CN111770488B

CN111770488B - EHPLMN updating method, related equipment and storage medium

Info

Publication number: CN111770488B
Application number: CN202010635877.3A
Authority: CN
Inventors: 刘君
Original assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Current assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date: 2020-07-03
Filing date: 2020-07-03
Publication date: 2023-03-21
Anticipated expiration: 2040-07-03
Also published as: CN111770488A

Abstract

The application discloses an EHPLMN updating method, a chip, a communication device and a storage medium. The method comprises the following steps: a terminal receives first information sent by network equipment; the first information comprises at least one EHPLMN information; the first information includes EHPLMN information updated with respect to EHPLMN information preset in the terminal; the terminal saves the first information; and using the first information and EHPLMN information preset in the terminal as updated EHPLMN information together.

Description

EHPLMN updating method, related equipment and storage medium

Technical Field

The present application relates to the field of communications technologies, and in particular, to an Equivalent Home Public Land Mobile Network (EHPLMN) update method, a related device, and a storage medium.

Background

EHPLMN plays an important role in terminals from Global System for Mobile Communications (GSM), universal Mobile Telecommunications System (UMTS), long Term Evolution (LTE) System to the current fifth Generation Mobile communication technology (5g, 5th Generation) System.

However, in the related art, the method for updating EHPLMN needs to be optimized.

Disclosure of Invention

In order to solve the related technical problem, embodiments of the present application provide an EHPLMN updating method, related devices, and a storage medium.

The technical scheme of the embodiment of the application is realized as follows:

an embodiment of the present application provides an EHPLMN updating method, including:

a terminal receives first information sent by network equipment; the first information comprises at least one EHPLMN information; the first information includes EHPLMN information updated with respect to EHPLMN information preset in the terminal;

the terminal saves the first information; and using the first information and EHPLMN information preset in the terminal as updated EHPLMN information together.

In the above scheme, the receiving, by the terminal, the first information sent by the network device includes:

the terminal receives first information sent by the network equipment through Non-access Stratum (NAS) signaling.

the terminal receives encrypted first information sent by the network equipment;

the saving the first information includes:

the terminal decrypts the encrypted first information to obtain decrypted first information;

and storing the decrypted first information.

In the foregoing solution, the decrypting the encrypted first information includes:

the terminal decrypts the encrypted first information by using the second information as a secret key; the second information includes EHPLMN information preset in the terminal.

In the foregoing solution, the decrypting, by the terminal, the encrypted first information includes:

the terminal carries out integrity check on the encrypted first information;

and after the integrity check of the encrypted first information passes, the terminal decrypts the encrypted first information.

In the foregoing solution, the performing integrity check on the encrypted first information includes:

the terminal carries out integrity check on the encrypted first information by using the length of the encrypted first information, the first identifier and the length of the first identifier; the first identification represents a version corresponding to the first information.

In the above solution, when receiving the first information, the method further includes:

the terminal receives a first identifier sent by the network equipment; the first identification represents a version corresponding to the first information;

the saving the first information comprises:

under the condition that the version of the first identification representation is higher than that of the second identification representation, the terminal updates locally stored third information by using the first information; the second identifier represents a version corresponding to the third information locally stored by the terminal; the third information comprises EHPLMN information updated by the terminal based on information sent by network equipment history.

An embodiment of the present application further provides an EHPLMN updating method, including:

the network equipment detects an event for updating the EHPLMN information;

the network equipment generates first information according to the detected event for updating the EHPLMN information; the first information comprises at least one EHPLMN information; the first information includes EHPLMN information updated with respect to EHPLMN information preset in the terminal.

And the network equipment sends the generated first information to the terminal.

In the foregoing solution, the generating first information according to the detected event for updating EHPLMN information includes:

the network equipment determines fourth information according to the detected event for updating the EHPLMN information; the fourth information includes all EHPLMN information after the operation corresponding to the event of updating EHPLMN information is performed;

and the network equipment removes the EHPLMN information preset by the terminal in the fourth information to obtain the first information.

In the foregoing solution, the sending the generated first information to the terminal includes:

and the network equipment sends the first information to the terminal through NAS signaling.

the network equipment encrypts the first information to obtain encrypted first information;

and sending the encrypted first information to the terminal.

In the foregoing solution, the encrypting the first information includes:

the network equipment uses second information as a key to encrypt the first information; the second information includes EHPLMN information preset in the terminal.

In the foregoing solution, the sending the encrypted first information to the terminal includes:

the network equipment performs integrity protection on the encrypted first information;

and sending the encrypted first information subjected to integrity protection to the terminal.

In the foregoing solution, the integrity protection of the encrypted first information includes:

the network equipment performs integrity protection on the encrypted first information by using the length of the encrypted first information, the first identifier and the length of the first identifier; the first identification represents a version corresponding to the first information.

In the foregoing solution, when the generated first information is sent to a terminal, the method further includes:

the network equipment sends a first identifier to the terminal; the first identification represents a version corresponding to the first information.

An embodiment of the present application further provides a chip, including: a processor and an interface; wherein the content of the first and second substances,

the processor is configured to execute the steps of any one of the methods on the terminal side or execute the steps of any one of the methods on the network device side when running the computer program.

An embodiment of the present application further provides a communication device, including: a processor and a memory for storing a computer program capable of running on the processor; wherein the content of the first and second substances,

the processor is configured to execute the steps of any one of the methods on the terminal side or execute the steps of any one of the methods on the network device side when the computer program is executed.

An embodiment of the present application further provides a storage medium, where a computer program is stored, and when the computer program is executed by a processor, the steps of any method on the terminal side are implemented, or the steps of any method on the network device side are implemented.

According to the EHPLMN updating method, the EHPLMN updating device, the related equipment and the storage medium, network equipment detects an event for updating EHPLMN information; generating first information according to the detected event for updating the EHPLMN information; sending the generated first information to a terminal; the terminal stores the first information, and the first information and the EHPLMN information preset in the terminal are jointly used as updated EHPLMN information, wherein the first information comprises EHPLMN information updated relative to the EHPLMN information preset in the terminal; according to the scheme of the embodiment of the application, the terminal uses at least one piece of EHPLMN information sent by the network equipment and the EHPLMN information preset by the terminal as the updated EHPLMN information together, so that the terminal does not need to actively collect the EHPLMN information updated by the corresponding operator, but the network equipment of the corresponding operator sends the updated EHPLMN information to the terminal, and therefore the terminal can accurately update the EHPLMN information in real time.

Drawings

Fig. 1 is a flowchart illustrating an EHPLMN updating method applied to a network device according to an embodiment of the present application;

fig. 2 is a flowchart illustrating an EHPLMN updating method applied to a terminal according to an embodiment of the present application;

FIG. 3 is a timing diagram illustrating an EHPLMN update method according to an embodiment of the present application;

FIG. 4 is a flowchart illustrating an embodiment of the present application for encrypting an Additional EHPLMN List (Additional EHPLMN List);

FIG. 5 is a flowchart illustrating a process of decrypting an encrypted Additional EHPLMN List according to an embodiment of the present application;

FIG. 6 is a first schematic structural diagram of an EHPLMN updating apparatus according to an embodiment of the present application;

FIG. 7 is a second schematic structural diagram of an EHPLMN updating apparatus according to an embodiment of the present application;

FIG. 8 is a diagram illustrating a chip structure according to an embodiment of the present disclosure;

fig. 9 is a schematic hardware structure diagram of a communication device according to an embodiment of the present application.

Detailed Description

The technical solution of the present application is further described in detail with reference to the drawings and embodiments of the specification.

In the related art, an Elementary File (EF) EF in a Universal Subscriber Identity Module (USIM) of a terminal _EHPLMN The EHPLMN information may be embodied in the form of an EHPLMN List (List); the terminal may determine whether the currently registered PLMN is a Roaming (Roaming) PLMN according to the EHPLMN List, and start to periodically search for a network in order to correctly return to a Home public land mobile network (HPLMN, home PLMN) specified by a corresponding operator, when it is determined that the currently registered PLMN is the Roaming PLMN.

In recent years, due to rapid development of wireless technologies and proliferation of terminal users caused by popularization of smart phones, some large operators gradually expand and/or upgrade wireless networks, so that EHPLMN lists preset in USIMs of terminals may not meet requirements of corresponding operators. In the process of expanding the capacity and/or upgrading the wireless network, an operator may add new EHPLMN information on the basis of an EHPLMN List preset by a USIM, where the new EHPLMN information may also be embodied in a List manner, and in general, in order to distinguish from the EHPLMN List, a table corresponding to the EHPLMN information added by the operator may be referred to as an Additional (Additional) EHPLMN List; meanwhile, after the Additional EHPLMN List is added by the corresponding operator on the basis of the EHPLMN List, in order to ensure the terminal to correctly judge the Roaming PLMN, the Additional EHPLMN List extended by the corresponding operator needs to be synchronously updated to the terminal.

Generally, in order to synchronously update the extended Additional EHPLMN List of the corresponding operator, the terminal needs to actively collect the extended Additional EHPLMN List of the corresponding operator, and then store the collected Additional EHPLMN List in a Non-volatile memory (NVM); because of numerous global large operators, it is very difficult to cover accurate information of all the large operators, that is, it is very difficult for the terminal to collect accurate Additional EHPLMN List extended by the corresponding operator; moreover, the corresponding operator may perform multiple expansion and/or upgrade and update on the wireless network, and the terminal cannot timely (i.e., in real time) obtain the Additional EHPLMN List expanded by the corresponding operator each time; therefore, the terminal cannot update the extended Additional EHPLMN List of the corresponding operator in real time and accurately in synchronization by using the method.

Based on this, in various embodiments of the present application, at least one EHPLMN information (i.e., the Additional EHPLMN List) is sent to the terminal through the network device, so that the terminal uses the at least one EHPLMN information sent by the network device and the EHPLMN information preset by the terminal (i.e., the EHPLMN List) together as the updated EHPLMN information; the terminal does not need to actively collect the EHPLMN information updated by the corresponding operator, but the network equipment of the corresponding operator sends the updated EHPLMN information to the terminal, so that the terminal can accurately update the EHPLMN information in real time.

An embodiment of the present application provides an EHPLMN updating method, which is applied to a network device, and as shown in fig. 1, the method includes the following steps:

step 101: the network equipment detects an event for updating the EHPLMN information;

step 102: the network equipment generates first information according to the detected event for updating the EHPLMN information;

here, the first information includes at least one EHPLMN information; the first information does not include second information; the second information comprises EHPLMN information preset in the terminal; that is, the first information includes EHPLMN information updated with respect to EHPLMN information preset in the terminal;

step 103: and the network equipment sends the generated first information to the terminal.

Here, the first information and the second information may be EHPLMN information that can be used by the terminal, for example, may be used by the terminal to determine whether a currently registered PLMN is a roaming PLMN.

The first information does not include the second information, that is, the first information includes EHPLMN information completely different from EHPLMN information included in the second information.

Wherein the second information is the EHPLMN List; the first information is the Additional EHPLMN List described above.

Here, it should be noted that the terminal is any terminal registered in a network corresponding to the network device.

In step 101, in actual application, the event for updating EHPLMN information may be an event in various forms, for example, the event for updating EHPLMN information may be an operation of adding EHPLMN information in a visual management page corresponding to the network device by an administrator of a corresponding operator; for another example, the event for updating EHPLMN information may be that the network device receives an instruction sent by an administrator of a corresponding operator to add EHPLMN information.

In practical application, an event for updating EHPLMN information may occur during a network upgrade process and/or a network capacity expansion process of a corresponding operator.

In step 102, in actual application, after detecting an event of updating EHPLMN information, the network device may determine, according to the event of updating EHPLMN information, all EHPLMN information after performing an operation corresponding to the event of updating EHPLMN information by the network device (which may be referred to as fourth information in the following description); the network equipment stores the second information in advance, and all events for updating the EHPLMN information are updating events aiming at the second information; therefore, the fourth information includes the second information, and the network device may obtain an Additional EHPLMN List by removing the second information in the fourth information, that is, obtain the first information.

Based on this, in an embodiment, the generating the first information according to the detected event of updating the EHPLMN information may include:

the network equipment determines fourth information according to the detected event for updating the EHPLMN information; the fourth information includes all EHPLMN information after the operation corresponding to the event of updating EHPLMN information is performed; that is, the fourth information includes the second information;

the network device removes the second information (namely EHPLMN information preset in the terminal) in the fourth information to obtain the first information.

In practical application, in order to reduce modification costs for the network device and the terminal, when the network device sends the first information to the terminal, the first information may be transmitted by using signaling in an existing signaling interaction flow between a network side and a terminal side, for example, a NAS Transport (Transport) flow.

Based on this, in an embodiment, in step 103, the sending the generated first information to the terminal may include:

Here, in various embodiments of the present application, all information interacted between the network device and the terminal may be transmitted through NAS signaling.

In actual application, the first information may be set in a Payload Container (Payload Container) field of the NAS signaling; accordingly, after receiving the NAS signaling, the terminal may obtain the first information from a Payload Container domain in the NAS signaling.

In practical application, in order to enable the terminal to distinguish the NAS signaling carrying the first information from other NAS signaling, the network device may set an identifier (which may be referred to as a third identifier in the following description) in the NAS signaling carrying the first information, where the third identifier may be a value that is not used or defined in any related technology and has no special meaning; when the terminal detects the third identifier from NAS signaling, the terminal may determine to receive NAS signaling carrying the first information, that is, receive the first information sent by the network device. Here, the third identifier may be set in a Payload Container Type (Payload Container Type) field of the NAS signaling (e.g., the Payload Container Type field is set to 9); therefore, the efficiency of the terminal for determining whether the current NAS signaling carries the first information can be improved.

Based on this, in step 103, when the network device sends the generated first information to the terminal in actual application, the method may further include: the network equipment sends a third identifier to the terminal; the third identifier is used for the terminal to determine to receive the first information sent by the network device.

In practical applications, the network device may include at least two network elements on the network side, such as a Unified Data Management (UDM) network element and an Access and Mobility Management Function (AMF) network element. Specifically, the UDM network element may detect an event that updates EHPLMN information, and when the event that updates EHPLMN information is detected, the UDM network element may determine the fourth information according to the event that updates EHPLMN information, remove the second information in the fourth information, generate the first information, send the first information to the AMF network element through a subscription data Notification (numdm _ SDM _ Notification) message, and send the first information to the terminal through a Downlink NAS Transport (Downlink NAS Transport) message.

In practical application, in order to enable the terminal to determine whether the first information is an Additional EHPLMN List required by the terminal, that is, to determine whether the version corresponding to the first information is higher than the version of EHPLNM information stored in the terminal (when the terminal determines that the version corresponding to the first information is higher than the version of EHPLNM information stored in the terminal, the terminal stores the first information; when the terminal determines that the version corresponding to the first information is lower than or equal to the version of EHPLNM information stored in the terminal, the terminal discards the first information), and when the network device sends the generated first information to the terminal, the network device may also send identification information representing the version corresponding to the first information to the terminal (which may be referred to as a first identifier in subsequent descriptions); in this way, the terminal may determine whether the first information needs to be saved according to the first identifier.

Based on this, in an embodiment, when the generated first information is sent to the terminal, the method may further include:

Specifically, the network device may send the first identifier to the terminal through NAS signaling.

In practical application, since the first information is very important, in order to avoid that the first information is falsely or maliciously tampered in the data transmission process, and further cause that the terminal is expected to be on a Visited Public Land Mobile Network (VPLMN) and mistakenly assumes that the VPLMN is the HPLMN, the terminal and the network device need to securely transmit the first information; for example, the first information is encrypted; for another example, the first information is transmitted through a secure tunnel established between the terminal and the network device.

Based on this, in an embodiment, the sending the generated first information to the terminal may include:

and sending the encrypted first information to the terminal.

In practical application, the network device and the terminal may set an encryption key locally in advance for encrypting and decrypting the first information. Here, since both the terminal and the network device store second information, only the terminal and the network device can know the content of the second information; therefore, in order to save the storage space of the terminal and the network device and further improve the security of transmitting the first information, the second information may be directly set as an encryption key stream, that is, the second information is used as a key; the network device encrypts the first information by using the second information as a key to obtain encrypted first information; and after receiving the encrypted first information, the terminal can decrypt the encrypted first information by using the second information to obtain decrypted first information.

In actual application, the network device and the terminal can encrypt and decrypt the first information by using any encryption method; for example, when the network device encrypts the first information, an exclusive or operation may be performed on the first information and an encryption key stream (e.g., the second information), and an obtained result of the exclusive or operation is the encrypted first information; accordingly, when the terminal decrypts the encrypted first information, an exclusive or operation may be performed on the encrypted first information and a decryption key stream (corresponding to the encryption key stream, that is, the second information), and an obtained result of the exclusive or operation is the decrypted first information.

In practical application, when the network device is composed of a UDM network element and an AMF network element, the UDM network element may encrypt the first information after generating the first information, obtain the encrypted first information, send the encrypted first information to the AMF network element through a numdm _ SDM _ Notification message, and send the encrypted first information to the terminal through a Downlink NAS Transport message.

In practical application, in order to ensure the integrity of the encrypted first information received by the terminal, the network device may further perform integrity protection on the encrypted first information, and send the encrypted first information subjected to integrity protection to the terminal.

Based on this, in an embodiment, the sending the encrypted first information to the terminal may include:

Here, when the network device sends the encrypted first information subjected to integrity protection to the terminal, it needs to send first integrity verification information at the same time, where the first integrity verification information is generated after the network device performs integrity protection on the encrypted first information, and the first integrity verification information is used for the terminal to perform integrity check on the encrypted first information after receiving the encrypted first information.

In practical applications, the first integrity verification information may include a Message Authentication Code (MAC).

In actual application, the network device may also send, to the terminal, first integrity verification information corresponding to the encrypted first information subjected to integrity protection through a Downlink NAS Transport message; therefore, the sending the encrypted first information subjected to integrity protection to the terminal may include: and the network equipment sends the encrypted first information and first integrity verification information corresponding to the encrypted first information to the terminal.

In practical application, parameters required for integrity protection of the encrypted first information and parameters required for integrity check of the encrypted first information (the parameters required for integrity protection of the encrypted first information are the same as the parameters required for integrity check of the encrypted first information) may be set as needed, for example, the length of the encrypted first information, the first identifier, the length of the first identifier, and the like.

Based on this, in an embodiment, the integrity protecting the encrypted first information may include:

and the network equipment performs integrity protection on the encrypted first information by using the length of the encrypted first information, the first identifier and the length of the first identifier.

In practical application, the network device and the terminal may perform integrity protection on the encrypted first information by using any data integrity protection algorithm, and perform integrity check on the encrypted first information; such as MD5 Message Digest Algorithm (MD 5), key Derivation Function (KDF), etc. Meanwhile, the network device may further include an Authentication service Function (AUSF) network element, and the AUSF network element performs integrity protection on the encrypted first information.

For example, when the network device is composed of a UDM network element, an AUSF network element, and an AMF network element, the integrity protection of the encrypted first information by the network device using the KDF may be specifically implemented as follows: after the UDM network element generates the first information, the UDM network element encrypts the first information to obtain the encrypted first information, and sends an integrity Protection request (which may be denoted as Nausf _ AddEHPLMN _ Protection) message carrying the encrypted first information to the AUSF network element to request the AUSF network element to perform integrity Protection on the encrypted first information. After receiving the Nausf _ AddEHPLMN _ Protection message, the AUSF network element may generate a Counter (which may be represented as Counter) with an initial value of a first value (the first value may be any value unused or defined in the related art and having no special meaning, such as 0 × 00 0 × 01) _EHPLMN )，Counter _EHPLMN A version corresponding to at least one EHPLMN information included in the first information (i.e., the first identifier) may be characterized; and a preset first FC value (the first FC value may be any value which is not used or defined in the related art and has no special meaning, for example, 0x80, the FC value is a KDF instance identifier for identifying different KDF instances, i.e., different KDF instances for distinguishing calculation purposes), the encrypted first information, the length of the encrypted first information, the Counter _EHPLMN (i.e., the first identifier) and a Counter _EHPLMN The length of the first identifier (namely, the length of the first identifier) is used as an input parameter of the KDF, and an AUSF key (K) negotiated by the terminal and the AUSF network element is used in a process of registering the terminal to a network corresponding to the network device _AUSF ) Operating the KDF as a specified key of the KDF; the AUSF network element may determine a low 128 bits (bit) of a result output after the KDF is run as a result of the encryption of the first encrypted dataMAC (which can be expressed as EHPLMN-MAC-I) obtained after integrity protection of information _AUSF ) (ii) a Obtaining EHPLMN-MAC-I _AUSF And then the AUSF network element can return the carrier EHPLMN-MAC-I to the UDM network element _AUSF And Counter _EHPLMN An integrity Protection request response (which may be denoted as Nausf _ AddEHPLMN _ Protection _ Rsp) message; after the AUSF _ AddEHPLMN _ Protection _ Rsp is returned by the AUSF network element, the Counter may be controlled _EHPLMN Plus 1, i.e. using Counter _EHPLMN Update Counter with the result of adding 1 _EHPLMN For AUSF network element to calculate EHPLMN-MAC-I next time _AUSF . After receiving the Nausf _ AddEHPLMN _ Protection _ Rsp message, the UDM network element may encrypt the encrypted first information and the EHPLMN-MAC-I message through a Nudm _ SDM _ Notification message _AUSF And Counter _EHPLMN Sending the encrypted first information and the EHPLMN-MAC-I to an AMF network element, and sending the encrypted first information and the EHPLMN-MAC-I to the AMF network element through a Downlink NAS Transport message _AUSF (i.e., the first integrity verification information) and a Counter _EHPLMN (i.e. the first identity) is sent to the terminal. Here, the encrypted first information, EHPLMN-MAC-I, may be transmitted to the network via a network _AUSF And Counter _EHPLMN And setting the Payload Container Type field of the Downlink NAS Transport message as the third identifier (the third identifier may be a value that is not used or defined in any related art and has no special meaning, for example, 9).

Correspondingly, for the above process of performing integrity protection on the encrypted first information, the integrity check of the encrypted first information by the terminal using the KDF may be specifically implemented as follows: the terminal receives a Downlink NAS Transport message from the network equipment, and when detecting that a Payload Container Type domain of the Downlink NAS Transport message is the first identifier, the terminal determines to receive the encrypted first information, namely determines that the Payload Container domain of the Downlink NAS Transport message contains the encrypted first information; at this time, the terminal needs to perform security check on the Payload Container domain of the Downlink NAS Transport message, where the security check is performedChecking that the terminal performs integrity check on the encrypted first information by using other information, except the encrypted first information, contained in a Payload Container domain of a Downlink NAS Transport message, and performs decryption processing on the encrypted first information after the integrity check on the encrypted first information passes; specifically, the terminal obtains the encrypted first information, EHPLMN-MAC-I, from a Payload Container domain of a Downlink NAS Transport message _AUSF And Counter _EHPLMN And a preset first FC value, the encrypted first information, the length of the encrypted first information and a Counter are set _EHPLMN And Counter _EHPLMN Is used as an input parameter of KDF, and K is used as _AUSF Operating the KDF as a specified key of the KDF; the terminal may determine a low 128bit of a result output after the KDF is run as an MAC (which may be represented as EHPLMN-XMAC-I) obtained by performing integrity check on the encrypted first information _AUSF ) (ii) a Obtaining EHPLMN-XMAC-I _AUSF The terminal can then be paired with EHPLMN-XMAC-I _AUSF And EHPLMN-MAC-I _AUSF Compared, in EHPLMN-XMAC-I _AUSF And EHPLMN-MAC-I _AUSF If the first information and the second information are equal, the terminal can determine that the integrity check of the encrypted first information passes; at this time, the terminal may perform decryption processing on the encrypted first information to obtain decrypted first information, and store the decrypted first information. Here, the terminal calculates EHPLMN-XMAC-I _AUSF The method and AUSF network element calculate EHPLMN-MAC-I _AUSF In the same way, that is, the terminal calculates the EHPLMN-XMAC-I _AUSF Needed parameters and AUSF network element calculation EHPLMN-MAC-I _AUSF The required parameters are the same.

In actual application, in order to enable the network device to determine that the terminal completes EHPLMN update, the Downlink NAS Transport message (i.e., NAS signaling) may further include a reception acknowledgement Indication (which may be denoted as ACK Indication) information; the ACK Indication information is used for indicating the terminal to send receiving confirmation information to the network equipment after the first information is saved; of course, in order to ensure the integrity of information transmission, the receiving confirmation information may be integrity protected; after receiving the reception confirmation information, the network device may perform integrity check on the reception confirmation information, and after the integrity check of the reception confirmation information passes, the network device may determine that the terminal completes EHPLMN update. When the integrity check of the reception confirmation information fails, the network device may resend the first information to the terminal, or may not perform processing, and may specifically perform setting according to a requirement of an operator. Therefore, when the generated first information is sent to the terminal, the method may further include: the network equipment sends receiving confirmation indication information (which can be sent through NAS signaling) to the terminal; and the receiving confirmation indication information is used for indicating the terminal to send receiving confirmation information to the network equipment after the first information is stored. Here, when the receiving confirmation information is integrity-protected, and the network device receives the receiving confirmation information sent by the terminal, it also receives second integrity verification information sent by the terminal, and performs integrity check on the receiving confirmation information by using the second integrity verification information; the second integrity verification information is generated when the terminal performs integrity protection on the reception confirmation information.

Specifically, when the network device is composed of a UDM network element, an AUSF network element, and the terminal and the network device perform integrity Protection on the reception confirmation information by using a KDF, and perform integrity check on the reception confirmation information, and when the UDM network element sends a nasf _ AddEHPLMN _ Protection message carrying the encrypted first information to the AUSF network element, the nasf _ AddEHPLMN _ Protection message also needs to carry ACK Indication information for indicating the MAC (which may be represented as EHPLMN-XMAC-I) of the AUSF network element computing terminal, the ACK Indication information is used to indicate the MAC (which may be represented as EHPLMN-XMAC-I) of the AUSF network element computing terminal _UE )，EHPLMN-XMAC-I _UE And the receiving confirmation information is used for the UDM network element to carry out integrity check on the receiving confirmation information returned by the terminal after the first information is stored. The AUSF network element receives the Nausf _ AddEHPLMN _ Protection message and obtains the Counter _EHPLMN And EHPLMN-MAC-I _AUSF Thereafter, a preset second FC value (the second FC value may be any value which is not used or defined in the related art and has no special meaning, such as 0x 81), a preset first character string (the first character string may be set as required, such as "0x01 (" Additional EHPLMN List "or the like)), a length of the first character string, and a Counter _EHPLMN And Counter _EHPLMN As an input parameter for the KDF, and applying the K _AUSF Operating the KDF as a specified key of the KDF; the AUSF network element can determine the low 128bit of the output result after the KDF is operated as the EHPLMN-XMAC-I _UE And returns the carried EHPLMN-MAC-I to the UDM network element _AUSF 、EHPLMN-XMAC-I _UE And Counter _EHPLMN Nausf _ AddEHPLMN _ Protection _ Rsp message. After the UDM network element receives the Nausf _ AddEHPLMN _ Protection _ Rsp message, the UDM network element may send the EHPLMN-XMAC-I message to the network element _UE The encrypted first information, EHPLMN-MAC-I, can be stored locally and can be transmitted by a Nudm _ SDM _ Notification message _AUSF And Counter _EHPLMN Sending the encrypted first information and the EHPLMN-MAC-I to an AMF network element, and sending the encrypted first information and the EHPLMN-MAC-I to the AMF network element through a Downlink NAS Transport message _AUSF And, ACK Indication information and Counter _EHPLMN And sending the information to the terminal. The terminal may receive a Downlink NAS Transport message from the network device, perform integrity check on the encrypted first information, decrypt the encrypted first information to obtain decrypted first information, and store the decrypted first information, and the terminal may use the second FC value, the first character string, the length of the first character string, and the Counter to generate the second FC value _EHPLMN And Counter _EHPLMN Is used as an input parameter of KDF, and K is used as _AUSF Operating the KDF as a specified key of the KDF; the terminal may determine a low 128bit of a result output after the KDF is run as an MAC (which may be represented as EHPLMN-MAC-I) obtained after integrity protection is performed on the reception confirmation information _UE I.e., the second integrity verification information), and EHPLMN-MAC-I is transmitted _UE Carried on response Downlink NAS Transport messageSending the Uplink NAS signaling (Uplink NAS Transport) message to the AMF network element; the AMF network element sends the EHPLMN-MAC-I through a Nudm _ SDM _ Info message responding to the Nudm _ SDM _ Notification message _UE Sending the information to a UDM network element; the UDM network element can exchange EHPLMN-MAC-I _UE EHPLMN-XMAC-I with home _UE By contrast, when EHPLMN-MAC-I _UE And EHPLMN-XMAC-I _UE When the number of the received confirmation information is equal, the UDM network element may determine that the integrity check of the received confirmation information passes, and the terminal completes the EHPLMN update. Here, the terminal calculates EHPLMN-MAC-I _UE The method and AUSF network element calculate EHPLMN-XMAC-I _UE In the same way, that is, the terminal calculates the EHPLMN-MAC-I _UE Required parameters and AUSF network element calculation EHPLMN-XMAC-I _UE The required parameters are the same.

Correspondingly, an embodiment of the present application further provides an EHPLMN updating method, which is applied to a terminal, and as shown in fig. 2, the method includes the following steps:

step 201: a terminal receives first information sent by network equipment;

step 202: the terminal saves the first information; and using the first information and EHPLMN information preset in the terminal (i.e., preset in the terminal by an operator) together as updated EHPLMN information.

Here, the first information and the second information are used together as EHPLMN information that can be used by the terminal, and may be used by the terminal to determine whether a currently registered PLMN is a roaming PLMN, for example.

In step 201, in actual application, the first information sent by the network device may be received by the mobility management module of the terminal.

In step 202, during actual application, the mobile management module of the terminal may store the first information in the NVM of the terminal, and determine whether the currently registered PLMN is a roaming PLMN by using the first information and the second information; in the case where it is determined that the currently registered PLMN is a roaming PLMN, the mobility management module may instruct the network searching module of the terminal to leave the current roaming PLMN and to return to the HPLMN.

In step 201, during actual application, when the terminal receives the first information sent by the network device, the terminal may also receive a third identifier sent by the network device. Specifically, the terminal may determine whether the information received from the network device carries the third identifier, and in a case that it is determined that the information received from the network device carries the third identifier, the terminal may determine to receive the first information sent by the network device. Of course, the terminal may discard the corresponding information received from the network device or may not process the information received from the network device when determining that the information received from the network device does not carry the third identifier.

In an embodiment, the receiving, by the terminal, the first information sent by the network device may include:

and the terminal receives the first information sent by the network equipment through NAS signaling.

In actual application, after receiving the NAS signaling, the terminal may determine whether a Payload Container Type field of the NAS signaling carries the third identifier, determine that the NAS signaling carries the first information under the condition that it is determined that the NAS signaling carries the third identifier, and may obtain the first information from the Payload Container field in the NAS signaling.

accordingly, the saving the first information may include:

and storing the decrypted first information.

In practical application, the terminal may preset an encryption key that is the same as the encryption key of the network device locally, for example, the second information is set as an encryption key stream, that is, the second information is used as a key; the network equipment encrypts the first information by using the second information to obtain encrypted first information; and the terminal decrypts the encrypted first information by using the second information as a secret key to obtain decrypted first information.

In an embodiment, integrity protection is performed on the encrypted first information, and the decrypting, by the terminal, the encrypted first information may include:

the terminal carries out integrity check on the encrypted first information;

In actual application, in order to perform integrity check on the encrypted first information, when the terminal receives the first information sent by the network device, the terminal may also receive first integrity verification information sent by the network device; the first integrity verification information is generated after the network device performs integrity protection on the encrypted first information, and the first integrity verification information is used for the terminal to perform integrity check on the encrypted first information after receiving the encrypted first information. Therefore, the receiving the first information sent by the network device may include: and the terminal receives the encrypted first information sent by the network equipment and first integrity verification information corresponding to the encrypted first information.

In an embodiment, the integrity checking the encrypted first information may include:

In actual application, under the condition that the integrity check of the encrypted first information is not passed, the terminal may wait for the network device to resend the first information without processing; of course, the terminal may also send an EHPLMN update request message to the network device to re-accept the first information.

In an embodiment, when receiving the first information, the method may further include:

the terminal receives the first identifier sent by the network equipment;

accordingly, the saving the first information may include:

In actual application, the first identifier and the first information may be received by the terminal through the same NAS signaling, that is, the Downlink NAS Transport message; the first identifier is the Counter _EHPLMN 。

Specifically, after receiving the first information, in order to verify whether the first information is wrong information (for example, at least one EHPLMN information included in the first information is an EHPLMN information that has been updated by the terminal), the terminal may determine whether the version of the first identifier representation is higher than the version of the second identifier representation, and update the third information with the first information if the version of the first identifier representation is higher than the version of the second identifier representation; and meanwhile, updating the second identifier by using the first identifier. Of course, the terminal may discard the first information in case the version of the first identity token is lower than or equal to the version of the second identity token.

In actual application, when the terminal receives first information sent by network equipment, the terminal can also receive receiving confirmation indication information sent by the network equipment; and the receiving confirmation indication information is used for indicating the terminal to send receiving confirmation information to the network equipment after the first information is stored. Therefore, in response to the reception confirmation indication information, the terminal may generate reception confirmation information after saving the first information, and send the generated reception confirmation information to the network device, so that the network device confirms that the terminal completes EHPLMN update. Certainly, in order to ensure the integrity of information transmission, the terminal may perform integrity protection on the reception confirmation information, generate second integrity verification information corresponding to the reception confirmation information subjected to integrity protection, and send the second integrity verification information and the reception confirmation information subjected to integrity protection to the network device together, so that the network device uses the second integrity verification information to perform integrity verification on the reception confirmation information.

In the EHPLMN updating method provided in the embodiment of the present application, the network device detects an event for updating EHPLMN information; generating first information according to the detected event for updating the EHPLMN information; sending the generated first information to a terminal; the terminal stores the first information, and uses the first information and the EHPLMN information preset in the terminal together as the updated EHPLMN information, and the first information contains the EHPLMN information updated relative to the EHPLMN information preset in the terminal, so that the terminal does not need to actively collect the EHPLMN information updated by the corresponding operator, but the network equipment of the corresponding operator sends the updated EHPLMN information to the terminal, and thus, the terminal can accurately update the EHPLMN information in real time.

The present application will be described in further detail with reference to the following application examples.

The embodiment of the present application provides a mechanism for dynamically updating an Additional EHPLMN List (i.e., the first information) to a terminal, which is actively initiated by a network side (i.e., the network device), where the network side uses a security architecture of an existing 5G network and an existing 5G NAS Transport process to update the Additional EHPLMN List, and fully uses a security network element function of the current 5G network, and performs security protection on the Additional EHPLMN List through cooperation of an UDM network element and an AUSF network element. Specifically, after the terminal registers a New air interface (NR, new Radio) network, when the UDM network element detects that an EHPLMN List (i.e., the second information) pre-stored in the terminal needs to be extended, that is, when the UDM network element determines that an Additional EHPLMN List needs to be provided for the terminal through an event that an administrator of a corresponding operator updates the EHPLMN List, the UDM network element encrypts the Additional EHPLMN List, and the AUSF network element performs integrity protection on the encrypted Additional EHPLMN List, and finally, the AMF network element issues the encrypted Additional plmn List subjected to integrity protection to the terminal through a DL (Downlink) NAS Transport flow. A mobile management module of the terminal receives the DL NAS Transport information, carries out integrity check and decryption on the Additional EHPLMN List information, and stores the decrypted Additional EHPLMN List in an NVM of the terminal; the Additional EHPLMN List and the EHPLMN List in the USIM card jointly form an EHPLMN List, which is used for guiding the network searching module of the terminal to leave the current Roaming PLMN and then return to the HPLMN by the mobile management module.

As shown in fig. 3, the EHPLMN updating method provided in this embodiment may specifically include the following steps:

step 301: the terminal is registered on the NR network; step 302 is then performed.

Step 302: the UDM network element detects that the current EHPLMN List is insufficient, the EHPLMN needs to be updated, and an Additional EHPLMN List is generated; step 303 is then performed.

Specifically, the UDM network element detects an event of updating the EHPLMN List, determines that an Additional EHPLMN List needs to be sent to the terminal, and generates the Additional EHPLMN List according to the event of updating the EHPLMN List.

Step 303: the UDM network element and the AUSF network element perform security protection on the Additional EHPLMN List; step 304 is then performed.

Here, the performing security protection on the Additional EHPLMN List may include encrypting the Additional EHPLMN List and performing integrity protection on the Additional EHPLMN List; specifically, the process of performing step 303 may include the steps of:

step 3031: the UDM network element encrypts an Additional EHPLMN List; step 3032 is then performed.

In particular, the EF of the USIM card of the terminal is taken into account _EHPLMN The content (i.e. EHPLMN List) is only known to the terminal and UDM network elements. Therefore, the EHPLMN List may be designed as an encryption key stream, and the UDM network element completes simple encryption of the Additional EHPLMN List through the process shown in fig. 4, that is, performs an exclusive or operation on the EHPLMN List and a plaintext of the Additional EHPLMN List (that is, the unencrypted Additional EHPLMN List), where a content obtained by the exclusive or operation is the encrypted Additional EHPLMN List.

Step 3032: after the UDM network element finishes information encryption, sending a Nausf _ AddEHPLMN _ Protection message to an AUSF network element, and requesting the AUSF network element to perform information integrity Protection on the encrypted Additional EHPLMN List; step 3033 is then performed.

Here, the Nausf _ add EHPLMN _ Protection message includes encrypted Additional EHPLMN List and ACK Indication indicating that the AUSF network element is required to calculate EHPLMN-XMAC-I _UE ，EHPLMN-XMAC-I _UE The method is used for storing the information for the UDM network element locally and carrying out integrity check on the acknowledgement message when the acknowledgement message (acknowledgement) sent by the terminal is received subsequently.

Step 3033: the AUSF network element returns a Nausf _ AddEHPLMN _ Protection _ Rsp message to the UDM network element after finishing integrity Protection on the encrypted Additional EHPLMN List; step 304 is then performed.

Here, the Nausf _ AddEHPLMN _ Protection _ Rsp message includes EHPLMN-MAC-I _AUSF 、EHPLMN-XMAC-I _UE And Counter _EHPLMN 。

Specifically, the process of integrity protection of the encrypted Additional EHPLMN List by the AUSF network element may include the following two steps:

step 1: AUSF network element generates Counter for integrity protection _EHPLMN (i.e., the first identifier), counter _EHPLMN May be 0x00 0x01, and after the generation of the Nausf _ AddEHPLMN _ Protection _ Rsp message is completed once, the Counter _EHPLMN The value is increased by 1.

And 2, step: the AUSF network element takes 0x80 (namely the first FC value) as an input parameter FC of the KDF, takes the encrypted Additional EHPLMN List as an input parameter P0 of the KDF, takes the length of the encrypted Additional EHPLMN List as an input parameter L0 of the KDF, and takes the Counter as an input parameter L0 of the KDF _EHPLMN As input parameter P1 of KDF, and Counter _EHPLMN Is taken as an input parameter L1 of KDF, K _AUSF Executing the KDF as a specified key of the KDF; the lower 128 bits of the output result after executing KDF are the EHPLMN-MAC-I obtained after integrity protection is carried out on the encrypted Additional EHPLMN List _AUSF 。

Meanwhile, the AUSF network element uses 0x81 (i.e., the second FC value) as an input parameter FC of the KDF, uses a character string "0x01 (" Additional EHPLMN List "acquisition)" (i.e., the first character string) as an input parameter P0 of the KDF, uses the length of the character string as an input parameter L0 of the KDF, and uses the Counter _EHPLMN As input parameter P1 of KDF, and Counter _EHPLMN Is taken as an input parameter L1 of KDF, K _AUSF Executing the KDF as a specified key of the KDF; the low 128bit of the output result after executing KDF is EHPLMN-XMAC-I _UE 。

Step 304: the UDM network element sends a Nudm _ SDM _ Notification message to the AMF network element; step 305 is then performed.

Here, the Nudm _ SDM _ Notification message packetEncrypted Additional EHPLMN List and EHPLMN-MAC-I _AUSF And Counter _EHPLMN 。

Step 305: after receiving the Nudm _ SDM _ Notification message sent by the UDM network element, the AMF network element sends a DL NAS Transport message to the terminal; step 306 is then performed.

Here, the Payload Container Type field of the DL NAS Transport message may be set to 9 (i.e., the third identifier described above); the Payload Container field of the DL NAS Transport message may contain the encrypted Additional EHPLMN List, ACK Indication (i.e., the above-mentioned reception acknowledgement Indication information), and EHPLMN-MAC-I _AUSF (i.e., the first integrity verification information) and a Counter _EHPLMN (i.e., the first identifier described above).

Step 306: after receiving a DL NAS Transport message from an AMF network element, a mobile management module of the terminal indicates a security module of the terminal to perform security check on an encrypted Additional EHPLMN List in a Payload Container domain when detecting that the Payload Container Type domain of the DL NAS Transport message is 9; step 307 is then performed.

Here, the performing security check on the encrypted Additional EHPLMN List may include performing integrity check on the encrypted Additional EHPLMN List and decrypting the encrypted Additional EHPLMN List; specifically, the process of performing step 306 may include the steps of:

step 3061: the terminal carries out integrity check on the encrypted Additional EHPLMN List; step 3062 is then performed.

Here, the terminal calculates EHPLMN-MAC-I using AUSF network element _AUSF The same manner as that of calculating EHPLMN-XMAC-I _AUSF Value, and EHPLMN-MAC-I _AUSF And EHPLMN-XMAC-I _AUSF Comparing, and if the two are equal, the integrity check is passed; that is, the terminal calculates the EHPLMN-MAC-I using the AUSF network element _AUSF Computing EHPLMN-XMAC-I with input parameters FC, P0, L0, P1, L1 of the same KDF and the same key _AUSF The value is obtained. Specifically, the terminal takes 0x80 as an input parameter FC of a KDF and Payload Con of a DL NAS Transport messagethe encrypted Additional EHPLMN List contained in the terminal field is used as the input parameter P0 of the KDF, the length of the encrypted Additional EHPLMN List is used as the input parameter L0 of the KDF, and the Counter contained in the Payload Container field of the DL NAS Transport message _EHPLMN As input parameter P1 of KDF, and Counter _EHPLMN Is taken as an input parameter L1 of KDF, K _AUSF Executing the KDF as a specified key of the KDF; the lower 128 bits of the output result after executing KDF is the EHPLMN-XMAC-I obtained after the integrity check is carried out on the encrypted Additional EHPLMN List _AUSF 。

Step 3062: after the integrity check of the encrypted Additional EHPLMN List is passed, the terminal decrypts the encrypted Additional EHPLMN List in the same way as the UDM network element encrypts the Additional EHPLMN List, and obtains an Additional EHPLMN List plaintext (i.e. the decrypted first information) after decryption; step 307 is then performed.

Specifically, the terminal regards the EHPLMN List as a key stream, and performs an exclusive or operation on the EHPLMN List and the encrypted Additional EHPLMN List through the process shown in fig. 5, where the content obtained by the exclusive or operation is the content of the Additional EHPLMN List in the plaintext.

Step 307: after the security check of the encrypted Additional EHPLMN List is passed by the security module of the terminal, EHPLMN-MAC-I is calculated _UE And EHPLMN-MAC-I _UE The information is sent to the AMF network element in an UL NAS Transport message; step 308 is then performed.

Here, the UL NAS Transport message is Acknowledgement of the DL NAS Transport message. Specifically, after obtaining the plaintext of the Additional EHPLMN List, the terminal needs to calculate EHPLMN-XMAC-I by using the AUSF network element in order to respond to the DL NAS Transport message received before _UE Computing EHPLMN-MAC-I by using input parameters FC, P0, L0, P1 and L1 of the same KDF and the same key _UE 。

Step 308: the AMF network element receives the EHPLMN-MAC-I in the DL NAS Transport message from the terminal _UE (i.e., the second integrity verification information described above) is cancelled by Nudm _ SDM _ InfoThe message is sent to the UDM network element; step 309 is then performed.

Step 309: UDM network element comparing EHPLMN-MAC-I _UE Whether to compare with the previously saved EHPLMN-XMAC-I _UE Similarly, the integrity check is performed on the Acknowledgement of the terminal if EHPLMN-MAC-I _UE And EHPLMN-XMAC-I _UE And if so, the integrity check of the Acknowledgement of the terminal passes.

Here, a specific implementation process of the EHPLMN updating method provided in this embodiment is the same as the specific implementation processes of the EHPLMN updating method shown in fig. 1 and the EHPLMN updating method shown in fig. 2, and is not repeated here.

When an operator carries out upgrading and upgrading transformation on a network, an Additional EHPLMN List needs to be added on the basis of the EHPLMN List of the current USIM card of a corresponding terminal; if the terminal collects the Additional EHPLMN List, the difficulty of collection is large; and, since the collected Additional EHPLMN List may be inaccurate, it is difficult for the terminal to update the Additional EHPLMN List in synchronization with the operator. By adopting the EHPLMN updating method provided by the embodiment of the present application, the network side initiates the updating action of the Additional EHPLMN List, the security architecture and the signaling flow of 5G are fully utilized, the security and the integrity of the Additional EHPLMN List in the transmission process are ensured, and finally the Additional EHPLMN List can be safely updated to the terminal side in real time.

Therefore, the EHPLMN updating method provided by the embodiment of the present application has the following advantages:

firstly, the updating of the EHPLMN has real-time performance and accuracy; since the network side of the operator can provide the Additional EHPLMN List with the highest accuracy, the network side initiates the update of EHPLMN most accurately in real time; therefore, the problems that the terminal is difficult to collect the Additional EHPLMN List and the EHPLMN is not updated timely (such as the EHPLMN update is delayed) can be solved, and the Additional EHPLMN List obtained by the terminal is always the latest EHPLMN information of the corresponding operator (namely the service operator corresponding to the terminal).

Secondly, the existing security architecture and signaling flow of the current 5G network are fully utilized, and on the premise that the changes of the existing 5G network equipment and the terminal are minimized as much as possible (namely on the premise of controlling cost), the integrity and confidentiality (namely security) of the Additional EHPLMN List are ensured in the information transmission process, and finally the Additional EHPLMN List is safely updated to the terminal side in real time.

In order to implement the method on the terminal side in the embodiment of the present application, an embodiment of the present application further provides an EHPLMN updating apparatus, which is disposed on a terminal, and as shown in fig. 6, the EHPLMN updating apparatus includes: a receiving unit 61 and a first processing unit 62; wherein the content of the first and second substances,

the receiving unit 61 is configured to receive first information sent by a network device; the first information comprises at least one EHPLMN information; the first information includes EHPLMN information updated with respect to EHPLMN information preset in the terminal;

the first processing unit 62 is configured to store the first information; and using the first information and EHPLMN information preset in the terminal as updated EHPLMN information together.

In an embodiment, the receiving unit 61 is specifically configured to receive the first information sent by the network device through NAS signaling.

In an embodiment, the receiving unit 61 is further configured to:

receiving encrypted first information sent by the network equipment;

correspondingly, the first processing unit 62 is further configured to:

decrypting the encrypted first information to obtain decrypted first information;

and storing the decrypted first information.

In an embodiment, the first processing unit 62 is further configured to:

decrypting the encrypted first information by using the second information as a key; the second information includes EHPLMN information preset in the terminal.

In an embodiment, the first processing unit 62 is further configured to:

carrying out integrity check on the encrypted first information;

and after the integrity check of the encrypted first information passes, decrypting the encrypted first information.

In an embodiment, the first processing unit 62 is further configured to:

carrying out integrity check on the encrypted first information by using the length of the encrypted first information, the first identifier and the length of the first identifier; the first identification represents a version corresponding to the first information.

In an embodiment, the receiving unit 61 is further configured to receive a first identifier sent by the network device; the first identification represents a version corresponding to the first information;

the first processing unit 62 is further configured to:

Here, the functions of the receiving unit 61 and the first processing unit 62 may be equivalent to the functions of a mobile management module and a security module of a terminal in an embodiment of the present application.

In practical applications, the receiving unit 61 may be implemented by a communication interface in the EHPLMN updating device; the first processing unit 62 may be implemented by a processor in the update EHPLMN device.

It should be noted that: the EHPLMN updating apparatus provided in the above embodiment is only illustrated by dividing the above program modules when updating the EHPLMN, and in practical applications, the above processing allocation may be completed by different program modules according to needs, that is, the internal structure of the EHPLMN updating apparatus is divided into different program modules to complete all or part of the above described processing. In addition, the EHPLMN updating apparatus provided in the above embodiments and the EHPLMN updating method embodiment at the terminal side belong to the same concept, and specific implementation processes thereof are detailed in the method embodiment and are not described herein again.

In order to implement the method on the network device side in the embodiment of the present application, an embodiment of the present application further provides an EHPLMN updating apparatus, which is disposed on a network device, and as shown in fig. 7, the EHPLMN updating apparatus includes: a detection unit 71, a second processing unit 72, and a transmission unit 73; wherein the content of the first and second substances,

the detecting unit 71 is configured to detect an event of updating EHPLMN information;

the second processing unit 72 is configured to generate first information according to the detected event for updating EHPLMN information; the first information comprises at least one EHPLMN information; the first information comprises EHPLMN information updated relative to EHPLMN information preset in the terminal;

the sending unit 73 is configured to send the generated first information to the terminal.

In an embodiment, the second processing unit 72 is specifically configured to:

determining fourth information according to the detected event for updating the EHPLMN information; the fourth information includes all EHPLMN information after the operation corresponding to the event of updating EHPLMN information is performed; the fourth information includes the second information, and the second information includes EHPLMN information preset in the terminal;

and removing the second information in the fourth information to obtain the first information.

In an embodiment, the sending unit 73 is specifically configured to send the first information to the terminal through NAS signaling.

In an embodiment, the second processing unit 72 is further configured to perform encryption processing on the first information to obtain encrypted first information;

the sending unit 73 is further configured to send the encrypted first information to the terminal.

In an embodiment, the second processing unit 72 is further configured to:

and performing encryption processing on the first information by using the second information as a key.

In an embodiment, the second processing unit 72 is further configured to perform integrity protection on the encrypted first information;

the sending unit 73 is further configured to send the encrypted first information subjected to integrity protection to the terminal.

In an embodiment, the second processing unit 72 is further configured to:

integrity protection is carried out on the encrypted first information by using the length of the encrypted first information, the first identifier and the length of the first identifier; the first identification represents a version corresponding to the first information.

In an embodiment, when sending the generated first information to a terminal, the sending unit 73 is further configured to:

sending a first identifier to the terminal; the first identification represents a version corresponding to the first information.

In practice, the detecting unit 71 and the second processing unit 72 may be implemented by a processor in the EHPLMN updating apparatus; the transmitting unit 73 may be implemented by a communication interface in the update EHPLMN device.

It should be noted that: the EHPLMN updating apparatus provided in the above embodiment is only illustrated by dividing the above program modules when updating the EHPLMN, and in practical applications, the above processing allocation may be completed by different program modules according to needs, that is, the internal structure of the EHPLMN updating apparatus is divided into different program modules to complete all or part of the above described processing. In addition, the EHPLMN updating apparatus provided in the foregoing embodiment and the EHPLMN updating method embodiment on the network device side belong to the same concept, and specific implementation processes thereof are detailed in the method embodiment and are not described herein again.

In order to implement the method on the terminal side or the network device side in the embodiment of the present application, an embodiment of the present application further provides a chip, and as shown in fig. 8, the chip 80 includes:

an interface 81 for information interaction with the memory;

and the processor 82 is connected with the interface 81 to realize information interaction with the memory, and is used for reading the computer program stored in the memory through the interface 81 and executing the method provided by one or more technical schemes on the terminal side or the network equipment side when the computer program is run.

In practical applications, as shown in fig. 8, the chip 80 may further include a memory 83, and the memory 83 is used for storing various types of data to support the operation of the chip 80. Examples of such data include: any computer program for operating on chip 80.

Of course, the developer may also store a computer program capable of running on the processor 82 by a memory of a communication device (such as a terminal or a network device) where the chip 80 is located, without providing a memory in the chip 80 according to the chip design requirement.

Specifically, when the chip 80 is used to implement the method on the terminal side in the embodiment of the present application, the processor 82 is configured to perform the following operations:

receiving first information sent by network equipment; the first information comprises at least one EHPLMN information; the first information includes EHPLMN information updated with respect to EHPLMN information preset in the terminal;

saving the first information; and using the first information and EHPLMN information preset in the terminal as updated EHPLMN information together.

In an embodiment, the processor 82 is further configured to receive, through NAS signaling, the first information sent by the network device.

In one embodiment, the processor 82 is further configured to perform the following operations:

receiving encrypted first information sent by the network equipment;

and storing the decrypted first information.

In one embodiment, the processor 82 is further configured to:

carrying out integrity check on the encrypted first information;

In an embodiment, when receiving the first information, the processor 82 is further configured to:

receiving a first identifier sent by the network equipment; the first identification represents a version corresponding to the first information;

When the chip 80 is used to implement the method on the network device side in the embodiment of the present application, the processor 82 is specifically configured to perform the following operations:

detecting an event that updates EHPLMN information;

generating first information according to the detected event for updating the EHPLMN information; the first information comprises at least one EHPLMN information; the first information comprises EHPLMN information updated relative to EHPLMN information preset in the terminal;

and sending the generated first information to the terminal.

In one embodiment, the processor 82 is further configured to:

determining fourth information according to the detected event for updating the EHPLMN information; the fourth information includes all EHPLMN information after the operation corresponding to the event of updating EHPLMN information is performed;

and removing the EHPLMN information preset by the terminal in the fourth information to obtain the first information.

In one embodiment, the processor 82 is further configured to:

and sending the first information to the terminal through NAS signaling.

In one embodiment, the processor 82 is further configured to:

encrypting the first information to obtain encrypted first information;

and sending the encrypted first information to the terminal.

In one embodiment, the processor 82 is further configured to:

encrypting the first information by using second information as a key; the second information includes EHPLMN information preset in the terminal.

integrity protection is carried out on the encrypted first information;

In one embodiment, the processor 82 is further configured to:

It should be noted that: the process of the processor 82 specifically executing the above operations is detailed in the method embodiment of the terminal side and the method embodiment of the network device side in this application, and details are not described here again.

Based on the hardware implementation of the program module, and in order to implement the method on the terminal side or the network device side in the embodiment of the present application, an embodiment of the present application further provides a communication device, where the communication device may be a terminal or a network device, as shown in fig. 9, the communication device 90 includes:

a communication interface 91 capable of performing information interaction with other communication devices;

the processor 92 is connected with the communication interface 91 to realize information interaction with other communication devices, and is used for executing the method provided by one or more technical schemes on the terminal side or the network device side when running a computer program;

a memory 93 for storing a computer program capable of running on the processor 92.

Here, when the communication device 90 is a terminal, the other communication device may be a network device; when the communication device 90 is a network device, the other communication device may be a terminal.

Specifically, when the communication device 90 is used to implement the method on the terminal side in the embodiment of the present application, the processor 92 is configured to perform the following operations:

In an embodiment, the processor 92 is further configured to receive, through NAS signaling, the first information sent by the network device.

In one embodiment, the processor 92 is further configured to:

receiving encrypted first information sent by the network equipment;

and storing the decrypted first information.

In one embodiment, the processor 92 is further configured to:

carrying out integrity check on the encrypted first information;

In one embodiment, the processor 92 is further configured to:

In an embodiment, when receiving the first information, the processor 92 is further configured to:

When the communication device 90 is used to implement the method on the network device side in the embodiment of the present application, the processor 92 is configured to perform the following operations:

detecting an event that updates EHPLMN information;

and sending the generated first information to the terminal.

In one embodiment, the processor 92 is further configured to:

and sending the first information to the terminal through NAS signaling.

In one embodiment, the processor 92 is further configured to:

encrypting the first information to obtain encrypted first information;

and sending the encrypted first information to the terminal.

In one embodiment, the processor 92 is further configured to:

integrity protection is carried out on the encrypted first information;

In one embodiment, the processor 92 is further configured to:

It should be noted that: the process of the processor 92 specifically executing the above operations is detailed in the method embodiment of the terminal side and the method embodiment of the network device side in this application, and details are not described here again.

Of course, in practice, the various components of the communication device 90 may be coupled together by a bus system 94. It will be appreciated that the bus system 94 is used to enable communications among the components. The bus system 94 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled as bus system 94 in fig. 9.

The method disclosed in the above embodiments of the method on the terminal side or the network device side may be applied to the processor 92, or may be implemented by the processor 92. The processor 92 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by instructions in the form of hardware, integrated logic circuits, or software in the processor 92. The Processor 92 may be a general purpose Processor, a Digital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. Processor 92 may implement or perform the methods, steps, and logic blocks disclosed in the method embodiments of the present application on the terminal side or the network device side. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiments of the method on the terminal side or the network device side of the present application may be directly implemented as the execution of a hardware decoding processor, or implemented by the combination of hardware and software modules in the decoding processor. The software modules may be located in a storage medium located in the memory 93, and the processor 92 reads the information in said memory 93 and in combination with its hardware performs the steps of the aforementioned method.

In an exemplary embodiment, the communication Device 90 may be implemented by one or more Application Specific Integrated Circuits (ASICs), DSPs, programmable Logic Devices (PLDs), complex Programmable Logic Devices (CPLDs), field Programmable Gate Arrays (FPGAs), general purpose processors, controllers, micro Controllers (MCUs), microprocessors (microprocessors), or other electronic components for performing the aforementioned terminal-side or network Device-side methods.

It will be appreciated that the memory of embodiments of the present application (e.g., memory 83 in chip 80 or memory 93 in communication device 90) may be either volatile memory or nonvolatile memory, and may include both volatile and nonvolatile memory. Among them, the nonvolatile Memory may be a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a magnetic random access Memory (FRAM), a magnetic random access Memory (Flash Memory), a magnetic surface Memory, an optical Disc, or a Compact Disc Read-Only Memory (CD-ROM); the magnetic surface storage may be disk storage or tape storage. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), synchronous Static Random Access Memory (SSRAM), dynamic Random Access Memory (DRAM), synchronous Dynamic Random Access Memory (SDRAM), double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM), enhanced Synchronous Dynamic Random Access Memory (ESDRAM), enhanced Synchronous Dynamic Random Access Memory (Enhanced DRAM), synchronous Dynamic Random Access Memory (SLDRAM), direct Memory (DRmb Access), and Random Access Memory (DRAM). The memories described in the embodiments of the present application are intended to comprise, without being limited to, these and any other suitable types of memory.

In an exemplary embodiment, the present application further provides a storage medium, that is, a computer storage medium, specifically, a computer readable storage medium, such as a memory 83 in the chip 80 for storing a computer program, where the computer program stored in the memory 83 is executable by the processor 82 in the chip 80 to perform the steps of the foregoing terminal-side or network-side method. As another example, the memory 93 stores a computer program, and the computer program stored in the memory 93 can be executed by the processor 92 in the communication device 90 to perform the steps of the aforementioned terminal-side or network-side method. The computer readable storage medium may be Memory such as FRAM, ROM, PROM, EPROM, EEPROM, flash Memory, magnetic surface Memory, optical disk, or CD-ROM.

In the several embodiments provided in the present application, it should be understood that the disclosed method and intelligent device may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, all functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.

Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic or optical disk, or various other media that can store program code.

Alternatively, the integrated units described above in the present application may be stored in a computer-readable storage medium if they are implemented in the form of software functional modules and sold or used as independent products. Based on such understanding, the technical solutions of the embodiments of the present application or portions thereof that contribute to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic or optical disk, or various other media that can store program code.

It should be noted that: "first," "second," and the like are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.

The technical means described in the embodiments of the present application may be arbitrarily combined without conflict.

The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application.

Claims

1. An Equivalent Home Public Land Mobile Network (EHPLMN) updating method, comprising:

the terminal saves the first information; the first information and EHPLMN information preset in the terminal are jointly used as updated EHPLMN information;

the terminal receives first information sent by network equipment, and the first information comprises:

the terminal receives first information sent by the network equipment through non-access stratum (NAS) signaling;

the method for receiving the first information sent by the network device by the terminal includes:

the terminal receives encrypted first information sent by the network equipment; the encrypted first information is obtained by encrypting the first information by the network equipment by using the second information;

the second information includes EHPLMN information preset in the terminal.

2. The method of claim 1, wherein the saving the first information comprises:

and storing the decrypted first information.

3. The method according to claim 2, wherein said decrypting the encrypted first information comprises:

and the terminal decrypts the encrypted first information by using the second information as a secret key.

4. The method according to claim 2, wherein the terminal performs decryption processing on the encrypted first information, and the decryption processing includes:

the terminal carries out integrity check on the encrypted first information;

5. The method of claim 4, wherein the integrity checking the encrypted first information comprises:

6. The method of claim 1, wherein receiving the first information, the method further comprises:

the saving the first information includes:

7. An EHPLMN update method, comprising:

the network equipment detects an event for updating the EHPLMN information;

the network equipment generates first information according to the detected event for updating the EHPLMN information; the first information comprises at least one EHPLMN information; the first information comprises EHPLMN information updated relative to EHPLMN information preset in the terminal;

the network equipment sends the generated first information to the terminal;

the sending the generated first information to the terminal includes:

the network equipment sends the first information to the terminal through NAS signaling;

wherein the sending the generated first information to the terminal further includes:

sending the encrypted first information to the terminal;

wherein, the encrypting the first information comprises:

8. The method of claim 7, wherein generating the first information based on the detected event that updates the EHPLMN information comprises:

9. The method according to claim 7, wherein the sending the encrypted first information to the terminal comprises:

10. The method according to claim 9, wherein said integrity protecting the encrypted first information comprises:

11. The method according to any one of claims 7 to 8, wherein when the generated first information is transmitted to a terminal, the method further comprises:

12. A chip, comprising: a processor and an interface; wherein the content of the first and second substances,

the processor, when being configured to execute a computer program, is configured to perform the steps of the method of any one of claims 1 to 6 or to perform the steps of the method of any one of claims 7 to 11.

13. A communication device, comprising: a processor and a memory for storing a computer program capable of running on the processor; wherein the content of the first and second substances,

the processor is adapted to perform the steps of the method of any one of claims 1 to 6 or the steps of the method of any one of claims 7 to 11 when running the computer program.

14. A storage medium storing a computer program, wherein the computer program when executed by a processor implements the steps of the method of any one of claims 1 to 6 or implements the steps of the method of any one of claims 7 to 11.