WO2014071585A1

WO2014071585A1 - Method and device for obtaining public key

Info

Publication number: WO2014071585A1
Application number: PCT/CN2012/084291
Authority: WO
Inventors: 毕晓宇; 许怡娴; 陈璟; 熊春山
Original assignee: 华为技术有限公司
Priority date: 2012-11-08
Filing date: 2012-11-08
Publication date: 2014-05-15
Also published as: JP2015535417A; CN103931214A; CN103931214B

Abstract

Disclosed is a method for obtaining a public key. The method comprises: a local CA obtaining a cross certificate of a non-local CA or a local CBE obtaining the cross certificate or an implicit certificate of the non-local CA; the local CA delivering the obtained cross certificate of the non-local CA to a user or the local CBE delivering the obtained cross certificate or implicit certificate of the non-local CA to the user, enabling the user to calculate the public key of the local CA according to the public key of the non-local CA and the cross certificate or implicit certificate of the non-local CA. This solves a problem that a PWS message cannot be verified if an implicit certificate mode is used but a UE is not configured with a global CA public key.

Description

Method and device for obtaining public key

Technical field

The invention belongs to the field of communications, and in particular relates to a method and a device for acquiring a public key.

Background technique

Public Warning System (PWS) ) is a public alarm system that alerts natural disasters or man-made accidents that may cause damage to human life and property. When natural disasters, such as floods, hurricanes, or man-made accidents, such as chemical gas leaks, explosion threats, and nuclear threats, complement the existing broadcast communication system. The PWS service is provided to the user by the telecommunications carrier (the content of which can be provided by the alert information provider) Provided). When certain events occur, the operator or the alarm information supply department generates an alarm message. To the operator. Operators use their network to send alerts to users. Since the release of such messages as PWS will likely cause large-scale panic, the security requirements are also high. According to PWS Security requirements, security mechanisms should prevent false alarm notifications; the integrity of alarm notifications should be protected; the source of alarm notifications should be identified.

PWS public alarm security is a research hotspot in the SA3 organization of the 3GPP standards organization, and different equipment vendors propose different security solutions. The SA3 standard discussed the certificate-based programming scenario at the 67th meeting, and the specific programme was discussed at the 68th meeting, and the programme was discussed through a PWS called TR33.869. One of the security options. This implicit certificate Implicit certificate is specifically planned to deploy several or more global certification authority centers on a global scale ( Certification Authority, CA) is the security initial node of PWS. User ( User Equipment , UE The public keys of these global CAs are pre-configured in ). The cell broadcast entity periodically obtains an Implicit certificate from a global CA and will Implicit Certificate is transmitted as a secure part of the PWS message. The public key of the cell broadcast entity is the public key of the CA and Implicit certificate Calculated. Thereby the UE verifies the signature of the PWS message by the public key of the cell broadcast entity. Methods as below:

Step1: Deploy multiple global CAs globally and configure the public keys of these CAs in the UE;

Step2: Cell Broadcast Entity (CBE) ) Periodically obtain an Implicit Certificate from a global CA, that is, the CA issues an Implicit Certificate for the CBE.

Step3: Public alarm event occurs, CBE passes the cell broadcast center (Cell Broadcast Centre , CBC) Broadcasts a PWS message to the alarm location. The PWS message contains the PWS message and the security part. The security section specifically includes the CBE's signature of the PWS message and the CA. Implicit Certificate issued to CBE.

When the UE receives the PWS message, it first uses the public key of the locally saved CA in combination with the PWS message. Implicit certificate computes the CBE's public key (Signer's Public key ) and then validates the PWS via the CBE's public key The signature of the message to identify whether the received PWS message is a legitimate public alert message.

The basis for this Implicit Certificate-based approach is the deployment of a global CA on the UE. Public key, so when the UE receives a message containing a PWS message and a secure message, it calculates the CBE using the pre-configured CA public key and the Implicit Certificate certificate. The public key in turn verifies the signature of the PWS message. But there is a scenario that exposes the problem of this scenario: when a UE roams into such a network, no global CA is deployed in the network. Or, for some reason, a carrier network in a country uses its own deployed CAx, which is not in the global CA list. The UE will not pre-configure information to the CAx (CAx) Public key) This will cause the UE to fail to verify PWS messages after roaming to receive PWS messages locally.

technical problem

An object of the embodiments of the present invention is to provide a method for obtaining a public key, which solves how to make a UE if it is not configured locally. The CAx public key, how to implement the UE to verify the PWS message in this scenario.

Technical solution

In a first aspect, a method for obtaining a public key, the method comprising:

The network element receives the global authentication authority CA list or the determined CA information reported by the user;

Obtaining the global when the local CA is not in the global CA list or the local CA is not the determined CA a cross-certificate or an implicit certificate of any CA in the CA list; or a cross-certificate or an implicit certificate of the determined CA;

The network element sends the obtained cross-certificate or the implicit certificate, or the information of the cross-certificate obtained by the network element or the information of the implicit certificate to the user, so that the user calculates the office according to the cross-certificate or the implicit certificate. Local CA The public key or the local cell broadcasts the public key of the entity CBE, and enables the user to verify the public alarm system PWS delivered to the user by the local CBE according to the public key of the local CA or the public key of the local CBE. Message.

With reference to the first aspect, in a first possible implementation manner of the first aspect, the method further includes:

The network element sends the obtained cross-certificate or the implicit certificate to the application server, and the application server sends the cross-certificate or the implicit certificate, or the cross-certificate information or the implicit certificate information to the network server. User, causing the user to calculate the local according to the cross certificate or implicit certificate The public key of the CA or the public key of the local cell broadcast entity CBE, and the user verifies the public alarm system PWS of the local CBE delivery user according to the public key of the local CA or the public key of the local CBE. Message.

In conjunction with the first aspect or the first possible implementation of the first aspect, in a second possible implementation of the first aspect, the method further includes:

When the network element stores the public key of the local CBE or the public key of the local CA, the network element directly uses the local CBE The public key or the public key of the local CA is sent to the user, so that the user verifies the PWS message sent by the local CBE to the user according to the public key of the local CBE or the public key of the local CA.

With reference to the first aspect, or the first possible implementation of the first aspect, or the second possible implementation of the first aspect, in a third possible implementation manner of the first aspect, the network element includes:

Core network node, CBE, CA

The core network node in the LTE network, the network element entity is an MME, and in the UMTS network, the network element entity is SGSN, the network element entity in the GSM or GPRS network is MSG or SGSN.

A second aspect is a method for obtaining a public key, the method comprising:

The user reports the global CA list or the determined CA information to the network element.

The user receives the cross certificate or the implicit certificate issued by the network element, or the information of the cross certificate or the implicit certificate, and sends the PWS to the user according to the cross certificate or the implicit certificate to the local CBE. The message is verified.

In conjunction with the second aspect, in a first possible implementation of the second aspect, The user receives the cross certificate or the implicit certificate issued by the network element, or the information of the cross certificate or the implicit certificate, and sends the PWS to the user according to the cross certificate or the implicit certificate to the local CBE. The message is verified as follows:

Receiving, by the user, a cross certificate issued by the network element, or the information of the cross certificate, calculating a local CA according to the cross certificate and a public key of a CA in the global CA corresponding to the cross certificate The public key of the local CA is calculated according to the calculated public key of the local CA, and the public key of the local CBE is calculated according to the implicit certificate in the PWS message delivered by the local CBE, and the public key is verified according to the public key of the local CBE. The signature of the PWS message.

In conjunction with the first possible implementation of the second aspect, in a second possible implementation of the second aspect, The user receives the cross certificate or the implicit certificate issued by the network element, or the information of the cross certificate or the implicit certificate, and sends the PWS to the user according to the cross certificate or the implicit certificate to the local CBE. The message is verified as follows:

Receiving, by the user, an implicit certificate issued by the network element, or the information of the implicit certificate, calculating a local CBE according to the implicit certificate and a public key of a CA in the global CA corresponding to the implicit certificate The user's public key, the user verifies the signature of the PWS message delivered by the local CBE according to the calculated public key of the local CBE.

With reference to the second aspect, in a third possible implementation manner of the second aspect, the method further includes:

Receiving, by the user, a local CBE public key and/or a local CA public key delivered by the network element, according to the local CBE The PWS message delivered by the local CBE is verified by the public key and / or the local CA public key.

In conjunction with the fourth possible implementation of the second aspect, in a fifth possible implementation manner of the second aspect, Receiving, by the user, the local CBE public key and/or the local CA public key delivered by the network element, and the PWS delivered by the local CBE according to the local CBE public key or the local CA public key The message is verified as follows:

When the user receives the local CBE public key delivered by the network element, the local CBE is directly verified according to the local CBE public key. PWS message delivered;

Or when the user receives the local CA public key delivered by the network element, according to the local CA public key and the local CBE The implicit certificate in the issued PWS message calculates the public key of the local CBE, and verifies the PWS message delivered by the local CBE according to the calculated public key of the local CBE.

A third aspect, a network element, where the network element includes:

a receiving unit, configured to receive a global certification authority CA list or determined CA information reported by the user;

An obtaining unit, configured to: when the local CA is not in the global CA list or the local CA is not the determined CA Obtaining a cross-certificate or an implicit certificate of any one of the global CA lists; or obtaining a cross-certificate or an implicit certificate of the determined CA;

a first sending unit, configured to send, by the network element, a cross-certificate or an implicit certificate, or the information of the cross-certificate obtained by the network element or the information of the implicit certificate to the user, so that the user according to the Cross-certificate or implicit certificate to calculate the local The public key of the CA or the local cell broadcasts the public key of the entity CBE, and enables the user to verify the public alarm system delivered to the user by the local CBE according to the public key of the local CA or the public key of the local CBE. PWS message.

In conjunction with the third aspect, in a first possible implementation of the third aspect, The network element further includes a sending unit, where the sending unit includes:

With reference to the third aspect or the first possible implementation manner of the third aspect, in a second possible implementation manner of the third aspect, The network element further includes a second sending unit, where the second lower unit includes:

In conjunction with the second possible implementation of the third aspect, in a third possible implementation manner of the third aspect, the network element includes:

Core network node, CBE, CA

A fourth aspect, a terminal device, where the terminal device includes:

An information sending unit, configured to report, by the user, the global CA list or the determined CA information to the network element;

Receiving a verification unit, configured to receive, by the user, a cross certificate or an implicit certificate issued by the network element, or a cross certificate or an implicit certificate, and send the local CBE to the local CBE according to the cross certificate or the implicit certificate users The PWS message is verified.

With reference to the fourth aspect, in a first possible implementation manner of the fourth aspect, The receiving and verifying unit includes a first receiving and verifying unit, and the first receiving and verifying unit includes:

With reference to the first possible implementation manner of the fourth aspect, in a second possible implementation manner of the fourth aspect, The receiving verification unit includes a second receiving verification unit, and the second receiving verification unit includes:

In conjunction with the second possible implementation of the fourth aspect, in a third possible implementation manner of the fourth aspect, The terminal device further includes a third receiving verification unit, where the third receiving verification unit includes:

In conjunction with the fourth possible implementation of the fourth aspect, in a fifth possible implementation manner of the fourth aspect, The third receiving verification unit includes:

A fifth aspect, a network element, where the network element includes:

With reference to the fifth aspect, in a first possible implementation manner of the fifth aspect, The network element includes a processor, a communication interface, a memory, and a bus;

The processor, the communication interface, and the memory complete communication with each other through the bus;

The communication interface is configured to communicate with other Wangyu devices;

The processor is configured to execute a program;

The memory is configured to store a program;

The program is used to receive the global certification authority CA list or the determined CA information reported by the user; when the local CA Obtaining a cross-certificate or an implicit certificate of any one of the global CA lists when the global CA list or the local CA is not the determined CA; or obtaining the determined CA a cross-certificate or an implicit certificate; the network element will send the obtained cross-certificate or the implicit certificate, or the information of the cross-certificate obtained by the network element or the information of the implicit certificate to the user, so that the user according to the Cross-certificate or implicit certificate to calculate the local The public key of the CA or the local cell broadcasts the public key of the entity CBE, and enables the user to verify the public alarm system delivered to the user by the local CBE according to the public key of the local CA or the public key of the local CBE. PWS message.

With reference to the first possible implementation manner of the fifth aspect, in a second possible implementation manner of the fifth aspect, The network element further includes a sending unit, where the sending unit includes:

With reference to the first possible implementation manner of the fifth aspect, or the second possible implementation manner of the fifth aspect, in a third possible implementation manner of the fifth aspect, the network element Also included is a second delivery unit, the second lower unit comprising:

With reference to the third possible implementation manner of the fifth aspect, in a fourth possible implementation manner of the fifth aspect, the network element includes:

Core network node, CBE, CA

A sixth aspect, a terminal device, where the terminal device includes:

With reference to the sixth aspect, in a first possible implementation manner of the sixth aspect, The network element includes a processor, a communication interface, a memory, and a bus;

The communication interface is configured to communicate with other network elements;

The processor is configured to execute a program;

The memory is configured to store a program;

The program is used by the user to list the global CA or determine the CA. The information is reported to the network element; the user receives the cross certificate or the implicit certificate issued by the network element, or the information of the cross certificate or the implicit certificate, and the local CBE is performed according to the cross certificate or the implicit certificate. Sent to the user The PWS message is verified.

With reference to the first possible implementation manner of the sixth aspect, in a second possible implementation manner of the sixth aspect, The receiving and verifying unit includes a first receiving and verifying unit, and the first receiving and verifying unit includes:

In conjunction with the second possible implementation of the sixth aspect, in a third possible implementation manner of the sixth aspect, The receiving verification unit includes a second receiving verification unit, and the second receiving verification unit includes:

In conjunction with the third possible implementation of the sixth aspect, in a fourth possible implementation manner of the sixth aspect, The terminal device further includes a third receiving verification unit, where the third receiving verification unit includes:

With reference to the fourth possible implementation manner of the sixth aspect, in a fifth possible implementation manner of the sixth aspect, The third receiving verification unit includes:

Beneficial effect

An embodiment of the present invention provides a method for obtaining a public key, where the method reports a global CA list or a determined CA, and the local Obtaining, by the MME, a cross-certificate of any one of the global CA lists, or a cross-certificate of the determined CA, according to the global list or the determined CA, the local MME The obtained cross-certificate is delivered to the user, so that the user calculates the public key of the local CBE, so that when the user roams outside the CA list deployed by the operator, the CA can be passed through any CA in the CA list. The cross-certificate sent to the local NE is used to calculate the public key of the local network element CBE, so as to verify the PWS message sent by the local CBE to the user.

DRAWINGS

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings to be used in the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without paying for creative labor.

1 is a flowchart of a method for obtaining a public key according to Embodiment 1 of the present invention;

2 is a flowchart of a method for obtaining a public key according to Embodiment 2 of the present invention;

3 is a schematic diagram of a method for obtaining a public key according to Embodiment 2 of the present invention;

4 is a schematic diagram of a method for obtaining a public key according to Embodiment 2 of the present invention;

FIG. 5 is a schematic diagram of a method for obtaining a public key according to Embodiment 2 of the present invention; FIG.

6 is a schematic diagram of a method for obtaining a public key according to Embodiment 2 of the present invention;

7 is a flowchart of a method for obtaining a public key according to Embodiment 3 of the present invention;

FIG. 8 is a schematic diagram of a method for obtaining a public key according to Embodiment 3 of the present invention; FIG.

FIG. 9 is a schematic diagram of a method for obtaining a public key according to Embodiment 3 of the present invention; FIG.

FIG. 10 is a schematic diagram of a method for obtaining a public key according to Embodiment 3 of the present invention; FIG.

FIG. 11 is a schematic diagram of a method for obtaining a public key according to Embodiment 3 of the present invention; FIG.

FIG. 12 is a schematic diagram of a method for obtaining a public key according to Embodiment 3 of the present invention; FIG.

FIG. 13 is a schematic diagram of a method for obtaining a public key according to Embodiment 3 of the present invention; FIG.

14 is a flowchart of a method for obtaining a public key according to Embodiment 4 of the present invention;

15 is a schematic diagram of a method for obtaining a public key according to Embodiment 4 of the present invention;

16 is a schematic diagram of a method for obtaining a public key according to Embodiment 4 of the present invention;

17 is a schematic diagram of a method for obtaining a public key according to Embodiment 4 of the present invention;

18 is a schematic diagram of a method for obtaining a public key according to Embodiment 4 of the present invention;

FIG. 19 is a schematic diagram of a method for obtaining a public key according to Embodiment 4 of the present invention; FIG.

20 is a schematic diagram of a method for obtaining a public key according to Embodiment 4 of the present invention;

21 is a schematic diagram of a method for obtaining a public key according to Embodiment 4 of the present invention;

FIG. 22 is a schematic diagram of a method for obtaining a public key according to Embodiment 4 of the present invention; FIG.

23 is a flowchart of a method for obtaining a public key according to Embodiment 5 of the present invention;

24 is a schematic diagram of a method for obtaining a public key according to Embodiment 5 of the present invention;

25 is a schematic diagram of a method for obtaining a public key according to Embodiment 5 of the present invention;

26 is a schematic diagram of a method for obtaining a public key according to Embodiment 5 of the present invention;

27 is a schematic diagram of a method for obtaining a public key according to Embodiment 6 of the present invention;

28 is a structural diagram of a device of a network element according to Embodiment 7 of the present invention;

29 is a structural diagram of a device of a network element according to Embodiment 8 of the present invention;

30 is a structural diagram of a device of a network element according to Embodiment 9 of the present invention;

31 is a structural diagram of a device of a network element according to Embodiment 10 of the present invention;

32 is a structural diagram of a device of a network element according to Embodiment 11 of the present invention;

33 is a structural diagram of a device of a terminal device according to Embodiment 12 of the present invention;

FIG. 34 is a structural diagram of a device of a network element according to Embodiment 13 of the present invention; FIG.

35 is a structural diagram of a device of a terminal device according to Embodiment 14 of the present invention.

Embodiments of the invention

The present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. Within the scope.

Embodiment 1

Referring to FIG. 1, FIG. 1 is a flowchart of a method for obtaining a public key according to Embodiment 1 of the present invention. As shown in Figure 1:

Step 101: The network element receives the global authentication and authorization center CA list or the determined CA information reported by the user.

In this step, the network element includes:

Core network node, CBE, CA

The core network node in the LTE network, the network element entity is an MME, and in the UMTS network, the network element entity is SGSN, in the GSM or GPRS network, the network element entity is an MSC or SGSN, or a CBC node.

When a user attaches to a roaming network, and the optional user does not pre-store the public key of the local CA or the local CBE of the roaming network, the PWS message or other message delivered by the local CBE cannot be verified. If a mutual trust relationship is established between global CAs, the user's authentication of PWS messages can be achieved through trust between CAs. Therefore, if the UE roams to a special network where CA _X is deployed, in order to authenticate the PWS message, a security association can be established between CA _X and CA1 and CA _{X can} obtain the cross-certificate of CA1. A cross-certificate is a certificate issued between CAs. Among them, CAx deploys its own network CA for the user roaming network, which is not within the planned global CA scope; CA1 belongs to the global CA scope and is one of the user-preconfigured global CAs.

If there is no mutual trust between the CAs, CAx needs to go to CA1. Establish a mutual trust relationship and obtain a cross-certificate. Otherwise, if the mutual trust relationship cannot be established, CA1 will not be able to verify the PWS message delivered by the local CBE, and cannot inform the user of PWS. Security, at this time, the user will decide whether to continue the PWS alarm message sent by the local CBE.

Step 102: When the local CA is not in the global CA list or the local CA is not the determined CA Obtaining a cross-certificate or an implicit certificate of any one of the global CA lists; or obtaining a cross-certificate or an implicit certificate of the determined CA;

In this step, the optional user can list the global CA or determine the CA. The information is reported to the roaming network, that is, the network element of the local network, so that the local network element determines, according to the global CA list or the determined CA information, whether the local network pre-stores any one of the global CA lists. Cross-certificate or implicit certificate of the CA, or whether the local network pre-stores the determined CA A cross-certificate or an implicit certificate in the message. If the local network element is saved, the local network element is directly sent to the user; if the local network element is not stored, the local network element obtains a cross certificate of any one of the global lists or obtains the determined CA. Cross certificate.

Step 103 The network element sends the obtained cross-certificate or the implicit certificate, or the information of the cross-certificate or the implicit certificate obtained by the network element to the user, so that the user calculates the office according to the cross-certificate or the implicit certificate. Local CA The public key or the public key of the local cell broadcast entity CBE, and enable the user to verify the public alarm system PWS of the local CBE delivery user according to the public key of the local CA or the public key of the local CBE. Message.

In this step, the information of the cross-certificate may be information such as the address or information of the cross-certificate, and the information of the cross-certificate enables the user to obtain the cross-certificate according to the information of the cross-certificate. When the network element sends the obtained cross-certificate or the obtained cross-certificate information to the user, the user corresponds to the cross-certificate and the cross-certificate corresponding to the global The public key of a specific CA in the CA list, the public key of the local CA is calculated, and the local key is calculated according to the public key of the local CA and the implicit certificate in the PWS message sent to the user by the local CBE. The public key of the CBE, the user verifies the PWS message sent by the local CBE to the user according to the public key of the local CBE, thereby identifying the received PWS Whether the message is a legitimate public alarm message.

In this step, the information of the implicit certificate may be information such as an address or information of an implicit certificate, and the information of the implicit certificate enables the user to obtain an implicit certificate according to the information of the implicit certificate. When the network element sends the obtained implicit certificate or the information for obtaining the implicit certificate to the user, the user corresponds to the global certificate corresponding to the implicit certificate and the implicit certificate. The public key of a specific CA in the CA list, the public key of the local CBE is calculated, and the PWS message sent by the local CBE to the user is verified according to the public key of the local CBE, thereby identifying the received Whether the PWS message is a legitimate public alarm message.

In order to reduce the bandwidth, the cross-certificate or the implicit certificate obtained by the network element may be selected to send the information such as the link or address of the cross-certificate, or the link or address to which the implicit certificate is issued.

Further, the method further includes:

The network element sends the obtained cross-certificate or implicit certificate to the application server, where the cross-certificate or the implicit certificate is used by the application server, or the application server uses the cross-certificate or the implicit certificate. The information is sent to the user, so that the user downloads a cross certificate or an implicit certificate to the corresponding download server, and calculates the local area according to the cross certificate or the implicit certificate. The public key of the CA or the public key of the local cell broadcast entity CBE, and the user verifies the public alarm system PWS of the local CBE delivery user according to the public key of the local CA or the public key of the local CBE. Message.

The application server sends the information of the cross-certificate or the implicit certificate to the user, where the information includes, but is not limited to, a link or address of the information of the cross-certificate or the implicit certificate.

Further, the method further includes:

An embodiment of the present invention provides a method for obtaining a public key, where the method reports a global CA list or a determined CA by a user. And obtaining, by the local network element, a cross certificate or an implicit certificate of any one of the global CA lists according to the global list or the determined CA, or determining the CA The cross-certificate or the implicit certificate, the network element sends the obtained cross-certificate or the implicit certificate to the user, so that the user calculates the public key of the local CBE, so that when the user roams outside the CA list deployed by the operator, by A cross-certificate or an implicit certificate that is sent to the local NE by any CA in the CA list, and the public key of the local network element CBE is calculated, so as to verify the PWS sent to the user by the local CBE. The purpose of the message.

Embodiment 2

Referring to FIG. 2, FIG. 2 is a flowchart of a method for obtaining a public key according to Embodiment 2 of the present invention.

Step 201: The local core network entity receives a global authentication authorization center CA list or a determined CA reported by the user. Information

Preferably, the local core network entity receives the global CA list reported by the user, referring to step 301 and FIG. 4 of FIG. Steps 401.

Preferably, the local core network entity receives the determined CA information reported by the user, referring to step 501 and FIG. 6 of FIG. Steps 601.

Step 202: When the local CA is not in the global CA list or is not a determined CA And obtaining, by the local core network entity, a cross certificate of any one of the global CA lists or a cross certificate of the determined CA;

Preferably, the local core network entity receives a global CA list reported by the user, when the local CA is not in the global CA. When the list is in the list, and when the cross-certificate of any one of the global CA lists is stored in the local core network entity, the any one of the local core network entities stored is directly obtained from the local core network entity. CA's cross-certificate. Refer to step 302 of Figure 3.

Preferably, when the local core network entity does not store any one of the global CA lists When the cross-certificate is obtained, any CA is selected from the global CA list, and the local core network entity obtains the cross-certificate of the selected one of the CAs. Refer to step 402 and steps in Figure 4. 403.

Preferably, the local core network entity receives the determined CA information reported by the user, when the local MME stores the determined When the CA cross-certifies, the cross-certificate of the determined CA stored by the local core network entity is obtained directly from the local core network entity. Refer to step 502 of Figure 5.

Preferably, when the local core network entity does not store the cross-certificate of the determined CA, then the determined CA is obtained. Obtaining the cross-certificate of the determined CA. Refer to step 602 and step 603 of Figure 6.

Step 203 And the local core network entity sends the obtained cross-certificate, or the information of the cross-certificate obtained by the local core network entity to the user, so that the user calculates the local CA according to the cross-certificate The public key, and the user verifies the PWS message sent by the local CBE to the user according to the public key of the local CA.

In this step, the local MME sends the obtained cross-certificate to the user. For details, refer to step 303 and Figure 4 in Figure 3. Step 404, step 503 of FIG. 5, step 604 of FIG. 6;

Preferably, the local core network entity sends the obtained information of the cross-certificate to the user. For details, refer to step 303 and Figure 3 of Figure 3. Step 404 of Figure 4, step 503 of Figure 5, and step 604 of Figure 6.

Further, the method further includes:

The core network entity sends the obtained cross-certificate to the application server, and the application server sends the cross-certificate or the information of the cross-certificate to the user, so that the user obtains the cross-certificate and according to the Cross certificate calculation for the local The public key of the CA, and the user verifies the public alarm system PWS message delivered by the local CBE according to the public key of the local CA. Refer specifically to step 304 and step 305 of Figure 3. Step 405 and step 406 of Fig. 4, step 504 and step 505 of Fig. 5, step 605 and step 606 of Fig. 6.

The core network entities in this manual use the MME in the LTE network as an example.

Figure 3, Figure 4, Figure 5, Figure 6 It is a method for obtaining a public key provided by Embodiment 2 of the present invention, and the specific reference is as follows:

As shown in FIG. 3, in step 301, the MME receives a global CA list reported by the user;

Step 302, the MME checks the received global CA list and the local MME. Whether the preservation is consistent;

Step 303: If the MME is consistent, the MME sends the locally saved cross certificate or cross certificate information.

Or adopt

Step 304: If the MME is consistent, the MME sends the locally saved cross certificate to the application server.

Step 305: The application server sends the cross-certificate or cross-certificate information to the user.

As shown in FIG. 4, in step 401, the MME receives a global CA list reported by the user;

Step 402: The MME checks whether the received CA list is consistent with that saved by the local MME.

Step 403: If not, the MME obtains a cross-certificate of any one of the CAs in the CA list;

Step 404: The MME sends a cross certificate or cross information to the user.

Or adopt

Step 405: The MME sends the obtained cross certificate to the application server.

Step 406: The application server delivers the information of the cross certificate or the cross certificate to the user.

As shown in FIG. 5, in step 501, the MME obtains the determined CA information sent by the user.

Step 502: The MME checks whether a cross certificate of the determined CA is saved locally.

Step 503, if yes, the MME sends the locally saved cross certificate or cross certificate information;

Or adopt

Step 504, if yes, the cross certificate issued by the local MME is sent to the application server;

Step 505: The application server delivers the cross certificate or cross certificate information to the user.

As shown in FIG. 6, in step 601, the user sends the determined CA information to the MME;

Step 602: The MME checks whether a cross certificate of the determined CA is saved locally.

Step 603: If not saved, the MME obtains the cross certificate of the determined CA.

Step 604: The MME sends the cross-certificate or cross-certificate information to the user.

Or adopt

Step 605: The MME sends the obtained cross certificate to the application server.

Step 606: The application server sends the information of the cross certificate or the cross certificate to the user.

Embodiment 3

Referring to FIG. 7, FIG. 7 is a flowchart of a method for obtaining a public key according to Embodiment 3 of the present invention. As shown in Figure 7:

Step 701: The local CBE receives the global authentication and authorization center CA delivered by the local core network entity. List or determined CA information.

Preferably, the local CBE receives a global CA list forwarded by the local core network entity, and the core network entity will be global The CA list is forwarded directly to the local CBE. Refer specifically to steps 801 and 802 of Figure 8 and steps 901 and 902 of Figure 9.

Preferably, the MME selects any CA from the global CA list, and selects any one of the selected CAs. Issued to the local CBE. Refer specifically to steps 1001 and 1002 of Figure 10 and steps 1101 and 1102 of Figure 11.

Preferably, the local CBE receives the determined CA information forwarded by the local MME. Refer to Figure 12 for details. Steps 1201 and steps and steps 1301 and 1302 of Figure 13.

Step 702: When the local CA is not in the CA list or the local CA is not the determined CA And obtaining, by the local CBE, a cross-certificate or an implicit certificate of any one of the global CA lists; or obtaining a cross-certificate or an implicit certificate of the determined CA;

Preferably, when the local CBE obtains the global CA list, and when the local CBE stores the global CA When an implicit certificate of any CA in the list is obtained, the implicit certificate of any one of the CAs is obtained directly from the local CBE. Refer to step 803 of Figure 8 for details.

Preferably, when the local CBE obtains the global CA list, and when the local CBE does not store the global When an implicit certificate of any one of the CAs in the CA list is selected, the local CBE selects any CA from the global CA list and obtains any CA selected. Cross certificate. Refer specifically to steps 903 and 904 of Figure 9.

Preferably, when the local CBE obtains any one of the CAs selected by the MME from the global CA list And when the local CBE stores an implicit certificate of any one of the CAs selected by the MME, the implicit certificate of the any one of the CAs is directly obtained from the local CBE. Refer to Figure 10 for details. Step 1003.

Preferably, when the local CBE obtains any one of the CAs selected by the MME from the global CA list And when the local CBE does not store the implicit certificate of any one of the CAs selected by the MME, the cross-certificate of the any one of the CAs is obtained in the local CBE. Refer to Figure 11 for details. Steps 1103 and 1104.

Preferably, when the local CBE receives the determined CA information forwarded by the local MME, and when the local CBE When the implicit certificate of the determined CA is stored, the implicit certificate of the determined CA is obtained directly from the local CBE. Refer specifically to step 1203 of Figure 12.

Preferably, when the local CBE receives the determined CA information forwarded by the local MME, and when the local CBE When the implicit certificate of the determined CA is not stored, the cross-certificate of the determined CA is obtained. Refer to step 1303 and step 1304 of Figure 13 for details.

Step 703, the cross certificate or implicit certificate that the local CBE will acquire, or the CBE And sending the information of the obtained cross-certificate or the information of the implicit certificate to the user, so that the user calculates the public key of the local CA or the local cell broadcast entity CBE according to the cross-certificate or the implicit certificate. The public key, and the user verifies the public alarm system PWS message sent by the local CBE to the user according to the public key of the local CA or the public key of the local CBE.

Preferably, the local CBE sends the obtained cross-certificate or the implicit certificate to the user. For details, refer to step 804 of FIG. Step 905 of Fig. 9, step 1004 of Fig. 10, step 1105 of Fig. 11, step 1204 of Fig. 12, and step 1305 of Fig. 13.

Preferably, the local CBE sends the obtained cross-certificate information or the implicit certificate to the user. For details, refer to the steps in Figure 8. 804, step 905 of FIG. 9, step 1004 of FIG. 10, step 1105 of FIG. 11, step 1204 of FIG. 12, and step 1305 of FIG. .

In an embodiment, the CBE can obtain any CA selected by the CBC from the global CA list. The specific method is similar.

Further, the method further includes:

The CBE Sending the obtained cross-certificate or the implicit certificate to the application server, and the application server sends the cross-certificate or the implicit certificate, or the information of the cross-certificate or the information of the implicit certificate to the user. Causing a user to calculate the local based on the cross-certificate The public key of the CA, or causing the user to calculate the public key of the local CBE according to the implicit certificate, and causing the user to verify the local CBE according to the public key of the local CA or the public key of the local CBE The user's public alarm system PWS message is delivered. Referring specifically to step 805 and step 806 of FIG. 8, step 906 and step 907 of FIG. 9, step 1005 of FIG. And step 1006, step 1106 and step 1107 of FIG. 11, step 1205 and step 1206 of FIG. 12, step 1306 and step of FIG. 1307.

Figure 8, Figure 9, Figure 10, Figure 11, Figure 12, Figure 13 A schematic diagram of a method for obtaining a public key according to Embodiment 3 of the present invention. In an embodiment, the CBE may also obtain any CA selected by the CBC from the global CA list. The specific method is similar.

As shown in FIG. 8, in step 801, the local MME receives a global CA list sent by the user.

Step 802, the local CBE receives the global CA forwarded by the local MME received by the CBC List

Step 803, the local CBE determines whether to save any CA in the global CA list. Implicit certificate

Step 804, if yes, the local CBE sends the information of the implicit certificate or the implicit certificate to the user;

Or adopt

Step 805, if yes, the local CBE sends the obtained implicit certificate to the application server;

Step 806: The application server sends the information of the implicit certificate or the implicit certificate to the user.

As shown in FIG. 9, in step 901, the local MME receives a global CA list sent by the user;

Step 902: The local CBE forwards the global CA forwarded by the local MME received by the CBC. List

Step 903, the local CBE determines whether to save any CA in the global CA list. Implicit certificate

Step 904: If the local CBE does not save the cross-certificate of any one of the global CA lists, obtain any one. CA's cross-certificate;

Step 905, if yes, the cross-certificate or the cross-certificate is delivered to the user;

Or adopt

Step 906, if yes, the obtained cross certificate is sent to the application server;

Step 907: The application server delivers the information of the cross certificate or the cross certificate to the user.

Referring to FIG. 10, step 1001, the MME receives a global CA list sent by a user;

Step 1002, the CBE receives the MME received by the CBC from a global CA. Any CA selected in the list;

Step 1003: The local CBE determines whether to save the implicit certificate of any CA that is delivered;

Step 1004, if yes, the local CBE sends the information of the implicit certificate or the implicit certificate to the user;

Or adopt

Step 1005: The local CBE sends the obtained implicit certificate to the application server.

Step 1006: The application server sends the information of the implicit certificate or the implicit certificate to the user.

As shown in FIG. 11, step 1101, the MME receives a global CA list sent by the user;

Step 1102: The local CBE receives an MME randomly selected from the global CA list received by the CBC. CA ;

Step 1103: The local CBE determines whether to save the implicit certificate of any CA that is delivered;

Step 1104: If not saved, the local CBE obtains the cross-certificate of the any one of the CAs;

Step 1105: The local CBE sends the cross-certificate or cross-certificate information to the user.

Or adopt

Step 1106: The local CBE sends the obtained cross certificate to the application server.

Step 1107: The application server delivers the cross certificate or cross certificate information to the user.

Referring to FIG. 12, step 1201, the MME receives the determined CA information sent by the user.

Step 1202: The local CBE receives the determined CA information forwarded by the MME.

Step 1203: The local CBE determines whether to save the implicit certificate of the forwarded determined CA.

Step 1204, if yes, sending the information of the implicit certificate or the implicit certificate to the user;

Or adopt

Step 1205: The local CBE sends the obtained implicit certificate to the application server.

Step 1206: The application server sends the information of the implicit certificate or the implicit certificate to the user.

As shown in FIG. 13, in step 1301, the local MME receives the determined CA information reported by the user;

Step 1302: The local CBE receives the determined CA forwarded by the local MME received by the CBC. Information

Step 1303: The local CBE determines whether to save the implicit certificate of the forwarded determined CA.

Step 1304: If not saved, obtain a cross certificate of the determined CA;

Step 1305: The local CBE sends the cross-certificate or cross-certificate information to the user.

Or adopt

Step 1306: The local CBE sends the obtained cross certificate to the application server.

Step 1307: The application server delivers cross-certificate or cross-certificate information to the user.

An embodiment of the present invention provides a method for obtaining a public key, where the method reports a global CA list or a determined CA, and the local The CBE obtains a cross-certificate or an implicit certificate of any one of the global CA lists according to the global list or the determined CA, or a cross-certificate or an implicit certificate of the determined CA, the local The CBE sends the obtained cross-certificate or implicit certificate to the user, so that the user calculates the public key of the local CBE, so that when the user roams outside the CA list deployed by the operator, the C-list can pass any one of the CA lists. The cross-certificate or the implicit certificate sent by the CA to the local CBE is used to calculate the public key of the local network element CBE, so as to verify the PWS message sent by the local CBE to the user.

Embodiment 4

Referring to FIG. 14, FIG. 14 is a flowchart of a method for obtaining a public key according to Embodiment 4 of the present invention. Figure 14 As shown, the following steps are included:

Step 1401: The local CA receives a global authentication authorization center CA list or a determined CA reported by the user. Information

Preferably, the local MME receives the global CA list reported by the user, and the global CA is The list is forwarded to the local CBE, and the global CA list is forwarded by the local CBE to the local CA. Refer specifically to step 1501 and step 1502 and steps in Figure 15. 1503, and step 1601 and step 1602 and step 1603 of Figure 16.

Preferably, the local MME receives the global CA list reported by the user, and the global CA is The list is forwarded to the local CBE, and the local CBE selects any CA from the global CA list, and reports any selected CA to the local CA. Specific reference Step 17 of step 1701 and step 1702 and step 1703, and step 1801 of step 18 and step 1802 and step 1803.

Preferably, the local MME receives the global CA list reported by the user, and the local MME is from the global Select any CA in the CA list, and report any CA selected by the local MME to the local CBE, and the local CBE selects any one of the local MMEs. The CA report is forwarded to the local CA. Refer specifically to step 1901 and steps 1902 and 1903 of Figure 19, and steps 2001 and 2002 of Figure 20 And steps 2003.

Preferably, the local MME receives the determined CA information reported by the user, and the MME determines the determined CA. Information is forwarded to the local CBE, and the determined CA information is forwarded by the local CBE to the local CA. Refer to step 2101 and step 2102 and steps in step 21 for details. 2103, and step 22, step 2201 and step 2202 and step 2203 of FIG.

Step 1402, when the local CA is not in the CA list or the local CA is not the determined CA And obtaining, by the CA, a cross-certificate of any one of the global CA lists; or obtaining a cross-certificate of the determined CA;

Preferably, when the local CA acquires the global CA list, and when the local CA stores the global CA When the cross-certificate of any CA in the list is obtained, the cross-certificate of any one of the CAs is obtained directly from the local CA. Refer specifically to step 1504 of Figure 15.

Preferably, when the local CA acquires the global CA list, and when the local CA does not store the global CA When the cross-certificate of any one of the CAs in the list is selected, the local CA selects any CA from the global CA list, and obtains a cross-certificate of the selected one of the CAs. Specific reference map Step 16 of step 16 and step 1605.

Preferably, when the local CA obtains, the local CBE is arbitrarily selected from the global CA list. And when the local CA stores the cross-certificate of the arbitrarily selected one of the CAs, the cross-certificate of the arbitrarily selected one of the CAs is obtained directly from the local CA. Refer specifically to the steps in Figure 17. 1704.

Preferably, when the local CA obtains, the local CBE is arbitrarily selected from the global CA list. And when the local CA does not store the cross-certificate of the arbitrarily selected one of the CAs, the local CA obtains the cross-certificate of the arbitrarily selected one of the CAs. Refer specifically to the steps in Figure 18. 1804 and step 1805.

Preferably, when the local CA receives any CA forwarded by the local CBE, and is a local CA When the CA is forwarded by the local CBE, the local CA obtains the cross-certificate of any CA forwarded by the local CBE. Refer to Figure 19 for details. Step 1904.

Preferably, when the local CA receives any CA forwarded by the local CBE, and is a local CA When any CA of the local CBE forwarding is not stored, the local CA acquires a cross certificate of any CA forwarded by the local CBE. Refer specifically to the steps in Figure 20 2004 And steps 2005.

Preferably, when the local CA receives the determined CA information forwarded by the local CBE, and when the local CA When the cross-certificate of the determined CA is stored, the cross-certificate of the determined CA is obtained directly from the local CA. Refer specifically to step 2104 of Figure 21.

Preferably, when the local CA receives the determined CA information forwarded by the local CBE, and when the local CA If the cross-certificate of the determined CA is not stored, the cross-certificate of the determined CA is obtained. Refer specifically to step 2204 and step 2205 of Figure 22.

Step 1403, the cross certificate obtained by the local CA, or the local CA And sending the obtained cross-certificate information to the user, so that the user calculates the public key of the local CA according to the cross-certificate, and causes the user to verify the local CBE according to the public key of the local CA. A public alarm system PWS message that is sent to the user.

Preferably, the local CA sends the obtained cross certificate to the user, so that the user calculates the local CA according to the cross certificate. The public key, and the user verifies the PWS message sent by the local CBE to the user according to the public key of the local CA. Referring specifically to step 1505 of Figure 15, step 1606 of Figure 16 Step 1705 of Fig. 17, step 1806 of Fig. 18, step 1905 of Fig. 19, step 2006 of Fig. 20, step 2105 of Fig. 21, Fig. Step 2206 of 22.

Preferably, the local CA sends the obtained cross-certificate information to the user, so that the user calculates the local CA according to the cross-certificate. The public key, and the user verifies the PWS message sent by the local CBE to the user according to the public key of the local CA. Referring specifically to step 1505 of Figure 15, step 1606 of Figure 16 Step 1705 of Fig. 17, step 1806 of Fig. 18, step 1905 of Fig. 19, step 2006 of Fig. 20, step 2105 of Fig. 21, Fig. Step 2206 of 22.

Further, the method further includes:

The CA The obtained cross-certificate is sent to the application server, and the cross-certificate or the cross-certificate information is sent to the user by the application server, so that the user calculates the local CA according to the cross-certificate. The public key, and the user verifies the public alarm system PWS message delivered by the local CBE according to the public key of the local CA. Refer to steps 1506 and 1507 of Figure 15 for details. Step 1607 and step 1607 of Fig. 16, step 1706 and step 1707 of Fig. 17, step 1807 and step 1808 of Fig. 18, Fig. 19 Steps 1906 and 1907, steps 20 and 20 of Figure 20, steps 2106 and 2107 of Figure 21, steps of Figure 22 2207 and step 2208.

Figure 15, Figure 16, Figure 17, Figure 18, Figure 19, Figure 20, Figure 21, Figure 22 It is a schematic diagram of a method for obtaining a public key according to Embodiment 4 of the present invention. details as follows:

As shown in FIG. 15, in step 1501, the MME receives a global CA list sent by the user;

Step 1502: The local CBE receives the global CA forwarded by the local MME received by the CBC. List

Step 1503: The local CA receives the global CA list forwarded by the local CBE.

Step 1504: The local CA determines whether to save the cross-certificate of any one of the global CA lists.

Step 1505, if yes, the information of the cross certificate or the cross certificate is delivered to the user;

Or adopt

Step 1506: The local CA sends the obtained cross certificate to the application server.

Step 1507: The application server delivers cross-certificate or cross-certificate information to the user.

Referring to FIG. 16, step 1601, the local MME receives a global CA list sent by the user;

Step 1602: The local CBE receives a global CA list forwarded by the local MME received by the CBC.

Step 1603: The local CA receives the global CA list forwarded by the local CBE.

Step 1604, the local CA determines whether the local CA has saved any CA in the global CA list. Cross certificate

Step 1605: If not saved, the local CA obtains a cross-certificate of any CA in the global CA list;

Step 1606: The local CA sends the cross-certificate or cross-certificate information to the user.

Or adopt

Step 1607: The local CA sends the obtained cross certificate to the application server.

Step 1608: The application server delivers cross-certificate or cross-certificate information to the user.

As shown in FIG. 17, in step 1701, the local MME receives the global CA list sent by the user.

Step 1702: The local CBE receives a global CA list forwarded by the local MME received by the CBC.

Step 1703: The local CA receives a CA selected by the CBE from the global CA list;

Step 1704: The local CA determines whether the local CA has saved the CA delivered by the CBE. Cross certificate

Step 1705: If yes, the local CA sends the cross-certificate or cross-certificate information to the user;

Or adopt

Step 1706, if yes, the local CA sends the obtained cross certificate to the application server;

Step 1707: The application server delivers cross-certificate or cross-certificate information to the user.

As shown in FIG. 18, in step 1801, the local MME receives the global CA list sent by the user.

Step 1802: The local CBE receives a global CA list forwarded by the local MME received by the CBC.

Step 1803: The local CA receives a CA selected by the CBE from the global CA list;

Step 1804: The local CA determines whether the cross-certificate of the CA delivered by the CBE is saved.

Step 1805: If not saved, the local CA obtains the cross-certificate of the CA delivered by the CBE.

Step 1806: The local CA sends the cross-certificate or cross-certificate information to the user.

Or adopt

Step 1807: The local CA sends the obtained cross certificate to the application server.

Step 1808: The application server delivers the cross-certificate or cross-certificate information to the user.

As shown in FIG. 19, in step 1901, the local MME receives a global CA list reported by the user.

Step 1902, the local CBE receives the local MME received by the CBC from the global CA. Any CA selected in the list;

Step 1903: The local CA receives the CA selected by the MME forwarded by the local CBE;

Step 1904: The local CA determines whether the cross certificate of the CA delivered by the CBE has been saved locally.

Step 1905: If the file is saved, the local CA sends the cross-certificate or cross-certificate information to the user.

Or adopt

Step 1906: The local CA sends the obtained cross certificate to the application server.

Step 1907: The application server delivers the cross-certificate or cross-certificate information to the user.

As shown in FIG. 20, in step 2001, the local MME receives the global CA list sent by the user.

Step 2002, the local CBE receives the MME arbitrarily selected from the global CA list received by the CBC. CA ;

Step 2003, the local CA receives the CA selected by the MME forwarded by the local CBE;

In step 2004, the local CA determines whether the cross-certificate of the CA delivered by the CBE is saved.

Step 2005, if not saved, obtain the cross-certificate of the CA delivered by the CBE;

Step 2006: The local CA sends the cross-certificate or cross-certificate information to the user.

Or adopt

Step 2007: The local CA sends the obtained cross certificate to the application server.

Step 2008: The application server delivers the cross certificate or cross certificate information to the user.

As shown in FIG. 21, in step 2101, the local MME receives the determined CA reported by the user;

Step 2102: The local CBE receives the determined CA forwarded by the local MME received by the CBC;

Step 2103: The local CBE forwards the CA determined by the local CBE;

Step 2104: The local CA determines whether to save the cross-certificate of the CA delivered by the CBE.

Step 2105: If saved, the cross-certificate or the cross-certificate information is sent to the user;

Or adopt

Step 2106: If the file is saved, the local CA sends the obtained cross certificate to the application server.

Step 2107: The application server delivers the cross certificate or cross certificate information to the user.

As shown in FIG. 22, in step 2201, the local MME receives the determined CA sent by the user;

Step 2202: The local CBE receives the determined CA forwarded by the local MME.

Step 2203: The local CBE forwards the CA determined by the local CBE;

Step 2204: The local CA determines whether the cross-certificate of the CA delivered by the CBE is saved.

Step 2205: If not saved, the local CA obtains the cross-certificate of the determined CA;

Step 2206: The local CA sends the cross-certificate or cross-certificate information to the user.

Or adopt

Step 2207: The local CA sends the obtained cross certificate to the application server.

Step 2208: The application server sends the cross-certificate or cross-certificate information to the user.

An embodiment of the present invention provides a method for obtaining a public key, where the method reports a global CA list or a determined CA, and the local The CA obtains a cross-certificate of any one of the global CA lists according to the global list or the determined CA, or a cross-certificate of the determined CA, the local CA The obtained cross-certificate is delivered to the user, so that the user can calculate the public key of the local CBE, so that when the user roams outside the CA list deployed by the operator, the CA can be sent to the local through any CA in the CA list. The CBE's cross-certificate or implicit certificate is used to calculate the public key of the local network element CBE, so as to verify the PWS message sent by the local CBE to the user.

Embodiment 5

FIG. 23 is a flowchart of a method for obtaining a public key according to Embodiment 5 of the present invention. as the picture shows,

Step 2301: Determine whether the local network element stores the public key of the local CBE and/or the public key of the local CA.

Step 2302, if yes, then the local CBE public key and / or local CA The public key is sent to the user.

Refer to the schematic diagrams of Figure 24, Figure 25, and Figure 26. Figure 24, Figure 25, Figure 26 It is a schematic diagram of a method for obtaining a public key according to Embodiment 5 of the present invention.

As shown in Figure 24, in step 2401, the local MME determines whether to store the local CA's public key and/or local. The public key of the CBE;

Step 2402, if yes, the local MME sends the public key and/or CBE of the CA saved by the local MME. Public key.

As shown in Figure 25, in step 2501, the local CBE determines whether the local CBE saves the public key of the local CBE and / or the public key of the local CA;

Step 2502, if yes, the local CBE delivers the public key and/or CBE of the CA saved by the local CBE. Public key.

As shown in Figure 26, in step 2601, the local CA determines whether the local CA saves the local CA's public key or local. The public key of the CBE;

Step 2602: If saved, the local CA sends the public key and/or CBE of the CA saved by the local CA. Public key.

An embodiment of the present invention provides a method for obtaining a public key, where the method obtains a public key of a local CA stored by a local network element or a local The public key of the CBE and the public key of the obtained CA or the public key of the local CBE are sent to the user, so that the user verifies the local CBE according to the public key of the CA or the public key of the local CBE. An implicit certificate issued.

Embodiment 6

Referring to FIG. 27, FIG. 27 is a flowchart of a method for obtaining a public key according to Embodiment 6 of the present invention. Figure 27 As shown, the method includes the following steps:

Step 2701: The user reports the global CA list or the determined CA information to the network element.

In this step, the network element includes:

Core network node, CBE, CA

Step 2702, Receiving, by the user, a cross certificate or an implicit certificate issued by the network element, or a cross certificate or an implicit certificate, and calculating a public key of the CBE according to the cross certificate or the implicit certificate, and calculating according to the CBE The public key verifies the PWS message sent to the user by the local CBE.

Preferably, the user receives the cross certificate issued by the network element, or the information of the cross certificate, and calculates the local CA according to the cross certificate and the public key of one CA in the global CA corresponding to the cross certificate. The public key of the local CA is calculated according to the calculated public key of the local CA, and the public key of the local CBE is calculated according to the implicit certificate in the PWS message delivered by the local CBE, and the public key is verified according to the public key of the local CBE. The signature of the PWS message.

Preferably, the user receives an implicit certificate issued by the network element, or information of the implicit certificate, according to the implicit certificate and a CA of the global CA corresponding to the implicit certificate. Key calculation local CBE The user's public key, the user verifies the signature of the PWS message delivered by the local CBE according to the calculated public key of the local CBE.

Further, the method further includes:

Receiving, by the user, a local CBE public key and/or a local CA public key delivered by the network element, according to the local CBE The PWS message delivered by the local CBE is verified by the public key or the local CA public key.

When the user receives the local CA public key delivered by the network element, the local CA public key and the local CBE are delivered according to the local CA key The implicit certificate in the PWS message calculates the public key of the local CBE, and verifies the PWS message delivered by the local CBE according to the calculated public key of the local CBE.

A method for obtaining a public key is provided by the embodiment of the present invention. The method obtains a cross certificate or an implicit certificate issued by a local network element, and calculates a public key or a local CA of the local CA according to the cross certificate or the implicit certificate. CBE The public key is used to verify the PWS message sent by the local CBE to the user based on the calculated public key of the local CA or the public key of the local CBE.

Example 7

Referring to FIG. 28, FIG. 28 is a structural diagram of a device of a network element according to Embodiment 7 of the present invention. Figure 28 As shown, the network element includes the following units:

The receiving unit 2801 is configured to receive, by the network element, a global authentication and authorization center CA list or a determined CA reported by the user. Information

In this unit, the network element includes:

Core network node, CBE, CA

The obtaining unit 2802 is configured to: when the local CA is not in the global CA list or the local CA is not the determined CA Obtaining a cross-certificate or an implicit certificate of any one of the global CA lists; or obtaining a cross-certificate or an implicit certificate of the determined CA;

In this module, the optional user can list the global CA or determine the CA. The information is reported to the roaming network, that is, the network element of the local network, so that the local network element determines, according to the global CA list or the determined CA information, whether the local network pre-stores any one of the global CA lists. Cross-certificate or implicit certificate of the CA, or whether the local network pre-stores the determined CA A cross-certificate or an implicit certificate in the message. If the local network element is saved, the local network element is directly sent to the user; if the local network element is not stored, the local network element obtains a cross certificate of any one of the global lists or obtains the determined CA. Cross certificate.

First delivery unit 2803 And the cross-certificate or the implicit certificate to be obtained by the network element, or the information of the cross-certificate or the implicit certificate obtained by the network element is sent to the user, so that the user according to the cross-certificate or the implicit certificate Calculate the local CA The public key or the public key of the local cell broadcast entity CBE, and enable the user to verify the public alarm system PWS of the local CBE delivery user according to the public key of the local CA or the public key of the local CBE. Message.

In this unit, the information of the cross-certificate may be information such as the address or information of the cross-certificate, and the information of the cross-certificate enables the user to obtain the cross-certificate according to the information of the cross-certificate. When the network element sends the obtained cross-certificate or the obtained cross-certificate information to the user, the user corresponds to the cross-certificate and the cross-certificate corresponding to the global The public key of a specific CA in the CA list, the public key of the local CA is calculated, and the local key is calculated according to the public key of the local CA and the implicit certificate in the PWS message sent to the user by the local CBE. The public key of the CBE, the user verifies the PWS message sent by the local CBE to the user according to the public key of the local CBE, thereby identifying the received PWS Whether the message is a legitimate public alarm message.

In this unit, the information of the implicit certificate may be information such as an address or information of an implicit certificate, and the information of the implicit certificate enables the user to obtain an implicit certificate according to the information of the implicit certificate. When the network element sends the obtained implicit certificate or the information for obtaining the implicit certificate to the user, the user corresponds to the global certificate corresponding to the implicit certificate and the implicit certificate. The public key of a specific CA in the CA list, the public key of the local CBE is calculated, and the PWS message sent by the local CBE to the user is verified according to the public key of the local CBE, thereby identifying the received Whether the PWS message is a legitimate public alarm message.

Further, the network element further includes a sending unit 2804, configured to:

Further, the network element further includes a second sending unit 2805:

An embodiment of the present invention provides a network element, where the network element reports a global CA list or a determined CA by using a user. And obtaining, by the local network element, a cross certificate or an implicit certificate of any one of the global CA lists according to the global list or the determined CA, or determining the CA The cross-certificate or the implicit certificate, the network element sends the obtained cross-certificate or the implicit certificate to the user, so that the user calculates the public key of the local CBE, so that when the user roams outside the CA list deployed by the operator, by A cross-certificate or an implicit certificate that is sent to the local NE by any CA in the CA list, and the public key of the local network element CBE is calculated, so as to verify the PWS sent to the user by the local CBE. The purpose of the message.

Example eight

Referring to FIG. 29, FIG. 29 is a structural diagram of a device of a network element according to Embodiment 8 of the present invention. Figure 29 As shown, the network element includes the following units:

The first receiving unit 2901 is configured to receive, by the local core network entity, a global authentication and authorization center CA reported by the user. List or determined CA information;

The first obtaining unit 2902 is configured to: when the local CA is not in the global CA list or is not a determined CA And obtaining, by the local core network entity, a cross certificate of any one of the global CA lists or a cross certificate of the determined CA;

Third delivery unit 2903 And sending, to the user, the cross-certificate to be obtained by the local core network entity, or the information about the cross-certificate obtained by the local core network entity, so that the user calculates the local CA according to the cross-certificate The public key, and the user verifies the PWS message sent by the local CBE to the user according to the public key of the local CA.

In this unit, the local MME sends the obtained cross-certificate to the user. For details, refer to step 303 and Figure 4 in Figure 3. Step 404, step 503 of FIG. 5, step 604 of FIG. 6;

Further, the network element further includes a first sending unit 2904, where the first sending unit is used to:

The embodiment of the present invention provides a network element, where the network element reports a global CA list or a determined CA, a local MME by using a user. Obtaining, according to the global list or the determined CA, a cross-certificate of any one of the global CA lists, or a cross-certificate of the determined CA, the local MME The obtained cross-certificate is delivered to the user, so that the user calculates the public key of the local CBE, so that when the user roams outside the CA list deployed by the operator, the CA can be passed through any CA in the CA list. The cross-certificate sent to the local NE is used to calculate the public key of the local network element CBE, so as to verify the PWS message sent by the local CBE to the user.

Example nine

Referring to FIG. 30, FIG. 30 is a structural diagram of a network element provided by Embodiment 9 of the present invention, as shown in FIG. As shown, the network element includes the following units:

The second receiving unit 3001, the local CBE receives the global authentication and authorization center CA delivered by the local core network entity. List or determined CA information;

a second obtaining unit 3002, when the local CA is not in the CA list or the local CA is not the determined CA And obtaining, by the local CBE, a cross-certificate or an implicit certificate of any one of the global CA lists; or obtaining a cross-certificate or an implicit certificate of the determined CA;

a second sending unit 3003, configured to use the cross certificate or implicit certificate that the local CBE will acquire, or the CBE And sending the information of the obtained cross-certificate or the information of the implicit certificate to the user, so that the user calculates the public key of the local CA or the local cell broadcast entity CBE according to the cross-certificate or the implicit certificate. The public key, and the user verifies the public alarm system PWS message sent by the local CBE to the user according to the public key of the local CA or the public key of the local CBE.

Further, the network element further includes a second sending unit 3004:

An embodiment of the present invention provides a network element, where the network element reports a global CA list or a determined CA, a local CBE. Obtaining a cross-certificate or an implicit certificate of any one of the global CA lists, or a cross-certificate or an implicit certificate of the determined CA, according to the global list or the determined CA, the local CBE The obtained cross-certificate or implicit certificate is sent to the user, so that the user calculates the public key of the local CBE, so that when the user roams outside the CA list deployed by the operator, the CA can be passed through any CA in the CA list. A cross-certificate or an implicit certificate is sent to the local CBE to calculate the public key of the local network element CBE, so as to verify the PWS message sent by the local CBE to the user.

Example ten

Referring to FIG. 31, FIG. 31 is a structural diagram of a network element provided by Embodiment 10 of the present invention, as shown in FIG. As shown, the network element includes the following units:

The third receiving unit 3101, the local CA receives the list of global certification authority CAs reported by the user or determines CA information;

a third obtaining unit 3102, when the local CA is not in the CA list or the local CA is not the determined CA And obtaining, by the CA, a cross-certificate of any one of the global CA lists; or obtaining a cross-certificate of the determined CA;

a seventh sending unit 3103, the cross certificate obtained by the local CA, or the local CA And sending the obtained cross-certificate information to the user, so that the user calculates the public key of the local CA according to the cross-certificate, and causes the user to verify the local CBE according to the public key of the local CA. A public alarm system PWS message that is sent to the user.

Further, the network element further includes a third sending unit 3104:

An embodiment of the present invention provides a network element, where the network element reports a global CA list or a determined CA, a local CA. Obtaining, according to the global list or the determined CA, a cross-certificate of any one of the global CA lists, or a cross-certificate of the determined CA, the local CA The obtained cross-certificate is delivered to the user, so that the user can calculate the public key of the local CBE, so that when the user roams outside the CA list deployed by the operator, the CA can be sent to the local through any CA in the CA list. The CBE's cross-certificate or implicit certificate is used to calculate the public key of the local network element CBE, so as to verify the PWS message sent by the local CBE to the user.

Embodiment 11

Referring to FIG. 32, FIG. 32 is a structural diagram of a device of a network element according to Embodiment 11 of the present invention. Figure 31 As shown, the network element includes the following units:

The fourth sending unit 3201 is configured to determine whether the local network element stores the public key of the local CBE and/or the local CA. The public key; if so, the public key of the local CBE and/or the public key of the local CA are delivered to the user.

The sixth delivery unit 3202, as shown in FIG. 25, is used by the local CBE to determine whether the local CBE is saved locally. The public key of the CBE and/or the public key of the local CA; if so, the local CBE delivers the public key of the CA saved by the local CBE and/or the public key of the CBE.

The eighth sending unit 3203, as shown in FIG. 26, is used by the local CA to determine whether the local CA saves the local CA. The public key or the public key of the local CBE; if saved, the local CA issues the public key of the CA saved by the local CA and/or the public key of the CBE.

The embodiment of the present invention provides a network element, where the network element obtains a public key of a local CA or a local CBE stored by a local network element. Public key, and the public key of the obtained CA or the public key of the local CBE is sent to the user, so that the user verifies the local CBE according to the public key of the CA or the public key of the local CBE. An implicit certificate issued.

Example twelve

Referring to FIG. 33, FIG. 33 is a structural diagram of a device of a terminal device according to Embodiment 12 of the present invention. Figure 33 As shown, the terminal device includes the following units:

The information reporting unit 3301 is configured to report the global CA list or the determined CA information to the network element.

In this unit, the network element includes:

Core network node, CBE, CA

Receive verification unit 3302 for Receiving, by the user, a cross certificate or an implicit certificate issued by the network element, or a cross certificate or an implicit certificate, and calculating a public key of the CBE according to the cross certificate or the implicit certificate, and calculating according to the CBE The public key verifies the PWS message sent to the user by the local CBE.

Preferably, the first receiving verification unit 3303 is passed The user receives the cross-certificate issued by the network element, or the information of the cross-certificate, and calculates the local CA according to the cross-certificate and the public key of one CA in the global CA corresponding to the cross-certificate The public key of the local CA is calculated according to the calculated public key of the local CA, and the public key of the local CBE is calculated according to the implicit certificate in the PWS message delivered by the local CBE, and the public key is verified according to the public key of the local CBE. The signature of the PWS message.

Preferably, the second receiving verification unit 3304 And the user receives the implicit certificate sent by the network element, or the information of the implicit certificate, and calculates the locality according to the implicit certificate and a public key of a CA in the global CA corresponding to the implicit certificate. CBE The user's public key, the user verifies the signature of the PWS message delivered by the local CBE according to the calculated public key of the local CBE.

Further, the terminal device further includes a third receiving verification unit 3305, configured to:

Receiving, by the user, a local CBE public key and/or a local CA public key delivered by the network element, according to the local CBE public key and / or the local CA public key verifies the PWS message delivered by the local CBE.

A terminal device provided by the embodiment of the present invention, the terminal device obtains a cross certificate or an implicit certificate issued by a local network element, and calculates a public key or a local CBE of the local CA according to the cross certificate or the implicit certificate. The public key is used to verify the PWS message sent by the local CBE to the user based on the calculated public key of the local CA or the public key of the local CBE.

Example thirteen

Referring to FIG. 34, FIG. 34 is a structural diagram of a device of a network element according to Embodiment 13 of the present invention. Refer to Figure 34, Figure 34 The network element 3400 is provided in the embodiment of the present invention. The specific implementation of the network device is not limited. The device 3400 includes:

Processor 3401, communication interface (Communications) Interface) 3402, memory 3403, bus 3404.

Processor 3401, communication interface 3402, memory 3403 through bus 3404 Complete communication with each other.

a communication interface 3402, configured to communicate with other network elements;

The processor 3401 is configured to execute the program A.

In particular, program A may include program code, the program code including computer operating instructions.

The processor 3401 may be a central processing unit CPU or a specific integrated circuit ASIC ( Application Specific Integrated Circuit), or one or more integrated circuits configured to implement embodiments of the present invention.

The memory 3403 is used to store the program A. Memory 3303 may contain high speed RAM The memory may also include a non-volatile memory. Program A can specifically include:

The receiving unit 2801 is configured to receive, by the network element, a global authentication and authorization center CA list or determined CA information reported by the user;

First delivery unit 2803 And the cross-certificate or the implicit certificate to be obtained by the network element, or the information of the cross-certificate or the implicit certificate obtained by the network element is sent to the user, so that the user according to the cross-certificate or the implicit certificate Calculate the local CA The public key or the public key of the local cell broadcast entity CBE, and enable the user to verify the public alarm system PWS of the local CBE delivery user according to the public key of the local CA or the public key of the local CBE. Message

Sendering unit 2804 And the network element sends the obtained cross-certificate or implicit certificate to the application server, where the cross-certificate or the implicit certificate is used by the application server, or the application server compares the cross-certificate or The information of the implicit certificate is sent to the user, so that the user downloads the cross certificate or the implicit certificate to the corresponding download server, and calculates the local according to the cross certificate or the implicit certificate. The public key of the CA or the public key of the local cell broadcast entity CBE, and the user verifies the public alarm system PWS of the local CBE delivery user according to the public key of the local CA or the public key of the local CBE. Message

a second sending unit 2805, configured to: when the network element stores a public key of a local CBE or a local CA If the public key is used, the network element directly sends the public key of the local CBE or the public key of the local CA to the user, so that the user verifies the local CBE according to the public key of the local CBE or the public key of the local CA. PWS message sent to the user;

Or program A can specifically include:

The first receiving unit 2901 is configured to receive, by the local core network entity, a list of global authentication authority CAs reported by the user or determine CA information;

Third delivery unit 2903 And sending, to the user, the cross-certificate to be obtained by the local core network entity, or the information about the cross-certificate obtained by the local core network entity, so that the user calculates the local CA according to the cross-certificate a public key, and the user verifies the PWS message sent by the local CBE to the user according to the public key of the local CA;

First sending unit 2904 And the core network entity sends the obtained cross-certificate to the application server, and the application server sends the cross-certificate or the cross-certificate information to the user, so that the user obtains the cross-certificate and Calculating the local according to the cross certificate The public key of the CA, and the user verifies the public alarm system PWS message delivered by the local CBE according to the public key of the local CA;

Or program A can specifically include:

a fifth sending unit 3003, configured to use the cross certificate or implicit certificate that the local CBE will obtain, or the CBE And sending the information of the obtained cross-certificate or the information of the implicit certificate to the user, so that the user calculates the public key of the local CA or the local cell broadcast entity CBE according to the cross-certificate or the implicit certificate. The public key, and the user verifies the public alarm system PWS message sent by the local CBE to the user according to the public key of the local CA or the public key of the local CBE;

a second sending unit 3004, the CBE Sending the obtained cross-certificate or the implicit certificate to the application server, and the application server sends the cross-certificate or the implicit certificate, or the information of the cross-certificate or the information of the implicit certificate to the user. Causing a user to calculate the local based on the cross-certificate The public key of the CA, or causing the user to calculate the public key of the local CBE according to the implicit certificate, and causing the user to verify the local CBE according to the public key of the local CA or the public key of the local CBE Deliver the user's public alarm system PWS message;

Or program A can specifically include:

The third receiving unit 3101, the local CA receives the global authentication authorization center CA list or the determined CA reported by the user. Information

a seventh sending unit 3103, the cross certificate obtained by the local CA, or the local CA And sending the obtained cross-certificate information to the user, so that the user calculates the public key of the local CA according to the cross-certificate, and causes the user to verify the local CBE according to the public key of the local CA. Public alarm system PWS message sent to the user;

a third sending unit 3104, the CA The obtained cross-certificate is sent to the application server, and the cross-certificate or the cross-certificate information is sent to the user by the application server, so that the user calculates the local CA according to the cross-certificate. Public key, and enable the user to verify the public alarm system PWS message delivered by the local CBE according to the public key of the local CA;

Or program A specifically includes:

The sixth sending unit 3202 is used by the local CBE to determine whether the local CBE saves the public key of the local CBE and / Or the public key of the local CA; if so, the local CBE delivers the public key of the CA saved by the local CBE and/or the public key of the CBE.

Or program A specifically includes:

The eighth sending unit 3203 is configured to determine, by the local CA, whether the local CA saves the public key of the local CA or the local CBE. The public key; if saved, the local CA issues the public key of the CA saved by the local CA and/or the public key of the CBE.

See Figure 28 or Figure 29 or Figure 30 or Figure 31 or Figure 32 for the specific implementation of each unit in Program A. Corresponding units in the illustrated embodiment are not described herein.

Embodiment 14

Referring to FIG. 35, FIG. 35 is a structural diagram of a device of a terminal device according to Embodiment 14 of the present invention. Refer to Figure 35, Figure 35 The terminal device 3500 is provided in the embodiment of the present invention. The specific implementation of the network device does not limit the specific implementation of the network device. The device 3500 includes:

Processor 3501, communication interface (Communications) Interface) 3502, memory (3503), bus 3504.

Processor 3501, communication interface 3502, memory 3503 through bus 3504 Complete communication with each other.

a communication interface 3502, configured to communicate with other network elements;

A processor 3501 for executing program A.

The processor 3501 may be a central processing unit CPU or a specific integrated circuit ASIC ( Application Specific Integrated Circuit), or one or more integrated circuits configured to implement embodiments of the present invention.

The memory 3503 is used to store the program A. Memory 3503 may contain high speed RAM The memory may also include a non-volatile memory. Program A can specifically include:

The third receiving verification unit 3305 is configured to receive, by the user, the local CBE public key and/or the local CA delivered by the network element. The public key authenticates the PWS message delivered by the local CBE according to the local CBE public key and/or the local CA public key.

For the specific implementation of each unit in the program A, refer to the corresponding unit in the embodiment shown in FIG. 33, and details are not described herein.

The above is only a preferred embodiment of the present invention and is not intended to limit the scope of the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and scope of the invention are intended to be included within the scope of the invention.

Claims

A method of obtaining a public key, the method comprising:

The network element receives the global authentication authority CA list or the determined CA information reported by the user;

Obtaining any CA in the global CA list when the local CA is not in the global CA list or the local CA is not the determined CA Cross-certificate or implicit certificate; or obtain a cross-certificate or an implicit certificate of the determined CA;

The network element sends the obtained cross-certificate or the implicit certificate, or the information of the cross-certificate obtained by the network element or the information of the implicit certificate to the user, so that the user calculates the office according to the cross-certificate or the implicit certificate. Local The public key of the CA or the local cell broadcasts the public key of the entity CBE, and enables the user to verify the public alarm system delivered to the user by the local CBE according to the public key of the local CA or the public key of the local CBE. PWS message.
The method of claim 1 further comprising:

The network element sends the obtained cross-certificate or the implicit certificate to the application server, and the application server sends the cross-certificate or the implicit certificate, or the cross-certificate information or the implicit certificate information to the network server. User, causing the user to calculate the local according to the cross certificate or implicit certificate The public key of the CA or the public key of the local cell broadcast entity CBE, and the user verifies the public alarm system PWS of the local CBE delivery user according to the public key of the local CA or the public key of the local CBE. Message.
The method of claim 1 or 2, wherein the method further comprises:

When the network element stores the public key of the local CBE or the public key of the local CA, the network element directly directly uses the public key of the local CBE or the local CA. The public key is sent to the user, so that the user verifies the PWS message sent by the local CBE to the user according to the public key of the local CBE or the public key of the local CA.
The method according to claim 3, wherein the network element comprises:

Core network node, CBE, CA

The core network node in the LTE network is the MME, and in the UMTS network, the network element entity is an SGSN, in GSM or The network element entity in the GPRS network is an MSG or an SGSN.
The method according to any one of claims 1 to 4, wherein the network element receives a global authentication authority CA list or a determined CA reported by a user. The information is specifically:

The local core network node receives the global authentication authority CA list or the determined CA information reported by the user.
The method according to claim 5, wherein said local CA is not in said CA list or local CA is not said determined CA Obtaining a cross-certificate or an implicit certificate of any one of the global CA lists; or obtaining a cross-certificate or an implicit certificate of the determined CA:

The local core network node receives a global CA list reported by the user, when the local CA is not in the global CA In the list, when the cross-certificate of any one of the global CA lists is stored in the local core network node, the any one of the CAs stored by the local core network node is directly obtained. Cross certificate

Or when the cross-certificate of any one of the global CA lists is not stored in the local core network node, select any one of the global CA lists. a CA, the local core network node acquires a cross certificate of the selected one of the CAs;

Or the local core network node receives the determined CA information reported by the user, when the local core network node stores the determined CA When the cross-certificate is obtained, the cross-certificate of the determined CA stored by the local core network node is directly obtained;

Or obtaining, when the local core network node does not store the cross-certificate of the determined CA, obtaining the determined CA from the determined CA Cross certificate.
According to claim 5 or 6 The method is characterized in that the network element sends the obtained cross-certificate or the implicit certificate, or the information of the cross-certificate obtained by the network element or the information of the implicit certificate to the user, so that the user Said cross-certificate or implicit certificate to calculate said local The public key of the CA or the local cell broadcasts the public key of the entity CBE, and enables the user to verify the public alarm system delivered to the user by the local CBE according to the public key of the local CA or the public key of the local CBE. The PWS message is specifically:

And sending, by the local core network node, the obtained cross-certificate, or the cross-certificate information obtained by the local core network node to the user, so that the user calculates the locality according to the cross-certificate The public key of the CA, and the user verifies the PWS message sent by the local CBE to the user according to the local public key.
The method according to any one of claims 5 to 7, wherein the method further comprises:

The local core network node sends the obtained cross-certificate to the application server, and the application server sends the cross-certificate or the cross-certificate information to the user, so that the user calculates the cross-certificate according to the cross-certificate. local The public key of the CA, and the user verifies the public alarm system PWS message delivered by the local CBE according to the public key of the local CA.
The method of claim 8 further comprising:

When the local core network node stores the local CBE and / or the local CA's public key, the local CBE and / or local CA are directly The public key is sent to the user, so that the user verifies the PWS message sent by the local CBE to the user according to the local CBE and/or the public key of the local CA.
The method according to any one of claims 1 to 4, wherein the network element receives a global authentication authority CA list or a determined CA reported by a user. The information is specifically:

Receiving, by the local CBE, a global authentication and authorization center CA list or a determined CA delivered by the local core network node Information.
The method according to claim 10, wherein the local CBE receives a global authentication and authorization center CA delivered by the local core network node. The list or the determined CA information is specifically:

The local CBE receives a global CA list forwarded by the local core network node, and the core network node forwards the global CA list directly to the local CBE ;

Or the core network node selects any CA from the global CA list, and sends the selected one CA to the local CBE. ;

Or the local CBE receives the determined CA information forwarded by the local core network node.
The method according to claim 11, wherein said local CA is not in said CA list or local CA is not said determined CA Obtaining a cross-certificate or an implicit certificate of any one of the global CA lists; or obtaining a cross-certificate or an implicit certificate of the determined CA:

When the local CBE obtains the global CA list, and when the local CBE stores any one of the global CA lists The implicit certificate of the CA is obtained directly from the local CBE;

Or when the local CBE obtains the global CA list, and when the local CBE does not store any one of the global CA lists The implicit CBR, the local CBE selects any CA from the global CA list, and obtains a cross certificate of the selected one of the CAs;

Or when the local CBE obtains any one of the CAs selected by the core network node from the global CA list, and when the local CBE When storing the implicit certificate of any CA selected by the core network node, the implicit certificate of any one of the CAs is directly obtained from the local CBE;

Or when the local CBE obtains any one of the CAs selected by the core network node from the global CA list, and when the local CBE If the implicit certificate of any one of the CAs selected by the core network node is not stored, the local CBE obtains the cross-certificate of the any one of the CAs;

Or when the local CBE receives the determined CA information forwarded by the local core network node, and when the local CBE stores the determined CA The implicit certificate of the CA is obtained directly from the local CBE;

Or when the local CBE receives the determined CA information forwarded by the local core network node, and when the local CBE does not store the determined CA When the implicit certificate is obtained, the cross certificate of the determined CA is obtained.
According to claims 10 to 12 The method according to any one of the preceding claims, wherein the network element sends the obtained cross-certificate or implicit certificate, or the information of the cross-certificate obtained by the network element or the information of the implicit certificate to the user. Causing the user to calculate the local based on the cross-certificate or implicit certificate The public key of the CA or the local cell broadcasts the public key of the entity CBE, and enables the user to verify the public alarm system delivered to the user by the local CBE according to the public key of the local CA or the public key of the local CBE. The PWS message is specifically:

The cross-certificate or implicit certificate that the local CBE will acquire, or the CBE And sending the information of the obtained cross-certificate or the information of the implicit certificate to the user, so that the user calculates the public key of the local CA or the local cell broadcast entity CBE according to the cross-certificate or the implicit certificate. The public key, and the user verifies the public alarm system PWS message sent by the local CBE to the user according to the public key of the local CA or the public key of the local CBE.
The method according to any one of claims 10 to 13, wherein the method further comprises:

The local CBE Sending the obtained cross-certificate or the implicit certificate to the application server, and the application server sends the cross-certificate or the implicit certificate, or the information of the cross-certificate or the information of the implicit certificate to the user, so that the user Calculating the local according to the cross certificate or implicit certificate The public key of the CA or the public key of the local cell broadcast entity CBE, and the user verifies the public alarm system PWS of the local CBE delivery user according to the public key of the local CA or the public key of the local CBE. Message.
The method of claim 14, wherein the method further comprises:

When the local CBE stores the public key of the local CBE and/or the public key of the local CA, the public key of the local CBE is directly and / Or the public key of the local CA is sent to the user, so that the user verifies the PWS sent by the local CBE to the user according to the local CBE and/or the public key of the local CA. Message.
The method according to any one of claims 1 to 4, wherein the network element receives a global authentication authority CA list or a determined CA reported by a user. The information is specifically:

The local CA receives the global authentication authority CA list or the determined CA information reported by the user.
The method according to claim 16, wherein the local CA receives a global authentication authority CA list or a determined CA reported by the user. The information is specifically as follows:

Receiving, by the local core network node, the global CA list reported by the user, forwarding the global CA list to the local CBE, by the local CBE Forwarding the global CA list to the local CA.
The method according to claim 17, wherein said local CA is not in said CA list or local CA is not said determined CA Obtaining a cross-certificate or an implicit certificate of any one of the global CA lists; or obtaining a cross-certificate or an implicit certificate of the determined CA:

When the local CA obtains the global CA list, and when the local CA stores any one of the global CA lists When the cross-certificate is obtained, the cross-certificate of any one of the CAs is obtained directly from the local CA;

Or when the local CA obtains the global CA list, and when the local CA does not store any one of the global CA lists The cross-certificate, the local CA selects any CA from the global CA list, and obtains a cross-certificate of the selected one of the CAs.
The method according to claim 16, wherein the local CA receives a global authentication authority CA list or a determined CA reported by the user. The information is specifically as follows:

Receiving, by the local core network node, the global CA list reported by the user, forwarding the global CA list to the local CBE, by the local CBE Select any CA from the global CA list, and report any selected CA to the local CA.
The method according to claim 19, wherein said local CA is not in said CA list or local CA is not said determined CA Obtaining a cross-certificate or an implicit certificate of any one of the global CA lists; or obtaining a cross-certificate or an implicit certificate of the determined CA:

When the local CA obtains a CA selected by the local CBE from the global CA list, and is a local CA When the cross-certificate of the arbitrarily selected one of the CAs is stored, the cross-certificate of the arbitrarily selected one of the CAs is directly obtained from the local CA;

Or when the local CA obtains a CA selected by the local CBE from the global CA list, and is a local CA When the cross-certificate of the arbitrarily selected one of the CAs is not stored, the local CA obtains the cross-certificate of the arbitrarily selected one of the CAs.
The method according to claim 16, wherein the local CA receives a global authentication authority CA list or a determined CA reported by the user. The information is specifically as follows:

Receiving, by the local core network node, the global CA list reported by the user, where the local core network node selects any CA from the global CA list And reporting, by the local CBE, any CA selected by the local core network node to the local CBE, and forwarding, by the local CBE, any CA that is selected by the local core network node to the local CA .
The method according to claim 21, wherein said local CA is not in said CA list or local CA is not said determined CA Obtaining a cross-certificate or an implicit certificate of any one of the global CA lists; or obtaining a cross-certificate or an implicit certificate of the determined CA:

And when the local CA receives any one of the local CBE forwarding, and when the local CA stores any one of the local CBE forwarding The CA obtains the cross-certificate of any CA forwarded by the local CBE directly from the local CA.

When the local CA receives any one of the local CBE forwarding, and when the local CA does not store any of the local CBE forwarding At the time of the CA, the local CA obtains a cross-certificate of any CA forwarded by the local CBE.
The method according to claim 16, wherein the local CA receives a global authentication authority CA list or a determined CA reported by the user. The information is specifically as follows:

Receiving, by the local core network node, the determined CA information reported by the user, where the core network node forwards the determined CA information to the local CBE And forwarding, by the local CBE, the determined CA information to the local CA.
The method according to claim 23, wherein said local CA is not in said CA list or local CA is not said determined CA Obtaining a cross-certificate or an implicit certificate of any one of the global CA lists; or obtaining a cross-certificate or an implicit certificate of the determined CA:

When the local CA receives the determined CA information forwarded by the local CBE, and when the local CA stores the determined CA When the cross-certificate is obtained, the cross-certificate of the determined CA is obtained directly from the local CA;

When the local CA receives the determined CA information forwarded by the local CBE, and when the local CA does not store the determined CA The cross-certificate obtains the cross-certificate of the determined CA.
According to claims 17 to 24 The method of any one of the preceding claims, wherein the network element sends the obtained cross-certificate or implicit certificate, or the information of the cross-certificate obtained by the network element or the information of the implicit certificate to the user, so that the network element The user calculates the local according to the cross certificate or implicit certificate The public key of the CA or the local cell broadcasts the public key of the entity CBE, and enables the user to verify the public alarm system delivered to the user by the local CBE according to the public key of the local CA or the public key of the local CBE. The PWS message is specifically:

The cross certificate obtained by the local CA, or the local CA And sending the obtained cross-certificate information to the user, so that the user calculates the public key of the local CA according to the cross-certificate, and causes the user to verify the local CBE according to the public key of the local CA. A public alarm system PWS message that is sent to the user.
The method according to any one of claims 17 to 25, wherein the method further comprises:

The local CA The obtained cross-certificate is sent to the application server, and the cross-certificate or the cross-certificate information is sent to the user by the application server, so that the user calculates the local CA according to the cross-certificate. The public key, and the user verifies the public alarm system PWS message delivered by the local CBE according to the public key of the local CA.
The method of claim 26, wherein the method further comprises:

When the local CA stores the public key of the local CBE and/or the public key of the local CA, the public key of the local CBE and/or the local is directly The public key of the CA is sent to the user, so that the user verifies the PWS message sent by the local CBE to the user according to the local CBE and/or the public key of the local CA.
A method of obtaining a public key, the method comprising:

The user reports the global CA list or the determined CA information to the network element.

Receiving, by the user, a cross certificate or an implicit certificate issued by the network element, or a cross certificate or an implicit certificate, and using the cross certificate or the implicit certificate to the local CBE The PWS message sent to the user is verified.
According to claim 28 The method is characterized in that: the user receives a cross certificate or an implicit certificate issued by the network element, or cross-certificate or implicit certificate information, and performs local CBE according to the cross-certificate or implicit certificate. The PWS message sent to the user is verified as follows:

Receiving, by the user, a cross certificate issued by the network element, or the information of the cross certificate, according to the cross certificate and a CA in the global CA corresponding to the cross certificate The public key of the local CA is calculated according to the public key of the local CA, and the public key of the local CBE is calculated according to the implicit certificate in the PWS message delivered by the local CBE, according to the local key. The public key of the CBE verifies the signature of the PWS message.
According to claim 28 The method is characterized in that: the user receives a cross certificate or an implicit certificate issued by the network element, or cross-certificate or implicit certificate information, and performs local CBE according to the cross-certificate or implicit certificate. The PWS message sent to the user is verified as follows:

Receiving, by the user, an implicit certificate issued by the network element, or the information of the implicit certificate, according to the implicit certificate and a CA in the global CA corresponding to the implicit certificate The public key of the local CBE is calculated by the public key of the local CBE, and the user verifies the signature of the PWS message delivered by the local CBE according to the calculated public key of the local CBE.
The method of claim 28, wherein the method further comprises:

Receiving, by the user, the local CBE public key and/or the local CA public key delivered by the network element, according to the local CBE public key and/or the local CA The public key verifies the PWS message delivered by the local CBE.
The method according to claim 31, wherein the user receives a local CBE public key and/or a local CA delivered by the network element. The public key is used to verify the PWS message delivered by the local CBE according to the local CBE public key or the local CA public key.

When the user receives the local CBE public key delivered by the network element, the local CBE public key is directly verified according to the local CBE public key. Message

Or when the user receives the local CA public key delivered by the network element, according to the local CA public key and the PWS delivered by the local CBE The implicit certificate in the message calculates the public key of the local CBE, and verifies the PWS message delivered by the local CBE according to the calculated public key of the local CBE.
A network element, where the network element includes:

a receiving unit, configured to receive a global certification authority CA list or determined CA information reported by the user;

An obtaining unit, configured to acquire the global CA when the local CA is not in the global CA list or the local CA is not the determined CA a cross-certificate or an implicit certificate of any CA in the list; or a cross-certificate or an implicit certificate of the determined CA;

a first sending unit, configured to send, by the network element, a cross-certificate or an implicit certificate, or the information of the cross-certificate obtained by the network element or the information of the implicit certificate to the user, so that the user according to the Cross-certificate or implicit certificate to calculate the local The public key of the CA or the local cell broadcasts the public key of the entity CBE, and enables the user to verify the public alarm system delivered to the user by the local CBE according to the public key of the local CA or the public key of the local CBE. PWS message.
The network element according to claim 33, wherein the network element further comprises a sending unit, and the sending unit comprises:

The network element sends the obtained cross-certificate or the implicit certificate to the application server, and the application server sends the cross-certificate or the implicit certificate, or the cross-certificate information or the implicit certificate information to the network server. User, causing the user to calculate the local according to the cross certificate or implicit certificate The public key of the CA or the public key of the local cell broadcast entity CBE, and the user verifies the public alarm system PWS of the local CBE delivery user according to the public key of the local CA or the public key of the local CBE. Message.
According to claim 33 or 34 The network element, wherein the network element further includes a second sending unit, where the second lower unit includes:

When the network element stores the public key of the local CBE or the public key of the local CA, the network element directly directly uses the public key of the local CBE or the local CA. The public key is sent to the user, so that the user verifies the PWS message sent by the local CBE to the user according to the public key of the local CBE or the public key of the local CA.
The network element according to claim 35, wherein the network element comprises:

Core network node, CBE, CA

The core network node in the LTE network is the MME, and in the UMTS network, the network element entity is an SGSN, in GSM or The network element entity in the GPRS network is an MSG or an SGSN.
According to claims 33 to 36 The network element according to any one of the preceding claims, wherein the receiving unit comprises a first receiving unit, and the first receiving unit comprises:

The local core network node receives the global authentication authority CA list or the determined CA information reported by the user.
The network element according to claim 37, wherein the obtaining unit comprises a first acquiring unit, and the first acquiring unit comprises:

The local core network node receives a global CA list reported by the user, when the local CA is not in the global CA In the list, when the cross-certificate of any one of the global CA lists is stored in the local core network node, the any one of the CAs stored by the local core network node is directly obtained. Cross certificate

Or when the cross-certificate of any one of the global CA lists is not stored in the local core network node, select any one of the global CA lists. a CA, the local core network node acquires a cross certificate of the selected one of the CAs;

Or the local core network node receives the determined CA information reported by the user, when the local core network node stores the determined CA When the cross-certificate is obtained, the cross-certificate of the determined CA stored by the local core network node is directly obtained;

Or obtaining, when the local core network node does not store the cross-certificate of the determined CA, obtaining the determined CA from the determined CA Cross certificate.
According to claim 37 or 38 The network element is characterized in that: the first sending unit includes a third sending unit, and the third sending unit includes:

And sending, by the local core network node, the obtained cross-certificate, or the cross-certificate information obtained by the local core network node to the user, so that the user calculates the locality according to the cross-certificate The public key of the CA, and the user verifies the PWS message sent by the local CBE to the user according to the local public key.
According to claims 37 to 39 The network element according to any one of the preceding claims, wherein the sending unit comprises a first sending unit, and the first sending unit comprises:

The local core network node sends the obtained cross-certificate to the application server, and the application server sends the cross-certificate or the cross-certificate information to the user, so that the user calculates the cross-certificate according to the cross-certificate. local The public key of the CA, and the user verifies the public alarm system PWS message delivered by the local CBE according to the public key of the local CA.
According to claim 40 The network element is characterized in that: the second sending unit includes a fourth sending unit, and the fourth sending unit includes:

When the local core network node stores the local CBE and / or the local CA's public key, the local CBE and / or local CA are directly The public key is sent to the user, so that the user verifies the PWS message sent by the local CBE to the user according to the local CBE and/or the public key of the local CA.
According to claims 33 to 36 The network element according to any one of the preceding claims, wherein the receiving unit comprises a second receiving unit, and the second receiving unit comprises:

Receiving, by the local CBE, a global authentication and authorization center CA list or a determined CA delivered by the local core network node Information.
The network element according to claim 42, wherein the second receiving unit comprises:

The local CBE receives a global CA list forwarded by the local core network node, and the core network node forwards the global CA list directly to the local CBE ;

Or the core network node selects any CA from the global CA list, and sends the selected one CA to the local CBE. ;

Or the local CBE receives the determined CA information forwarded by the local core network node.
The network element according to claim 43, wherein the obtaining unit comprises a second acquiring unit, and the second obtaining unit comprises:

When the local CBE obtains the global CA list, and when the local CBE stores any one of the global CA lists The implicit certificate of the CA is obtained directly from the local CBE;

Or when the local CBE obtains the global CA list, and when the local CBE does not store any one of the global CA lists The implicit CBR, the local CBE selects any CA from the global CA list, and obtains a cross certificate of the selected one of the CAs;

Or when the local CBE obtains any one of the CAs selected by the core network node from the global CA list, and when the local CBE When storing the implicit certificate of any CA selected by the core network node, the implicit certificate of any one of the CAs is directly obtained from the local CBE;

Or when the local CBE obtains any one of the CAs selected by the core network node from the global CA list, and when the local CBE If the implicit certificate of any one of the CAs selected by the core network node is not stored, the local CBE obtains the cross-certificate of the any one of the CAs;

Or when the local CBE receives the determined CA information forwarded by the local core network node, and when the local CBE stores the determined CA The implicit certificate of the CA is obtained directly from the local CBE;

Or when the local CBE receives the determined CA information forwarded by the local core network node, and when the local CBE does not store the determined CA When the implicit certificate is obtained, the cross certificate of the determined CA is obtained.
According to claims 42 to 44 The network element according to any one of the preceding claims, wherein the first sending unit comprises a fifth sending unit, and the fifth sending unit comprises:

The cross-certificate or implicit certificate that the local CBE will acquire, or the CBE And sending the information of the obtained cross-certificate or the information of the implicit certificate to the user, so that the user calculates the public key of the local CA or the local cell broadcast entity CBE according to the cross-certificate or the implicit certificate. The public key, and the user verifies the public alarm system PWS message sent by the local CBE to the user according to the public key of the local CA or the public key of the local CBE.
According to claims 42 to 45 The network element according to any one of the preceding claims, wherein the sending unit comprises a second sending unit, and the second sending unit comprises:

The local CBE Sending the obtained cross-certificate or the implicit certificate to the application server, and the application server sends the cross-certificate or the implicit certificate, or the information of the cross-certificate or the information of the implicit certificate to the user, so that the user Calculating the local according to the cross certificate or implicit certificate The public key of the CA or the public key of the local cell broadcast entity CBE, and the user verifies the public alarm system PWS of the local CBE delivery user according to the public key of the local CA or the public key of the local CBE. Message.
According to claim 46 The network element, wherein the second sending unit further includes a sixth sending unit, where the sixth sending unit includes:

When the local CBE stores the public key of the local CBE and/or the public key of the local CA, the public key of the local CBE is directly and / Or the public key of the local CA is sent to the user, so that the user verifies the PWS sent by the local CBE to the user according to the local CBE and/or the public key of the local CA. Message.
According to claims 33 to 36 The network element according to any one of the preceding claims, wherein the receiving unit comprises a third receiving unit, and the third receiving unit comprises:

The local CA receives the global authentication authority CA list or the determined CA information reported by the user.
The network element according to claim 48, wherein the receiving unit comprises a third receiving unit, and the third receiving unit comprises:

Receiving, by the local core network node, the global CA list reported by the user, forwarding the global CA list to the local CBE, by the local CBE Forwarding the global CA list to the local CA.
The network element according to claim 49, wherein the obtaining unit comprises a third obtaining unit, and the third obtaining unit comprises:

When the local CA obtains the global CA list, and when the local CA stores any one of the global CA lists When the cross-certificate is obtained, the cross-certificate of any one of the CAs is obtained directly from the local CA;

Or when the local CA obtains the global CA list, and when the local CA does not store any one of the global CA lists The cross-certificate, the local CA selects any CA from the global CA list, and obtains a cross-certificate of the selected one of the CAs.
The network element according to claim 48, wherein the third receiving unit comprises:

Receiving, by the local core network node, the global CA list reported by the user, forwarding the global CA list to the local CBE, by the local CBE Select any CA from the global CA list, and report any selected CA to the local CA.
The network element according to claim 51, wherein the third obtaining unit comprises:

When the local CA obtains a CA selected by the local CBE from the global CA list, and is a local CA When the cross-certificate of the arbitrarily selected one of the CAs is stored, the cross-certificate of the arbitrarily selected one of the CAs is directly obtained from the local CA;

Or when the local CA obtains a CA selected by the local CBE from the global CA list, and is a local CA When the cross-certificate of the arbitrarily selected one of the CAs is not stored, the local CA obtains the cross-certificate of the arbitrarily selected one of the CAs.
The network element according to claim 48, wherein the third receiving unit comprises:

Receiving, by the local core network node, the global CA list reported by the user, where the local core network node selects any CA from the global CA list And reporting, by the local CBE, any CA selected by the local core network node to the local CBE, and forwarding, by the local CBE, any CA that is selected by the local core network node to the local CA .
The network element according to claim 53, wherein the third obtaining unit comprises:

And when the local CA receives any one of the local CBE forwarding, and when the local CA stores any one of the local CBE forwarding The CA obtains the cross-certificate of any CA forwarded by the local CBE directly from the local CA.

When the local CA receives any one of the local CBE forwarding, and when the local CA does not store any of the local CBE forwarding At the time of the CA, the local CA obtains a cross-certificate of any CA forwarded by the local CBE.
The network element according to claim 48, wherein the third receiving unit comprises:

Receiving, by the local core network node, the determined CA information reported by the user, where the core network node forwards the determined CA information to the local CBE And forwarding, by the local CBE, the determined CA information to the local CA.
The network element according to claim 55, wherein the third obtaining unit comprises:

When the local CA receives the determined CA information forwarded by the local CBE, and when the local CA stores the determined CA When the cross-certificate is obtained, the cross-certificate of the determined CA is obtained directly from the local CA;

When the local CA receives the determined CA information forwarded by the local CBE, and when the local CA does not store the determined CA The cross-certificate obtains the cross-certificate of the determined CA.
According to claims 49 to 56 The network element of any one of the preceding claims, wherein the first sending unit comprises a seventh sending unit, and the seventh sending unit comprises:

The cross certificate obtained by the local CA, or the local CA And sending the obtained cross-certificate information to the user, so that the user calculates the public key of the local CA according to the cross-certificate, and causes the user to verify the local CBE according to the public key of the local CA. A public alarm system PWS message that is sent to the user.
According to claims 49 to 57 The network element according to any one of the preceding claims, wherein the sending unit comprises a third sending unit, and the third sending unit comprises:

The local CA The obtained cross-certificate is sent to the application server, and the cross-certificate or the cross-certificate information is sent to the user by the application server, so that the user calculates the local CA according to the cross-certificate. The public key, and the user verifies the public alarm system PWS message delivered by the local CBE according to the public key of the local CA.
According to claim 58 The network element, wherein the second sending unit further includes an eighth sending unit, where the eighth sending unit includes:

When the local CA stores the public key of the local CBE and/or the public key of the local CA, the public key of the local CBE and/or the local is directly The public key of the CA is sent to the user, so that the user verifies the PWS message sent by the local CBE to the user according to the local CBE and/or the public key of the local CA.
A terminal device, the terminal device comprising:

An information sending unit, configured to report, by the user, the global CA list or the determined CA information to the network element;

Receiving a verification unit, configured to receive, by the user, a cross certificate or an implicit certificate issued by the network element, or a cross certificate or an implicit certificate, and localize according to the cross certificate or the implicit certificate The PWS message sent by the CBE to the user is verified.
According to claim 60 The terminal device is characterized in that the receiving and verifying unit includes a first receiving and verifying unit, and the first receiving and verifying unit includes:

Receiving, by the user, a cross certificate issued by the network element, or the information of the cross certificate, according to the cross certificate and a CA in the global CA corresponding to the cross certificate The public key of the local CA is calculated according to the public key of the local CA, and the public key of the local CBE is calculated according to the implicit certificate in the PWS message delivered by the local CBE, according to the local key. The public key of the CBE verifies the signature of the PWS message.
According to claim 61 The terminal device is characterized in that the receiving and verifying unit includes a second receiving and verifying unit, and the second receiving and verifying unit includes:

Receiving, by the user, an implicit certificate issued by the network element, or the information of the implicit certificate, according to the implicit certificate and a CA in the global CA corresponding to the implicit certificate The public key of the local CBE is calculated by the public key of the local CBE, and the user verifies the signature of the PWS message delivered by the local CBE according to the calculated public key of the local CBE.
According to claim 62 The terminal device further includes a third receiving verification unit, where the third receiving verification unit includes:

Receiving, by the user, the local CBE public key and/or the local CA public key delivered by the network element, according to the local CBE public key and/or the local CA The public key verifies the PWS message delivered by the local CBE.
The terminal device according to claim 63, wherein the third receiving verification unit comprises:

When the user receives the local CBE public key delivered by the network element, the local CBE public key is directly verified according to the local CBE public key. Message

Or when the user receives the local CA public key delivered by the network element, according to the local CA public key and the PWS delivered by the local CBE The implicit certificate in the message calculates the public key of the local CBE, and verifies the PWS message delivered by the local CBE according to the calculated public key of the local CBE.
A network element, where the network element includes:

a receiving unit, configured to receive a global certification authority CA list or determined CA information reported by the user;

An obtaining unit, configured to acquire the global CA when the local CA is not in the global CA list or the local CA is not the determined CA a cross-certificate or an implicit certificate of any CA in the list; or a cross-certificate or an implicit certificate of the determined CA;

a first sending unit, configured to send, by the network element, a cross-certificate or an implicit certificate, or the information of the cross-certificate obtained by the network element or the information of the implicit certificate to the user, so that the user according to the Cross-certificate or implicit certificate to calculate the local The public key of the CA or the local cell broadcasts the public key of the entity CBE, and enables the user to verify the public alarm system delivered to the user by the local CBE according to the public key of the local CA or the public key of the local CBE. PWS message.
The network element according to claim 65, wherein said network element comprises a processor, a communication interface, a memory and a bus;

The processor, the communication interface, and the memory complete communication with each other through the bus;

The communication interface is configured to communicate with other Wangyu devices;

The processor is configured to execute a program;

The memory is configured to store a program;

The program is configured to receive a global certificate authority CA list or determined CA information reported by the user; when the local CA is not in the global CA list or local If the CA is not the determined CA, then obtain a cross-certificate or an implicit certificate of any one of the global CA lists; or obtain the determined CA a cross-certificate or an implicit certificate; the network element will send the obtained cross-certificate or the implicit certificate, or the information of the cross-certificate obtained by the network element or the information of the implicit certificate to the user, so that the user according to the Cross-certificate or implicit certificate to calculate the local The public key of the CA or the local cell broadcasts the public key of the entity CBE, and enables the user to verify the public alarm system delivered to the user by the local CBE according to the public key of the local CA or the public key of the local CBE. PWS message.
The network element according to claim 66, wherein the network element further comprises a sending unit, wherein the sending unit comprises:

The network element sends the obtained cross-certificate or the implicit certificate to the application server, and the application server sends the cross-certificate or the implicit certificate, or the cross-certificate information or the implicit certificate information to the network server. User, causing the user to calculate the local according to the cross certificate or implicit certificate The public key of the CA or the public key of the local cell broadcast entity CBE, and the user verifies the public alarm system PWS of the local CBE delivery user according to the public key of the local CA or the public key of the local CBE. Message.
The network element according to claim 66 or 67, wherein the network element Also included is a second delivery unit, the second lower unit comprising:

When the network element stores the public key of the local CBE or the public key of the local CA, the network element directly directly uses the public key of the local CBE or the local CA. The public key is sent to the user, so that the user verifies the PWS message sent by the local CBE to the user according to the public key of the local CBE or the public key of the local CA.
The network element according to claim 68, wherein the network element comprises:

Core network node, CBE, CA

The core network node in the LTE network is the MME, and in the UMTS network, the network element entity is an SGSN, in GSM or The network element entity in the GPRS network is an MSG or an SGSN.
A network element according to any one of claims 66 to 69, wherein said said The receiving unit includes a first receiving unit, and the first receiving unit includes:

The local core network node receives the global authentication authority CA list or the determined CA information reported by the user.
A network element according to claim 70, wherein The obtaining unit includes a first acquiring unit, where the first acquiring unit includes:

The local core network node receives a global CA list reported by the user, when the local CA is not in the global CA In the list, when the cross-certificate of any one of the global CA lists is stored in the local core network node, the any one of the CAs stored by the local core network node is directly obtained. Cross certificate

Or when the cross-certificate of any one of the global CA lists is not stored in the local core network node, select any one of the global CA lists. a CA, the local core network node acquires a cross certificate of the selected one of the CAs;

Or the local core network node receives the determined CA information reported by the user, when the local core network node stores the determined CA When the cross-certificate is obtained, the cross-certificate of the determined CA stored by the local core network node is directly obtained;

Or obtaining, when the local core network node does not store the cross-certificate of the determined CA, obtaining the determined CA from the determined CA Cross certificate.
A network element according to claim 70 or 71, wherein The first sending unit includes a third sending unit, and the third sending unit includes:

And sending, by the local core network node, the obtained cross-certificate, or the cross-certificate information obtained by the local core network node to the user, so that the user calculates the locality according to the cross-certificate The public key of the CA, and the user verifies the PWS message sent by the local CBE to the user according to the local public key.
A network element according to any one of claims 70 to 72, characterized in that The sending unit includes a first sending unit, and the first sending unit includes:

The local core network node sends the obtained cross-certificate to the application server, and the application server sends the cross-certificate or the cross-certificate information to the user, so that the user calculates the cross-certificate according to the cross-certificate. local The public key of the CA, and the user verifies the public alarm system PWS message delivered by the local CBE according to the public key of the local CA.
A network element according to claim 73, wherein The second sending unit further includes a fourth sending unit, where the fourth sending unit includes:

When the local core network node stores the local CBE and / or the local CA's public key, the local CBE and / or local CA are directly The public key is sent to the user, so that the user verifies the PWS message sent by the local CBE to the user according to the local CBE and/or the public key of the local CA.
A network element according to any one of claims 66 to 69, characterized in that The receiving unit includes a second receiving unit, and the second receiving unit includes:

Receiving, by the local CBE, a global authentication and authorization center CA list or a determined CA delivered by the local core network node Information.
The network element according to claim 75, wherein the second receiving unit comprises:

The local CBE receives a global CA list forwarded by the local core network node, and the core network node forwards the global CA list directly to the local CBE ;

Or the core network node selects any CA from the global CA list, and sends the selected one CA to the local CBE. ;

Or the local CBE receives the determined CA information forwarded by the local core network node.
The network element according to claim 76, wherein the obtaining unit comprises a second acquiring unit, and the second obtaining unit comprises:

When the local CBE obtains the global CA list, and when the local CBE stores any one of the global CA lists The implicit certificate of the CA is obtained directly from the local CBE;

Or when the local CBE obtains the global CA list, and when the local CBE does not store any one of the global CA lists The implicit CBR, the local CBE selects any CA from the global CA list, and obtains a cross certificate of the selected one of the CAs;

Or when the local CBE obtains any one of the CAs selected by the core network node from the global CA list, and when the local CBE When storing the implicit certificate of any CA selected by the core network node, the implicit certificate of any one of the CAs is directly obtained from the local CBE;

Or when the local CBE obtains any one of the CAs selected by the core network node from the global CA list, and when the local CBE If the implicit certificate of any one of the CAs selected by the core network node is not stored, the local CBE obtains the cross-certificate of the any one of the CAs;

Or when the local CBE receives the determined CA information forwarded by the local core network node, and when the local CBE stores the determined CA The implicit certificate of the CA is obtained directly from the local CBE;

Or when the local CBE receives the determined CA information forwarded by the local core network node, and when the local CBE does not store the determined CA When the implicit certificate is obtained, the cross certificate of the determined CA is obtained.
A method according to any one of claims 75 to 77 The network element is characterized in that: the first sending unit includes a fifth sending unit, and the fifth sending unit includes:

The cross-certificate or implicit certificate that the local CBE will acquire, or the CBE And sending the information of the obtained cross-certificate or the information of the implicit certificate to the user, so that the user calculates the public key of the local CA or the local cell broadcast entity CBE according to the cross-certificate or the implicit certificate. The public key, and the user verifies the public alarm system PWS message sent by the local CBE to the user according to the public key of the local CA or the public key of the local CBE.
According to claims 75 to 78 The network element according to any one of the preceding claims, wherein the sending unit comprises a second sending unit, and the second sending unit comprises:

The local CBE Sending the obtained cross-certificate or the implicit certificate to the application server, and the application server sends the cross-certificate or the implicit certificate, or the information of the cross-certificate or the information of the implicit certificate to the user, so that the user Calculating the local according to the cross certificate or implicit certificate The public key of the CA or the public key of the local cell broadcast entity CBE, and the user verifies the public alarm system PWS of the local CBE delivery user according to the public key of the local CA or the public key of the local CBE. Message.
According to claim 79 The network element, wherein the second sending unit further includes a sixth sending unit, where the sixth sending unit includes:

When the local CBE stores the public key of the local CBE and/or the public key of the local CA, the public key of the local CBE is directly and / Or the public key of the local CA is sent to the user, so that the user verifies the PWS sent by the local CBE to the user according to the local CBE and/or the public key of the local CA. Message.
According to claims 66 to 69 The network element according to any one of the preceding claims, wherein the receiving unit comprises a third receiving unit, and the third receiving unit comprises:

The local CA receives the global authentication authority CA list or the determined CA information reported by the user.
The network element according to claim 81, wherein the receiving unit comprises a third receiving unit, and the third receiving unit comprises:

Receiving, by the local core network node, the global CA list reported by the user, forwarding the global CA list to the local CBE, by the local CBE Forwarding the global CA list to the local CA.
The network element according to claim 82, wherein the obtaining unit comprises a third obtaining unit, and the third obtaining unit comprises:

When the local CA obtains the global CA list, and when the local CA stores any one of the global CA lists When the cross-certificate is obtained, the cross-certificate of any one of the CAs is obtained directly from the local CA;

Or when the local CA obtains the global CA list, and when the local CA does not store any one of the global CA lists The cross-certificate, the local CA selects any CA from the global CA list, and obtains a cross-certificate of the selected one of the CAs.
The network element according to claim 81, wherein the third receiving unit comprises:

Receiving, by the local core network node, the global CA list reported by the user, forwarding the global CA list to the local CBE, by the local CBE Select any CA from the global CA list, and report any selected CA to the local CA.
The network element according to claim 84, wherein the third obtaining unit comprises:

When the local CA obtains a CA selected by the local CBE from the global CA list, and is a local CA When the cross-certificate of the arbitrarily selected one of the CAs is stored, the cross-certificate of the arbitrarily selected one of the CAs is directly obtained from the local CA;

Or when the local CA obtains a CA selected by the local CBE from the global CA list, and is a local CA When the cross-certificate of the arbitrarily selected one of the CAs is not stored, the local CA obtains the cross-certificate of the arbitrarily selected one of the CAs.
The network element according to claim 81, wherein the third receiving unit comprises:

Receiving, by the local core network node, the global CA list reported by the user, where the local core network node selects any CA from the global CA list And reporting, by the local CBE, any CA selected by the local core network node to the local CBE, and forwarding, by the local CBE, any CA that is selected by the local core network node to the local CA .
The network element according to claim 86, wherein the third obtaining unit comprises:

And when the local CA receives any one of the local CBE forwarding, and when the local CA stores any one of the local CBE forwarding The CA obtains the cross-certificate of any CA forwarded by the local CBE directly from the local CA.

When the local CA receives any one of the local CBE forwarding, and when the local CA does not store any of the local CBE forwarding At the time of the CA, the local CA obtains a cross-certificate of any CA forwarded by the local CBE.
The network element according to claim 81, wherein the third receiving unit comprises:

Receiving, by the local core network node, the determined CA information reported by the user, where the core network node forwards the determined CA information to the local CBE And forwarding, by the local CBE, the determined CA information to the local CA.
The network element according to claim 88, wherein the third obtaining unit comprises:

When the local CA receives the determined CA information forwarded by the local CBE, and when the local CA stores the determined CA When the cross-certificate is obtained, the cross-certificate of the determined CA is obtained directly from the local CA;

When the local CA receives the determined CA information forwarded by the local CBE, and when the local CA does not store the determined CA The cross-certificate obtains the cross-certificate of the determined CA.
According to claims 82 to 89 The network element of any one of the preceding claims, wherein the first sending unit comprises a seventh sending unit, and the seventh sending unit comprises:

The cross certificate obtained by the local CA, or the local CA And sending the obtained cross-certificate information to the user, so that the user calculates the public key of the local CA according to the cross-certificate, and causes the user to verify the local CBE according to the public key of the local CA. A public alarm system PWS message that is sent to the user.
According to claims 82 to 90 The network element according to any one of the preceding claims, wherein the sending unit comprises a third sending unit, and the third sending unit comprises:

The local CA The obtained cross-certificate is sent to the application server, and the cross-certificate or the cross-certificate information is sent to the user by the application server, so that the user calculates the local CA according to the cross-certificate. The public key, and the user verifies the public alarm system PWS message delivered by the local CBE according to the public key of the local CA.
According to claim 91 The network element, wherein the second sending unit further includes an eighth sending unit, where the eighth sending unit includes:

When the local CA stores the public key of the local CBE and/or the public key of the local CA, the public key of the local CBE and/or the local is directly The public key of the CA is sent to the user, so that the user verifies the PWS message sent by the local CBE to the user according to the local CBE and/or the public key of the local CA.
A terminal device, the terminal device comprising:

An information sending unit, configured to report, by the user, the global CA list or the determined CA information to the network element;

Receiving a verification unit, configured to receive, by the user, a cross certificate or an implicit certificate issued by the network element, or a cross certificate or an implicit certificate, and localize according to the cross certificate or the implicit certificate The PWS message sent by the CBE to the user is verified.
The terminal device according to claim 93, wherein said network element comprises a processor, a communication interface, a memory and a bus;

The processor, the communication interface, and the memory complete communication with each other through the bus;

The communication interface is configured to communicate with other network elements;

The processor is configured to execute a program;

The memory is configured to store a program;

The program is used by the user to list the global CA or determine the CA. The information is reported to the network element; the user receives the cross certificate or the implicit certificate issued by the network element, or the information of the cross certificate or the implicit certificate, and the local CBE is performed according to the cross certificate or the implicit certificate. Sent to the user The PWS message is verified.
According to claim 94 The terminal device is characterized in that the receiving and verifying unit includes a first receiving and verifying unit, and the first receiving and verifying unit includes:

Receiving, by the user, a cross certificate issued by the network element, or the information of the cross certificate, according to the cross certificate and a CA in the global CA corresponding to the cross certificate The public key of the local CA is calculated according to the public key of the local CA, and the public key of the local CBE is calculated according to the implicit certificate in the PWS message delivered by the local CBE, according to the local key. The public key of the CBE verifies the signature of the PWS message.
According to claim 95 The terminal device is characterized in that the receiving and verifying unit includes a second receiving and verifying unit, and the second receiving and verifying unit includes:

Receiving, by the user, an implicit certificate issued by the network element, or the information of the implicit certificate, according to the implicit certificate and a CA in the global CA corresponding to the implicit certificate The public key of the local CBE is calculated by the public key of the local CBE, and the user verifies the signature of the PWS message delivered by the local CBE according to the calculated public key of the local CBE.
According to claim 96 The terminal device further includes a third receiving verification unit, where the third receiving verification unit includes:

Receiving, by the user, the local CBE public key and/or the local CA public key delivered by the network element, according to the local CBE public key and/or the local CA The public key verifies the PWS message delivered by the local CBE.
The terminal device according to claim 97, wherein the third receiving verification unit comprises:

When the user receives the local CBE public key delivered by the network element, the local CBE public key is directly verified according to the local CBE public key. Message

Or when the user receives the local CA public key delivered by the network element, according to the local CA public key and the PWS delivered by the local CBE The implicit certificate in the message calculates the public key of the local CBE, and verifies the PWS message delivered by the local CBE according to the calculated public key of the local CBE.