WO2011003352A1 - Method and device for protecting terminal privacy - Google Patents

Method and device for protecting terminal privacy Download PDF

Info

Publication number
WO2011003352A1
WO2011003352A1 PCT/CN2010/075041 CN2010075041W WO2011003352A1 WO 2011003352 A1 WO2011003352 A1 WO 2011003352A1 CN 2010075041 W CN2010075041 W CN 2010075041W WO 2011003352 A1 WO2011003352 A1 WO 2011003352A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
base station
request message
calculation value
security calculation
Prior art date
Application number
PCT/CN2010/075041
Other languages
French (fr)
Chinese (zh)
Inventor
冯成燕
滕志猛
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011003352A1 publication Critical patent/WO2011003352A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation

Definitions

  • the present invention relates to the field of communications, and in particular to a method and apparatus for protecting terminal privacy.
  • IEEE 802.16 standard system is mainly for metropolitan area networks. Its main objective is to develop the physical layer of the air interface of the wireless access system operating in the 2 ⁇ 66 GHz band. (Physical, referred to as PHY) and Media Access Control (MAC) specifications, as well as conformance testing related to air interface protocols and coexistence specifications between different wireless access systems. According to whether it supports mobile characteristics, the IEEE 802.16 standard can be divided into fixed broadband wireless access air interface standard and mobile broadband wireless access air interface standard.
  • 802.16d belongs to the fixed wireless access air interface standard, which was in 2004. It was approved by the IEEE 802 committee in June and released under the name IEEE 802.16-2004.
  • 802.16e is a mobile broadband wireless access air interface standard. It was adopted by the IEEE 802 committee in November 2005 and is released under the name IEEE 802.16-2005.
  • WiMAX Worldwide Interoperability for Microwave Access
  • WiMAX is based on the IEEE 802.16 air interface specification and has become the most influential broadband wireless access technology in the world.
  • WiMAX Worldwide Interoperability for Microwave Access
  • ITU International Telecommunication Unit
  • IMT-Advanced International Mobile Telecommunication
  • SRD 802.16m System Requirement Document
  • AMS MAC Address the terminal media access control address
  • STID the official mobile station identifier
  • the terminal reports its own AMS MAC Address to the base station in the RNG-REQ message.
  • the base station sends the TSTID allocated for the terminal to the terminal in the Ranging Response (RNG-RSP) message, and the subsequent message interaction uses the TSTID to identify the terminal until the base station distributes the STID allocated for the terminal to the terminal during the registration process.
  • the transmission of STID requires a protection mechanism.
  • the base station then releases the TSTID and uses the STID to identify the terminal in a subsequent flow.
  • this method only protects the mapping relationship between AMS MAC Address and STID, and still does not solve the risk of AMS MAC Address plaintext transmission. Since the attacker can intercept the address, it will forge or track the user's whereabouts. Summary of the invention
  • the present invention has been made in the prior art without solving the problem of the risk caused by the AMS MAC Address transmission. Therefore, the main object of the present invention is to provide a protection scheme for terminal privacy to solve the above problem.
  • a method of protecting a terminal privacy includes: when the terminal initially enters the network or re-enters the network, the base station receives the ranging request message from the terminal, where the ranging request message carries the media connection calculated by the terminal.
  • the security calculation value is used to protect the real terminal media access control address and identify the terminal; after the terminal successfully completes the authentication and is authorized, the base station calculates the air interface key by using the above security calculation value.
  • a protection device for terminal privacy is provided.
  • the device for protecting the security of the terminal includes: a first receiving module, configured on the base station side, configured to receive a ranging request message from the terminal when the terminal initially enters the network or re-enters the network, where the ranging request message is carried
  • the security calculation value of the media access control address calculated by the terminal is used to protect the real terminal media access control address and identify the terminal;
  • the first calculation module is set on the base station side, and is used to successfully complete the authentication at the terminal.
  • the air interface key is calculated using the security calculation value received by the first receiving module.
  • the method for calculating the air interface key by using the security calculation value of the media access control address calculated by the terminal from the terminal is used by the base station, and the related art does not solve the problem caused by the AMS MAC Address plaintext transmission.
  • the issue of risk which in turn increases the security of the system.
  • FIG. 1 is a flowchart of a method for protecting terminal privacy according to an embodiment of the present invention
  • FIG. 2 is an interaction of an implementation method for terminal privacy protection in a wireless communication system according to an embodiment of the present invention
  • 3 is a schematic diagram of generating an airborne derived key according to an embodiment of the present invention
  • FIG. 4 is an interaction flowchart according to Embodiment 4 of the present invention
  • FIG. 5 is an interaction flow according to Embodiment 5 of the present invention
  • Figure 6 is a block diagram showing the interaction of the terminal privacy protection apparatus according to the sixth embodiment of the present invention
  • Figure 7 is a block diagram showing the structure of the terminal privacy protection apparatus according to the embodiment of the present invention
  • a preferred block diagram of the protection device is a flowchart of a method for protecting terminal privacy according to an embodiment of the present invention.
  • Embodiment 1 This embodiment considers that the terminal privacy defined by 802.16m (AMS Privacy) does not solve the problem caused by the AMS MAC Address plaintext transmission, and provides a terminal privacy protection scheme, which is initially implemented in the terminal.
  • the terminal When accessing the network or re-entering the network, the terminal calculates the security operation value of the terminal MAC address, and sends the terminal MAC address security operation value to the ranging request message. Base station.
  • step S102 initial network access in the terminal Or the re-entry network
  • the base station receives the ranging request message from the terminal, where the ranging request message carries the security calculation value of the media access control address calculated by the terminal, and the security calculation value is used to protect the real terminal MAC address and Identify the terminal.
  • the security calculation value may include at least one of the following: a hash value, an encryption operation value, and the like.
  • the base station sends a measurement response message to the terminal, and carries the security calculation value therein to indicate the measurement giant.
  • the response message belongs to the terminal.
  • the input parameters for calculating the terminal MAC address security operation value are: a terminal MAC address, and/or a random number Random AMS generated by the terminal, and/or a random number Random ABS generated by the base station, and/or a base station identifier ABSID, that is, The terminal may calculate the security operation value according to at least one of the terminal MAC address and the other three parameters mentioned above.
  • Step S104 After the terminal successfully completes the authentication/authorization, the base station calculates the air interface key using the security calculation value. Preferably, at the same time, the terminal calculates the air interface key using the security calculation value.
  • the air interface key may include at least one of the following: ⁇ an authorization key (Authorization Key, abbreviated as AK), a Cipher-based Message Authentication Code (CM AC) KEY, and a transmission encryption key.
  • AK authorization Key
  • CM AC Cipher-based Message Authentication Code
  • KEK Key Encrypt Key
  • the method may further include the following operations: after successfully completing the three-way handshake process, the terminal may In the registration request message REG-REQ, ⁇ ! takes its own AMS MAC Address and reports it to the base station. The transmission of the AMS AMC Address needs to be encrypted.
  • the base station receives the registration request message from the terminal, where the registration request message carries the media of the terminal.
  • FIG. 2 is a wireless communication according to an embodiment of the present invention.
  • Method for implementing terminal privacy protection in system includes the following steps S201 to S211: Step S201, the terminal scans a downlink (downlink, DL for short) channel, and The base station establishes synchronization and acquires an Up Link (UL) parameter. Step S202, the terminal calculates a hash value of the AMS MAC Address, that is, the AMS MAC.
  • AMS MAC Address* F(AMS MAC Address, Random AMS
  • AMS MAC Address* F(AMS MAC Address, ABSID
  • Random ABS , 48), or AMS MAC Address* F(AMS MAC Address, Random ABS
  • AMS MAC Address* F(AMS MAC Address, ABSID
  • AMS MAC Address* F(AMS MAC Address ,
  • Random AB S Random AMS
  • ABSID 48.
  • F can be any hash function, for example, Message-Digest Algorithm 5 (MD5) algorithm, Secure Hash Algorithm (SHA) algorithm, CMAC algorithm (Ciphertext packet link message) Authentication code), Dotl6KDF algorithm defined by IEEE 802.16, etc.
  • Random_ABS is a random number generated by the base station, and the random number is broadcasted by a mapping message (A-MAP), or when the terminal performs step S201, the base station allocates for the terminal, and CDMA_Allocation_IE (This information element is used by the base station to allocate bandwidth to the terminal, the terminal Sending a ranging request message to the base station on the bandwidth is sent to the terminal; Random_AMS is a random number generated by the terminal.
  • MD5 Message-Digest Algorithm 5
  • SHA Secure Hash Algorithm
  • CMAC algorithm Ciphertext packet link message
  • Random_ABS and Random_AMS can be 16 bits, 32 bits, 48 bits, 64 bits, 128 bits, and the like.
  • Step S203 The terminal sends an RNG-REQ message to the base station, where the RNG-REQ message carries the following parameters: AMS MAC Address * who goes to the base station, where the RNG-RSP message carries the parameter AMS. MAC address *, the parameter is used to identify which terminal the test 3 macro response message belongs to.
  • Step S205 the terminal and the base station perform a pre-authentication capability negotiation process, and negotiate parameters required for the later authentication process.
  • Step S206 the terminal and the network The authentication and authorization operations are performed on the side.
  • Step S207 The terminal and the base station calculate the air interface key AK by using the AMS MAC Address*, and derive the CMAC KEY, and/or KEK from the AK.
  • Step S208 the terminal and the network side perform a three-way handshake process, and verify Authorization key AK.
  • FIG. 3 is a schematic diagram of generating an airborne derived key according to an embodiment of the present invention, as shown in FIG.
  • AK ⁇ Dotl6KDF (PMK, AMS MAC Address*) ABSID
  • AMS MAC Address* is the hash of the terminal MAC address. value. ABSID ⁇ & station identification information. "', indicating that the content is a string, "AK” means the string corresponding to the letter combination of AK. "160” indicates the length of AK, the unit is bit.
  • PMK can be derived by MSK It is concluded that the MSK is a key in the IEEE 802.16 specification, which is generated by the mobile station and the base station at both ends in the initial authentication process. It should be noted that in the embodiment of the present invention, the same symbol represents The same meaning.
  • the CMAC KEY U and CMAC KEY D are generated by the following formula: First, determine CMAC PREKEY U and CMAC PREKEY D, CMAC PREKEY U and CMAC PREKEY D to derive an intermediate parameter of CMAC KEY U and CMAC KEY D. Among them, CMAC_PREKEY_U and CMAC PREKEY D are generated as follows:
  • CMAC PREKEY D ⁇ Dotl6KDF ( AK, AMS MAC Address*
  • "CMAC KEYS” , 256 ) the character string corresponding to the CMACJ EYS character combination. 256 means 4 dance
  • the length of the result is 256 bits.
  • the result of the above formula is the concatenation value of CMAC_PREKEY_U and CMAC PREKEY D, and the value of CMAC_PREKEY_U and CMAC PREKEY D is 128 bits before and after.
  • CMAC PREKEY U and CMAC PREKEY D generation methods can also be implemented by: CMAC PREKEY U
  • KEK ⁇ Dotl6KDF ( AK,
  • CMAC KEY D ⁇ AESCMAC PREKEY D ( CMAC KEY COUNT ) where AES is the Advanced Encryption Standard algorithm.
  • TEK ⁇ Dotl6KDF ( AK, SAID
  • AK is the authorization key generated in the foregoing manner
  • COUNTER_TEK is a counter, and the counter is initialized or heavy at the terminal each time.
  • Authentication ⁇ ⁇ is reset when authorized, and each pair is updated once, and the value is incremented by 1.
  • the SAID is the SA identity, and is assigned by the base station to the mobile station. For the generation of this parameter, refer to the relevant provisions in IEEE 802.16m, which is not mentioned here.
  • TEK means the string corresponding to the letter combination of TEK. 128 indicates that the length of the TEK is 128 bits. The way TEK is generated can also be achieved by:
  • TEK ⁇ Dotl6KDF ( AK, SAID
  • the meanings of the parameters in the formula are exactly the same as those in the aforementioned TEK generation formula, and are not mentioned here.
  • the terminal when the terminal needs to perform handover between the base stations, the terminal sends the updated terminal MAC address security calculation value to the target base station.
  • 4 is an interaction flowchart according to Embodiment 4 of the present invention. The specific operation is as shown in FIG.
  • Step S402 The terminal sends a terminal handover command (AAI_HO_CMD) message to the current serving base station, In order to notify the monthly base station, the terminal needs to switch to the target base station.
  • Step S406 the terminal calculates a security calculation value (AMS MAC Address*) of the updated terminal MAC address, and sends a ranging request (RNG-REQ) message to the target base station, where the message carries the parameter: AMS MAC Address*, step S408, target The base station sends a measurement macro response (RNG-RSP) message to the terminal.
  • AMS MAC Address* security calculation value
  • RNG-REQ ranging request
  • step S408 target The base station sends a measurement macro response (RNG-RSP) message to the terminal.
  • RNG-RSP measurement macro response
  • FIG. 5 is an interaction flowchart of Embodiment 5 of the present invention. As shown in FIG.
  • the method includes the following steps S502 to S508: Step S502: Before the terminal sends a handover command message to the base station, calculate the terminal MAC address. The security calculation value is sent to the serving base station in the handover indication message. Step S504: The serving base station performs a handover confirmation message interaction process with the target base station, and confirms to the target base station that the terminal is about to switch. In the process, the monthly base station transmits the security calculation value of the terminal MAC address to the target base station. Step S506: The terminal sends a ranging request (RNG-REQ) message to the target base station. Step S508, the target base station sends a measurement response (RNG-RSP) message to the terminal.
  • RNG-REQ ranging request
  • RNG-RSP measurement response
  • FIG. 6 is an interaction flowchart of the sixth embodiment of the present invention, as shown in FIG.
  • the method mainly includes the following steps S602 to S604: Step S602, when the Idle mode re-entry network trigger condition is satisfied, the terminal calculates a security calculation value of the terminal MAC address, and sends a ranging request message to the base station.
  • the message carries parameters: a secure calculated value of the terminal MAC address.
  • Step S604 The base station sends a ranging response message to the terminal.
  • Embodiment 7 This embodiment provides a protection device for terminal privacy.
  • FIG. 7 This embodiment provides a protection device for terminal privacy.
  • each module of the device is disposed on both sides of the base station 4 and the terminal 6, wherein the base station 4 side includes:
  • the receiving module 42 and the first calculating module 44 are described below.
  • the first receiving module 42 is disposed on the side of the base station 44, and is configured to receive a ranging request message from the terminal 6 when the terminal 6 initially enters the network or re-enters the network, where the ranging request message carries the media connection calculated by the terminal 6.
  • FIG. 8 is a block diagram of a preferred structure of a device for protecting privacy of a terminal according to an embodiment of the present invention.
  • the base station 4 includes: a first sending module 46, a second receiving module 48, and the terminal 6 includes: a second computing module 62.
  • the second sending module 64 and the third calculating module 66 The foregoing structure is described below.
  • the first sending module 46 is disposed on the base station 4 side, and is configured to send a ranging response message to the terminal 6, and carry a security calculation value therein to indicate that the ranging response message belongs to the terminal 6;
  • the second receiving module 48 is disposed at the base station 4.
  • the side is configured to receive a registration request message from the terminal 6, where the registration request message carries the media access control address of the terminal 6, and the registration request message is encrypted by the terminal 6 according to the air interface key.
  • the second calculation module 62 is disposed on the terminal 6 side for calculating a security calculation value of the media access control address.
  • the second sending module 64 is connected to the second calculation module 62 and is disposed on the terminal 6 side for the base station 4 Sending a ranging request message carrying the security calculation value calculated by the second calculation module 62; the third calculation module 66 is connected to the second calculation module 62, and is disposed on the terminal 6 side for security calculated by using the second calculation module 62. Calculate the value to calculate the air interface key.
  • the foregoing embodiment of the present invention provides a protection scheme for terminal privacy. When the terminal initially enters the network or re-enters the network, the terminal calculates a security operation value of the terminal MAC address, and secures the terminal MAC address. The calculated value is sent to the base station in the ranging request message.
  • the terminal and the network side calculate the relevant air interface key by using the terminal MAC address security calculation value when calculating the derived key of the air interface, and solve the terminal privacy defined by 802.16m (AMS Privacy).
  • AMS Privacy 802.16m
  • the invention is not limited to any specific combination of hardware and software.
  • the above description is only a preferred embodiment of the present invention, and is not limited to the IEEE 802.16 system. Its associated mode can be applied to other wireless communication systems. It will be apparent to those skilled in the art that various modifications and changes can be made in the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method for protecting terminal privacy includes: when a terminal accesses a network initially or re-accesses the network, a base station receives a ranging request message from the terminal, wherein the ranging request message carries a safe calculation value of a Medium Access Control (MAC) address calculated by the terminal and the safe calculation value is used for protecting the real terminal MAC address and identifying the terminal; and the base station calculates an air interface key by using the safe calculation value after the terminal successfully completes authentication/authorization. A device for protecting terminal privacy is disclosed as well. The present invention solves the problem that the plaintext transmission of the MAC address will bring risks, and improves the security of a system.

Description

终端私密性的保护方法^^置 技术领域 本发明涉及通信领域, 具体而言, 涉及一种终端私密性的保护方法及装 置。 背景技术 电子电机工程十办会 ( Institute of Electrical and Electronic Engineers, 简称 为 IEEE ) 802.16标准体系主要是针对城域网, 其主要目标是开发工作于 2 ~ 66GHz频带的无线接入系统空中接口物理层 ( Physical, 简称为 PHY ) 和媒 质接入控制层( Media Access Control , 简称为 MAC )规范, 同时还有与空中 接口协议相关的一致性测试以及不同无线接入系统之间的共存规范。 才艮据是否支持移动特性, IEEE 802.16标准可以分为固定宽带无线接入空 中接口标准和移动宽带无线接入空中接口标准, 其中, 802.16d 是属于固定 无线接入空中接口标准, 已经于 2004年 6月在 IEEE 802委员会获得通过, 以 IEEE 802.16-2004的名称发布。 而 802.16e属于移动宽带无线接入空中接 口标准, 于 2005年 11月在 IEEE 802委员会获得通过, 以 IEEE 802.16-2005 的名称发布。 啟波接入全球互操作性认证联盟( Worldwide Interoperability for Microwave Access, 简称为 WiMAX )即是基于 IEEE 802.16空中接口的规范, 目前已成为国际上影响力最大的宽带无线接入技术。 目前, IEEE正在制订 802.16m标准。 该标准是为了研究 WiMAX下一 步演进路线, 目标是成为下一代移动通信技术, 并最终向国际电信联盟 ( International Telecommunication Unit, 简称为 ITU )提交技术提案成为 ITU 的高级国际无线通信系统 ( International Mobile Telecommunication Advance , 简称为 IMT- Advanced ) 标准之一。 该标准将兼容现有的 802.16e规范。  TECHNICAL FIELD The present invention relates to the field of communications, and in particular to a method and apparatus for protecting terminal privacy. BACKGROUND OF THE INVENTION The Institute of Electrical and Electronic Engineers (IEEE) 802.16 standard system is mainly for metropolitan area networks. Its main objective is to develop the physical layer of the air interface of the wireless access system operating in the 2 ~ 66 GHz band. (Physical, referred to as PHY) and Media Access Control (MAC) specifications, as well as conformance testing related to air interface protocols and coexistence specifications between different wireless access systems. According to whether it supports mobile characteristics, the IEEE 802.16 standard can be divided into fixed broadband wireless access air interface standard and mobile broadband wireless access air interface standard. Among them, 802.16d belongs to the fixed wireless access air interface standard, which was in 2004. It was approved by the IEEE 802 committee in June and released under the name IEEE 802.16-2004. 802.16e is a mobile broadband wireless access air interface standard. It was adopted by the IEEE 802 committee in November 2005 and is released under the name IEEE 802.16-2005. The Worldwide Interoperability for Microwave Access (WiMAX) is based on the IEEE 802.16 air interface specification and has become the most influential broadband wireless access technology in the world. Currently, the IEEE is developing the 802.16m standard. This standard is to study the next evolution path of WiMAX, the goal is to become the next generation mobile communication technology, and finally submit the technical proposal to the International Telecommunication Unit (ITU) to become the ITU's advanced international wireless communication system (International Mobile Telecommunication) Advance, referred to as IMT-Advanced, is one of the standards. This standard will be compatible with the existing 802.16e specification.
802.16m的系统需求文当 ( System Requirement Document, 简称为 SRD ) 规定需要对终端的私密性进行保护, 即, 需要保护终端媒体接入控制地址 ( AMS MAC Address )在空口明文传输, 以避免攻击者可以获得该地址从而 威胁终端的私密性。 为了实现这一目标, 16m 的系统描述文档 ( System Description Document , 简称为 SDD ) 定义了两种类型的移动站标识,即, 临 时移动台标识 ( Temporary Station ID, 简称为 TSTID ) 和正式的移动台标识 ( Station ID, 简称为 STID ), 二个标识符均在基站范围内唯一。 TSTID在终 端初始入网的 ranging 过程中由基站为终端唯一分配用于临时标识终端, 具 体来说, 即, 终端在测距请求 (RNG-REQ ) 消息中, 将自己的 AMS MAC Address 上报给基站, 基站在测距响应 ( RNG-RSP ) 消息中将为终端分配的 TSTID发送给终端, 此后的消息交互就用 TSTID来标识终端, 直到注册过程 中基站将为终端分配的 STID分发给终端为止。 STID的传送需要有保护机制。 然后, 基站释放 TSTID, 使用 STID用于在后续的流程中标识终端。 但是, 该方法仅保护了 AMS MAC Address和 STID的映射关系, 仍然没 有解决 AMS MAC Address明文传输所带来的风险。 由于攻击者可以截获该 地址, 因此, 会伪造或者跟踪用户的行踪。 发明内容 802.16m System Requirement Document (SRD) stipulates that the privacy of the terminal needs to be protected, that is, the terminal media access control address (AMS MAC Address) needs to be protected in the clear text transmission to avoid attackers. This address can be obtained to threaten the privacy of the terminal. To achieve this goal, the 16m System Description Document (SDD) defines two types of mobile station identifiers, namely, The mobile station identifier (Temporary Station ID, TSTID for short) and the official mobile station identifier (Station ID, referred to as STID), both identifiers are unique within the base station range. The TSTID is uniquely allocated by the base station for temporarily identifying the terminal in the process of the initial network access of the terminal. Specifically, the terminal reports its own AMS MAC Address to the base station in the RNG-REQ message. The base station sends the TSTID allocated for the terminal to the terminal in the Ranging Response (RNG-RSP) message, and the subsequent message interaction uses the TSTID to identify the terminal until the base station distributes the STID allocated for the terminal to the terminal during the registration process. The transmission of STID requires a protection mechanism. The base station then releases the TSTID and uses the STID to identify the terminal in a subsequent flow. However, this method only protects the mapping relationship between AMS MAC Address and STID, and still does not solve the risk of AMS MAC Address plaintext transmission. Since the attacker can intercept the address, it will forge or track the user's whereabouts. Summary of the invention
4十对相关技术中没有解决 AMS MAC Address明文传输所带来的风险的 问题而提出本发明, 为此, 本发明的主要目的在于提供一种终端私密性的保 护方案, 以解决上述问题。 为了实现上述目的, 才艮据本发明的一个方面, 提供了一种终端私密性的 保护方法。 才艮据本发明的终端私密性的保护方法包括:在终端初始入网或重入网时, 基站接收来自该终端的测距请求消息, 其中, 上述测距请求消息中携带有终 端计算得到的媒体接入控制地址的安全计算值, 该安全计算值用于保护真实 的终端媒体接入控制地址并标识该终端; 在上述终端成功完成认证 Αί受权之 后, 基站使用上述安全计算值计算空口密钥。 为了实现上述目的, 才艮据本发明的另一方面, 提供了一种终端私密性的 保护装置。 根据本发明的终端私密性的保护装置包括: 第一接收模块, 设置在基站 侧, 用于在终端初始入网或重入网时, 接收来自终端的测距请求消息, 其中, 测距请求消息中携带有终端计算得到的媒体接入控制地址的安全计算值, 安 全计算值用于保护真实的终端媒体接入控制地址并标识终端;第一计算模块, 设置在基站侧, 用于在终端成功完成认证 /授权之后, 使用第一接收模块接收 的安全计算值计算空口密钥。 通过本发明, 釆用基站使用接收来自终端的携带有终端计算得到的媒体 接入控制地址的安全计算值计算空口密钥的方法, 解决了相关技术中没有解 决 AMS MAC Address明文传输所带来的风险的问题, 进而提高了系统的安 全性。 附图说明 此处所说明的附图用来提供对本发明的进一步理解, 构成本申请的一部 分, 本发明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的 不当限定。 在附图中: 图 1是才艮据本发明实施例的终端私密性的保护方法的流程图; 图 2是才艮据本发明实施例的无线通信系统中终端私密性保护的实现方法 的交互流程图; 图 3是才艮据本发明实施例的产生空中派生密钥的示意图; 图 4是才艮据本发明实施例四的交互流程图; 图 5是 居本发明实施例五的交互流程图; 图 6是才艮据本发明实施例六的交互流程图; 图 7是 居本发明实施例的终端私密性的保护装置的结构框图; 图 8是 居本发明实施例的终端私密性的保护装置的优选结构框图。 具体实施方式 需要说明的是, 在不冲突的情况下, 本申请中的实施例及实施例中的特 征可以相互组合。 下面将参考附图并结合实施例来详细说明本发明。 实施例一 本实施例考虑到 802.16m现在定义的终端私密性 (AMS Privacy ) 中没 有解决 AMS MAC Address明文传输所带来的风险的问题, 提供了一种终端 私密性的保护方案, 在终端初始入网或重入网时, 终端计算终端 MAC地址 的安全运算值, 并将该终端 MAC地址安全运算值在测距请求消息中发送给 基站。 当终端成功完成认证 Αί受权后, 终端和网络侧在计算空中接口的派生密 钥时, 用该终端 MAC地址安全运算值计算相关空口密钥。 图 1是 居本发明实施例的终端私密性的保护方法的流程图, 如图 1所 示, 该方法包括如下的步 4聚 S 102至步 4聚 S 104: 步骤 S 102, 在终端初始入网或重入网时, 基站接收来自终端的测距请求 消息, 其中, 测距请求消息中携带有终端计算得到的媒体接入控制地址的安 全计算值, 安全计算值用于保护真实的终端 MAC地址并标识终端。 优选地, 安全计算值可以至少包括以下之一: 哈希 (Hash )值、 加密运算值等。 优选地, 在此之前, 终端计算媒体接入控制地址的安全计算值, 并向基 站发送测 巨请求消息, 然后, 基站向终端发送测 巨响应消息, 并在其中携带 安全计算值以指示测 巨响应消息属于终端。 例如, 计算终端 MAC地址安全 运算值的输入参数为: 终端 MAC 地址, 和 /或终端生成的随机数 Random AMS , 和 /或基站生成的随机数 Random ABS , 和 /或基站标识 ABSID, 也就是说, 终端可以根据终端 MAC地址和上述其它 3个参数至少 之一来计算安全运算值。 步骤 S 104, 在终端成功完成认证 /授权之后, 基站使用安全计算值计算 空口密钥。 优选地, 同时, 终端使用安全计算值计算空口密钥。 例如, 空口 密钥可以至少包括以下之一: ·ί受权密钥 (Authorization Key, 简称为 AK )、 消息完整性保护密钥 (Cipher-based Message Authentication Code, 简称为 CM AC ) KEY, 传输加密密钥 (Transmission Encrypt Key, 简称为 TEK )、 密 钥加密密钥 ( Key Encrypt Key, 简称为 KEK )„ 此后, 优选地, 该方法还可以包括如下操作: 在成功完成三次握手过程 后, 终端可以在注册请求消息 REG-REQ中, ^!夺自己的 AMS MAC Address 上报给基站。 该 AMS AMC Address的传输需要加密保护。 基站接收来自终 端的注册请求消息, 其中, 注册请求消息中携带有终端的媒体接入控制地址, 注册请求消息由终端 -据空口密钥进行加密; 基站向终端分配移动台标识, 才艮据空口密钥对携带有移动台标识的注册响应消息进行加密, 并向终端发送 加密后的注册响应消息。 实施例二 图 2是才艮据本发明实施例的无线通信系统中终端私密性保护的实现方法 的交互流程图, 如图 2所示, 无线通信系统中终端私密性保护的一种实现方 法包括如下的步骤 S201至步骤 S211 : 步骤 S201 , 终端扫描下行 ( Down Link, 简称为 DL ) 信道, 与基站建 立同步, 获取下行 /上行 ( Up Link, 简称为 UL ) 参数。 步骤 S202 ,终端计算 AMS MAC Address的哈希( Hash )值,即 AMS MACThe present invention has been made in the prior art without solving the problem of the risk caused by the AMS MAC Address transmission. Therefore, the main object of the present invention is to provide a protection scheme for terminal privacy to solve the above problem. In order to achieve the above object, according to an aspect of the present invention, a method of protecting a terminal privacy is provided. The method for protecting the privacy of the terminal according to the present invention includes: when the terminal initially enters the network or re-enters the network, the base station receives the ranging request message from the terminal, where the ranging request message carries the media connection calculated by the terminal. Entering a security calculation value of the control address, the security calculation value is used to protect the real terminal media access control address and identify the terminal; after the terminal successfully completes the authentication and is authorized, the base station calculates the air interface key by using the above security calculation value. In order to achieve the above object, according to another aspect of the present invention, a protection device for terminal privacy is provided. The device for protecting the security of the terminal according to the present invention includes: a first receiving module, configured on the base station side, configured to receive a ranging request message from the terminal when the terminal initially enters the network or re-enters the network, where the ranging request message is carried The security calculation value of the media access control address calculated by the terminal, the security calculation value is used to protect the real terminal media access control address and identify the terminal; the first calculation module is set on the base station side, and is used to successfully complete the authentication at the terminal. / Authorization, the air interface key is calculated using the security calculation value received by the first receiving module. According to the present invention, the method for calculating the air interface key by using the security calculation value of the media access control address calculated by the terminal from the terminal is used by the base station, and the related art does not solve the problem caused by the AMS MAC Address plaintext transmission. The issue of risk, which in turn increases the security of the system. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are set to illustrate,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, In the drawings: FIG. 1 is a flowchart of a method for protecting terminal privacy according to an embodiment of the present invention; FIG. 2 is an interaction of an implementation method for terminal privacy protection in a wireless communication system according to an embodiment of the present invention; 3 is a schematic diagram of generating an airborne derived key according to an embodiment of the present invention; FIG. 4 is an interaction flowchart according to Embodiment 4 of the present invention; FIG. 5 is an interaction flow according to Embodiment 5 of the present invention; Figure 6 is a block diagram showing the interaction of the terminal privacy protection apparatus according to the sixth embodiment of the present invention; Figure 7 is a block diagram showing the structure of the terminal privacy protection apparatus according to the embodiment of the present invention; A preferred block diagram of the protection device. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict. The invention will be described in detail below with reference to the drawings in conjunction with the embodiments. Embodiment 1 This embodiment considers that the terminal privacy defined by 802.16m (AMS Privacy) does not solve the problem caused by the AMS MAC Address plaintext transmission, and provides a terminal privacy protection scheme, which is initially implemented in the terminal. When accessing the network or re-entering the network, the terminal calculates the security operation value of the terminal MAC address, and sends the terminal MAC address security operation value to the ranging request message. Base station. After the terminal successfully completes the authentication and is authorized, the terminal and the network side calculate the relevant air interface key by using the terminal MAC address security operation value when calculating the derived key of the air interface. 1 is a flowchart of a method for protecting privacy of a terminal according to an embodiment of the present invention. As shown in FIG. 1, the method includes the following steps: step S102 to step 4: S: Step S102, initial network access in the terminal Or the re-entry network, the base station receives the ranging request message from the terminal, where the ranging request message carries the security calculation value of the media access control address calculated by the terminal, and the security calculation value is used to protect the real terminal MAC address and Identify the terminal. Preferably, the security calculation value may include at least one of the following: a hash value, an encryption operation value, and the like. Preferably, before the terminal calculates the security calculation value of the media access control address, and sends a measurement request message to the base station, the base station sends a measurement response message to the terminal, and carries the security calculation value therein to indicate the measurement giant. The response message belongs to the terminal. For example, the input parameters for calculating the terminal MAC address security operation value are: a terminal MAC address, and/or a random number Random AMS generated by the terminal, and/or a random number Random ABS generated by the base station, and/or a base station identifier ABSID, that is, The terminal may calculate the security operation value according to at least one of the terminal MAC address and the other three parameters mentioned above. Step S104: After the terminal successfully completes the authentication/authorization, the base station calculates the air interface key using the security calculation value. Preferably, at the same time, the terminal calculates the air interface key using the security calculation value. For example, the air interface key may include at least one of the following: · an authorization key (Authorization Key, abbreviated as AK), a Cipher-based Message Authentication Code (CM AC) KEY, and a transmission encryption key. (Transmission Encrypt Key, TEK for short), Key Encrypt Key (KEK), hereinafter, preferably, the method may further include the following operations: after successfully completing the three-way handshake process, the terminal may In the registration request message REG-REQ, ^! takes its own AMS MAC Address and reports it to the base station. The transmission of the AMS AMC Address needs to be encrypted. The base station receives the registration request message from the terminal, where the registration request message carries the media of the terminal. The access control address, the registration request message is encrypted by the terminal-based air interface key; the base station assigns the mobile station identifier to the terminal, and encrypts the registration response message carrying the mobile station identifier according to the air interface key, and sends the encryption to the terminal. Post-registration response message. Embodiment 2 FIG. 2 is a wireless communication according to an embodiment of the present invention. Method for implementing terminal privacy protection in system As shown in FIG. 2, an implementation method for terminal privacy protection in a wireless communication system includes the following steps S201 to S211: Step S201, the terminal scans a downlink (downlink, DL for short) channel, and The base station establishes synchronization and acquires an Up Link (UL) parameter. Step S202, the terminal calculates a hash value of the AMS MAC Address, that is, the AMS MAC.
Address* , Address* ,
AMS MAC Address* = F ( AMS MAC Address, ABSID, 48 ), 或 AMS MAC Address* = F ( AMS MAC Address, Rand AMS , 48 ), 或 AMS MAC Address* = F ( AMS MAC Address, Rand ABS, 48 ), 或 AMS MAC Address* = F(AMS MAC Address, ABSID|AMS MAC Address* = F (AMS MAC Address, ABSID, 48), or AMS MAC Address* = F (AMS MAC Address, Rand AMS, 48), or AMS MAC Address* = F (AMS MAC Address, Rand ABS, 48 ), or AMS MAC Address* = F(AMS MAC Address, ABSID|
Random_AMS,48 ), 或 AMS MAC Address* = F(AMS MAC Address, Random AMS | AB SID,Random_AMS, 48 ), or AMS MAC Address* = F(AMS MAC Address, Random AMS | AB SID,
48), 或 AMS MAC Address* = F(AMS MAC Address, ABSID| Random ABS , 48), 或 AMS MAC Address* = F(AMS MAC Address, Random ABS | ABSID ,48), or AMS MAC Address* = F(AMS MAC Address, ABSID| Random ABS , 48), or AMS MAC Address* = F(AMS MAC Address, Random ABS | ABSID ,
48), 或 AMS MAC Address* = F(AMS MAC Address , ABSID| Random AB S | Random AMS , 48) , 或 AMS MAC Address* = F(AMS MAC Address ,48), or AMS MAC Address* = F(AMS MAC Address, ABSID| Random AB S | Random AMS , 48) , or AMS MAC Address* = F(AMS MAC Address ,
Random AB S | Random AMS | ABSID, 48)。 其中, F可以为任意 hash函数,例如,信消摘要( Message-Digest Algorithm 5 , 简称为 MD5 ) 算法, 安全的哈希 ( Secure Hash Algorithm, 简称为 SHA ) 算法, CMAC 算法 (密文分组链接消息认证码), IEEE 802.16 定义的 Dotl6KDF算法等; Random_ABS是基站生成的一个随机数, 该随机数通过 映射消息 (A-MAP ) 进行广播, 或者在终端进行步骤 S201 时, 基站为终端 分配, 并在 CDMA_Allocation_IE (该信息元用于基站向终端分配带宽, 终端 在该带宽上向基站发送测距请求消息)中下发给终端; Random_AMS是终端 生成的一个随机数。 Random_ABS和 Random_AMS均可以为 16位、 32位、 48位、 64位、 128位等。 步骤 S203 , 终端向基站发送 RNG-REQ消息, 该 RNG-REQ消息中携带 有以下参数: AMS MAC Address *„ 步骤 S204, 基站向终端发送 RNG-RSP消息, 该 RNG-RSP消息中携带 有参数 AMS MAC Address * , 该参数用于标识该测 3巨响应消息属于哪个终 端。 步骤 S205 , 终端和基站进行预认证能力协商过程, 协商稍后的认证过程 需要用到的参数。 步骤 S206 , 终端和网络侧进行认证和授权操作。 步骤 S207, 终端和基站利用 AMS MAC Address*计算空口密钥 AK, 并 由 AK派生出 CMAC KEY, 和 /或 KEK。 步骤 S208, 终端和网络侧进行三次握手过程, 验证授权密钥 AK。 步 4聚 S209, 终端和基站生成 TEK, 用于加密空口的数据流。 步骤 S210, 终端向基站发送注册请求消息, 该注册请求消息可选地携带 参数: AMS MAC Address, 该注册请求消息需要用 TEK进行加密保护。 步骤 S211 , 基站向终端发送注册响应消息, 该注册响应消息携带参数: STID。 STID的传输需要加密保护。此后的消息交互过程即可以使用 STID来 标识终端。 实施例三 图 3是才艮据本发明实施例的产生空中派生密钥的示意图, 如图 3所示, AK的生成方式参见下式: Random AB S | Random AMS | ABSID, 48). Wherein, F can be any hash function, for example, Message-Digest Algorithm 5 (MD5) algorithm, Secure Hash Algorithm (SHA) algorithm, CMAC algorithm (Ciphertext packet link message) Authentication code), Dotl6KDF algorithm defined by IEEE 802.16, etc.; Random_ABS is a random number generated by the base station, and the random number is broadcasted by a mapping message (A-MAP), or when the terminal performs step S201, the base station allocates for the terminal, and CDMA_Allocation_IE (This information element is used by the base station to allocate bandwidth to the terminal, the terminal Sending a ranging request message to the base station on the bandwidth is sent to the terminal; Random_AMS is a random number generated by the terminal. Both Random_ABS and Random_AMS can be 16 bits, 32 bits, 48 bits, 64 bits, 128 bits, and the like. Step S203: The terminal sends an RNG-REQ message to the base station, where the RNG-REQ message carries the following parameters: AMS MAC Address * „Step S204, the base station sends an RNG-RSP message to the terminal, where the RNG-RSP message carries the parameter AMS. MAC address *, the parameter is used to identify which terminal the test 3 macro response message belongs to. Step S205, the terminal and the base station perform a pre-authentication capability negotiation process, and negotiate parameters required for the later authentication process. Step S206, the terminal and the network The authentication and authorization operations are performed on the side. Step S207: The terminal and the base station calculate the air interface key AK by using the AMS MAC Address*, and derive the CMAC KEY, and/or KEK from the AK. Step S208, the terminal and the network side perform a three-way handshake process, and verify Authorization key AK. Step 4: S209, the terminal and the base station generate a TEK for encrypting the data flow of the air interface. Step S210: The terminal sends a registration request message to the base station, where the registration request message optionally carries the parameter: AMS MAC Address, The registration request message needs to be encrypted and protected by the TEK. Step S211: The base station sends a registration response message to the terminal, where the registration response message carries the parameter: STI D. The transmission of the STID needs to be cryptographically protected. The subsequent message exchange process can use the STID to identify the terminal. Embodiment 3 FIG. 3 is a schematic diagram of generating an airborne derived key according to an embodiment of the present invention, as shown in FIG. For the generation method of AK, see the following formula:
AK <= Dotl6KDF ( PMK, AMS MAC Address*] ABSID| "AK" , 160 ) 其中, Dotl6KDF为 IEEE 802.16中定义的加密算法函数。 "|,, 如 IEEEAK <= Dotl6KDF (PMK, AMS MAC Address*) ABSID| "AK" , 160 ) where Dotl6KDF is an encryption algorithm function defined in IEEE 802.16. "|,, such as IEEE
802.16定义,用于指示级联。 AMS MAC Address*即为终端 MAC地址的 Hash 值。 ABSID ^&站的标识信息。 "', 表示其中的内容为字符串, "AK" 即表 示 AK这一字母组合对应的字符串。 " 160" 表示 AK的长度, 单位为 bit。 参 照背景技术中的相关描述: PMK可由 MSK推导得出,而 MSK是 IEEE 802.16 规范中的才艮密钥, 是移动站和基站在初始认证过程中在两端分别生成的。 需 要说明的是, 在本发明的实施例中, 相同的符号代表相同的含义。 802.16 definition, used to indicate cascading. AMS MAC Address* is the hash of the terminal MAC address. value. ABSID ^& station identification information. "', indicating that the content is a string, "AK" means the string corresponding to the letter combination of AK. "160" indicates the length of AK, the unit is bit. Refer to the related description in the background art: PMK can be derived by MSK It is concluded that the MSK is a key in the IEEE 802.16 specification, which is generated by the mobile station and the base station at both ends in the initial authentication process. It should be noted that in the embodiment of the present invention, the same symbol represents The same meaning.
CMAC KEY U及 CMAC KEY D的生成方式通过下式实现: 首 先 , 确 定 CMAC PREKEY U 及 CMAC PREKEY D , CMAC PREKEY U 及 CMAC PREKEY D 为推导 CMAC KEY U 及 CMAC KEY D 的 一个 中 间 参数。 其 中 , CMAC_PREKEY_U 及 CMAC PREKEY D生成方式为: The CMAC KEY U and CMAC KEY D are generated by the following formula: First, determine CMAC PREKEY U and CMAC PREKEY D, CMAC PREKEY U and CMAC PREKEY D to derive an intermediate parameter of CMAC KEY U and CMAC KEY D. Among them, CMAC_PREKEY_U and CMAC PREKEY D are generated as follows:
CMAC PREKEY U | CMAC PREKEY D < = Dotl6KDF ( AK, AMS MAC Address* | ABSID | "CMAC KEYS" , 256 )„ 其中, "CMACJ EYS" 为 CMACJ EYS这一字符组合对应的字符串。 256表示 4舞导结果的长度为 256bit。上式所生成的结果为 CMAC_PREKEY_U 及 CMAC PREKEY D的级联值, 前后各取 128bit即为 CMAC_PREKEY_U 及 CMAC PREKEY D的值。 CMAC PREKEY U | CMAC PREKEY D <= Dotl6KDF ( AK, AMS MAC Address* | ABSID | "CMAC KEYS" , 256 ) „ where "CMACJ EYS" is the character string corresponding to the CMACJ EYS character combination. 256 means 4 dance The length of the result is 256 bits. The result of the above formula is the concatenation value of CMAC_PREKEY_U and CMAC PREKEY D, and the value of CMAC_PREKEY_U and CMAC PREKEY D is 128 bits before and after.
CMAC PREKEY U 及 CMAC PREKEY D 生成方式也可通过下式实 现: CMAC PREKEY U | CM AC PREKEY D| KEK < = Dotl6KDF ( AK,The CMAC PREKEY U and CMAC PREKEY D generation methods can also be implemented by: CMAC PREKEY U | CM AC PREKEY D| KEK < = Dotl6KDF ( AK,
AMS MAC Address*] ABSID] "CMAC KEYS +KEK" , 384 ) 与前式不同的是, 该式一并生成了密钥 KEK, 将生成的结果分别取三次 128bit, 将分别对应于 CMAC PREKEY U、 CMAC PREKEY D及 KEK。 AMS MAC Address*] ABSID] "CMAC KEYS +KEK" , 384 ) Different from the previous formula, this formula generates the key KEK together, and the generated result is taken three times 128 bits, which will correspond to CMAC PREKEY U, respectively. CMAC PREKEY D and KEK.
CMAC KEY U及 CMAC KEY D的生成方式为: CMAC KEY U <= AESCMAC PREKEY U ( CMAC KEY COUNT ) The CMAC KEY U and CMAC KEY D are generated as follows: CMAC KEY U <= AESCMAC PREKEY U ( CMAC KEY COUNT )
CMAC KEY D <= AESCMAC PREKEY D ( CMAC KEY COUNT ) 其中, AES为高级力口密标准 ( Advanced Encryption Standard ) 算法, 通 过上述两式即可确定出 CMAC_KEY_U及 CMAC_KEY_D。 TEK的生成方式参见下式: CMAC KEY D <= AESCMAC PREKEY D ( CMAC KEY COUNT ) where AES is the Advanced Encryption Standard algorithm. Through the above two equations, CMAC_KEY_U and CMAC_KEY_D can be determined. For the generation method of TEK, see the following formula:
TEK <= Dotl6KDF ( AK, SAID | AMS MAC Address*] COUNTER TEK I "TEK" , 128 ) 其中, AK即前述方式生成的授权密钥, COUNTER_TEK为一计数器, 该计数器在终端每次完成初始或重认证 Αί受权时重置, 此后每对 ΤΕΚ进行一 次更新, 该值递增 1。 SAID为安全联盟标识, 由基站为移动台分配, 该参数 的生成可参见 IEEE 802.16m中的相关规定, 这里不再赞述。 "TEK" 即表示 TEK这一字母组合对应的字符串。 128表示 TEK的长度为 128bit。 TEK的生成方式也可通过下式实现: TEK <= Dotl6KDF ( AK, SAID | AMS MAC Address*] COUNTER TEK I "TEK" , 128 ) where AK is the authorization key generated in the foregoing manner, COUNTER_TEK is a counter, and the counter is initialized or heavy at the terminal each time. Authentication Α 重置 is reset when authorized, and each pair is updated once, and the value is incremented by 1. The SAID is the SA identity, and is assigned by the base station to the mobile station. For the generation of this parameter, refer to the relevant provisions in IEEE 802.16m, which is not mentioned here. "TEK" means the string corresponding to the letter combination of TEK. 128 indicates that the length of the TEK is 128 bits. The way TEK is generated can also be achieved by:
TEK <= Dotl6KDF ( AK, SAID | COUNTER TEK | "TEK", 128 )。 式中 的各参数含义与前述 TEK生成式中的完全相同, 这里不再赞述。 实施例四 在终端需要进行基站之间的切换时, 终端将更新的终端 MAC地址安全 计算值发送给目标基站。 图 4是根据本发明实施例四的交互流程图, 具体操 作如图 4所示, 主要包括以下的步骤 S402至步骤 S408: 步骤 S402, 终端向当前的服务基站发送终端切换命令( AAI_HO_CMD ) 消息, 以通知月艮务基站该终端需要向目标基站切换。 步骤 S404, 服务基站与目标基站进行切换确认消息交互过程, 向目标基 站确认终端即将要切换过来。 步骤 S406, 终端计算更新的终端 MAC地址的安全计算值 ( AMS MAC Address* ), 并向目标基站发送测距请求 ( RNG-REQ ) 消息, 该消息携带参 数: AMS MAC Address* , 步骤 S408, 目标基站发送测 巨响应 (RNG-RSP ) 消息给终端。 实施例五 本实施例示出了终端在进行切换时, 向目标基站传送终端 MAC地址的 另一种方法, 图 5是 居本发明实施例五的交互流程图, 如图 5所示, 包括 如下的步骤 S502至步骤 S508: 步骤 S502 , 终端向基站发送切换命令消息之前, 计算终端 MAC地址的 安全计算值, 并在切换指示消息中, 发送给服务基站。 步骤 S 504 , 服务基站与目标基站进行切换确认消息交互过程, 向目标基 站确认终端即将要切换过来。 在该过程中, 月艮务基站将终端 MAC地址的安 全计算值发送给目标基站。 步骤 S506 , 终端向目标基站发送测距请求 ( RNG-REQ ) 消息。 步骤 S508 , 目标基站发送测 巨响应 (RNG-RSP ) 消息给终端。 实施例六 终端在需要进行位置更新或退出空闲 (Idle )模式时, 终端将更新的终 端 MAC地址安全计算值发送给基站, 图 6是 居本发明实施例六的交互流 程图, 如图 6所示, 主要包括以下的步骤 S602至步骤 S604: 步骤 S602 ,在退出 Idle模式重入网触发条件满足时,终端计算终端 MAC 地址的安全计算值, 并向基站发送测距请求消息。 该消息携带参数: 终端 MAC地址的安全计算值。 步骤 S604 , 基站向终端发送测距响应消息。 实施例七 本实施例提供了一种终端私密性的保护装置。 图 7是根据本发明实施例 的终端私密性的保护装置的结构框图, 如图 7所示, 该装置的各模块分别设 置在基站 4和终端 6两侧, 其中, 基站 4侧包括: 第一接收模块 42和第一 计算模块 44 , 下面对上述结构进行描述。 第一接收模块 42 , 设置在基站 44侧, 用于在终端 6初始入网或重入网 时, 接收来自终端 6的测距请求消息, 其中, 测距请求消息中携带有终端 6 计算得到的媒体接入控制地址的安全计算值, 安全计算值用于保护真实的终 端媒体接入控制地址并标识终端 6; 第一计算模块 44 , 连接至第一接收模块 42 , 设置在基站 4侧, 用于在终端 6成功完成认证 /授权之后, 使用第一接收 模块 42接收的安全计算值计算空口密钥。 图 8是 居本发明实施例的终端私密性的保护装置的优选结构框图, 如 图 8所示, 基站 4包括: 第一发送模块 46 , 第二接收模块 48 , 终端 6包括: 第二计算模块 62 , 第二发送模块 64 , 第三计算模块 66 , 下面对上述结构进 行描述。 第一发送模块 46 , 设置在基站 4侧, 用于向终端 6发送测距响应消息, 并在其中携带安全计算值以指示测距响应消息属于终端 6;第二接收模块 48 , 设置在基站 4侧, 用于接收来自终端 6的注册请求消息, 其中, 注册请求消 息中携带有终端 6的媒体接入控制地址, 注册请求消息由终端 6根据空口密 钥进行加密。 第二计算模块 62 , 设置在终端 6侧, 用于计算媒体接入控制地址的安全 计算值; 第二发送模块 64 , 连接至第二计算模块 62 , 设置在终端 6侧, 用 于向基站 4发送携带有第二计算模块 62计算的安全计算值的测距请求消息; 第三计算模块 66 , 连接至第二计算模块 62 , 设置在终端 6侧, 用于使用第 二计算模块 62计算的安全计算值计算空口密钥。 综上所述, 通过本发明的上述实施例, 提供了一种终端私密性的保护方 案, 在终端初始入网或重入网时, 终端计算终端 MAC地址的安全运算值, 并将该终端 MAC地址安全运算值在测距请求消息中发送给基站。 当终端成 功完成认证 受权后, 终端和网络侧在计算空中接口的派生密钥时, 用该终端 MAC地址安全计算值计算相关空口密钥, 解决了 802.16m现在定义的终端 私密性( AMS Privacy ) 中没有解决 AMS MAC Address明文传输所带来的风 险的问题, 进而提高了系统的安全性。 显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤可 以用通用的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布 在多个计算装置所组成的网络上, 可选地, 它们可以用计算装置可执行的程 序代码来实现, 从而, 可以将它们存储在存储装置中由计算装置来执行, 或 者将它们分别制作成各个集成电路模块, 或者将它们中的多个模块或步骤制 作成单个集成电路模块来实现。 这样, 本发明不限制于任何特定的硬件和软 件结合。 以上所述仅为本发明的优选实施例而已, 并不限于 IEEE 802.16系统, 可以将它的相关模式应用于其它无线通信系统中。 对于本领域的技术人员来 说, 本发明可以有各种更改和变化。 凡在本发明的精神和原则之内, 所作的 任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。 TEK <= Dotl6KDF ( AK, SAID | COUNTER TEK | "TEK", 128 ). The meanings of the parameters in the formula are exactly the same as those in the aforementioned TEK generation formula, and are not mentioned here. In the fourth embodiment, when the terminal needs to perform handover between the base stations, the terminal sends the updated terminal MAC address security calculation value to the target base station. 4 is an interaction flowchart according to Embodiment 4 of the present invention. The specific operation is as shown in FIG. 4, and mainly includes the following steps S402 to S408: Step S402: The terminal sends a terminal handover command (AAI_HO_CMD) message to the current serving base station, In order to notify the monthly base station, the terminal needs to switch to the target base station. Step S404: The serving base station performs a handover confirmation message interaction process with the target base station, and confirms to the target base station that the terminal is about to switch. Step S406, the terminal calculates a security calculation value (AMS MAC Address*) of the updated terminal MAC address, and sends a ranging request (RNG-REQ) message to the target base station, where the message carries the parameter: AMS MAC Address*, step S408, target The base station sends a measurement macro response (RNG-RSP) message to the terminal. Embodiment 5 This embodiment shows that a terminal transmits a terminal MAC address to a target base station when performing handover. Another method, FIG. 5 is an interaction flowchart of Embodiment 5 of the present invention. As shown in FIG. 5, the method includes the following steps S502 to S508: Step S502: Before the terminal sends a handover command message to the base station, calculate the terminal MAC address. The security calculation value is sent to the serving base station in the handover indication message. Step S504: The serving base station performs a handover confirmation message interaction process with the target base station, and confirms to the target base station that the terminal is about to switch. In the process, the monthly base station transmits the security calculation value of the terminal MAC address to the target base station. Step S506: The terminal sends a ranging request (RNG-REQ) message to the target base station. Step S508, the target base station sends a measurement response (RNG-RSP) message to the terminal. In the sixth embodiment, when the terminal needs to perform the location update or the Idle mode, the terminal sends the updated terminal MAC address security calculation value to the base station. FIG. 6 is an interaction flowchart of the sixth embodiment of the present invention, as shown in FIG. The method mainly includes the following steps S602 to S604: Step S602, when the Idle mode re-entry network trigger condition is satisfied, the terminal calculates a security calculation value of the terminal MAC address, and sends a ranging request message to the base station. The message carries parameters: a secure calculated value of the terminal MAC address. Step S604: The base station sends a ranging response message to the terminal. Embodiment 7 This embodiment provides a protection device for terminal privacy. FIG. 7 is a structural block diagram of a device for protecting privacy of a terminal according to an embodiment of the present invention. As shown in FIG. 7, each module of the device is disposed on both sides of the base station 4 and the terminal 6, wherein the base station 4 side includes: The receiving module 42 and the first calculating module 44 are described below. The first receiving module 42 is disposed on the side of the base station 44, and is configured to receive a ranging request message from the terminal 6 when the terminal 6 initially enters the network or re-enters the network, where the ranging request message carries the media connection calculated by the terminal 6. The security calculation value of the control address is used to protect the real terminal media access control address and identify the terminal 6; the first calculation module 44 is connected to the first receiving module 42 and is disposed on the base station 4 side for After the terminal 6 successfully completes the authentication/authorization, the first reception is used. The security calculation value received by module 42 calculates the air interface key. FIG. 8 is a block diagram of a preferred structure of a device for protecting privacy of a terminal according to an embodiment of the present invention. As shown in FIG. 8, the base station 4 includes: a first sending module 46, a second receiving module 48, and the terminal 6 includes: a second computing module 62. The second sending module 64 and the third calculating module 66. The foregoing structure is described below. The first sending module 46 is disposed on the base station 4 side, and is configured to send a ranging response message to the terminal 6, and carry a security calculation value therein to indicate that the ranging response message belongs to the terminal 6; the second receiving module 48 is disposed at the base station 4. The side is configured to receive a registration request message from the terminal 6, where the registration request message carries the media access control address of the terminal 6, and the registration request message is encrypted by the terminal 6 according to the air interface key. The second calculation module 62 is disposed on the terminal 6 side for calculating a security calculation value of the media access control address. The second sending module 64 is connected to the second calculation module 62 and is disposed on the terminal 6 side for the base station 4 Sending a ranging request message carrying the security calculation value calculated by the second calculation module 62; the third calculation module 66 is connected to the second calculation module 62, and is disposed on the terminal 6 side for security calculated by using the second calculation module 62. Calculate the value to calculate the air interface key. In summary, the foregoing embodiment of the present invention provides a protection scheme for terminal privacy. When the terminal initially enters the network or re-enters the network, the terminal calculates a security operation value of the terminal MAC address, and secures the terminal MAC address. The calculated value is sent to the base station in the ranging request message. After the terminal successfully completes the authentication authorization, the terminal and the network side calculate the relevant air interface key by using the terminal MAC address security calculation value when calculating the derived key of the air interface, and solve the terminal privacy defined by 802.16m (AMS Privacy). There is no problem in solving the risk caused by the AMS MAC Address plaintext transmission, which improves the security of the system. Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device, or they may be separately fabricated into individual integrated circuit modules, or they may be Multiple modules or steps are made into a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software. The above description is only a preferred embodiment of the present invention, and is not limited to the IEEE 802.16 system. Its associated mode can be applied to other wireless communication systems. It will be apparent to those skilled in the art that various modifications and changes can be made in the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims

权 利 要 求 书 Claim
1. 一种终端私密性的保护方法, 其特征在于, 包括: A method for protecting terminal privacy, characterized in that it comprises:
在终端初始入网或重入网时, 基站接收来自所述终端的测距请求消 息, 其中, 所述测距请求消息中携带有所述终端计算得到的媒体接入控 制地址的安全计算值, 所述安全计算值用于保护真实的终端媒体接入控 制地址并标识所述终端;  When the terminal initially enters the network or re-enters the network, the base station receives the ranging request message from the terminal, where the ranging request message carries the security calculation value of the media access control address calculated by the terminal, The security calculation value is used to protect the real terminal media access control address and identify the terminal;
在所述终端成功完成认证 受权之后, 所述基站使用所述安全计算值 计算空口密钥。  After the terminal successfully completes the authentication authorization, the base station calculates the air interface key using the security calculation value.
2. 根据权利要求 1所述的方法, 其特征在于, 在所述基站接收来自所述终 端的所述测距请求消息之前, 所述方法还包括: The method according to claim 1, wherein before the receiving, by the base station, the ranging request message from the terminal, the method further includes:
所述终端计算所述媒体接入控制地址的所述安全计算值, 并向所述 基站发送测 巨请求消息。  The terminal calculates the security calculation value of the media access control address, and sends a measurement request message to the base station.
3. 居权利要求 2所述的方法, 其特征在于, 所述终端 -据终端媒体接入 控制地址以及至少以下之一计算所述媒体接入控制地址的所述安全计算 值: 3. The method of claim 2, wherein the terminal calculates the security calculation value of the media access control address according to a terminal media access control address and at least one of:
终端生成的随机数、 基站生成的随机数、 基站标识。  The random number generated by the terminal, the random number generated by the base station, and the base station identifier.
4. 根据权利要求 1所述的方法, 其特征在于, 在所述基站接收来自所述终 端的所述测距请求消息之后, 所述方法还包括: The method according to claim 1, wherein after the base station receives the ranging request message from the terminal, the method further includes:
所述基站向所述终端发送测距响应消息, 并在其中携带所述安全计 算值以指示所述测距响应消息属于所述终端。  The base station sends a ranging response message to the terminal, and carries the security calculation value therein to indicate that the ranging response message belongs to the terminal.
5. 居权利要求 1 所述的方法, 其特征在于, 在所述终端成功完成认证 / •ί受权之后, 所述方法还包括: The method of claim 1, wherein after the terminal successfully completes the authentication/authorization, the method further includes:
所述终端使用所述安全计算值计算所述空口密钥。  The terminal calculates the air interface key using the security calculation value.
6. 根据权利要求 1所述的方法, 其特征在于, 在所述基站使用所述安全计 算值计算所述空口密钥之后, 所述方法还包括: 所述基站接收来自所述终端的注册请求消息, 其中, 所述注册请求 消息中携带有所述终端的所述媒体接入控制地址, 所述注册请求消息由 所述终端 -据所述空口密钥进行加密。 The method according to claim 1, wherein after the base station calculates the air interface key by using the security calculation value, the method further includes: The base station receives a registration request message from the terminal, where the registration request message carries the media access control address of the terminal, and the registration request message is received by the terminal according to the air interface. The key is encrypted.
7. 根据权利要求 1所述的方法, 其特征在于, 在所述终端需要进行基站之 间的切换时, 所述基站作为所述终端进行切换的目标基站, 所述目标基 站接收来自所述终端的测距请求消息, 其中, 所述测距请求消息中携带 有所述安全计算值。 The method according to claim 1, wherein when the terminal needs to perform handover between base stations, the base station serves as a target base station for handover by the terminal, and the target base station receives the terminal from the terminal. The ranging request message, where the ranging request message carries the security calculation value.
8. 根据权利要求 1所述的方法, 其特征在于, 在所述终端需要进行基站之 间的切换, 且所述基站作为所述终端进行切换的目标基站时, 所述目标 基站接收所述终端经由所述服务基站在切换命令消息中发送的所述安全 计算值。 The method according to claim 1, wherein when the terminal needs to perform handover between base stations, and the base station serves as a target base station for handover by the terminal, the target base station receives the terminal The security calculation value sent in the handover command message via the serving base station.
9. 根据权利要求 1所述的方法, 其特征在于, 在所述终端进行退出空闲模 式重入网时, 所述基站接收来自所述终端的测距请求消息, 其中, 所述 测距请求消息中携带有所述安全计算值。 The method according to claim 1, wherein the base station receives a ranging request message from the terminal when the terminal performs the exiting the idle mode re-entry network, where the ranging request message is Carrying the safety calculation value.
10. 根据权利要求 1至 9中任一项所述的方法, 其特征在于, 所述安全计算 值至少包括以下之一: The method according to any one of claims 1 to 9, wherein the security calculation value comprises at least one of the following:
哈希值、 加密运算值, 其中, 所述哈希值根据以下算法之一进行计 算: 信消摘要算法、 安全的哈希算法、 密文分组链接消息认证码算法、 Dotl6KDF算法。  The hash value and the encrypted operation value, wherein the hash value is calculated according to one of the following algorithms: a credit abstraction algorithm, a secure hash algorithm, a ciphertext packet link message authentication code algorithm, and a Dotl6KDF algorithm.
11. 根据权利要求 1至 9中任一项所述的方法, 其特征在于, 所述空口密钥 至少包括以下之一: The method according to any one of claims 1 to 9, wherein the air interface key comprises at least one of the following:
授权密钥、 消息完整性保护密钥、 传输加密密钥、 密钥加密密钥。  Authorization key, message integrity protection key, transport encryption key, key encryption key.
12. 一种终端私密性的保护装置, 其特征在于, 包括: 12. A terminal privacy protection device, comprising:
第一接收模块, 设置在基站侧, 用于在终端初始入网或重入网时, 接收来自所述终端的测距请求消息, 其中, 所述测距请求消息中携带有 所述终端计算得到的媒体接入控制地址的安全计算值, 所述安全计算值 用于保护真实的终端媒体接入控制地址并标识所述终端;  a first receiving module, configured on the base station side, is configured to receive a ranging request message from the terminal when the terminal initially enters the network or re-enters the network, where the ranging request message carries the media calculated by the terminal a security calculation value of the access control address, where the security calculation value is used to protect a real terminal media access control address and identify the terminal;
第一计算模块, 设置在基站侧, 用于在所述终端成功完成认证 /授权 之后, 使用所述第一接收模块接收的所述安全计算值计算空口密钥。 The first computing module is configured to be configured on the base station side, and configured to calculate an air interface key by using the security calculation value received by the first receiving module after the terminal successfully completes the authentication/authorization.
13. 根据权利要求 12所述的装置, 其特征在于, 还包括: 13. The device according to claim 12, further comprising:
第一发送模块, 设置在基站侧, 用于向所述终端发送测距响应消息, 并在其中携带所述安全计算值以指示所述测距响应消息属于所述终端; 第二接收模块, 设置在基站侧, 用于接收来自所述终端的注册请求 消息, 其中, 所述注册请求消息中携带有所述终端的所述媒体接入控制 地址, 所述注册请求消息由所述终端才艮据所述空口密钥进行加密;  a first sending module, configured to send a ranging response message to the terminal, and carry the security calculation value to indicate that the ranging response message belongs to the terminal; the second receiving module, setting a base station side, configured to receive a registration request message from the terminal, where the registration request message carries the media access control address of the terminal, where the registration request message is used by the terminal The air interface key is encrypted;
第二计算模块, 设置在终端侧, 用于计算所述媒体接入控制地址的 所述安全计算值; 第二发送模块, 设置在终端侧, 用于向所述基站发送测距请求消息; 第三计算模块, 设置在终端侧, 用于使用所述安全计算值计算所述 空口密钥。  a second calculation module, configured to be configured to calculate the security calculation value of the media access control address, where the second sending module is configured to send a ranging request message to the base station; And a third calculation module, configured on the terminal side, configured to calculate the air interface key by using the security calculation value.
PCT/CN2010/075041 2009-07-08 2010-07-07 Method and device for protecting terminal privacy WO2011003352A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910159341.2 2009-07-08
CNA2009101593412A CN101610511A (en) 2009-07-08 2009-07-08 The guard method of terminal privacy and device

Publications (1)

Publication Number Publication Date
WO2011003352A1 true WO2011003352A1 (en) 2011-01-13

Family

ID=41484042

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/075041 WO2011003352A1 (en) 2009-07-08 2010-07-07 Method and device for protecting terminal privacy

Country Status (2)

Country Link
CN (1) CN101610511A (en)
WO (1) WO2011003352A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017026930A1 (en) * 2015-08-11 2017-02-16 Telefonaktiebolaget Lm Ericsson (Publ) Methods and devices for privacy enhancement in networks

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101610511A (en) * 2009-07-08 2009-12-23 中兴通讯股份有限公司 The guard method of terminal privacy and device
CN102196532A (en) * 2010-03-05 2011-09-21 中兴通讯股份有限公司 Network access method and system
CN110177371B (en) * 2019-04-04 2022-06-21 创新先进技术有限公司 Method and device for generating equipment identification information
WO2024092827A1 (en) * 2022-11-04 2024-05-10 北京小米移动软件有限公司 Ranging method and apparatus

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1677919A (en) * 2004-03-29 2005-10-05 三洋电机株式会社 Radio transmission device, mutual authentication method and mutual authentication program
CN101014185A (en) * 2005-08-23 2007-08-08 华为技术有限公司 Method for checking distance measurement information and wireless access network
WO2008153284A2 (en) * 2007-06-14 2008-12-18 Lg Electronics Inc. Method for providing confidentiality protection of control signaling using certificate
CN101610511A (en) * 2009-07-08 2009-12-23 中兴通讯股份有限公司 The guard method of terminal privacy and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1677919A (en) * 2004-03-29 2005-10-05 三洋电机株式会社 Radio transmission device, mutual authentication method and mutual authentication program
CN101014185A (en) * 2005-08-23 2007-08-08 华为技术有限公司 Method for checking distance measurement information and wireless access network
WO2008153284A2 (en) * 2007-06-14 2008-12-18 Lg Electronics Inc. Method for providing confidentiality protection of control signaling using certificate
CN101610511A (en) * 2009-07-08 2009-12-23 中兴通讯股份有限公司 The guard method of terminal privacy and device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017026930A1 (en) * 2015-08-11 2017-02-16 Telefonaktiebolaget Lm Ericsson (Publ) Methods and devices for privacy enhancement in networks

Also Published As

Publication number Publication date
CN101610511A (en) 2009-12-23

Similar Documents

Publication Publication Date Title
US11122428B2 (en) Transmission data protection system, method, and apparatus
EP1946580B1 (en) Method of providing security for relay station
US9392453B2 (en) Authentication
CN102144371B (en) Method for selectively encrypting control signal
CN102823282B (en) Key authentication method for binary CDMA
US8380980B2 (en) System and method for providing security in mobile WiMAX network system
CN109923830A (en) System and method for configuring wireless network access device
CN108880813B (en) Method and device for realizing attachment process
US20110154029A1 (en) Method of encrypting control signaling
EP2288195A2 (en) Method and apparatus for reducing overhead for integrity check of data in wireless communication system
WO2009148261A2 (en) Method of deriving and updating traffic encryption key
TW200950441A (en) Mobile station and base station and method for deriving traffic encryption key
CN107920350A (en) Privacy protection switching authentication method based on SDN and 5G heterogeneous network
JP2011507369A (en) Method and apparatus for generating a radio base station key in a cellular radio system
CN102056157A (en) Method, system and device for determining keys and ciphertexts
WO2011003352A1 (en) Method and device for protecting terminal privacy
JP2015122764A (en) Radio communication device and operation method of radio communication device
US20100257364A1 (en) Apparatus and method for processing authentication of handover ranging message in wireless communication system
US11019037B2 (en) Security improvements in a wireless data exchange protocol
CN101510825B (en) Protection method and system for management message
KR101670743B1 (en) Method and Apparatus for traffic count key management and key count management
CN101742492A (en) Key processing method and system
CN101668289B (en) Method and system for updating air interface secret key in wireless communication system
CN101583130B (en) The generation method and apparatus of air interface key
CN110169128B (en) Communication method, device and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10796729

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10796729

Country of ref document: EP

Kind code of ref document: A1