[go: up one dir, main page]

CN104581710B - A method and system for securely transmitting LTE user IMSI on an air interface - Google Patents

A method and system for securely transmitting LTE user IMSI on an air interface Download PDF

Info

Publication number
CN104581710B
CN104581710B CN201410795421.8A CN201410795421A CN104581710B CN 104581710 B CN104581710 B CN 104581710B CN 201410795421 A CN201410795421 A CN 201410795421A CN 104581710 B CN104581710 B CN 104581710B
Authority
CN
China
Prior art keywords
imsi
base station
terminal
safe transmission
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201410795421.8A
Other languages
Chinese (zh)
Other versions
CN104581710A (en
Inventor
汪永明
王宣宣
曲昕瑶
王颖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201410795421.8A priority Critical patent/CN104581710B/en
Publication of CN104581710A publication Critical patent/CN104581710A/en
Application granted granted Critical
Publication of CN104581710B publication Critical patent/CN104581710B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method and a system for safely transmitting L TE user IMSI on an air interface, wherein the method comprises the steps of 1) respectively configuring IMSI safety transmission capacities of a base station and a terminal, broadcasting the configured safety transmission capacity information by the base station, 2) analyzing broadcast information by the terminal and carrying out IMSI safety transmission negotiation with the base station, selecting a key extraction method and an encryption and decryption algorithm between the terminal and the base station, 3) extracting an encryption key from physical layer information of a set downlink subframe by the terminal according to the negotiated key extraction method and sending an uplink signal to the base station in an uplink time slot, 4) extracting a decryption key from the uplink signal by the base station according to the key extraction method, 5) encrypting an attachment request message and IMSI in an identification response message of an initial attachment process by the terminal and then sending the encrypted IMSI to the base station, and decrypting the IMSI from the received message by the base station by using the decryption key and the selected decryption algorithm.

Description

一种在空口上安全传输LTE用户IMSI的方法和系统A method and system for securely transmitting LTE user IMSI on an air interface

技术领域technical field

本发明涉及无线通信物理层领域,尤其涉及LTE无线通信系统,提出一种在空口上安全传输LTE用户IMSI的方法和系统。The invention relates to the field of wireless communication physical layers, in particular to an LTE wireless communication system, and proposes a method and system for securely transmitting an LTE user IMSI on an air interface.

背景技术Background technique

国际移动用户识别码(IMSI)属于移动用户的隐私,特别是对于敏感用户和重要用户来说,其IMSI的泄露可能会导致重要的安全事故,因此,应避免在空口上以明文的方式传输IMSI。然而,在目前的公共陆地移动网络中,某些业务流程仍然需要以明文的方式在空口传输IMSI。虽然也有多种改进方法,但仍然无法完全避免以明文的方式在空口传输IMSI。对于LTE网络来说,在初始附着过程中或当网络出错时,都需要终端在非接入层信令(NAS)消息中向网络报告用户的IMSI,否则,网络无法确定该终端所对应的用户。同时,在目前的LTE网络安全架构中,由于在这一阶段网络不知道消息来自哪个用户,也没有建立好安全关联,因而终端侧无法加密信令,网络侧无法解密。在LTE网络中,以明文方式在空口传输IMSI的NAS消息有两个:初始附着过程中的附着请求消息(AttachRequest)和识别响应消息(IdentityResponse),其中前者封装在初始附着过程中的RRC连接建立完成(RRCConnectionComplete)消息中。攻击者可以很容易让终端重新发起初始附着过程,并在双向认证之前从空口获取用户的IMSI;也可利用正常流程中的AttachRequest消息或IdentityResponse消息从空口获取用户的IMSI。The International Mobile Subscriber Identity (IMSI) belongs to the privacy of mobile users. Especially for sensitive and important users, the leakage of their IMSI may lead to important security incidents. Therefore, transmission of IMSI in clear text over the air interface should be avoided. . However, in the current public land mobile network, some service processes still need to transmit the IMSI over the air interface in plain text. Although there are many improvement methods, it is still impossible to completely avoid transmitting the IMSI over the air interface in plain text. For an LTE network, during the initial attachment process or when the network fails, the terminal needs to report the user's IMSI to the network in the Non-Access Stratum Signaling (NAS) message, otherwise, the network cannot determine the user corresponding to the terminal . At the same time, in the current LTE network security architecture, since the network does not know which user the message comes from at this stage, and the security association has not been established, the terminal side cannot encrypt the signaling, and the network side cannot decrypt it. In the LTE network, there are two NAS messages that transmit the IMSI over the air interface in plain text: the Attach Request message (AttachRequest) during the initial attach process and the Identity Response message (IdentityResponse), where the former is encapsulated in the RRC connection establishment during the initial attach process Complete (RRCConnectionComplete) message. An attacker can easily make the terminal reinitiate the initial attach process and obtain the user's IMSI from the air interface before two-way authentication; the attacker can also use the AttachRequest message or IdentityResponse message in the normal process to obtain the user's IMSI from the air interface.

另外,许多宽带专网以LTE和演进的分组核心网(EPC)为基础来构建,同样需要在初始附着过程中的AttachRequest消息以及IdentityResponse消息中以明文的方式在空口传输IMSI,这对专网用户来说是一个重要的安全风险。In addition, many broadband private networks are built on the basis of LTE and Evolved Packet Core Network (EPC). It is also necessary to transmit the IMSI in clear text on the air interface in the AttachRequest message and the IdentityResponse message during the initial attachment process. is an important security risk.

发明内容Contents of the invention

本发明提出了一种空口上安全传输LTE用户IMSI的方法和系统,其目的在于在不改变LTE网络架构和安全架构、对LTE网络影响最小化的情况下,完全避免在空口上以明文的方式传输IMSI,同时还要适应不同基站和不同终端对IMSI安全传输的不同支持能力,并保证与不支持IMSI安全传输的网络设备和终端兼容。The present invention proposes a method and system for securely transmitting an LTE user IMSI over an air interface. To transmit IMSI, it is also necessary to adapt to the different support capabilities of different base stations and different terminals for IMSI secure transmission, and to ensure compatibility with network devices and terminals that do not support IMSI secure transmission.

无线物理层安全技术可以利用无线信道的唯一性和互易性特点,来实现密钥协商和加密传输,为此,本发明把物理层安全技术融合到LTE物理层处理中,并根据目前LTE信令与消息流程,设计出一套在空口上安全传输LTE用户IMSI的方法和装置,从而可以完全避免在空口上以明文的方式传输IMSI。The wireless physical layer security technology can utilize the uniqueness and reciprocity characteristics of the wireless channel to realize key agreement and encrypted transmission. Therefore, the present invention integrates the physical layer security technology into the LTE physical layer processing, and according to the current LTE signal Order and message flow, and design a set of method and device for securely transmitting LTE user IMSI on the air interface, so as to completely avoid transmitting the IMSI in clear text on the air interface.

在目前的LTE网络中,只有初始附着过程中的AttachRequest消息、IdentityResponse消息会以明文方式在空口上传输IMSI。为了避免以明文方式在空口传输IMSI,需要在初始附着过程发送AttachRequest时完成IMSI安全传输协商和密钥协商。In the current LTE network, only the AttachRequest message and the IdentityResponse message in the initial attachment process will transmit the IMSI on the air interface in plain text. In order to avoid transmitting the IMSI on the air interface in plain text, it is necessary to complete the IMSI secure transmission negotiation and key negotiation when the AttachRequest is sent during the initial attach process.

本发明提出的一种空口上安全传输LTE用户IMSI的方法,其实现步骤如下:A method for safely transmitting the LTE user IMSI on the air interface proposed by the present invention, its implementation steps are as follows:

1.基站的IMSI安全传输配置。配置基站的IMSI安全传输能力各参数,如:是否支持IMSI安全传输、支持哪些密钥提取方法和加解密算法等。1. IMSI security transmission configuration of the base station. Configure various parameters of the base station's IMSI secure transmission capability, such as: whether to support IMSI secure transmission, which key extraction methods and encryption and decryption algorithms are supported, etc.

2.终端的IMSI安全传输配置。配置终端的IMSI安全传输能力各参数,如:是否支持IMSI安全传输、支持哪些密钥提取方法和加解密算法等。2. IMSI security transmission configuration of the terminal. Configure the parameters of the terminal's IMSI secure transmission capability, such as: whether to support IMSI secure transmission, which key extraction methods and encryption and decryption algorithms are supported.

3.基站的IMSI安全传输能力参数广播。基站以系统信息的方式,通过广播信道在小区内广播其IMSI安全传输能力参数。3. Broadcasting of IMSI security transmission capability parameters of the base station. The base station broadcasts its IMSI security transmission capability parameters in the cell through the broadcast channel in the form of system information.

4.终端接收解析基站的IMSI安全传输能力参数。终端在小区搜索过程中解析并保存基站小区系统信息中的基站IMSI安全传输能力信息,并在小区选择过程中优先选择具有IMSI安全传输功能的基站。4. The terminal receives and analyzes the IMSI security transmission capability parameter of the base station. During the cell search process, the terminal parses and saves the base station IMSI secure transmission capability information in the cell system information of the base station, and preferentially selects the base station with the IMSI secure transmission function during the cell selection process.

5.IMSI安全传输协商。终端和基站利用并扩展无线资源控制(RRC)连接建立过程的RRC连接建立请求(RRCConnectionRequest)和RRC连接建立(RRCConnectionSetup)消息,完成IMSI安全传输协商;终端根据自己和基站的IMSI安全传输能力来选择是否启用IMSI安全传输功能,以及密钥提取方法和加解密算法,并由基站确认;当终端收到RRCConnectionSetup消息后,解析其中的IMSI安全传输协商反馈信息。5. IMSI secure transmission negotiation. The terminal and the base station use and extend the RRC Connection Establishment Request (RRCConnectionRequest) and RRCConnectionSetup (RRCConnectionSetup) messages of the Radio Resource Control (RRC) connection establishment process to complete the IMSI secure transmission negotiation; the terminal selects according to the IMSI secure transmission capabilities of itself and the base station Whether to enable the IMSI secure transmission function, as well as the key extraction method and encryption and decryption algorithm, are confirmed by the base station; when the terminal receives the RRCConnectionSetup message, it parses the IMSI secure transmission negotiation feedback information.

6.加解密密钥的协商。6. Negotiation of encryption and decryption keys.

a)终端按照协商出的密钥提取方法从收到RRCConnectionSetup消息的下行子帧和后面的若干个下行子帧的物理层信息中提取加密密钥;终端利用小区专属参考信号(CRS),基站利用上行解调参考信号(DMRS)或探测参考信号(SRS),分析无线信道特征,提取加解密密钥;且所用的CRS和DMRS(或SRS)信号所在的时隙在时间上尽可能靠近。a) The terminal extracts the encryption key from the physical layer information of the downlink subframe that receives the RRCConnectionSetup message and the following downlink subframes according to the negotiated key extraction method; the terminal uses the cell-specific reference signal (CRS), and the base station uses Uplink demodulation reference signal (DMRS) or sounding reference signal (SRS), analyze wireless channel characteristics, extract encryption and decryption keys; and the time slots of the used CRS and DMRS (or SRS) signals are as close as possible in time.

b)终端在调度指定的上行时隙里向基站发送RRC连接建立完成(RRCConnectionComplete)消息;b) The terminal sends an RRC connection establishment complete (RRCConnectionComplete) message to the base station in the uplink time slot specified by the scheduling;

c)基站收到RRCConnectionComplete消息后,利用所选取的密钥提取算法,从上行信号中提取解密密钥,保存在基站上IMSI安全传输关联数据库中。c) After receiving the RRCConnectionComplete message, the base station uses the selected key extraction algorithm to extract the decryption key from the uplink signal and store it in the IMSI secure transmission association database on the base station.

7.初始附着过程中的AttachRequest消息里的IMSI加密与解密。7. IMSI encryption and decryption in the AttachRequest message during the initial attachment process.

a)终端利用加密密钥和选取的加密算法,对初始附着过程中的AttachRequest消息里的IMSI加密;a) The terminal uses the encryption key and the selected encryption algorithm to encrypt the IMSI in the AttachRequest message during the initial attach process;

b)终端把含有加过密的IMSI的AttachRequest消息封装在RRCConnectionComplete消息中,然后,在调度指定的上行时隙里向基站发送RRCConnectionComplete消息;b) The terminal encapsulates the AttachRequest message containing the encrypted IMSI in the RRCConnectionComplete message, and then sends the RRCConnectionComplete message to the base station in the scheduled uplink time slot;

c)基站利用协商出的解密密钥和解密算法,对AttachRequest消息中的加密IMSI进行解密,再将AttachRequest消息发送给移动管理实体(MME)。c) The base station decrypts the encrypted IMSI in the AttachRequest message by using the negotiated decryption key and decryption algorithm, and then sends the AttachRequest message to the Mobility Management Entity (MME).

8.IdentityResponse消息中的IMSI加密与解密。当终端需要向核心网发送IdentityResponse消息时,用保存的加密密钥对IdentityResponse中的IMSI加密;基站收到IdentityResponse消息时,用保存的解密密钥对IdentityResponse消息中的IMSI解密,然后把IdentityResponse消息发送给核心网。8. IMSI encryption and decryption in the IdentityResponse message. When the terminal needs to send an IdentityResponse message to the core network, it encrypts the IMSI in the IdentityResponse with the saved encryption key; when the base station receives the IdentityResponse message, it decrypts the IMSI in the IdentityResponse message with the saved decryption key, and then sends the IdentityResponse message to the core network.

本发明提出的一种空口上安全传输LTE用户IMSI的系统,包括:基站上IMSI安全传输装置和终端上IMSI安全传输装置。A system for safely transmitting an LTE user IMSI on an air interface proposed by the present invention includes: a device for securely transmitting IMSI on a base station and a device for securely transmitting IMSI on a terminal.

本发明提出的基站上IMSI安全传输装置,包括:基站IMSI安全传输能力配置模块,用于配置并存放基站的IMSI安全传输能力参数;基站IMSI安全传输能力广播模块,用于以系统信息的方式向小区内终端广播基站的IMSI安全传输能力参数;基站上IMSI安全传输关联数据库,用于存放与终端间的IMSI安全传输关联信息;基站上IMSI安全传输协商模块,用于与终端协商否启用IMSI安全传输功能、密钥提取方法和加解密算法;基站上加解密密钥的协商模块,用于从上行物理信号中提取解密密钥;基站上解密模块,用于对AttachRequest和IdentityResponse消息中的加密IMSI解密。The IMSI secure transmission device on the base station proposed by the present invention includes: a base station IMSI secure transmission capability configuration module, which is used to configure and store the IMSI secure transmission capability parameters of the base station; a base station IMSI secure transmission capability broadcast module, which is used to send system information to The terminal in the cell broadcasts the IMSI security transmission capability parameters of the base station; the IMSI security transmission association database on the base station is used to store the IMSI security transmission association information with the terminal; the IMSI security transmission negotiation module on the base station is used to negotiate with the terminal whether to enable IMSI security Transmission function, key extraction method and encryption and decryption algorithm; the encryption and decryption key negotiation module on the base station is used to extract the decryption key from the uplink physical signal; the decryption module on the base station is used to encrypt the encrypted IMSI in the AttachRequest and IdentityResponse messages decrypt.

本发明提出的终端上IMSI安全传输装置,包括:终端IMSI安全传输能力配置模块,用于配置和存放终端的IMSI安全传输能力参数;终端IMSI安全传输能力接收模块,用于接收和解析基站IMSI安全传输能力参数;终端上IMSI安全传输关联数据库,用于存放与基站间的IMSI安全传输关联信息;终端上IMSI安全传输协商模块,用于与基站协商否启用IMSI安全传输功能、密钥提取方法和加解密算法;终端上加解密密钥的协商模块,用于从下行物理信号中提取加密密钥;终端上加密模块,用于对AttachRequest和IdentityResponse消息中的IMSI加密。The IMSI secure transmission device on the terminal proposed by the present invention includes: a terminal IMSI secure transmission capability configuration module, which is used to configure and store the IMSI secure transmission capability parameters of the terminal; a terminal IMSI secure transmission capability receiving module, which is used to receive and analyze the base station IMSI security Transmission capability parameters; the IMSI secure transmission association database on the terminal is used to store the IMSI secure transmission association information with the base station; the IMSI secure transmission negotiation module on the terminal is used to negotiate with the base station whether to enable the IMSI secure transmission function, key extraction method and An encryption and decryption algorithm; an encryption and decryption key negotiation module on the terminal, which is used to extract the encryption key from the downlink physical signal; an encryption module on the terminal, which is used to encrypt the IMSI in the AttachRequest and IdentityResponse messages.

本发明所述的方法不仅适用于LTE系统,也适用于LTE-A系统。The method described in the present invention is not only applicable to the LTE system, but also applicable to the LTE-A system.

与现有技术相比,本发明的积极效果为:Compared with prior art, positive effect of the present invention is:

本发明在不改变LTE网络架构和安全架构、对LTE网络影响最小化的情况下,完全避免在空口上以明文的方式传输IMSI,且适应能力强,同时能够保证与不支持IMSI安全传输的网络设备和终端兼容。The present invention completely avoids the transmission of IMSI in clear text on the air interface without changing the LTE network architecture and security architecture and minimizes the impact on the LTE network, and has strong adaptability, and at the same time can ensure the network that does not support IMSI secure transmission Device and terminal compatible.

附图说明Description of drawings

图1为LTE基站和终端功能模型;Figure 1 is a functional model of an LTE base station and a terminal;

(a)LTE基站功能模型,(b)LTE终端功能模型;(a) LTE base station function model, (b) LTE terminal function model;

图2为基站上IMSI安全传输装置;Fig. 2 is the IMSI secure transmission device on the base station;

图3为终端上IMSI安全传输装置;FIG. 3 is an IMSI secure transmission device on a terminal;

图4为空口上IMSI安全传输方法实现的流程;Fig. 4 is the flow that realizes the IMSI secure transmission method on the air interface;

图5为空口上IMSI安全传输方法实现的消息流程。Fig. 5 is a message flow of implementing the IMSI secure transmission method on the air interface.

具体实施方式Detailed ways

下面结合附图及实施例来详细说明本发明的实施方式,实施案例在以本发明技术方案为前提下进行实施,给出了详细的实施方式和具体的操作过程。需要说明的是,只要不构成冲突,本发明中的各个实施例以及各实施例中的各个特征可以相互结合,所形成的技术方案均在本发明的保护范围之内。The implementation of the present invention will be described in detail below in conjunction with the accompanying drawings and examples. The implementation cases are implemented on the premise of the technical solution of the present invention, and the detailed implementation and specific operation process are given. It should be noted that, as long as there is no conflict, each embodiment and each feature in each embodiment of the present invention can be combined with each other, and the formed technical solutions are all within the protection scope of the present invention.

实施例:Example:

本实施例结合TD-LTE系统,详细说明本发明提出的在空口上安全传输LTE用户IMSI的方法。图1是目前LTE基站和LTE终端模型。This embodiment describes in detail the method for securely transmitting an LTE user IMSI over an air interface proposed by the present invention in combination with a TD-LTE system. Figure 1 is the current LTE base station and LTE terminal models.

目前的LTE基站包含射频收发、物理层处理、媒体接入控制(MAC)层处理、无线链路控制(RLC)层处理、分组数据汇聚协议(PDCP)层处理、无线资源控制(RRC)处理、非接入层信令(NAS)转发、基站管理等功能模块,LTE终端包含射频收发、物理层处理、MAC层处理、RLC层处理、PDCP层处理、RRC处理、NAS处理、界面与管理等功能模块。The current LTE base station includes radio frequency transceiver, physical layer processing, medium access control (MAC) layer processing, radio link control (RLC) layer processing, packet data convergence protocol (PDCP) layer processing, radio resource control (RRC) processing, Non-access stratum signaling (NAS) forwarding, base station management and other functional modules, LTE terminals include RF transceiver, physical layer processing, MAC layer processing, RLC layer processing, PDCP layer processing, RRC processing, NAS processing, interface and management functions module.

图2是一种基站上IMSI安全传输装置200方框图。装置200用于在空口安全传输LTE用户IMSI,包括基站IMSI安全传输能力配置模块201、基站IMSI安全传输能力广播模块202、基站上IMSI安全传输关联数据库203、基站上IMSI安全传输协商模块204、基站上加解密密钥的协商模块205、基站上解密模块206。FIG. 2 is a block diagram of an IMSI secure transmission device 200 on a base station. The device 200 is used to securely transmit LTE user IMSI over the air interface, including a base station IMSI secure transmission capability configuration module 201, a base station IMSI secure transmission capability broadcast module 202, a base station IMSI secure transmission association database 203, a base station IMSI secure transmission negotiation module 204, and a base station An encryption and decryption key negotiation module 205 and a decryption module 206 on the base station.

1)基站IMSI安全传输能力配置模块201,用于配置并存放基站的IMSI安全传输能力参数,该模块与基站管理模块118相关,可以作为“基站管理”的增强功能。1) The base station IMSI security transmission capability configuration module 201 is used to configure and store the IMSI security transmission capability parameters of the base station. This module is related to the base station management module 118 and can be used as an enhanced function of "base station management".

2)基站IMSI安全传输能力广播模块202,用于以系统信息的方式向小区内终端广播基站的IMSI安全传输能力参数,该模块与基站上RRC处理模块116相关,可以作为“基站上RRC处理”的增强功能。2) The base station IMSI security transmission capability broadcasting module 202 is used to broadcast the IMSI security transmission capability parameters of the base station to the terminals in the cell in the form of system information. This module is related to the RRC processing module 116 on the base station and can be used as "RRC processing on the base station" enhancements.

3)基站上IMSI安全传输关联数据库203,用于存放与终端间的IMSI安全传输关联信息,主要包括IMSI安全传输协商和加解密密钥的协商的结果,并向基站上解密模块206提供解密密钥,是新增的功能。3) The IMSI secure transmission association database 203 on the base station is used to store the IMSI secure transmission association information with the terminal, mainly including the results of IMSI secure transmission negotiation and encryption/decryption key negotiation, and provides the decryption key to the decryption module 206 on the base station. key is a newly added function.

4)基站上IMSI安全传输协商模块204,用于与终端协商否启用IMSI安全传输功能、密钥提取方法和加解密算法,需要利用基站上RRC处理模块116,可以作为“基站上RRC处理”的增强功能。4) The IMSI secure transmission negotiation module 204 on the base station is used to negotiate with the terminal whether to enable the IMSI secure transmission function, the key extraction method and the encryption and decryption algorithm. It needs to use the RRC processing module 116 on the base station, which can be used as the "RRC processing on the base station" Enhanced functionality.

5)基站上加解密密钥的协商模块205,用于从上行物理信号中提取解密密钥,与基站上物理层处理112相关,可以作为“基站上物理层处理”的增强功能。5) The encryption and decryption key negotiation module 205 on the base station is used to extract the decryption key from the uplink physical signal, which is related to the physical layer processing 112 on the base station and can be used as an enhanced function of "physical layer processing on the base station".

6)基站上解密模块206,用于对AttachRequest和IdentityResponse消息中的加密IMSI解密,再由基站上NAS转发117把携带解密的IMSI的AttachRequest和IdentityResponse消息发送给MME,基站上解密模块206与基站上PDCP层处理模块115中加解密功能相关,可以作为“基站上PDCP层处理”的增强功能。6) The decryption module 206 on the base station is used to decrypt the encrypted IMSI in the AttachRequest and IdentityResponse messages, and then the NAS forwarding 117 on the base station sends the AttachRequest and IdentityResponse messages carrying the decrypted IMSI to the MME, and the decryption module 206 on the base station communicates with the The encryption and decryption functions in the PDCP layer processing module 115 are related, and can be used as an enhanced function of "PDCP layer processing on the base station".

图3是一种终端上IMSI安全传输装置300方框图。装置300用于在空口上安全传输LTE用户IMSI,包括终端IMSI安全传输能力配置模块301、终端上基站IMSI安全传输能力接收模块302、终端上IMSI安全传输关联数据库303、终端上IMSI安全传输协商模块304、终端上加解密密钥的协商模块305、终端上加密模块306。Fig. 3 is a block diagram of an apparatus 300 for IMSI secure transmission on a terminal. The device 300 is used to securely transmit the LTE user IMSI on the air interface, including a terminal IMSI secure transmission capability configuration module 301, a terminal on the base station IMSI secure transmission capability receiving module 302, a terminal on the IMSI secure transmission association database 303, and a terminal on the IMSI secure transmission negotiation module 304. An encryption and decryption key negotiating module 305 on the terminal, and an encryption module 306 on the terminal.

1)终端IMSI安全传输能力配置模块301,用于配置和存放终端的IMSI安全传输能力参数,该模块与界面与管理模块128相关,可以作为“界面与管理”的增强功能。1) The terminal IMSI security transmission capability configuration module 301 is used to configure and store the IMSI security transmission capability parameters of the terminal. This module is related to the interface and management module 128 and can be used as an enhanced function of "interface and management".

2)终端上基站IMSI安全传输能力接收模块302,用于接收和解析基站IMSI安全传输能力参数,该模块与终端上RRC处理模块126相关,可以作为“终端上RRC处理”的增强功能。2) The base station IMSI security transmission capability receiving module 302 on the terminal is used to receive and analyze the base station IMSI security transmission capability parameter. This module is related to the RRC processing module 126 on the terminal and can be used as an enhanced function of "RRC processing on the terminal".

3)终端上IMSI安全传输关联数据库303,用于存放与基站间的IMSI安全传输关联信息,主要包括IMSI安全传输协商和加解密密钥的协商的结果,并向终端上加密模块306提供加密密钥,是新增的功能。密钥以加密的方式存储,可以放在USIM中。3) The IMSI secure transmission association database 303 on the terminal is used to store the IMSI secure transmission association information with the base station, mainly including the results of IMSI secure transmission negotiation and encryption/decryption key negotiation, and provide the encryption key to the encryption module 306 on the terminal. key is a newly added function. The key is stored in an encrypted manner and can be placed in the USIM.

4)终端上IMSI安全传输协商模块304,用于与基站协商否启用IMSI安全传输功能、密钥提取方法和加解密算法,需要利用终端上RRC处理模块126,可以作为“终端上RRC处理”的增强功能。4) The IMSI secure transmission negotiation module 304 on the terminal is used to negotiate with the base station whether to enable the IMSI secure transmission function, the key extraction method and the encryption and decryption algorithm. It needs to use the RRC processing module 126 on the terminal, which can be used as the "RRC processing on the terminal" Enhanced functionality.

5)终端上加解密密钥的协商模块305,用于从上行物理信号中提取加密密钥,与终端上物理层处理122相关,可以作为“终端上物理层处理”的增强功能。5) The encryption and decryption key negotiation module 305 on the terminal is used to extract the encryption key from the uplink physical signal, which is related to the physical layer processing 122 on the terminal and can be used as an enhanced function of "physical layer processing on the terminal".

6)终端上加密模块306,用于对AttachRequest和IdentityResponse消息中的IMSI加密,与终端上PDCP层处理模块125相关,可以作为“终端上PDCP层处理”的增强功能。6) The encryption module 306 on the terminal is used to encrypt the IMSI in the AttachRequest and IdentityResponse messages, which is related to the PDCP layer processing module 125 on the terminal, and can be used as an enhanced function of "PDCP layer processing on the terminal".

图4是根据本发明的一个实施例的一种在空口上安全传输LTE用户IMSI的方法的流程图,图5则是相应的消息流程。基于本实施例对本方法进行详细说明。Fig. 4 is a flowchart of a method for securely transmitting an LTE user IMSI over an air interface according to an embodiment of the present invention, and Fig. 5 is a corresponding message flow. This method is described in detail based on this embodiment.

基站的IMSI安全传输配置(步骤401)。只有配备IMSI安全传输装置的基站需要执行步骤401。通过基站IMSI安全传输能力配置模块(201)配置基站的IMSI安全传输能力各参数,包括:是否支持IMSI安全传输、支持哪些密钥提取方法和加解密算法等;然后,创建基站上IMSI安全传输关联数据库(203)。IMSI security transmission configuration of the base station (step 401). Only a base station equipped with an IMSI secure transmission device needs to perform step 401 . Configure the parameters of the IMSI secure transmission capability of the base station through the base station IMSI secure transmission capability configuration module (201), including: whether to support IMSI secure transmission, which key extraction methods and encryption and decryption algorithms are supported; and then, create an IMSI secure transmission association on the base station database (203).

终端的IMSI安全传输配置(步骤402)。只有配备IMSI安全传输装置的终端需要执行步骤402。通过终端IMSI安全传输能力配置模块(301)为终端配置IMSI安全传输能力参数,包括:是否支持IMSI安全传输、支持的密钥提取方法和加解密算法等;然后,创建终端上IMSI安全传输关联数据库(303)。IMSI security transmission configuration of the terminal (step 402). Only a terminal equipped with an IMSI secure transmission device needs to perform step 402 . Configure IMSI secure transmission capability parameters for the terminal through the terminal IMSI secure transmission capability configuration module (301), including: whether to support IMSI secure transmission, supported key extraction methods and encryption and decryption algorithms, etc.; then, create an associated database for IMSI secure transmission on the terminal (303).

基站的IMSI安全传输能力参数广播(步骤403)。只有配备IMSI安全传输装置的基站需要执行步骤403。基站IMSI安全传输能力广播模块(202)通过基站上RRC处理模块(116)以系统信息(501)的方式广播基站的IMSI安全传输能力参数。The IMSI security transmission capability parameter of the base station is broadcast (step 403). Only the base station equipped with the IMSI secure transmission device needs to perform step 403 . The base station IMSI security transmission capability broadcast module (202) broadcasts the IMSI security transmission capability parameter of the base station in the form of system information (501) through the RRC processing module (116) on the base station.

终端接收解析基站的IMSI安全传输能力参数(步骤404)。只有配备IMSI安全传输装置的终端需要执行步骤404。终端在小区搜索过程中,终端上基站IMSI安全传输能力接收模块(302)解析SIB中的“基站的IMSI安全传输能力”信息,把这些信息和小区ID一起存放在终端上IMSI安全传输关联数据库(303)中;如果没有发现“基站的IMSI安全传输能力”信息,则认为该基站没有配置IMSI安全传输装置(200);终端在小区选择过程中优先选择配备IMSI安全传输装置(300)的基站。The terminal receives and analyzes the IMSI security transmission capability parameter of the base station (step 404). Only a terminal equipped with an IMSI security transmission device needs to perform step 404 . During the cell search process of the terminal, the base station IMSI secure transmission capability receiving module (302) on the terminal parses the "IMSI secure transmission capability of the base station" information in the SIB, and stores this information together with the cell ID in the IMSI secure transmission association database on the terminal ( 303); if the "IMSI secure transmission capability of the base station" information is not found, then it is considered that the base station is not configured with the IMSI secure transmission device (200); the terminal preferentially selects the base station equipped with the IMSI secure transmission device (300) in the cell selection process.

IMSI安全传输协商(步骤405)。具有IMSI安全传输装置(300)的终端发现基站也配备IMSI安全传输装置(200)时,执行步骤405。IMSI security transport negotiation (step 405). When the terminal equipped with the IMSI secure transmission device (300) finds that the base station is also equipped with the IMSI secure transmission device (200), step 405 is performed.

1)在步骤405中,终端上IMSI安全传输协商模块(304)根据终端和基站的IMSI安全传输能力来选择是否启用IMSI安全传输功能、密钥提取方法和加解密算法;然后,把这些信息放在RRCConnectionRequest消息(502)中通过终端上RRC处理模块(126)发送给基站,并存放在终端上IMSI安全传输关联数据库(303)中。1) In step 405, the IMSI secure transmission negotiation module (304) on the terminal selects whether to enable the IMSI secure transmission function, key extraction method and encryption and decryption algorithm according to the IMSI secure transmission capabilities of the terminal and the base station; then, put these information in In the RRCConnectionRequest message (502), it is sent to the base station through the RRC processing module (126) on the terminal, and stored in the IMSI security transmission association database (303) on the terminal.

2)在步骤405中,当收到来自终端的RRCConnectionRequest消息(502)后,基站上IMSI安全传输协商模块(204)将解析其中的IMSI安全传输协商信息,并把这些信息和终端标识(UE-Identity)一起存放基站上IMSI安全传输关联数据库(203)中;然后,模块204将把密钥提取方法和加解密算法协商的“协商确认”作为协商反馈信息放在RRCConnectionSetup消息(503)中通过基站上RRC处理模块(116)发给该终端。2) In step 405, after receiving the RRCConnectionRequest message (502) from the terminal, the IMSI security transmission negotiation module (204) on the base station will analyze the IMSI security transmission negotiation information therein, and combine these information and the terminal identity (UE- Identity) are stored together in the IMSI secure transmission association database (203) on the base station; then, the module 204 will put the "negotiation confirmation" negotiated with the key extraction method and the encryption and decryption algorithm as the negotiation feedback information in the RRCConnectionSetup message (503) and pass the base station The upper RRC processing module (116) sends it to the terminal.

3)在步骤405中,收到RRCConnectionSetup消息(503)后,如果终端上IMSI安全传输协商模块(304)解析到密钥提取方法和加解密算法协商的“协商确认”,在终端IMSI安全传输关联数据库(303)中设置“密钥提取方法和加解密算法”协商成功;否则,终端选择其它配备IMSI安全传输装置(200)的小区,当没有具有装置200的小区时,终端将不启用IMSI安全传输功能。3) In step 405, after receiving the RRCConnectionSetup message (503), if the IMSI secure transmission negotiation module (304) on the terminal resolves to the "negotiation confirmation" negotiated between the key extraction method and the encryption and decryption algorithm, the terminal IMSI secure transmission association Set in the database (303) that the negotiation of "key extraction method and encryption and decryption algorithm" is successful; otherwise, the terminal selects other cells equipped with the IMSI security transmission device (200), and when there is no cell with the device 200, the terminal will not enable the IMSI security transmission device (200). transfer function.

加解密密钥的协商(步骤406)。只有当终端和基站执行步骤405,并且启用IMSI安全传输功能时,执行步骤406。Negotiation of encryption and decryption keys (step 406). Step 406 is executed only when the terminal and the base station execute step 405 and enable the IMSI secure transmission function.

1)在步骤406中,当收到RRCConnectionSetup消息(503)后,终端上IMSI安全传输协商模块(304)解析其中的IMSI安全传输协商反馈信息,终端上加解密密钥协商模块(305)按照协商出的密钥提取方法从本下行子帧和后面的若干个下行子帧的物理层信息中提取加密密钥;然后,终端上RRC处理模块(126)在调度指定的上行时隙里向基站发送RRCConnectionComplete消息(504)。1) In step 406, after receiving the RRCConnectionSetup message (503), the IMSI secure transmission negotiation module (304) on the terminal parses the IMSI secure transmission negotiation feedback information therein, and the encryption and decryption key negotiation module (305) on the terminal follows the negotiation The key extraction method extracts the encryption key from the physical layer information of this downlink subframe and the following downlink subframes; then, the RRC processing module (126) on the terminal sends the RRCConnectionComplete message (504).

2)在步骤406中,收到RRCConnectionComplete消息(504)后,基站上加解密密钥协商模块(205)利用所选取的密钥提取算法,从上行信号中提取解密密钥,保存在基站上IMSI安全传输关联数据库(203)中。2) In step 406, after receiving the RRCConnectionComplete message (504), the encryption and decryption key negotiation module (205) on the base station uses the selected key extraction algorithm to extract the decryption key from the uplink signal and save it in the IMSI key on the base station. In the secure transmission association database (203).

3)在步骤406中,终端上加解密密钥协商模块(305)利用小区专属参考信号(CRS)分析无线信道特征、提取加密密钥;基站上加解密密钥协商模块(205)利用基站上行解调参考信号(DMRS)或探测参考信号(SRS)分析无线信道特征、提取解密密钥。3) In step 406, the encryption and decryption key negotiation module (305) on the terminal uses the cell-specific reference signal (CRS) to analyze the wireless channel characteristics and extract the encryption key; the encryption and decryption key negotiation module (205) on the base station uses the uplink The demodulation reference signal (DMRS) or sounding reference signal (SRS) analyzes the characteristics of the wireless channel and extracts the decryption key.

初始附着过程中的AttachRequest里的IMSI加密与解密(步骤407)。只有当终端和基站执行步骤406中,才执行步骤407。IMSI encryption and decryption in the AttachRequest in the initial attach process (step 407). Step 407 is performed only when the terminal and the base station perform step 406 .

1)在步骤407中,终端上RRC处理模块(126)在调度指定的上行时隙里向基站发送RRCConnectionComplete消息(504)之前,终端加密模块(306)利用加密密钥和选取的加密算法对初始附着过程中的AttachRequest里的IMSI加密,终端上NAS处理模块(127)再把含有加过密的IMSI的AttachRequest消息(505)封装在RRCConnectionComplete消息(504)中;1) In step 407, before the RRC processing module (126) on the terminal sends the RRCConnectionComplete message (504) to the base station in the uplink time slot specified by the scheduling, the terminal encryption module (306) uses the encryption key and the selected encryption algorithm to encrypt the initial The IMSI in the AttachRequest in the attachment process is encrypted, and the NAS processing module (127) on the terminal encapsulates the AttachRequest message (505) containing the encrypted IMSI in the RRCConnectionComplete message (504);

2)在步骤407中,基站上解密模块(206)利用协商出的解密密钥和解密算法,对AttachRequest消息(505)中的加密IMSI进行解密,然后,基站上NAS转发模块(117)将含有IMSI明文的AttachRequest消息(506)发送给MME。2) In step 407, the decryption module (206) on the base station uses the negotiated decryption key and decryption algorithm to decrypt the encrypted IMSI in the AttachRequest message (505), and then the NAS forwarding module (117) on the base station will contain The IMSI plaintext AttachRequest message (506) is sent to the MME.

Identity Response中的IMSI加密与解密(步骤408)。只有当终端和基站执行步骤406后,才执行步骤408。IMSI encryption and decryption in Identity Response (step 408). Step 408 is executed only after the terminal and the base station execute step 406 .

1)在步骤408中,当终端需要向核心网发送IdentityResponse消息时,终端加密模块(306)利用保存在终端上IMSI安全传输关联数据库(303)的加密密钥对IdentityResponse消息中的IMSI加密;然后终端上NAS处理模块(127)把含有加过密的IMSI的IdentityResponse消息(509)发送给基站。1) In step 408, when the terminal needs to send the IdentityResponse message to the core network, the terminal encryption module (306) utilizes the encryption key stored in the IMSI secure transmission association database (303) on the terminal to encrypt the IMSI in the IdentityResponse message; then The NAS processing module (127) on the terminal sends the IdentityResponse message (509) containing the encrypted IMSI to the base station.

2)在步骤408中,当基站收到IdentityResponse消息(509)时,基站上解密模块(206)用保存在基站上IMSI安全传输关联数据库(203)的解密密钥对IdentityResponse消息(509)中的IMSI解密,然后,基站上NAS转发模块(117)把IdentityResponse消息(510)发送给核心网。2) In step 408, when the base station receives the IdentityResponse message (509), the decryption module (206) on the base station uses the decryption key stored in the IMSI secure transmission association database (203) on the base station to pair the identityResponse message (509) The IMSI is decrypted, and then the NAS forwarding module (117) on the base station sends the IdentityResponse message (510) to the core network.

综上所述,本发明公开了一种在空口上安全传输LTE用户IMSI的方法和系统。本发明的描述是为了示例和描述起见而给出的,而并不是无遗漏的或者将本发明限于所公开的形式。显然,本领域的普通技术人员可以对本发明的示例进行各种改动和变形而不脱离本发明的精神和原则。选择和描述实施例是为了更好说明本发明的原理和实际应用,并且使本领域的普通技术人员能够理解本发明从而设计适于特定用途的带有各种修改的各种实施例。To sum up, the present invention discloses a method and system for securely transmitting an LTE user IMSI over an air interface. The description of the present invention has been presented for purposes of illustration and description, but is not intended to be exhaustive or limited to the invention in the form disclosed. Apparently, those skilled in the art can make various changes and modifications to the examples of the present invention without departing from the spirit and principle of the present invention. The embodiment was chosen and described in order to better explain the principles of the invention and the practical application, and to enable others of ordinary skill in the art to understand the invention and design various embodiments with various modifications as are suited to the particular use.

Claims (5)

1. a kind of in the method for upper safe transmission LTE user IMSI of eating dishes without rice or wine, step is:
1) the IMSI safe transmission ability of base station and the IMSI safe transmission ability of terminal is respectively configured;The IMSI safe transmission Ability includes whether to support the key extraction method and enciphering and deciphering algorithm of IMSI safe transmission, support;
2) the safe transmission ability information that base station broadcast base station in its cell is configured;
3) terminal receives and parses through the broadcast message of base station transmission, and choosing, there is the base station of IMSI safe transmission function to carry out IMSI safe transmission is negotiated, and key extraction method and enciphering and deciphering algorithm between terminal and base station are chosen;Wherein, the progress IMSI safe transmission negotiate method be:Whether the terminal will enable IMSI safe transmission function, key extraction method and add Decipherment algorithm, which is placed in RRCConnectionRequest message, is sent to the base station;The base station receives this After RRCConnectionRequest message, IMSI safe transmission negotiation information therein is parsed, and these information and terminal Mark UE-Identity is stored together in the IMSI safe transmission linked database of base station;Then by determining cipher key-extraction side Method and enciphering and deciphering algorithm are placed in RRCConnectionSetup message as consultation and feedback information issues the terminal;
4) it is close to extract encryption according to the key extraction method negotiated from the physical layer information of setting downlink subframe for the terminal Key, and uplink signal is sent to the base station in the ascending time slot of setting;
5) decruption key is extracted according to the key extraction method negotiated in the base station from uplink signal, and is stored in base station In IMSI safe transmission linked database;
6) terminal utilizes the encryption key and selected Encryption Algorithm, in initial attaching process IMSI encryption in AttachRequest message;Then the AttachRequest message containing IMSI ciphertext is encapsulated in The base station is sent in RRCConnectionComplete message;
7) base station is decrypted from the AttachRequest message using the decruption key and selected decipherment algorithm IMSI。
2. the method as described in claim 1, which is characterized in that after the step 5), the terminal needs to send out to core net When sending IdentityResponse message, after the terminal encrypts the IMSI in IdentityResponse with the encryption key It is sent to the base station;When the base station receives the IdentityResponse message, with the decruption key of preservation to this IMSI decryption in IdentityResponse message, is then sent to core net for the IdentityResponse message.
3. method according to claim 1 or 2, which is characterized in that the base station is to being stored in IMSI safe transmission incidence number It is cryptographically stored according to the key in library.
4. a kind of in the system of upper safe transmission LTE user IMSI of eating dishes without rice or wine, including base station and terminal, which is characterized in that the base It stands and is equipped with IMSI safe transmission device, and including with lower component:
IMSI safe transmission ability configuration module, for configuring and storing the IMSI safe transmission ability of base station;The IMSI peace Full transmittability includes whether to support the key extraction method and enciphering and deciphering algorithm of IMSI safe transmission, support;
Base station IMSI safe transmission ability broadcast module, the IMSI safe transmission ability letter for the terminal broadcast base station into cell Breath;
IMSI safe transmission linked database, for storing and the IMSI safe transmission related information of terminal room;
IMSI safe transmission negotiation module carries out whether the negotiation of IMSI safe transmission enables IMSI biography safely for negotiating with terminal Transmission function, key extraction method and enciphering and deciphering algorithm;
It is close to extract decryption for the key extraction method according to negotiation from ascending physical signal signal for the negotiation module of encryption and decryption key Key;
Deciphering module, for being decrypted to the encryption IMSI information in AttachRequest or IdentityResponse message;
The terminal is equipped with IMSI safe transmission device, and including with lower component:
IMSI safe transmission ability configuration module, for configuring and storing the IMSI safe transmission ability of terminal;The IMSI peace Full transmittability includes whether to support the key extraction method and enciphering and deciphering algorithm of IMSI safe transmission, support;
IMSI safe transmission ability receiving module, for receiving and parsing base station IMSI safe transmission ability information;
IMSI safe transmission linked database, for the IMSI safe transmission related information between storage and base station;
IMSI safe transmission negotiation module carries out whether the negotiation of IMSI safe transmission enables IMSI biography safely for negotiating with base station Transmission function, key extraction method and enciphering and deciphering algorithm;
It is close to extract encryption for the key extraction method according to negotiation from downlink physical signal for the negotiation module of encryption and decryption key Key;
Encrypting module, for being encrypted to the IMSI in AttachRequest or IdentityResponse message;
Wherein, the method for carrying out the negotiation of IMSI safe transmission is:The terminal whether will enable IMSI safe transmission function, Key extraction method and enciphering and deciphering algorithm, which are placed in RRCConnectionRequest message, is sent to the base station;The base station After receiving the RRCConnectionRequest message, IMSI safe transmission negotiation information therein is parsed, and these information It is stored in the IMSI safe transmission linked database of base station together with terminal iidentification UE-Identity;Then by determining key Extracting method and enciphering and deciphering algorithm are placed in RRCConnectionSetup message as consultation and feedback information issues the terminal.
5. system as claimed in claim 4, which is characterized in that the base station is to being stored in IMSI safe transmission linked database In key cryptographically store.
CN201410795421.8A 2014-12-18 2014-12-18 A method and system for securely transmitting LTE user IMSI on an air interface Expired - Fee Related CN104581710B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410795421.8A CN104581710B (en) 2014-12-18 2014-12-18 A method and system for securely transmitting LTE user IMSI on an air interface

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410795421.8A CN104581710B (en) 2014-12-18 2014-12-18 A method and system for securely transmitting LTE user IMSI on an air interface

Publications (2)

Publication Number Publication Date
CN104581710A CN104581710A (en) 2015-04-29
CN104581710B true CN104581710B (en) 2018-11-23

Family

ID=53096697

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410795421.8A Expired - Fee Related CN104581710B (en) 2014-12-18 2014-12-18 A method and system for securely transmitting LTE user IMSI on an air interface

Country Status (1)

Country Link
CN (1) CN104581710B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3334238B1 (en) * 2015-08-07 2025-08-06 Sharp Kabushiki Kaisha Terminal device, mme, method for controlling communication of terminal device, and method for controlling communication of mme
CN106911468B (en) * 2015-12-23 2019-09-13 大唐半导体设计有限公司 A kind of method and apparatus for realizing key agreement
CN107820239B (en) * 2016-09-12 2021-11-19 中国移动通信有限公司研究院 Information processing method and device
CN108235312A (en) * 2018-01-16 2018-06-29 奇酷互联网络科技(深圳)有限公司 Communication control method, device and the mobile terminal of mobile terminal
CN108154590A (en) * 2018-01-18 2018-06-12 南京熊猫电子股份有限公司 Banister control system and method based on mobile phone IMSI number
CN110418335A (en) * 2018-04-28 2019-11-05 中国移动通信有限公司研究院 An information processing method, network equipment and terminal
CN108882233B (en) * 2018-07-17 2021-05-25 中国联合网络通信集团有限公司 An IMSI encryption method, core network and user terminal
CN111465019B (en) 2019-01-18 2023-09-19 中兴通讯股份有限公司 Capability reporting and key negotiation methods and devices, terminal, communication equipment and system
CN111465020A (en) 2019-01-18 2020-07-28 中兴通讯股份有限公司 Anti-counterfeiting base station method and device and computer readable storage medium
CN110299966B (en) * 2019-07-26 2020-05-19 华中科技大学 Data transmission method, terminal and base station

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1941695A (en) * 2005-09-29 2007-04-04 华为技术有限公司 Method and system for generating and distributing key during initial access network process
CN101312583A (en) * 2007-05-21 2008-11-26 展讯通信(上海)有限公司 Mobile phone cipher selection method, system and smart card apparatus
CN101500229A (en) * 2008-01-30 2009-08-05 华为技术有限公司 Method for establishing security association and communication network system
CN101552668A (en) * 2008-03-31 2009-10-07 展讯通信(上海)有限公司 Certificating method, user equipment and base station for accessing user equipment into network
WO2011115407A2 (en) * 2010-03-15 2011-09-22 Samsung Electronics Co., Ltd. Method and system for secured remote provisioning of a universal integrated circuit card of a user equipment
CN104219650A (en) * 2014-09-22 2014-12-17 北京电子科技学院 Method for sending user identity authentication information and user equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1941695A (en) * 2005-09-29 2007-04-04 华为技术有限公司 Method and system for generating and distributing key during initial access network process
CN101312583A (en) * 2007-05-21 2008-11-26 展讯通信(上海)有限公司 Mobile phone cipher selection method, system and smart card apparatus
CN101500229A (en) * 2008-01-30 2009-08-05 华为技术有限公司 Method for establishing security association and communication network system
CN101552668A (en) * 2008-03-31 2009-10-07 展讯通信(上海)有限公司 Certificating method, user equipment and base station for accessing user equipment into network
WO2011115407A2 (en) * 2010-03-15 2011-09-22 Samsung Electronics Co., Ltd. Method and system for secured remote provisioning of a universal integrated circuit card of a user equipment
CN104219650A (en) * 2014-09-22 2014-12-17 北京电子科技学院 Method for sending user identity authentication information and user equipment

Also Published As

Publication number Publication date
CN104581710A (en) 2015-04-29

Similar Documents

Publication Publication Date Title
CN104581710B (en) A method and system for securely transmitting LTE user IMSI on an air interface
US12432559B2 (en) Methods and apparatus for secure access control in wireless communications
US20210345104A1 (en) Relay sidelink communications for secure link establishment
US11856402B2 (en) Identity-based message integrity protection and verification for wireless communication
CN113411308B (en) A communication method, device and storage medium
US11228908B2 (en) Data transmission method and related device and system
EP3213486B1 (en) Device to device communication between user equipments
KR101554396B1 (en) Method and apparatus for binding subscriber authentication and device authentication in communication systems
TWI332345B (en) Security considerations for the lte of umts
KR20230054421A (en) Privacy of Repeater Selection in Cellular Sliced Networks
WO2018077220A1 (en) System and method for massive iot group authentication
US20200228977A1 (en) Parameter Protection Method And Device, And System
CN106455001A (en) Method and device for configuring WIFI module
US10516994B2 (en) Authentication with privacy identity
CN107710801A (en) Exempt from method, user equipment, access network equipment and the equipment of the core network of authorized transmissions
US11722890B2 (en) Methods and systems for deriving cu-up security keys for disaggregated gNB architecture
WO2015064475A1 (en) Communication control method, authentication server, and user equipment
WO2025210501A1 (en) Security algorithm management in communication network environment
GB2639980A (en) Security algorithm management in communication network environment
CN119450459A (en) Communication method and communication device
WO2025139617A1 (en) Communication method and apparatus
KR20250138171A (en) How to provision credentials to user devices in a private communications network
CN116582825A (en) Sidelink communication broadcasting method and device and electronic equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20181123

Termination date: 20191218

CF01 Termination of patent right due to non-payment of annual fee