CN112073177B - Key updating method and device - Google Patents

Key updating method and device Download PDF

Info

Publication number
CN112073177B
CN112073177B CN201910503453.9A CN201910503453A CN112073177B CN 112073177 B CN112073177 B CN 112073177B CN 201910503453 A CN201910503453 A CN 201910503453A CN 112073177 B CN112073177 B CN 112073177B
Authority
CN
China
Prior art keywords
terminal
key
entity
subscription information
lmf
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910503453.9A
Other languages
Chinese (zh)
Other versions
CN112073177A (en
Inventor
侯云静
艾明
毕晓宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Mobile Communications Equipment Co Ltd
Original Assignee
Datang Mobile Communications Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Mobile Communications Equipment Co Ltd filed Critical Datang Mobile Communications Equipment Co Ltd
Priority to CN201910503453.9A priority Critical patent/CN112073177B/en
Publication of CN112073177A publication Critical patent/CN112073177A/en
Application granted granted Critical
Publication of CN112073177B publication Critical patent/CN112073177B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application discloses a key updating method and a key updating device, which are used for providing a solution for updating a key for decrypting positioning auxiliary data. On a network side, for example, on an AMF entity side of a core network device, a key updating method provided in an embodiment of the present application includes: determining a key for decrypting the positioning assistance data which needs to be updated and sent to the terminal; and sending the key to the terminal.

Description

Key updating method and device
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for updating a key.
Background
A network architecture supporting location services is shown in fig. 1, and the main network functions in the diagram are described as follows:
GMLC: the functional entity receives a positioning request of an LCS (LoCation Services) client, triggers a positioning process and returns the position of User Equipment (UE) to the LCS client.
UDM: the functional entity storing the information of the UE, for example, subscription information, has established information of a Protocol Data Unit (PDU) session.
An AMF entity: and the mobility management functional entity accesses authentication and tracks the position of the UE.
LMF entity: and the position management functional entity acquires the position of the UE.
The issuing of the positioning auxiliary data and the encryption key mainly relates to entities such as an LMF entity, a UDM entity, an AMF entity and the like. Wherein the LMF entity is responsible for formulating the encryption key and the positioning assistance data. The UDM entity stores an assistance data type to which a User Equipment (UE) subscribes. The AMF entity receives auxiliary data and a secret key issued by the LMF entity, wherein the auxiliary data is broadcasted through a Radio Access Network (RAN), and the AMF entity sends the secret key to the UE through a registration process. When the UE receives the key, the key may be used to decrypt the received broadcasted assistance data.
The specific process of broadcasting the network assistance data is shown in fig. 2 and described as follows:
step 201, the LMF entity transmits a message (Namf _ Communication _ N1N2MessageTransfer) through the AMF Communication N1N2, and sends Network Assistance Data (Network Assistance Data) to the AMF entity.
In step 202, the AMF entity transmits (Transport) the network assistance data to the 5G radio access network (NG-RAN) via N2.
Step 203, the NG-RAN sends the network assistance data to the UE via a Broadcast Message (Broadcast Message).
Currently, the LMF entity change procedure supports a service LMF entity to change in a 5GC-MT-LR (Mobile terminal Location Request) procedure. The mobility of the target UE may result in a change of the serving AMF entity that the original serving LMF entity does not fit. For example, the serving LMF entity may be remote from the new serving AMF entity, resulting in higher resource utilization of the AMF entity to LMF entity signaling, or the LMF entity may not configure information (e.g., cell database) for the UE's current access network. In this case, the serving LMF entity may need to change.
Disclosure of Invention
The embodiment of the application provides a key updating method and a key updating device, which are used for providing a solution for updating a key for decrypting positioning auxiliary data.
On a network side, for example, on an AMF entity side of a core network device, a key updating method provided in an embodiment of the present application includes:
determining a key for decrypting the positioning assistance data which needs to be updated and sent to the terminal;
and sending the key to the terminal.
By the method, a key which needs to be updated and is used for decrypting the positioning auxiliary data is determined to be sent to the terminal; and sending the key to the terminal, thereby providing a solution for updating the key for decrypting the positioning auxiliary data when the LMF entity serving the terminal is changed or the subscription information is changed, so that the terminal can obtain the updated key and decode the positioning auxiliary data by using the updated key.
Optionally, the key is sent to the terminal by a terminal configuration update command or a downlink positioning message.
Optionally, the key is obtained from a location management function, LMF, entity, and the method further includes: and acquiring the subscription information of the terminal, and sending the subscription information of the terminal to the LMF entity, so that the LMF entity determines the secret key according to the subscription information of the terminal.
Optionally, the method further comprises: receiving a request message sent by an LMF entity, and sending the request message to a UDM entity according to the request message;
the acquiring the subscription information of the terminal and sending the subscription information of the terminal to the LMF entity specifically includes: and receiving a response message returned by the UDM entity, acquiring the subscription information of the terminal from the response message, and sending the subscription information to the LMF entity.
Optionally, the subscription information of the terminal includes positioning assistance data type information.
Optionally, the key is sent to the terminal according to the subscription information of the terminal and the context information of the terminal.
Optionally, the subscription information of the terminal includes positioning assistance data type information;
the context information of the terminal includes: an encryption key that has been sent to the terminal, or an indication that an encryption key has been sent to the terminal, or an event that the terminal has subscribed to an encryption key update.
Alternatively, the key is set individually for one terminal or commonly for a plurality of terminals.
On the LMF side, a key updating method provided in an embodiment of the present application includes:
determining an updated key for decrypting the positioning assistance data;
sending the key to a mobility management function, AMF, entity.
Optionally, the key is determined according to subscription information of the terminal obtained from the AMF entity.
Optionally, the subscription information of the terminal sent by the AMF entity is obtained by sending a request message to the AMF entity.
Optionally, the subscription information of the terminal includes: positioning assistance data type information.
Optionally, the key is determined individually for one terminal or common for a plurality of terminals.
On a terminal side, a key updating method provided in an embodiment of the present application includes:
receiving an updated key used for decrypting the positioning auxiliary data and sent by a network side;
the key is saved.
Optionally, the key is received through a terminal configuration update command or a downlink positioning message.
On a network side, for example, on an AMF entity side of a core network device, a key updating apparatus provided in an embodiment of the present application includes:
a memory for storing program instructions;
a processor for calling the program instructions stored in the memory and executing according to the obtained program:
determining a key for decrypting the positioning assistance data which needs to be updated and sent to the terminal;
and sending the key to the terminal.
Optionally, the key is sent to the terminal by a terminal configuration update command or a downlink positioning message.
Optionally, the key is obtained from a location management function, LMF, entity, and the apparatus further includes: and acquiring the subscription information of the terminal, and sending the subscription information of the terminal to the LMF entity, so that the LMF entity determines the secret key according to the subscription information of the terminal.
Optionally, the processor is further configured to call a program instruction stored in the memory, and execute, according to the obtained program: receiving a request message sent by an LMF entity, and sending the request message to a UDM entity according to the request message;
the acquiring the subscription information of the terminal and sending the subscription information of the terminal to the LMF entity specifically includes: and receiving a response message returned by the UDM entity, acquiring the subscription information of the terminal from the response message, and sending the subscription information to the LMF entity.
Optionally, the subscription information of the terminal includes positioning assistance data type information.
Optionally, the key is sent to the terminal according to the subscription information of the terminal and the context information of the terminal.
Optionally, the subscription information of the terminal includes positioning assistance data type information;
the context information of the terminal includes: an encryption key that has been sent to the terminal, or an indication that an encryption key has been sent to the terminal, or an event that the terminal has subscribed to an encryption key update.
Alternatively, the key is set individually for one terminal or commonly for a plurality of terminals.
On a network side, for example, on a core network device LMF entity side, a key updating apparatus provided in an embodiment of the present application includes:
a memory for storing program instructions;
a processor for calling the program instructions stored in the memory and executing according to the obtained program:
determining an updated key for decrypting the positioning assistance data;
sending the key to a mobility management function, AMF, entity.
Optionally, the key is determined according to subscription information of the terminal obtained from the AMF entity.
Optionally, the subscription information of the terminal sent by the AMF entity is obtained by sending a request message to the AMF entity.
Optionally, the subscription information of the terminal includes: positioning assistance data type information.
Optionally, the key is determined individually for one terminal or common for a plurality of terminals.
On a terminal side, a key updating apparatus provided in an embodiment of the present application includes:
a memory for storing program instructions;
a processor for calling the program instructions stored in the memory and executing according to the obtained program:
receiving an updated key used for decrypting the positioning auxiliary data and sent by a network side;
the key is saved.
Optionally, the key is received through a terminal configuration update command or a downlink positioning message.
On the AMF entity side, another key update apparatus provided in an embodiment of the present application includes:
a determining unit, configured to determine that an updated key for decrypting the positioning assistance data needs to be sent to the terminal;
and the sending unit is used for sending the key to the terminal.
On the side of the LMF entity, another key update apparatus provided in an embodiment of the present application includes:
a first unit for determining an updated key for decrypting the positioning assistance data;
a second unit, configured to send the key to a mobility management function, AMF, entity.
On the terminal side, another key updating apparatus provided in the embodiment of the present application includes:
a receiving unit, configured to receive an updated key used for decrypting the positioning assistance data sent by the network side;
and the storage unit is used for storing the key.
Another embodiment of the present application provides a computing device, which includes a memory and a processor, wherein the memory is used for storing program instructions, and the processor is used for calling the program instructions stored in the memory and executing any one of the above methods according to the obtained program.
Another embodiment of the present application provides a computer storage medium having stored thereon computer-executable instructions for causing a computer to perform any one of the methods described above.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram of a network architecture supporting location services in the prior art;
fig. 2 is a diagram illustrating a detailed process of broadcasting network assistance data in the prior art;
fig. 3 is a schematic flowchart of a key updating method according to an embodiment of the present application;
fig. 4 is a schematic flowchart of a key updating method according to an embodiment of the present application;
fig. 5 is a schematic flowchart of a key updating method according to an embodiment of the present application;
fig. 6 is a schematic flowchart of a key updating method at the LMF entity side according to an embodiment of the present disclosure;
fig. 7 is a schematic flowchart of a key update method at the AMF entity side according to an embodiment of the present application;
fig. 8 is a flowchart illustrating a key updating method at a terminal side according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a key update apparatus on an LMF entity side according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of a key update apparatus on the AMF entity side according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of a key updating apparatus at a terminal side according to an embodiment of the present application;
fig. 12 is a schematic structural diagram of another key update apparatus on the LMF entity side according to an embodiment of the present application;
fig. 13 is a schematic structural diagram of another key update apparatus on the AMF entity side according to an embodiment of the present application;
fig. 14 is a schematic structural diagram of another key updating apparatus at a terminal side according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application provides a key updating method and a key updating device, which are used for providing a solution for updating a key for decrypting positioning auxiliary data when an LMF entity serving a terminal is changed.
The method and the device are based on the same application concept, and because the principles of solving the problems of the method and the device are similar, the implementation of the device and the method can be mutually referred, and repeated parts are not repeated.
The technical scheme provided by the embodiment of the application can be suitable for various systems, particularly 5G systems. For example, the applicable system may be a global system for mobile communication (GSM) system, a Code Division Multiple Access (CDMA) system, a Wideband Code Division Multiple Access (WCDMA) General Packet Radio Service (GPRS) system, a Long Term Evolution (LTE) system, an LTE Frequency Division Duplex (FDD) system, an LTE Time Division Duplex (TDD), a Universal Mobile Telecommunications System (UMTS), a universal microwave Access (WiMAX) system, a 5G NR system, and the like. These various systems include terminal devices and network devices.
The terminal device referred to in the embodiments of the present application may refer to a device providing voice and/or data connectivity to a user, a handheld device having a wireless connection function, or other processing device connected to a wireless modem. The names of the terminal devices may also be different in different systems, for example, in a 5G system, the terminal devices may be referred to as User Equipments (UEs). Wireless terminal devices, which may be mobile terminal devices such as mobile telephones (or "cellular" telephones) and computers with mobile terminal devices, e.g., mobile devices that may be portable, pocket, hand-held, computer-included, or vehicle-mounted, communicate with one or more core networks via the RAN. Examples of such devices include Personal Communication Service (PCS) phones, cordless phones, Session Initiated Protocol (SIP) phones, Wireless Local Loop (WLL) stations, Personal Digital Assistants (PDAs), and the like. The wireless terminal device may also be referred to as a system, a subscriber unit (subscriber unit), a subscriber station (subscriber station), a mobile station (mobile), a remote station (remote station), an access point (access point), a remote terminal device (remote terminal), an access terminal device (access terminal), a user terminal device (user terminal), a user agent (user agent), and a user device (user device), which are not limited in this embodiment of the present application.
The network device according to the embodiment of the present application may be a core network device, such as an AMF entity, an LMF entity, a UDM entity, and the like.
Various embodiments of the present application will be described in detail below with reference to the accompanying drawings. It should be noted that the display sequence of the embodiment of the present application only represents the sequence of the embodiment, and does not represent the merits of the technical solutions provided by the embodiments.
In the technical solution provided in the embodiment of the present application, the AMF entity receives an encryption key from the LMF entity and sends the encryption key to the UE. The AMF entity can send downlink positioning information or UE configuration updating information to the UE, and the information carries the encryption key.
The encryption key or key described in the embodiments of the present application is a key used for decrypting the positioning assistance data.
Depending on the encryption key provided by the LMF entity, there are two cases.
Case one, the LMF entity provides UE-granular encryption keys.
The LMF entity obtains a list of positioning assistance data types from the AMF entity, which obtains the list of positioning assistance data types from the UDM entity.
Optionally, the UE subscription information acquired by the AMF entity from the UDM entity includes a positioning assistance data type list, the AMF entity selects the LMF entity, sends the positioning assistance data type list to the LMF entity, and the LMF entity generates the encryption key according to the information of the positioning assistance data type list.
After generating the encryption key, the LMF entity sends the encryption key to the AMF entity.
In case two, the LMF entity provides the ciphering key applicable to all UEs.
And the AMF entity receives the encryption key from the LMF entity, and determines which encryption keys are sent to the UE according to the subscription information of the UE and the context information of the UE.
Alternatively, the subscription information of the UE may include a list of positioning assistance data types, and the UE context information may include an encryption key that has been sent to the UE or an indication that an encryption key has been sent to the UE or an event that the UE subscribes to an encryption key update.
Optionally, the LMF sends a request message to the AMF, where the request message carries the identifier of the UE and may also carry an indication requesting for a location-related subscription. And the AMF sends a request message to the UDM, wherein the request message carries the identity of the UE and the indication of requesting the positioning related subscription. And the UDM returns the information of UE subscription to the AMF, wherein the information comprises the positioning assistance data type information. The AMF returns the positioning assistance data type information (e.g., the list of positioning assistance data types) to the LMF.
Several specific embodiments are described below.
The first embodiment is as follows:
the embodiment describes a process of updating the encryption key of the UE by the AMF entity through a configuration update procedure, and the specific process is shown in fig. 3.
The specific key updating process is as follows:
step 301a, the LMF entity sends an encryption key data message to the AMF entity, where the message carries the updated encryption key. That is, this step corresponds to a case where the LMF entity serving the terminal is changed, resulting in updating the encryption key.
Step 301b, the UDM entity sends a subscription update/event notification message to the AMF entity, where the message carries a list of the type of the positioning assistance data subscribed by the UE. That is, in this step, the encryption key is updated due to the change of the subscription information of the terminal.
The two steps are two triggering conditions for triggering the AMF entity to send the updated encryption key to the terminal.
Step 302, the AMF entity sends a UE configuration update command to the UE, where the message carries an encryption key.
Step 303, the UE returns a UE configuration update complete message to the AMF entity.
If the process is triggered in step 301a, the AMF entity determines which UEs currently store the encryption key according to the UE context, and the AMF entity only sends a configuration update command to the UEs, where the configuration update command carries the updated encryption key.
Example two:
the present embodiment describes a process in which an LMF entity determines an encryption key according to a UE subscription.
Referring to fig. 4, a specific key update process is as follows:
step 401, the UDM entity provides the AMF entity with subscription information of the UE, which includes a list of secondary data types.
Step 402, the AMF entity sends an encryption key data request message to the LMF entity, where the message carries the auxiliary data type list.
Step 403, the LMF entity determines an encryption key of the UE and returns an encryption key data message to the AMF entity, where the message carries the encryption key.
Example three:
the embodiment describes that the LMF entity updates the encryption key of the UE, and the specific process is as shown in fig. 5.
The specific key updating process is as follows:
step 501, the LMF entity decides to update the encryption key of the UE.
Step 502, the LMF entity sends a downlink positioning message to the AMF entity, where the message carries an encryption key.
Step 503, the AMF entity sends a downlink NAS transport message to the UE, where the message carries a downlink positioning message.
Step 504, the UE sends an uplink NAS transport message to the AMF entity, where the message carries an uplink positioning message.
And 505, the AMF entity sends an uplink positioning message to the LMF entity, wherein the message carries a success indication.
In summary, referring to fig. 6, on a network side, for example, on an AMF entity side of a core network device, a key updating method provided in an embodiment of the present application includes:
s801, determining a key which needs to be sent to the terminal and is updated and used for decrypting the positioning auxiliary data;
for example, when subscription information of the terminal changes or when an LMF entity serving the terminal changes, it is determined that an updated key needs to be sent to the terminal, where the determination that an updated key needs to be sent to the terminal may be that the AMF entity generates the key itself, or that the key is obtained, for example, the key is obtained from the LMF, and the key needs to be sent to the terminal after receiving the updated key.
The ciphering key for the UE may be formed at the AMF or the LMF.
If the ciphering key is formed at the AMF, there are 2 triggers, one is a change in subscription from UDM and the other is a change in LMF provided key (the LMF provided key is not UE-granular and is a key common to all UEs, since the AMF needs to send different keys to the UE for different subscriptions).
S802, the key is sent to the terminal.
By the method, a key which needs to be updated and is used for decrypting the positioning auxiliary data is determined to be sent to the terminal; and sending the key to the terminal, thereby providing a solution for updating the key for decrypting the positioning auxiliary data when the LMF entity serving the terminal is changed or the subscription information is changed, so that the terminal can obtain the updated key and decode the positioning auxiliary data by using the updated key.
Optionally, the key is sent to the terminal by a terminal configuration update command or a downlink positioning message.
Optionally, the key is obtained from a location management function, LMF, entity, and the method further includes: and acquiring the subscription information of the terminal, and sending the subscription information of the terminal to the LMF entity, so that the LMF entity determines the secret key according to the subscription information of the terminal.
Optionally, the method further comprises: receiving a request message sent by an LMF entity, and sending the request message to a UDM entity according to the request message;
the acquiring the subscription information of the terminal and sending the subscription information of the terminal to the LMF entity specifically includes: and receiving a response message returned by the UDM entity, acquiring the subscription information of the terminal from the response message, and sending the subscription information to the LMF entity.
Optionally, the subscription information of the terminal includes positioning assistance data type information.
The positioning assistance data type information is, for example, a list of positioning assistance data types.
Optionally, the key is sent to the terminal according to the subscription information of the terminal and the context information of the terminal.
Optionally, the subscription information of the terminal includes positioning assistance data type information;
the context information of the terminal includes: an encryption key that has been sent to the terminal, or an indication that an encryption key has been sent to the terminal, or an event that the terminal has subscribed to an encryption key update.
For example:
assume that there are a total of 3 types of positioning assistance data in the operator network, and that the different types of keys differ. Examples are as follows:
positioning assistance data type 1: a secret key 1;
positioning assistance data type 2: a secret key 2;
positioning assistance data type 3: a secret key 3;
the LMF stores < positioning assistance data type 1: key 1>, < positioning assistance data type 2: key 2>, < positioning assistance data type 3: key 3 >.
The UDM stores therein the positioning assistance data type, e.g. positioning assistance data type 1, with which the UE has subscribed.
When the AMF decides the key to send to the UE:
the LMF sends all the information it stores to the AMF, for example: < positioning assistance data type 1: key 1>, < positioning assistance data type 2: key 2>, < positioning assistance data type 3: key 3 >.
For a specific UE, AMF obtains the subscription information of the UE, namely the positioning auxiliary data type 1, from UDM, and the AMF decides to send the key 1 to the UE according to the subscription information of the UE and the information provided by LMF.
For the above scenario:
if the information stored in the LMF changes, for example to: < positioning assistance data type 1: key 5>, < positioning assistance data type 2: key 2>, < positioning assistance data type 3: key 3 >.
LMF will < positioning assistance data type 1: key 5> is sent to the AMF. The AMF finds that this change affects the specific UE as described above, and sends a new key, key 5, to the UE via a configuration update message.
If the subscription information stored in the UDM changes, for example to location assistance data type 2, the AMF decides to send key 2 to the UE based on the subscription and LMF provided information.
Alternatively, the key is set individually for one terminal or commonly for a plurality of terminals.
On the LMF side, referring to fig. 7, an embodiment of the present application provides a key updating method, where the method includes:
s901, determining an updated key for decrypting the positioning auxiliary data;
s902, the secret key is sent to a mobility management function (AMF) entity.
Optionally, the key is determined according to subscription information of the terminal obtained from the AMF entity.
Optionally, the subscription information of the terminal sent by the AMF entity is obtained by sending a request message to the AMF entity.
Optionally, the subscription information of the terminal includes: positioning assistance data type information.
Optionally, the key is determined individually for one terminal or common for a plurality of terminals.
On the terminal side, referring to fig. 8, a key updating method provided in an embodiment of the present application includes:
s101, receiving an updated key used for decrypting positioning auxiliary data and sent by a network side;
and S102, storing the key.
Optionally, the key is received through a terminal configuration update command or a downlink positioning message.
On a network side, for example, on an AMF entity side of a core network device, referring to fig. 9, an apparatus for updating a key provided in an embodiment of the present application includes:
a memory 141 for storing program instructions;
a processor 140, configured to call the program instructions stored in the memory 141, and execute, according to the obtained program:
determining a key for decrypting the positioning assistance data which needs to be updated and sent to the terminal;
and sending the key to the terminal.
Optionally, the key is sent to the terminal by a terminal configuration update command or a downlink positioning message.
Optionally, the key is obtained from a location management function, LMF, entity, and the apparatus further includes: and acquiring the subscription information of the terminal, and sending the subscription information of the terminal to the LMF entity, so that the LMF entity determines the secret key according to the subscription information of the terminal.
Optionally, the processor 140 is further configured to call the program instructions stored in the memory, and execute, according to the obtained program: receiving a request message sent by an LMF entity, and sending the request message to a UDM entity according to the request message;
the acquiring the subscription information of the terminal and sending the subscription information of the terminal to the LMF entity specifically includes: and receiving a response message returned by the UDM entity, acquiring the subscription information of the terminal from the response message, and sending the subscription information to the LMF entity.
Optionally, the subscription information of the terminal includes positioning assistance data type information.
Optionally, the key is sent to the terminal according to the subscription information of the terminal and the context information of the terminal.
Optionally, the subscription information of the terminal includes positioning assistance data type information;
the context information of the terminal includes: an encryption key that has been sent to the terminal, or an indication that an encryption key has been sent to the terminal, or an event that the terminal has subscribed to an encryption key update.
Alternatively, the key is set individually for one terminal or commonly for a plurality of terminals.
A transceiver 142 for receiving and transmitting data under the control of the processor 140.
Wherein in fig. 9, the bus architecture may include any number of interconnected buses and bridges, with one or more processors, represented by processor 140, and various circuits, represented by memory 141, being linked together. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The transceiver 142 may be a number of elements, including a transmitter and a transceiver, providing a means for communicating with various other apparatus over a transmission medium. The processor 140 is responsible for managing the bus architecture and general processing, and the memory 141 may store data used by the processor 140 in performing operations.
The processor 140 may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), or a Complex Programmable Logic Device (CPLD).
On a network side, for example, on a core network device LMF entity side, referring to fig. 10, a key updating apparatus provided in an embodiment of the present application includes:
a memory 155 for storing program instructions;
a processor 154 for calling the program instructions stored in said memory and executing, according to the obtained program:
determining an updated key for decrypting the positioning assistance data;
sending the key to a mobility management function, AMF, entity.
Optionally, the key is determined according to subscription information of the terminal obtained from the AMF entity.
Optionally, the subscription information of the terminal sent by the AMF entity is obtained by sending a request message to the AMF entity.
Optionally, the subscription information of the terminal includes: positioning assistance data type information.
Optionally, the key is determined individually for one terminal or common for a plurality of terminals.
A transceiver 151 for receiving and transmitting data under the control of the processor 154.
In fig. 10, a bus architecture (represented by bus 156), bus 156 may include any number of interconnected buses and bridges, bus 156 linking together various circuits including one or more processors, represented by processor 154, and memory, represented by memory 155. The bus 156 may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. Bus interface 153 provides an interface between bus 156 and transceiver 151. The transceiver 151 may be one element or a plurality of elements, such as a plurality of receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. The data processed by the processor 154 is transmitted over a wireless medium via the antenna 152, and further, the antenna 152 receives the data and transmits the data to the processor 154.
The processor 154 is responsible for managing the bus 156 and general processing, and may also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions. And memory 155 may be used to store data used by processor 154 in performing operations.
Alternatively, the processor 154 may be a CPU (central processing unit), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array), or a CPLD (Complex Programmable Logic Device).
On the terminal side, referring to fig. 11, a key updating apparatus provided in an embodiment of the present application includes:
a memory 160 for storing program instructions;
processor 161, configured to call the program instructions stored in the memory, and execute, according to the obtained program:
receiving an updated key used for decrypting the positioning auxiliary data and sent by a network side;
the key is saved.
Optionally, the key is received through a terminal configuration update command or a downlink positioning message.
A transceiver 162 for receiving and transmitting data under the control of the processor 161.
In fig. 11, among other things, the bus architecture may include any number of interconnected buses and bridges with various circuits of one or more processors, represented by processor 161, and memory, represented by memory 160, being linked together. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The transceiver 162 may be a number of elements including a transmitter and a receiver that provide a means for communicating with various other apparatus over a transmission medium. The user interface 163 may also be an interface capable of interfacing with a desired device for different user devices, including but not limited to a keypad, display, speaker, microphone, joystick, etc.
The processor 161 is responsible for managing the bus architecture and general processing, and the memory 160 may store data used by the processor 161 in performing operations.
Alternatively, the processor 161 may be a CPU (central processing unit), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array), or a CPLD (Complex Programmable Logic Device).
On the AMF entity side, referring to fig. 12, another key update apparatus provided in an embodiment of the present application includes:
a determining unit 11, configured to determine that an updated key for decrypting the positioning assistance data needs to be sent to the terminal;
a sending unit 12, configured to send the key to the terminal.
On the side of the LMF entity, referring to fig. 13, another key update apparatus provided in the embodiment of the present application includes:
a first unit 21 for determining an updated key for decrypting the positioning assistance data;
a second unit 22 for sending the key to a mobility management function, AMF, entity.
On the terminal side, referring to fig. 14, another key updating apparatus provided in the embodiment of the present application includes:
a receiving unit 31, configured to receive an updated key used for decrypting the positioning assistance data sent by the network side;
a holding unit 32 for holding the key.
It should be noted that the division of the unit in the embodiment of the present application is schematic, and is only a logic function division, and there may be another division manner in actual implementation. In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The embodiment of the present application provides a computing device, which may specifically be a desktop computer, a portable computer, a smart phone, a tablet computer, a Personal Digital Assistant (PDA), and the like. The computing device may include a Central Processing Unit (CPU), memory, input/output devices, etc., the input devices may include a keyboard, mouse, touch screen, etc., and the output devices may include a Display device, such as a Liquid Crystal Display (LCD), a Cathode Ray Tube (CRT), etc.
The memory may include Read Only Memory (ROM) and Random Access Memory (RAM), and provides the processor with program instructions and data stored in the memory. In the embodiments of the present application, the memory may be used for storing a program of any one of the methods provided by the embodiments of the present application.
The processor is used for executing any one of the methods provided by the embodiment of the application according to the obtained program instructions by calling the program instructions stored in the memory.
Embodiments of the present application provide a computer storage medium for storing computer program instructions for an apparatus provided in the embodiments of the present application, which includes a program for executing any one of the methods provided in the embodiments of the present application.
The computer storage media may be any available media or data storage device that can be accessed by a computer, including, but not limited to, magnetic memory (e.g., floppy disks, hard disks, magnetic tape, magneto-optical disks (MOs), etc.), optical memory (e.g., CDs, DVDs, BDs, HVDs, etc.), and semiconductor memory (e.g., ROMs, EPROMs, EEPROMs, non-volatile memory (NAND FLASH), Solid State Disks (SSDs)), etc.
The method provided by the embodiment of the application can be applied to terminal equipment and also can be applied to network equipment.
The Terminal device may also be referred to as a User Equipment (User Equipment, abbreviated as "UE"), a Mobile Station (Mobile Station, abbreviated as "MS"), a Mobile Terminal (Mobile Terminal), or the like, and optionally, the Terminal may have a capability of communicating with one or more core networks through a Radio Access Network (RAN), for example, the Terminal may be a Mobile phone (or referred to as a "cellular" phone), a computer with Mobile property, or the like, and for example, the Terminal may also be a portable, pocket, hand-held, computer-built-in, or vehicle-mounted Mobile device.
The network device may be a core network device.
The above method process flow may be implemented by a software program, which may be stored in a storage medium, and when the stored software program is called, the above method steps are performed.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (30)

1. A key update method applied to an AMF entity side, the method comprising:
acquiring subscription information of a terminal from a UDM entity, wherein the subscription information comprises a positioning auxiliary data type of the terminal; when an LMF entity serving the terminal is changed or subscription information of the terminal is changed, determining that an updated key for decrypting the positioning auxiliary data needs to be sent to the terminal; wherein the key is determined based on a positioning assistance data type of the terminal;
and sending the key to the terminal.
2. The method according to claim 1, characterized in that the key is sent to the terminal by a terminal configuration update command or a downlink positioning message.
3. The method according to claim 1, wherein the key is obtained from a location management function, LMF, entity, the method further comprising: and acquiring the subscription information of the terminal, and sending the subscription information of the terminal to the LMF entity, so that the LMF entity determines the secret key according to the subscription information of the terminal.
4. The method of claim 3, further comprising: receiving a request message sent by an LMF entity, and sending the request message to a UDM entity according to the request message;
the acquiring the subscription information of the terminal and sending the subscription information of the terminal to the LMF entity specifically includes: and receiving a response message returned by the UDM entity, acquiring the subscription information of the terminal from the response message, and sending the subscription information to the LMF entity.
5. The method of claim 1, wherein the key is sent to the terminal based on subscription information of the terminal and context information of the terminal.
6. The method of claim 5, wherein the context information of the terminal comprises: an encryption key that has been sent to the terminal, or an indication that an encryption key has been sent to the terminal, or an event that the terminal has subscribed to an encryption key update.
7. The method of claim 1, wherein the key is determined by:
obtaining a key from an LMF entity; the LMF entity stores the corresponding relation between the type of the positioning auxiliary data and the key, and the keys corresponding to different types of positioning auxiliary data are different;
and determining a key required to be sent to the terminal according to the positioning auxiliary data type in the subscription information of the terminal and a key which is acquired from the LMF entity and corresponds to the positioning auxiliary data type in the subscription information of the terminal.
8. The method according to any one of claims 1 to 7, wherein the key is set individually for one terminal or collectively for a plurality of terminals.
9. A key update method applied to an LMF entity side, the method comprising:
when an LMF entity serving the terminal is changed or subscription information of the terminal is changed, determining an updated key for decrypting the positioning auxiliary data according to the subscription information of the terminal acquired from the AMF entity; the subscription information of the terminal is obtained by the AMF entity from the UDM entity, and the subscription information of the terminal comprises a positioning auxiliary data type;
sending the key to a mobility management function, AMF, entity.
10. The method according to claim 9, wherein the subscription information of the terminal sent by the AMF entity is obtained by sending a request message to the AMF entity.
11. Method according to claim 9 or 10, characterized in that the key is determined individually for one terminal or in common for a plurality of terminals.
12. A key update method applied to a terminal side, the method comprising:
when an LMF entity serving the terminal is changed or subscription information of the terminal is changed, receiving an updated key used for decrypting the positioning auxiliary data sent by a network side; wherein the key is determined based on a positioning assistance data type of the terminal; the positioning auxiliary data type of the terminal is contained in the subscription information of the terminal, which is acquired by the AMF entity from the UDM entity;
the key is saved.
13. The method according to claim 12, characterized in that the key is received by a terminal configuration update command or a downlink positioning message.
14. A key renewal apparatus applied to an AMF entity side, comprising:
a memory for storing program instructions;
a processor for calling the program instructions stored in the memory and executing according to the obtained program:
acquiring subscription information of a terminal from a UDM entity, wherein the subscription information comprises a positioning auxiliary data type of the terminal; when an LMF entity serving the terminal is changed or the subscription information is changed, determining that an updated key for decrypting the positioning auxiliary data needs to be sent to the terminal; wherein the key is determined based on a positioning assistance data type of the terminal;
and sending the key to the terminal.
15. The apparatus of claim 14, wherein the key is sent to the terminal via a terminal configuration update command or a downlink positioning message.
16. The apparatus as claimed in claim 14, wherein the key is obtained from a location management function, LMF, entity, the apparatus further comprising: and acquiring the subscription information of the terminal, and sending the subscription information of the terminal to the LMF entity, so that the LMF entity determines the secret key according to the subscription information of the terminal.
17. The apparatus of claim 16, wherein the processor is further configured to call program instructions stored in the memory to perform, in accordance with the obtained program: receiving a request message sent by an LMF entity, and sending the request message to a UDM entity according to the request message;
the acquiring the subscription information of the terminal and sending the subscription information of the terminal to the LMF entity specifically includes: and receiving a response message returned by the UDM entity, acquiring the subscription information of the terminal from the response message, and sending the subscription information to the LMF entity.
18. The apparatus of claim 14, wherein the key is sent to the terminal according to subscription information of the terminal and context information of the terminal.
19. The apparatus of claim 18, wherein the context information of the terminal comprises: an encryption key that has been sent to the terminal, or an indication that an encryption key has been sent to the terminal, or an event that the terminal has subscribed to an encryption key update.
20. The apparatus of claim 14, wherein the key is determined by:
obtaining a key from an LMF entity; the LMF entity stores the corresponding relation between the type of the positioning auxiliary data and the key, and the keys corresponding to different types of positioning auxiliary data are different;
and determining a key required to be sent to the terminal according to the positioning auxiliary data type in the subscription information of the terminal and a key which is acquired from the LMF entity and corresponds to the positioning auxiliary data type in the subscription information of the terminal.
21. The apparatus according to any one of claims 14 to 20, wherein the key is set individually for one terminal or collectively for a plurality of terminals.
22. A key renewal apparatus applied to an LMF entity side, comprising:
a memory for storing program instructions;
a processor for calling the program instructions stored in the memory and executing according to the obtained program:
when an LMF entity serving the terminal is changed or subscription information of the terminal is changed, determining an updated key for decrypting the positioning auxiliary data according to the subscription information of the terminal acquired from the AMF entity; the subscription information of the terminal is obtained by the AMF entity from the UDM entity, and the subscription information comprises a positioning auxiliary data type;
sending the key to a mobility management function, AMF, entity.
23. The apparatus of claim 22, wherein the subscription information of the terminal sent by the AMF entity is obtained by sending a request message to the AMF entity.
24. The apparatus according to claim 22 or 23, wherein the key is determined individually for one terminal or common for a plurality of terminals.
25. A key update apparatus applied to a terminal side, the apparatus comprising:
a memory for storing program instructions;
a processor for calling the program instructions stored in the memory and executing according to the obtained program:
when an LMF entity serving the terminal is changed or subscription information of the terminal is changed, receiving an updated key used for decrypting the positioning auxiliary data sent by a network side; wherein the key is determined based on a positioning assistance data type of the terminal; the positioning auxiliary data type of the terminal is contained in the subscription information of the terminal acquired by the AMF entity from the UDM entity;
the key is saved.
26. The apparatus of claim 25, wherein the key is received via a terminal configuration update command or a downlink positioning message.
27. A key renewal apparatus applied to an AMF entity side, comprising:
a determining unit, configured to acquire subscription information of a terminal from a UDM entity, where the subscription information includes a positioning assistance data type of the terminal; when an LMF entity serving the terminal is changed or subscription information of the terminal is changed, determining that an updated key for decrypting the positioning auxiliary data needs to be sent to the terminal; wherein the key is determined based on a positioning assistance data type of the terminal;
and the sending unit is used for sending the key to the terminal.
28. A key renewal apparatus applied to an LMF entity side, comprising:
a first unit, configured to determine, when an LMF entity serving the terminal changes or subscription information of the terminal changes, an updated key for decrypting the positioning assistance data according to the subscription information of the terminal acquired from the AMF entity; the subscription information of the terminal is obtained by the AMF entity from the UDM entity, and the subscription information of the terminal comprises a positioning auxiliary data type;
a second unit, configured to send the key to a mobility management function, AMF, entity.
29. A key update apparatus applied to a terminal side, the apparatus comprising:
the receiving unit is used for receiving an updated key used for decrypting the positioning auxiliary data sent by the network side when an LMF entity serving the terminal is changed or subscription information of the terminal is changed; wherein the key is determined based on a positioning assistance data type of the terminal; the positioning auxiliary data type of the terminal is contained in the subscription information of the terminal acquired by the AMF entity from the UDM entity;
and the storage unit is used for storing the key.
30. A computer storage medium having stored thereon computer-executable instructions for causing a computer to perform the method of any one of claims 1 to 13.
CN201910503453.9A 2019-06-11 2019-06-11 Key updating method and device Active CN112073177B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910503453.9A CN112073177B (en) 2019-06-11 2019-06-11 Key updating method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910503453.9A CN112073177B (en) 2019-06-11 2019-06-11 Key updating method and device

Publications (2)

Publication Number Publication Date
CN112073177A CN112073177A (en) 2020-12-11
CN112073177B true CN112073177B (en) 2022-02-08

Family

ID=73658076

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910503453.9A Active CN112073177B (en) 2019-06-11 2019-06-11 Key updating method and device

Country Status (1)

Country Link
CN (1) CN112073177B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019083596A1 (en) * 2017-10-25 2019-05-02 Qualcomm Incorporated System and methods for periodic location reports in a wireless network
CN109862525A (en) * 2017-11-30 2019-06-07 华为技术有限公司 A kind of method for building up and device of groups of users

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10383081B2 (en) * 2017-05-05 2019-08-13 Qualcomm Incorporated Methods and systems for positioning of a mobile device using broadcast of assistance data
CN109560919B (en) * 2017-09-27 2021-02-09 华为技术有限公司 Key derivation algorithm negotiation method and device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019083596A1 (en) * 2017-10-25 2019-05-02 Qualcomm Incorporated System and methods for periodic location reports in a wireless network
CN109862525A (en) * 2017-11-30 2019-06-07 华为技术有限公司 A kind of method for building up and device of groups of users

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
《Distribution of Assistance Data broadcast keys using MO-LR》;Ericsson;《3GPP TSG-SA WG2 Meeting #133 S2-1905054》;20190517;全文 *
《Solution on key updating for broadcast assistant data protection》;Huawei et al.;《3GPP TSG-SA WG3 (Security) Meeting#94 ad-hoc S3-190718》;20190304;第6.Y节 *
《The solution for the distribution of broadcast assistance data deciphering key》;CATT;《3GPP TSG SA WG3 (Security) Meeting #95 S3-191358》;20190510;第6.Y节 *
Huawei et al..《Solution on key updating for broadcast assistant data protection》.《3GPP TSG-SA WG3 (Security) Meeting#94 ad-hoc S3-190718》.2019, *

Also Published As

Publication number Publication date
CN112073177A (en) 2020-12-11

Similar Documents

Publication Publication Date Title
EP3402253B1 (en) Core network control plane device selection method and apparatus
CN112073176B (en) Key updating method and device
CN112838916B (en) Information transmission method and device
CN110351683B (en) Parameter transmission method and device
US10142840B2 (en) Method and apparatus for operating a user client wireless communication device on a wireless wide area network
CN113630819B (en) Application migration method and device
US11647446B2 (en) Information transmission method, network device, and terminal device
CN114915407A (en) PC5 root key processing method and device, AUSF and remote terminal
CN112752253B (en) Message transmission method and device
CN113383573B (en) Message sending and control method and device thereof
US10142834B2 (en) Method and apparatus for operating a user client wireless communication device on a wireless wide area network
CN108243631B (en) Network access method and equipment
CN113570063A (en) Machine learning model parameter transmission method and device
CN111132274B (en) Method and device for acquiring and sending session management function equipment address
CN113079553A (en) Information transmission method and device
WO2021088007A1 (en) Wireless communication method, terminal device, and network device
KR20190139929A (en) Method for obtaining context configuration information, terminal equipment and access network equipment
CN112073177B (en) Key updating method and device
CN111132222A (en) Data transmission method and device
CN110913328A (en) Method, device and equipment for transmitting positioning information
CN114080000B (en) Network slice determination method and device, core network equipment and terminal
CN115604696A (en) Method and device for executing online subscription
CN115189827A (en) PRS resource determination method and device
CN108924668B (en) Picture loading and data providing method and device
CN112929896B (en) Information transmission method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant