CN109586899B - Signaling operation and indication method and device thereof, and computer storage medium - Google Patents

Signaling operation and indication method and device thereof, and computer storage medium Download PDF

Info

Publication number
CN109586899B
CN109586899B CN201710910440.4A CN201710910440A CN109586899B CN 109586899 B CN109586899 B CN 109586899B CN 201710910440 A CN201710910440 A CN 201710910440A CN 109586899 B CN109586899 B CN 109586899B
Authority
CN
China
Prior art keywords
signaling
key
supi
sici
subscription identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710910440.4A
Other languages
Chinese (zh)
Other versions
CN109586899A (en
Inventor
周巍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Academy of Telecommunications Technology CATT
Datang Mobile Communications Equipment Co Ltd
Original Assignee
China Academy of Telecommunications Technology CATT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Academy of Telecommunications Technology CATT filed Critical China Academy of Telecommunications Technology CATT
Priority to CN201710910440.4A priority Critical patent/CN109586899B/en
Publication of CN109586899A publication Critical patent/CN109586899A/en
Application granted granted Critical
Publication of CN109586899B publication Critical patent/CN109586899B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application discloses a signaling operation and indication method, device and computer storage medium thereof, which are used for realizing an encryption protection scheme of SUPI and improving the use safety of the SUPI. The application provides a signaling operation method, which comprises the following steps: receiving key-related signaling; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber; and carrying out corresponding operation according to the signaling.

Description

Signaling operation and indication method and device thereof, and computer storage medium
Technical Field
The present application relates to the field of communications technologies, and in particular, to a signaling operation and indication method, an apparatus, and a computer storage medium thereof.
Background
The 3rd Generation Partnership Project (3 GPP) security group (SA3) has determined that encryption protection for a Subscriber Permanent Identifier (SUPI) is achieved using public key encryption technology, but a specific implementation scheme is not yet clear.
Disclosure of Invention
The embodiment of the application provides a signaling operation and indication method and device thereof and a computer storage medium, which are used for realizing an encryption protection scheme of SUPI and improving the use safety of the SUPI.
The signaling operation method provided by the embodiment of the application comprises the following steps:
receiving key-related signaling; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber;
and carrying out corresponding operation according to the signaling.
In the embodiment of the application, at the UE side, the signaling related to the key is received; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber; and performing corresponding operation according to the signaling, thereby realizing the encryption protection scheme of the SUPI and further improving the use safety of the SUPI.
Optionally, the signaling is non-access stratum NAS signaling.
Optionally, the signaling carries a subscription identifier hiding instruction SICI.
Optionally, performing corresponding operations according to the signaling specifically includes:
analyzing the SICI to obtain a request instruction of an operation to be executed;
and performing corresponding operation according to the request instruction.
Optionally, performing corresponding operations according to the request instruction specifically includes:
and operating the subscription identifier hiding configuration file and/or the subscription identifier encryption key list according to the request instruction.
Optionally, performing corresponding operations according to the signaling, further includes:
and generating a response instruction according to the operation result of the operation, and packaging the response instruction in the SICI.
Optionally, the SICI is a security protected SICI.
Optionally, the subscription identifier hiding profile is for storing a SUPI protection scheme; the subscription identifier encryption key list is used to store encryption keys applied in the SUPI protection scheme.
Optionally, performing corresponding operations according to the signaling specifically includes:
determining the SUPI protection scheme needing to be adopted currently and a key for encrypting the SUPI applied to the SUPI protection scheme needing to be adopted currently;
according to the SUPI protection scheme which needs to be adopted currently, encryption protection is carried out on the SUPI by using the key which is applied to the SUPI protection scheme which needs to be adopted currently and used for encrypting the SUPI.
Correspondingly, on the network side, a signaling operation indication method provided in the embodiment of the present application includes:
generating key-dependent signaling; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber;
and sending the signaling.
Optionally, the signaling is non-access stratum NAS signaling.
Optionally, the signaling carries a subscription identifier hiding instruction SICI.
Optionally, the signaling related to key generation specifically includes:
generating a request instruction of an operation required to be executed by User Equipment (UE);
and encapsulating the request instruction in SICI.
Optionally, the SICI is a security protected SICI.
Optionally, before generating the request instruction, the method further includes:
generating a key pair for SUPI encryption and decryption and identifying the key pair;
providing a SUPI decryption key to a subscription identifier decryption function, SIDF, entity and providing a SUPI encryption key to the SIEKPF entity.
Optionally, the operations that the UE needs to perform include: a subscription identifier hiding profile and/or a subscription identifier encryption key list is operated.
Optionally, the subscription identifier hiding profile is for storing a SUPI protection scheme; the subscription identifier encryption key list is used to store encryption keys applied in the SUPI protection scheme.
An embodiment of the present application provides a signaling operation apparatus, including:
a memory for storing program instructions;
a processor for calling the program instructions stored in the memory and executing according to the obtained program:
receiving, by a transceiver, key-related signaling; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber;
and carrying out corresponding operation according to the signaling.
Optionally, the signaling is non-access stratum NAS signaling.
Optionally, the signaling carries a subscription identifier hiding instruction SICI.
Optionally, the processor performs corresponding operations according to the signaling, specifically including:
analyzing the SICI to obtain a request instruction of an operation to be executed;
and performing corresponding operation according to the request instruction.
Optionally, the processor performs corresponding operations according to the request instruction, specifically including:
and operating the subscription identifier hiding configuration file and/or the subscription identifier encryption key list according to the request instruction.
Optionally, the processor performs corresponding operations according to the signaling, and further includes:
and generating a response instruction according to the operation result of the operation, and packaging the response instruction in the SICI.
Optionally, the SICI is a security protected SICI.
Optionally, the subscription identifier hiding profile is for storing a SUPI protection scheme; the subscription identifier encryption key list is used to store encryption keys applied in the SUPI protection scheme.
Optionally, the processor performs corresponding operations according to the signaling, specifically including:
determining the SUPI protection scheme needing to be adopted currently and a key for encrypting the SUPI applied to the SUPI protection scheme needing to be adopted currently;
according to the SUPI protection scheme which needs to be adopted currently, encryption protection is carried out on the SUPI by using the key which is applied to the SUPI protection scheme which needs to be adopted currently and used for encrypting the SUPI.
An embodiment of the present application provides a signaling operation indicating device, including:
a memory for storing program instructions;
a processor for calling the program instructions stored in the memory and executing according to the obtained program:
generating key-dependent signaling; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber;
the signaling is sent by a transceiver.
Optionally, the signaling is non-access stratum NAS signaling.
Optionally, the signaling carries a subscription identifier hiding instruction SICI.
Optionally, the generating, by the processor, a signaling related to a key specifically includes:
generating a request instruction of an operation required to be executed by User Equipment (UE);
and encapsulating the request instruction in SICI.
Optionally, the SICI is a security protected SICI.
Optionally, before generating the request instruction, the processor is further configured to:
generating a key pair for SUPI encryption and decryption and identifying the key pair;
providing a SUPI decryption key to a subscription identifier decryption function, SIDF, entity and providing a SUPI encryption key to the SIEKPF entity.
Optionally, the operations that the UE needs to perform include: a subscription identifier hiding profile and/or a subscription identifier encryption key list is operated.
Optionally, the subscription identifier hiding profile is for storing a SUPI protection scheme; the subscription identifier encryption key list is used to store encryption keys applied in the SUPI protection scheme.
Another signaling operation apparatus provided in an embodiment of the present application includes:
a receiving unit, configured to receive a key-related signaling; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber;
and the operation unit is used for carrying out corresponding operation according to the signaling.
Another signaling operation indication apparatus provided in an embodiment of the present application includes:
a generating unit for generating a key-dependent signaling; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber;
a sending unit, configured to send the signaling.
Another embodiment of the present application provides a computer storage medium having stored thereon computer-executable instructions for causing a computer to perform any one of the methods described above.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flow diagram illustrating provisioning and configuration of SUPI encryption keys provided by an embodiment of the present application;
fig. 2 is a schematic flow chart of encryption and decryption of SUPI provided in an embodiment of the present application;
fig. 3 is a flowchart illustrating an interaction method performed between a UE and a CN and related to SUPI hidden configuration according to an embodiment of the present application;
fig. 4 is a flowchart illustrating another interaction method performed between a UE and a CN and related to a SUPI hidden configuration according to an embodiment of the present application;
fig. 5 is a flowchart illustrating a signaling operation method according to an embodiment of the present application;
fig. 6 is a flowchart illustrating a signaling operation indication method according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a signaling operation apparatus according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a signaling operation indication apparatus according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of another signaling operation apparatus according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of another signaling operation indication apparatus according to an embodiment of the present application.
Detailed Description
The embodiment of the application provides a signaling operation and indication method and device thereof and a computer storage medium, which are used for realizing an encryption protection scheme of SUPI and improving the use safety of the SUPI.
In the embodiment of the present application, a Subscription Identifier hiding Configuration File (SICCF) and a Subscription Identifier Encryption Key List (SIEKL) are set in a User Equipment (UE). Whether the UE uses the SUPI is controlled through the configuration and modification of the two files so as to protect the privacy of the UE. To configure and modify these two files in the UE, a new parameter, namely, a Subscription Identifier hiding Instruction (sic i), transmitted through a Non-Access Stratum (NAS) message is designed. The Core Network (CN) uses the parameter SICI to transmit various Privacy protection related control instructions to the UE through a Privacy Key provisioning Function (Privacy Key provisioning Function).
Note that the SUPI in the embodiment of the present application may also be simply referred to as a subscription identifier.
The following is a description of terms or functional entities involved in the embodiments of the present application:
subscription Identifier hiding Instruction (SICI): for encapsulating the request and response information related to the subscription identifier hiding function configuration interacted between the UE and the CN for transmission through NAS signaling.
The UE Subscription Identifier hiding System (UE Subscription Identifier hiding System) performs functions related to Subscription Permanent Identifier (SUPI) hiding, which includes functions or functional entities, wherein,
subscription Identifier hiding Management Function (SICMF): the system is responsible for maintaining a Subscription Identifier hiding Configuration File (SICCF) and a Subscription Identifier Encryption Key List (SIEKL), generating and resolving a Subscription Identifier hiding instruction (SICI), and calling a corresponding security function to provide confidentiality or integrity protection for the SICI when needed.
Subscription Identifier hiding Function (SICF): SUPI or part of the information in SUPI is encrypted with a key given in a Subscription Identifier Encryption Key List (SIEKL) according to information provided by a subscription identifier hiding profile (SICCF).
Subscription Identifier hiding Configuration File (SICCF): for storing which encryption scheme to use to protect SUPI. Here, the null scheme is a special encryption scheme, which means that no SUPI protection scheme is used. When any non "null scheme" is selected, it means that a certain SUPI protection scheme is used. The system determines from the information provided in the file whether to protect SUPI and what scheme to protect.
Subscription Identifier Encryption Key List (Subscription Identifier Encryption Key List, SIEKL): a list of keys used to encrypt SUPI is stored. The contents of the list are shown in table one below. The parameters are described as follows:
key identifier (Key Identity): a unique identification of the key.
Key (Key): the key value.
Encryption Scheme (Scheme): and identifying the encryption scheme. (optional)
Expiration Time (Expiration Time): time to key failure. (optional)
Use designation (In Use): whether the key is currently available. (optional)
Key Identity Key Scheme Expiration Time In use
... ... ... ... ...
... ... ... ... ...
... ... ... ... ...
Watch 1
The CN Subscription Identifier hiding System (CN Subscription Identifier hiding System) performs functions related to Subscription permanent Identifier (SUPI) hiding, which includes functions or functional entities as follows:
subscription Identifier Key Generation Function (SIKGF): responsible for the generation of encryption key and decryption key pairs; an Encryption Key List (Encryption Key List) is provided to a Subscription Identifier Encryption Key Provisioning Function (SIEKPF), and a Decryption Key List (Decryption Key List) is provided to a Subscription Identifier Decryption Function (SIDF) entity. The encryption key is identical to the key identification of the corresponding decryption key. It should be noted that, in the embodiment of the present application, the encryption key may be, for example, a public key, and the corresponding decryption key may be, for example, a private key. Of course, other encryption schemes are possible, such as the same encryption key and decryption key.
Subscription Identifier Encryption Key Provisioning Function (SIEKPF) entity: 1) providing a key list for SUPI encryption to the UE; 2) setting which encryption scheme to use and which encryption key to use; 3) inquiring the configuration condition of a signing identifier hiding system in the UE; 4) and generating and analyzing a subscription identifier hiding instruction (SICI), and calling a corresponding security function when needed to provide confidentiality or integrity protection for the SICI.
Subscription Identifier Decryption Function (SIDF) entity: a decryption key corresponding to the encryption key is selected and the encrypted content is decrypted according to the encryption scheme used.
The following illustrates the basic operation processes provided by the embodiments of the present application:
a typical subscription identifier encryption key provisioning and configuration flow is shown in fig. 1, and specifically includes:
step 1, a Subscription Identifier Key Generation Function (SIKGF) entity generates a key pair for SUPI encryption and decryption, identifies the generated key pair, i.e. identifies an encryption key and a decryption key respectively, and establishes a correspondence relationship between the encryption key and the decryption key. The generated encryption and decryption keys may be based on an asymmetric cryptographic algorithm, in which case the public key is an encryption key and the private key is a decryption key. The generated encryption and decryption keys may also be based on a symmetric cryptographic algorithm, in which case the encryption and decryption keys are the same.
Step 2.1, SIKGF provides SUPI decryption key to the Subscription Identifier Decryption Function (SIDF);
step 2.2, SIKGF provides the SUPI encryption key to the Subscription Identifier Encryption Key Provisioning Function (SIEKPF).
Step 3, a subscription identifier encryption key provisioning function, SIEKPF, entity generates a request instruction of operations that a subscription identifier hidden management function (SICMF) in the UE needs to perform, such as key update, protection scheme setting, configuration state query, etc.; if the system requires to provide confidentiality or integrity protection for the transmitted instruction, the SIEKPF calls a related security function to complete the confidentiality or integrity protection operation of the instruction; the SIEKPF encapsulates the generated operation request instruction in a subscription identifier hiding instruction (SICI).
And step 4, the SIEKPF entity provides the generated SICI to an Access and Mobility Management Function (AMF). Wherein, the AMF is a network element defined in 5G and belongs to the CN side.
And step 5, the AMF entity puts the SICI in a proper NAS signaling as an optional parameter of the NAS signaling and sends the SICI to the UE.
Step 6, a subscription identifier hiding management function (SICMF) entity in the UE acquires SICI in the NAS signaling; and the SICMF entity analyzes the received SICI, and if the SICI is protected by confidentiality or integrity, the SICMF entity calls a related security function to finish decryption or integrity verification, so that an operation request sent by the SIEKPF entity is obtained.
And 7, the SICMF entity performs required operation on a subscription identifier hiding configuration file (SICCF) and/or a Subscription Identifier Encryption Key List (SIEKL) according to the content in the instruction.
Step 8, the SICMF entity generates an operation request response instruction according to the operation result; if the system requires to provide confidentiality or integrity protection for the transmitted response instruction, the SICMF entity calls a related security function to complete confidentiality or integrity protection operation of the response instruction; and the SICMF entity encapsulates the generated instruction in a subscription identifier hiding instruction (SICI).
Step 9, the UE (specifically, the existing functional entity may be, or the SICMF entity) puts the SICI in the appropriate NAS signaling as an optional parameter of the NAS signaling, and sends the appropriate NAS signaling to the AMF entity.
Step 10, the AMF entity provides SICI in the NAS signaling to the SIEKPF entity.
Step 11, the SIEKPF entity analyzes the received SICI; if the SICI is protected by confidentiality or integrity, the SICMF entity calls a related security function to finish decryption or integrity verification, and further obtains an operation response sent by the UE.
It should be noted that the keys described in the embodiments of the present application are keys for SUPI.
A typical subscription identifier encryption and decryption process is shown in fig. 2, and specifically includes:
step 21.1, a subscription identifier hiding function (SICF) entity in the UE inquires a subscription identifier hiding configuration file (SICCF) and obtains information of which SUPI protection scheme should be used;
step 21.2, for example, the SICF entity obtains a scheme (scheme) identifier, and uses this identifier to look up the available keys (keys) in the SIEKL table.
If the query result requires that a certain non-null scheme is used, the UE queries a Subscription Identifier Encryption Key List (SIEKL) to obtain an available encryption key, specifically, first finds a scheme identifier, and then finds an available encryption key in the SIEKL key list according to the scheme identifier. The rule chosen should be that the key is applicable to the specified protection scheme and that the key is not expired and/or is in an available state. If the subscription identifier encryption key list siegl does not have any optional fields (e.g. scheme, expiration time, in use), the key located at the head of the siegl list may be selected as the SUPI encryption key.
Step 22, the Subscription Identifier hiding function SICF entity in the UE encrypts the SUPI with the encryption key according to the specified protection scheme, so as to obtain a hidden Subscription Identifier (sui), that is, a sui (generating sui) is generated. The SUCI contains an identification of the encryption key.
Step 23, the UE (specifically, the existing functional entity in the UE) sends the sui to the CN.
Step 24, the AMF entity in the CN provides the SUCI to the Subscription Identifier Decryption Function (SIDF) entity.
And step 25, the SIDF entity, using the key identifier in the SUCI to find out the decryption key corresponding to the encryption key, and simultaneously obtaining the used SUPI protection scheme, and further decrypting the SUCI, i.e. hiding the SUCI (De-concealing SUCI), thereby obtaining the SUPI.
The SIDF entity provides the SUPI to the AMF entity, step 26.
In the above, the request sent by the Subscription Identifier Encryption Key Provisioning Function (SIEKPF) to the subscription identifier hiding management function (SICMF) entity in the UE (i.e. the request in step 3 of the flow shown in fig. 1) may include one or a combination of the following instructions (not limited to these):
a state reporting request: requesting to report the content in the configuration file (SICCF) and reporting the key identifier in the Subscription Identifier Encryption Key List (SIEKL).
Privacy protection scheme setup request: the method is used for requesting to write the privacy protection scheme identification which needs to be used currently into a configuration file (SICCF).
Privacy protection key write request: for requesting the writing of a privacy preserving encryption key and related information in a Subscription Identifier Encryption Key List (SIEKL).
Privacy protection key deletion request: for requesting deletion of all or part of records in a Subscription Identifier Encryption Key List (SIEKL).
Accordingly, the response sent by the subscription identifier hiding management function (SICMF) in the UE to the Subscription Identifier Encryption Key Provisioning Function (SIEKPF) may contain one or a combination of the following instructions (not limited to these):
and (3) state reporting response: for reporting the content in the configuration file (SICCF) and the key identifier in the subscription identifier encryption key list.
Privacy protection scheme set response: for returning a result, e.g. success or failure, of writing the privacy preserving scheme identity currently needed for use into the configuration file.
Privacy protection key write response: for returning the result, e.g., success or failure, of writing the privacy-preserving encryption key and related information into the subscription-identifier encryption key list.
Privacy protection key deletion response: for returning the result of deleting some records in the subscription identifier encryption key list, e.g. success or failure.
When the subscription privacy hiding protection scheme in the UE is set to be a non-null scheme and there is no available key, the UE may also actively send a "status report response". That is, the profile (SICCF) requires the UE to perform SUPI encryption, i.e., use sui, but the UE has no encryption key available at all, requiring active reporting of the current state in the UE to the CN in order for the CN to provide it with the required encryption key.
The actual deployment of the system is mainly related to the deployment of the Subscription Identifier Encryption Key Provisioning Function (SIEKPF).
For example: a scenario in which the Subscription Identifier Encryption Key Provisioning Function (SIEKPF) is physically located with an Authentication Server Function (AUSF) in the 5G security architecture (in one Server, or without standardizing the interface). In this scenario, the interaction between the UE and the CN related to the subscription identifier hiding configuration may be performed in the UE authentication procedure. An implementation manner in this scenario is shown in fig. 3, and specifically includes:
step 31, the UE sends a registration request to the network side, and the request is routed to the access and mobility management function AMF entity.
Step 32, the access and mobility management function AMF entity sends an authentication vector or an authentication request to the authentication server function AUSF entity.
Step 33, the SIEKPF entity together with the authentication server function AUSF entity, through an authentication vector response or other message, carries the SICI provided to the AMF. The parameters may be conveyed through a variety of NAS signaling.
And step 34, the UE and the CN complete the bidirectional authentication and establish the NAS safe connection.
Step 35, the AMF sends a registration acceptance message to the UE, wherein the registration acceptance message carries the SICI parameter.
And step 36, the UE sends an authentication completion message to the CN, wherein the authentication completion message carries the SICI parameter. In the embodiment of the application, both the UE and the AMF transmit the SICI parameter through NAS signaling.
Step 37, AMF provides SICI to SEKPF entity.
For another example, for a scenario in which a Subscription Identifier Encryption Key Provisioning Function (SIEKPF) entity is separately connected to the AMF, the interaction between the UE and the CN related to the subscription identifier hiding configuration in this scenario may be completed through NAS signaling after the NAS secure connection is established. One implementation of this scenario is shown in fig. 4. This embodiment also assumes that the UE does not have a valid SUPI encryption key. Then, the specific processing flow includes:
step 41, the UE sends a registration request to the network, which is routed to the AMF. Since it is assumed that the UE does not have a key for encrypting the SUPI, the UE carries the SICI indicating the registration identity hidden configuration state in the registration request. That is, since the operator requires encryption of SUPI, the UE has no key and informs the CN through this scenario.
And step 42, the UE and the CN complete the bidirectional authentication and establish the NAS safe connection.
Step 43, the AMF entity provides the received SICI to the SIEKPF entity.
Step 44, the SIEKPF entity encapsulates the SUPI encryption key in the SICI and provides the SICI to the AMF entity.
And step 45, the AMF entity sends NAS signaling carrying the SICI parameter to the UE.
Step 46, the UE writes the SUPI encryption key carried in the SICI into a Signing Identifier Encryption Key List (SIEKL), encapsulates the successfully written information in the SICI, and then sends the SICI parameter-carried NAS signaling to the AMF entity.
Step 47, the AMF entity provides the SICI to the SEKPF entity.
In summary, referring to fig. 5, on the UE side, a signaling operation method provided in the embodiment of the present application includes:
s501, receiving a signaling related to a key; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber;
and S502, performing corresponding operation according to the signaling.
In the embodiment of the application, at the UE side, the signaling related to the key is received; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber; and performing corresponding operation according to the signaling, thereby realizing the encryption protection scheme of the SUPI and further improving the use safety of the SUPI.
Optionally, the signaling is non-access stratum NAS signaling.
Optionally, the signaling carries a subscription identifier hiding instruction SICI.
Optionally, performing corresponding operations according to the signaling specifically includes:
analyzing the SICI to obtain a request instruction of an operation to be executed;
and performing corresponding operation according to the request instruction.
For example, the SICMF entity may analyze the SICI to obtain a request instruction of an operation to be performed; and corresponding operation is carried out according to the request instruction.
Of course, the execution main body performing the corresponding operation according to the signaling may also be other functional entities in the UE.
Optionally, performing corresponding operations according to the request instruction specifically includes:
and operating the subscription identifier hiding configuration file and/or the subscription identifier encryption key list according to the request instruction.
Optionally, performing corresponding operations according to the signaling, further includes:
and generating a response instruction according to the operation result of the operation, and packaging the response instruction in the SICI.
For example, the SICMF entity operates on the subscription identifier hiding profile SICCF and/or the subscription identifier encryption key list SIEKL according to the request instruction.
Optionally, the SICI is a security protected SICI.
Optionally, the subscription identifier hiding profile is for storing a SUPI protection scheme; the subscription identifier encryption key list is used to store encryption keys applied in the SUPI protection scheme.
Optionally, performing corresponding operations according to the signaling specifically includes:
determining the SUPI protection scheme needing to be adopted currently and a key for encrypting the SUPI applied to the SUPI protection scheme needing to be adopted currently;
according to the SUPI protection scheme which needs to be adopted currently, encryption protection is carried out on the SUPI by using the key which is applied to the SUPI protection scheme which needs to be adopted currently and used for encrypting the SUPI.
For example, the subscription identifier hiding function SICF entity performs encryption protection on SUPI according to the SUPI protection scheme provided by SICCF by using a key given by SIEKL.
Correspondingly, on a network side, for example, a core network side, see fig. 6, a signaling operation indication method provided in an embodiment of the present application includes:
s601, generating a signaling related to a key; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber;
s602, the signaling is sent.
Optionally, the signaling is non-access stratum NAS signaling.
Optionally, the signaling carries a subscription identifier hiding instruction SICI.
Optionally, the signaling related to key generation specifically includes:
generating a request instruction of an operation required to be executed by User Equipment (UE);
and encapsulating the request instruction in SICI.
For example:
a signature identifier encryption key provisioning function SIEKPF entity generates a request instruction of operations to be executed by a signature identifier hiding management function SICMF entity in user equipment UE;
the SIEKPF entity encapsulates the request instruction in SICI.
Optionally, the SICI is a security protected SICI.
Optionally, before generating the request instruction, the method further includes:
generating a key pair for SUPI encryption and decryption and identifying the key pair;
providing a SUPI decryption key to a subscription identifier decryption function, SIDF, entity and providing a SUPI encryption key to the SIEKPF entity.
For example: a Subscription Identifier Key Generation Function (SIKGF) entity which generates a key pair for SUPI encryption and decryption and identifies the key pair;
the SIKGF entity provides a SUPI decryption key to a Subscription Identifier Decryption Function (SIDF) entity and provides a SUPI encryption key to the SIEKPF entity.
Optionally, the operations that the UE needs to perform include: a subscription identifier hiding profile and/or a subscription identifier encryption key list is operated.
Optionally, the subscription identifier hiding profile is for storing a SUPI protection scheme; the subscription identifier encryption key list is used to store encryption keys applied in the SUPI protection scheme.
Corresponding to the above signaling operation method, referring to fig. 7, on the terminal side, a signaling operation apparatus provided in an embodiment of the present application includes:
a memory 620 for storing program instructions;
a processor 600, configured to call the program instructions stored in the memory, and execute, according to the obtained program:
receiving key-related signaling through transceiver 610; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber;
and carrying out corresponding operation according to the signaling.
Optionally, the signaling is non-access stratum NAS signaling.
Optionally, the signaling carries a subscription identifier hiding instruction SICI.
Optionally, the processor performs corresponding operations according to the signaling, specifically including:
analyzing the SICI to obtain a request instruction of an operation to be executed;
and performing corresponding operation according to the request instruction.
Optionally, the processor performs corresponding operations according to the request instruction, specifically including:
and operating the subscription identifier hiding configuration file and/or the subscription identifier encryption key list according to the request instruction.
Optionally, the processor performs corresponding operations according to the signaling, and further includes:
and generating a response instruction according to the operation result of the operation, and packaging the response instruction in the SICI.
Optionally, the SICI is a security protected SICI.
Optionally, the subscription identifier hiding profile is for storing a SUPI protection scheme; the subscription identifier encryption key list is used to store encryption keys applied in the SUPI protection scheme.
Optionally, the processor performs corresponding operations according to the signaling, specifically including:
determining the SUPI protection scheme needing to be adopted currently and a key for encrypting the SUPI applied to the SUPI protection scheme needing to be adopted currently;
according to the SUPI protection scheme which needs to be adopted currently, encryption protection is carried out on the SUPI by using the key which is applied to the SUPI protection scheme which needs to be adopted currently and used for encrypting the SUPI.
A transceiver 610 for receiving and transmitting data under the control of the processor 600.
Where in fig. 7 the bus architecture may include any number of interconnected buses and bridges, with various circuits being linked together, particularly one or more processors represented by processor 600 and memory represented by memory 620. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The transceiver 610 may be a number of elements including a transmitter and a receiver that provide a means for communicating with various other apparatus over a transmission medium. For different user devices, the user interface 630 may also be an interface capable of interfacing with a desired device externally, including but not limited to a keypad, display, speaker, microphone, joystick, etc.
The processor 600 is responsible for managing the bus architecture and general processing, and the memory 620 may store data used by the processor 600 in performing operations.
Alternatively, the processor 600 may be a CPU (central processing unit), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array), or a CPLD (Complex Programmable Logic Device).
Referring to fig. 8, on the network side, corresponding to the signaling operation indication method, the signaling operation indication apparatus provided in the embodiment of the present application includes:
a memory 520 for storing program instructions;
a processor 500 for calling the program instructions stored in the memory, and executing, according to the obtained program:
generating key-dependent signaling; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber;
the signaling is sent through transceiver 510.
Optionally, the signaling is non-access stratum NAS signaling.
Optionally, the signaling carries a subscription identifier hiding instruction SICI.
Optionally, the generating, by the processor, a signaling related to a key specifically includes:
generating a request instruction of an operation required to be executed by User Equipment (UE);
and encapsulating the request instruction in SICI.
Optionally, the SICI is a security protected SICI.
Optionally, before generating the request instruction, the processor is further configured to:
generating a key pair for SUPI encryption and decryption and identifying the key pair;
providing a SUPI decryption key to a subscription identifier decryption function, SIDF, entity and providing a SUPI encryption key to the SIEKPF entity.
Optionally, the operations that the UE needs to perform include: a subscription identifier hiding profile and/or a subscription identifier encryption key list is operated.
Optionally, the subscription identifier hiding profile is for storing a SUPI protection scheme; the subscription identifier encryption key list is used to store encryption keys applied in the SUPI protection scheme.
A transceiver 510 for receiving and transmitting data under the control of the processor 500.
Where in fig. 8, the bus architecture may include any number of interconnected buses and bridges, with various circuits being linked together, particularly one or more processors represented by processor 500 and memory represented by memory 520. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The transceiver 510 may be a number of elements, including a transmitter and a transceiver, providing a means for communicating with various other apparatus over a transmission medium. The processor 500 is responsible for managing the bus architecture and general processing, and the memory 520 may store data used by the processor 500 in performing operations.
The processor 500 may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), or a Complex Programmable Logic Device (CPLD).
On the UE side, referring to fig. 9, another signaling operation apparatus provided in an embodiment of the present application includes:
a receiving unit 91, configured to receive key-related signaling; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber;
and an operation unit 92, configured to perform corresponding operations according to the signaling.
On the CN side, referring to fig. 10, another signaling operation indication apparatus provided in the embodiment of the present application includes:
a generating unit 101, configured to generate a key-related signaling; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber;
a sending unit 102, configured to send the signaling.
The signaling operation method provided in the foregoing embodiment of the present application may be applied to a Terminal device, which may also be referred to as a User Equipment (UE), a Mobile Station (MS), a Mobile Terminal (Mobile Terminal), and the like, and optionally, the Terminal may have a capability of communicating with one or more core networks through a Radio Access Network (RAN), for example, the Terminal may be a Mobile phone (or referred to as a "cellular" phone), or a computer with Mobile property, and for example, the Terminal may also be a portable, pocket, hand-held, computer-embedded, or vehicle-mounted Mobile device.
Another embodiment of the present application provides a computer storage medium having stored thereon computer-executable instructions for causing a computer to perform any one of the methods described above.
The computer storage media may be any available media or data storage device that can be accessed by a computer, including, but not limited to, magnetic memory (e.g., floppy disks, hard disks, magnetic tape, magneto-optical disks (MOs), etc.), optical memory (e.g., CDs, DVDs, BDs, HVDs, etc.), and semiconductor memory (e.g., ROMs, EPROMs, EEPROMs, non-volatile memory (NAND FLASH), Solid State Disks (SSDs)), etc.
To sum up, the technical solution provided in the embodiment of the present application includes the following entities: a contract identifier key generation function (sigkf), a contract identifier encryption key provision function (SIEKPF), a contract identifier hiding management function (SICMF), a contract identifier hiding function (SICF), a contract identifier hiding profile (SICCF), and a contract identifier encryption key list (SIEKL).
In the technical scheme provided by the embodiment of the application, a name is defined as follows: NAS parameters of Subscription Identifier hiding Instruction (sic i), which are used to carry instructions or messages related to Subscription Identifier hiding function configuration passed between UE and CN.
The SIEKPF at the CN side is responsible for: sending a key for use in a subscription identifier hiding scheme to the UE; deleting keys that are no longer used; setting which subscription identifier hiding scheme is used; inquiring the hidden configuration information of the signing identifier in the UE; encapsulating the transmitted instruction in SICI; and when confidentiality or integrity protection needs to be provided for the content in the SICI, calling a corresponding security function to complete security protection of the SICI.
The SICCF at the UE side is used for storing which subscription identifier protection scheme is adopted; the SIEKL on the UE side is used to store the encryption key applied in the subscription identifier protection scheme.
The SICMF at the UE side is responsible for: processing and receiving an operation instruction which is transmitted by the CN and encapsulated in the SICI, and updating the SICCF and the SIEKL according to the instruction of the instruction; the SICMF is also responsible for encapsulating the information sent to the CN in SICI; if confidentiality or integrity protection needs to be provided for the content in the SICI, the system is also responsible for calling a corresponding security function to complete security protection of the SICI.
The SICF at the UE side is responsible for: according to the indication information (subscription identifier protection scheme) given by the SICCF, the subscription identifier (SUPI) is cryptographically protected with a key given by the SIEKL.
The SIKGF on the CN side is responsible for: a key pair for subscription identifier encryption and decryption is generated and the generated key pair is identified, and then the encryption key is provided to the SIEKPF.
At present, public key encryption SUPI is explicitly adopted in 3GPP SA 35G secure TS to protect user privacy, and the embodiments of the present application provide specific solutions for how to provide keys and key-related information to UEs, and how to manage these keys.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (21)

1. A method of signaling operations, the method comprising:
receiving key-related signaling; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber; the signaling carries a subscription identifier hiding instruction SICI, the signaling is non-access stratum (NAS) signaling, and the SICI is used as an optional parameter of the NAS signaling and is sent to the UE through an AMF entity;
performing corresponding operations according to the signaling, specifically comprising:
analyzing the SICI to obtain a request instruction of an operation to be executed;
performing corresponding operation according to the request instruction;
performing corresponding operations according to the request instruction, specifically comprising:
and operating the subscription identifier hiding configuration file and/or the subscription identifier encryption key list according to the request instruction.
2. The method of claim 1, wherein performing corresponding operations according to the signaling further comprises:
and generating a response instruction according to the operation result of the operation, and packaging the response instruction in the SICI.
3. The method of claim 2, wherein the SICI is a security protected SICI.
4. The method of claim 1, wherein the subscription identifier hiding profile is used to store a SUPI protection scheme; the subscription identifier encryption key list is used to store encryption keys applied in the SUPI protection scheme.
5. The method according to claim 1, wherein performing corresponding operations according to the signaling specifically includes:
determining the SUPI protection scheme needing to be adopted currently and a key for encrypting the SUPI applied to the SUPI protection scheme needing to be adopted currently;
according to the SUPI protection scheme which needs to be adopted currently, encryption protection is carried out on the SUPI by using the key which is applied to the SUPI protection scheme which needs to be adopted currently and used for encrypting the SUPI.
6. A method for signaling operation indication, comprising:
generating key-dependent signaling; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber; the signaling carries a subscription identifier hiding instruction SICI;
sending the signaling, wherein the signaling is non-access stratum (NAS) signaling, and the SICI is sent to the UE through an AMF entity as an optional parameter of the NAS signaling;
the signaling related to key generation specifically includes:
generating a request instruction of an operation required to be executed by User Equipment (UE);
encapsulating the request instruction in SICI, so that the UE performs the following operations according to the request instruction: and operating the subscription identifier hiding configuration file and/or the subscription identifier encryption key list according to the request instruction.
7. The method of claim 6, wherein the SICI is a security protected SICI.
8. The method of claim 6, wherein prior to generating the request instruction, the method further comprises:
generating a key pair for SUPI encryption and decryption and identifying the key pair;
providing a SUPI decryption key to a subscription identifier decryption function, SIDF, entity and providing a SUPI encryption key to the SIEKPF entity.
9. The method of claim 6, wherein the subscription identifier hiding profile is used to store a SUPI protection scheme; the subscription identifier encryption key list is used to store encryption keys applied in the SUPI protection scheme.
10. A signaling manipulating device, comprising:
a memory for storing program instructions;
a processor for calling the program instructions stored in the memory and executing according to the obtained program:
receiving, by a transceiver, key-related signaling; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber; the signaling carries a subscription identifier hiding instruction SICI, the signaling is non-access stratum (NAS) signaling, and the SICI is used as an optional parameter of the NAS signaling and is sent to the UE through an AMF entity;
the processor performs corresponding operations according to the signaling, specifically including:
analyzing the SICI to obtain a request instruction of an operation to be executed;
performing corresponding operation according to the request instruction;
the processor performs corresponding operations according to the request instruction, and specifically includes:
and operating the subscription identifier hiding configuration file and/or the subscription identifier encryption key list according to the request instruction.
11. The apparatus of claim 10, wherein the processor performs operations in accordance with the signaling, further comprising:
and generating a response instruction according to the operation result of the operation, and packaging the response instruction in the SICI.
12. The apparatus of claim 11, wherein the SICI is a security protected SICI.
13. The apparatus of claim 10, wherein the subscription identifier hiding profile is configured to store a SUPI protection scheme; the subscription identifier encryption key list is used to store encryption keys applied in the SUPI protection scheme.
14. The apparatus according to claim 10, wherein the processor performs corresponding operations according to the signaling, specifically comprising:
determining the SUPI protection scheme needing to be adopted currently and a key for encrypting the SUPI applied to the SUPI protection scheme needing to be adopted currently;
according to the SUPI protection scheme which needs to be adopted currently, encryption protection is carried out on the SUPI by using the key which is applied to the SUPI protection scheme which needs to be adopted currently and used for encrypting the SUPI.
15. A signaling operation indication apparatus, comprising:
a memory for storing program instructions;
a processor for calling the program instructions stored in the memory and executing according to the obtained program:
generating key-dependent signaling; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber; the signaling carries a subscription identifier hiding instruction SICI;
the signaling is sent through a transceiver, the signaling is non-access stratum (NAS) signaling, and the SICI is sent to the UE through an AMF entity as an optional parameter of the NAS signaling;
the processor generates a signaling related to the key, specifically including:
generating a request instruction of an operation required to be executed by User Equipment (UE);
encapsulating the request instruction in SICI, so that the UE performs the following operations according to the request instruction: and operating the subscription identifier hiding configuration file and/or the subscription identifier encryption key list according to the request instruction.
16. The apparatus of claim 15, wherein the SICI is a security protected SICI.
17. The apparatus of claim 15, wherein prior to generating the request instruction, the processor is further configured to:
generating a key pair for SUPI encryption and decryption and identifying the key pair;
providing a SUPI decryption key to a subscription identifier decryption function, SIDF, entity and providing a SUPI encryption key to the SIEKPF entity.
18. The apparatus of claim 15, wherein the subscription identifier hiding profile is configured to store a SUPI protection scheme; the subscription identifier encryption key list is used to store encryption keys applied in the SUPI protection scheme.
19. A signaling manipulating device, comprising:
a receiving unit, configured to receive a key-related signaling; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber; the signaling carries a subscription identifier hiding instruction SICI, the signaling is non-access stratum (NAS) signaling, and the SICI is used as an optional parameter of the NAS signaling and is sent to the UE through an AMF entity;
an operation unit, configured to perform corresponding operations according to the signaling, and specifically include:
analyzing the SICI to obtain a request instruction of an operation to be executed;
performing corresponding operation according to the request instruction;
performing corresponding operations according to the request instruction, specifically comprising:
and operating the subscription identifier hiding configuration file and/or the subscription identifier encryption key list according to the request instruction.
20. A signaling operation indication apparatus, comprising:
a generating unit for generating a key-dependent signaling; the key is a key corresponding to a permanent identifier (SUPI) of a subscriber; the signaling carries a subscription identifier hiding instruction SICI;
a sending unit, configured to send the signaling, where the signaling is a non-access stratum NAS signaling, and the SICI is sent to the UE through the AMF entity as an optional parameter of the NAS signaling;
the signaling related to key generation specifically includes:
generating a request instruction of an operation required to be executed by User Equipment (UE);
encapsulating the request instruction in SICI, so that the UE performs the following operations according to the request instruction: and operating the subscription identifier hiding configuration file and/or the subscription identifier encryption key list according to the request instruction.
21. A computer storage medium having computer-executable instructions stored thereon for causing a computer to perform the method of any one of claims 1 to 5.
CN201710910440.4A 2017-09-29 2017-09-29 Signaling operation and indication method and device thereof, and computer storage medium Active CN109586899B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710910440.4A CN109586899B (en) 2017-09-29 2017-09-29 Signaling operation and indication method and device thereof, and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710910440.4A CN109586899B (en) 2017-09-29 2017-09-29 Signaling operation and indication method and device thereof, and computer storage medium

Publications (2)

Publication Number Publication Date
CN109586899A CN109586899A (en) 2019-04-05
CN109586899B true CN109586899B (en) 2021-02-09

Family

ID=65919205

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710910440.4A Active CN109586899B (en) 2017-09-29 2017-09-29 Signaling operation and indication method and device thereof, and computer storage medium

Country Status (1)

Country Link
CN (1) CN109586899B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111800372A (en) * 2019-07-22 2020-10-20 维沃移动通信有限公司 Data transmission method and equipment
CN112866988B (en) * 2019-11-13 2023-03-28 中国电信股份有限公司 Privacy protection method and device for terminal and terminal
CN114423001A (en) * 2020-10-13 2022-04-29 中兴通讯股份有限公司 Decryption method, server and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104255064A (en) * 2012-05-03 2014-12-31 瑞典华为技术有限公司 Sending access information from physical access control system to user terminal
CN106921502A (en) * 2015-12-28 2017-07-04 华为技术有限公司 The method of charging and policy control, PCRF and OCS

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8064597B2 (en) * 2007-04-20 2011-11-22 Telefonaktiebolaget Lm Ericsson (Publ) Method and system for mobile device credentialing
WO2014061994A1 (en) * 2012-10-16 2014-04-24 엘지전자 주식회사 Method and apparatus for transmitting signal in wireless lan system
US9721082B2 (en) * 2013-06-04 2017-08-01 Mattel, Inc. Computing devices having access control
US9600949B2 (en) * 2014-07-30 2017-03-21 Master Lock Company Llc Wireless key management for authentication
WO2016017886A1 (en) * 2014-08-01 2016-02-04 Lg Electronics Inc. A method of performing an initial access by protecting privacy on a network and user equipment therefor

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104255064A (en) * 2012-05-03 2014-12-31 瑞典华为技术有限公司 Sending access information from physical access control system to user terminal
CN106921502A (en) * 2015-12-28 2017-07-04 华为技术有限公司 The method of charging and policy control, PCRF and OCS

Also Published As

Publication number Publication date
CN109586899A (en) 2019-04-05

Similar Documents

Publication Publication Date Title
JP6877524B2 (en) Devices and methods for wireless communication
CA2869404C (en) Public key encryption algorithms for hard lock file encryption
US9077690B2 (en) Preservation of user data privacy in a network
CN108683510B (en) User identity updating method for encrypted transmission
CN110891269B (en) Data protection method, equipment and system
CN109587680B (en) Method, device and system for protecting parameters
WO2019214351A1 (en) Message processing method and device
CN108012266B (en) Data transmission method and related equipment
US11863977B2 (en) Key generation method, device, and system
US20220182825A1 (en) Identity Authentication Method and Apparatus
CN103533539A (en) Virtual SIM (subscriber identity module) card parameter management method and device
CN109586899B (en) Signaling operation and indication method and device thereof, and computer storage medium
US11228428B2 (en) Mitigation of problems arising from SIM key leakage
CN113228720B (en) Method and apparatus for ensuring secure attachment in a size-constrained authentication protocol
CN109450620A (en) The method and mobile terminal of security application are shared in a kind of mobile terminal
CN114553426B (en) Signature verification method, key management platform, security terminal and electronic equipment
CN102158856B (en) Mobile terminal identification code authentication system and method, server and terminal
CN105262759A (en) Method and system for encrypted communication
KR101329789B1 (en) Encryption Method of Database of Mobile Communication Device
US20230336998A1 (en) Safe mode configuration method, device and system, and computer-readable storage medium
CN112752265B (en) Access control method, device and storage medium for network slice
CN109155913B (en) Network connection method, and method and device for determining security node
GB2551358A (en) Low latency security
CN115699672A (en) Method for preventing encrypted user identity from replay attack

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 100191 No. 40, Haidian District, Beijing, Xueyuan Road

Patentee after: CHINA ACADEMY OF TELECOMMUNICATIONS TECHNOLOGY

Address before: 100191 No. 40, Haidian District, Beijing, Xueyuan Road

Patentee before: CHINA ACADEMY OF TELECOMMUNICATIONS TECHNOLOGY

CP01 Change in the name or title of a patent holder
TR01 Transfer of patent right

Effective date of registration: 20210528

Address after: 100085 1st floor, building 1, yard 5, Shangdi East Road, Haidian District, Beijing

Patentee after: DATANG MOBILE COMMUNICATIONS EQUIPMENT Co.,Ltd.

Address before: 100191 No. 40, Haidian District, Beijing, Xueyuan Road

Patentee before: CHINA ACADEMY OF TELECOMMUNICATIONS TECHNOLOGY

TR01 Transfer of patent right