CN113132979B - Method for acquiring and issuing IMSI encrypted public key and equipment - Google Patents
Method for acquiring and issuing IMSI encrypted public key and equipment Download PDFInfo
- Publication number
- CN113132979B CN113132979B CN201911393414.4A CN201911393414A CN113132979B CN 113132979 B CN113132979 B CN 113132979B CN 201911393414 A CN201911393414 A CN 201911393414A CN 113132979 B CN113132979 B CN 113132979B
- Authority
- CN
- China
- Prior art keywords
- public key
- registration request
- imsi
- target plmn
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Abstract
The invention provides a method for acquiring and issuing an IMSI encrypted public key and equipment thereof, wherein the method for acquiring the IMSI encrypted public key comprises the following steps: if the public key of the target PLMN to be accessed is not stored in the user card, a first registration request is sent to the network side equipment, and IMSI information in the first registration request only carries the information of the target PLMN; and receiving a registration request rejection message fed back by the network side equipment, wherein the registration request rejection message carries the public key of the target PLMN. In the invention, the public key of the PLMN can be obtained without replacing the user card of the terminal, thereby reducing the cost of card replacement of the user. And the public key of the PLMN is obtained based on the existing registration signaling sending process in the initial access, and no additional mechanism is needed to be added. And the terminal does not store the public key of the PLMN, and dynamically obtains the public key from the network side during each initial access, thereby solving the problem of updating the public key.
Description
Technical Field
The embodiment of the invention relates to the technical field of wireless communication, in particular to an obtaining method, a sending method and equipment of an IMSI encrypted public key.
Background
From the security consideration, the 5G terminal can encrypt the IMSI (International Mobile Subscriber Identity) number reported by the terminal by using a public key, and the used public key is normally stored in the user card, but the current USIM (Universal Subscriber Identity Module) card using 3G/4G cannot store the public key, so that the current USIM card using 3G/4G cannot be used for accessing the 5G network, which results in that the 5G terminal must repair and replace a new USIM card, which increases the cost for switching 5G services for operators, and it is very inconvenient for stock users to need to change cards to a business office.
Disclosure of Invention
The embodiment of the invention provides an obtaining method, a sending method and equipment of an IMSI encrypted public key, which are used for solving the problem that a 3G/4G user card which cannot store the public key is difficult to access a 5G network.
In order to solve the technical problem, the invention is realized as follows:
in a first aspect, an embodiment of the present invention provides a method for obtaining an IMSI encryption public key, which is applied to a terminal, and includes:
if the public key of the target PLMN to be accessed is not stored in the user card, sending a first registration request to network side equipment, wherein IMSI information in the first registration request only carries the information of the target PLMN;
and receiving a registration request rejection message fed back by the network side equipment for the first registration request, wherein the registration request rejection message carries the public key of the target PLMN.
Optionally, after receiving the registration request rejection message fed back by the network side device for the first registration request, the method further includes:
and sending a second registration request to the network side equipment, wherein IMSI information in the second registration request carries the information of the target PLMN and the IMSI encrypted by the public key.
Optionally, the Type of identity field of the IMSI information in the first registration request indicates that the IMSI is null.
Optionally, the Type of identity field of the IMSI information in the first registration request is configured to be 000, and the 4 th Bit is configured to be 1.
In a second aspect, an embodiment of the present invention provides a method for issuing an IMSI encrypted public key, which is applied to a network device, and includes:
receiving a first registration request sent by a terminal, wherein IMSI information in the first registration request only carries information of a target PLMN;
and returning a registration request rejection message to the terminal, wherein the registration request rejection message carries the public key of the target PLMN.
Optionally, the method for issuing the IMSI encrypted public key further includes:
storing a public key list corresponding to a plurality of PLMNs;
before returning the registration request rejection message to the terminal, the method further includes:
and inquiring the public key list according to the information of the target PLMN in the first registration request to obtain the public key of the target PLMN.
Optionally, a Spare half octet field in the registration request rejection message is configured to be a reserved keyword, and the EAPmessage field carries the public key of the target PLMN.
Optionally, length of EAP message contents in the EAPmessage field stores the Length of the public key of the target PLMN, and the EAP message stores the public key of the target PLMN.
In a third aspect, an embodiment of the present invention provides a terminal, including a transceiver and a processor;
the transceiver is used for sending a first registration request to network side equipment if a public key of a target PLMN to be accessed is not stored in a user card, wherein IMSI information in the first registration request only carries information of the target PLMN;
the transceiver is further configured to receive a registration request rejection message fed back by the network side device for the first registration request, where the registration request rejection message carries the public key of the target PLMN.
In a fourth aspect, an embodiment of the present invention provides a network-side device, including a transceiver and a processor;
the transceiver is used for receiving a first registration request sent by a terminal, wherein IMSI information in the first registration request only carries information of a target PLMN;
the transceiver is further configured to return a registration request rejection message to the terminal, where the registration request rejection message carries the public key of the target PLMN.
In a fifth aspect, an embodiment of the present invention provides a terminal, including: a processor, a memory and a program stored in the memory and executable on the processor, wherein the program, when executed by the processor, implements the steps of the above-mentioned method for obtaining an IMSI encryption public key according to the first aspect.
In a sixth aspect, an embodiment of the present invention provides a network side device, including: a processor, a memory and a program stored on the memory and operable on the processor, wherein the program, when executed by the processor, implements the steps of the method for issuing an IMSI encryption public key of the second aspect.
In a seventh aspect, an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when executed by a processor, the computer program implements the steps of the method for obtaining an IMSI encrypted public key according to the first aspect; or, the computer program, when executed by the processor, implements the step of the method for issuing an IMSI encrypted public key according to the second aspect.
In the embodiment of the invention, if the public key of the target PLMN to be accessed is not stored in the user card of the terminal, the IMSI information in the registration request sent during initial access does not carry the IMSI to indicate that the network side equipment is requested to send the public key of the target PLMN, after the registration request rejection message which carries the public key of the target PLMN and is sent by the network side equipment is received, the public key of the target PLMN can be obtained from the registration request rejection message, the user card of the terminal does not need to be replaced, the public key of the PLMN can be obtained, and the card replacement cost of the network user is reduced. And the public key of the PLMN is obtained based on the existing registration signaling sending process in the initial access, no additional mechanism is needed, and the realization is simple and feasible. And the terminal side does not store the public key of the PLMN, and can dynamically acquire the public key from the network side during each initial access, so that the problem of updating the public key of the terminal side is solved.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a schematic flow chart of a method for acquiring an IMSI encrypted public key according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of IMSI information in a registration request in the 5G system;
fig. 3 is a schematic diagram illustrating a format of IMSI information in a registration request in the 5G system;
fig. 4 is a flowchart illustrating a method for issuing an IMSI encrypted public key according to an embodiment of the present invention;
fig. 5 is a diagram illustrating the contents of a registration request reject message according to an embodiment of the present invention;
fig. 6 is a schematic format diagram of an EAPmessage field in a registration request reject message according to an embodiment of the present invention;
fig. 7 is a schematic diagram of a system for issuing an IMSI encrypted public key according to an embodiment of the present invention;
fig. 8 is a schematic diagram of a registration procedure of a terminal according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a terminal according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of a network-side device according to an embodiment of the present invention;
fig. 11 is a schematic structural diagram of a terminal according to another embodiment of the present invention;
fig. 12 is a schematic structural diagram of a network-side device in another embodiment of the present invention;
fig. 13 is a schematic structural diagram of a terminal according to another embodiment of the present invention;
fig. 14 is a schematic structural diagram of a network-side device in another embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a schematic flow chart of a method for acquiring an IMSI encryption public key according to an embodiment of the present invention, where the method for acquiring an IMSI encryption public key is applied to a terminal, and includes:
step 11: if a Public key of a target PLMN (Public Land Mobile Network) to be accessed is not stored in a user card, sending a first registration request to Network side equipment, wherein IMSI information in the first registration request only carries information of the target PLMN;
after the terminal is started, the public key of the target PLMN to be accessed can be read from the user card to be used for encrypting the IMSI, and if the public key of the target PLMN is not stored in the user card, the first registration request is sent during initial access. The IMSI information in the first registration request does not carry the IMSI of the terminal, and thus is used to indicate that the network side device is requested to issue the public key of the target PLMN.
The information of the target PLMN is a network number of the target PLMN, which may include MCC (mobile country code) and MNC (mobile network code).
Step 12: and receiving a registration request rejection message fed back by the network side equipment for the first registration request, wherein the registration request rejection message carries the public key of the target PLMN.
In the embodiment of the invention, if the public key of the target PLMN to be accessed is not stored in the user card of the terminal, the IMSI information in the registration request sent during initial access does not carry the IMSI to indicate that the network side equipment is requested to send the public key of the target PLMN, after the registration request rejection message which carries the public key of the target PLMN and is sent by the network side equipment is received, the public key of the target PLMN can be obtained from the registration request rejection message, the user card of the terminal does not need to be replaced, the public key of the PLMN can be obtained, and the card replacement cost of the network user is reduced. And the public key of the PLMN is obtained based on the existing registration signaling sending process in the initial access, no additional mechanism is needed, and the realization is simple and feasible. And the terminal side does not store the public key of the PLMN, and can dynamically acquire the public key from the network side during each initial access, so that the problem of updating the public key of the terminal side is solved.
In this embodiment of the present invention, optionally, after receiving the registration request rejection message fed back by the network side device for the first registration request, the method further includes: and sending a second registration request to the network side equipment, wherein IMSI information in the second registration request carries the information of the target PLMN and the IMSI encrypted by the public key. Namely, the terminal re-initiates the access process according to the public key of the target PLMN carried in the registration request rejection message.
Specifically, the terminal may parse the public key of the target PLMN from the received registration request rejection message, then encrypt the IMSI of the terminal with the public key, and generate the second registration request.
In this embodiment of the present invention, optionally, the user card may be a user card of a 3G or 4G system, and the target PLMN is a PLMN of a 5G system or a subsequent evolved PLMN.
The following is a detailed description of the contents of the first registration request.
Taking the 5G system as an example, please refer to fig. 2, and fig. 2 is a schematic structural diagram of IMSI information in a Registration Request (Registration Request) in the 5G system. The IMSI information in the registration request in the 5G system does Not exceed 15digits (Not more than 15 digits), and includes MCC (Mobile country code), MNC (Mobile network code) and MSIN (Mobile Subscriber identity Number ), wherein MCC occupies 3 digits (digits), MNC occupies 2 or 3 digits, and the rest is MSIN.
Referring to fig. 3, fig. 3 is a schematic diagram illustrating a format (format) of IMSI information in a registration request in a 5G system. In the embodiment of the present invention, the Type of Identity field in the 5GS mobile Identity IEI information in the IMSI information may be configured as "000" (3 bits), and meanwhile, the 4 th Bit is set to 1 to indicate that the reported 5GS mobile Identity IEI information is empty, so as to request the network side to issue the public key of the target PLMN.
That is, in the embodiment of the present invention, optionally, the Type of identity field of the IMSI information in the first registration request indicates that the IMSI is null. Further optionally, the Type of identity field of the IMSI information in the first registration request is configured to be 000, and the 4 th Bit is configured to be 1.
Referring to fig. 4, fig. 4 is a schematic flow chart illustrating a method for issuing an IMSI encryption public key according to an embodiment of the present invention, where the method for issuing an IMSI encryption public key is applied to a network device, and includes:
step 41: receiving a first registration request sent by a terminal, wherein IMSI information in the first registration request only carries information of a target PLMN;
that is, the IMSI information in the first registration request does not carry the IMSI of the terminal.
Step 42: and returning a Registration Request Reject message (Registration Request Reject) to the terminal, wherein the Registration Request Reject message carries the public key of the target PLMN.
In the embodiment of the invention, if the IMSI information in the registration request sent by the terminal during initial access is detected not to carry the IMSI, a registration request rejection message is sent to the terminal, and the public key of the target PLMN to which the terminal needs to access is carried in the registration request rejection message, so that the terminal can obtain the public key of the target PLMN.
In the embodiment of the invention, the public key of the PLMN is sent based on the existing registration request rejection signaling, no additional mechanism is needed to be added, and the implementation mode is simple and feasible.
In this embodiment of the present invention, optionally, the method for issuing the IMSI encrypted public key further includes:
step 401: storing a public key list corresponding to a plurality of PLMNs;
the public key list may be in the manner shown in table 1:
| mobile Country Code (MCC) | Mobile Network Code (MNC) | Public key |
| MCC1 | MNC1 | a |
| MCC1 | MNC2 | b |
The public key list can be stored in a server, and the public key list is obtained by the network side equipment accessing the server through an interface with the server.
Wherein, before returning the registration request rejection message to the terminal, the method further comprises:
step 402: and inquiring the public key list according to the information of the target PLMN in the first registration request to obtain the public key of the target PLMN.
Referring to fig. 5, fig. 5 is a diagram illustrating contents of a registration request reject message according to an embodiment of the present invention. The registration request reject message may include the following information elements: extended protocol discriminator, security header type, spare half octet, registration reject message identity, 5GMM cause, T3346 value, T3502 extensible value, and EAP authentication protocol information.
In this embodiment of the present invention, optionally, a Spare half octet field in the registration request rejection message may be configured as a reserved keyword, and the public key of the target PLMN is carried in the EAPmessage field.
Referring to fig. 6, fig. 6 is a schematic diagram illustrating a format of an EAPmessage field in a registration request reject message according to an embodiment of the present invention. Optionally, the Length of EAP information content (Length of EAP message contents) in the EAP message field stores the Length of the public key of the target PLMN, and the EAP information (EAP message) stores the public key of the target PLMN.
Referring to fig. 7, fig. 7 is a schematic diagram of a system for issuing an IMSI encryption public key according to an embodiment of the present invention, in an embodiment of the present invention, a terminal sends a registration request not carrying an IMSI to a network side device (ACF (access and mobility management function entity)), and the network side device sends a registration request reject message carrying a PLMN public key to the terminal, so as to issue the public key of the PLMN, where the public key of the PLMN may be stored in a server and obtained by accessing the server by the network side device.
The following describes the above method of the present invention by taking a terminal registration procedure as an example.
Referring to fig. 8, fig. 8 is a schematic diagram of a registration process of a terminal according to an embodiment of the present invention, where the method includes:
step 81: the terminal sends a first Registration Request (Registration Request), wherein the first Registration Request only carries the information of the target PLMN and does not carry the IMSI of the terminal, so as to Request the network side equipment to issue the public key of the target PLMN.
Step 82: after the (radio) access network functional entity ((R) AN) receives said first registration request, AN AMF (access and mobility management functional entity) is selected.
Step 83: the (R) AN sends a first registration request to AN AMF (also referred to as a new AMF) of the 5G system.
Step 84: the new AMF sends a Namf _ Communication _ UEContextTransfer (full registration request) to the AMF of the 3G/4G system (also referred to as the old AMF).
Step 85: the old AMF sends Namf _ Communication _ UEContextTransfer response to the new AMF.
Step 86: the new AMF sends an Identity Request (Identity Request) to the terminal;
step 87: the terminal sends an Identity response (Identity response) to the new AMF;
step 88: the new AMF sends Registration request Reject information (Registration Reject) to the terminal, wherein the Registration request Reject information carries the public key of the target PLMN;
step 89: and the terminal sends a second registration request to the (R) AN, wherein the second registration request carries the information of the target PLMN and the IMSI encrypted by the public key.
Step 810: (R) after the AN receives the second registration request, selecting AN AMF.
Step 811: the (R) AN sends a second registration request to the new AMF.
Step 812: the new AMF sends a Registration Accept message (Registration Accept) to the terminal.
The above completes the registration of the terminal.
Referring to fig. 9, an embodiment of the present invention further provides a terminal 90, including:
a first sending module 91, configured to send a first registration request to a network side device if a public key of a target PLMN to be accessed is not stored in a user card, where IMSI information in the first registration request only carries information of the target PLMN;
a receiving module 92, configured to receive a registration request rejection message fed back by the network side device for the first registration request, where the registration request rejection message carries the public key of the target PLMN.
Optionally, the terminal further includes:
and the second sending module is used for sending a second registration request to the network side equipment, wherein the IMSI information in the second registration request carries the information of the target PLMN and the IMSI encrypted by the public key.
Optionally, the Type of identity field of the IMSI information in the first registration request indicates that the IMSI is null.
Optionally, the Type of identity field of the IMSI information in the first registration request is configured to be 000, and the 4 th Bit is configured to be 1.
Referring to fig. 10, an embodiment of the present invention further provides a network-side device 100, including:
the terminal comprises a receiving module, a sending module and a sending module, wherein the receiving module is used for receiving a first registration request sent by the terminal, and IMSI information in the first registration request only carries information of a target PLMN;
and the sending module is used for returning a registration request refusing message to the terminal, wherein the registration request refusing message carries the public key of the target PLMN.
Optionally, the network side device further includes:
the storage module is used for storing public key lists corresponding to a plurality of PLMNs;
and the query module is used for querying the public key list according to the information of the target PLMN in the first registration request to obtain the public key of the target PLMN.
Optionally, a Spare half octet field in the registration request rejection message is configured to be a reserved keyword, and the EAPmessage field carries the public key of the target PLMN.
Optionally, length of EAP message contents in the EAPmessage field stores the Length of the public key of the target PLMN, and the EAP message stores the public key of the target PLMN.
Referring to fig. 11, an embodiment of the present invention further provides a terminal 110, which includes a transceiver 111 and a processor 112;
the transceiver 111 is configured to send a first registration request to a network side device if the public key of the target PLMN to be accessed is not stored in the user card, where IMSI information in the first registration request only carries information of the target PLMN;
the transceiver 111 is further configured to receive a registration request rejection message fed back by the network side device for the first registration request, where the registration request rejection message carries the public key of the target PLMN.
Optionally, the transceiver 111 is further configured to send a second registration request to the network side device, where IMSI information in the second registration request carries information of the target PLMN and the IMSI encrypted by using the public key.
Optionally, the Type of identity field of the IMSI information in the first registration request indicates that the IMSI is null.
Optionally, the Type of identity field of the IMSI information in the first registration request is configured to be 000, and the 4 th Bit is configured to be 1.
Referring to fig. 12, an embodiment of the present invention further provides a network side device 120, which includes a transceiver 121 and a processor 122;
the transceiver is used for receiving a first registration request sent by a terminal, wherein IMSI information in the first registration request only carries information of a target PLMN;
the transceiver is further configured to return a registration request rejection message to the terminal, where the registration request rejection message carries the public key of the target PLMN.
Optionally, the network side device further includes:
the memory is used for storing public key lists corresponding to a plurality of PLMNs;
the processor 122 is configured to query the public key list according to the information of the target PLMN in the first registration request, and obtain the public key of the target PLMN.
Optionally, a Spare half octet field in the registration request rejection message is configured to be a reserved keyword, and the EAPmessage field carries the public key of the target PLMN.
Optionally, length of EAP message contents in the EAPmessage field stores the Length of the public key of the target PLMN, and the EAP message stores the public key of the target PLMN.
Referring to fig. 13, fig. 13 is a schematic structural diagram of a terminal according to another embodiment of the present invention, where the terminal 130 includes: a processor 131 and a memory 132. In this embodiment of the present invention, the terminal 130 further includes: the computer program stored in the memory 132 and capable of running on the processor 131, when being executed by the processor 111, implements the processes of the above-mentioned embodiment of the method for obtaining an IMSI encryption public key applied to a terminal, and can achieve the same technical effects, and is not described herein again to avoid repetition.
Referring to fig. 14, fig. 14 is a schematic structural diagram of a network-side device according to another embodiment of the present invention, where the network-side device 140 includes: a processor 141 and a memory 142. In this embodiment of the present invention, the network-side device 140 further includes: the computer program stored in the memory 142 and capable of running on the processor 141, when executed by the processor 141, implements the above-mentioned processes of the embodiment of the method for issuing the IMSI encryption public key applied to the terminal, and can achieve the same technical effect, and in order to avoid repetition, details are not described here again.
The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when executed by a processor, the computer program implements each process of the above-mentioned method for obtaining an IMSI encrypted public key applied to a terminal, and can achieve the same technical effect, and is not described herein again to avoid repetition.
The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements the above-mentioned processes applied in the embodiment of the method for issuing an IMSI encrypted public key of a network-side device, and can achieve the same technical effect, and in order to avoid repetition, details are not described here again.
The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a component of' 8230; \8230;" does not exclude the presence of another like element in a process, method, article, or apparatus that comprises the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (13)
1. A method for obtaining an IMSI encrypted public key is applied to a terminal, and is characterized by comprising the following steps:
if the public key of the target PLMN to be accessed is not stored in the user card, sending a first registration request to network side equipment, wherein IMSI information in the first registration request only carries the information of the target PLMN;
and receiving a registration request rejection message fed back by the network side equipment for the first registration request, wherein the registration request rejection message carries the public key of the target PLMN.
2. The method for obtaining an IMSI encryption public key according to claim 1, wherein after receiving the registration request reject message fed back by the network side device for the first registration request, the method further includes:
and sending a second registration request to the network side equipment, wherein IMSI information in the second registration request carries information of a target PLMN and the IMSI encrypted by the public key.
3. The method of claim 1, wherein the Type of identity field of the IMSI information in the first registration request indicates that the IMSI is null.
4. The method for obtaining the IMSI encrypted public key of claim 3, wherein the Type of identity field of the IMSI information in the first registration request is configured as 000, and the 4 th Bit is configured as 1.
5. A method for issuing an IMSI encrypted public key is applied to network side equipment, and is characterized by comprising the following steps:
receiving a first registration request sent by a terminal, wherein IMSI information in the first registration request only carries information of a target PLMN;
and returning a registration request rejection message to the terminal, wherein the registration request rejection message carries the public key of the target PLMN.
6. The method for issuing the IMSI encrypted public key according to claim 5, further comprising:
storing a public key list corresponding to a plurality of PLMNs;
before returning the registration request rejection message to the terminal, the method further includes:
and inquiring the public key list according to the information of the target PLMN in the first registration request to obtain the public key of the target PLMN.
7. The method according to claim 5, wherein a Spare half octet field in the registration request reject message is configured as a reserved key, and the EAPmessage field carries the public key of the target PLMN.
8. The method for issuing the IMSI encryption public key according to claim 7, wherein a Length of EAP message contents in the EAPmessage field stores the Length of the public key of the target PLMN, and an EAP message stores the public key of the target PLMN.
9. A terminal comprising a transceiver and a processor;
the transceiver is used for sending a first registration request to network side equipment if a public key of a target PLMN to be accessed is not stored in a user card, wherein IMSI information in the first registration request only carries information of the target PLMN;
the transceiver is further configured to receive a registration request rejection message fed back by the network side device for the first registration request, where the registration request rejection message carries the public key of the target PLMN.
10. A network-side device, comprising a transceiver and a processor;
the transceiver is used for receiving a first registration request sent by a terminal, wherein IMSI information in the first registration request only carries information of a target PLMN;
the transceiver is further configured to return a registration request rejection message to the terminal, where the registration request rejection message carries the public key of the target PLMN.
11. A terminal, comprising: processor, memory and program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the method of obtaining an IMSI encryption public key according to any one of claims 1 to 4.
12. A network-side device, comprising: a processor, a memory and a program stored on the memory and executable on the processor, the program when executed by the processor implementing the steps of the method for issuing an IMSI encrypted public key according to any one of claims 5 to 8.
13. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program which, when being executed by a processor, implements the steps of the method for obtaining an IMSI encryption public key according to any one of claims 1 to 4; alternatively, the computer program when executed by a processor implements the steps of the method for issuing an IMSI encrypted public key according to any one of claims 5 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911393414.4A CN113132979B (en) | 2019-12-30 | 2019-12-30 | Method for acquiring and issuing IMSI encrypted public key and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911393414.4A CN113132979B (en) | 2019-12-30 | 2019-12-30 | Method for acquiring and issuing IMSI encrypted public key and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113132979A CN113132979A (en) | 2021-07-16 |
| CN113132979B true CN113132979B (en) | 2023-03-21 |
Family
ID=76768828
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911393414.4A Active CN113132979B (en) | 2019-12-30 | 2019-12-30 | Method for acquiring and issuing IMSI encrypted public key and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113132979B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102026178A (en) * | 2010-12-31 | 2011-04-20 | 成都三零瑞通移动通信有限公司 | User identity protection method based on public-key mechanism |
| CN109429225A (en) * | 2017-08-30 | 2019-03-05 | 中兴通讯股份有限公司 | Message sink, sending method and device, terminal, network functional entity |
| CN110417797A (en) * | 2015-04-02 | 2019-11-05 | 阿里巴巴集团控股有限公司 | Authenticate the method and device of user |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8321677B2 (en) * | 2006-09-21 | 2012-11-27 | Google Inc. | Pre-binding and tight binding of an on-line identity to a digital signature |
| US8788811B2 (en) * | 2010-05-28 | 2014-07-22 | Red Hat, Inc. | Server-side key generation for non-token clients |
| US9918225B2 (en) * | 2014-11-03 | 2018-03-13 | Qualcomm Incorporated | Apparatuses and methods for wireless communication |
| CN109391937B (en) * | 2017-08-04 | 2021-10-19 | 华为技术有限公司 | Method, device and system for obtaining public key |
| CN109429295B (en) * | 2017-08-31 | 2021-11-23 | 中兴通讯股份有限公司 | Method for selecting AMF, system and storage medium |
| CN109586913B (en) * | 2017-09-28 | 2022-04-01 | 中国移动通信有限公司研究院 | Security authentication method, security authentication device, communication device, and storage medium |
-
2019
- 2019-12-30 CN CN201911393414.4A patent/CN113132979B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102026178A (en) * | 2010-12-31 | 2011-04-20 | 成都三零瑞通移动通信有限公司 | User identity protection method based on public-key mechanism |
| CN110417797A (en) * | 2015-04-02 | 2019-11-05 | 阿里巴巴集团控股有限公司 | Authenticate the method and device of user |
| CN109429225A (en) * | 2017-08-30 | 2019-03-05 | 中兴通讯股份有限公司 | Message sink, sending method and device, terminal, network functional entity |
Non-Patent Citations (4)
| Title |
|---|
| "TDoc_List_Meeting_SA2#127-Bis".《3GPP tsg_sa\WG2_Arch》.2018, * |
| Motorola Mobility等.S2-175681 "SUPI Request during the Registration procedure".《3GPP tsg_sa\WG2_Arch》.2017, * |
| S2-175681 "SUPI Request during the Registration procedure";Motorola Mobility等;《3GPP tsg_sa\WG2_Arch》;20170815;全文 * |
| S3-193637 "Key issue to mitigate the SUCI guessing attacks in TR 33.846";China Mobile;《3GPP tsg_sa\wg3_security》;20191007;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113132979A (en) | 2021-07-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3487196B1 (en) | Privacy managing entity selection in communication system | |
| US20070197216A1 (en) | Method for locking terminal home | |
| US20170064539A1 (en) | Electronic device and method for registering different networks using the electronic device | |
| US8863240B2 (en) | Method and system for smart card migration | |
| US10306461B2 (en) | Provision of subscriber profile to a MME in case of roaming | |
| CN105228123B (en) | Method and system for communication service of mobile terminal user in roaming place | |
| KR101059794B1 (en) | Method for restricting illegal use of terminal and system for same | |
| CN110475242B (en) | LTE network registration method, device, storage medium and computer equipment | |
| EP2141887A2 (en) | Method and apparatus for determining validity of mobile subscriber identifier in mobile communication terminal | |
| CN111431818B (en) | Cross-domain request flow distribution method and device, storage medium and computer equipment | |
| CN108243631B (en) | Network access method and equipment | |
| CN108271130B (en) | Communication system and method for identifying pseudo base station short message | |
| CN109587642B (en) | Charging method and device | |
| KR101671188B1 (en) | Method and system for certificating universal subscriber identity module | |
| CA3156911A1 (en) | Wireless communication method for registration procedure | |
| EP2180608A1 (en) | Realization method and system for binding access point and operator | |
| US10251119B2 (en) | Method and apparatus for handling reject | |
| CN111935701B (en) | Shared method, system, equipment and storage medium for preparing electronic SIM card | |
| CN110719575B (en) | Radio frequency spectrum allocation method and system based on block chain | |
| CN113132979B (en) | Method for acquiring and issuing IMSI encrypted public key and equipment | |
| US10251122B2 (en) | Method for switching from a first to a second mobile network operator and corresponding device | |
| US8402167B2 (en) | Method and device for invoking USI | |
| KR100882938B1 (en) | Method For Opening the Service Using the OTAOver-The-Air Activation in WCDMAWideband Code Division Multiple Access Mobile Phone | |
| KR102216293B1 (en) | Subscriber certification module using provisioning profile and method of accessing network using the same | |
| CN100563159C (en) | Generic authentication system and visit the method that Network in this system is used |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |