CN1913701A - Method for providing different safety class service to different user in mobile communication system - Google Patents
Method for providing different safety class service to different user in mobile communication system Download PDFInfo
- Publication number
- CN1913701A CN1913701A CNA2005100911231A CN200510091123A CN1913701A CN 1913701 A CN1913701 A CN 1913701A CN A2005100911231 A CNA2005100911231 A CN A2005100911231A CN 200510091123 A CN200510091123 A CN 200510091123A CN 1913701 A CN1913701 A CN 1913701A
- Authority
- CN
- China
- Prior art keywords
- user
- safe class
- terminal
- security
- entity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
A method for offering service of different security-class for different users in the mobile communication system, which includes the following steps: storing the entity of subscription service information in the regional place and increasing the signed security level of the user; storing temporarily the entity of the subscription service information in the visit place and increasing the subscription security level; informing the user's local security level in the regional place to the terminal without the need of sending all the security-parameters supported by the core network; the terminal compares and negotiates the subscription security-parameter sent by network with the one supported by the terminal.
Description
Technical field
The present invention is applicable to the mobile communication system of all standards, comprise all versions in the Wideband Code Division Multiple Access (WCDMA) (hereinafter to be referred as WCDMA), system as R99 (Release 99)/R4 (Release 4)/R5 (Release5)/R6 (Release 6) and later version thereof, and code division multiple access system (abbreviation cdma system), provide a kind of user that the scheme of different level of securitys is provided for different demands for security.
Background technology
In existing mobile communications system, aloft whether interface starts safe classes such as encryption and integrity protection and is controlled by network side.In case be provided with, then the whole network user enabled.For example in a single day network side is provided with encryption, then the user on the whole network all aloft interface encrypt.
Because the safe class in (hereinafter to be referred as the 3GPP) standard of third generation partner plan is at present controlled by network side, in case just be provided with the whole network user is enabled.Because mobile radio communication will provide professional for various users.Different users is different to safe requirement.As high-end user, the user of national particular department (government, army, public affairs, inspection, method etc.) to the requirement of safe class than higher, and common low end subscriber only needs network to provide the most basic conversation and basic safe class just passable, just lower to the requirement of level of security accordingly.Therefore, the existing security mechanism of mobile communication system can not satisfy the different demands for security of different user.
In addition, the existing security mechanism of mobile system communication system the business of operator is carried out also unfavorable.High-end user, the user of national particular department since needed level of security than higher, network need start the processing of secure context, this just certainly will take more Internet resources, so charge and can increase.And this part user also is an acceptable.And common low end subscriber wishes to select basic level of security and the also low business of corresponding charge.If can provide different safe class and user can select safe class for different users, the mobile system common carrier then can the better utilization conventional network resources, carries out miscellaneous service flexibly, thereby obtains bigger income.
Summary of the invention
A kind of method that provides different safe class and user can select the safe class of oneself for users different in the mobile communication system is provided.
For achieving the above object, provide the method for different safety class service in a kind of mobile communication system for different user, comprise step:
At the entity of ownership place storing user subscription business information, and increase this user's signatory safe class
At the entity of keeping in user's signing service information, increase this user's signatory safe class with visiting;
The various safe class parameters that core net is supported are informed terminal, only the safe class in local this user's who is preserved the signing service information is informed terminal;
The security parameter of the signatory safe class that the terminal support network side is sent is the comparison and negotiation of the security parameter supported of terminal therewith.
The present invention has increased a kind of selection for mobile operator provides colourful business, can satisfy high-end user, the different demand for security of the user of national particular department (government, army, public affairs, inspection, method etc.) etc. and common different users such as low end subscriber.And distinguish the difference that different level of security users use Internet resources, thus for operator can formulate new tariff policies, the highest as level of security, corresponding also high, the most basic safe class of rate, corresponding rate is also low.Like this, mobile operator just can obtain bigger income.
Description of drawings
Fig. 1 is the WCDMA safe mode control procedure in the 3GPP agreement;
Fig. 2 is the setting of level of security;
Fig. 3 is the signaling procedure that does not need the user to participate in;
Fig. 4 is the user's communication process;
Fig. 5 is a VLR/SGSN user data update process among the WCDMA R99;
Fig. 6 is that HLR deletes the user data process to VLR/SGSN among the WCDMA R99.
Embodiment
For guaranteeing the flexibility of operator in the operation of actual deployment network, originally network side function that network-wide security can be set still keeps.Increase following function
(1) user can select the safe class of oneself;
(2) network side can provide the business of different safe class for different users;
(3) be provided with aspect the safety function, the priority of network is greater than user's priority;
At first, mobile operator need formulate the security strategy of oneself, for example in the WCDMA system, can be defined as follows safe class:
(1) the highest: as both to have started integrity protection, and started again and encrypt;
(2) higher: as only to start integrity protection, do not start encryption;
(3) basic: as neither to start integrity protection, also do not start encryption;
Different safety class is formulated different rates, and the rate that safe class is high is high accordingly.Concrete which kind of security strategy that adopts is defined voluntarily by operator.
The user can select different safe classes when networking.At the network entity of preserving user's signing service information, as preserving user-selected safe class in attaching position register (hereinafter to be referred as HLR)/home subscriber server (hereinafter to be referred as HSS) or the service server.For reducing calling establishment time delay, remove original independent safe mode control procedure, safe mode control procedure and authentication process are united two into one.Owing in call establishment, generally all enable authentication process.In authentication process, network side is user's safe class, the security algorithm that is adopted, and employed keys etc. are issued the user, and the user is mated the back result and authentication information is issued network side in the lump, if wherein make a mistake, then flow process termination.If terminal is the safe class formulated of network enabled side not, then give the user this information notification.If security negotiation process and authentication process be success all, then from then on afterwards business is promptly carried out according to the level of security that sets, and makes amendment until the user.
One, ownership place is preserved the enhancing of the entity of user's signing service information
In the entity of storing user subscription business information such as ownership place preservation HLR/HSS/ service server, one of this user's of needs increase signatory safe class.When user-network access, by operator the signatory safe class that the user selectes is set for the first time, when the user carried out the safe class modification, operator made amendment accordingly to this.
Two, to keeping in the enhancing of the entity of user's signing service information with visiting
In the enhancing of keeping in the entity of user's signing service information with visiting, as the VLR Visitor Location Register among the WCDMA (hereinafter to be referred as VLR)/Serving GPRS Support Node entities such as (hereinafter to be referred as SGSN), one of this user's of needs increase signatory safe class, in the process of lane place/Routing Area Update, get the contracted user's information that comprises users such as safe class by the entity of storing user subscription business information such as ownership place preservation HLR/HSS/ service server and be kept in this entity of visiting ground.
Three, to the enhancing of core net call flows
Be to realize the present invention, the enhancing of core net shown two aspects:
(1) for the entity of the call treatment in the core net, as mobile switch (hereinafter to be referred as MSC) (WCDMA R99)/mobile switch server (hereinafter to be referred as MSCServer), (WCDMA R4)/SGSN.Be originally that core net informs terminal to all safe classes of being supported (as various cryptographic algorithm) parameter, revise this project, only the safe class in local this user's who is preserved the signing service is informed terminal, and be applied to follow-up flow process according to this kind safe class that this user selectes.
(2) for reducing user's access delay, verification process and safe mode control procedure are combined into a process;
Four, for the enhancing of terminal
For terminal, increase following processing:
Network side transmitted signatory safe class security parameter therewith the security parameter supported of terminal compare, if terminal can be supported, then inform network side, if the safe class terminal that the user contracts is not supported, terminal notifying user then, the basic safe class that allows the user select to be to use terminal to support continues follow-up flow process and still ends.
Embodiment
Concrete enforcement of the present invention comprises following several sections:
One. safe class is set during user-network access
The user is when networking, and implementation process as shown in Figure 2.Operator provides different safe class services for the user.The user can select the safe class that is adopted when networking.The safe class of the user being selected by the staff of operator is kept at the entity that is used for the storing user subscription business information, and as ownership HLR, HSS is perhaps in the service server etc.
Two. user's signing service such as safe class are saved in the local network entity
The user in the lane place/during Routing Area Update, from storing the entity of this user's signing service information, as ownership HLR, HSS, perhaps take out all signing service information of this user in the service server etc., be kept at corresponding entity in the local network, among the VLR as visit ground.Corresponding implementation process sees also shown in Figure 3:
(1) user initiates location area and is updated to the core net local network under start or other situations;
(2) whether the inquiry of the entity that is used for the storing user subscription business information (as VLR) in the core net local network wherein has this user's signing service information;
(3) if it's not true, the entity (as ownership place HLR) that is used for the storing user subscription business information from ownership place is got this user ground signing service information, comprises safety level information and security parameter correspondingly thereof, as security algorithm, and key etc.;
(4) carrying out the negotiation of verification process and safe class, consider this process for the user, is the process of an implicit expression, and what effect the user can't see, so no matter be designed to the terminal safe class whether the network enabled side is sent, flow process all continues.That is to say that if the safe class of network side transmitted is higher, and terminal is not supported, then terminal can select the lower level of security that can support to carry out all the other processes;
(5) carry out all the other processes according to the selected pairing parameter of safe class (as security algorithm, key etc.);
Three. the user initiates business
The user initiates professional flow process as shown in Figure 4:
Basic identical in the 1-3 process and two, only when initiating business, generally all carried out the location area renewal, corresponding entity in local network, the CAMEL-Subscription-Information of all having preserved the user as among the VLR on visit ground comprises safety level information.Therefore the second step process generally can not take place.
Increase following processing in the 4th step:
(1) 4.1: check whether safe class and parameter terminal thereof that network sends are supported;
(2) 4.2: if do not support, inform that then user-selected level of security terminal do not support;
(3) 4.3: inquiry terminal is to start minimum level of security or abandon carrying out business;
(4) 4.4: if the user selects to abandon this business, then flow process is to this termination;
(5) if safe class that terminal support network sends and parameter thereof or terminal are selected to start the most basic level of security, then finish authentication and level of security negotiations process
All the other continue remaining flow process according to selected safe class.
Four. the user is called
To start flow process different except initiatively initiating business with the user, and called is to be initiated by network side (as beep-page message), and other are identical with process in three.Do not give unnecessary details one by one.
More than be embodiment from the general angle explanation this patent of mobile communication system, be applicable to and comprise R99/R4/R5/R6/ mobile communication system Long Term Evolution (hereinafter to be referred as LTE) and later WCDMA system and CDMA2000 system thereof thereof, all mobile communication system such as Time Division-Synchronous Code Division Multiple Access (TD-SCDMA) system.
To be example below, describe the embodiment of this patent in detail with R99 network among the WCDMA.
At first, mobile operator need formulate the security strategy of oneself, is the concrete enforcement of example explanation this patent here with following three kinds of safe classes.:
(1) the highest: as both to have started integrity protection, and started again and encrypt;
(2) higher: as only to start integrity protection, do not start encryption;
(3) basic: as neither to start integrity protection, also do not start encryption;
Be to implement this patent, the modification of existing WCDMA Release 1999 comprised:
1.D/Gr the user data update/deletion of interface;
2.Iu-cs/Iu-ps the safe mode control procedure of interface;
3. the safe mode on the subscriber equipment (hereinafter to be referred as UE) is set;
Concrete modification to each interface and corresponding entity thereof is described below:
1.D/Gr the user data update/deletion of interface
(1) to the modification of entity HLR
In the database of HLR, increase the parameter of a level of security, the same with other users' signing service information, the user is provided with in HLR when networking first.The user can revise to operator's application when desired modifications.
(2) to the modification of VLR/SGSN
In the VLR/SGSN database, increase the parameter of a level of security equally.
(4) on the D/Gr interface to MAP (hereinafter to be referred as MAP) protocol modification
Modification comprises two processes to MAP on the D/Gr interface:
(A) VLR/SGSN user data update renewal process
(B) VLR/SGSN user data delete procedure
(A) VLR/SGSN user data update process
The user data update process of VLR/SGSN by the D/Gr interface as shown in Figure 5.Blue font wherein is the content that this patent increases.In the MAP of D/Gr interface message " MAP inserts user data " increase parameter safety grade (hereinafter to be referred as Security Level) in (following according to the 3GPP regulation, as to be called MAP-INSERT-SUBSCRIBER-DATA).This message after the increase is as follows:
Table 1:MAP-INSERT-SUBSCRIBER-DATA
| Parameter name | Request | Indicatio n | Respons e | Confirm |
| Invoke Id IMSI MSISDN Category Subscriber Status Bearer service List Teleservice List Forwarding information List Call barring information List CUG information List SS-Data List eMLPP Subscription Data MC-Subscription Data Operator Determined Barring General data | M C C C C C C C C C C C C C | M(=) C(=) C(=) C(=) C(=) C(=) C(=) C(=) C(=) C(=) C(=) C(=) C(=) C(=) | M(=) C C C | M(=) C(=) C(=) C(=) |
| Operator Determined Barring HPLMN data Roaming Restriction Due To Unsupported Feature Regional Subscription Data VLR CAMEL Subscription Info Voice Broadcast Data Voice Group Call Data Network access mode GPRS Subscription Data Roaming Restricted In SGSN Due | C C C C C C C C C | C(=) C(=) C(=) C(=) C(=) C(=) C(=) C(=) C(=) |
| Parameter name | Request | Indicatio n | Respons e | Confirm |
| To Unsupported Feature North American Equal Access preferred Carrier Id List SGSN Camel Subscription Info LSA Information IST Alert Timer SS-Code List LMU Identifier LCS Information CS Allocation/Retention priority Super-Charger Supported In HLR Regional Subscription Response Supported CAMEL Phases User error Provider error Security Level | U C C C C C C C C | C(=) C(=) C(=) C(=) C(=) C(=) C(=) C(=) C(=) | C C C U | C(=) C(=) C(=) C(=) O |
Other all parameters except last wherein do not illustrate one by one that owing to do not have too big relation with this patent concrete implication sees also 3GPP 29.002 8.8.1 chapters.
To increasing being described below of parameter S ecurity Level newly:
Security Level represents user's level of security, is the integer of (0~7), and implication is as follows:
0: the highest, both started integrity protection, start again and encrypt;
1: higher: only start integrity protection, do not start encryption;
2: basic: as neither to start integrity protection, also do not start encryption;
3-7: keep;
Wherein " C " implication be (Conditional) with good conditionsi, be meant under the condition that needs send to comprise this parameter.
This parameter comprises when Routing Area Update (hereinafter to be referred as Location Update)/restart (hereinafter to be referred as Restoration)/this parameter change.
When in Location Update or Restoration or level of security change, HLR initiates process as shown in Figure 5:
(1) 501:HLR takes out user's signing service information from database, send the MAP-INSERT-SUBSCRIBER-DATA request to VLR, international mobile subscriber identity (being designated hereinafter simply as IMSI) wherein, supplementary service information (hereinafter referred to as SS-Data List), GPRS subscription data (GPRS Subscription Data), Security level etc.;
(2) after 502:VLR received, signing service information wherein, Security level etc. was kept in the database of oneself, and returns the MAP-INSERT-SUBSCRIBER-DATA response message;
(B) VLR/SGSN user data delete procedure
The user data process is as shown in Figure 6 among the HLR deletion VLR/SGSN:
(1) 601:HLR sends MAP message to VLR/SGSN " MAP delete user data " (hereinafter to be referred as MAP-DELETE-SUBSCRIBER-DATA) ask, wherein comprise parameter I MSI, basic service tabulation (Basic service List), level of security Security level etc.;
(2) after 602:VLR receives, delete this user's signing service information
Wherein, MAP-DELETE-SUBSCRIBER-DAT is as follows:
Table 8.8/2:MAP-DELETE-SUBSCRIBER-DATA
| Parameter name | Request | Indicatio n | Response | Confir m |
| Invoke Id | M | M(=) | M(=) | M(=) |
| IMSI | M | M(=) | ||
| Basic service List | C | C(=) | ||
| SS-Code List | C | C(=) | ||
| Roaming Restriction Due To |
| Unsupported Feature | C | C(=) | ||
| Camel Subscription Info Withdraw | C | C(=) | ||
| Specific CSI Withdraw | C | C(=) | ||
| Regional Subscription Data | C | C(=) | ||
| VBS Group Indication | C | C(=) | ||
| VGCS Group Indication | C | C(=) | ||
| GPRS Subscription Data Withdraw | C | C(=) | ||
| Roaming Restricted In SGSN Due To Unsupported Feature | C | C(=) | ||
| LSA Information Withdraw | C | C(=) | ||
| IST Information Withdraw | C | C(=) | ||
| Regional Subscription Response | C | C(=) | ||
| GMLC List Withdraw | C | C(=) | ||
| User error | C | C(=) | ||
| Provider error | O | |||
| Security Level withdraw | C | C(=) |
Other all parameters except last wherein do not illustrate one by one that owing to do not have too big relation with this patent concrete implication sees also 3GPP 29.002 8.8.2 chapters.
Wherein, the user security rank of deletion (hereinafter referred to as Security Level withdraw) is the new parameter of adding, in order to indication VLR deletion safe class CAMEL-Subscription-Information.
2.Iu-cs/Iu-ps the safe mode control procedure of interface
At present, the integrity protection information (hereinafter referred to as Integrity Protection Information) in the control of the safe mode among the 3GPP (being designated hereinafter simply as security mode control) is defined as follows
| IE/Group Name | Presen ce | Range | IE type and reference | Semantics description | |
| Integrity Protection Information | |||||
| >Permitted Integrity Protection Algorithms | |||||
| >>Integrity | M | 1 to 16 | INTEGER (standard UIA1(0)) | Value range is 0 to 15.Only one value used. | |
| >Integrity Protection Key | M | BIT STRING (128) |
Parameter wherein is protection algorithm integrallty (hereinafter referred to as Integrity Protection Algorithm) and integrity protection key (Integrity Protection Key).
Enciphered message among the security mode control (hereinafter referred to as Encryption Information) is defined as follows.
| IE/Group Name | Presen ce | Range | IE type and reference | Semantics description | |
| Encryption Information | |||||
| >Permitted Encryption Algorithms | |||||
| >> | M | 1 to 16 | INTEGER (no encryption (0),standard UEA1(1)) | Value range is 0 to 15.Only two values used. | |
| >Encryption Key | M | Bit string (128) |
Wherein comprise parameter cryptographic algorithm (Encryption Algorithm) and encryption key (EncryptionKey).
Integrity Protection Information parameter is made amendment; increase a no integrity protection parameter " do not carry out integrity protection " (no Integrity protection; hereinafter to be referred as UIA0), its value is 0, other UIA1 is defined as and is revised as 1.
| IE/Group Name | Presen ce | Range | IE type and reference | Semantics description | |
| Integrity Protection Information | |||||
| >Permitted Integrity Protection Algorithms | |||||
| >>Integrity | M | 1 to 16 | INTEGER (no Integrity protection(0) , standard UIA1(1)) | Value range is 0 to 15.Only one value used. | |
| >Integrity Protection Key | M | BIT STRING (128) |
In carrying out the safe mode control procedure, in MSC/SGSN, increase following operation:
(1) the Security Level in the inquiry VLR/SGSN database, carry out different operations respectively according to its value:
If-0, then fill UIA1 (1) at Integrity Protection Algorithm, be filled to UEA1 (1) at EncryptionAlgorithm;
If-1, then fill UIA1 (1) at Integrity Protection Algorithm, be filled to UEA0 (0) at EncryptionAlgorithm;
If-2, then fill UIA0 (0) at Integrity Protection Algorithm, be filled to UEA0 (0) at EncryptionAlgorithm;
Other operations are identical with existing regulation, behind the filling security mode control, are dealt into RNC by the Iu-cs/Iu-ps interface.
3.UE on safe mode set
The judgement of safe mode is transferred to UE with setting by RNC.The security capabilities information notification RNC that UE needn't can support mobile phone.According to the difference of signaling procedure, be divided into two kinds of situations:
(1) for the signaling procedure that does not need the user to participate in, as for location area updating/Routing Area Update/processes such as attach, if the security information that security capabilities<user of ME contracts is then selected lower safe mode, i.e. the safe mode that can support of ME.For example, the security information that the user contracts is UEA1, but ME can only support UEA0, and then UE selects UEA0 to continue remaining signaling procedure;
(2) signaling procedure of participating in for the user, as caller/called, if during the security information that security capabilities<user of ME contracts, then be prompted to the user, the lower safe mode (safe mode that ME can support) of security information that allows the user select whether to use to contract than the user, still in signaling procedure here.
Claims (11)
1. the method for different safety class service is provided for different user in the mobile communication system, comprises step:
At the entity of ownership place storing user subscription business information, and increase this user's signatory safe class;
At the entity of keeping in user's signing service information, increase this user's signatory safe class with visiting;
The various safe class parameters that core net is supported are informed terminal, only the safe class in local this user's who is preserved the signing service information is informed terminal;
The security parameter of the signatory safe class that the terminal support network side is sent is the comparison and negotiation of the security parameter supported of terminal therewith.
2. method according to claim 1 is characterized in that described safe class comprises:
Highest ranking;
Higher level;
Basic grade.
3. method according to claim 2 is characterized in that described highest ranking comprises: promptly start integrity protection and start encipherment protection again.
4. method according to claim 2 is characterized in that described higher level comprises: only start integrity protection, do not start encipherment protection.
5. method according to claim 2 is characterized in that described basic grade comprises: neither start integrity protection and also do not start encipherment protection.
6. method according to claim 1 is characterized in that the user when networking, user-selected fixed safe class be kept at ownership place storing user subscription business information as in the entity in the HLR/HSS/ service server etc.
7. method according to claim 6, it is characterized in that when lane place/route of user goes to upgrade, the signatory safe class parameter with usefulness is also preserved by getting and send at the entity of ownership place storing user subscription business information in the entity of keeping in user's signing service information with visiting.
8. method according to claim 1 is characterized in that core net informs terminal to the security parameter of the signatory safe class correspondence of user, carries out the negotiation of safe mode.
9. method according to claim 6 is characterized in that then security control process and authentication process being merged if the HLR/HSS/ service server is preserved the safe class that the user selects.
10. method according to claim 1 is characterized in that comprising step:
During safe class that terminal is found not support to be contracted, if at call flow, then be prompted to the user, and allow the user select the more basic safe class of whether selecting terminal to support;
The user is if refuse, and then flow process is ended.
11. method according to claim 10 is characterized in that also comprising step:
If do not have the flow process of user intervention at location area updating etc., be not prompted to the user, directly the more basic safe class that can support of terminal also uses this more basic safe class to carry out follow-up flow process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2005100911231A CN1913701A (en) | 2005-08-08 | 2005-08-08 | Method for providing different safety class service to different user in mobile communication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2005100911231A CN1913701A (en) | 2005-08-08 | 2005-08-08 | Method for providing different safety class service to different user in mobile communication system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1913701A true CN1913701A (en) | 2007-02-14 |
Family
ID=37722430
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2005100911231A Pending CN1913701A (en) | 2005-08-08 | 2005-08-08 | Method for providing different safety class service to different user in mobile communication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1913701A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009105976A1 (en) * | 2008-02-26 | 2009-09-03 | 华为技术有限公司 | Method, system and device for permission control |
| WO2010037299A1 (en) * | 2008-09-28 | 2010-04-08 | 华为技术有限公司 | Method and device for protecting user terminal capability |
| CN101188498B (en) * | 2007-12-19 | 2010-12-08 | 华为技术有限公司 | Communication terminal and communication method |
| CN101296093B (en) * | 2007-04-26 | 2011-02-09 | 华为技术有限公司 | Charging system, method and bargaining equipment |
| CN102144371A (en) * | 2008-09-10 | 2011-08-03 | Lg电子株式会社 | Method for selectively encrypting control signal |
| US8024559B2 (en) | 2007-07-12 | 2011-09-20 | Nhn Business Platform Corporation | Security authentication system and method |
| CN101222749B (en) * | 2007-01-11 | 2011-10-26 | 中兴通讯股份有限公司 | Method and starting method for transferring user's contract information to visiting network |
| CN101287227B (en) * | 2008-05-22 | 2011-11-09 | 德信无线通讯科技(北京)有限公司 | Mobile communication terminal and method for preventing rollback of software security grade |
| US8219064B2 (en) | 2007-09-03 | 2012-07-10 | Huawei Technologies Co., Ltd. | Method, system, and apparatus for preventing bidding down attacks during motion of user equipment |
| CN101128061B (en) * | 2007-09-27 | 2013-02-27 | 中兴通讯股份有限公司 | Method and system for mobile management unit, evolving base station and identifying whether UI is encrypted |
| CN103368983A (en) * | 2012-03-27 | 2013-10-23 | 中兴通讯股份有限公司 | Security demand query method, security demand feedback method and security demand query device |
| US8582771B2 (en) | 2008-09-10 | 2013-11-12 | Lg Electronics Inc. | Method for selectively encrypting control signal |
| US8666408B2 (en) | 2008-07-15 | 2014-03-04 | Lg Electronics Inc. | Method of supporting location privacy |
-
2005
- 2005-08-08 CN CNA2005100911231A patent/CN1913701A/en active Pending
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101222749B (en) * | 2007-01-11 | 2011-10-26 | 中兴通讯股份有限公司 | Method and starting method for transferring user's contract information to visiting network |
| CN101296093B (en) * | 2007-04-26 | 2011-02-09 | 华为技术有限公司 | Charging system, method and bargaining equipment |
| CN101345617B (en) * | 2007-07-12 | 2012-12-12 | Nhn商务平台株式会社 | Safety authentication system and method |
| US8024559B2 (en) | 2007-07-12 | 2011-09-20 | Nhn Business Platform Corporation | Security authentication system and method |
| CN103220674B (en) * | 2007-09-03 | 2015-09-09 | 华为技术有限公司 | A kind of method, system and device of preventing degraded attack when terminal moving |
| CN103220674A (en) * | 2007-09-03 | 2013-07-24 | 华为技术有限公司 | Method and system for preventing quality degradation attack during terminal movement and device |
| US8219064B2 (en) | 2007-09-03 | 2012-07-10 | Huawei Technologies Co., Ltd. | Method, system, and apparatus for preventing bidding down attacks during motion of user equipment |
| CN101128061B (en) * | 2007-09-27 | 2013-02-27 | 中兴通讯股份有限公司 | Method and system for mobile management unit, evolving base station and identifying whether UI is encrypted |
| CN101188498B (en) * | 2007-12-19 | 2010-12-08 | 华为技术有限公司 | Communication terminal and communication method |
| CN101521885B (en) * | 2008-02-26 | 2012-01-11 | 华为技术有限公司 | Authority control method, system and equipment |
| WO2009105976A1 (en) * | 2008-02-26 | 2009-09-03 | 华为技术有限公司 | Method, system and device for permission control |
| CN101287227B (en) * | 2008-05-22 | 2011-11-09 | 德信无线通讯科技(北京)有限公司 | Mobile communication terminal and method for preventing rollback of software security grade |
| US8666408B2 (en) | 2008-07-15 | 2014-03-04 | Lg Electronics Inc. | Method of supporting location privacy |
| US8676198B2 (en) | 2008-07-15 | 2014-03-18 | Lg Electronics Inc. | Method of supporting location privacy |
| US8582771B2 (en) | 2008-09-10 | 2013-11-12 | Lg Electronics Inc. | Method for selectively encrypting control signal |
| CN102144371B (en) * | 2008-09-10 | 2015-06-03 | Lg电子株式会社 | Method for selectively encrypting control signal |
| CN102144371A (en) * | 2008-09-10 | 2011-08-03 | Lg电子株式会社 | Method for selectively encrypting control signal |
| WO2010037299A1 (en) * | 2008-09-28 | 2010-04-08 | 华为技术有限公司 | Method and device for protecting user terminal capability |
| CN101686463B (en) * | 2008-09-28 | 2013-10-09 | 华为技术有限公司 | Method for protecting ability of user terminal, device and system |
| CN103368983A (en) * | 2012-03-27 | 2013-10-23 | 中兴通讯股份有限公司 | Security demand query method, security demand feedback method and security demand query device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1913701A (en) | Method for providing different safety class service to different user in mobile communication system | |
| CN1274180C (en) | Communication system comprising plurality of communication networks | |
| CN101043755A (en) | Method, system and apparatus for admittance determination in mobile communication system | |
| CN1645960A (en) | Interactive method for re-selecting operating network to wireless local network | |
| CN1652523A (en) | Method and system for providing data service in interworking wireless public and private networks | |
| CN1806412A (en) | Method and apparatus for broadcast application in a wireless communication system | |
| CN1363195A (en) | Integrity check in communication system | |
| CN101047950A (en) | Method for allocating default load in 3GPP evolution network | |
| CN101047958A (en) | User network attatching method and system for roaming scence in 3GPP evolution network | |
| CN101060712A (en) | Wireless connecting establishment method | |
| CN101056448A (en) | Method for detecting the service quality parameters and network side communication device | |
| CN1949923A (en) | Idle mode movement performace managing method and wireless communication system in wireless communication system | |
| CN1856155A (en) | Method for user accessing information in next generation network | |
| CN1645793A (en) | Cut-in identification realizing method for wireless local network | |
| CN101047506A (en) | Management method for terminal equipment starting service in radio communication network | |
| CN1518383A (en) | Method for implementing service of one mobile phone has multinumber and communication network | |
| CN1823543A (en) | Service restriction in mobile communication networks | |
| CN101069395A (en) | Method for SMM capability distribution | |
| CN101069440A (en) | Network selection in GAN environment | |
| CN1870636A (en) | Method and system for client redirection | |
| CN1652526A (en) | Providing evolution data only (EV-DO) service in network interfacing wireless public network and wired/wireless private network | |
| CN1486118A (en) | Method for user terminal communication through Package Domain of Public Land Mobile Telecommunication Network | |
| CN1882178A (en) | Method for solving calling/called impact in wireless network | |
| CN1561027A (en) | Integral service discrimination interface and integral service implementing method | |
| CN1905569A (en) | Method for changing user IP address of mobile communication network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20070214 |