signatory mark (Subscription Concealed Identifier, SUCI), that is, SUCI (Generating SUCI) is generated.It include the mark of encryption key in SUCI.
SUCI is sent to CN by step 23, UE (specifically can be the existing capability entity in UE).
SUCI is supplied to signatory mark symbol decryption function (SIDF) entity by the AMF entity in step 24, CN.
Step 25, signatory mark symbol decryption function SIDF entity, are found close with encryption using the key identification in SUCI The corresponding decruption key of key, while obtaining used SUPI protection scheme, and then SUCI is decrypted, that is, it goes to hide SUCI (De-concealing SUCI), to obtain SUPI.
SUPI is supplied to AMF entity by step 26, SIDF entity.
In the above content, it is hidden that signatory mark symbol encryption key supplying functional (SIEKPF) is sent to the symbol of the signatory mark in UE The request (request i.e. in the step 3 of process shown in Fig. 1) of hiding management function (SICMF) entity may include as one of given an order or It combines (being not limited to these):
State reporting request: reporting the content in configuration file (SICCF) for requesting, and signatory mark symbol is reported to add Key identifier in close cipher key list (SIEKL).
The request of secret protection design of scheme: secret protection scheme mark write-in configuration to be used will currently be needed for requesting In file (SICCF).
Secret protection key write request: signatory mark is written into secret protection encryption key and relevant information for requesting It accords in encryption key list (SIEKL).
Secret protection key removal request: signatory mark is accorded with to the whole in encryption key list (SIEKL) for requesting Or part record deletion.
Correspondingly, the signatory mark in UE accords with hiding management function (SICMF) and is sent to signatory mark symbol encryption key confession The response for answering function (SIEKPF) may include as one of given an order or combination (being not limited to these):
State reporting response: for reporting content and signatory mark symbol encryption key list in configuration file (SICCF) In key identifier.
The response of secret protection design of scheme: secret protection scheme mark write-in configuration to be used will currently be needed for returning It is in file as a result, for example, success or failure.
The write-in response of secret protection key: signatory mark is written into secret protection encryption key and relevant information for returning Accord with encryption key list in as a result, for example, success or failure.
Secret protection key deletes response: signatory mark being accorded with certain record deletions in encryption key list for returning As a result, for example, success or failure.
Wherein, it hides protection scheme when the signing privacy in UE to be set as non-" short side case ", and without any available key When, UE can also be with active transmission " state reporting response ".That is, configuration file (SICCF) requires UE to carry out SUPI progress Encryption, that is, SUCI is used, but the encryption key that UE always not can be used, to need actively to report to CN current in UE State, so that CN provides it required encryption key.
The actual deployment of system is mainly related with the signatory mark symbol deployment of encryption key supplying functional (SIEKPF).
Such as: signatory mark accords with the authentication server functions in encryption key supplying functional (SIEKPF) and 5G security architecture (Authentication Server Function, AUSF) entity together (in a server, or be not required to interface into Row standardization) scene.According with signatory mark of carrying out between UE and CN in this scene hides the relevant interaction of configuration can It is completed in process to be placed on UE certification.A kind of implementation under this scene is as shown in figure 3, specifically include:
Step 31, UE send registration request to network side, route the request to access and mobile management function to ps domain AMF is real Body.
Step 32, access and mobile management function to ps domain AMF entity, to authentication server functions AUSF entity send certification to Amount or certification request.
Step 33, the SIEKPF entity together with authentication server functions AUSF entity, by Ciphering Key response or Other message carry the SICI for being supplied to AMF.The parameter can be transmitted by a variety of NAS signalings.
Step 34, UE and CN complete two-way authentication, and establish NAS secure connection.
Step 35, AMF send registration received message to UE, wherein carrying SICI parameter.
Step 36, UE send certification to CN and complete message, wherein carrying SICI parameter.In the embodiment of the present application, UE with AMF is to transmit SICI parameter by NAS signaling.
SICI is supplied to SEKPF entity by step 37, AMF.
For another example for the scene that signatory mark symbol encryption key supplying functional (SIEKPF) entity is individually connect with AMF, The relevant interaction with the hiding configuration of signatory mark symbol carried out between UE and CN in this scene, can build in NAS secure connection It is completed after vertical by NAS signaling.A kind of implementation under this scene is as shown in Figure 4.This embodiment is not it is also supposed that UE has Effective SUPI encryption key.So, specific process flow includes:
Step 41, UE send registration request to network, route the request to AMF.Because assuming that UE does not encrypt the close of SUPI Key, so UE is carried in the registration request indicates that sign-on ID hides the SICI of configuration status.That is, because operator It is required that encryption SUPI, but UE does not have key, and notifies CN by this scene.
Step 42, UE and CN complete two-way authentication, and establish NAS secure connection.
The SICI received is supplied to SIEKPF entity by step 43, AMF entity.
SUPI encryption key is encapsulated in SICI by step 44, SIEKPF entity, and the SICI is supplied to AMF entity.
Step 45, AMF entity send the NAS signaling for carrying the SICI parameter to UE.
The SUPI encryption key carried in SICI write-in signatory mark is accorded with encryption key list (SIEKL) by step 46, UE In, and successful Information encapsulation will be written in SICI, then AMF is sent to by carrying the NAS signaling of the SICI parameter Entity.
SICI is supplied to SEKPF entity by step 47, AMF entity.
In conclusion referring to Fig. 5, in the side UE, a kind of signaling manipulation method provided by the embodiments of the present application, comprising:
S501, the relevant signaling of key is received;Wherein, the key is that contracted user's persistent identifier SUPI is corresponding close Key;
S502, corresponding operating is carried out according to the signaling.
The embodiment of the present application is in the side UE, by receiving the relevant signaling of key;Wherein, the key is that contracted user is permanent The corresponding key of identifier SUPI;Corresponding operating is carried out according to the signaling, so that the encipherment protection scheme to SUPI is realized, And then the safety in utilization of SUPI can be improved.
Optionally, the signaling is Non-Access Stratum NAS signaling.
Optionally, signatory mark symbol is carried in the signaling hides instruction SICI.
Optionally, corresponding operating is carried out according to the signaling, specifically included:
The SICI is parsed, the request instruction of the operation needed to be implemented is obtained;
Corresponding operating is carried out according to the request instruction.
For example, can the SICI as described in SICMF entity resolution, obtain the request instruction of the operation needed to be implemented;And according to The request instruction carries out corresponding operating.
Certainly, the other function entity in UE is also possible to according to the executing subject that the signaling carries out corresponding operating.
Optionally, corresponding operating is carried out according to the request instruction, specifically included:
According to the request instruction, signatory mark is accorded with and hides configuration file and/or signatory mark symbol encryption key list It is operated.
Optionally, corresponding operating is carried out according to the signaling, further includes:
According to the operating result of the operation, response instruction is generated, and response instruction is encapsulated in SICI.
For example, SICMF entity accords with signatory mark and hides configuration file SICCF and/or signing according to the request instruction Identifier encryption key list SIEKL is operated.
Optionally, the SICI is the SICI protected by safety.
Optionally, the signatory mark, which accords with, hides configuration file for storing SUPI protection scheme;The signatory mark symbol Encryption key list is used to store the encryption key being applied in SUPI protection scheme.
Optionally, corresponding operating is carried out according to the signaling, specifically included:
Determine the SUPI protection scheme for currently needing to take, and applied to the SUPI protection scheme for currently needing to take The key that SUPI is encrypted;
According to the SUPI protection scheme for currently needing to take, the SUPI protection scheme for being applied to currently need to take is utilized To the key that SUPI is encrypted, SUPI is encrypted.
For example, signatory mark accords with hidden function SICF entity, according to the SUPI protection scheme that SICCF is provided, SIEKL is utilized The key provided, encrypts SUPI.
Correspondingly, in network side, such as can be in core-network side, referring to Fig. 6, a kind of signaling provided by the embodiments of the present application Method of instructing operation, comprising:
S601, the relevant signaling of key is generated;Wherein, the key is that contracted user's persistent identifier SUPI is corresponding close Key;
S602, the signaling is sent.
Optionally, the signaling is Non-Access Stratum NAS signaling.
Optionally, signatory mark symbol is carried in the signaling hides instruction SICI.
Optionally, the relevant signaling of the generation key, specifically includes:
Generate the request instruction for the operation that user equipment (UE) needs to be implemented;
The request instruction is encapsulated in SICI.
Such as:
Signatory mark accords with encryption key supplying functional SIEKPF entity, and the signatory mark symbol generated in user equipment (UE) is hidden The request instruction for the operation that management function SICMF entity needs to be implemented;
The request instruction is encapsulated in SICI by the SIEKPF entity.
Optionally, the SICI is the SICI protected by safety.
Optionally, before generating the request instruction, this method further include:
The key pair for encrypting and decrypting for SUPI is generated, and identifies the key pair;
Decryption function SIDF entity being accorded with to signatory mark, SUPI decruption key being provided, Xiang Suoshu SIEKPF entity provides SUPI Encryption key.
Such as: signatory mark accords with key systematic function SIKGF entity, generates the key pair for encrypting and decrypting for SUPI, And identify the key pair;
The SIKGF entity accords with decryption function SIDF entity to signatory mark and provides SUPI decruption key, Xiang Suoshu SIEKPF entity provides SUPI encryption key.
Optionally, the operation that the UE is needed to be implemented, specifically includes: according with to signatory mark and hides configuration file and/or label About the list of identifier encryption key is operated.
Optionally, the signatory mark, which accords with, hides configuration file for storing SUPI protection scheme;The signatory mark symbol Encryption key list is used to store the encryption key being applied in SUPI protection scheme.
It is corresponding with above-mentioned signaling manipulation method, referring to Fig. 7, in terminal side, a kind of letter provided by the embodiments of the present application Enable operating device, comprising:
Memory 620, for storing program instruction;
Processor 600 is executed for calling the program instruction stored in the memory according to the program of acquisition:
The relevant signaling of key is received by transceiver 610;Wherein, the key is contracted user's persistent identifier SUPI Corresponding key;
Corresponding operating is carried out according to the signaling.
Optionally, the signaling is Non-Access Stratum NAS signaling.
Optionally, signatory mark symbol is carried in the signaling hides instruction SICI.
Optionally, the processor carries out corresponding operating according to the signaling, specifically includes:
The SICI is parsed, the request instruction of the operation needed to be implemented is obtained;
Corresponding operating is carried out according to the request instruction.
Optionally, the processor carries out corresponding operating according to the request instruction, specifically includes:
According to the request instruction, signatory mark is accorded with and hides configuration file and/or signatory mark symbol encryption key list It is operated.
Optionally, the processor carries out corresponding operating according to the signaling, further includes:
According to the operating result of the operation, response instruction is generated, and response instruction is encapsulated in SICI.
Optionally, the SICI is the SICI protected by safety.
Optionally, the signatory mark, which accords with, hides configuration file for storing SUPI protection scheme;The signatory mark symbol Encryption key list is used to store the encryption key being applied in SUPI protection scheme.
Optionally, the processor carries out corresponding operating according to the signaling, specifically includes:
Determine the SUPI protection scheme for currently needing to take, and applied to the SUPI protection scheme for currently needing to take The key that SUPI is encrypted;
According to the SUPI protection scheme for currently needing to take, the SUPI protection scheme for being applied to currently need to take is utilized To the key that SUPI is encrypted, SUPI is encrypted.
Transceiver 610, for sending and receiving data under the control of processor 600.
Wherein, in Fig. 7, bus architecture may include the bus and bridge of any number of interconnection, specifically by processor 600 The various circuits for the memory that the one or more processors and memory 620 of representative represent link together.Bus architecture is also Various other circuits of such as peripheral equipment, voltage-stablizer and management circuit or the like can be linked together, these are all It is it is known in the art, therefore, it will not be further described herein.Bus interface provides interface.Transceiver 610 can To be multiple element, that is, includes transmitter and receiver, the list for communicating over a transmission medium with various other devices is provided Member.For different user equipmenies, user interface 630, which can also be, external the interface for needing equipment is inscribed, and connection is set Standby including but not limited to keypad, display, loudspeaker, microphone, control stick etc..
Processor 600, which is responsible for management bus architecture and common processing, memory 620, can store processor 600 and is holding Used data when row operation.
Optionally, processor 600 can be CPU (centre buries device), ASIC (Application Specific Integrated Circuit, specific integrated circuit), (Field-Programmable Gate Array, scene can compile FPGA Journey gate array) or CPLD (Complex Programmable Logic Device, Complex Programmable Logic Devices).
Referring to Fig. 8, in network side, with above-mentioned signaling manipulation indicating means correspondingly, provided by the embodiments of the present application one Kind signaling manipulation instruction device, comprising:
Memory 520, for storing program instruction;
Processor 500 is executed for calling the program instruction stored in the memory according to the program of acquisition:
Generate the relevant signaling of key;Wherein, the key is the corresponding key of contracted user's persistent identifier SUPI;
The signaling is sent by transceiver 510.
Optionally, the signaling is Non-Access Stratum NAS signaling.
Optionally, signatory mark symbol is carried in the signaling hides instruction SICI.
Optionally, the processor generates the relevant signaling of key, specifically includes:
Generate the request instruction for the operation that user equipment (UE) needs to be implemented;
The request instruction is encapsulated in SICI.
Optionally, the SICI is the SICI protected by safety.
Optionally, before generating the request instruction, the processor is also used to:
The key pair for encrypting and decrypting for SUPI is generated, and identifies the key pair;
Decryption function SIDF entity being accorded with to signatory mark, SUPI decruption key being provided, Xiang Suoshu SIEKPF entity provides SUPI Encryption key.
Optionally, the operation that the UE is needed to be implemented, specifically includes: according with to signatory mark and hides configuration file and/or label About the list of identifier encryption key is operated.
Optionally, the signatory mark, which accords with, hides configuration file for storing SUPI protection scheme;The signatory mark symbol Encryption key list is used to store the encryption key being applied in SUPI protection scheme.
Transceiver 510, for sending and receiving data under control of the processor 500.
Wherein, in fig. 8, bus architecture may include the bus and bridge of any number of interconnection, specifically by processor 500 The various circuits for the memory that the one or more processors and memory 520 of representative represent link together.Bus architecture is also Various other circuits of such as peripheral equipment, voltage-stablizer and management circuit or the like can be linked together, these are all It is it is known in the art, therefore, it will not be further described herein.Bus interface provides interface.Transceiver 510 can To be multiple element, that is, includes transmitter and transceiver, the list for communicating over a transmission medium with various other devices is provided Member.Processor 500, which is responsible for management bus architecture and common processing, memory 520, can store processor 500 and is executing operation When used data.
Processor 500 can be centre and bury device (CPU), specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array (Field-Programmable Gate Array, ) or Complex Programmable Logic Devices (Complex Programmable Logic Device, CPLD) FPGA.
In the side UE, referring to Fig. 9, another kind signaling manipulation device provided by the embodiments of the present application, comprising:
Receiving unit 91, for receiving the relevant signaling of key;Wherein, the key is contracted user's persistent identifier The corresponding key of SUPI;
Operating unit 92, for carrying out corresponding operating according to the signaling.
In the side CN, referring to Figure 10, another kind signaling manipulation instruction device provided by the embodiments of the present application, comprising:
Generation unit 101, for generating the relevant signaling of key;Wherein, the key is contracted user's persistent identifier The corresponding key of SUPI;
Transmission unit 102, for sending the signaling.
Above-mentioned signaling manipulation method provided by the embodiments of the present application can be applied to terminal device, and terminal device can also be referred to as For user equipment (User Equipment, referred to as " UE "), mobile station (Mobile Station, referred to as " MS "), movement Terminal (Mobile Terminal) etc., optionally, which can have through wireless access network (Radio Access Network, RAN) ability that is communicated with one or more core nets, for example, terminal can be mobile phone (or is " honeycomb " phone) or with the computer etc. for moving property, for example, terminal can also be portable, pocket, hand-held, meter Built in calculation machine or vehicle-mounted mobile device.
Another embodiment of the application provides a kind of computer storage medium, and the computer-readable recording medium storage has Computer executable instructions, the computer executable instructions are for making the computer execute any of the above-described kind of method.
The computer storage medium can be any usable medium or data storage device that computer can access, packet Include but be not limited to magnetic storage (such as floppy disk, hard disk, tape, magneto-optic disk (MO) etc.), optical memory (such as CD, DVD, BD, HVD etc.) and semiconductor memory (such as it is ROM, EPROM, EEPROM, nonvolatile memory (NAND FLASH), solid State hard disk (SSD)) etc..
In conclusion in technical solution provided by the embodiments of the present application, including following entity: signatory mark accords with key and generates Function (SIKGF), signatory mark accord with encryption key supplying functional (SIEKPF), and signatory mark, which accords with, hides management function (SICMF), Signatory mark accords with hidden function (SICF), and signatory mark, which accords with, hides configuration file (SICCF), and signatory mark accords with encryption key list (SIEKL)。
A name is defined in technical solution provided by the embodiments of the present application are as follows: signatory mark symbol hides instruction The NAS parameter of (Subscription Identifier Concealing Instruction, SICI), the parameter are used to carry The instruction relevant to signatory mark symbol hidden function configuration transmitted between UE and CN or message.
The SIEKPF of the side CN is responsible for: sending to accord with for signatory mark to UE and hides key used in scheme;It deletes no longer The key used;Which kind of signatory mark be set using and is accorded with and hides scheme;It inquires signatory mark in UE and accords with and hide configuration information;It will hair The instruction sent is encapsulated in SICI;When needing to provide confidentiality or integrity protection to the content in SICI, call corresponding Security function completes the safeguard protection to SICI.
The SICCF of the side UE accords with protection scheme using which kind of signatory mark for storing;The SIEKL of the side UE is for storing application Encryption key in signatory mark symbol protection scheme.
The SICMF of the side UE is responsible for: processing receives the operational order being encapsulated in SICI that CN is sent, and according to instruction Instruction is updated operation to SICCF and SIEKL;SICMF is also responsible for be sent to the Information encapsulation of CN in SICI;If desired Confidentiality or integrity protection are provided to the content in SICI, then it is also responsible for that corresponding security function is called to complete to SICI's Safeguard protection.
The SICF of the side UE is responsible for: the instruction information (signatory mark symbol protection scheme) provided according to SICCF utilizes SIEKL The key pair signatory mark symbol (SUPI) provided encrypts.
The SIKGF of the side CN is responsible for: generating the key pair for signatory mark symbol encryption and decryption, and identifies the key of generation It is right, encryption key is then supplied to SIEKPF.
The privacy of user, this Shen are clearly protected in the safe TS of 3GPP SA3 5G using public key encryption SUPI at present Please embodiment provide specific solution, provide and how key and cipher key related information be supplied to UE, Yi Jiru What manages the technical solution of these keys.
It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more, The shape for the computer program product implemented in usable storage medium (including but not limited to magnetic disk storage and optical memory etc.) Formula.
The application is referring to method, the process of equipment (system) and computer program product according to the embodiment of the present application Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
Obviously, those skilled in the art can carry out various modification and variations without departing from the essence of the application to the application Mind and range.In this way, if these modifications and variations of the application belong to the range of the claim of this application and its equivalent technologies Within, then the application is also intended to include these modifications and variations.

Claims (37)

1. a kind of signaling manipulation method, which is characterized in that this method comprises:
Receive the relevant signaling of key;Wherein, the key is the corresponding key of contracted user's persistent identifier SUPI;
Corresponding operating is carried out according to the signaling.
2. the method according to claim 1, wherein the signaling is Non-Access Stratum NAS signaling.
3. the method according to claim 1, wherein carrying signatory mark symbol in the signaling hides instruction SICI。
4. according to the method described in claim 3, it is characterized in that, being specifically included according to signaling progress corresponding operating:
The SICI is parsed, the request instruction of the operation needed to be implemented is obtained;
Corresponding operating is carried out according to the request instruction.
5. according to the method described in claim 4, it is characterized in that, carrying out corresponding operating, specific packet according to the request instruction It includes:
According to the request instruction, signatory mark is accorded with and hides configuration file and/or signatory mark symbol encryption key list progress Operation.
6. method according to claim 4 or 5, which is characterized in that carry out corresponding operating according to the signaling, further includes:
According to the operating result of the operation, response instruction is generated, and response instruction is encapsulated in SICI.
7. according to the method described in claim 6, it is characterized in that, the SICI is the SICI protected by safety.
8. according to the method described in claim 5, it is characterized in that, the signatory mark, which accords with, hides configuration file for storing SUPI protection scheme;The signatory mark symbol encryption key list is used to store the encryption being applied in SUPI protection scheme close Key.
9. being specifically included the method according to claim 1, wherein carrying out corresponding operating according to the signaling:
Determine the SUPI protection scheme for currently needing to take, and pair applied to the SUPI protection scheme for currently needing to take The key that SUPI is encrypted;
According to the SUPI protection scheme for currently needing to take, pair for the SUPI protection scheme for being applied to currently need to take is utilized The key that SUPI is encrypted, encrypts SUPI.
10. a kind of signaling manipulation indicating means characterized by comprising
Generate the relevant signaling of key;Wherein, the key is the corresponding key of contracted user's persistent identifier SUPI;
Send the signaling.
11. according to the method described in claim 10, it is characterized in that, the signaling is Non-Access Stratum NAS signaling.
12. according to the method described in claim 10, it is characterized in that, carrying signatory mark symbol in the signaling hides instruction SICI。
13. according to the method for claim 12, which is characterized in that the relevant signaling of the generation key specifically includes:
Generate the request instruction for the operation that user equipment (UE) needs to be implemented;
The request instruction is encapsulated in SICI.
14. according to the method for claim 13, which is characterized in that the SICI is the SICI protected by safety.
15. according to the method for claim 13, which is characterized in that before generating the request instruction, this method is also wrapped It includes:
The key pair for encrypting and decrypting for SUPI is generated, and identifies the key pair;
Decryption function SIDF entity being accorded with to signatory mark, SUPI decruption key being provided, Xiang Suoshu SIEKPF entity provides SUPI encryption Key.
16. 3~15 any method according to claim 1, which is characterized in that the operation that the UE is needed to be implemented, specifically It include: to be operated to the hiding configuration file of signatory mark symbol and/or signatory mark symbol encryption key list.
17. according to the method for claim 16, which is characterized in that the signatory mark, which accords with, hides configuration file for storing SUPI protection scheme;The signatory mark symbol encryption key list is used to store the encryption being applied in SUPI protection scheme close Key.
18. a kind of signaling manipulation device characterized by comprising
Memory, for storing program instruction;
Processor is executed for calling the program instruction stored in the memory according to the program of acquisition:
Pass through the relevant signaling of transceiver key;Wherein, the key is that contracted user's persistent identifier SUPI is corresponding Key;
Corresponding operating is carried out according to the signaling.
19. device according to claim 18, which is characterized in that the signaling is Non-Access Stratum NAS signaling.
20. device according to claim 18, which is characterized in that carry signatory mark symbol in the signaling and hide instruction SICI。
21. device according to claim 20, which is characterized in that the processor is accordingly grasped according to the signaling Make, specifically include:
The SICI is parsed, the request instruction of the operation needed to be implemented is obtained;
Corresponding operating is carried out according to the request instruction.
22. device according to claim 21, which is characterized in that the processor carries out corresponding according to the request instruction Operation, specifically includes:
According to the request instruction, signatory mark is accorded with and hides configuration file and/or signatory mark symbol encryption key list progress Operation.
23. the device according to claim 21 or 22, which is characterized in that the processor carries out corresponding according to the signaling Operation, further includes:
According to the operating result of the operation, response instruction is generated, and response instruction is encapsulated in SICI.
24. device according to claim 23, which is characterized in that the SICI is the SICI protected by safety.
25. device according to claim 22, which is characterized in that the signatory mark, which accords with, hides configuration file for storing SUPI protection scheme;The signatory mark symbol encryption key list is used to store the encryption being applied in SUPI protection scheme close Key.
26. device according to claim 19, which is characterized in that the processor is accordingly grasped according to the signaling Make, specifically include:
Determine the SUPI protection scheme for currently needing to take, and pair applied to the SUPI protection scheme for currently needing to take The key that SUPI is encrypted;
According to the SUPI protection scheme for currently needing to take, pair for the SUPI protection scheme for being applied to currently need to take is utilized The key that SUPI is encrypted, encrypts SUPI.
27. a kind of signaling manipulation instruction device characterized by comprising
Memory, for storing program instruction;
Processor is executed for calling the program instruction stored in the memory according to the program of acquisition:
Generate the relevant signaling of key;Wherein, the key is the corresponding key of contracted user's persistent identifier SUPI;
The signaling is sent by transceiver.
28. device according to claim 27, which is characterized in that the signaling is Non-Access Stratum NAS signaling.
29. device according to claim 27, which is characterized in that carry signatory mark symbol in the signaling and hide instruction SICI。
30. device according to claim 29, which is characterized in that the processor generates the relevant signaling of key, specifically Include:
Generate the request instruction for the operation that user equipment (UE) needs to be implemented;
The request instruction is encapsulated in SICI.
31. device according to claim 30, which is characterized in that the SICI is the SICI protected by safety.
32. device according to claim 30, which is characterized in that before generating the request instruction, the processor It is also used to:
The key pair for encrypting and decrypting for SUPI is generated, and identifies the key pair;
Decryption function SIDF entity being accorded with to signatory mark, SUPI decruption key being provided, Xiang Suoshu SIEKPF entity provides SUPI encryption Key.
33. according to any device of claim 30~32, which is characterized in that the operation that the UE is needed to be implemented, specifically It include: to be operated to the hiding configuration file of signatory mark symbol and/or signatory mark symbol encryption key list.
34. device according to claim 33, which is characterized in that the signatory mark, which accords with, hides configuration file for storing SUPI protection scheme;The signatory mark symbol encryption key list is used to store the encryption being applied in SUPI protection scheme close Key.
35. a kind of signaling manipulation device characterized by comprising
Receiving unit, for receiving the relevant signaling of key;Wherein, the key is corresponding for contracted user's persistent identifier SUPI Key;
Operating unit, for carrying out corresponding operating according to the signaling.
36. a kind of signaling manipulation instruction device characterized by comprising
Generation unit, for generating the relevant signaling of key;Wherein, the key is corresponding for contracted user's persistent identifier SUPI Key;
Transmission unit, for sending the signaling.
37. a kind of computer storage medium, which is characterized in that the computer-readable recording medium storage has computer executable Instruction, the computer executable instructions are for making the computer perform claim require 1 to 17 described in any item methods.
CN201710910440.4A 2017-09-29 2017-09-29 Signaling operation and indication method and device thereof, and computer storage medium Active CN109586899B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710910440.4A CN109586899B (en) 2017-09-29 2017-09-29 Signaling operation and indication method and device thereof, and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710910440.4A CN109586899B (en) 2017-09-29 2017-09-29 Signaling operation and indication method and device thereof, and computer storage medium

Publications (2)

Publication Number Publication Date
CN109586899A true CN109586899A (en) 2019-04-05
CN109586899B CN109586899B (en) 2021-02-09

Family

ID=65919205

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710910440.4A Active CN109586899B (en) 2017-09-29 2017-09-29 Signaling operation and indication method and device thereof, and computer storage medium

Country Status (1)

Country Link
CN (1) CN109586899B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111800372A (en) * 2019-07-22 2020-10-20 维沃移动通信有限公司 Data transmission method and equipment
CN112866988A (en) * 2019-11-13 2021-05-28 中国电信股份有限公司 Privacy protection method and device for terminal and terminal
WO2022078058A1 (en) * 2020-10-13 2022-04-21 中兴通讯股份有限公司 Decryption method, server and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101690287A (en) * 2007-04-20 2010-03-31 Lm爱立信电话有限公司 Method and system for mobile device credentialing
CN104255064A (en) * 2012-05-03 2014-12-31 瑞典华为技术有限公司 Sending access information from physical access control system to user terminal
CN104504314A (en) * 2013-06-04 2015-04-08 Fuhu控股公司 Access control system
US20150271850A1 (en) * 2012-10-16 2015-09-24 Lg Electronics Inc. Method and apparatus for transmitting signal in wireless lan system
US20170070880A1 (en) * 2014-08-01 2017-03-09 Lg Electronics Inc. Method of performing an initial access by protecting privacy on a network and user equipment therefor
CN106921502A (en) * 2015-12-28 2017-07-04 华为技术有限公司 The method of charging and policy control, PCRF and OCS
CN107209983A (en) * 2014-07-30 2017-09-26 总锁有限责任公司 Wireless key for certification is managed

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101690287A (en) * 2007-04-20 2010-03-31 Lm爱立信电话有限公司 Method and system for mobile device credentialing
CN104255064A (en) * 2012-05-03 2014-12-31 瑞典华为技术有限公司 Sending access information from physical access control system to user terminal
US20150271850A1 (en) * 2012-10-16 2015-09-24 Lg Electronics Inc. Method and apparatus for transmitting signal in wireless lan system
CN104504314A (en) * 2013-06-04 2015-04-08 Fuhu控股公司 Access control system
CN107209983A (en) * 2014-07-30 2017-09-26 总锁有限责任公司 Wireless key for certification is managed
US20170070880A1 (en) * 2014-08-01 2017-03-09 Lg Electronics Inc. Method of performing an initial access by protecting privacy on a network and user equipment therefor
CN106921502A (en) * 2015-12-28 2017-07-04 华为技术有限公司 The method of charging and policy control, PCRF and OCS

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
3GPP: "3GPP TR 29.891 V0.4.0 Release 15", 《3GPP TSG SA WG3 (SECURITY) MEETING #88-BIS ADHOC》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111800372A (en) * 2019-07-22 2020-10-20 维沃移动通信有限公司 Data transmission method and equipment
CN112866988A (en) * 2019-11-13 2021-05-28 中国电信股份有限公司 Privacy protection method and device for terminal and terminal
CN112866988B (en) * 2019-11-13 2023-03-28 中国电信股份有限公司 Privacy protection method and device for terminal and terminal
WO2022078058A1 (en) * 2020-10-13 2022-04-21 中兴通讯股份有限公司 Decryption method, server and storage medium

Also Published As

Publication number Publication date
CN109586899B (en) 2021-02-09

Similar Documents

Publication Publication Date Title
CN107079023B (en) User plane security for next generation cellular networks
CN107317789B (en) Key distribution and authentication method, device and system
WO2017114123A1 (en) Key configuration method and key management center, and network element
CN102196425B (en) Quantum-key-distribution-network-based mobile encryption system and communication method thereof
CN103533539B (en) Virtual SIM card parameter management method and device
CN108683510B (en) User identity updating method for encrypted transmission
CN105553951A (en) Data transmission method and data transmission device
CN101102186B (en) Method for implementing general authentication framework service push
CN101635924B (en) CDMA port-to-port encryption communication system and key distribution method thereof
CN103458400B (en) A kind of key management method in voice encryption communication system
CN101340443A (en) Session key negotiating method, system and server in communication network
CN104769982B (en) The method and device securely communicated between user equipment
CN1939028A (en) Accessing protected data on network storage from multiple devices
CN101808313B (en) Method for acquiring TMSI (Temporary Mobile Subscriber Identity), mobile station, home location register and communication system
US11863977B2 (en) Key generation method, device, and system
CN110475247A (en) Message treatment method and device
US20200120495A1 (en) Mitigation of problems arising from sim key leakage
CN109586899A (en) Signaling manipulation and its indicating means, device and computer storage medium
KR100931986B1 (en) Terminal and method for transmitting message and receiving message
CN102739719B (en) User profile synchronous method and system thereof
CN106789000A (en) A kind of secret phone system and method based on TEE technologies and wearable device
CN105262759A (en) Method and system for encrypted communication
CN103354637A (en) Internet of things terminal M2M communication encryption method
CN113365264A (en) Block chain wireless network data transmission method, device and system
CN114553426A (en) Signature verification method, key management platform, security terminal and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 100191 No. 40, Haidian District, Beijing, Xueyuan Road

Patentee after: CHINA ACADEMY OF TELECOMMUNICATIONS TECHNOLOGY

Address before: 100191 No. 40, Haidian District, Beijing, Xueyuan Road

Patentee before: CHINA ACADEMY OF TELECOMMUNICATIONS TECHNOLOGY

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20210528

Address after: 100085 1st floor, building 1, yard 5, Shangdi East Road, Haidian District, Beijing

Patentee after: DATANG MOBILE COMMUNICATIONS EQUIPMENT Co.,Ltd.

Address before: 100191 No. 40, Haidian District, Beijing, Xueyuan Road

Patentee before: CHINA ACADEMY OF TELECOMMUNICATIONS TECHNOLOGY