WO2020177716A1 - Procédé et appareil pour protéger des informations auxiliaires - Google Patents

Procédé et appareil pour protéger des informations auxiliaires Download PDF

Info

Publication number
WO2020177716A1
WO2020177716A1 PCT/CN2020/077787 CN2020077787W WO2020177716A1 WO 2020177716 A1 WO2020177716 A1 WO 2020177716A1 CN 2020077787 W CN2020077787 W CN 2020077787W WO 2020177716 A1 WO2020177716 A1 WO 2020177716A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
key
auxiliary information
message
network element
Prior art date
Application number
PCT/CN2020/077787
Other languages
English (en)
Chinese (zh)
Inventor
郭龙华
马景旺
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2020177716A1 publication Critical patent/WO2020177716A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/021Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services

Definitions

  • This application relates to the field of communications, and more specifically, to a method and device for protecting auxiliary information.
  • the enhanced serving mobile location center issues a broadcast key to a mobility management entity (mobility management entity, MME), and the MME stores the broadcast key.
  • MME mobility management entity
  • the MME carries the broadcast key in the response message of the attach request or the response message of the TAU request and sends it to the terminal, so that the terminal is The key encrypts the auxiliary information, which is used to assist the terminal to achieve high-precision positioning.
  • the MME can assign a unified key to multiple terminals, and the subsequent MME can use the key assigned to the terminal to encrypt the auxiliary information, and the terminal uses the key to decrypt the auxiliary information.
  • the security performance of the auxiliary information Relatively low.
  • the present application provides a method and device for protecting auxiliary information, which can improve the security performance of auxiliary information.
  • a method for protecting auxiliary information includes: access and mobility management function network element AMF receives a tracking area identifier to which a first terminal belongs, and the tracking area identifier is used to indicate the first terminal The tracking area to which the first terminal belongs; the AMF determines the first key assigned to the first terminal according to the tracking area to which the first terminal belongs, and the first key is used to protect auxiliary information; the AMF sends the first key to the first terminal The first key.
  • the AMF receives the tracking area identifier used to indicate the tracking area to which the first terminal belongs, and then allocates a key (ie, the first key) to the first terminal according to the tracking area to which the first terminal belongs, and sends the first key to For the first terminal, compared to the traditional solution, the mobility management network element uniformly assigns a key to the terminal.
  • the embodiment of the present application can assign a suitable key to the first terminal and protect the auxiliary information of the first terminal through the key , Thereby improving the security performance of auxiliary information.
  • the method further includes: the AMF obtains the positioning mode of the first terminal; wherein, the AMF determines the first key assigned to the first terminal according to the tracking area to which the first terminal belongs Including: the AMF determines the first key according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs.
  • the AMF can also obtain the positioning mode of the first terminal, and determine the first key assigned to the first terminal by combining the tracking area to which the first terminal belongs and the positioning mode of the first terminal, so that a more appropriate key can be assigned to the first terminal.
  • the key further improves the security performance of auxiliary information.
  • the method further includes: the AMF receives a first message from the location management function network element LMF, the first message includes multiple keys supported by the LMF, and each of the multiple keys The positioning mode and tracking area corresponding to each key; wherein, the AMF determines the first key assigned to the first terminal according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs includes: the AMF according to The positioning mode of the first terminal and the tracking area to which the first terminal belongs are determined from a plurality of keys supported by the LMF.
  • the AMF may receive a first message from the LMF.
  • the first message may include multiple keys supported by the LMF, at least one positioning mode, at least one tracking area, and the at least one positioning mode, the at least one tracking area, and the multiple The keys have a mapping relationship, so that the AMF can select the appropriate key (ie, the first key) from the multiple keys supported by the LMF in combination with the positioning mode of the first terminal and the tracking area to which the first terminal belongs , Which saves the power consumption overhead of AMF determining the first key.
  • the AMF determining the first key from the plurality of keys supported by the LMF according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs includes: the AMF according to the The positioning mode of the first terminal and the first mapping relationship are determined, a second key set is determined from the first key set, the first key set includes the multiple keys, and the second key is at least one positioning The mapping relationship between the method and at least one key; the AMF determines the first key from the second key set according to the tracking area to which the first terminal belongs and the second mapping relationship, and the first mapping relationship is at least one The mapping relationship between the tracking area and at least one key.
  • the AMF can determine a more suitable first key according to the first mapping relationship and the second mapping relationship, which further saves the power consumption of the AMF.
  • the first message further includes multiple positioning modes supported by the LMF
  • the method further includes: the AMF obtains positioning capability information of the first terminal, and the positioning capability information is used to indicate the first terminal The positioning mode supported by the terminal; where the AMF acquiring the positioning mode of the first terminal includes: the AMF determines the positioning mode of the first terminal according to the positioning mode supported by the first terminal and the multiple positioning modes supported by the LMF.
  • the AMF can also receive the positioning capability information of the first terminal.
  • the positioning capability information is used to indicate the positioning mode supported by the first terminal and to obtain the positioning mode supported by the LMF, so that the AMF can combine the positioning mode supported by the first terminal with the LMF.
  • the supported positioning mode determines the positioning mode of the first terminal, thereby determining a suitable positioning mode for the first terminal, which in turn helps to select a suitable first key for the first terminal, thereby improving the security performance of the auxiliary information.
  • acquiring, by the AMF, the positioning capability information of the first terminal includes: the AMF receives a second message, and the second message includes the positioning capability information; wherein, the AMF sends the first terminal to the first terminal.
  • a key includes: the AMF sends a response message of the second message to the first terminal, and the response message includes the first key.
  • the acquisition of the positioning capability information of the first terminal by the AMF may be carried in the second message of the first terminal, and accordingly, the first key may be carried in the response message of the second message.
  • the first terminal does not need to specifically send the positioning capability information
  • the AMF does not need to specifically send the first key.
  • the distribution of the key may also be triggered by the second message, that is, the embodiment of the present application provides a way to trigger the key distribution.
  • the AMF receiving the tracking area identifier includes: the AMF receives a third message, the third message is used to request to update the tracking area, the third message includes the tracking area identifier; wherein, the AMF sends the The first terminal sending the first key includes: the AMF sends a response message of the third message to the first terminal, and the response message of the third message includes the first key.
  • the AMF receiving tracking area identifier may be a third message received by the AMF, the third message including the tracking area identifier, and accordingly, the first key is carried in the response message of the third message.
  • the first terminal does not need to specifically send the third message
  • the AMF does not need to specifically send the first key.
  • signaling overhead is saved.
  • the embodiments of the present application provide another way to trigger key distribution.
  • the method further includes: the AMF sends one or more of an expiration date and indication information to the first terminal, and the expiration date is used to indicate that the first terminal can use the first secret.
  • the key duration threshold or the threshold of the number of times the first key can be used, the indication information is used to indicate whether the AMF supports auxiliary information in the tracking area to which the first terminal belongs.
  • the AMF can send the expiration date to the first terminal, so that the first terminal can determine the effective period of the first key according to the expiration date, avoiding the use of unreasonable keys for analysis and improving the security performance of auxiliary information.
  • AMF can also send indication information to indicate whether the tracking area to which the first terminal belongs supports auxiliary information. If it supports auxiliary information, the first terminal can be configured to receive auxiliary information, which prevents the first terminal from receiving auxiliary information. The auxiliary information is still waiting in the state, which saves the power consumption of the first terminal.
  • the method further includes: the AMF obtains the auxiliary information setting from the UDM; the AMF determines to send the auxiliary information to the first terminal when the auxiliary information setting indicates that the first terminal signs the auxiliary information The first key.
  • the AMF can determine whether the first terminal has subscribed to the auxiliary information according to the auxiliary information setting. In the case of subscribing to the auxiliary information, the first key is sent to the first terminal, so that this embodiment of the application can be created for future commercial applications Conditions, for example, can achieve high-precision positioning and charging.
  • the AMF may send a positioning setting request to the UDM, the positioning setting request may be used to request the auxiliary information setting of the first terminal, the UDM feeds back a response message of the positioning setting request to the AMF, and the response message of the positioning setting request includes the auxiliary information setting.
  • the method further includes: the AMF receives a fourth message, the fourth message includes a third mapping relationship between at least one area list and at least one auxiliary information; the AMF determines according to the third mapping relationship The first auxiliary information corresponding to the first area list in the at least one area list; the AMF sends the first auxiliary information through the access network device corresponding to the first area list.
  • the LMF sends a fourth message to the AMF.
  • the fourth message includes at least one area list and at least one auxiliary information, and the at least one area list and the at least one auxiliary information have a mapping relationship (that is, a third mapping relationship), so that the AMF can
  • the third mapping relationship determines the auxiliary information corresponding to any area list (for example, the first area list), so that the AMF can broadcast the first auxiliary information to the terminals covered by the access network device through the access network device corresponding to the first area list Information, that is, AMF can send different auxiliary information through access network devices corresponding to different area lists.
  • AMF sends auxiliary information through all access network devices covered, it saves signaling overhead.
  • the embodiments of the present application can reduce the interference of irrelevant auxiliary information to the auxiliary information of the first terminal, and improve the efficiency of auxiliary information transmission.
  • the fourth message further includes a fourth mapping relationship between at least one positioning mode and the at least one auxiliary information
  • the method further includes: the AMF determines the at least one positioning mode according to the fourth mapping relationship The at least one auxiliary information corresponding to the first positioning mode in the AMF; wherein, the AMF determining the first auxiliary information corresponding to the first area list in the at least one area list according to the third mapping relationship includes: the AMF according to the third The mapping relationship is used to determine the first auxiliary information from at least one auxiliary information corresponding to the first positioning mode.
  • the fourth message may also include multiple positioning modes and at least one auxiliary information, and the at least one positioning mode and the at least one auxiliary information have a mapping relationship.
  • the AMF may also determine according to at least one auxiliary information corresponding to the first positioning method in combination with the auxiliary information corresponding to the first area list box The first auxiliary information, so as to further accurately broadcast auxiliary information.
  • the method further includes: when the first key of the first terminal becomes invalid, the AMF obtains the second key; and the AMF sends the second key to the first terminal.
  • the first key invalidation may be determined by AMF.
  • the first key may also be determined by the first terminal, or determined by the LMF, and then notify the AMF.
  • AMF can obtain the second key when the first key is invalid, that is, update the first key to the second key, and send the second key to the first terminal, so that AMF can use the second key.
  • the key encrypts the auxiliary information, and the first terminal can use the second key to decrypt the auxiliary information, that is, the key is updated in time, which further improves the security performance of the auxiliary information.
  • the method further includes: the AMF receives a fifth message, the fifth message is used to request the location information of the first terminal; wherein, the AMF sends the second key to the first terminal
  • the method includes: the AMF sends the second key to the first terminal according to the fifth message.
  • the fifth message can be used to trigger the AMF to send the second key to the first terminal. That is, the embodiment of this application provides a key update method, so that both ends of the communication can use a suitable key for auxiliary information transmission, which further improves Improve the security performance of auxiliary information.
  • the method further includes: the AMF receives a sixth message from the first terminal, the sixth message is used to request to update the key; wherein, the AMF sends the second terminal to the first terminal.
  • the key includes: the AMF sends the second key to the first terminal according to the sixth message.
  • the first terminal When detecting that the first key has expired, the first terminal sends a sixth message to the AMF through the access network device, and the sixth message may be used to request to update the key.
  • the AMF receives the sixth message, and sends the second key to the first terminal according to the sixth message. That is, the sixth message can be used to trigger the AMF to send the second key.
  • the second key can be carried in the response message of the sixth message. That is to say, the embodiment of the present application provides another key update method, so that both ends of the communication can use an appropriate key to transmit auxiliary information, which further improves the security performance of the auxiliary information.
  • a method for protecting positioning assistance information includes: a first terminal sends a tracking area identifier to an access and mobility management function network element AMF, where the tracking area identifier is used to indicate the first The tracking area to which the terminal belongs; the first terminal receives a first key, the first key is determined by the AMF according to the tracking area to which the first terminal belongs, and the first key is used to protect auxiliary information.
  • the first terminal sends to the AMF a tracking area identifier used to indicate the tracking area to which the first terminal belongs.
  • the tracking area identifier of the tracking area to which the first terminal belongs is used by the AMF to determine the first key used to protect the auxiliary information.
  • the first terminal obtains the first key from the AMF, that is, the embodiment of the present application can allocate a more suitable key to the first terminal, and protect the auxiliary information of the first terminal through the first key, thereby Improve the security performance of auxiliary information.
  • the method further includes: the first terminal receives the encrypted auxiliary information; and the first terminal decrypts the encrypted auxiliary information according to the first key.
  • the first terminal receives the encrypted auxiliary information, so that the first terminal can decrypt the auxiliary information encrypted by using the first key according to the first key, thereby improving the security performance of the auxiliary information.
  • the method further includes: the first terminal sends positioning capability information to the AMF, where the positioning capability information is used to indicate a positioning manner supported by the first terminal.
  • the first terminal sends the positioning mode of the first terminal to the AMF, and the AMF determines the first key assigned by the first terminal based on the tracking area to which the first terminal belongs and the positioning mode of the first terminal.
  • the distribution of more appropriate keys further improves the security performance of auxiliary information.
  • the first terminal sending positioning capability information to the AMF includes: the first terminal sends a second message to the AMF, the second message includes the positioning capability information, and the second message is used to request Access the AMF; wherein, the first terminal receiving the first key includes: the first terminal receives a response message of the second message, and the response message includes the first key.
  • the first terminal sends the positioning capability information of the first terminal to the AMF.
  • the positioning capability information of the first terminal can be carried in the second message of the first terminal.
  • the first key can be carried in the second message. Response message.
  • the first terminal does not need to specifically send the positioning capability information
  • the AMF does not need to specifically send the first key.
  • the distribution of the key may also be triggered by the second message, that is, the embodiment of the present application provides a way to trigger the key distribution.
  • sending the tracking area identifier by the first terminal to the AMF includes: the first terminal sends a third message to the AMF, the third message including the tracking area identifier; wherein, the first terminal receives the first terminal A key includes: the first terminal receives a response message of the third message, and the response message includes the first key.
  • the first terminal sends a third message including the tracking area identifier to the AMF, and accordingly, the first key is carried in the response message of the third message.
  • the first terminal does not need to specifically send the third message, and the AMF does not need to specifically send the first key.
  • signaling overhead is saved.
  • the embodiments of the present application provide another way to trigger key distribution.
  • the method further includes: the first terminal receives one or more of an expiration date and indication information from the AMF, and the expiration date is used to indicate that the first terminal can use the first secret.
  • the key duration threshold or the threshold of the number of times the first key can be used, the indication information is used to indicate whether the AMF supports auxiliary information in the tracking area to which the first terminal belongs.
  • the first terminal can receive the expiration date sent by the AMF, so that the first terminal can determine the effective period of the first key according to the expiration date, avoiding the use of unreasonable keys for parsing and improving the security performance of auxiliary information.
  • AMF can also send indication information to indicate whether the tracking area to which the first terminal belongs supports auxiliary information. If it supports auxiliary information, the first terminal can be configured to receive auxiliary information, which prevents the first terminal from receiving auxiliary information. The auxiliary information is still waiting in the state, which saves the power consumption of the first terminal.
  • the method further includes: the first terminal determines whether the first key is invalid according to the expiration date; when the first terminal determines that the first key is invalid, report to the AMF Send a sixth message, the sixth message is used to request to update the key; the first terminal receives the response message of the sixth message, the response message of the sixth message includes the second key; the first terminal according to the second Key to decrypt the encrypted auxiliary information.
  • the first terminal can detect whether the first key has expired according to the expiration date of the first key, and in the case of detecting that the first key has expired, send a sixth message to the AMF through the access network device, and the AMF selects the first terminal New key (for example, the second key), and send the second key to the first terminal, so that the first terminal can decrypt the encrypted auxiliary information according to the second key, that is, the embodiment of the present application can Update the key for the first terminal, thereby further improving the security performance of the auxiliary information.
  • the first terminal can detect whether the first key has expired according to the expiration date of the first key, and in the case of detecting that the first key has expired, send a sixth message to the AMF through the access network device, and the AMF selects the first terminal New key (for example, the second key), and send the second key to the first terminal, so that the first terminal can decrypt the encrypted auxiliary information according to the second key, that is, the embodiment of the present application can Update the key for the first terminal, thereby further improving the
  • the first terminal determining whether the first key is invalid according to the expiration date includes: the first terminal determining that the first terminal uses the first key for a period of time greater than the duration threshold In a case, it is determined that the first key is invalid; or the first terminal determines that the first key is invalid in the case that the number of times the first terminal uses the first key is greater than the threshold of the number of times.
  • the first terminal may specifically detect whether the duration of using the first key exceeds the duration threshold, and if the duration of using the first key exceeds the duration threshold, determine that the first key has expired, otherwise the first key has not expired; or A terminal can detect whether the number of times of using the first key exceeds the threshold of times. If the number of times of using the first key exceeds the threshold of times, the first key expires; otherwise, the first key expires.
  • the method further includes: the first terminal receives a second key from the AMF; and the first terminal decrypts the auxiliary information received from the AMF according to the second key.
  • the AMF When the AMF detects the second key, it sends the second key to the first terminal, and the first terminal parses the auxiliary information according to the second key, that is, the first terminal can obtain the new key from the AMF. Update the key to improve the security performance of auxiliary information.
  • a method for protecting auxiliary information includes: a location management function network element LMF determines a first message, the first message includes multiple keys supported by the LMF, and the multiple secrets The tracking areas corresponding to the keys respectively; the LMF sends the first message to the access and mobility management function network element AMF.
  • the LMF sends a first message to the AMF.
  • the first message may include multiple keys supported by the LMF and at least one tracking area, and the at least one tracking area and the multiple keys have a mapping relationship, so that the AMF can
  • the tracking area to which the first terminal belongs selects an appropriate key (that is, the first key) from the multiple keys supported by the LMF, which saves the power consumption of the AMF for determining the first key.
  • the first message further includes a mapping relationship between the multiple keys and at least one positioning mode.
  • the first message may include multiple keys supported by the LMF, at least one tracking area, and at least one positioning mode, and the at least one positioning mode, the at least one tracking area, and the multiple keys have a mapping relationship, so that the AMF An appropriate key (ie, the first key) can be selected from the multiple keys supported by the LMF according to the tracking area to which the first terminal belongs and the positioning mode of the first terminal, thereby further saving the AMF to determine the first key.
  • the power consumption overhead of a key is a mapping relationship
  • the method further includes: the LMF generates at least one auxiliary information; the LMF sends a fourth message, and the fourth message includes a third mapping relationship between at least one area list and at least one auxiliary information.
  • the LMF sends a fourth message to the AMF.
  • the fourth message includes at least one area list and at least one auxiliary information, and the at least one area list and the at least one auxiliary information have a mapping relationship (that is, a third mapping relationship), so that the AMF can
  • the third mapping relationship determines the auxiliary information corresponding to any area list (for example, the first area list), so that the AMF can broadcast the first auxiliary information to the terminals covered by the access network device through the access network device corresponding to the first area list Information, that is, AMF can send different auxiliary information through access network devices corresponding to different area lists.
  • AMF sends auxiliary information through all access network devices covered, it saves signaling overhead.
  • the embodiments of the present application can reduce the interference of irrelevant auxiliary information to the auxiliary information of the first terminal, and improve the efficiency of auxiliary information transmission.
  • the fourth message further includes a fourth mapping relationship between multiple positioning modes and the at least one auxiliary information.
  • the fourth message may also include multiple positioning modes and at least one auxiliary information, and the at least one positioning mode and the at least one auxiliary information have a mapping relationship.
  • the AMF may also determine according to at least one auxiliary information corresponding to the first positioning method in combination with the auxiliary information corresponding to the first area list box The first auxiliary information, so as to further accurately broadcast auxiliary information.
  • generating the at least one auxiliary information by the LMF includes: the LMF determines the first area list corresponding to the second auxiliary information according to the second auxiliary information in the at least one auxiliary information and the third mapping relationship The LMF determines the first key corresponding to the first area list according to the first area list; the LMF uses the first key to encrypt the second auxiliary information to generate the first auxiliary information.
  • the LMF assigns keys to the auxiliary information corresponding to the different area lists according to the mapping relationship carried in the first message sent, and accordingly, the AMF also determines the auxiliary information corresponding to the different area lists according to the mapping relationship in the first message And send the determined key to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • generating the at least one auxiliary information by the LMF includes: the LMF determines the first area list corresponding to the second auxiliary information according to the second auxiliary information in the at least one auxiliary information and the third mapping relationship The LMF determines the first positioning mode corresponding to the second auxiliary information according to the second auxiliary information and the fourth mapping relationship; the LMF determines the first key according to the first area list and the first positioning mode; The LMF encrypts the second auxiliary information by using the first key to generate the first auxiliary information.
  • the LMF assigns keys to the corresponding auxiliary information according to the area list and positioning mode. Accordingly, the AMF also determines the different area lists according to the mapping relationship in the first message. The key of the auxiliary information corresponding to the positioning mode is sent to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • a method for transmitting auxiliary information includes a mobility management function network element AMF acquiring a first message, the first message including a first mapping relationship between at least one area list and at least one auxiliary information, and Each area list in the at least one area list corresponds to part of the access network equipment among the multiple access network equipment managed by the AMF; the AMF determines the first area list in the at least one area list according to the first mapping relationship Corresponding first auxiliary information; the AMF sends the first auxiliary information through the access network device corresponding to the first area list.
  • the AMF obtains a first message.
  • the first message includes that the LMF allocates keys for the auxiliary information corresponding to different area lists according to the mapping relationship carried in the first message, and the AMF determines the key corresponding to the different area lists according to the mapping relationship in the first message.
  • the key of the auxiliary information is sent to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • the first message further includes a second mapping relationship between multiple positioning modes and the at least one auxiliary information
  • the method further includes: the AMF determines the at least one positioning mode according to the second mapping relationship The at least one auxiliary information corresponding to the first positioning mode in the AMF; wherein the AMF determining the first auxiliary information corresponding to the first area list in the at least one area list according to the first mapping relationship includes: the AMF according to the first The mapping relationship is used to determine the first auxiliary information from at least one auxiliary information corresponding to the first positioning mode.
  • the first message also includes a second mapping relationship between multiple positioning modes and the at least one auxiliary information.
  • AMF determines at least one auxiliary information corresponding to the first positioning mode in the at least one positioning mode according to the second mapping relationship, and
  • the first mapping relationship determines the first auxiliary information from at least one auxiliary information corresponding to the first positioning mode, that is, the AMF determines the different area lists and the auxiliary information corresponding to the positioning mode according to the mapping relationship in the first message.
  • send the determined key to the terminal so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • the method further includes: the AMF determines the first key corresponding to the first auxiliary information; and the AMF sends the first key to the first terminal covered by the access network device corresponding to the first area list.
  • the AMF determines the first key corresponding to the first auxiliary information
  • the AMF sends the first key to the first terminal covered by the access network device corresponding to the first area list.
  • AMF can distribute the first key corresponding to the first auxiliary information to specific terminals, so that the corresponding terminal can decrypt the corresponding auxiliary information according to the key.
  • the embodiments of this application can create conditions for future commercial applications, such as , Can achieve high-precision positioning and charging.
  • a method for transmitting auxiliary information includes: a location management function network element LMF generates at least one auxiliary information; the LMF sends a first message, and the first message includes at least one area list and at least one auxiliary information.
  • the first mapping relationship of the information, each area list in the at least one area list corresponds to a part of the access network equipment of the multiple access network equipment managed by the AMF.
  • LMF assigns keys to the auxiliary information corresponding to different area lists according to the mapping relationship carried in the first message sent, so that AMF also determines the keys of auxiliary information corresponding to different area lists according to the mapping relationship in the first message, and The determined key is sent to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • the first message further includes a second mapping relationship between multiple positioning modes and the at least one auxiliary information.
  • the LMF determines the first positioning mode corresponding to the second auxiliary information in the at least one auxiliary information supported by the LMF according to the mapping relationship between the auxiliary information and the positioning mode (ie the second mapping relationship), and determines it according to the first area list and the first positioning mode
  • the first key is generated, and the second auxiliary information is encrypted according to the first key to generate the first auxiliary information. That is to say, according to the mapping relationship carried in the first message sent, the LMF assigns keys to the corresponding auxiliary information according to the area list and positioning mode. Accordingly, the AMF also determines the different area lists according to the mapping relationship in the first message.
  • the key of the auxiliary information corresponding to the positioning mode is sent to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • a device for protecting auxiliary information may be an AMF or a chip in the AMF.
  • the device has the function of realizing the above-mentioned first aspect and various possible implementation modes. This function can be realized by hardware, or by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above-mentioned functions.
  • the device includes a processing module and a transceiver module.
  • the transceiver module may be, for example, at least one of a transceiver, a receiver, and a transmitter, and the transceiver module may include a radio frequency circuit or an antenna.
  • the processing module may be a processor.
  • the device further includes a storage module, and the storage module may be a memory, for example.
  • the storage module is used to store instructions.
  • the processing module is connected to the storage module, and the processing module can execute instructions stored in the storage module or instructions derived from other sources, so that the device executes the first aspect or any one of the methods described above.
  • the chip when the device is a chip, the chip includes: a processing module.
  • the chip also includes a transceiver module.
  • the transceiver module may be, for example, an input/output interface or pin on the chip. Or circuits, etc.
  • the processing module may be a processor, for example. The processing module can execute instructions so that the chip in the AMF executes the first aspect and any possible implementation communication methods.
  • the processing module may execute instructions in the storage module, and the storage module may be a storage module in the chip, such as a register, a cache, and the like.
  • the storage module may also be located in the communication device but outside the chip, such as read-only memory (ROM) or other types of static storage devices that can store static information and instructions, random access memory (random access memory) memory, RAM) etc.
  • ROM read-only memory
  • RAM random access memory
  • the processor mentioned in any of the above can be a general-purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more for controlling the above All aspects of the communication method program execution integrated circuit.
  • CPU central processing unit
  • ASIC application-specific integrated circuit
  • a device for protecting auxiliary information may be a terminal or a chip in the terminal.
  • the device has the function of realizing the above-mentioned second aspect and various possible implementation manners. This function can be realized by hardware, or by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above-mentioned functions.
  • the device includes a transceiver module.
  • the device further includes a processing module.
  • the transceiver module may be, for example, at least one of a transceiver, a receiver, and a transmitter.
  • the transceiver module may include a radio frequency circuit or an antenna.
  • the processing module may be a processor.
  • the device further includes a storage module, and the storage module may be a memory, for example.
  • the storage module is used to store instructions.
  • the processing module is connected to the storage module, and the processing module can execute instructions stored in the storage module or from other instructions, so that the device executes the communication methods of the second aspect and various possible implementation manners.
  • the device can be a terminal.
  • the chip when the device is a chip, the chip includes a transceiver module.
  • the device further includes a processing module, and the transceiver module may be, for example, an input/output interface, pin or circuit on the chip.
  • the processing module may be a processor, for example. The processing module can execute instructions so that the chip in the AMF executes the second aspect and any possible implementation communication methods.
  • the processing module may execute instructions in the storage module, and the storage module may be a storage module in the chip, such as a register, a cache, and the like.
  • the storage module may also be located in the communication device but outside the chip, such as a read-only memory or other types of static storage devices that can store static information and instructions, random access memory, etc.
  • the processor mentioned in any of the above may be a general-purpose central processing unit, a microprocessor, a specific application integrated circuit, or one or more integrated circuits used to control the execution of the programs of the above-mentioned communication methods.
  • a device for protecting auxiliary information may be a terminal or a chip in the terminal.
  • the device has the function of realizing the aforementioned third aspect and various possible implementation modes. This function can be realized by hardware, or by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above-mentioned functions.
  • the device includes a transceiver module.
  • the device further includes a processing module.
  • the transceiver module may be, for example, at least one of a transceiver, a receiver, and a transmitter.
  • the transceiver module may include a radio frequency circuit or an antenna.
  • the processing module may be a processor.
  • the device further includes a storage module, and the storage module may be a memory, for example.
  • the storage module is used to store instructions.
  • the processing module is connected to the storage module, and the processing module can execute the instructions stored in the storage module or from other instructions, so that the device executes the third aspect described above and various possible implementation modes of communication methods.
  • the device can be a terminal.
  • the chip when the device is a chip, the chip includes a transceiver module.
  • the device further includes a processing module, and the transceiver module may be, for example, an input/output interface, pin, or circuit on the chip.
  • the processing module may be a processor, for example. The processing module can execute instructions so that the chip in the AMF executes the third aspect and any possible implemented communication methods.
  • the processing module may execute instructions in the storage module, and the storage module may be a storage module in the chip, such as a register, a cache, and the like.
  • the storage module may also be located in the communication device but outside the chip, such as a read-only memory or other types of static storage devices that can store static information and instructions, random access memory, etc.
  • the processor mentioned in any of the above may be a general-purpose central processing unit, a microprocessor, a specific application integrated circuit, or one or more integrated circuits used to control the execution of the programs of the above-mentioned communication methods.
  • a device for protecting auxiliary information may be an AMF or a chip in the AMF.
  • the device has the function of realizing the above-mentioned fourth aspect and various possible implementation modes. This function can be realized by hardware, or by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above-mentioned functions.
  • the device includes a processing module and a transceiver module.
  • the transceiver module may be, for example, at least one of a transceiver, a receiver, and a transmitter, and the transceiver module may include a radio frequency circuit or an antenna.
  • the processing module may be a processor.
  • the device further includes a storage module, and the storage module may be a memory, for example.
  • the storage module is used to store instructions.
  • the processing module is connected to the storage module, and the processing module can execute instructions stored in the storage module or instructions derived from other sources, so that the device executes the foregoing fourth aspect or any one of the methods.
  • the chip when the device is a chip, the chip includes: a processing module.
  • the chip also includes a transceiver module.
  • the transceiver module may be, for example, an input/output interface or pin on the chip. Or circuits, etc.
  • the processing module may be a processor, for example. The processing module can execute instructions so that the chip in the AMF executes the fourth aspect and any possible implementation communication methods.
  • the processing module may execute instructions in the storage module, and the storage module may be a storage module in the chip, such as a register, a cache, and the like.
  • the storage module may also be located in the communication device but outside the chip, such as read-only memory (ROM) or other types of static storage devices that can store static information and instructions, random access memory (random access memory) memory, RAM) etc.
  • ROM read-only memory
  • RAM random access memory
  • the processor mentioned in any of the above can be a general-purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more for controlling the above All aspects of the communication method program execution integrated circuit.
  • CPU central processing unit
  • ASIC application-specific integrated circuit
  • a device for protecting auxiliary information may be a terminal or a chip in the terminal.
  • the device has the function of realizing the above-mentioned fifth aspect and various possible implementation modes. This function can be realized by hardware, or by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above-mentioned functions.
  • the device includes a transceiver module.
  • the device further includes a processing module.
  • the transceiver module may be, for example, at least one of a transceiver, a receiver, and a transmitter.
  • the transceiver module may include a radio frequency circuit or an antenna.
  • the processing module may be a processor.
  • the device further includes a storage module, and the storage module may be a memory, for example.
  • the storage module is used to store instructions.
  • the processing module is connected to the storage module, and the processing module can execute the instructions stored in the storage module or from other instructions, so that the device executes the fifth aspect described above and various possible implementation modes of communication methods.
  • the device can be a terminal.
  • the chip when the device is a chip, the chip includes a transceiver module.
  • the device further includes a processing module, and the transceiver module may be, for example, an input/output interface, pin or circuit on the chip.
  • the processing module may be a processor, for example. The processing module can execute instructions so that the chip in the AMF executes the fifth aspect and any possible implementation communication methods.
  • the processing module may execute instructions in the storage module, and the storage module may be a storage module in the chip, such as a register, a cache, and the like.
  • the storage module may also be located in the communication device but outside the chip, such as a read-only memory or other types of static storage devices that can store static information and instructions, random access memory, etc.
  • the processor mentioned in any of the above may be a general-purpose central processing unit, a microprocessor, a specific application integrated circuit, or one or more integrated circuits used to control the execution of the programs of the above-mentioned communication methods.
  • a computer storage medium stores program code, and the program code is used to instruct the execution of the method in the first aspect or the fourth aspect, or any of its possible implementations. instruction.
  • a computer storage medium is provided, and program code is stored in the computer storage medium, and the program code is used to instruct the execution of the method in the second aspect or the fifth aspect, or any of its possible implementations. instruction.
  • a computer storage medium is provided, and program code is stored in the computer storage medium, and the program code is used to instruct instructions to execute the method in the third aspect or any possible implementation manner thereof.
  • a computer program product containing instructions which when running on a computer, causes the computer to execute the method in any possible implementation manner of the first aspect or the fourth aspect.
  • a computer program product containing instructions which when running on a computer, causes the computer to execute the method in the second aspect or the fifth aspect, or any possible implementation manner thereof.
  • a computer program product containing instructions which when running on a computer, causes the computer to execute the method in the third aspect described above, or any possible implementation manner thereof.
  • a processor configured to be coupled with a memory, and configured to execute the method in the first aspect or the fourth aspect, or any possible implementation manner thereof.
  • a processor configured to be coupled with a memory, and configured to execute the method in the second aspect or the fifth aspect, or any possible implementation manner thereof.
  • a processor is provided, which is configured to be coupled with a memory and configured to execute the method in the foregoing third aspect or any possible implementation manner thereof.
  • a communication system including the device described in the sixth aspect, the device described in the seventh aspect, and the device described in the eighth aspect.
  • a communication system including the device described in the ninth aspect and the device described in the tenth aspect.
  • the AMF receives the tracking area identifier used to indicate the tracking area to which the first terminal belongs, assigns the first key to the first terminal according to the tracking area to which the first terminal belongs, and sends the first key to the first terminal.
  • the mobility management network element assigns a unified key to all terminals that can be managed.
  • the embodiment of the present application can assign a suitable key to the first terminal, and protect the first terminal with the key The auxiliary information, thereby improving the safety performance of auxiliary information.
  • Fig. 1 is a schematic diagram of a communication system according to an embodiment of the present application.
  • FIG. 2 is a schematic diagram of a specific architecture of a communication system according to an embodiment of the present application
  • Figure 3 is a schematic flow chart of protecting auxiliary information in a traditional solution
  • FIG. 4 is a schematic flowchart of a method for protecting auxiliary information according to an embodiment of the present application
  • FIG. 5 is a schematic flowchart of a method for protecting auxiliary information according to a specific embodiment of the present application
  • FIG. 6 is a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
  • FIG. 7 is a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
  • FIG. 8 is a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
  • FIG. 9 is a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
  • FIG. 10 is a schematic block diagram of an apparatus for protecting auxiliary information according to an embodiment of the present application.
  • FIG. 11 is a schematic structural diagram of an apparatus for protecting auxiliary information according to an embodiment of the present application.
  • FIG. 12 is a schematic block diagram of a device for protecting auxiliary information according to another embodiment of the present application.
  • FIG. 13 is a schematic structural diagram of a device for protecting auxiliary information according to another embodiment of the present application.
  • FIG. 14 is a schematic block diagram of a device for protecting auxiliary information according to another embodiment of the present application.
  • 15 is a schematic structural diagram of a device for protecting auxiliary information according to another embodiment of the present application.
  • 16 is a schematic block diagram of a device for protecting auxiliary information according to another embodiment of the present application.
  • FIG. 17 is a schematic block diagram of a device for protecting auxiliary information according to another embodiment of the present application.
  • FIG. 18 is a schematic block diagram of a device for protecting auxiliary information according to another embodiment of the present application.
  • GSM global system for mobile communications
  • CDMA code division multiple access
  • WCDMA broadband code division multiple access
  • GPRS general packet radio service
  • LTE long term evolution
  • FDD frequency division duplex
  • TDD LTE Time division duplex
  • UMTS universal mobile telecommunication system
  • WiMAX worldwide interoperability for microwave access
  • the terminal in the embodiment of this application may refer to user equipment (UE), access terminal, user unit, user station, mobile station, mobile station, remote station, remote terminal, mobile equipment, user terminal, terminal, wireless communication Equipment, user agent or user device.
  • the terminal can also be a cellular phone, a cordless phone, a session initiation protocol (SIP) phone, a wireless local loop (WLL) station, a personal digital assistant (PDA), and a wireless communication function Handheld devices, computing devices or other processing devices connected to wireless modems, vehicle-mounted devices, wearable devices, terminals in the future 5G network or terminals in the future evolved public land mobile network (PLMN), etc.
  • SIP session initiation protocol
  • WLL wireless local loop
  • PDA personal digital assistant
  • PLMN personal digital assistant
  • the access network equipment in the embodiments of the present application may be equipment used to communicate with terminals, and the access network equipment may be a global system for mobile communications (GSM) system or code division multiple access (code division multiple access)
  • GSM global system for mobile communications
  • code division multiple access code division multiple access
  • the base station (transceiver station, BTS) in CDMA) can also be the base station (NodeB, NB) in the wideband code division multiple access (WCDMA) system, and it can also be an evolved LTE system.
  • a base station can also be a wireless controller in a cloud radio access network (cloud radio access network, CRAN) scenario, or the access network device can be a relay station, an access point, a vehicle device, Wearable devices and access network equipment (gNodeB, gNB) in the future 5G network or access network equipment in the future evolved PLMN network are not limited in the embodiment of the present application.
  • cloud radio access network cloud radio access network, CRAN
  • the access network device can be a relay station, an access point, a vehicle device, Wearable devices and access network equipment (gNodeB, gNB) in the future 5G network or access network equipment in the future evolved PLMN network are not limited in the embodiment of the present application.
  • the terminal or the access network device includes a hardware layer, an operating system layer running on the hardware layer, and an application layer running on the operating system layer.
  • the hardware layer includes hardware such as a central processing unit (CPU), a memory management unit (MMU), and memory (also referred to as main memory).
  • the operating system may be any one or more computer operating systems that implement business processing through processes, for example, Linux operating system, Unix operating system, Android operating system, iOS operating system, or windows operating system.
  • the application layer includes applications such as browsers, address books, word processing software, and instant messaging software.
  • the embodiments of the application do not specifically limit the specific structure of the execution subject of the methods provided in the embodiments of the application, as long as the program that records the codes of the methods provided in the embodiments of the application can be provided according to the embodiments of the application.
  • the execution subject of the method provided in the embodiments of the present application may be a terminal or an access network device, or a functional module in the terminal or the access network device that can call and execute the program.
  • FIG. 1 is a schematic diagram of a possible network architecture applicable to this application.
  • the network architecture includes terminal 101, access network equipment 102, unified data management platform 103, third-party equipment 104, network open function entity 105, network capability open entity 105, location management function entity 106, and access and mobility management network functions Entity 107, the following are respectively explained:
  • Terminal device (TD) 101 Referred to as terminal for short, it is a device with wireless transceiver function, which can include various handheld devices with wireless communication functions, vehicle-mounted devices, wearable devices, computing devices or connected to Other processing equipment of wireless modems, as well as various forms of terminals, mobile stations (mobile stations, MS), terminals (terminals), user equipment (UE), soft terminals, and so on. Terminals can be deployed on land, including indoor or outdoor, handheld or vehicle-mounted; they can also be deployed on the water (such as ships, etc.); they can also be deployed in the air (such as airplanes, balloons, and satellites, etc.).
  • mobile phones, tablets, computers with wireless transceiver functions virtual reality (VR) terminals, augmented reality (AR) terminals, industrial control (industrial control) wireless Terminals, wireless terminals in self-driving (self-driving), wireless terminals in remote medical (remote medical), wireless terminals in smart grid (smart grid), wireless terminals in transportation safety, smart cities ( Wireless terminals in smart city, wireless terminals in smart home, etc.
  • VR virtual reality
  • AR augmented reality
  • industrial control industrial control
  • wireless Terminals wireless terminals in self-driving
  • wireless terminals in remote medical remote medical
  • wireless terminals in smart grid smart grid
  • wireless terminals in transportation safety smart cities
  • smart cities Wireless terminals in smart city, wireless terminals in smart home, etc.
  • (Wireless) access network equipment (radio access network, (R)AN) 102 is a device that provides wireless communication functions for terminals, including but not limited to: next-generation base stations (gnodeB, gNB) in 5G , Evolved node B (evolved node B, eNB), radio network controller (RNC), node B (node B, NB), base station controller (BSC), base transceiver station (base transceiver station, BTS), home base station (for example, home evolved nodeB, or home node B, HNB), baseband unit (BBU), transmission and receiving point (TRP), transmission point (TP) )Wait.
  • next-generation base stations evolved node B, eNB
  • RNC radio network controller
  • node B node B
  • BSC base station controller
  • BTS base transceiver station
  • BTS home base station
  • home base station for example, home evolved nodeB, or home node B, HNB
  • BBU
  • Unified data management platform 103 used to process user identification, access authentication, registration, and mobility management.
  • the data management network element may be a home subscriber server (HSS)
  • the data management network element may be a unified data management (UDM) network element.
  • unified data management may still be UDM network elements, or may also have other names, which are not limited by this application.
  • the third-party device 104 a device used to manage the terminal 101, and the third-party device 112 stores attribute information of the managed terminal, such as location information and type of the terminal.
  • the network architecture of this application includes a terminal 101 as an example. In actual applications, the network architecture may include multiple terminals. Accordingly, the multiple terminals can be managed by the third-party device 112. Of course The multiple terminals can also be managed by different third-party devices.
  • the third-party device 112 connects to the capability opening network element through an application interface provided by the capability opening network element, and manages the terminal 101 through the capability opening network element.
  • the third-party device 112 may be a server device or an application function (AF) network element of a vertical industry control center.
  • AF application function
  • Network opening function entity 105 used to safely open services and capabilities provided by 3GPP network function network elements to the outside.
  • the network opening network element may be a service capability exposure function (SCEF) network element.
  • SCEF service capability exposure function
  • NEF network exposure function
  • the network open network element may still be a NEF network element, or may have other names, which is not limited by this application.
  • the location management function entity 106 is used to perform location management of the UE, for example, to determine the location information of the UE.
  • the location management network element in the fifth generation (5G) wireless communication system can be an LMF (location management function, LMF) network element, and LMF can be based on core network entities (such as access and mobility management functions).
  • the entity access and mobility management function, AMF
  • LCS location services
  • the AMF may allocate at least one LMF to the UE to provide positioning services to the UE.
  • the UE may request the LMF for location information through the AMF.
  • the location management network element may still be an LMF network element or have other names, which is not limited by this application.
  • Access and mobility management function entity 107 mainly used for terminal access and mobility management.
  • the mobility management network element may be a mobility management entity (MME), and in a 5G network, the mobility management network element may be an access management function (access and mobility management function, AMF) network yuan.
  • the mobility management network element may still be an AMF network element, or may also have other names, which are not limited in this application.
  • a mobility management network element can also be referred to as a mobility management function or a mobility management functional entity
  • a data management network element can also be referred to as It is a data management function or a data management function entity, etc.
  • the name of each network element is not limited in this application, and those skilled in the art can change the name of the above-mentioned network element to another name to perform the same function, which all fall within the protection scope of this application
  • network elements or functions may be network elements in hardware devices, software functions running on dedicated hardware, or virtualization functions instantiated on a platform (for example, a cloud platform).
  • Figure 2 is a schematic diagram of another possible network architecture applicable to this application.
  • the network architecture includes: terminal 201, (R) AN202, user plane function (UPF) network element 203, data network (DN) network element 204, authentication server function (authentication server function, AUSF) network Element 205, AMF network element 206, session management function (SMF) network element 207, NEF network element 208, network storage function (NRF) network element 209, PCF network element 210, UDM network element 211 .
  • the network architecture includes: terminal 201, (R) AN202, user plane function (UPF) network element 203, data network (DN) network element 204, authentication server function (authentication server function, AUSF) network Element 205, AMF network element 206, session management function (SMF) network element 207, NEF network element 208, network storage function (NRF) network element 209, PCF network element 210, UDM network element 211 .
  • UPF network element 203 As follows, UPF network element 203, DN network element 204, AUSF network element 205, AMF network element 206, SMF network element 207, NEF network element 208, NRF network element 209, and policy control function (PCF) network elements 210.
  • the UDM network element 211 is referred to as UPF203, DN204, AUSF205, AMF206, SMF207, NEF208, NRF209, PCF120, UDM211 for short.
  • the access network device in the network architecture shown in FIG. 1 may be the (R)AN 202 in the network architecture shown in FIG. 2.
  • Nausf is the service-based interface displayed by AUSF105
  • Namf is the service-based interface displayed by AMF106
  • Nsmf is the service-based interface displayed by SMF107
  • Nnef is the service-based interface displayed by NEF108
  • Nnrf is displayed by NRF109
  • Npcf is the service-based interface displayed by PCF110
  • Nudm is the service-based interface displayed by UDM111.
  • N1 is the reference point between UE101 and AMF106
  • N2 is the reference point of (R)AN102 and AMF106, used for non-access stratum (NAS) message transmission, etc.
  • N3 is (R)AN102 and UPF103 The reference point between is used to transmit user plane data, etc.
  • N4 is the reference point between SMF107 and UPF103, used to transmit information such as tunnel identification information of the N3 connection, data buffer indication information, and downlink data notification messages
  • the N6 interface is the reference point between UPF103 and DN104, used to transmit user plane data.
  • network function network element entities such as AMF network element 206, SMF network element 207, PCF network element 210, and UDM network element 211 are all called network function network elements (NF) network elements;
  • NF network function network elements
  • a collection of network elements such as the AMF network element 206, the SMF network element 207, the PCF network element 210, and the UDM network element 211 may all be called control plane function network elements.
  • NF network elements can be defined as different NFs according to the types of functions, such as: authentication and security functions, packet data session management functions, mobility management functions and access control functions, policy control functions, etc. These functions are composed of corresponding NF components To achieve, each NF component provides services to other NF components or functions through a defined service interface.
  • Multiple network slices (sliceA, sliceB, and sliceC) of the same operator use the same public land mobile network (PLMN), and can be deployed in the operator's infrastructure through cloud technology and virtualization technology ,
  • PLMN public land mobile network
  • the operator’s technical facilities include the operator’s cloud computing and transmission infrastructure.
  • MME network element AMF network element, UDM network element, eNB, and gNB described in the subsequent embodiments are just examples and do not constitute a limitation to the embodiments of the present application. That is, the MME network elements and AMF network elements described later in this application can be replaced with mobility management network elements, UDM network elements can be replaced with data management network elements, and eNBs and gNBs can be replaced with access network equipment.
  • MME network element is abbreviated as MME
  • AMF network element AMF
  • UDM network element UDM.
  • Fig. 3 shows a schematic flow chart of protecting auxiliary information in a traditional scheme.
  • E-SMLC sends the key to the MME
  • the MME stores the key
  • the terminal sends an attachment request or a tracking area update (tracking area update, TAU) request to the base station;
  • TAU tracking area update
  • the base station sends the attach request or TAU request to the MME;
  • the MME feeds back the attachment request response message or the TAU request response message to the base station, and the attachment request response message or the TAU request response message carries the key;
  • the base station sends a response message carrying the key attachment request or the response message of the TAU request to the terminal.
  • the E-SMLC uses the key to encrypt the auxiliary information
  • the E-SMLC sends the encrypted auxiliary information to the terminal;
  • the terminal uses the key to decrypt the auxiliary information.
  • the MME can uniformly distribute a key to the terminal. Since the distribution of the key does not consider the area to which the terminal currently belongs, the auxiliary information is encrypted with such a key, and the security performance of the auxiliary information is relatively low.
  • FIG. 4 shows a schematic flowchart of a method for protecting auxiliary information according to an embodiment of the present application.
  • the AMF receives a tracking area identifier, where the tracking area identifier is used to indicate the tracking area to which the first terminal belongs.
  • one tracking area may include one or more access network devices, and the AMF may receive the tracking area identifier from one or more access network devices included in the tracking area to which the terminal belongs.
  • the access network device may send the identification of the tracking area to which the first terminal belongs periodically, or when it detects that the tracking area to which the first terminal belongs has changed.
  • a tracking area may be a geographic area composed of a continuous coverage cell, and is used for terminal location management of the access network/core network system.
  • the AMF determines a first key assigned to the first terminal according to the tracking area to which the first terminal belongs, and the first key is used to protect auxiliary information.
  • the AMF may allocate different keys to different tracking areas to which the first terminal belongs.
  • at least one tracking area and at least one key to which the first terminal belongs may have a mapping relationship, that is, the at least one key may respectively correspond to one tracking area or multiple tracking areas, so that the AMF can determine the corresponding tracking area according to a certain tracking area.
  • the first key may be used to encrypt or decrypt the auxiliary information.
  • the AMF may encrypt the auxiliary information using the first key, and the first terminal may decrypt the auxiliary information using the first key.
  • mapping relationship between the at least one tracking area and the at least one key can be one-to-one correspondence between the tracking area and the key, or one tracking area corresponds to one or more keys, or one key corresponds to one key. Or multiple tracking areas, this application does not limit this.
  • mapping relationship between the at least one tracking area and the at least one key may be carried in a first message, and the first message may be sent by the LMF to the AMF.
  • the first message may also include a general key, that is, no matter which tracking area the terminal is in, the general key can be used, which is not limited in this application.
  • the first message may be a key message.
  • step 402 may be that the AMF determines the first key assigned to the first terminal according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs.
  • the first terminal sends the positioning mode of the first terminal.
  • AMF can combine the positioning mode of the first terminal and the tracking area to which the first terminal belongs to assign a key (ie, the first key) to the first terminal.
  • a key ie, the first key
  • the embodiment of the present application can allocate a suitable key to the first terminal, and protect the auxiliary information of the first terminal by the key, thereby improving the security performance of the auxiliary information.
  • the keys of the auxiliary information of different terminals may be different, and the keys of the auxiliary information corresponding to the same terminal in different tracking areas may also be different.
  • the AMF may calculate the first key by combining a certain association relationship or functional relationship between the positioning mode of the first terminal and the tracking area to which the first terminal belongs.
  • the positioning method of the first terminal may be a positioning method supported by the terminal.
  • the positioning method may be wireless fidelity (wifi) positioning, wireless local area network (wlan) positioning, or global positioning system GPS (global position system, GPS) positioning, Bluetooth positioning, or other positioning methods, which are not limited in this application.
  • the AMF in step 402 may also read the positioning mode of the first terminal from its own storage area. That is, the AMF can store the positioning mode corresponding to each terminal, so that the AMF can learn the positioning mode of any terminal from the storage area.
  • the AMF may receive the positioning mode of the first terminal from the LMF.
  • the LMF stores the positioning modes corresponding to different terminals, and the AMF can obtain the positioning mode of the first terminal from the LMF.
  • the AMF may also receive the positioning capability information of the first terminal, and the positioning capability information is used to indicate the positioning mode supported by the first terminal. In this way, in step 402, the AMF may be based on the positioning supported by the first terminal. The mode determines the positioning mode of the first terminal.
  • the positioning mode supported by the first terminal may be one or more.
  • the first message may also include a mapping relationship between at least one key and at least one positioning mode, that is, the at least one key corresponds to one or more positioning modes respectively.
  • the AMF may receive a first message from the LMF, the first message may include multiple keys supported by the LMF, and the first message may also include the location corresponding to each key in the multiple keys Mode and tracking area, so that AMF can combine the positioning mode of the first terminal and the tracking area to which the first terminal belongs to select a suitable key (ie, the first key) from the multiple keys supported by the LMF, saving The AMF determines the power consumption overhead of the first key.
  • a suitable key ie, the first key
  • a positioning mode of the first terminal has a first mapping relationship with multiple keys, and each tracking area of the first terminal also has a second mapping relationship with multiple keys, so that the AMF can be based on the first end And the tracking area to which the first terminal belongs combined with the first mapping relationship and the second mapping relationship to select the first key.
  • the multiple keys supported by the LMF can be referred to as the "first key set”
  • the AMF can select one or more keys from the first key set according to the positioning mode of the first terminal and the first mapping relationship.
  • a third key set including one or more keys is selected from the first key set, and the first key set includes one or more keys.
  • AMF determines the second key set from the first key set according to the tracking area to which the first terminal belongs and the first mapping relationship, and then obtains the second key set from the second key set according to the positioning mode of the first terminal and the second mapping relationship Determine the first key in.
  • AMF determines a second key set including one or more keys from the first key set according to the tracking area to which the first terminal belongs and the second mapping relationship, and then according to the positioning mode of the first terminal and the first mapping Relationship, the first key is determined from the second key set.
  • the same key can correspond to one or more positioning methods, and the same key can also correspond to one or more tracking areas.
  • mapping relationship may be implemented through a table.
  • first mapping relationship and second mapping relationship may be in different tables (for example, the first mapping relationship and the second mapping relationship are tables including two columns respectively) It may also be in the same table (for example, the first mapping relationship and the second mapping relationship are in the same table including three columns), which is not limited in this application.
  • the first message may also include multiple positioning modes supported by the LMF, and the AMF may select one of the multiple positioning modes as the positioning mode of the first terminal.
  • the AMF may determine the positioning mode of the first terminal in combination with the positioning mode supported by the first terminal and the positioning mode supported by the LMF.
  • the positioning capability information and tracking area identifier of the first terminal acquired by the AMF may be carried in a second message, and the second message may be used to request access to the AMF.
  • the first key may be carried in the first message.
  • the first terminal does not need to specifically send the positioning capability information and the tracking area identifier, and the AMF does not need to specifically send the first key.
  • the distribution of the key may also be triggered by the second message, that is, the embodiment of the present application provides a way to trigger the key distribution.
  • the second message may be an "attach request”.
  • step 401 may also be that the AMF receives a third message.
  • the third message may be used to request to update the tracking area.
  • the third message includes the tracking area identifier. Accordingly, the first key is carried in the third message. In the response message. In this way, the first terminal does not need to specifically send the third message, and the AMF does not need to specifically send the first key. By carrying it in the third message and the response message of the third message, signaling overhead is saved.
  • the embodiments of the present application provide another way to trigger key distribution.
  • the third message may be a "TAU request”.
  • the attach request and the TAU request can be carried in a message, for example, a registration request (registration request), an initial registration request corresponds to an attach request, and a mobile registration update (mobility registration update) request Corresponding to TAU request.
  • the registration request may have the functions of attach request and TAU request at the same time, which is not limited in this application.
  • the registration request can also carry registration type information elements.
  • the AMF may also send one or more of an expiration date and indication information to the first terminal, where the expiration date is used to indicate that the first terminal can use the first key duration threshold or can use the The number threshold of the first key, the indication information is used to indicate whether the AMF supports auxiliary information.
  • the indication information may be used to indicate whether the AMF supports auxiliary information. If the AMF does not support the auxiliary information, the subsequent AMF will not send the auxiliary information to the first terminal through the access network device.
  • the AMF may send one or more of the validity period and the indication information through a message (that is, the message may include one or more of the validity period and the indication information).
  • the message may be the same message as the response message of the second message, that is, one or more of the validity period and the indication information may be carried in the response message of the second message.
  • the response message of the third message is the same message, which is not limited in this application.
  • the AMF may also obtain auxiliary information settings from the UDM.
  • the auxiliary information settings are used to indicate whether the first terminal has subscribed to the auxiliary information. If the auxiliary information is subscribed, the AMF sends the first key to the first terminal. If the first terminal does not have the auxiliary information, the AMF does not send the first key to the first terminal. In this way, the embodiment of this application can be used for future commercial applications. Create conditions, for example, to achieve high-precision positioning fees.
  • the AMF may send a positioning setting request to the UDM.
  • the positioning setting request may be used to request the auxiliary information setting of the first terminal.
  • the UDM feeds back a response message for the positioning setting request to the AMF, and the response message for the positioning setting request includes the auxiliary information.
  • the positioning setting request may include the identification of the first terminal.
  • the AMF sends the first key to the first terminal.
  • the first terminal receives the first key sent by the AMF.
  • the AMF sends the first key to the first terminal through the access network device, and the first terminal can decrypt the auxiliary information according to the first key, which improves the security performance of the auxiliary information.
  • the AMF determines the first key of the first terminal in the tracking area to which the first terminal currently belongs
  • the first key may be sent through the access network device in the tracking area to which the first terminal currently belongs.
  • the AMF may send auxiliary information to the terminal through the access network device.
  • the AMF can send the auxiliary information of the first terminal to all access network devices under management.
  • the AMF receives a fourth message from the LMF, the fourth message includes a third mapping relationship between at least one area list and at least one auxiliary information, and each area list in the at least one area list corresponds to a plurality of areas managed by the AMF
  • the AMF can determine the first auxiliary information corresponding to the first area list in the at least one area list according to the third mapping relationship, and then use the access corresponding to the first area list The network access device sends the first auxiliary information.
  • the LMF sends a fourth message to the AMF.
  • the fourth message includes at least one area list and at least one auxiliary information, and the at least one area list and the at least one auxiliary information have a mapping relationship (that is, a third mapping relationship), so that the AMF
  • the auxiliary information corresponding to any area list (for example, the first area list) can be determined according to the third mapping relationship, so that the AMF can broadcast to the terminals covered by the access network equipment through the access network equipment corresponding to the first area list
  • the first auxiliary information that is, different auxiliary information sent by AMF can be sent through the access network equipment corresponding to different area lists.
  • the AMF sends auxiliary information through all the access network equipment covered, which saves signaling. Overhead.
  • the embodiments of the present application can reduce the interference of irrelevant auxiliary information to the auxiliary information of the first terminal, and improve the efficiency of auxiliary information transmission.
  • the area list includes tracking areas to which one or more access network devices that can be used for the terminal to communicate with the AMF belong. For example, taking the access network device as a gNB as an example, gNB1, gNB2, and gNB3 can be used for the terminal to communicate with the AMF.
  • the gNB1 belongs to TA1, and the gNB2 and gNB3 belong to TA2. Then the area list includes TA1 and TA2.
  • the access network device corresponding to the tracking area included in the area list is an access network device that can be used for communication between the terminal and the AMF.
  • the fourth message further includes a fourth mapping relationship between multiple positioning modes and at least one auxiliary information
  • AMF may determine at least one auxiliary corresponding to the first positioning mode in the at least one positioning mode according to the fourth mapping relationship.
  • Information and determine the first auxiliary information from at least one auxiliary information corresponding to the first positioning mode.
  • the fourth message may further include multiple positioning modes and at least one auxiliary information, and the at least one positioning mode and the at least one auxiliary information have a mapping relationship.
  • the AMF may also determine according to at least one auxiliary information corresponding to the first positioning method in combination with the auxiliary information corresponding to the first area list box The first auxiliary information, so as to further accurately broadcast auxiliary information.
  • the first auxiliary information is encrypted auxiliary information.
  • the fourth message may be a "location message”.
  • the LMF generates the at least one auxiliary information, and sends a fourth message to the AMF.
  • the LMF encrypts the auxiliary information by using the key, and sends the AMF through the fourth message.
  • the AMF determines the auxiliary information of different area lists and/or positioning modes of different terminals according to the first mapping relationship and the second mapping relationship (for example, , The first auxiliary information) (the first key), and send the first key to the terminal (for example, the first terminal) that has subscribed to the first auxiliary information, so that the first terminal receives the access
  • the first auxiliary information can be parsed using the first key, which improves the security performance of the auxiliary information.
  • the LMF generating the first auxiliary information may specifically be that the LMF determines the first area list corresponding to the second auxiliary information according to the second auxiliary information and the third mapping relationship in at least one auxiliary information supported by the LMF, and according to the area The correspondence between the list and the key determines the first key corresponding to the first area list, and then encrypts the second auxiliary information with the first key to generate the first auxiliary information.
  • the LMF assigns keys to the auxiliary information corresponding to the different area lists according to the mapping relationship carried in the first message sent, and accordingly, the AMF also determines the auxiliary information corresponding to the different area lists according to the mapping relationship in the first message And send the determined key to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • the first auxiliary information generated by the LMF is specifically that the LMF determines the first positioning mode corresponding to the second auxiliary information according to the second auxiliary information and the fourth mapping relationship in the at least one auxiliary information supported by the LMF, and according to the first The area list and the first positioning method determine the first key, and then encrypt the second auxiliary information according to the first key to generate the first auxiliary information. That is to say, according to the mapping relationship carried in the first message sent, the LMF assigns keys to the corresponding auxiliary information according to the area list and positioning mode. Accordingly, the AMF also determines the different area lists according to the mapping relationship in the first message. The key of the auxiliary information corresponding to the positioning mode is sent to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • the AMF can obtain the second key when it learns that the first key is invalid, that is, update the first key to the second key, and send the second key to the first terminal, so that the AMF can
  • the second key is used to encrypt the auxiliary information
  • the first terminal can use the second key to decrypt the auxiliary information, that is, the key is updated in time, which further improves the security performance of the auxiliary information.
  • the first key invalidation may be determined by AMF.
  • the first key may also be determined by the first terminal, or determined by the LMF, and then notify the AMF.
  • the manner in which the AMF determines the second key for the first terminal in the embodiment of the present application may be the same as the manner in which the first key is determined.
  • the first terminal may detect whether the first key has expired according to the validity period of the first key, where the first terminal may specifically detect whether the duration of using the first key exceeds a duration threshold, and when using the first key If the duration exceeds the duration threshold, it is determined that the first key has expired, otherwise the first key has not expired; or the first terminal can detect whether the number of times the first key is used exceeds the number threshold, if the number of times the first key is used If the threshold is exceeded, the first key expires, otherwise the first key expires.
  • the first terminal may also receive a fifth message, which is used to request the location information of the first terminal, and the first terminal may start to detect whether the first key has expired according to the fifth message. That is, the fifth message is used to trigger the first terminal to detect whether the first key has expired.
  • the fifth key can be a "location service request” or other "service request” on the network side, which is not limited in this application.
  • the first terminal when detecting that the first key has expired, the first terminal sends a sixth message to the AMF through the access network device, and the sixth message may be used to request to update the key.
  • the AMF receives the sixth message, and sends the second key to the first terminal according to the sixth message. That is, the sixth message can be used to trigger the AMF to send the second key.
  • the second key can be carried in the response message of the sixth message.
  • the sixth message may be a "key update request”
  • the response message of the sixth message may be a "key update request response message”.
  • the key update request may be a NAS message. If the first terminal sends a key update request to the AMF through the access network device, when the first terminal sends the key update request to the access network device, the key update request may be an RRC connection reconfiguration message. When the network device sends the key update request to the AMF, the key update request may be an N2 message.
  • the AMF may receive a fifth message, the fifth message may be used to request the location information of the first terminal, and the AMF sends the second key to the first terminal according to the fifth message, for example, the The fifth message is used to trigger the first terminal to send the second key.
  • the fifth message may be a "location service request", where the location service request may be used to request a subscriber permanent identifier (SUPI), customer type, required Qos, and so on.
  • SUPI subscriber permanent identifier
  • the location service request may be sent by a gateway mobile location center (GMLC) to the AMF.
  • GMLC gateway mobile location center
  • an external client external client
  • the request content of the location service request includes Qos, client type, and so on.
  • the GMLC requests the UDM for the location and privacy settings of the first terminal, and the UDM feeds back to the GMLC the network address and privacy settings of the AMF serving the first terminal, and the GMLC can send a location service request to the AMF.
  • the AMF after receiving the location service request, the AMF sends a network-side location service request to the first terminal when the first terminal is in an idle state to establish a signaling interaction with the first terminal.
  • the AMF may send a seventh message to the first terminal.
  • the seventh message carries the second key.
  • the first terminal feeds back the response message of the seventh message to the AMF to indicate the The first terminal receives the second key, so that the first terminal can decrypt the auxiliary information according to the second key, thereby further improving the security performance of the auxiliary information.
  • the seventh message may be a "key update request”
  • the response message of the seventh message may be a "key update request response message”.
  • the AMF determines and the first terminal determines that the key update is complete, it can also select the LMF and request the current location information of the first terminal from the selected LMF.
  • the LMF measures and calculates the location of the first terminal.
  • the calculated location information of the first terminal is sent to the AMF, and the AMF reports the location information of the first terminal to the GMLC, and the GMLC reports the location information of the first terminal to the external client.
  • the location information of the first terminal may include at least one of a location service (location service, LCS) related identifier, estimated location, accuracy, and positioning mode.
  • LCS location service
  • the seventh message may also carry the expiration date of the second key, and the expiration date may also be a time threshold for indicating that the first terminal can use the second key or can use the second key.
  • the key count threshold may also be a time threshold for indicating that the first terminal can use the second key or can use the second key.
  • the responsive message of the key update request may be a non-access stratum (NAS) message.
  • NAS non-access stratum
  • the key update request response message may be It is a radio resource control (RRC) connection reconfiguration message.
  • RRC radio resource control
  • the key update request may also carry the expiration date of the second key, and the expiration date may also be a time threshold for indicating that the first terminal can use the second key or can use the second key.
  • the key count threshold may also be a time threshold for indicating that the first terminal can use the second key or can use the second key.
  • the MME can broadcast and send auxiliary information through all the access network devices that the MME can manage, which causes a relatively large signaling overhead. Accordingly, a certain terminal (for example, the first terminal) will also receive irrelevant auxiliary information. That is, the interference of the auxiliary information of the first terminal with other irrelevant auxiliary information is relatively large, and therefore, the transmission efficiency of the auxiliary information is low.
  • Fig. 5 shows a schematic flowchart of a method for transmitting auxiliary information according to a specific embodiment of the present application.
  • the LMF generates at least one auxiliary information.
  • the LMF determines the first area list corresponding to the second auxiliary information in the at least one auxiliary information supported by the LMF according to the mapping relationship between the auxiliary information and the area list (ie, the first mapping relationship), and according to the area list and The correspondence between the keys determines the first key corresponding to the first area list, and then encrypts the second auxiliary information with the first key to generate the first auxiliary information.
  • the LMF assigns keys to the auxiliary information corresponding to the different area lists according to the mapping relationship carried in the first message sent, and accordingly, the AMF also determines the auxiliary information corresponding to the different area lists according to the mapping relationship in the first message And send the determined key to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • the LMF determines the first positioning mode corresponding to the second auxiliary information in the at least one auxiliary information supported by the LMF according to the mapping relationship between the auxiliary information and the positioning mode (ie, the second mapping relationship), and according to the first area
  • the list and the first positioning method determine the first key, and then encrypt the second auxiliary information according to the first key to generate the first auxiliary information. That is to say, according to the mapping relationship carried in the first message sent, the LMF assigns keys to the corresponding auxiliary information according to the area list and positioning mode. Accordingly, the AMF also determines the different area lists according to the mapping relationship in the first message.
  • the key of the auxiliary information corresponding to the positioning mode is sent to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • first message in the embodiment of this application has the same meaning as the "fourth message” in the embodiment described in FIG.
  • third mapping relationship in the embodiment described in 4 is the same
  • second mapping relationship in the embodiment of this application is the same as the "fourth mapping relationship” in the embodiment described in FIG.
  • the same terms in the illustrated embodiments have the same meaning.
  • the LMF sends a first message to the AMF.
  • the first message includes a first mapping relationship between at least one area list and at least one auxiliary information.
  • Each area list in the at least one area list corresponds to a plurality of areas managed by the AMF. Part of the access network equipment in the access network equipment.
  • first mapping relationship and the second mapping relationship may each be a table, or the first mapping relationship and the second mapping relationship may be in a table.
  • the AMF determines the first auxiliary information corresponding to the first area list in the at least one area list according to the first mapping relationship.
  • the AMF sends the first auxiliary information through the access network device corresponding to the first area list.
  • LMF uses a key to encrypt auxiliary information, and sends the AMF through a first message.
  • AMF determines the first key used by a certain auxiliary information (for example, the first auxiliary information), and sends the first key To the terminal (for example, the first terminal) that has subscribed to the first auxiliary information, so that the first terminal can parse the first auxiliary information using the first key after receiving multiple auxiliary information broadcast by the access network device , Improve the security performance of auxiliary information.
  • step 504 the AMF determines the key used for each auxiliary information and sends the key to the corresponding terminal.
  • the steps are the same as the steps in the embodiment shown in FIG. 4. To avoid repetition, it will not be performed here. Repeat.
  • FIG. 6 shows a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
  • the AMF receives a key message from the LMF, where the key message includes multiple keys supported by the LMF, multiple positioning modes supported by the LMF, and at least one area list corresponding to the multiple keys.
  • the AMF stores the key message.
  • the first terminal initiates an attach request to the access network device.
  • the attach request includes the positioning capability information of the first terminal and an area identifier, where the area identifier is used to indicate the area to which the first terminal belongs.
  • the access network device sends the attachment request to the AMF.
  • the AMF sends a location setting request to the UDM.
  • the AMF obtains a positioning setting response from the UDM, where the positioning setting response includes auxiliary information setting.
  • the AMF determines the first key of the first terminal according to the positioning capability information of the first terminal and the positioning mode supported by the LMF.
  • the AMF sends a response message for the attachment request to the access network device, where the response message includes at least one of the expiration date, indication information, and auxiliary information, and also includes the first key.
  • the access network device sends a response message of the attach request to the AMF.
  • the AMF determines the first key suitable for the current first terminal according to the positioning mode supported by the LMF and the positioning capability information of the first terminal, and sends the first key to the first terminal, so that The first terminal parses the auxiliary information according to the first key, thereby improving the security performance of the auxiliary information.
  • the capability information and the area identifier of the first terminal can be carried in the attach request, and the first key can be carried in the attach request response message, that is, it does not need to be specially sent, thereby saving signaling overhead.
  • FIG. 7 shows a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
  • the AMF receives a key message from the LMF, where the key message includes multiple keys supported by the LMF, multiple positioning modes supported by the LMF, and at least one area list corresponding to the multiple keys.
  • the AMF stores the key message.
  • the first terminal initiates a TAU request to the access network device.
  • the TAU request includes the positioning capability information of the first terminal and an area identifier, where the area identifier is used to indicate the area to which the first terminal belongs.
  • the access network device sends the TAU request to the AMF.
  • the AMF sends a location setting request to the UDM.
  • the AMF obtains a positioning setting response from the UDM, where the positioning setting response includes auxiliary information setting.
  • the AMF determines the first key of the first terminal according to the positioning capability information of the first terminal and the positioning mode supported by the LMF.
  • the AMF sends a TAU request response message to the access network device, where the response message includes at least one of the expiration date, the indication information, and the auxiliary information, and also includes the first key.
  • the access network device sends a response message for the TAU request to the AMF.
  • the AMF determines the first key suitable for the current first terminal according to the positioning mode supported by the LMF and the positioning capability information of the first terminal, and sends the first key to the first terminal, so that The first terminal parses the auxiliary information according to the first key, thereby improving the security performance of the auxiliary information.
  • the capability information and the area identifier of the first terminal can be carried in the TAU request, and the first key can be carried in the response message of the TAU request, that is, it does not need to be specially sent, thereby saving signaling overhead.
  • FIG. 8 shows a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
  • the AMF may receive the second key, and store the second key for subsequent analysis when needed.
  • the GMLC receives an LCS request from an external client.
  • the GMLC sends an LCS request to the AMF.
  • the AMF sends an LCS request to the first terminal.
  • LCS request may also be another service request, which is not limited in this application.
  • the first terminal After receiving the LCS request, the first terminal detects whether the first key has expired.
  • the first terminal may specifically detect whether the duration of using the first key exceeds a duration threshold, and if the duration of using the first key exceeds the duration threshold, determine that the first key has expired, otherwise the first key has not Expired; or the first terminal can detect whether the number of times the first key is used exceeds the number threshold, if the number of times the first key is used exceeds the number threshold, the first key expires, otherwise the first key expires.
  • the first terminal After detecting that the first terminal has expired, the first terminal sends a key update request to the access network device.
  • the access network device sends a key update request to the AMF.
  • the AMF obtains the second key.
  • the AMF may know in advance that the first key detected by the first terminal in step 805 is invalid, and upon receiving the key update request, send the second key to the first terminal.
  • step 808 may be after step 805 and before step 809, which is not limited in this application.
  • the AMF sends a second key to the access network device, where the second key may be carried in a response message to the key update request.
  • the access network device sends a response message to the key update request to the first terminal.
  • the first terminal detects whether the first key has expired, and in the case of detecting that the first key has expired, sends a key update request to the AMF through the access network device, and the AMF determines the first key update request.
  • the second key is obtained, and the second key is sent to the first terminal when the key update request is received, so that the first terminal can detect the current key when triggered by the LCS request.
  • the key is appropriate, and the AMF is triggered to send the second key to the first terminal through the key update request, so that the first terminal and the AMF use appropriate keys to protect the auxiliary information, thereby improving the security performance of the auxiliary information.
  • FIG. 9 shows a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
  • the AMF may receive the second key, and store the second key for subsequent analysis when needed.
  • the GMLC receives an LCS request from an external client.
  • the GMLC sends an LCS request to the AMF.
  • the AMF analyzes the second key when determining that the first key is invalid.
  • the AMF sends a key update request to the access network device, where the key update request includes the second key.
  • the access network device sends the key update request to the first terminal.
  • the first terminal sends a response message to the key update request to the AMF.
  • the AMF selects the LMF according to the response message.
  • the AMF sends a location request to the LMF.
  • the LMF calculates the location of the first terminal.
  • the LMF sends the location information of the first terminal to the external client.
  • the AMF determines that the first key is invalid, it obtains the second key, and after receiving the LCS request, sends the second key to the first terminal, so that AMF can send the second key to the first terminal triggered by the LCS request.
  • a terminal sends the second key, so that the first terminal and the AMF use a suitable key to protect the auxiliary information, thereby improving the security performance of the auxiliary information.
  • FIG. 10 shows a schematic block diagram of an apparatus for protecting auxiliary information according to an embodiment of the present application.
  • the device 1000 may correspond to the AMF in the embodiment shown in FIG. 4, and may have any function of the AMF in the method.
  • the device 1000 includes a transceiver module 1010 and a processing module 1020.
  • the transceiver module 1010 is configured to receive a tracking area identifier to which the first terminal belongs, where the tracking area identifier is used to indicate the tracking area to which the first terminal belongs;
  • the processing module 1020 is configured to determine a first key assigned to the first terminal according to the tracking area to which the first terminal belongs, and the first key is used to protect auxiliary information;
  • the transceiver module 1010 is also used to send the first key to the first terminal.
  • the transceiver module 1010 is also used to obtain the positioning mode of the first terminal;
  • the processing module 1020 is specifically used for:
  • the first key is determined according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs.
  • the transceiver module 1010 is further configured to receive a first message from the location management function network element LMF, where the first message includes multiple keys supported by the LMF, and each key in the multiple keys Corresponding positioning method and tracking area;
  • the processing module 1020 is specifically used for:
  • the first key is determined from a plurality of keys supported by the LMF.
  • the first message further includes multiple positioning modes supported by the LMF.
  • the transceiver module 1010 is also used to obtain positioning capability information of the first terminal.
  • the positioning capability information is used to indicate the positioning capability information supported by the first terminal. Targeting;
  • the transceiver module 1010 is specifically used for:
  • the positioning capability information and the identification of the tracking area are carried in a second message, and the second message is used to request access to the AMF, and the transceiver module 1010 is specifically used to:
  • the transceiver module 1010 is specifically used for:
  • the transceiver module 1010 is specifically used for:
  • the transceiver module 1010 is further configured to send one or more of an expiration date and indication information to the first terminal, where the expiration date is used to indicate the length of time that the first terminal can use the first key
  • the threshold or the threshold of the number of times the first key can be used, and the indication information is used to indicate whether the AMF supports auxiliary information in the tracking area to which the first terminal belongs.
  • the transceiver module 1010 is further configured to obtain the auxiliary information setting from the unified data management network element UDM, and the auxiliary information setting is used to indicate the Whether the first terminal signs the auxiliary information;
  • the processing module 1020 is further configured to determine to send the first key to the first terminal when the auxiliary information setting indicates that the first terminal subscribes to the auxiliary information.
  • the transceiver module 1010 is further configured to receive a fourth message, where the fourth message includes a third mapping relationship between at least one area list and at least one auxiliary information;
  • the processing module 1010 is further configured to determine the first auxiliary information corresponding to the first area list in the at least one area list according to the third mapping relationship;
  • the transceiver module 1010 is further configured to send the first auxiliary information through the access network device corresponding to the first area list.
  • the fourth message further includes a fourth mapping relationship between at least one positioning mode and the at least one auxiliary information
  • the processing module 1020 is further configured to determine the first position in the at least one positioning mode according to the fourth mapping relationship.
  • At least one piece of auxiliary information corresponding to a positioning method
  • the processing module 1020 is specifically used for:
  • the first auxiliary information is determined from at least one auxiliary information corresponding to the first positioning mode.
  • the transceiver module 1010 is further configured to obtain a second key when the first key of the first terminal becomes invalid;
  • the transceiver module 1010 is also used to send the second key to the first terminal.
  • the fourth message further includes a fourth mapping relationship between at least one positioning mode and the at least one auxiliary information
  • the processing module is further configured to determine the first in the at least one positioning mode according to the fourth mapping relationship.
  • the processing module 1020 is specifically used for:
  • the first auxiliary information is determined from at least one auxiliary information corresponding to the first positioning mode.
  • the transceiver module 1010 is further configured to obtain a second key when the first key of the first terminal becomes invalid;
  • the transceiver module 1010 is also used to send the second key to the first terminal.
  • the transceiver module 1010 is further configured to receive a fifth message, where the fifth message is used to request location information of the first terminal;
  • the transceiver module 1010 is specifically used for:
  • the second key is sent to the first terminal.
  • the transceiver module 1010 is further configured to receive a sixth message from the first terminal, where the sixth message is used to request to update the key;
  • the transceiver module 1010 is specifically used for:
  • the second key is sent to the first terminal.
  • the AMF in the embodiment of the present application receives the tracking area identifier used to indicate the tracking area to which the first terminal belongs, and then allocates a key (ie, the first key) to the first terminal according to the tracking area to which the first terminal belongs. And send the first key to the first terminal.
  • the mobility management network element uniformly distributes the key to the terminal.
  • the embodiment of the present application can allocate a suitable key to the first terminal and pass the key. The key protects the auxiliary information of the first terminal, thereby improving the security performance of the auxiliary information.
  • FIG. 11 shows a schematic block diagram of a device 1100 for protecting auxiliary information provided by an embodiment of the present application.
  • the device 1100 may be the AMF described in FIG. 4.
  • the device can adopt the hardware architecture shown in FIG. 11.
  • the device may include a processor 1110 and a transceiver 1120.
  • the device may also include a memory 1130.
  • the processor 1110, the transceiver 1120, and the memory 1130 communicate with each other through an internal connection path.
  • Related functions implemented by the processing module 1020 in FIG. 10 may be implemented by the processor 1110, and related functions implemented by the transceiver module 1011 may be implemented by the processor 1110 controlling the transceiver 1120.
  • the processor 1110 may be a general-purpose central processing unit (central processing unit, CPU), microprocessor, application-specific integrated circuit (ASIC), dedicated processor, or one or more An integrated circuit used to implement the technical solutions of the embodiments of this application.
  • a processor may refer to one or more devices, circuits, and/or processing cores for processing data (for example, computer program instructions).
  • it can be a baseband processor or a central processing unit.
  • the baseband processor can be used to process communication protocols and communication data
  • the central processor can be used to control devices (such as base stations, terminals, or chips) used to protect auxiliary information, execute software programs, and process software programs The data.
  • the processor 1110 may include one or more processors, such as one or more central processing units (CPU).
  • processors such as one or more central processing units (CPU).
  • CPU central processing units
  • the CPU may be a single processor.
  • the core CPU can also be a multi-core CPU.
  • the transceiver 1120 is used to send and receive data and/or signals, and receive data and/or signals.
  • the transceiver may include a transmitter and a receiver, the transmitter is used to send data and/or signals, and the receiver is used to receive data and/or signals.
  • the memory 1130 includes, but is not limited to, random access memory (RAM), read-only memory (ROM), erasable programmable memory (erasable programmable memory, EPROM), and read-only memory.
  • RAM random access memory
  • ROM read-only memory
  • EPROM erasable programmable memory
  • read-only memory erasable programmable memory
  • CD-ROM compact disc
  • the memory 1130 is used to store AMF program codes and data, and may be a separate device or integrated in the processor 1110.
  • the processor 1110 is configured to control the transceiver to perform information transmission with the terminal.
  • the processor 1110 is configured to control the transceiver to perform information transmission with the terminal.
  • FIG. 11 only shows a simplified design of the device for protecting auxiliary information.
  • the device can also contain other necessary components, including but not limited to any number of transceivers, processors, controllers, memories, etc., and all AMFs that can implement this application are within the protection scope of this application within.
  • the device 1100 may be a chip, for example, a communication chip that can be used in the AMF to implement related functions of the processor 1110 in the AMF.
  • the chip can be a field programmable gate array, a dedicated integrated chip, a system chip, a central processing unit, a network processor, a digital signal processing circuit, a microcontroller, and a programmable controller or other integrated chips for realizing related functions.
  • the chip may optionally include one or more memories for storing program codes. When the codes are executed, the processor realizes corresponding functions.
  • the apparatus 1100 may further include an output device and an input device.
  • the output device communicates with the processor 1110 and can display information in a variety of ways.
  • the output device may be a liquid crystal display (LCD), a light emitting diode (LED) display device, a cathode ray tube (CRT) display device, or a projector, etc.
  • the input device communicates with the processor 601 and can receive user input in various ways.
  • the input device may be a mouse, a keyboard, a touch screen device, or a sensor device.
  • FIG. 12 shows a schematic block diagram of an apparatus 1200 for protecting auxiliary information according to an embodiment of the present application.
  • the apparatus 1200 may correspond to the terminal in the embodiment shown in FIG. 4, and may have any function of the terminal in the method.
  • the device 1200 includes a transceiver module 1210.
  • the transceiver module 1210 is configured to send a tracking area identifier to the access and mobility management function network element AMF, where the tracking area identifier is used to indicate the tracking area to which the first terminal belongs;
  • the processing module 1210 is further configured to receive a first key, the first key is determined by the AMF according to the tracking area to which the first terminal belongs, and the first key is used to protect auxiliary information.
  • the transceiver module 1210 is also used to receive encrypted auxiliary information
  • the processing module 1220 is configured to decrypt the encrypted auxiliary information according to the first key.
  • the transceiver module is further configured to send positioning capability information to the AMF, where the positioning capability information is used to indicate a positioning mode supported by the first terminal.
  • the transceiver module 1210 is specifically used for:
  • a response message of the second message is received, where the response message includes the first key.
  • the transceiver module 1210 is specifically used for:
  • a response message of the third message is received, where the response message includes the first key.
  • the transceiver module 1210 is further configured to receive one or more of an expiration date and indication information from the AMF, and the expiration date is used to indicate a time threshold or a time period during which the first terminal can use the first key.
  • the threshold of the number of times the first key can be used, and the indication information is used to indicate whether the AMF supports auxiliary information in the tracking area to which the first terminal belongs.
  • processing module 1220 is specifically configured to:
  • the transceiver module 1210 is further configured to send a sixth message to the AMF when it is determined that the first key is invalid, where the sixth message is used to request to update the key;
  • the transceiver module 1210 is further configured to receive a response message of the sixth message, where the response message of the sixth message includes the second key;
  • the processing module 1220 is also used to decrypt the encrypted auxiliary information according to the second key.
  • processing module 1220 is specifically configured to:
  • the transceiver module 1210 is further configured to receive a second key from the AMF when it is determined that the first key is invalid;
  • the processing module 1220 is also used to decrypt the auxiliary information received from the AMF according to the second key.
  • the first terminal in the embodiment of the present application sends to AMF the tracking area identifier used to indicate the tracking area to which the first terminal belongs, and the tracking area identifier of the tracking area to which the first terminal belongs is used for AMF determination for protection assistance
  • the first key of the information the first terminal obtains the first key from the AMF, that is, the embodiment of the present application can allocate a more suitable key to the first terminal, and protect the first key through the first key
  • the auxiliary information of the first terminal improves the security performance of the auxiliary information.
  • FIG. 13 shows an apparatus 1300 for protecting auxiliary information provided by an embodiment of the present application.
  • the apparatus 1300 may be the terminal described in FIG. 4.
  • the device can adopt the hardware architecture shown in FIG. 13.
  • the device may include a processor 1310 and a transceiver 1320.
  • the device may also include a memory 1330.
  • the processor 1310, the transceiver 1320 and the memory 1330 communicate with each other through an internal connection path.
  • the relevant functions implemented by the processing module 1320 in FIG. 13 may be implemented by the processor 1310, and the relevant functions implemented by the transceiver module 1310 may be implemented by the processor 1310 controlling the transceiver 1320.
  • the processor 1310 may be a general-purpose central processing unit (central processing unit, CPU), a microprocessor, an application-specific integrated circuit (ASIC), a dedicated processor, or one or more It is an integrated circuit that implements the technical solutions of the embodiments of the present application.
  • a processor may refer to one or more devices, circuits, and/or processing cores for processing data (for example, computer program instructions).
  • it can be a baseband processor or a central processing unit.
  • the baseband processor can be used to process communication protocols and communication data
  • the central processor can be used to control devices (such as base stations, terminals, or chips) used to protect auxiliary information, execute software programs, and process software programs The data.
  • the processor 1310 may include one or more processors, such as one or more central processing units (CPU).
  • processors such as one or more central processing units (CPU).
  • CPU central processing units
  • the CPU may be a single processor.
  • the core CPU can also be a multi-core CPU.
  • the transceiver 1320 is used to send and receive data and/or signals, and to receive data and/or signals.
  • the transceiver may include a transmitter and a receiver, the transmitter is used to send data and/or signals, and the receiver is used to receive data and/or signals.
  • the memory 1330 includes, but is not limited to, random access memory (RAM), read-only memory (ROM), erasable programmable memory (erasable read only memory, EPROM), read-only memory A compact disc (read-only memory, CD-ROM), the memory 1330 is used to store related instructions and data.
  • RAM random access memory
  • ROM read-only memory
  • EPROM erasable programmable memory
  • CD-ROM compact disc
  • the memory 1330 is used to store program codes and data of the terminal, and may be a separate device or integrated in the processor 1310.
  • the processor 1310 is configured to control the transceiver to perform information transmission with the terminal.
  • the processor 1310 is configured to control the transceiver to perform information transmission with the terminal.
  • the apparatus 1300 may further include an output device and an input device.
  • the output device communicates with the processor 1310 and can display information in a variety of ways.
  • the output device may be a liquid crystal display (LCD), a light emitting diode (LED) display device, a cathode ray tube (CRT) display device, or a projector, etc.
  • the input device communicates with the processor 601 and can receive user input in various ways.
  • the input device may be a mouse, a keyboard, a touch screen device, or a sensor device.
  • FIG. 13 only shows a simplified design of the device for protecting auxiliary information.
  • the device may also contain other necessary components, including but not limited to any number of transceivers, processors, controllers, memories, etc., and all terminals that can implement this application are within the protection scope of this application. within.
  • the device 1300 may be a chip, for example, a communication chip that can be used in a terminal to implement related functions of the processor 1310 in the terminal.
  • the chip can be a field programmable gate array, a dedicated integrated chip, a system chip, a central processing unit, a network processor, a digital signal processing circuit, a microcontroller, and a programmable controller or other integrated chips for realizing related functions.
  • the chip may optionally include one or more memories for storing program codes. When the codes are executed, the processor realizes corresponding functions.
  • the embodiment of the present application also provides a device, which may be a terminal or a circuit.
  • the device can be used to perform the actions performed by the terminal in the foregoing method embodiments.
  • FIG. 14 shows a schematic block diagram of an apparatus 1400 for protecting auxiliary information according to an embodiment of the present application.
  • the device 1400 may correspond to the LMF in the embodiment shown in FIG. 4, and may have any function of the LMF in the method.
  • the device 1400 includes a processing module 1410 and a transceiver module 1420.
  • the processing module 1410 is configured to determine a first message.
  • the first message includes multiple keys supported by the LMF and tracking areas corresponding to the multiple keys respectively;
  • the transceiver module 1420 is configured to send the first message to the access and mobility management function network element AMF.
  • the first message further includes the positioning modes respectively corresponding to the multiple keys.
  • processing module 1410 is further configured to generate at least one auxiliary information
  • the transceiver module 1410 is further configured to send a fourth message, the fourth message including a third mapping relationship between at least one area list and at least one auxiliary information.
  • the fourth message further includes a fourth mapping relationship between multiple positioning modes and the at least one auxiliary information.
  • processing module 1420 is specifically configured to:
  • Encrypting the second auxiliary information by the first key generates the first auxiliary information.
  • processing module 1420 is specifically configured to:
  • Encrypting the second auxiliary information by the first key generates the first auxiliary information.
  • FIG. 15 shows a device 1500 for protecting auxiliary information provided by an embodiment of the present application.
  • the device 1500 may be the terminal described in FIG. 4.
  • the device can adopt the hardware architecture shown in FIG. 15.
  • the device may include a processor 1510 and a transceiver 1520.
  • the device may also include a memory 1530.
  • the processor 1510, the transceiver 1520, and the memory 1530 communicate with each other through an internal connection path.
  • the related functions implemented by the processing module 1520 in FIG. 15 may be implemented by the processor 1510, and the related functions implemented by the transceiver module 1510 may be implemented by the processor 1510 controlling the transceiver 1520.
  • the processor 1510 may be a general-purpose central processing unit (central processing unit, CPU), a microprocessor, an application-specific integrated circuit (ASIC), a dedicated processor, or one or more It is an integrated circuit that implements the technical solutions of the embodiments of the present application.
  • a processor may refer to one or more devices, circuits, and/or processing cores for processing data (for example, computer program instructions).
  • it can be a baseband processor or a central processing unit.
  • the baseband processor can be used to process communication protocols and communication data
  • the central processor can be used to control devices (such as base stations, terminals, or chips) used to protect auxiliary information, execute software programs, and process software programs The data.
  • the processor 1510 may include one or more processors, such as one or more central processing units (CPU).
  • processors such as one or more central processing units (CPU).
  • CPU central processing units
  • the CPU may be a single processor.
  • the core CPU can also be a multi-core CPU.
  • the transceiver 1520 is used to send and receive data and/or signals, and to receive data and/or signals.
  • the transceiver may include a transmitter and a receiver, the transmitter is used to send data and/or signals, and the receiver is used to receive data and/or signals.
  • the memory 1530 includes but is not limited to random access memory (RAM), read-only memory (ROM), erasable programmable memory (erasable read only memory, EPROM), read-only memory A compact disc (read-only memory, CD-ROM), the memory 1530 is used to store related instructions and data.
  • RAM random access memory
  • ROM read-only memory
  • EPROM erasable programmable memory
  • CD-ROM compact disc
  • the memory 1530 is used to store program codes and data of the terminal, and may be a separate device or integrated in the processor 1510.
  • the processor 1510 is configured to control the transceiver and the terminal to perform information transmission.
  • the processor 1510 is configured to control the transceiver and the terminal to perform information transmission.
  • the apparatus 1500 may further include an output device and an input device.
  • the output device communicates with the processor 1510 and can display information in a variety of ways.
  • the output device may be a liquid crystal display (LCD), a light emitting diode (LED) display device, a cathode ray tube (CRT) display device, or a projector, etc.
  • the input device communicates with the processor 601 and can receive user input in various ways.
  • the input device may be a mouse, a keyboard, a touch screen device, or a sensor device.
  • FIG. 15 only shows a simplified design of the device for protecting auxiliary information.
  • the device may also contain other necessary components, including but not limited to any number of transceivers, processors, controllers, memories, etc., and all terminals that can implement this application are within the protection scope of this application. within.
  • the device 1500 may be a chip, for example, a communication chip that can be used in a terminal to implement related functions of the processor 1510 in the terminal.
  • the chip can be a field programmable gate array, a dedicated integrated chip, a system chip, a central processing unit, a network processor, a digital signal processing circuit, a microcontroller, and a programmable controller or other integrated chips for realizing related functions.
  • the chip may optionally include one or more memories for storing program codes. When the codes are executed, the processor realizes corresponding functions.
  • the embodiment of the present application also provides a device, which may be a terminal or a circuit.
  • the device can be used to perform the actions performed by the terminal in the foregoing method embodiments.
  • FIG. 16 shows a simplified structural diagram of a terminal. It is easy to understand and easy to illustrate.
  • the terminal uses a mobile phone as an example.
  • the terminal includes a processor, a memory, a radio frequency circuit, an antenna, and an input and output device.
  • the processor is mainly used to process the communication protocol and communication data, control the terminal, execute the software program, and process the data of the software program.
  • the memory is mainly used to store software programs and data.
  • the radio frequency circuit is mainly used for the conversion of baseband signal and radio frequency signal and the processing of radio frequency signal.
  • the antenna is mainly used to send and receive radio frequency signals in the form of electromagnetic waves.
  • Input and output devices such as touch screens, display screens, and keyboards, are mainly used to receive data input by users and output data to users. It should be noted that some types of terminals may not have input and output devices.
  • the processor When data needs to be sent, the processor performs baseband processing on the data to be sent, and outputs the baseband signal to the radio frequency circuit.
  • the radio frequency circuit performs radio frequency processing on the baseband signal and sends the radio frequency signal to the outside in the form of electromagnetic waves through the antenna.
  • the radio frequency circuit receives the radio frequency signal through the antenna, converts the radio frequency signal into a baseband signal, and outputs the baseband signal to the processor, and the processor converts the baseband signal into data and processes the data.
  • only one memory and processor are shown in FIG. 16. In actual end products, there may be one or more processors and one or more memories.
  • the memory may also be referred to as a storage medium or storage device.
  • the memory may be set independently of the processor, or may be integrated with the processor, which is not limited in the embodiment of the present application.
  • the antenna and radio frequency circuit with the transceiver function may be regarded as the transceiver unit of the terminal, and the processor with the processing function may be regarded as the processing unit of the terminal.
  • the terminal includes a transceiver unit 1610 and a processing unit 1620.
  • the transceiver unit may also be referred to as a transceiver, a transceiver, a transceiver, and so on.
  • the processing unit may also be called a processor, a processing board, a processing module, a processing device, and so on.
  • the device for implementing the receiving function in the transceiver unit 1610 can be regarded as the receiving unit, and the device for implementing the sending function in the transceiver unit 1610 as the sending unit, that is, the transceiver unit 1610 includes a receiving unit and a sending unit.
  • the transceiver unit may sometimes be called a transceiver, a transceiver, or a transceiver circuit.
  • the receiving unit may sometimes be called a receiver, receiver, or receiving circuit.
  • the transmitting unit may sometimes be called a transmitter, a transmitter, or a transmitting circuit.
  • transceiving unit 1610 is used to perform the sending and receiving operations on the terminal side in the foregoing method embodiment, and the processing unit 1620 is used to perform other operations on the terminal in addition to the transceiving operation in the foregoing method embodiment.
  • the processing unit 1620 is configured to perform the operations in step 402 and step 403 in FIG. 4, and/or the processing unit 1620 is further configured to perform other processing steps on the terminal side in the embodiment of the present application.
  • the transceiving unit 1610 is configured to perform the transceiving operations in step 401 and/or step 404 in FIG. 4, and/or the transceiving unit 1610 is further configured to perform other transceiving steps on the terminal side in the embodiment of the present application.
  • the chip When the device for protecting auxiliary information is a chip, the chip includes a transceiver unit and a processing unit.
  • the transceiver unit may be an input/output circuit or a communication interface;
  • the processing unit is a processor or microprocessor or integrated circuit integrated on the chip.
  • the device shown in FIG. 17 can also be referred to.
  • the device can perform functions similar to the processor 1610 in Fig. 16.
  • the device includes a processor 1701, a data sending processor 1703, and a data receiving processor 1705.
  • the processing module 1220 in the foregoing embodiment may be the processor 1701 in FIG. 17, and completes corresponding functions.
  • the transceiver module 1210 in the foregoing embodiment may be the sending data processor 1703 and the receiving data processor 1705 in FIG. 17.
  • the channel encoder and the channel decoder are shown in FIG. 17, it can be understood that these modules do not constitute a restrictive description of this embodiment, and are merely illustrative.
  • the processing device 1800 includes modules such as a modulation subsystem, a central processing subsystem, and a peripheral subsystem.
  • the communication device in this embodiment can be used as the modulation subsystem therein.
  • the modulation subsystem may include a processor 1803 and an interface 1804.
  • the processor 1803 completes the function of the aforementioned processing module 1220
  • the interface 1804 completes the function of the aforementioned transceiver module 1210.
  • the modulation subsystem includes a memory 1806, a processor 1803, and a program stored in the memory and capable of running on the processor. When the processor executes the program, the program described in the first to fifth embodiments is implemented. method.
  • the memory 1806 can be nonvolatile or volatile, and its location can be located inside the modulation subsystem or in the processing device 1800, as long as the memory 1806 can be connected to the The processor 1803 is fine.
  • the disclosed system, device, and method may be implemented in other ways.
  • the device embodiments described above are only illustrative.
  • the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or It can be integrated into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • each unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the function is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium.
  • the technical solution of this application essentially or the part that contributes to the existing technology or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or an access network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic disk or optical disk and other media that can store program code .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

L'invention concerne un procédé et un appareil destinés à protéger des informations auxiliaires concernant un emplacement. Le procédé comprend les étapes suivantes : une AMF reçoit un identifiant de zone de suivi pour indiquer une zone de suivi à laquelle appartient un premier terminal, attribue une première clé secrète au premier terminal en fonction de la zone de suivi à laquelle le premier terminal appartient, et envoie la première clé secrète au premier terminal. Par rapport au cas dans la solution classique où un élément de réseau de gestion de mobilité attribue une clé secrète unifiée à tous les terminaux qui peuvent être gérés, les modes de réalisation de la présente invention peuvent attribuer une clé secrète appropriée au premier terminal et protéger des informations auxiliaires du premier terminal au moyen de la clé secrète, ce qui permet d'améliorer les performances de sécurité des informations auxiliaires.
PCT/CN2020/077787 2019-03-04 2020-03-04 Procédé et appareil pour protéger des informations auxiliaires WO2020177716A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910161370.6 2019-03-04
CN201910161370.6A CN111726800A (zh) 2019-03-04 2019-03-04 用于保护辅助信息的方法和装置

Publications (1)

Publication Number Publication Date
WO2020177716A1 true WO2020177716A1 (fr) 2020-09-10

Family

ID=72337684

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/077787 WO2020177716A1 (fr) 2019-03-04 2020-03-04 Procédé et appareil pour protéger des informations auxiliaires

Country Status (2)

Country Link
CN (1) CN111726800A (fr)
WO (1) WO2020177716A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4340399A1 (fr) * 2021-07-12 2024-03-20 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Procédé et appareil de communication
CN116456322A (zh) * 2022-01-07 2023-07-18 华为技术有限公司 通信方法和通信装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018009030A1 (fr) * 2016-07-08 2018-01-11 엘지전자 주식회사 Procédé et dispositif pour modifier la zone de poursuite en se basant sur la mobilité d'un terminal
CN108702724A (zh) * 2016-11-27 2018-10-23 Lg 电子株式会社 无线通信系统中的注销方法及其装置
CN109155949A (zh) * 2017-01-09 2019-01-04 Lg 电子株式会社 无线通信中在网络之间的互通方法及其装置
CN109167847A (zh) * 2018-08-09 2019-01-08 中国联合网络通信集团有限公司 一种IPv6地址的生成方法及SMF、通信系统

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110858951B (zh) * 2018-08-22 2021-06-18 中国移动通信有限公司研究院 实现用户终端定位的方法、用户终端、网络侧设备
CN111031486B (zh) * 2018-10-10 2021-05-11 电信科学技术研究院有限公司 一种定位服务密钥分发方法及其装置
CN111107483B (zh) * 2018-10-10 2021-03-09 电信科学技术研究院有限公司 一种定位服务权限变更方法、装置及系统

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018009030A1 (fr) * 2016-07-08 2018-01-11 엘지전자 주식회사 Procédé et dispositif pour modifier la zone de poursuite en se basant sur la mobilité d'un terminal
CN108702724A (zh) * 2016-11-27 2018-10-23 Lg 电子株式会社 无线通信系统中的注销方法及其装置
CN109155949A (zh) * 2017-01-09 2019-01-04 Lg 电子株式会社 无线通信中在网络之间的互通方法及其装置
CN109167847A (zh) * 2018-08-09 2019-01-08 中国联合网络通信集团有限公司 一种IPv6地址的生成方法及SMF、通信系统

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CATT: "pCR to TR33.814-Solution of Provisioning Keys for Broadcast Assistant Data Protection", 3GPP DRAFT; S3-190246, 1 February 2019 (2019-02-01), Kochi , India, pages 1 - 3, XP051596848 *

Also Published As

Publication number Publication date
CN111726800A (zh) 2020-09-29

Similar Documents

Publication Publication Date Title
US10555285B2 (en) Network service exposure method and apparatus utilizing the same
US9717074B2 (en) Relay user equipment device and status announcement method thereof
WO2019148401A1 (fr) Procédé de recherche de mobile, équipement de réseau et équipement terminal
US11172460B2 (en) User location monitoring in mobile edge environment
TWI763563B (zh) 一種在非啟動狀態下進行小資料傳送之方法及使用者裝置
US20190141769A1 (en) Data Transmission Method and Device
KR20230019969A (ko) 타이밍 어드밴스(ta) 결정 방법, 네트워크 디바이스 및 단말
US10764779B2 (en) Apparatuses and methods for mobility management (MM) congestion control
US11310658B2 (en) Method and apparatus for determining status of terminal device, and device
WO2020177716A1 (fr) Procédé et appareil pour protéger des informations auxiliaires
US20210392612A1 (en) Method, device and terminal for location message transmission processing
WO2018137716A1 (fr) Procédé et dispositif de maintien de la continuité d'une fonction udc
CN111867057A (zh) 通信方法、装置和系统
CN110121203B (zh) 通信方法和通信装置
WO2021087996A1 (fr) Procédé de communication et dispositif de communication
WO2020052638A1 (fr) Procédé et appareil de transmission d'informations de localisation et dispositif
WO2022253150A1 (fr) Procédé et appareil de transmission de données
US20230388085A1 (en) Methods of latency reduction for positioning-specific measurement reporting
JP2005528061A (ja) マルチモード無線装置を用いた補足サービスアクセス
WO2020248749A1 (fr) Procédé et dispositif de mise à jour de clé
WO2020224582A1 (fr) Procédé et dispositif de mise à jour de tranche de réseau
US11930424B2 (en) Method and apparatus for location based group message delivery
CN116918401A (zh) 使用小数据传输的定位测量报告
WO2020052460A1 (fr) Procédé, appareil et dispositif de transmission d'informations d'emplacement
CN109936590B (zh) 信息传输方法及装置、计算机存储介质、通信系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20766319

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20766319

Country of ref document: EP

Kind code of ref document: A1