WO2022174729A1 - Procédé de protection de la confidentialité d'identification d'identité, et appareil de communication - Google Patents

Procédé de protection de la confidentialité d'identification d'identité, et appareil de communication Download PDF

Info

Publication number
WO2022174729A1
WO2022174729A1 PCT/CN2022/073978 CN2022073978W WO2022174729A1 WO 2022174729 A1 WO2022174729 A1 WO 2022174729A1 CN 2022073978 W CN2022073978 W CN 2022073978W WO 2022174729 A1 WO2022174729 A1 WO 2022174729A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
network
authentication
request
identifier
Prior art date
Application number
PCT/CN2022/073978
Other languages
English (en)
Chinese (zh)
Inventor
郭龙华
吴�荣
金兹伯格·菲利普
尼米·瓦特里
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2022174729A1 publication Critical patent/WO2022174729A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W60/00Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • the present application relates to the field of communication, and, more particularly, to the field of methods and communication devices for protecting the privacy of identity identifiers.
  • Security is a key element to consider in the definition and specification of mobile networks.
  • checking whether the user equipment (UE) has the right to access the network is the most important part.
  • the verification of the terminal identity (UE identity, UE ID) and the main authentication are the two most important steps.
  • the purpose of verifying the UE ID is to ensure that the UE is a legitimate user, that is, to ensure that the UE ID is valid.
  • the purpose of primary authentication is to achieve mutual authentication between the UE and the network.
  • the attacker can attack the mobile network according to the unsecured message between the UE and the network side, resulting in user privacy leakage.
  • the present application provides a method and a communication device for protecting the privacy of an identity identifier.
  • the attacker cannot judge whether the UE ID is valid from the message from the network side, preventing the attacker from guessing from the air interface message and subsequent procedures.
  • UE ID which increases the difficulty of the attacker's attack.
  • a method for protecting the privacy of an identity identifier comprising: a first device receiving a first request message from a second device, where the first request message is used by the second device to request to register in a network, the first request message being A request message includes a first identifier; the first device receives a first message from a third device, where the first message is used to request the second device to authenticate the network or to indicate that the second device fails to register in the network; The first device sends an authentication request message to the second device according to the first message, where the authentication request message includes a first authentication parameter, and the first authentication parameter is used for the second device to authenticate the network.
  • the method further includes: the authentication request message includes a first random number.
  • the network side randomly constructs an authentication request message so that the message type and message format of the air interface message returned to the second device are the same as the message type when the second device is a legitimate user. It is consistent with the message format, so that the attacker cannot guess the first identifier from the message type and message format, and it also prevents the attacker from guessing the first identifier through the subsequent process; it increases the attack difficulty of the attacker, making it difficult for the attacker to obtain an effective first logo.
  • the method further includes: when the first message is used to request the second device to authenticate the network, the first authentication parameter is based on the The first parameter carried is generated; when the first message is used to indicate that the second device fails to register in the network, the first authentication parameter is randomly generated by the first device.
  • the method further includes: in a situation where the first message is used to request the second device to authenticate the network, the first device determines the network according to the first message The second device belongs to a legitimate user of the network; in the case where the first message is used to indicate that the second device fails to register in the network, the first device determines according to the first message that the second device does not belong to the network legitimate user.
  • the third device sends the third device to the third device.
  • a device sends a first message for requesting the second device to authenticate the network, and the first device determines that the second device is a legitimate user according to the first message.
  • the method further includes: in a situation where the first device determines that the second device belongs to a legitimate user of the network, the first authentication parameter corresponds to the first authentication parameter based on the first identification Root key generation.
  • the method further includes: the first authentication parameter includes an authentication token and a home network expected response.
  • the method further includes: the first parameter includes the first authentication parameter.
  • a method for protecting identity privacy comprising: a fourth device receiving a second request message from a third device, where the second request message is used to request the second device to register in the network, the first The second request message includes the first identifier; the fourth device sends a second message to the third device, where the second message is used to request the second device to authenticate the network or to indicate that the second device fails to register in the network , the second message includes a second authentication parameter, and the second authentication parameter includes a parameter for the second device to authenticate the network.
  • the network side randomly constructs an authentication request message so that the message type and message format of the air interface message returned to the second device are the same as the message when the second device is a legal user.
  • the type and message format are consistent, so that the attacker cannot guess the first identifier from the message type and message format, and it also avoids the attacker from guessing the first identifier through the subsequent process; it increases the attack difficulty of the attacker, making it difficult for the attacker to obtain effective the first identification.
  • the method further includes: in a situation where the fourth device determines that the second device belongs to a legitimate user of the network according to the first identifier, the fourth device The second authentication parameter is generated according to the second parameter, and the second parameter includes the root key corresponding to the first identifier; when the fourth device determines according to the first identifier that the second device does not belong to a legitimate user of the network Next, the fourth device randomly generates the second authentication parameter.
  • the second parameter further includes a sequence value corresponding to the first identifier.
  • the method further includes: when the fourth device determines according to the first identifier that the second device does not belong to a legitimate user of the network, the second message for requesting the second device to authenticate the network.
  • the method further includes: the second authentication parameter includes at least one of the following: an authentication token, an expected response, and an authentication service function key.
  • a method for protecting identity privacy comprising: a third device receiving a third request message from a first device, where the third request message is used by the second device to request registration in a network, and the third device
  • the third request message includes the first identifier
  • the third device receives a second message from the fourth device, and the second message is used to request the second device to authenticate the network or to indicate that the second device fails to register in the network
  • the third device sends a first message to the first device according to the second message, the first message includes a third authentication parameter, and the third authentication parameter includes a parameter for the second device to authenticate the network.
  • the network side randomly constructs an authentication request message so that the message type and message format of the air interface message returned to the second device are the same as the message when the second device is a legal user.
  • the type and message format are consistent, so that the attacker cannot guess the first identifier from the message type and message format, and it also avoids the attacker from guessing the first identifier through the subsequent process; it increases the attack difficulty of the attacker, making it difficult for the attacker to obtain effective the first identification.
  • the method further includes: in the case that the second message is used to request the second device to authenticate the network, the third authentication parameter is based on the The second parameter carried is generated; when the second message is used to indicate that the second device fails to register in the network, the third authentication parameter is randomly generated by the third device.
  • the method further includes: when the second message is used to request the second device to authenticate the network, the third device determines the network according to the second message The second device belongs to a legitimate user of the network; in the case where the second message is used to indicate that the second device fails to register in the network, the third device determines according to the second message that the second device does not belong to the network legitimate user.
  • the method further includes: in a situation where the third device determines that the second device belongs to a legitimate user of the network, the third authentication parameter corresponds to the first identifier based on Root key generation.
  • the method further includes: the third authentication parameter includes an authentication token and a home network expected response.
  • the method further includes: the second parameter includes the third authentication parameter.
  • a method for protecting identity privacy comprising: a first device receiving a fourth request message from a second device, where the fourth request message is used to request a network to authenticate the second device, and the fourth request
  • the message includes a first identifier; the first device receives a sixth response message from the third device, and the sixth response message is used to indicate that the network refuses to serve the second device; the first device sends a message to the second device according to the sixth response message.
  • the second device sends a fourth response message, the fourth response message is used to indicate that the network refuses to serve the second device, the fourth response message includes a first cause value, the first cause value and whether the second device is Legitimate users belonging to the network are irrelevant.
  • the network side selects a reason value irrelevant to whether the second device is a legal user, so that the attacker cannot obtain the message type and message format of the air interface message. It can prevent the attacker from guessing the first identifier from the air interface message, and also avoid the attacker guessing the first identifier through the subsequent process; it increases the attack difficulty of the attacker, making it difficult for the attacker to obtain an effective first identifier. an identification.
  • the method further includes: the first device determines, according to the sixth response message, that the second device does not belong to a legitimate user of the network.
  • the method further includes: the first device generates the first cause value, or the first device receives the first cause value.
  • a method for protecting identity privacy comprising: a fourth device receiving a fifth request message from a third device, where the fifth request message is used to request the network to authenticate the second device, the fifth request message The message includes a first identifier; the fourth device sends a fifth response message to the third device, where the fifth response message is used to indicate that the network refuses to serve the second device, and the fifth response message includes a second cause value, The second cause value is independent of whether the second device belongs to a legitimate user of the network.
  • the network side selects a reason value irrelevant to whether the second device is a legal user, so that the attacker cannot obtain the message type and message format of the air interface message. It can prevent the attacker from guessing the first identifier from the air interface message, and also avoid the attacker guessing the first identifier through the subsequent process; it increases the attack difficulty of the attacker, making it difficult for the attacker to obtain an effective first identifier. an identification.
  • the method further includes: the fourth device generating the second cause value.
  • a method for protecting the privacy of an identity identifier comprising: a third device receiving a sixth request message from the first device, where the sixth request message is used to request the network to authenticate the second device, the sixth request message
  • the message includes a first identifier; the third device receives a fifth response message from the fourth device, where the fifth response message is used to instruct the network to refuse to serve the second device; the third device sends a request to the second device according to the fifth response message.
  • the first device sends a sixth response message, the sixth response message is used to indicate that the network refuses to serve the second device, the sixth response message includes a third cause value, the third cause value and whether the second device is Legitimate users belonging to the network are irrelevant.
  • the network side selects a reason value irrelevant to whether the second device is a legal user, so that the attacker cannot obtain the message type and message format of the air interface message. It can prevent the attacker from guessing the first identifier from the air interface message, and also avoid the attacker guessing the first identifier through the subsequent process; it increases the attack difficulty of the attacker, making it difficult for the attacker to obtain an effective first identifier. an identification.
  • the method further includes: determining, by the third device, that the second device does not belong to a legitimate user of the network according to the fifth response message.
  • the method further includes: the third device generates the third cause value, or the third device receives the third cause value.
  • an apparatus for protecting the privacy of an identity identifier comprising: a transceiver module configured to receive a first request message from a second device, where the first request message is used by the second device to request registration in a network, The first request message includes a first identifier; the transceiver module is further configured to receive a first message from a third device, where the first message is used to request the second device to authenticate the network or to indicate that the second device is in The registration in the network fails; the transceiver module is further configured to send an authentication request message to the second device according to the first message, where the authentication request message includes a first authentication parameter, and the first authentication parameter is used for authentication of the second device the network.
  • the network side randomly constructs an authentication request message so that the message type and message format of the air interface message returned to the second device are the same as the message when the second device is a legal user.
  • the type and message format are consistent, so that the attacker cannot guess the first identifier from the message type and message format, and it also avoids the attacker from guessing the first identifier through the subsequent process; it increases the attack difficulty of the attacker, making it difficult for the attacker to obtain effective the first identification.
  • the apparatus further includes: when the first message is used to request the second device to authenticate the network, the first authentication parameter is based on the The first parameter carried is generated; when the first message is used to indicate that the second device fails to register in the network, the first authentication parameter is randomly generated by the first device.
  • the apparatus further includes a processing module configured to: in the case that the first message is used to request the second device to authenticate the network, according to the first message A message determines that the second device belongs to a legitimate user of the network; in the case where the first message is used to indicate that the second device fails to register in the network, it is determined according to the first message that the second device does not belong to the network. legitimate user.
  • the apparatus further includes: in the case that the first message is used to request the second device to authenticate the network, the first authentication parameter corresponds to the first identification based on Root key generation.
  • the apparatus further includes: the first authentication parameter includes an authentication token and a home network expected response.
  • the apparatus further includes: the first parameter includes the first authentication parameter.
  • an apparatus for protecting the privacy of an identity identifier comprising: a transceiver module configured to receive a second request message from a third device, where the second request message is used to request the second device to register in the network, The second request message includes the first identifier;
  • the transceiver module is further configured to send a second message to the third device, where the second message is used to request the second device to authenticate the network or to indicate that the second device fails to register in the network, the second message A second authentication parameter is included, the second authentication parameter including a parameter for the second device to authenticate the network.
  • the network side randomly constructs an authentication request message so that the message type and message format of the air interface message returned to the second device are the same as the message when the second device is a legal user.
  • the type and message format are consistent, so that the attacker cannot guess the first identifier from the message type and message format, and it also avoids the attacker from guessing the first identifier through the subsequent process; it increases the attack difficulty of the attacker, making it difficult for the attacker to obtain effective the first identification.
  • the apparatus further includes a processing module, the processing module is configured to: determine, at the fourth device, that the second device does not belong to the legal system of the network according to the first identifier
  • the second authentication parameter is generated according to the second parameter, and the second parameter includes the root key corresponding to the first identification; in the fourth device, according to the first identification, it is determined that the second device does not belong to the network
  • the second authentication parameter is randomly generated.
  • the processing module is further configured to, when the fourth device determines according to the first identifier that the second device does not belong to a legitimate user of the network, the first The second message is used to request the second device to authenticate the network.
  • the apparatus further includes: the second authentication parameter includes at least one of the following: an authentication token, an expected response, and an authentication service function key.
  • an apparatus for protecting the privacy of an identity identifier comprising: a transceiver module configured to receive a third request message from the first device, where the third request message is used by the second device to request registration in the network, The third request message includes a first identifier; the transceiver module is further configured to receive a second message from the fourth device, where the second message is used to request the second device to authenticate the network or to indicate that the second device is in The registration in the network fails; the third device sends a first message to the first device according to the second message, where the first message includes a third authentication parameter, and the third authentication parameter includes a parameter for the second device to authenticate the network parameter.
  • the network side randomly constructs an authentication request message so that the message type and message format of the air interface message returned to the second device are the same as the message type when the second device is a legitimate user. It is consistent with the message format, so that the attacker cannot guess the first identifier from the message type and message format, and it also prevents the attacker from guessing the first identifier through the subsequent process; it increases the attack difficulty of the attacker, making it difficult for the attacker to obtain an effective first logo.
  • the device further includes:
  • the third authentication parameter is generated based on the second parameter carried in the second message
  • the third authentication parameter is randomly generated by the third device.
  • the apparatus further includes a processing module, and the processing module is configured to, in the case that the second message is used to request the second device to authenticate the network, according to the second The message determines that the second device belongs to the legal user of the network; in the case where the second message is used to indicate that the second device fails to register in the network, it is determined according to the second message that the second device does not belong to the legal user of the network. user.
  • the apparatus further includes: in a situation where the third device determines that the second device belongs to a legitimate user of the network, the third authentication parameter corresponds to the first identifier based on Root key generation.
  • the apparatus further includes: the third authentication parameter includes an authentication token and a home network expected response.
  • the apparatus further includes: the second parameter includes the third authentication parameter.
  • an apparatus for protecting the privacy of an identity identifier comprising: a transceiver module for receiving a fourth request message from a second device, where the fourth request message is used to request the network to authenticate the second device, the The four-request message includes the first identifier; the transceiver module is further configured to receive a sixth response message from the third device, where the sixth response message is used to indicate that the network refuses to serve the second device; the transceiver module is also configured to use sending a fourth response message to the second device according to the sixth response message, the fourth response message is used to indicate that the network refuses to serve the second device, the fourth response message includes a first cause value, the first The reason value is independent of whether the second device belongs to a legitimate user of the network.
  • the network side selects a reason value irrelevant to whether the second device is a legal user, so that the attacker cannot obtain the message type and message format of the air interface message. It can prevent the attacker from guessing the first identifier from the air interface message, and also avoid the attacker guessing the first identifier through the subsequent process; it increases the attack difficulty of the attacker, making it difficult for the attacker to obtain an effective first identifier. an identification.
  • the apparatus further includes a processing module configured to determine, according to the sixth response message, that the second device does not belong to a legitimate user of the network.
  • the processing module is further configured to generate the first cause value, or the transceiver module is further configured to receive the first cause value.
  • an apparatus for protecting the privacy of an identity identifier comprising: a transceiver module for receiving a fifth request message from a third device, where the fifth request message is used to request the network to authenticate the second device, the The fifth request message includes a first identifier; the transceiver module is further configured to send a fifth response message to the third device, where the fifth response message is used to indicate that the network refuses to serve the second device, and the fifth response message A second cause value is included, the second cause value being independent of whether the second device belongs to a legitimate user of the network.
  • the network side selects a reason value irrelevant to whether the second device is a legal user, so that the attacker cannot obtain the message type and message format of the air interface message. It can prevent the attacker from guessing the first identifier from the air interface message, and also avoid the attacker guessing the first identifier through the subsequent process; it increases the attack difficulty of the attacker, making it difficult for the attacker to obtain an effective first identifier. an identification.
  • the apparatus further includes a processing module, where the processing module generates the second cause value, or the transceiver module is further configured to receive the second cause value.
  • a twelfth aspect provides an apparatus for protecting the privacy of an identity identifier, comprising: a transceiver module for receiving a sixth request message from a first device, where the sixth request message is used to request the network to authenticate the second device, the The sixth request message includes the first identifier; the transceiver module is further configured to receive a fifth response message from the fourth device, where the fifth response message is used to indicate that the network refuses to serve the second device; the transceiver module is further configured to is used to send a sixth response message to the first device, where the sixth response message is used to indicate that the network refuses to serve the second device, wherein, in the case that the second device belongs to a legitimate user of the network, the sixth response message is used to indicate that the network refuses to serve the second device.
  • the response message includes a first cause value, and the sixth response message includes a third cause value, and the third cause value is independent of whether the second device belongs to a legitimate user of the network.
  • the network side selects a reason value irrelevant to whether the second device is a legal user, so that the attacker cannot obtain the message type and message format of the air interface message. It can prevent the attacker from guessing the first identifier from the air interface message, and also avoid the attacker guessing the first identifier through the subsequent process; it increases the attack difficulty of the attacker, making it difficult for the attacker to obtain an effective first identifier. an identification.
  • the apparatus further includes a processing module, and the processing module is configured to generate the third cause value, or the transceiver module is further configured to receive the third cause value.
  • the apparatus further includes: the processing module is further configured to determine, according to the fifth response message, that the second device does not belong to a legitimate user of the network.
  • a thirteenth aspect provides a communication device, comprising: a processor and a memory; the memory for storing a computer program; the processor for executing the computer program stored in the memory, so that the communication device executes the first
  • a communication device comprising: a processor and a memory; the memory for storing a computer program; the processor for executing the computer program stored in the memory, so that the communication device executes the first
  • a fourteenth aspect provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program runs on a computer, the computer is made to execute any one of the first to sixth aspects. Methods and embodiments described in one aspect.
  • a fifteenth aspect provides a chip system, comprising: a processor for calling and running a computer program from a memory, so that a communication device installed with the chip system performs any one of the first to sixth aspects. methods and examples described.
  • FIG. 1 shows a network architecture suitable for this embodiment of the present application.
  • FIG. 2 shows another network architecture suitable for this embodiment of the present application.
  • FIG. 3 shows a schematic interaction diagram of a registration and main authentication process.
  • FIG. 4 shows a schematic interaction diagram of another registration and main authentication process.
  • FIG. 5 shows a schematic interaction diagram of yet another registration and main authentication process.
  • FIG. 6 shows a schematic interaction diagram of an example of the method for protecting the privacy of an identity identifier of the present application.
  • FIG. 7 shows a schematic interaction diagram of still another example of the method for protecting the privacy of an identity identifier of the present application.
  • FIG. 8 shows a schematic interaction diagram of still another example of the method for protecting the privacy of an identity identifier of the present application.
  • FIG. 9 shows a schematic interaction diagram of still another example of the method for protecting the privacy of an identity identifier of the present application.
  • FIG. 10 shows a schematic interaction diagram of still another example of the method for protecting the privacy of an identity identifier of the present application.
  • FIG. 11 shows a schematic interaction diagram of still another example of the method for protecting the privacy of an identity identifier of the present application.
  • FIG. 12 shows a schematic block diagram of an example of a communication device for protecting the privacy of an identity identifier of the present application.
  • FIG. 13 shows a schematic block diagram of yet another example of the communication apparatus for protecting the privacy of an identity identifier of the present application.
  • GSM global system for mobile communications
  • CDMA code division multiple access
  • CDMA wideband code division multiple access
  • WCDMA wideband code division multiple access
  • general packet radio service general packet radio service, GPRS
  • long term evolution long term evolution
  • LTE long term evolution
  • LTE frequency division duplex frequency division duplex
  • TDD time division duplex
  • UMTS universal mobile telecommunication system
  • WiMAX worldwide interoperability for microwave access
  • 5G 5th generation
  • NR new radio
  • V2V Vehicle-to-vehicle
  • V2I vehicle-to-infrastructure
  • V2P Vehicle to pedestrian
  • V2N vehicle to network communication
  • FIG. 1 provides a network architecture, and each network element that may be involved in the network architecture will be described below with reference to FIG. 1 .
  • User equipment can be called terminal equipment, terminal, access terminal, subscriber unit, subscriber station, mobile station, mobile station, remote station, remote terminal, mobile equipment, user terminal, wireless communication equipment, User Agent or User Device.
  • the UE may also be a cellular phone, a cordless phone, a session initiation protocol (SIP) phone, a wireless local loop (WLL) station, a personal digital assistant (PDA), a wireless communication capability handheld devices, computing devices or other processing devices connected to wireless modems, in-vehicle devices, wearable devices, terminal devices in 5G networks or future evolution of public land mobile networks (PLMN) or non-terrestrial
  • the terminal equipment of the network Non-Terrestrial Networks, NTN
  • Internet-connected devices such as sensors, electricity meters, water meters and other Internet of things (IoT) devices. It can also be a drone with communication capabilities (Unmanned Aerial Vehicle or Uncrewed Aerial Vehicle, UAV). This embodiment of the present application does not limit this.
  • Universal mobile telecommunications system (UMTS) terrestrial radio access network such as the third generation (3rd generation, 3G)/second generation (2nd generation, 2G) connection access the network.
  • GSM Global system for mobile communication
  • EDGE enhanced data rate for GSM evolution
  • GERAN Global system for mobile communication
  • 3G /2G access network 3G /2G access network.
  • Evolved universal terrestrial radio access network such as the fourth generation (4th generation, 4G) access network.
  • S-GW Serving gateway
  • Public data network gateway PDN gateway, P-GW
  • entity user plane data link anchor point between the 3rd Generation Partnership Project (3rd Generation Partnership Project, 3GPP) and non-3GPP networks , which can be responsible for managing data routing between 3GPP and non-3GPP.
  • Mobility Management Entity It is mainly responsible for functions such as mobility management, bearer management, user authentication and authentication, and selection of S-GW and P-GW.
  • IP IP multimedia subsystem
  • PSS packet switching service
  • PCRF Policy and charging rules function
  • HSS Home subscriber server
  • the HSS can include user profiles, perform user authentication and authorization, and provide information about Information about the user's physical location.
  • Serving general packet radio service (GPRS) support node can complete routing and forwarding of packet data packets, mobility management, session management, logical link management, authentication and encryption, CDR generation and output functions.
  • GPRS general packet radio service
  • the LTE-Uu interface is the reference point between the terminal and the E-UTRAN;
  • the S1-U interface is the reference point between the E-UTRAN and the S-GW entity;
  • the N5 interface is the S-GW entity and the P-GW entity.
  • Control plane interface S1-MME connects MME with E-UTRAN, similar to the control part of the wireless network layer in UMTS network, etc.;
  • S11 interface is the reference point between MME and S-GW entity;
  • S12 interface is UTRAN/GERAN
  • the S4 interface is the reference point between the SGSN and the S-GW entity;
  • the S6a interface is the reference point between the MME and the HSS;
  • the S3 interface is the reference point between the MME and the SGSN.
  • FIG. 2 provides another network architecture, and each network element that may be involved in the network architecture will be described below with reference to FIG. 2 .
  • UE It has been introduced above with reference to FIG. 1 , and it is not repeated here for brevity.
  • Access network It provides network access functions for authorized users in a specific area, and can use different quality transmission tunnels according to user levels and business needs.
  • the access network may be an access network using different access technologies.
  • 3GPP access technologies such as those employed in 3G, 4G or 5G systems
  • non-3GPP non-3rd Generation Partnership Project
  • 3GPP access technology refers to the access technology that conforms to 3GPP standard specifications.
  • the access network using 3GPP access technology is called Radio Access Network (RAN).
  • RAN Radio Access Network
  • gNB Next generation Node Base station
  • a non-3GPP access technology refers to an access technology that does not conform to 3GPP standard specifications, for example, an air interface technology represented by an access point (AP) in wifi.
  • AP access point
  • An access network that implements access network functions based on wireless communication technology can be called a radio access network (RAN).
  • the radio access network can manage radio resources, provide access services for terminals, and then complete the forwarding of control signals and user data between the terminal and the core network.
  • the radio access network can be, for example, a base station (NodeB), an evolved NodeB (evolved NodeB, eNB or eNodeB), a base station (gNB) in a 5G mobile communication system, a base station in a future mobile communication system, or an AP in a WiFi system, etc., It can also be a wireless controller in a cloud radio access network (CRAN) scenario, or the access network device can be a relay station, an access point, an in-vehicle device, a wearable device, and a network in the future 5G network equipment or network equipment in a future evolved PLMN network, etc.
  • CRAN cloud radio access network
  • the embodiments of the present application do not limit the specific technology and specific device form adopted by the wireless access network device.
  • Access and mobility management function (AMF) entity mainly used for mobility management and access management, etc., and can be used to implement mobility management entity (mobility management entity, MME) functions in addition to sessions Other functions other than management, such as lawful interception, or access authorization (or authentication) functions.
  • MME mobility management entity
  • Session management function (SMF) entity mainly used for session management, UE IP address allocation and management, selection of manageable user plane functions, policy control, or termination point of charging function interface and downlink data notification, etc. .
  • User Plane Function User Plane Function
  • UPF User Plane Function
  • DN data network
  • Data Network A network for providing data transmission.
  • DN A network for providing data transmission.
  • an operator's service network an Internet (Internet) network, a third-party service network, and the like.
  • AUSF Authentication server function
  • Network exposure function (NEF) entity used to securely open services and capabilities provided by the 3GPP network function to the outside.
  • Network storage function (network function (NF) repository function, NRF) entity: used to store the network function entity and the description information of the services it provides, as well as support service discovery, network element entity discovery, etc.
  • PCF Policy control function
  • Unified data management (UDM) entity used to handle user identification, access authentication, registration, or mobility management, etc.
  • Application function (AF) entity used to perform data routing affected by applications, access network open function network elements, or interact with the policy framework to perform policy control, etc.
  • AF application function
  • it may be a V2X application server, a V2X application enabling server, or a drone server (which may include a drone monitoring server, or a drone application service server).
  • the N1 interface is the reference point between the terminal and the AMF entity;
  • the N2 interface is the reference point between the AN and the AMF entity, used for non-access stratum (NAS) messages Sending, etc.
  • N3 interface is the reference point between (R)AN and UPF entity, used to transmit user plane data, etc.;
  • N4 interface is the reference point between SMF entity and UPF entity, used to transmit tunnels such as N3 connections Identification information, data buffer indication information, and downlink data notification messages and other information;
  • the N6 interface is the reference point between the UPF entity and the DN, and is used to transmit data on the user plane.
  • the present application also relates to an entity full-anchor function entity (Security Anchor Function, SEAF).
  • SEAF Security Anchor Function
  • FIG. 1 and FIG. 2 can be applied to the embodiments of the present application.
  • the network architecture applicable to the embodiments of the present application is not limited to this, and any network architecture that can implement the functions of the above network elements All are applicable to the embodiments of the present application.
  • the AMF entity, SMF entity, UPF entity, NEF entity, AUSF entity, NRF entity, PCF entity, UDM entity shown in FIG. 1 or FIG. 2 , and the SEAF entity also involved in this application can be understood as the core Network elements used to implement different functions in the network, for example, can be combined into network slices as needed. These core network elements may be independent devices, or may be integrated into the same device to implement different functions, which is not limited in this application. It should be noted that the above-mentioned "network element" may also be referred to as an entity, a device, an apparatus, or a module, etc., which is not particularly limited in this application.
  • UE ID verification is to ensure that the UE is a legitimate user, that is, the UE ID is valid.
  • primary authentication is to achieve mutual authentication between the UE and the network. The UE and the network side maintain the UE ID and its corresponding root key respectively.
  • authentication and key agreement (AKA) under the 5G system as the background technology for description, and the technical solution of this application is also applicable to the extensible authentication protocol-authentication and key agreement (extensible key agreement).
  • EAP-Transport Layer Security EAP-TLS
  • User permanent identifier (subscription permanent identifier, SUPI), user concealed identifier (subscription concealed identifier, SUCI), sequence number (sequence number, SQN), home network authentication vector (home environment authentication vector, HE AV), random number (random, RAND), authentication token (AUTN), response (response, RES), expected response (XRES), AUSF key (Kausf), authentication management field (AMF), access network authentication vector (serving environment authentication vector, SE AV), message authentication code (message authentication code, MAC), home network expected response (home expected response, HXRES), expected message authentication code (expected message authentication code, XMAC), mobile country code ( mobile country code (MCC), mobile network code (MNC), mobile subscriber identification number (MSIN), home network expected response (HXRES), message authentication code - resynchronization (message authentication code-resynchronization, MAC-S).
  • SUPI subscription permanent identifier
  • SUCI user concealed identifier
  • sequence number sequence number
  • FIG. 3 shows a schematic interaction diagram of the registration and main authentication processes when the UE is a legitimate user. As shown in Figure 3:
  • the UE sends an N1 message (N1 message) to the SEAF.
  • the UE sends a registration request message to the SEAF, and the message carries the UE ID.
  • the UE ID can be SUPI, SUCI or other identifiers.
  • SUPI is the permanent identity of the UE
  • SUCI is the hidden identity of the UE; it can be understood that the SUCI can be regarded as the encrypted identity of the SUPI.
  • the SEAF sends an authentication request message (Nausf auth request) to the AUSF, and the message carries the UE ID.
  • the AUSF sends an authentication request message (Nudm auth request) to the UDM, and the message carries the UE ID.
  • S304 when the UE ID received in the UDM is SUCI, it is necessary to parse the SUCI into SUPI first, and check whether the SUPI is valid in the database. For example, when the UDM can find the SUPI in the database, the SUPI is considered valid; when the SUPI cannot be found, the SUPI is considered invalid.
  • the UDM when the SUPI is valid, the UDM sends an authentication response message (Nudm auth response) to the AUSF, and the authentication response message includes the 5G HE AV.
  • the authentication response message may also include the SUPI.
  • the UDM searches for the root key and SQN corresponding to the UE, generates a random number RAND, and calculates and constructs the home network authentication vector HE AV, which includes RAND, AUTN and XRES*.
  • the UDM also needs to calculate the Kausf and send the authentication vector and Kausf to the AUSF.
  • RAND is 128bit
  • the format of AUTN is AK and SQN are 48 bits
  • AMF (authentication management field) is 16 bits
  • MAC length is 64 bits
  • XRES* is 128 bits.
  • the authentication response message may also carry SUPI; when the identity identifier carried in step S303 is SUPI, the authentication response message does not need to carry the information element SUPI .
  • two-way authentication is performed between the UE and the network side, and the network side first calculates an authentication vector for the UE to verify the network side. After the UE successfully verifies the network side, the UE calculates an authentication vector, which is used for the network to verify the UE.
  • the AUSF calculates the visited network authentication vector (SE AV) according to the home network authentication vector (HE AV), and sends an authentication response message (nausf auth response) to the SEAF, and the message carries the visited network authentication vector (SE AV).
  • the Visited Network Authentication Vector (SE AV) includes RAND, AUTN and HXRES*, where HXRES* is obtained after hashing XRES*.
  • the SEAF sends an authentication request message (auth repuest) to the UE, and the message carries RAND, AUTN and HXRES*.
  • the authentication failure also includes the following two situations:
  • the UE calculates the XMAC according to the root key and the parameters in the AUTN message.
  • the UE returns an authentication failure message to the network side.
  • the authentication failure message includes the reason value, which is the MAC failure. , the process ends.
  • the UE calculates the XMAC according to the root key and the parameters in the AUTN message.
  • the UE replies to the network with an authentication failure message, which includes the cause value.
  • the reason value is synchronization failure.
  • MAC-S, MAC-S f1*K(SQNMS
  • B means connecting A and B together, means that SQNMS represents the SQN on the UE side, Indicates A XOR B, f5*(A) means using f5* algorithm for A, f1*(A) means using f1* algorithm for A, f5*K means using f5* algorithm with K as the input key, f1* K means that K is the input key when using the f1* algorithm. It should be noted that both A and B here are character data.
  • the authentication failure message also carries the AUTS. If SEAF receives the authentication failure message, it sends AUTS to UDM via AUSF. When the UDM verifies that the AUTS is correct, the UDM re-initiates the authentication, that is, re-calculates the authentication vector and sends it to the AUSF; otherwise, the process ends.
  • the UE replies an authentication success message to the network side, and the message carries the authentication vector (RES*) calculated by the UE, and triggers subsequent steps.
  • RES* authentication vector
  • SEAF and AUSF verify whether the authentication vector sent by the UE is correct, that is, the network side authenticates the UE.
  • the SEAF when the network side (SEAF/AUSF) fails to authenticate the UE, the SEAF sends an authentication reject message (authentication reject) to the UE.
  • an authentication reject message authentication reject
  • the SEAF sends a registration accept message (registration accept) to the UE.
  • FIG. 4 shows a schematic interaction diagram of the registration and main authentication processes when the UE is an illegal user. As shown in Figure 4:
  • S401 to S404 are the same as S301 to S304 in FIG. 3 , and details are not repeated here.
  • the UDM when the SUPI is invalid, the UDM returns an error response message (error response) to the AUSF, which can be carried in the error response message, for example, the reason value is udm-error-unknown-subscription.
  • AUSF receives an error response message (error response), and sends an error response message (error response) to SEAF, where the error response message carries a cause value, for example, the cause value may be udm-error-unknown-subscription.
  • the SEAF sends a registration failure message (registration reject) to the UE, and the registration failure message may carry a cause value, for example, the cause value is 3, indicating that the UE is an illegal UE.
  • FIG. 5 shows a schematic interaction diagram of the network side sending a registration rejection message to the UE when the UE is a legitimate user. As shown in Figure 5:
  • S501 to S504 are the same as S301 to S304 in FIG. 3 , and details are not repeated here.
  • S505 the network refuses to serve the current UE, and the specific implementation may be in multiple ways, such as S505a or S505b or S505c below.
  • the UDM returns a failure response message to the AUSF, and the failure response message carries a cause value, for example, the cause value can be udm-error-unknown-subscription;
  • S505b caused by the UE contracting reason: for example, the UE is in arrears or enters the blacklist of the network.
  • the UDM may still return a failure response message to the AUSF, and the failure response message carries the cause value.
  • the cause value can be PLMN not allowed or 5GS services not allowed;
  • the UDM may still return a failure response message to the AUSF, and the failure response message carries the cause value, for example, Congestion or Serving network not authorized.
  • the UDM After the UDM receives the UE ID, it needs to judge whether the UE identity is valid, whether the network is available, and whether the UE has signed a contract. When the judgment results of the above conditions are all "Yes", the UDM will return to the UE. Authentication request message, otherwise, the UDM will return a registration rejection message to the UE, and the registration rejection message carries a reason value, which indicates that the reason for the UE registration failure corresponds to the condition that the UE does not meet. Specifically, for the situation that the network refuses to serve the UE, see three possible scenarios in step S505.
  • the AUSF receives the error message, and sends a failure response message to the SEAF, the message carries a cause value, and the cause value is consistent with the cause value carried in the failure response message in step S505.
  • the SEAF sends a registration failure message to the UE, the message carries a cause value, and the cause value is consistent with the cause value carried in the failure response message in step S505.
  • the attacker constructs the UE ID.
  • the configuration of SUPI is MCC+MNC+MSIN.
  • MCC and MNC are public information, which can be obtained by attackers.
  • the attacker constructs possible MSINs the combination becomes SUPI.
  • the composition of SUCI is SUPI type+MCC+MNC+routing indicator+protection scheme ID+home network public key id+scheme output.
  • scheme output other information elements can be considered as public information, which can be obtained by attackers.
  • the scheme output is calculated using the chosen encryption algorithm. Subsequently, the attacker sends a registration request message to SEAF, which carries the UE ID.
  • the attacker obtains the return message of SEAF from the air interface.
  • the returned message is an authentication request message and carries AUTN and RAND
  • the representative constructed SUPI is valid.
  • the returned message is a registration failure message and the cause value is illegal UE, the SUPI constructed on behalf of the user is invalid.
  • an attacker can traverse and construct possible SUPIs and try them in sequence.
  • the attacker obtains the SUPI data set of all users of the target operator, and accordingly obtains the number of users of the target operator.
  • the attacker attacks the UE in combination with other attack methods (such as a tracking (likability) attack, continuously tracking the location of the UE corresponding to the SUPI, etc.), resulting in leakage of user privacy.
  • other attack methods such as a tracking (likability) attack, continuously tracking the location of the UE corresponding to the SUPI, etc.
  • FIG. 6 is a schematic interaction diagram of the method 600 of the present application.
  • the second device sends a first request message to the first device, where the first request message is used for the second device to register in the network.
  • the first request message includes a first identifier.
  • the first device may belong to the first network, for example, a roaming network
  • the third device and the fourth device belong to a second network, such as a home network
  • the first device, the third device and the fourth device all belong to the second network, for example, the home network.
  • the SEAF belongs to the network, that is, the roaming network
  • the AUSF and UDM belong to the second network, that is, the home network
  • the SEAF, AUSF, and UDM all belong to the second network, the home network.
  • This application does not limit the situation that the first device, the third device and the fourth device belong to the network.
  • the SEAF is used as the first device for description in this application, and the first device may also be other devices or network elements with the same or similar functions, which is not limited in this application.
  • the first identification is an identification corresponding to the second device, which may be the identification of the second device, including the SUPI and UE ID mentioned in this application, and also include Other identifiers with the same or similar function.
  • the network side stores relevant information about the first identifier. Therefore, the first identification is valid.
  • the second device is an attack device deployed by an attacker, the part of the first identifier that is not public information is fabricated by the attacker.
  • the network side does not store relevant information about the first identifier. Therefore, the first identification may be invalid.
  • the first device sends a third request message to the third device, where the third request message also includes the first identifier.
  • the AUSF is used as the third device for description in the embodiments of this application, and the third device may also be other devices or network elements with the same or similar functions, which is not limited in this application.
  • the third request message may be used to request the network to initiate an authentication process or to request the second device to register with the network.
  • the third device sends a second request message to the fourth device, where the second request message also includes the first identifier.
  • the UDM is used as the fourth device for description in the embodiments of this application, and the fourth device may also be other devices or network elements with the same or similar functions, which is not limited in this application.
  • the second request message may be used to request the network to initiate an authentication process or to request the second device to register with the network.
  • S604 may be in various manners, for example, S604a or S604b or S604c below.
  • the fourth device generates a second authentication parameter.
  • the fourth device when the fourth device determines that it is necessary to request the second device to authenticate the network, the fourth device generates the second authentication parameter according to the second parameter, and the second parameter includes the root key corresponding to the first identifier; When the fourth device determines that the registration of the second device in the network fails, the fourth device randomly generates the second authentication parameter.
  • the method for the fourth device to determine that it is necessary to request the second device to authenticate the network may be that the fourth device verifies that the user identifier is valid.
  • the fourth device can find the SUPI in the database, it considers that the SUPI is valid, that is, the user ID is valid;
  • the method for the fourth device to determine that the registration of the second device in the network fails may be that the fourth device verifies that the user identifier is invalid.
  • the fourth device cannot find the SUPI in the database, it considers that the SUPI is invalid, that is, the user ID is invalid.
  • the third device generates a third authentication parameter.
  • the third authentication parameter is generated based on the second parameter carried in the second message; the second message is used to indicate the second
  • the third authentication parameter is randomly generated by the third device.
  • the fourth device determines according to the first identifier that the second device does not belong to a legitimate user of the network
  • the second message indicates that the second device fails to register in the network
  • the optional carrying reason value is Invalid user ID.
  • the third device determines, according to the second message, that the registration of the second device in the network fails, and the reason for the failure is an illegal user identifier, and randomly generates a third authentication parameter.
  • the first device generates a first authentication parameter.
  • the first authentication parameter is generated based on the first parameter carried in the first message; the first message is used to indicate the second device In the event that the device fails to register in the network, the first authentication parameter is randomly generated by the first device.
  • the third device determines that the second device does not belong to a legitimate user of the network
  • the first message indicates that the second device fails to register in the network
  • the optional cause value is an illegal user identifier.
  • the first device determines, according to the first message, that the registration of the second device in the network fails, and the reason for the failure is an illegal user identifier, and randomly generates a third authentication parameter.
  • the fourth device sends the second message to the third device
  • the second message includes the second authentication parameter; when S604a is not executed, the second message is used to indicate that the second device fails to register in the network, the second message including the failure reason value, etc.;
  • the third device sends the first message to the first device
  • the first message includes the third authentication parameter; when S604a is not executed, the first message is used to indicate that the second device fails to register in the network. Including the failure reason value, etc.;
  • the first device sends an authentication request message to the second device, where the authentication request message includes the first authentication parameter.
  • the first message includes the third authentication parameter.
  • the authentication request message may further include a first random number, and the first random number may be generated based on the root key and sequence value corresponding to the first identifier, or may also be in other manners, which are not limited in this application.
  • step S604 when the second device does not belong to a legitimate user of the network, the first authentication parameter is fictitious.
  • the message type and message format when the first device sends the authentication request message to the second device are the same as when the second device belongs to a legal user of the network.
  • the message type and the message format are consistent, so when the second device is an attacker, the second device cannot judge whether the UE ID is valid from the received message format and message type.
  • the network side randomly constructs an authentication request message, so that the message type and message format of the air interface message returned to the second device are the same as the message when the second device is a legal user.
  • the type and message format are consistent, so that the attacker cannot guess the first identifier from the message type and message format, and it also avoids the attacker from guessing the first identifier through the subsequent process; it increases the attack difficulty of the attacker, making it difficult for the attacker to obtain effective the first identification.
  • the message indicates that the second device fails to register in the network or the message indicates that the network refuses to serve the second device to express the same effect, which is not limited in this application.
  • FIG. 8 is a schematic interaction diagram of the method 700 of the present application.
  • the second device sends a fourth request message to the first device, where the fourth request message is used to request the network to authenticate the second device, and the fourth request message includes the first identifier.
  • the second device in this application may be a normal user equipment or a terminal device, and for the network, the second device may or may not be a legal user.
  • the second device can also be an attacker.
  • the first identifier is an identifier corresponding to the second device, which may be the identifier of the second device, including the SUPI and UE ID mentioned in this application, and also other devices with the same or similar The identification of the function. It should be noted that when the second device is an attacker, the part of the first identifier that is not public information is fabricated by the attacker.
  • the first device sends a sixth request message to the third device, where the sixth request message includes the first identifier.
  • the AUSF is used as the third device for description in the embodiments of this application, and the third device may also be other devices or network elements with the same or similar functions, which is not limited in this application.
  • the sixth request message may be used to request the network to initiate an authentication process or to request the second device to register with the network.
  • the third device sends a fifth request message to the fourth device, where the fifth request message includes the first identifier.
  • the UDM is used as the fourth device for description in the embodiments of this application, and the fourth device may also be other devices or network elements with the same or similar functions, which is not limited in this application.
  • the fifth request message may be used to request the network to initiate an authentication process or to request the second device to register with the network.
  • the reason why the fourth device determines that it refuses to serve the second device may be that the fourth device verifies that the user identity is invalid.
  • the fourth device cannot find the SUPI in the database, it considers that the SUPI is invalid, that is, the user ID is invalid.
  • the reason why the fourth device determines that it refuses to serve the second device may also be that the 5G network is unavailable.
  • the fourth device cannot find in the subscription data that the second device is not subscribed to the 5G network.
  • the decision by the fourth device to refuse to serve the second device may also be due to other reasons, which will not be repeated here.
  • the fourth device selects a second cause value, and the second cause value has nothing to do with whether the second device belongs to a legitimate user of the network.
  • the fourth device determines that the reason for refusing to serve the second device is that the fourth device verifies that the user identifier is invalid, and selects the second reason value.
  • the fourth device when the fourth device cannot find the SUPI in the database, it considers that the SUPI is invalid, that is, the user ID is invalid, and selects the second reason value, which can be, for example, PLMN not allowed, or 5GS services not allowed, or Congestion;
  • the third device selects a third cause value, and the third cause value has nothing to do with whether the second device belongs to a legitimate user of the network.
  • the third device selects the third reason value.
  • the fourth device determines that the second device does not belong to a legitimate user of the network according to the first identifier
  • the second message indicates that the network refuses to serve the second device
  • the optional carrying reason value is an illegal user identifier.
  • the third device determines that the network refuses to serve the second device according to the second message, and the failure reason is an illegal user ID, and selects the third reason value.
  • the third reason can be PLMN not allowed, or 5GS services not allowed, or Congestion.
  • the first device selects a first cause value, and the first cause value has nothing to do with whether the second device belongs to a legitimate user of the network.
  • the first device selects the first reason value.
  • the third device determines that the second device does not belong to a legitimate user of the network
  • the first message indicates that the network refuses to serve the second device
  • the optional carrying reason value is an illegal user identifier.
  • the first device judges that the network refuses to serve the second device according to the first message, and the failure reason is an illegal user identity, and selects the first reason value.
  • the first reason can be PLMN not allowed, or 5GS services not allowed, or Congestion, or Serving network not authorized.
  • the fourth device sends a fifth response message to the third device.
  • the second cause value included in the fifth response message may be the same as the second cause value, or may be the same as the second cause value.
  • the reason value is different.
  • the third device sends a sixth response message to the first device.
  • the sixth response message includes the third cause value; when S704a is not executed, the cause value included in the sixth response message may be the same as the third cause value, or may be the same as the third cause value.
  • the reason value is different.
  • the first device sends a fourth response message to the second device, where the fourth response message is used to indicate that the network refuses to serve the second device, and the fourth response message includes the first reason value.
  • the first cause value included in the fourth response message is selected by the first device.
  • Steps S505a, S505b, and S505c in FIG. 5 list three main possible reasons.
  • the reason value carried in the fourth response message sent by the first device to the second device directly indicates the reason why the network refuses to serve the second device, such as PLMN not allowed, or 5GS services not allowed, or Congestion, or Serving network not authorized.
  • the cause value carried in the fourth response message sent by the first device to the second device does not directly indicate the cause value related to the cause of the UE identifier in step S505a , but the cause value selected in step S704 that has nothing to do with the cause of the UE identification, so that when the second device is an attacker, it cannot determine whether the first identification is valid or invalid according to the cause value carried in the message in step S707 of.
  • the network side selects a reason value that is irrelevant to whether the second device is a legal user, so that the attacker cannot obtain the message type and message of the air interface message. Judging whether the first identifier is valid in the format prevents the attacker from guessing the first identifier from the air interface message, and also avoids the attacker from guessing the first identifier through the subsequent process; it increases the attack difficulty of the attacker, making it difficult for the attacker to obtain an effective identifier. first logo.
  • the message indicates that the second device fails to register in the network or the message indicates that the network refuses to serve the second device to express the same effect, which is not limited in this application.
  • FIG. 8 is a schematic interaction diagram of the method 800 of the present application.
  • S801 to S806 are the same as S401 to S406 in FIG. 4 , and details are not repeated here.
  • the error response messages (error response) of S805 and S806 may carry authentication method indication information.
  • the authentication algorithm used by the indicator 1 is 5G-AKA
  • the authentication algorithm used by the indicator 2 is EAP-AKA', etc.
  • the SEAF constructs authentication parameters, and generates a false response message.
  • SEAF receives an error response message, and the cause value carried in the message indicates that the UE ID is invalid.
  • the cause value can be udm-error-unknown-subscription.
  • SEAF does not send a registration rejection message to the UE, but sends an authentication request message. .
  • the authentication request message is consistent with the authentication request message in S307, and the carried parameters such as authentication parameters are constructed by SEAF.
  • SEAF randomly generates 128-bit RAND, randomly generates 128-bit fake AUTN, and randomly generates 128-bit fake HXRES*.
  • the AUTN format is AK and SQN are 48 bits, Authentication Management Field is 16 bits, MAC is the message verification code, and the length is 64 bits.
  • SEAF After SEAF receives the error response message, SEAF marks the UE ID as invalid and stores it in the context. After the UE releases the connection, the context is deleted. As an example, when the SEAF marks the UE ID authentication failure with the context, it stores the cause value indicating that the UE ID is invalid into the context, or stores the instruction information indicating that the UE ID is invalid into the context, or, other methods can also be used. Marked in context, this application does not limit this.
  • the SEAF is constructed correspondingly according to the message format of the authentication method.
  • the authentication request message sent by SEAF to UE carries EAP-Request/AKA'-Challenge message (including RAND and AUTN), ngKSI, ABBA, SEAF constructs the above parameters.
  • the SEAF may select the format of the constructed message according to the authentication method indication information. For example, when receiving indication 1, construct an authentication request message carrying AUTN and RAND. When receiving indication 2, construct an authentication request message carrying EAP-Request/AKA'-Challenge message (including RAND and AUTN), ngKSI, and ABBA.
  • the SEAF sends an authentication request message to the UE, and the message carries the RAND, the fake AUTN, and the fake HXRES* constructed in S807.
  • the UE When the UE is an attacker, it is impossible to verify whether the AUTN is authentic, and the UE can construct and send various possible messages, such as S810a or S810b or S810c. The attacker can guess whether the UE ID is valid through the network's response to different messages.
  • the attacker does not have the root key corresponding to the UE ID, and cannot verify whether the AUTN is the real AUTN sent when the UE ID is valid or the fake AUTN constructed by SEAF itself. Therefore, the attacker cannot judge whether the UE ID is valid from the content of the message.
  • the UE sends an authentication failure message to the SEAF, carrying the cause value as MAC failure.
  • the UE sends an authentication failure message to the SEAF, which carries the cause value of the synchronization failure and the AUTS.
  • the SEAF which carries the cause value of the synchronization failure and the AUTS.
  • the UE constructs AUTS randomly. Therefore AUTS is invalid.
  • the UE sends an authentication response message to the SEAF, which carries the authentication vector (RES) calculated by the UE.
  • RES authentication vector
  • SEAF receives the message of S810a or S810b or S810c, and performs the following operations according to the content of the message:
  • SEAF can check the context corresponding to the UE ID.
  • the context marks the authentication failure of the UE ID (for example, the UE ID is invalid, etc.)
  • the received authentication failure message is discarded, the message carrying the AUTS is not sent to the AUSF, but an authentication rejection message is directly replied to the UE, that is, S812.
  • the AUTS is constructed by the attacker. Because the attacker cannot know the root key for calculating the AUTS, the AUTS cannot pass the UDM check, and the above operations avoid signaling overhead.
  • SEAF has two modes of operation:
  • SEAF can check the context corresponding to the UE ID.
  • the SEAF discards the received authentication response message, does not send a message carrying the RES to the AUSF, but directly replies an authentication rejection message to the UE, that is, S812.
  • the RES is constructed by the attacker. Because the attacker cannot know the root key for calculating the AUTS, the RES cannot pass the SEAF check, and the above operations avoid computational consumption.
  • SEAF calculates HRES* according to the existing method, and compares HRES* and HXRES*. When the two are not equal, the SEAF sends an authentication rejection message to the UE, that is, S812.
  • the message returned to the UE does not use the registration rejection message carrying the special cause value, but uses the UE is a legal user of the network, that is, the UE ID is valid.
  • the message type of the authentication request message used is the same as the message format, which prevents the attacker from guessing the SUPI from the air interface message, and also avoids the attacker from guessing the SUPI through the subsequent process; it increases the attack difficulty of the attacker, making it difficult for the attacker to obtain A valid SUPI.
  • FIG. 9 is a schematic interaction diagram of the method 900 of the present application.
  • S901 to S904 are the same as S401 to S404 in FIG. 4 , and details are not repeated here.
  • the UDM parses and obtains the SUPI corresponding to the UE, it determines whether the SUPI is valid.
  • the determination method may be by querying the user ID database.
  • SUPI When the SUPI can be found, it means that the SUPI is valid, that is, the UE is a legitimate user of the network.
  • SUPI is invalid, that is, the UE is not a legitimate user of the network.
  • the UDM does not return an error message to the AUSF, but constructs authentication parameters and sends an authentication request message.
  • the authentication request message is consistent with the authentication request message in S305.
  • Exemplary including randomly generating 128-bit RAND, randomly generating 128-bit fake AUTN, generating 128-bit XRES*, and randomly generating 256-bit fake Kausf, where the AUTN format is AK and SQN are 48 bits, Authentication Management Field is 16 bits, MAC is the message verification code, and the length is 64 bits.
  • the UDM marks the UE ID as invalid and stores it in the context. After the UE releases the connection, the context is deleted.
  • the SEAF marks the UE ID authentication failure with the context, it stores the cause value indicating that the UE ID is invalid into the context, or stores the instruction information indicating that the UE ID is invalid into the context, or, other methods can also be used. Marked in context, this application does not limit this.
  • the UDM performs corresponding construction according to the message format of the authentication method.
  • the authentication request message sent by the UDM to the AUSF carries the authentication vector AV' (RAND, AUTN, XRES, CK', IK'), and the UDM constructs the above parameters with reference to the specific format.
  • the UDM sends an authentication response message to the AUSF, and the message carries the authentication vector and Kausf.
  • AUSF sends an authentication response message to SEAF, and the message carries RAND, false AUTN and false HXRES*.
  • AUSF calculates the Visited Network Authentication Vector (SE AV) according to the Home Network Authentication Vector (HE AV), and sends an authentication response message to SEAF, which carries the Visited Network Authentication Vector (SE AV); the Visited Network Authentication Vector (SE AV) includes RAND , false AUTN and false HXRES*.
  • the SEAF sends an authentication request message to the UE, and the message carries the RAND, the false AUTN and the false HXRES*.
  • the UE When the UE is an attacker, it is impossible to verify whether the AUTN is authentic, and the UE can construct and send various possible messages, such as S910a or S910b or S910c. The attacker can guess whether the UE ID is valid through the network's response to different messages.
  • the attacker does not have the root key corresponding to the UE ID, and cannot verify whether the AUTN is the real AUTN sent when the UE ID is valid or the fake AUTN constructed by SEAF itself. Therefore, the attacker cannot judge whether the UE ID is valid from the content of the message.
  • the UE sends an authentication failure message to the SEAF, carrying the cause value as MAC failure.
  • the UE sends an authentication failure message to the SEAF, which carries the cause value of the synchronization failure and the AUTS.
  • SEAF will send this message to UDM via AUSF for checksum processing.
  • the UE constructs AUTS randomly. Therefore AUTS is invalid.
  • the UE sends an authentication response message to the SEAF, which carries the authentication vector (RES) calculated by the UE.
  • RES authentication vector
  • SEAF receives the message in step 10, and performs the following operations according to the content of the message:
  • UDM has two operation modes:
  • the UDM follows the existing mechanism and sends an authentication failure message to the UE after checking the AUTS, that is, S912b.
  • the authentication failure message is sent by the UDM to the UE via the AUSF and SEAF, which is the same as the existing mechanism.
  • the UDM can check the context corresponding to the UE ID.
  • the context marks the UE ID authentication failure, for example, the UE ID is invalid, etc.
  • the UDM discards the received authentication failure message, does not verify the AUTS, but returns an authentication rejection message to the UE through the AUSF and AMF.
  • the AUTS is constructed by the attacker. Because the attacker cannot know the root key for calculating the AUTS, the AUTS cannot pass the UDM check, and the above operations avoid computational overhead.
  • SEAF calculates HRES* in the existing way, and compares HRES* and HXRES*. When the two are not equal, the SEAF sends an authentication rejection message to the UE, that is, S911c.
  • the SEAF reply message is the same when the UE ID is valid or invalid. Therefore, the attacker cannot judge whether the UE ID is valid from the message in S911. However, through the operation on the UDM in S911, when the UE ID is invalid, the AUTS can not be checked, thereby saving computational overhead.
  • the message returned to the UE does not use the registration rejection message carrying the special cause value, but uses the UE is a legal user of the network, that is, the UE ID is valid.
  • the message type of the authentication request message used is the same as the message format, which prevents the attacker from guessing the SUPI from the air interface message, and also avoids the attacker from guessing the SUPI through the subsequent process; it increases the attack difficulty of the attacker, making it difficult for the attacker to obtain A valid SUPI.
  • the embodiments of the present application can also prevent network elements other than the UDM from being captured and attacking as an attacker.
  • FIG. 10 is a schematic interaction diagram of the method 1000 of the present application.
  • S1001 to S1005 are the same as S401 to S405 in FIG. 4 , and details are not repeated here.
  • the error response message may carry indication information for indicating the authentication method.
  • the authentication algorithm used by the indicator 1 is 5G-AKA
  • the authentication algorithm used by the indicator 2 is EAP-AKA', etc.
  • the AUSF constructs authentication parameters.
  • the AUSF receives the error response message sent by the UDM, and the error response message carries the cause value, which is udm-error-unknown-subscription.
  • the AUSF sends an Authentication Request message.
  • the authentication request message is consistent with the authentication request message in S306, and the parameters carried therein, such as authentication parameters, are constructed by AUSF.
  • construct a fake 5G SE AV which includes randomly generating 128-bit RAND, randomly generating 128-bit fake AUTN, and randomly generating 128-bit fake HXRES*.
  • the AUSF is constructed correspondingly according to the message format of the authentication method.
  • the authentication request message sent by AUSF to SEAF carries the EAP-Request/AKA'-Challenge message (including RAND and AUTN), and AUSF constructs the above parameters with reference to the specific format.
  • the SEAF may choose to construct the message format according to the authentication method indication information. For example, when receiving indication 1, construct an authentication request message carrying 5G SE AV. When receiving indication 2, construct an authentication request message carrying EAP-Request/AKA'-Challenge message (including RAND and AUTN).
  • the AUSF sends an authentication response message to the SEAF, and the message carries the 5G SE AV.
  • the message may carry indication information to indicate that the current UE ID is invalid.
  • the message returned to the UE does not use the registration rejection message carrying the special cause value, but uses the UE is a legal user of the network, that is, the UE ID is valid.
  • the message type of the authentication request message used is the same as the message format, which prevents the attacker from guessing the SUPI from the air interface message, and also avoids the attacker from guessing the SUPI through the subsequent process; it increases the attack difficulty of the attacker, making it difficult for the attacker to obtain A valid SUPI.
  • FIG. 11 is a schematic interaction diagram of the method 1100 of the present application.
  • S1101 to S1106 are the same as S401 to S406 in FIG. 4 , and details are not repeated here.
  • SEAF selects a cause value, or constructs a cause value.
  • the reason value is not related to invalid UE ID.
  • SEAF receives the message sent by AUSF. When the message indicates that the UE ID is invalid, it selects the failure cause value carried in the registration rejection message.
  • the cause value can be PLMN not allowed, Congestion, etc.
  • the cause value here may be any one or more cause values that meet the conditions of S505b and S505c in FIG. 5 , instead of using a cause value indicating an illegal UE. It should be understood that when the UE ID is valid, the SEAF may also send the cause values involved in S505b and S505c to the UE, so this solution makes it impossible for an attacker to distinguish whether the UE ID is valid.
  • the SEAF sends a registration rejection message, where the registration rejection message carries the reason value selected in S1107.
  • the cause value returned to the UE indicating the cause of the registration failure does not use the cause value related to whether the UE ID is valid, so that the attacker cannot use the registration
  • Judging whether the UE ID is valid based on the message type and message format of the rejection message prevents attackers from guessing SUPI from air interface messages, and also avoids attackers guessing SUPI through subsequent processes; it increases the attack difficulty for attackers, making it difficult for attackers to obtain A valid SUPI.
  • FIG. 12 is a schematic block diagram of a communication apparatus for protecting the privacy of an identity identifier provided by an embodiment of the present application.
  • the communication device 10 may include a transceiver module 11 and a processing module 12 .
  • the transceiver module 11 may be used to receive information sent by other devices, and may also be used to send information to other devices. For example, the first request message is received or the third request message is sent.
  • the processing module 12 may be used to perform content processing of the device, for example, to generate the first parameter.
  • the communication apparatus 10 may correspond to the first device or SEAF in the above method embodiment.
  • the communication apparatus 10 may correspond to the first device or SEAF in any one of the methods 600 to 1100 according to the embodiments of the present application, and the communication apparatus 10 may include a method for executing the corresponding method by the first device or the SEAF.
  • the modules of the operations performed by the SEAF, and each unit in the communication apparatus 10 is respectively in order to realize the operations performed by the first device or the SEAF in the corresponding method.
  • the transceiver module 11 is configured to execute steps S601, S602, S606, and S607
  • the processing module 12 is configured to execute step S604c.
  • the transceiver module 11 is configured to execute steps S701, S702, S706, and S707
  • the processing module 12 is configured to execute step S704c.
  • the transceiver module 11 is configured to execute steps S801, S802, S806, S808, S810a or S810b or S810c, S812, and the processing module 12 is configured to execute steps S807, S811.
  • the transceiver module 11 is configured to perform steps S901, S902, S907, S908, S910a or S910b or S910c, S912b.
  • the transceiver module 11 is configured to execute steps S1001, S1002, S1007, S1008, S1010a or S1010b or S1010c, S1012, and the processing module 12 is configured to execute steps S1011.
  • the transceiver module 11 is configured to execute steps S1101, S1102, S1106, and S1108, and the processing module 12 is configured to execute step S1107.
  • the transceiver module 11 is configured to receive a first request message from the second device, where the first request message is used for the second device to request to register in the network, and the first request message The message includes a first identifier; the transceiver module 11 is further configured to receive a first message from a third device, where the first message is used to request the second device to authenticate the network or to indicate that the second device is in the network The registration fails; the transceiver module is further configured to send an authentication request message to the second device according to the first message, where the authentication request message includes a first authentication parameter, and the first authentication parameter is used by the second device to authenticate the network.
  • the first authentication parameter is generated based on the first parameter carried in the first message; the first message is used to indicate the second device In the event that the device fails to register in the network, the first authentication parameter is randomly generated by the first device.
  • the apparatus further includes a processing module 12, and the processing module 12 is configured to: in the case that the first message is used to request the second device to authenticate the network, determine the legality of the second device belonging to the network according to the first message User; when the first message is used to indicate that the second device fails to register in the network, determine according to the first message that the second device does not belong to a legitimate user of the network.
  • the apparatus further includes: when the first message is used to request the second device to authenticate the network, the first authentication parameter is generated based on the root key corresponding to the first identifier.
  • the apparatus also includes: the first authentication parameter includes an authentication token and a home network expected response.
  • the apparatus further includes: the first parameter includes the first authentication parameter.
  • the transceiver module 11 is configured to receive a fourth request message from the second device, where the fourth request message is used to request the network to authenticate the second device, and the fourth request message includes the first request message. identification; the transceiver module 11 is also used to receive a sixth response message from the third device, and the sixth response message is used to indicate that the network refuses to serve the second device; the transceiver module 11 is also used to Six response messages send a fourth response message to the second device, the fourth response message is used to indicate that the network refuses to serve the second device, the fourth response message includes a first cause value, the first cause value and the It is irrelevant whether the second device belongs to a legitimate user of the network.
  • the apparatus further includes a processing module 12, and the processing module 12 is configured to determine, according to the sixth response message, that the second device does not belong to a legitimate user of the network.
  • the processing module 12 is further configured to generate the first cause value, or the transceiver module 11 is further configured to receive the first cause value.
  • the communication apparatus 10 may correspond to the fourth device or UDM in the above method embodiment.
  • the communication apparatus 10 may correspond to the fourth device or UDM in any one of the methods 600 to 1100 according to the embodiments of the present application, and the communication apparatus 10 may include a fourth device or UDM for executing the corresponding method.
  • the modules of the operations performed by the UDM, and each unit in the communication apparatus 10 is respectively in order to realize the operations performed by the fourth device or the UDM in the corresponding method.
  • the transceiver module 11 is configured to execute steps S603 and S605
  • the processing module 12 is configured to execute step S604a.
  • the transceiver module 11 is configured to execute steps S703 and S705
  • the processing module 12 is configured to execute step S704a.
  • the transceiver module 11 is configured to execute steps S803 and S805, and the processing module 12 is configured to execute step S804.
  • the transceiver module 11 is configured to execute steps S903 and S906, and the processing module 12 is configured to execute steps S904, S905, and S911.
  • the transceiver module 11 is configured to execute steps S1003 and S1005, and the processing module 12 is configured to execute step S1004.
  • the transceiver module 11 is configured to execute steps S1103 and S1105, and the processing module 12 is configured to execute step S1104.
  • the transceiver module 11 is configured to receive a second request message from a third device, where the second request message is used to request the second device to register in the network, and the second request message The message includes a first identifier; the transceiver module 11 is further configured to send a second message to the third device, where the second message is used to request the second device to authenticate the network or to indicate that the second device is in the network
  • the registration fails, and the second message includes a second authentication parameter, and the second authentication parameter includes a parameter for the second device to authenticate the network.
  • the apparatus further includes a processing module 12, and the processing module 12 is configured to: generate the second authentication parameter according to the second parameter when the fourth device determines according to the first identification that the second device belongs to a legitimate user of the network , the second parameter includes the root key corresponding to the first identifier; in the case that the fourth device determines that the second device does not belong to a legitimate user of the network according to the first identifier, the second authentication parameter is randomly generated.
  • the processing module 12 is further configured to, when the fourth device determines according to the first identifier that the second device does not belong to a legitimate user of the network, the second message is used to request the second device to authenticate the network.
  • the apparatus further includes: the second authentication parameter includes at least one of the following: an authentication token, an expected response, and an authentication service function key.
  • the transceiver module 11 is configured to receive a fifth request message from a third device, where the fifth request message is used to request the network to authenticate the second device, and the fifth request message includes the first identifier; the transceiver module 11 is further configured to send a fifth response message to the third device, where the fifth response message is used to indicate that the network refuses to serve the second device, and the fifth response message includes a second cause value, The second cause value is independent of whether the second device belongs to a legitimate user of the network.
  • the apparatus further includes a processing module 12, the processing module 12 generates the second cause value, or the transceiver module is further configured to receive the second cause value.
  • the communication apparatus 10 may correspond to the second network device or UDM in the above method embodiment.
  • the communication apparatus 10 may correspond to the third device or AUSF in any one of the methods 600 to 1100 according to the embodiments of the present application, and the communication apparatus 10 may include a third device or AUSF for performing the corresponding method in the Modules of operations performed by the AUSF, and each unit in the communication apparatus 10 is respectively in order to implement the operations performed by the third device or the AUSF in the corresponding method.
  • the transceiver module 11 is configured to execute steps S602, S603, S605, and S606, and the processing module 12 is configured to execute step S604b.
  • the transceiver module 11 is configured to execute steps S702, S703, S705, and S706, and the processing module 12 is configured to execute step S704b.
  • the transceiver module 11 is configured to perform steps S802, S803, S805, and S806.
  • the transceiver module 11 is configured to perform steps S902, S903, S906, and S907.
  • the transceiver module 11 is configured to execute steps S1002, S1003, S1005, and S1007, and the processing module 12 is configured to execute step S1006.
  • the transceiver module 11 is configured to perform steps S1002, S1003, S1005, and S1006.
  • the transceiver module 11 is configured to receive a third request message from the first device, where the third request message is used for the second device to request to register in the network, and the third request message The message includes the first identifier; the transceiver module 11 is further configured to receive a second message from the fourth device, where the second message is used to request the second device to authenticate the network or to indicate that the second device is in the network The registration fails; the transceiver module 11 is further configured to send a first message to the first device according to the second message, where the first message includes a third authentication parameter, and the third authentication parameter includes a parameter for the second device to authenticate the parameters of the network.
  • the third authentication parameter is generated based on the second parameter carried in the second message; in the second message is used to instruct the second device In the case of registration failure in the network, the third authentication parameter is randomly generated by the third device.
  • the apparatus further includes a processing module 12, which is configured to determine, according to the second message, that the second device belongs to a legitimate user of the network when the second message is used to request the second device to authenticate the network;
  • the second message is used to instruct the second device to determine that the second device does not belong to a legitimate user of the network according to the second message in the event that the second device fails to register in the network.
  • the apparatus further includes: when the third device determines that the second device belongs to a legitimate user of the network, the third authentication parameter is generated based on the root key corresponding to the first identifier.
  • the apparatus also includes: the third authentication parameter includes an authentication token and a home network expected response.
  • the apparatus further includes: the second parameter includes the third authentication parameter.
  • the transceiver module 11 is configured to receive a sixth request message from the first device, where the sixth request message is used to request the network to authenticate the second device, and the sixth request message includes the first identification; the transceiver module 11 is further configured to receive a fifth response message from the fourth device, and the fifth response message is used to indicate that the network refuses to serve the second device; the transceiver module 11 is also configured to send a message to the first device A device sends a sixth response message, the sixth response message is used to indicate that the network refuses to serve the second device, wherein, in the case that the second device belongs to a legitimate user of the network, the sixth response message includes the first A cause value, the sixth response message includes a third cause value, and the third cause value has nothing to do with whether the second device belongs to a legitimate user of the network.
  • the apparatus further includes a processing module 12, and the processing module 12 is configured to generate the third cause value, or the transceiver module is further configured to receive the third cause value.
  • the processing module 12 is further configured to determine, according to the fifth response message, that the second device does not belong to a legitimate user of the network.
  • FIG. 13 is a schematic diagram of an apparatus 20 for protecting the privacy of an identity identifier according to an embodiment of the present application.
  • the apparatus 20 may be a first device or a SEAF, including various devices with a security anchor function, or may be a chip or a system-on-a-chip located on the SEAF.
  • the apparatus 20 may be a fourth device or UDM, including various devices capable of processing user identification, access authentication, registration, or mobility management, or may be a chip or a UDM located on the UDM. Chip system, etc.
  • the apparatus 20 may be a third device or an AUSF, including various devices with authentication service functions, or may be a chip or a chip system located on the AUSF, or the like.
  • the apparatus 20 may include a processor 21 (ie, an example of a processing module) and a memory 22 .
  • the memory 22 is used for storing instructions
  • the processor 21 is used for executing the instructions stored in the memory 22, so that the apparatus 20 implements the execution of the devices in the various possible designs described above in the methods corresponding to FIG. 6 to FIG. 11 . step.
  • the device 20 may further include an input port 23 (ie, an example of a transceiver module) and an output port 24 (ie, another example of a transceiver module).
  • the processor 21, the memory 22, the input port 23 and the output port 24 can communicate with each other through an internal connection path to transmit control and/or data signals.
  • the memory 22 is used to store a computer program, and the processor 21 can be used to call and run the computer program from the memory 22 to control the input port 23 to receive signals, control the output port 24 to send signals, and complete the process of the terminal device in the above method. step.
  • the memory 22 may be integrated in the processor 21 or may be provided separately from the processor 21 .
  • the input port 23 is a receiver
  • the output port 24 is a transmitter.
  • the receiver and the transmitter may be the same or different physical entities. When they are the same physical entity, they can be collectively referred to as transceivers.
  • the input port 23 is an input interface
  • the output port 24 is an output interface
  • the functions of the input port 23 and the output port 34 can be considered to be implemented by a transceiver circuit or a dedicated chip for transceiver.
  • the processor 21 can be considered to be implemented by a dedicated processing chip, a processing circuit, a processor or a general-purpose chip.
  • a general-purpose computer may be used to implement the device provided by the embodiments of the present application.
  • the program codes that will implement the functions of the processor 21 , the input port 23 and the output port 24 are stored in the memory 22 , and the general-purpose processor implements the functions of the processor 21 , the input port 23 and the output port 24 by executing the codes in the memory 22 .
  • each module or unit in the apparatus 20 may be used to perform each action or process performed by the device (eg, terminal device) performing random access in the above method, and detailed description thereof is omitted here to avoid redundant description.
  • the processor may be a central processing unit (CPU, central processing unit), and the processor may also be other general-purpose processors, digital signal processors (DSP, digital signal processors), dedicated integrated Circuit (application specific integrated circuit, ASIC), off-the-shelf programmable gate array (field programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • DSP digital signal processors
  • ASIC application specific integrated circuit
  • FPGA off-the-shelf programmable gate array
  • a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the memory in the embodiments of the present application may be volatile memory or non-volatile memory, or may include both volatile and non-volatile memory.
  • the non-volatile memory may be read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically programmable Erase programmable read-only memory (electrically EPROM, EEPROM) or flash memory.
  • Volatile memory may be random access memory (RAM), which acts as an external cache.
  • RAM random access memory
  • SRAM static random access memory
  • DRAM dynamic random access memory
  • SDRAM synchronous dynamic random access memory
  • DDR SDRAM Double data rate synchronous dynamic random access memory
  • ESDRAM enhanced synchronous dynamic random access memory
  • SLDRAM synchronous link dynamic random access memory
  • direct rambus RAM direct rambus RAM
  • the above embodiments may be implemented in whole or in part by software, hardware, firmware or any other combination.
  • the above-described embodiments may be implemented in whole or in part in the form of a computer program product.
  • the computer program product includes one or more computer instructions or computer programs. When the computer instructions or computer programs are loaded or executed on a computer, all or part of the processes or functions described in the embodiments of the present application are generated.
  • the computer may be a general purpose computer, special purpose computer, computer network, or other programmable device.
  • the computer instructions may be stored in or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be downloaded from a website site, computer, server or data center Transmission to another website site, computer, server or data center by wire (eg, infrared, wireless, microwave, etc.).
  • the computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, a data center, or the like that contains one or more sets of available media.
  • the usable media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVDs), or semiconductor media.
  • the semiconductor medium may be a solid state drive.
  • the size of the sequence numbers of the above-mentioned processes does not mean the sequence of execution, and the execution sequence of each process should be determined by its functions and internal logic, and should not be dealt with in the embodiments of the present application. implementation constitutes any limitation.
  • the apparatus embodiments described above are only illustrative.
  • the division of the units is only a logical function division. In actual implementation, there may be other division methods.
  • multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented.
  • the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
  • the functions, if implemented in the form of software functional units and sold or used as independent products, may be stored in a computer-readable storage medium.
  • the computer software product is stored in a storage medium, including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present application.
  • a computer device which may be a personal computer, a server, or a network device, etc.
  • the aforementioned storage medium includes: a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk and other mediums that can store program codes.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente demande concerne un procédé de protection de la confidentialité d'identification (ID) d'identité, et un appareil de communication. Selon le procédé, par le changement d'un message d'interface hertzienne existant, un attaquant ne peut pas déterminer, à partir d'un message provenant d'un côté réseau, si une ID d'un UE construite par l'attaquant est valide. Spécifiquement, que l'ID de l'UE soit valide ou non, le côté réseau envoie, à un UE, un message d'interface hertzienne dont le type et le format sont cohérents, ou le côté réseau transporte, dans un message de rejet d'enregistrement, une valeur de raison non pertinente à la validité ou non de l'ID de l'UE, ce qui empêche l'attaquant de deviner l'ID de l'UE à partir du message d'interface hertzienne et d'un processus subséquent, et augmente la difficulté d'attaque pour l'attaquant. De plus, le côté réseau n'a pas besoin de vérifier en outre un message envoyé par l'attaquant dans le processus subséquent, mais il envoie directement un message de rejet, ce qui réduit un surdébit de signalisation et un volume de calculs.
PCT/CN2022/073978 2021-02-20 2022-01-26 Procédé de protection de la confidentialité d'identification d'identité, et appareil de communication WO2022174729A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110193034.7A CN114980076A (zh) 2021-02-20 2021-02-20 保护身份标识隐私的方法与通信装置
CN202110193034.7 2021-02-20

Publications (1)

Publication Number Publication Date
WO2022174729A1 true WO2022174729A1 (fr) 2022-08-25

Family

ID=82932067

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/073978 WO2022174729A1 (fr) 2021-02-20 2022-01-26 Procédé de protection de la confidentialité d'identification d'identité, et appareil de communication

Country Status (2)

Country Link
CN (1) CN114980076A (fr)
WO (1) WO2022174729A1 (fr)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107820244A (zh) * 2016-09-12 2018-03-20 中兴通讯股份有限公司 入网认证方法及装置
CN103843379B (zh) * 2012-08-08 2018-09-21 华为技术有限公司 信息处理方法和装置
US20200068397A1 (en) * 2017-05-09 2020-02-27 Huawei International Pte. Ltd. Network authentication method, network device, terminal device, and storage medium
CN111641498A (zh) * 2019-03-01 2020-09-08 中兴通讯股份有限公司 密钥的确定方法及装置
WO2020220903A1 (fr) * 2019-04-29 2020-11-05 华为技术有限公司 Procédé et appareil de communication
CN112087724A (zh) * 2019-06-13 2020-12-15 华为技术有限公司 一种通信方法、网络设备、用户设备和接入网设备
WO2021008466A1 (fr) * 2019-07-12 2021-01-21 华为技术有限公司 Procédé et appareil de communication
US20210036988A1 (en) * 2019-07-29 2021-02-04 Cable Television Laboratories, Inc Systems and methods for obtaining permanent mac addresses

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103843379B (zh) * 2012-08-08 2018-09-21 华为技术有限公司 信息处理方法和装置
CN107820244A (zh) * 2016-09-12 2018-03-20 中兴通讯股份有限公司 入网认证方法及装置
US20200068397A1 (en) * 2017-05-09 2020-02-27 Huawei International Pte. Ltd. Network authentication method, network device, terminal device, and storage medium
CN111641498A (zh) * 2019-03-01 2020-09-08 中兴通讯股份有限公司 密钥的确定方法及装置
WO2020220903A1 (fr) * 2019-04-29 2020-11-05 华为技术有限公司 Procédé et appareil de communication
CN112087724A (zh) * 2019-06-13 2020-12-15 华为技术有限公司 一种通信方法、网络设备、用户设备和接入网设备
WO2021008466A1 (fr) * 2019-07-12 2021-01-21 华为技术有限公司 Procédé et appareil de communication
US20210036988A1 (en) * 2019-07-29 2021-02-04 Cable Television Laboratories, Inc Systems and methods for obtaining permanent mac addresses

Also Published As

Publication number Publication date
CN114980076A (zh) 2022-08-30

Similar Documents

Publication Publication Date Title
CN108574969B (zh) 多接入场景中的连接处理方法和装置
US9819596B2 (en) Efficient policy enforcement using network tokens for services C-plane approach
WO2020029938A1 (fr) Procédé et dispositif permettant des conversations sécurisées
JP2022502908A (ja) Nasメッセージのセキュリティ保護のためのシステム及び方法
WO2020248624A1 (fr) Procédé de communication, dispositif de réseau, équipement utilisateur et dispositif de réseau d'accès
JP2012524469A (ja) 通信ネットワークにおける認証手順による緊急通報処理
CN111726228B (zh) 使用互联网密钥交换消息来配置活动性检查
CN113676904B (zh) 切片认证方法及装置
US20240179525A1 (en) Secure communication method and apparatus
WO2024067619A1 (fr) Procédé de communication et appareil de communication
US10492056B2 (en) Enhanced mobile subscriber privacy in telecommunications networks
US11159944B2 (en) Wireless-network attack detection
EP3213541B1 (fr) Gestion de politique gx basée sur une authentification radius/diameter et déclenchée par un changement de localisation de l'utilisateur
WO2023016160A1 (fr) Procédé d'établissement de session et appareil associé
JP6861285B2 (ja) 緊急アクセス中のパラメータ交換のための方法およびデバイス
WO2022174729A1 (fr) Procédé de protection de la confidentialité d'identification d'identité, et appareil de communication
CN111465060A (zh) 一种确定安全保护方式的方法、装置及系统
WO2020147602A1 (fr) Procédé, appareil et système d'authentification
KR102103320B1 (ko) 이동 단말기, 네트워크 노드 서버, 방법 및 컴퓨터 프로그램
WO2023160390A1 (fr) Procédé et appareil de communication
WO2022147846A1 (fr) Procédé, système et appareil de génération de clé pour une communication entre des dispositifs
CN116528234B (zh) 一种虚拟机的安全可信验证方法及装置
US20240305982A1 (en) Secure authentication and identification in trusted non-3gpp access networks
WO2024077598A1 (fr) Protection d'indication de capacité en pilotage d'itinérance (sor) basé sur la tranche de réseau mobile terrestre public visité (vplmn) à l'initiative de l'ue
WO2024146582A1 (fr) Procédé de communication et appareil de communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22755502

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22755502

Country of ref document: EP

Kind code of ref document: A1