CN104883339B - A method, device and system for user privacy protection - Google Patents

Abstract

The embodiment of the present invention discloses a kind of method, apparatus and system of privacy of user protection, is related to communication network application technology, by hiding the true ID of user using random user ID, solves the problems, such as privacy of user exposure, improves the sense of security of user network experience.This method comprises: user equipment (UE) sends login request message to location server by router；The UE receives the random value that the location server is sent by the router;The UE is according to the shared key, the user identifier of the UE, and the identifier of the random value and the location server obtained in advance generates the interim subscriber identity, and the common key is corresponding with the user identifier of the UE.The embodiment of the present invention is applied to hide the true ID of user equipment.

Description

A method, device and system for user privacy protection

technical field

The present invention relates to communication network application technology, in particular to a method, device and system for user privacy protection.

Background technique

With the increasing attention of network security around the world, the security of IP (Internet Protocol, Internet Protocol) addresses and the security of user IDs have received extensive attention. ), which is also a locator (that is, a network location identifier), which makes the separation of the transport layer and the network layer not thorough enough. This makes the traditional TCP/IP network unable to support the host multi-homing scenario, that is, multiple network cards of the same host access the network at the same time, and switching network cards will cause IP changes and service interruptions.

In a mobile network, when a terminal moves, it may cause IP address redistribution. Although it is used by the same terminal and the same user, the four-tuple of the transport layer (<local IP, remote IP, local port, remote port>) has changed, which will cause the connection to be broken and re-established. If a user has multiple devices, the required service traffic needs to be seamlessly switched between multiple devices, which cannot be supported by traditional TCP/IP networks.

In the prior art, in the network architecture of the User Identity Protocol (UIP), the user identifier UserID is assigned by the operator and remains unchanged; the device identifier DeviceID is assigned by the device manufacturer or operator, and a UserID Multiple DeviceIDs can be associated; the Locator is usually an IP address, which is assigned by the operator or specified by the user, and one DeviceID can be associated with multiple Locators. But with regard to network security, attackers are likely to track the user's location information based on the user ID, which may adopt certain coding rules for user IDs in some countries, such as the prefixes of the IDs of users in different regions. Therefore, an attacker can guess private information such as geographic location based on the prefix of the user ID. If an attacker obtains the services subscribed by the user based on the user ID, a large amount of private information of the user will be obtained, threatening user privacy security and property security.

SUMMARY OF THE INVENTION

Embodiments of the present invention provide a method, device and system for user privacy protection. By using random user IDs to hide user real IDs, the problem of user privacy exposure is solved and the user's sense of security in network experience is improved.

To achieve the above object, the embodiments of the present invention adopt the following technical solutions:

A first aspect provides a method for user privacy protection, comprising:

The user equipment UE sends a registration request message to the location server through the router, so that the location server generates a random value when receiving the registration request message of the UE, and sends the random value to the UE, and the registration request The message contains the user identifier of the UE, so that the location server generates a temporary user identifier according to the random value, the common key, the user identifier of the UE, and the identifier of the location server, and saves the temporary user identifier. a corresponding relationship between the user identity, the user identity of the UE, the UE identity and the identity of the location server, so that the location server recognizes the message containing the temporary user identity sent by the UE according to the corresponding relationship, the common key corresponds to the user identity of the UE;

The UE receives the random value sent by the location server through the router;

The UE generates the temporary user identity according to the shared key, the user identity of the UE, the random value and the pre-acquired identifier of the location server, and the shared key is associated with the user of the UE. corresponding to the logo.

With reference to the first aspect, a first possible implementation specifically includes: the UE receiving the random value sent by the location server through the router includes:

The UE receives, through the router, an authentication request message sent by the location server, where the authentication request message includes the random value.

With reference to the first aspect, in a second possible implementation manner, the UE receives, through the router, the random value sent by the location server, including:

The UE receives, through the router, a registration response message sent by the location server, where the registration response message includes the random value.

A second aspect provides a method for user privacy protection, comprising:

The location server receives the registration request message sent by the user equipment UE through the router, and the registration request message includes the user identity of the UE, wherein, when the location server receives the registration request message sent by the UE, the location server generate random values;

The location server sends the random value to the UE through the router, so that the UE uses the shared key, the user identity of the UE, the random value and the pre-acquired location server identifier to generate a temporary user ID;

The location server obtains a common key according to the user identity of the UE, and generates the temporary user identity according to the shared key, the user identity of the UE, the random value and the identifier of the location server;

The location server saves the correspondence between the temporary user identity, the user identity of the UE, the UE identity, and the identity of the location server, and identifies, through the correspondence, that the temporary user information sent by the UE includes the temporary user. The identified message.

With reference to the second aspect, in a first possible implementation manner, the location server sending the random value to the UE through the router includes:

The location server sends an authentication request message to the UE through the router, and the authentication request message includes a random value, so that the UE can obtain the random value according to the shared key, the UE's user identity, and the random value. and the pre-acquired identifier of the location server to generate a temporary user identifier, and the common key corresponds to the user identifier of the UE.

With reference to the second aspect, in a second possible implementation manner, the location server sending the random value to the UE through the router includes:

The location server forwards a registration response message to the UE through the router, and the registration response message includes a random value, so that the UE can use the shared key, the UE's user identity, the random value and the pre-acquired identifier of the location server to generate a temporary user identifier, and the common key corresponds to the user identifier of the UE.

A third aspect provides a method for user privacy protection, comprising:

The user equipment UE sends a registration request message to the location server through the router, and the registration request message includes the user identity of the UE, so that the location server generates a random value when receiving the registration request message of the UE, and according to The random value, the user identity of the UE and the identifier of the location server generate a temporary user identity, and save the correspondence between the temporary user identity, the user identity of the UE, the UE identity and the identity of the location server. relationship, so that the location server identifies the message containing the temporary user identity sent by the UE according to the corresponding relationship;

The UE receives the temporary user identity through the router.

With reference to the third aspect, in a first possible implementation manner, the UE receiving the temporary user identifier through the router includes:

The UE receives, through the router, a registration response message sent by the location server, where the registration response message includes the temporary user identifier.

A fourth aspect provides a method for user privacy protection, comprising:

The location server receives the registration request message sent by the user equipment UE through the router, and the registration request message includes the user identity of the UE, wherein, when the location server receives the registration request message sent by the user equipment UE, the registration request message The location server generates random values;

generating, by the location server, a temporary user identity according to the random value, the user identity of the UE and the identifier of the location server;

The location server saves the corresponding relationship between the temporary user identity, the user identity of the UE, the UE identity, and the identity of the location server, so that the location server can identify, according to the corresponding relationship, that the information sent by the UE includes the message of the temporary user identification;

The location server forwards the temporary user identity to the UE through the router.

With reference to the fourth aspect, in a first possible implementation manner, the generation of the temporary user identifier by the location server according to the random value, the user identifier of the UE, and the identifier of the location server includes:

The location server generates a temporary user identifier according to the random value, the shared key, the user identifier of the UE, and the identifier of the location server, and the common key corresponds to the user identifier of the UE.

With reference to the fourth aspect, in a second possible implementation manner, the location server forwards the temporary user identity to the UE through the router, including:

The location server forwards a registration response message to the UE through the router, where the registration response message includes the temporary user identifier.

A fifth aspect, a user equipment, comprising:

a communication unit, configured to send a registration request message to a location server through a router, so that the location server generates a random value when receiving the registration request message of the UE, and sends the random value to the UE, the The registration request message includes the UE's user identity, so that the location server generates a temporary user identity according to the random value, the common key, the UE's user identity, and the location server's identifier, and saves all The corresponding relationship between the temporary user identity, the user identity of the UE, the UE identity, and the identity of the location server, so that the location server can identify, according to the corresponding relationship, the information sent by the UE that contains the temporary user identity. message, the common key corresponds to the user identity of the UE;

The communication unit is further configured to receive, through the router, the random value sent by the location server;

a generating unit, configured to generate the temporary user identity according to the shared key, the user identity of the UE, the random value and the pre-acquired identifier of the location server, the shared key and the UE corresponding to the user ID.

With reference to the fifth aspect, in the first possible implementation manner, the communication unit is specifically further configured to:

The authentication request message sent by the location server is received by the router, where the authentication request message includes the random value.

With reference to the fifth aspect, in the second possible implementation manner, the communication unit is specifically further used for:

A registration response message sent by the location server is received by the router, where the registration response message includes the random value.

A sixth aspect, a location server, comprising:

A communication unit, configured to receive a registration request message sent by a user equipment UE through a router, where the registration request message includes a user identity of the UE, wherein when the location server receives the registration request message sent by the UE, the The location server generates a random value;

The communication unit is further configured to send the random value to the UE through the router, so that the UE can use the shared key, the user identity of the UE, the random value and the pre-acquired The identifier of the location server generates a temporary user identity;

a generating unit, configured to obtain a common key according to the user identity of the UE, and generate the temporary user identity according to the shared key, the user identity of the UE, the random value and the identifier of the location server ;

a storage unit, configured to save the corresponding relationship between the temporary user identity, the user identity of the UE, the UE identity and the identity of the location server generated by the generating unit, and identify the UE through the corresponding relationship The sent message contains the temporary user identification.

With reference to the sixth aspect, the first possible implementation manner specifically includes that the communication unit is further configured to:

Send an authentication request message to the UE through the router, and the authentication request message includes a random value, so that the UE can use the shared key, the UE's user identity, the random value and the pre-acquired The identifier of the location server generates a temporary user identity, and the common key corresponds to the user identity of the UE.

With reference to the sixth aspect, in the second possible implementation manner, the communication unit is specifically further used for:

The router forwards a registration response message to the UE, where the registration response message includes a random value, so that the UE can use the shared key, the UE's user identity, the random value and a pre-acquired The identifier of the location server generates a temporary user identity, and the common key corresponds to the user identity of the UE.

A seventh aspect, a user equipment, comprising:

a sending unit, configured to send a registration request message to the location server through the router, where the registration request message includes the user identity of the UE, so that the location server generates a random value when receiving the registration request message of the UE, and generate a temporary user identity according to the random value, the user identity of the UE and the identifier of the location server, and save the temporary user identity, the user identity of the UE, the UE identity and the identity of the location server The corresponding relationship, so that the location server recognizes the message containing the temporary user identity sent by the UE according to the corresponding relationship;

A receiving unit, configured to receive the temporary user identifier through the router.

With reference to the seventh aspect, in the first possible implementation manner, the receiving unit is specifically further configured to:

A registration response message sent by the location server is received by the router, where the registration response message includes the temporary user identifier.

In an eighth aspect, a location server, comprising:

a communication unit, configured to receive a registration request message sent by the user equipment UE through the router, where the registration request message includes the user identity of the UE, wherein when the location server receives the registration request message sent by the user equipment UE , the location server generates a random value;

a generating unit, configured to generate a temporary user identity according to the random value, the user identity of the UE and the identifier of the location server;

a storage unit, configured to save the corresponding relationship between the temporary user identity, the user identity of the UE, the UE identity and the identity of the location server generated by the generating unit, so that the location server can identify the corresponding relationship a message sent by the UE that includes the temporary user identity;

The communication unit is further configured to forward the temporary user identity generated by the generating unit to the UE through the router.

With reference to the eighth aspect, in the first possible implementation manner, the generating unit is specifically further configured to:

A temporary user identity is generated according to the random value, the shared key, the user identity of the UE and the identifier of the location server, and the common key corresponds to the user identity of the UE.

With reference to the eighth aspect, in the second possible implementation manner, the communication unit is specifically further configured to:

The router forwards a registration response message to the UE, where the registration response message includes the temporary user identity.

In a ninth aspect, a communication system includes: a location server, a router, and a user equipment UE connected to the router, wherein,

The location server is the location server described in the sixth aspect or any possible implementation manner of the sixth aspect;

The user equipment UE is the user equipment described in the fifth aspect or any possible implementation manner of the fifth aspect;

or,

The location server is the location server described in the eighth aspect or any possible implementation manner of the eighth aspect;

The user equipment UE is the user equipment described in the seventh aspect or any possible implementation manner of the seventh aspect.

In the method, device and system for user privacy protection provided by the embodiments of the present invention, the user equipment UE sends the user identification of the user equipment to the location server through a registration request message, and obtains the shared key according to the user identification of the UE, and the user equipment By using the random user ID to hide the user's real ID, the problem of user privacy exposure is solved, and the user's sense of security in the network experience is improved.

Description of drawings

In order to illustrate the technical solutions in the embodiments of the present invention more clearly, the following briefly introduces the accompanying drawings used in the description of the embodiments. Obviously, the accompanying drawings in the following description are only some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without creative effort.

1 is a schematic diagram of a network topology structure of a UIP (User Identity Protocol, User Identity Protocol) according to an embodiment of the present invention;

2 is a schematic flowchart of a method for protecting user privacy according to an embodiment of the present invention;

3 is a schematic flowchart of another method for protecting user privacy provided by an embodiment of the present invention;

4 is a schematic flowchart of a method for protecting user privacy according to another embodiment of the present invention;

5 is a schematic flowchart of another method for protecting user privacy provided by another embodiment of the present invention;

6 is a schematic flowchart of a method for protecting user privacy according to another embodiment of the present invention;

7 is a schematic flowchart of another method for protecting user privacy provided by another embodiment of the present invention;

FIG. 8 is a schematic flowchart of still another method for protecting user privacy according to still another embodiment of the present invention;

FIG. 9 is a schematic structural diagram of a user equipment according to an embodiment of the present invention;

10 is a schematic structural diagram of a location server according to an embodiment of the present invention;

FIG. 11 is a schematic structural diagram of a user equipment according to another embodiment of the present invention;

12 is a schematic structural diagram of a location server according to another embodiment of the present invention;

FIG. 13 is a schematic structural diagram of a user equipment according to another embodiment of the present invention;

14 is a schematic structural diagram of a location server according to another embodiment of the present invention;

FIG. 15 is a schematic structural diagram of a user equipment according to still another embodiment of the present invention;

FIG. 16 is a schematic structural diagram of a location server according to still another embodiment of the present invention;

FIG. 17 is a schematic structural diagram of a communication system according to an embodiment of the present invention.

Detailed ways

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

The present invention is applicable to the user identity protocol UIP (User Identity Protocol) network architecture, wherein as shown in Figure 1, the UIP network consists of one or more UIP domains, and a UIP domain consists of a location server SLS (SubscriberLocation Server), one or more A domain router (DR) consists of one or more gateway GWs (GateWay). The DR is used to save the mapping relationship between the user ID UserID and the user's locator Locator, user data forwarding and message address conversion, and the DRs within and between domains are connected to each other. SLS is used to save the mapping relationship between the user ID UserID and the current DR of the user. The UE accesses the UIP domain through the radio access network. The present invention provides a method for user privacy protection. Referring to FIG. 2 , on the user equipment side, the specific steps are as follows:

101. The user equipment UE sends a registration request message to a location server through a router, so that the location server generates a random value when receiving the registration request message from the UE, and sends the random value to the UE.

The registration request message includes the UE's user identity, so that the location server generates a temporary user identity according to the random value, the common key, the UE's user identity, and the location server's identifier, and Save the corresponding relationship between the temporary user identity, the user identity of the UE, the UE identity, and the identity of the location server, so that the location server can identify, according to the corresponding relationship, that the information sent by the UE includes the temporary user ID message, the common key corresponds to the user ID of the UE.

The method for obtaining the shared key here may be Authentication and Key Agreement (AKA) or other key agreement methods.

Here, the user equipment UE (User Equipment) can forward the registration request message through the domain router DR (Domain Router), and send the basic information of the UE itself, such as the user ID UserID, the device ID Device ID and the locator Locator to the user location server SLS ( Subscriber Location Server), so that the SLS obtains the basic information (ie basic parameters) of the UE according to the registration request message of the UE.

Wherein, the registration request message further includes: a device identifier and/or a locator of the UE.

102. The UE receives the random value sent by the location server through the router.

103. The UE generates a temporary user identifier according to the shared key, the user identifier of the UE, the random value, and the identifier of the location server acquired in advance.

Wherein, the common key corresponds to the user identity of the UE.

Here, the UE can obtain the random value nonce generated by the SLS according to the authentication request message received before negotiating with the SLS to obtain the shared key SKey, and generate a temporary value based on the nonce, the SLS ID of the SLS obtained in advance, the SKey and the UE's own UserID. User ID TempUser ID;

or,

After obtaining the shared key SKey through negotiation with the SLS, the random value nonce is obtained from the received registration response message, and the temporary user identifier TempUserID is generated according to the nonce, the SLS ID of the SLS, the SKey and the UE's own UserID;

or,

In addition to generating the TempUser ID by the UE itself according to the nonce sent by the SLS, optionally, the UE receives the temporary user identifier TempUser ID that has been generated by the SLS by receiving the registration response message sent by the SLS.

The present invention provides a method for user privacy protection. Referring to FIG. 3 , on the location server side, the specific steps are as follows:

201. The location server receives, through the router, a registration request message sent by the user equipment UE.

Here, the registration request message includes the user identity of the UE, wherein, when the location server receives the registration request message sent by the UE, the location server generates a random value.

Wherein, the registration request message further includes the user equipment identifier Device ID and/or the UE's locator Locator.

202. The location server sends the random value to the UE through the router, so that the UE generates a temporary user identity according to the shared key, the user identity of the UE, the random value and the pre-acquired identifier of the location server.

203. The location server generates a temporary user identifier according to the shared key, the user identifier of the UE, the random value and the identifier of the location server.

The method for obtaining the shared key may be Authentication and Key Agreement (AKA) or other key agreement methods.

Here, the subscriber location server SLS (Subscriber Location Server) can generate a temporary user identifier TempUser according to the random value nonce generated by the SLS before negotiating with the UE to obtain the shared key SKey, and based on the nonce, the SLS ID of the SLS itself, the SKey and the UserID of the UE ID;

or,

After obtaining the shared key SKey through negotiation with the UE, the SLS generates a random value nonce, and before sending the registration response message carrying the nonce, the SLS generates a temporary user identifier TempUser ID according to the nonce, the SLS ID of the SLS, the SKey and the UserID of the UE itself;

or,

After the SLS receives the authentication response message sent by the UE, the SLS generates a nonce, generates a TempUser ID according to the nonce, and sends the generated TempUser ID to the UE by sending a registration response message.

204. The location server stores the correspondence between the temporary user identity, the user identity of the UE, the UE identity, and the identity of the location server, and identifies the message including the temporary user identity sent by the UE through the correspondence.

Wherein, optionally, the SLS stores the mapping relationship between the temporary user identifier TempUser ID and the user identifier UserID of the UE, the device identifier Device ID and the locator Locator.

In the method for user privacy protection provided by the embodiment of the present invention, the user equipment UE sends the user identification of the user equipment to the location server through a registration request message, and obtains the shared key according to the user identification of the UE, the user identification of the user equipment, The pre-obtained identity of the location server and the shared key are used to generate a temporary user identity, and the user's real ID is hidden by using a random user ID, which solves the problem of user privacy exposure and improves the security of the user's network experience.

The present invention provides another method for user privacy protection. Referring to FIG. 4 , on the user equipment side, the specific steps are as follows:

301. The user equipment UE sends a registration request message to a location server through a router.

The registration request message includes the UE's user identity, so that the location server generates a random value when receiving the UE's registration request message, and generates a random value according to the random value, the UE's user identity and the The identifier of the location server generates a temporary user identity, and saves the corresponding relationship between the temporary user identity, the user identity of the UE, the UE identity and the identity of the location server, so that the location server is based on the corresponding relationship. A message sent by the UE containing the temporary user identity is identified.

302. The UE receives the temporary user identifier through the router.

The UE receives, through the router, a registration response message sent by the location server, where the registration response message includes the temporary user identifier.

The present invention provides another method for user privacy protection. Referring to FIG. 5 , on the location server side, the specific steps are as follows:

401. The location server receives, through the router, a registration request message sent by the user equipment UE.

Here, the registration request message includes the user identity of the UE, wherein when the location server receives the registration request message sent by the user equipment UE, the location server generates a random value.

402. The location server generates a temporary user identifier according to the random value, the user identifier of the UE, and the identifier of the location server.

403. The location server saves the correspondence between the temporary user identifier, the user identifier of the UE, the UE identifier, and the identifier of the location server, so that the location server identifies the message containing the temporary user identifier sent by the UE according to the correspondence.

Wherein, optionally, the SLS stores the mapping relationship between the temporary user identifier TempUser ID and the user identifier UserID of the UE, the device identifier Device ID and the locator Locator.

404. The location server forwards the temporary user identity to the UE through the router.

The location server forwards a registration response message to the UE through the router, and the registration response message includes the temporary user identifier.

In the method for user privacy protection provided by the embodiment of the present invention, the location server generates a temporary user identifier according to a randomly generated random value, and sends the temporary user identifier to the user equipment UE through a router through a registration response message, and then hides the user by using a random user ID. The real ID solves the problem of user privacy exposure and improves the user's sense of security in the network experience.

The router in the embodiment of the present invention is described by taking the domain router DR, and the location server taking the user location server SLS as an example.

Specifically, the following description is made with reference to specific embodiments.

Example 1

On the basis of the embodiment shown in FIG. 2 or FIG. 3, referring to FIG. 6, an embodiment of the present invention provides a method for user privacy protection. Referring to FIG. 6, the user location server SLS and the user are provided. The process that the device UE generates the shared key SKey through negotiation, and generates the temporary user identifier TempUserID according to the SKey, SLS and/or UE ID. The specific steps are as follows:

501. The user equipment UE sends a registration request message to a location server through a router, so that the location server generates a random value when receiving the registration request message from the UE, and sends the random value to the UE.

The registration request message includes the UE's user identity, so that the location server generates a temporary user identity according to the random value, the common key, the UE's user identity, and the location server's identifier, and Save the corresponding relationship between the temporary user identity, the user identity of the UE, the UE identity, and the identity of the location server, so that the location server can identify, according to the corresponding relationship, that the information sent by the UE includes the temporary user ID message, the common key corresponds to the user ID of the UE.

The method for obtaining the shared key here may be Authentication and Key Agreement (AKA) or other key agreement methods.

Optionally, the registration request message further includes: a device identifier and/or a UE locator.

Here, the user equipment UE (User Equipment) can forward the registration request message through the domain router DR (Domain Router), and send the basic information of the UE itself, such as the user ID UserID, the device ID Device ID and the locator Locator to the user location server SLS ( Subscriber Location Server), so that the SLS obtains the basic information (ie basic parameters) of the UE according to the registration request message of the UE.

502. The location server receives, through the router, a registration request message sent by the user equipment UE.

Here, the registration request message includes the user identity of the UE, wherein, when the location server receives the registration request message sent by the UE, the location server generates a random value.

Wherein, the registration request message further includes the user equipment identifier Device ID and/or the UE's locator Locator.

The router DR in this domain is used to undertake the function of forwarding the signaling exchange messages between the UE and the SLS.

503. The location server sends the random value to the UE through the router, so that the UE generates a temporary user identifier according to the shared key, the user identifier of the UE, the random value and the pre-acquired identifier of the location server.

The random value can be represented by nonce. The method for implementing a user privacy protection provided by the embodiment of the present invention shall prevail, which is not specifically limited.

Here, the location server carries a random value in the authentication request message and sends it to the UE through the router.

504. The UE receives the random value sent by the location server through the router.

The UE receives an authentication request message sent by the location server through the router, and the authentication request message includes the random value.

505. The UE sends an authentication response message to the location server through the router according to the authentication request message.

506. The location server receives the authentication response message sent by the UE through the router.

507. The location server generates a temporary user identifier according to the shared key, the user identifier of the UE, the random value and the identifier of the location server.

The method for obtaining the shared key may be Authentication and Key Agreement (AKA) or other key agreement methods.

Here the temporary user ID takes the temporary user ID TempUser ID as an example:

Among them, the generation method of TempUser ID can be expressed as:

TempUser ID=KDF(SKey,UserID,SLS ID,nonce)

That is, the temporary user identifier TempUser ID is generated by SLS according to the negotiated SKey, the UserID of the UE, the SLS ID and the nonce generated by the SLS;

in:

SKey is a key shared by SLS and UE;

SLS ID (SLS identifier) is the ID of the SLS, such as an identifier in the form of UUID (Universally Unique Identifier);

nonce is a random value generated by SLS.

508. The UE generates a temporary user identity according to the shared key, the user identity of the UE, the random value, and the pre-acquired identifier of the location server.

Wherein, the common key corresponds to the user identity of the UE.

Here, the UE generates the temporary user identifier TempUser ID according to the random value nonce obtained in the authentication request message, the SKey obtained through negotiation with the SLS, the ID of the SLS obtained in advance, and the UserID of the UE itself.

509. The location server stores the correspondence between the temporary user identity, the user identity of the UE, the UE identity, and the identity of the location server, and identifies the message including the temporary user identity sent by the UE through the correspondence.

Wherein, optionally, the SLS stores the mapping relationship between the temporary user identifier TempUser ID and the user identifier UserID of the UE, the device identifier Device ID and the locator Locator.

510. The location server sends a registration response message to the UE through the router.

511. The UE receives, through the router, a registration response message sent by the location server.

In the method for user privacy protection provided by the embodiment of the present invention, the user equipment UE sends the user identification of the user equipment to the location server through a registration request message, and obtains the shared key according to the user identification of the UE, the user identification of the user equipment, The pre-obtained identity of the location server and the shared key are used to generate a temporary user identity, and the user's real ID is hidden by using a random user ID, which solves the problem of user privacy exposure and improves the security of the user's network experience.

Embodiment 2

On the basis of the embodiment shown in FIG. 2 or FIG. 3, referring to FIG. 7, an embodiment of the present invention provides a method for user privacy protection. Referring to FIG. 7, the user location server SLS and the user are provided. The device UE generates a shared key SKey through negotiation. After the UE negotiates with the SLS to generate the SKey, the SLS generates a random value nonce, and the SLS generates a temporary user identifier TempUserID according to the SKey, SLS and/or UE ID, and then forwards the registration response message via the DR to the nonce. It is sent to the UE so that the UE can generate the TempUserID according to the nonce. The specific steps are as follows:

601 The user equipment UE sends a registration request message to the location server through the router, so that the location server generates a random value when receiving the registration request message from the UE, and sends the random value to the UE.

The registration request message includes the UE's user identity, so that the location server generates a temporary user identity according to the random value, the common key, the UE's user identity, and the location server's identifier, and Save the corresponding relationship between the temporary user identity, the user identity of the UE, the UE identity, and the identity of the location server, so that the location server can identify, according to the corresponding relationship, that the information sent by the UE includes the temporary user ID message, the common key corresponds to the user ID of the UE.

Optionally, the registration request message further includes: a device identifier and/or a UE locator.

Here, the user equipment UE (User Equipment) can forward the registration request message through the domain router DR (Domain Router), and send the basic information of the UE itself, such as the user ID UserID, the device ID Device ID and the locator Locator to the user location server SLS ( Subscriber Location Server), so that the SLS obtains the basic information (ie basic parameters) of the UE according to the registration request message of the UE.

602. The location server receives, through the router, a registration request message sent by the user equipment UE.

Here, the registration request message includes the user identity of the UE, wherein, when the location server receives the registration request message sent by the UE, the location server generates a random value.

Wherein, the registration request message further includes the user equipment identifier Device ID and/or the UE's locator Locator.

The router DR in this domain is used to undertake the function of forwarding the signaling exchange messages between the UE and the SLS.

603. The location server sends the random value to the UE through the router, so that the UE generates a temporary user identifier according to the shared key, the user identifier of the UE, the random value and the pre-acquired identifier of the location server.

The random value can be represented by nonce. The method for implementing a user privacy protection provided by the embodiment of the present invention shall prevail, which is not specifically limited.

Here, the location server carries a random value in the authentication request message and sends it to the UE through the router.

The location server sends an authentication request message to the UE through the router.

Here, the authentication request message sent by the SLS to the UE through the DR is not limited to whether the random value nonce is the random value nonce required for generating the TempUser ID. The difference from Embodiment 1 is that the random value nonce used to generate the TempUser ID in this embodiment of the present invention may be a new nonce regenerated by SLS, that is, the nonce in the authentication request message sent to the UE in this step may not be reused. .

604. The UE receives the random value sent by the location server through the router.

The UE receives an authentication request message sent by the location server through the router, and the authentication request message includes the random value.

605. The UE sends an authentication response message to the location server through the router according to the authentication request message.

606. The location server receives the authentication response message sent by the UE through the router.

607. The location server generates a temporary user identifier according to the shared key, the user identifier of the UE, the random value, and the identifier of the location server.

The method for obtaining the shared key may be Authentication and Key Agreement (AKA) or other key agreement methods.

Here the temporary user ID takes the temporary user ID TempUser ID as an example:

Among them, the generation method of TempUser ID can be expressed as:

TempUser ID=KDF(SKey,UserID,SLS ID,nonce)

That is, the temporary user identifier TempUser ID is generated by SLS according to the negotiated SKey, the UserID of the UE, the SLS ID and the nonce generated by the SLS;

in:

SKey is a key shared by SLS and UE;

SLS ID (SLS identifier) is the ID of the SLS, such as an identifier in the form of UUID (Universally Unique Identifier);

nonce is a random value generated by SLS.

608. The location server sends the random value to the UE through the router.

The registration response message further includes: a random value nonce generated by the SLS, so that the UE generates the TempUser ID according to the random value nonce.

The location server forwards a registration response message to the UE through the router, and the registration response message includes a random value, so that the UE can use the shared key, the user identity of the UE, the random value and the pre- The acquired identifier of the location server generates a temporary user identifier, and the UE acquires the shared key according to the user identifier of the UE.

609. The location server stores the correspondence between the temporary user identity, the user identity of the UE, the UE identity, and the identity of the location server, and identifies the message including the temporary user identity sent by the UE through the correspondence.

Specifically, the SLS stores the mapping relationship between the temporary user identifier TempUser ID and the user identifier User ID of the UE, the device identifier Device ID, and the locator Locator.

610. The UE receives, through the router, a random value sent by the location server.

The UE receives, through the router, a registration response message sent by the location server, where the registration response message includes the random value.

611. The UE generates a temporary user identifier according to the shared key, the user identifier of the UE, the random value, and the identifier of the location server acquired in advance.

The UE obtains the shared key according to the user identity of the UE

Here, the UE generates the temporary user identifier TempUser ID according to the random value nonce obtained in the authentication request message, the SKey obtained through negotiation with the SLS, the ID of the SLS obtained in advance, and the UserID of the UE itself.

In the method for user privacy protection provided by the embodiment of the present invention, the user equipment UE sends the user identification of the user equipment to the location server through a registration request message, obtains a shared key through negotiation with the location server, and then pre-registers the user equipment according to the user identification of the user equipment. The obtained identification of the location server and the shared key generate a temporary user identification, and by using a random user ID to hide the user's real ID, the problem of user privacy exposure is solved, and the user's sense of security in the network experience is improved.

The difference between the embodiment of the present invention and the first embodiment is that the random value nonce used by the SLS to generate the TempUser ID is after negotiating with the UE to obtain the shared key SKey, and after the TempUser ID is generated, the random value nonce of the TempUser ID will be generated through the registration response The message is sent to the UE through the DR. The random value nonce used to generate the TempUser ID may be different from the nonce carried when sending the authentication request message.

Embodiment 3

On the basis of the embodiment shown in FIG. 4 or FIG. 5, referring to FIG. 8, an embodiment of the present invention provides a method for user privacy protection. Referring to FIG. 8, the user location server SLS and the user are provided. The device UE generates a shared key SKey through negotiation, and the SLS generates a temporary user identifier TempUserID according to the SKey, SLS and the ID of the UE, and then forwards the TempUserID to the UE through the DR. The specific steps are as follows:

701. The user equipment UE sends a registration request message to a location server through a router.

The registration request message includes the UE's user identity, so that the location server generates a random value when receiving the UE's registration request message, and generates a random value according to the random value, the UE's user identity and the The identifier of the location server generates a temporary user identity, and saves the corresponding relationship between the temporary user identity, the user identity of the UE, the UE identity and the identity of the location server, so that the location server is based on the corresponding relationship. A message sent by the UE containing the temporary user identity is identified.

Wherein, the registration request message further includes: a device identifier and/or a locator of the UE.

Here, the user equipment UE (User Equipment) can forward the registration request message through the domain router DR (Domain Router), and send the basic information of the UE itself, such as the user ID UserID, the device ID Device ID and the locator Locator to the user location server SLS ( Subscriber Location Server), so that the SLS obtains the basic information (ie basic parameters) of the UE according to the registration request message of the UE.

702. The location server receives, through the router, a registration request message sent by the user equipment UE.

Wherein, the registration request message includes the user identity of the UE, wherein when the location server receives the registration request message sent by the user equipment UE, the location server generates a random value;

The router DR in this domain is used to undertake the function of forwarding the signaling exchange messages between the UE and the SLS.

703. The location server sends an authentication request message to the UE through the router.

704. The UE receives, through the router, an authentication request message sent by the location server.

705. The UE sends an authentication response message to the location server through the router according to the authentication request message.

706. The location server receives the authentication response message sent by the UE through the router.

707. The location server generates a temporary user identifier according to the random value, the user identifier of the UE, and the identifier of the location server.

Wherein, the relevant parameter includes at least the random value, the user identity of the UE and the identifier of the location server;

Optionally, the relevant parameter further includes a common key, and the location server generates a temporary user identifier according to the random value, the shared key, the user identifier of the UE, and the identifier of the location server.

Wherein, the location server obtains the common key according to the user identity of the UE.

As mentioned above, the SLS can generate the temporary user identifier TempUser ID according to the SKey, the basic information of the UE, the random value nonce and the SLS identifier SLS ID according to the methods described in the first and second embodiments.

In this embodiment, the SLS may also generate the TempUser ID according to the random value nonce.

708. The location server stores the correspondence between the temporary user identifier, the user identifier of the UE, the UE identifier, and the identifier of the location server, so that the location server identifies the message containing the temporary user identifier sent by the UE according to the correspondence.

Specifically, the SLS stores the mapping relationship between the temporary user identifier TempUser ID and the user identifier User ID of the UE, the device identifier Device ID, and the locator Locator.

709. The location server forwards the temporary user identity to the UE through the router.

The location server forwards a registration response message to the UE through the router, and the registration response message includes the temporary user identifier.

710. The UE receives the temporary user identifier through the router.

The UE receives, through the router, a registration response message sent by the location server, where the registration response message includes the temporary user identifier.

In the method for user privacy protection provided by the embodiment of the present invention, the location server generates a temporary user identifier according to a randomly generated random value, and sends the temporary user identifier to the user equipment UE through a router through a registration response message, and then hides the user by using a random user ID. The real ID solves the problem of user privacy exposure and improves the user's sense of security in the network experience.

The present invention provides a user equipment UE8. The user equipment UE8 is subject to any user privacy protection method provided by the embodiments of the present invention. Referring to FIG. 9, the user equipment UE8 includes:

The communication unit 81 is configured to send a registration request message to the location server through the router, so that the location server generates a random value when receiving the registration request message of the UE, and sends the random value to the UE, so The registration request message contains the user identity of the UE, so that the location server generates a temporary user identity according to the random value, the common key, the user identity of the UE, and the identifier of the location server, and saves it. The corresponding relationship between the temporary user identity, the user identity of the UE, the UE identity, and the identity of the location server, so that the location server recognizes according to the corresponding relationship that the information sent by the UE includes the temporary user identity message, the common key corresponds to the user identity of the UE;

The communication unit 81 is further configured to receive the random value sent by the location server through the router;

The generating unit 82 is configured to generate the temporary user identity according to the shared key, the user identity of the UE, the random value and the pre-acquired identifier of the location server, the shared key and the corresponding to the user identity of the UE.

In the user equipment provided by the embodiment of the present invention, the user equipment UE sends the user identification of the user equipment to the location server through a registration request message, and obtains the shared key according to the user identification of the UE, the user identification of the user equipment, the pre-obtained The ID of the location server and the shared key generate a temporary user ID, and by using a random user ID to hide the user's real ID, the problem of user privacy exposure is solved, and the user's sense of security in the network experience is improved.

Optionally, the communication unit 81 is further configured to receive, through the router, an authentication request message sent by the location server, where the authentication request message includes the random value.

Optionally, the communication unit 81 is further configured to receive, through the router, a registration response message sent by the location server, where the registration response message includes the random value.

In the user equipment provided by the embodiment of the present invention, the user equipment UE sends the user identification of the user equipment to the location server through a registration request message, and obtains the shared key according to the user identification of the UE, the user identification of the user equipment, the pre-obtained The ID of the location server and the shared key generate a temporary user ID, and by using a random user ID to hide the user's real ID, the problem of user privacy exposure is solved, and the user's sense of security in the network experience is improved.

The present invention provides a location server SLS9. The location server SLS9 is subject to any method that can implement any user privacy protection provided by the embodiments of the present invention. Referring to FIG. 10 , the location server SLS9 includes:

The communication unit 91 is configured to receive, through a router, a registration request message sent by a user equipment UE, where the registration request message includes a user identity of the UE, wherein when the location server receives the registration request message sent by the UE, the location server generates a random value;

The communication unit 91 is further configured to send the random value to the UE through the router, so that the UE can use the shared key, the user identity of the UE, the random value and the pre-acquired The identifier of the location server described above generates a temporary user identity;

A generating unit 92, configured to obtain a common key according to the user identity of the UE, and generate the temporary user according to the shared key, the user identity of the UE, the random value and the identifier of the location server identification;

The storage unit 93 is configured to save the corresponding relationship between the temporary user identity, the user identity of the UE, the UE identity and the identity of the location server generated by the generating unit, and identify the A message sent by the UE including the temporary user identity.

In the location server provided by the embodiment of the present invention, the user equipment UE sends the user identity of the user equipment to the location server through a registration request message, and obtains the shared key according to the user identity of the UE, the user identity of the user equipment, the pre-obtained The ID of the location server and the shared key generate a temporary user ID, and by using a random user ID to hide the user's real ID, the problem of user privacy exposure is solved, and the user's sense of security in the network experience is improved.

Optionally, the communication unit 91 is further configured to: send an authentication request message to the UE through the router, where the authentication request message includes a random value, so that the UE, according to the shared key, The user identifier of the UE, the random value and the pre-acquired identifier of the location server generate a temporary user identifier, and the common key corresponds to the user identifier of the UE.

Optionally, the communication unit 91 is specifically further configured to: forward a registration response message to the UE through the router, where the registration response message includes a random value, so that the UE according to the shared key, the The user identifier of the UE, the random value and the pre-acquired identifier of the location server generate a temporary user identifier, and the common key corresponds to the user identifier of the UE.

In the location server provided by the embodiment of the present invention, the user equipment UE sends the user identity of the user equipment to the location server through a registration request message, and obtains the shared key according to the user identity of the UE, the user identity of the user equipment, the pre-obtained The ID of the location server and the shared key generate a temporary user ID, and by using a random user ID to hide the user's real ID, the problem of user privacy exposure is solved, and the user's sense of security in the network experience is improved.

The present invention provides a user equipment UE10. The user equipment UE10 is subject to any user privacy protection method provided by the embodiments of the present invention. Referring to FIG. 11 , the user equipment UE10 includes:

Sending unit 1001, configured to send a registration request message to a location server through a router, where the registration request message includes the user identity of the UE, so that the location server generates a random value when receiving the registration request message of the UE , and generate a temporary user identifier according to the random value, the user identifier of the UE and the identifier of the location server, and save the temporary user identifier, the user identifier of the UE, the UE identifier and the location server's identifier. The correspondence between the identifiers, so that the location server recognizes the message containing the temporary user identifier sent by the UE according to the correspondence;

A receiving unit 1002, configured to receive the temporary user identifier through the router.

In the user equipment provided by the embodiment of the present invention, the user equipment UE sends the user identification of the user equipment to the location server through a registration request message, and obtains the shared key according to the user identification of the UE, the user identification of the user equipment, the pre-obtained The ID of the location server and the shared key generate a temporary user ID, and by using a random user ID to hide the user's real ID, the problem of user privacy exposure is solved, and the user's sense of security in the network experience is improved.

Further, the receiving unit 1002 is specifically further configured to: receive, through the router, a registration response message sent by the location server, where the registration response message includes the temporary user identifier.

In the user equipment provided by the embodiment of the present invention, the location server generates a temporary user identifier according to a randomly generated random value, and sends the temporary user identifier to the user equipment UE through a router through a registration response message, and then hides the real user ID by using the random user ID, It solves the problem of user privacy exposure and improves the user's sense of security in the network experience.

The present invention provides a location server SLS11, and the location server SLS11 is subject to any user privacy protection method provided by the embodiments of the present invention, as shown in FIG. 12, including:

The communication unit 1101 is configured to receive, through a router, a registration request message sent by a user equipment UE, where the registration request message includes a user identity of the UE, wherein, when the location server receives the registration request message sent by the user equipment UE , the location server generates a random value;

a generating unit 1102, configured to generate a temporary user identity according to the random value, the user identity of the UE and the identifier of the location server;

The storage unit 1103 is configured to save the corresponding relationship between the temporary user identity, the user identity of the UE, the UE identity, and the identity of the location server generated by the generating unit, so that the location server is based on the corresponding relationship. identifying the message sent by the UE and containing the temporary user identity;

The communication unit 1101 is further configured to forward the temporary user identity generated by the generating unit to the UE through the router.

In the location server provided by the embodiment of the present invention, the user equipment UE sends the user identity of the user equipment to the location server through a registration request message, and obtains the shared key according to the user identity of the UE, the user identity of the user equipment, the pre-obtained The ID of the location server and the shared key generate a temporary user ID, and by using a random user ID to hide the user's real ID, the problem of user privacy exposure is solved, and the user's sense of security in the network experience is improved.

Optionally, the generating unit 1102 is specifically further configured to: generate a temporary user identifier according to the random value, the shared key, the user identifier of the UE, and the identifier of the location server, and the common key is the same as the identifier of the location server. corresponding to the user identity of the UE.

Optionally, the communication unit 1101 is further configured to: forward a registration response message to the UE through the router, where the registration response message includes the temporary user identifier.

In the location server provided by the embodiment of the present invention, the location server generates a temporary user identifier according to a random value generated randomly, and sends the temporary user identifier to the user equipment UE through a router through a registration response message, and then hides the real user ID by using the random user ID, It solves the problem of user privacy exposure and improves the user's sense of security in the network experience.

An embodiment of the present invention provides a user equipment UE12. Referring to FIG. 13 , the user equipment UE12 includes: at least one processor 1201, a memory 1202, a communication port 1203 and a bus 1204, the at least one processor 1201, the memory 1202 and the The communication interface 1203 is connected through the bus 1204 and completes mutual communication.

The bus 1204 may be an Industry Standard Architecture (ISA for short) bus, a Peripheral Component (PCI for short) bus, or an Extended Industry Standard Architecture (EISA for short) bus Wait. The bus 1304 can be divided into an address bus, a data bus, a control bus, and the like. For ease of presentation, only one thick line is used in FIG. 13, but it does not mean that there is only one bus or one type of bus. in:

The memory 1202 is used to store executable program code, which includes computer operation instructions. The memory 1202 may include a high-speed RAM (Random Access Memory, random access memory), and may also include a non-volatile memory (non-volatile memory), such as at least one disk memory.

The processor 1201 may be a central processing unit (Central Processing Unit, CPU for short), or a specific integrated circuit (Application Specific Integrated Circuit, ASIC for short), or is configured to implement one or more embodiments of the present invention integrated circuit.

The communication interface 1203 is mainly used to implement communication between devices in this embodiment.

The processor 1201 is configured to send a registration request message to a location server through a router through at least one communication interface 1203, so that the location server generates a random value when receiving the registration request message of the UE, and sends the random value to the location server. value is sent to the UE, and the registration request message includes the user identity of the UE, so that the location server can use the random value, the common key, the user identity of the UE, and the identity of the location server according to the random value. generate a temporary user identity from the identifier, and save the corresponding relationship between the temporary user identity, the user identity of the UE, the UE identity, and the identity of the location server, so that the location server can identify the UE's identity according to the corresponding relationship. The sent message includes the temporary user identity, and the common key corresponds to the user identity of the UE;

The processor 1201 is further configured to receive the random value sent by the location server through the router through at least one communication interface 1203;

The processor 1201 is further configured to generate the temporary user identity according to the shared key, the user identity of the UE, the random value and the pre-acquired identifier of the location server, the shared key and the The user identity of the UE described above corresponds to.

In the user equipment provided by the embodiment of the present invention, the user equipment UE sends the user identification of the user equipment to the location server through a registration request message, and obtains the shared key according to the user identification of the UE, the user identification of the user equipment, the pre-obtained The ID of the location server and the shared key generate a temporary user ID, and by using a random user ID to hide the user's real ID, the problem of user privacy exposure is solved, and the user's sense of security in the network experience is improved.

Optionally, the processor 1201 is further configured to: receive an authentication request message sent by the location server through the router through at least one communication interface 1203, where the authentication request message includes the random value.

Optionally, the processor 1201 is further configured to: receive a registration response message sent by the location server through the router through at least one communication interface 1203, where the registration response message includes the random value.

In the user equipment provided by the embodiment of the present invention, the user equipment UE sends the user identification of the user equipment to the location server through a registration request message, and obtains the shared key according to the user identification of the UE, the user identification of the user equipment, the pre-obtained The ID of the location server and the shared key generate a temporary user ID, and by using a random user ID to hide the user's real ID, the problem of user privacy exposure is solved, and the user's sense of security in the network experience is improved.

An embodiment of the present invention provides a location server SLS13, as shown in FIG. 14, the location server SLS13 includes: at least one processor 1301, a memory 1302, a communication port 1303 and a bus 1304, the at least one processor 1301, the memory 1302 and the The communication interface 1303 is connected through the bus 1304 and completes mutual communication.

The bus 1304 may be an Industry Standard Architecture (ISA for short) bus, a Peripheral Component (PCI for short) bus, or an Extended Industry Standard Architecture (EISA for short) bus Wait. The bus 1304 can be divided into an address bus, a data bus, a control bus, and the like. For ease of presentation, only one thick line is shown in FIG. 14, but it does not mean that there is only one bus or one type of bus. in:

The memory 1302 is used to store executable program code, the program code including computer operating instructions. The memory 1302 may include high-speed RAM memory, and may also include non-volatile memory, such as at least one disk memory.

The processor 1301 may be a central processing unit (Central Processing Unit, CPU for short), or a specific integrated circuit (Application Specific Integrated Circuit, ASIC for short), or is configured to implement one or more embodiments of the present invention integrated circuit.

The communication interface 1303 is mainly used to implement communication between devices in this embodiment.

The processor 1301 is configured to receive a registration request message sent by a user equipment UE through a router through at least one communication interface 1303, where the registration request message includes the user identity of the UE, wherein when the location server receives the registration request message When the registration request message is sent by the UE, the location server generates a random value;

The processor 1301 is further configured to send the random value to the UE through the router through at least one communication interface 1303, so that the UE can obtain the random value according to the shared key, the user identity of the UE, the random value value and the pre-acquired identifier of the location server to generate a temporary user identity;

The processor 1301 is further configured to obtain a common key according to the user identity of the UE, and generate the temporary key according to the shared key, the user identity of the UE, the random value and the identifier of the location server User ID;

The memory 1302 is used to save the corresponding relationship between the temporary user identity, the user identity of the UE, the UE identity and the identity of the location server generated by the generating unit, and identify the UE through the corresponding relationship The sent message contains the temporary user identification.

In the location server provided by the embodiment of the present invention, the user equipment UE sends the user identity of the user equipment to the location server through a registration request message, and obtains the shared key according to the user identity of the UE, the user identity of the user equipment, the pre-obtained The ID of the location server and the shared key generate a temporary user ID, and by using a random user ID to hide the user's real ID, the problem of user privacy exposure is solved, and the user's sense of security in the network experience is improved.

Optionally, the processor 1301 is further configured to: send an authentication request message to the UE through the router through at least one communication interface 1303, where the authentication request message includes a random value, so that the UE according to the The shared key, the user identifier of the UE, the random value and the pre-acquired identifier of the location server generate a temporary user identifier, and the common key corresponds to the user identifier of the UE.

Optionally, the processor 1301 is further configured to: forward a registration response message to the UE through the router through at least one communication interface 1303, where the registration response message includes a random value, so that the UE can make the UE according to the The shared key, the user identifier of the UE, the random value and the pre-acquired identifier of the location server generate a temporary user identifier, and the common key corresponds to the user identifier of the UE.

In the location server provided by the embodiment of the present invention, the user equipment UE sends the user identity of the user equipment to the location server through a registration request message, and obtains the shared key according to the user identity of the UE, the user identity of the user equipment, the pre-obtained The ID of the location server and the shared key generate a temporary user ID, and by using a random user ID to hide the user's real ID, the problem of user privacy exposure is solved, and the user's sense of security in the network experience is improved.

An embodiment of the present invention provides a user equipment UE14. Referring to FIG. 15, the user equipment UE14 includes: at least one processor 1401, a memory 1402, a communication port 1403 and a bus 1404, the at least one processor 1401, the memory 1402 and the The communication interface 1403 is connected through the bus 1404 and completes mutual communication.

The bus 1404 may be an Industry Standard Architecture (ISA for short) bus, a Peripheral Component (PCI for short) bus, or an Extended Industry Standard Architecture (EISA for short) bus Wait. The bus 1404 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in FIG. 15, but it does not mean that there is only one bus or one type of bus. in:

The memory 1402 is used to store executable program code, which includes computer operation instructions. The memory 1402 may include high-speed RAM memory, and may also include non-volatile memory, such as at least one disk memory.

The processor 1401 may be a central processing unit (Central Processing Unit, CPU for short), or a specific integrated circuit (Application Specific Integrated Circuit, ASIC for short), or is configured to implement one or more embodiments of the present invention integrated circuit.

The communication interface 1403 is mainly used to implement communication between devices in this embodiment.

The processor 1401 is configured to send a registration request message to the location server through the router through at least one communication interface 1403, where the registration request message includes the user identifier of the UE, so that the location server receives the UE A random value is generated when the registration request message is sent, and a temporary user identity is generated according to the random value, the UE's user identity and the location server's identifier, and the temporary user identity, the UE's user identity, The correspondence between the UE identity and the identity of the location server, so that the location server identifies the message containing the temporary user identity sent by the UE according to the correspondence;

The processor 1401 is further configured to receive the temporary user identifier through the router through at least one communication interface 1403 .

In the user equipment provided by the embodiment of the present invention, the user equipment UE sends the user identification of the user equipment to the location server through a registration request message, and obtains the shared key according to the user identification of the UE, the user identification of the user equipment, the pre-obtained The ID of the location server and the shared key generate a temporary user ID, and by using a random user ID to hide the user's real ID, the problem of user privacy exposure is solved, and the user's sense of security in the network experience is improved.

Further, the processor 1401 is further configured to receive a registration response message sent by the location server through the router through at least one communication interface 1403, where the registration response message includes the temporary user identifier.

In the user equipment provided by the embodiment of the present invention, the location server generates a temporary user identifier according to a randomly generated random value, and sends the temporary user identifier to the user equipment UE through a router through a registration response message, and then hides the real user ID by using the random user ID, It solves the problem of user privacy exposure and improves the user's sense of security in the network experience.

An embodiment of the present invention provides a location server SLS15, as shown in FIG. 16 , the location server SLS15 includes: at least one processor 1501, a memory 1502, a communication port 1503 and a bus 1504, the at least one processor 1501, the memory 1502 and the The communication interface 1503 is connected through the bus 1504 and communicates with each other.

The bus 1504 may be an Industry Standard Architecture (ISA for short) bus, a Peripheral Component (PCI for short) bus, or an Extended Industry Standard Architecture (EISA for short) bus Wait. The bus 1504 can be divided into an address bus, a data bus, a control bus, and the like. For ease of presentation, only one thick line is shown in FIG. 16, but it does not mean that there is only one bus or one type of bus. in:

The memory 1502 is used to store executable program code, which includes computer operation instructions. The memory 1502 may include high-speed RAM memory, and may also include non-volatile memory, such as at least one disk memory.

The processor 1501 may be a central processing unit (Central Processing Unit, CPU for short), or a specific integrated circuit (Application Specific Integrated Circuit, ASIC for short), or is configured to implement one or more embodiments of the present invention integrated circuit.

The communication interface 1503 is mainly used to implement communication between the devices in this embodiment.

The processor 1501 is configured to receive a registration request message sent by a user equipment UE through a router through at least one communication interface 1503, where the registration request message includes the user identity of the UE, wherein when the location server receives the registration request message When a registration request message is sent by the user equipment UE, the location server generates a random value;

The processor 1501 is further configured to generate a temporary user identifier according to the random value, the user identifier of the UE and the identifier of the location server;

The memory 1502 is used to save the corresponding relationship between the temporary user identity, the user identity of the UE, the UE identity and the identity of the location server generated by the generating unit, so that the location server can identify the corresponding relationship a message sent by the UE that includes the temporary user identity;

The processor 1501 is further configured to forward the temporary user identity generated by the generating unit to the UE through the router through at least one communication interface 1503 .

In the location server provided by the embodiment of the present invention, the user equipment UE sends the user identity of the user equipment to the location server through a registration request message, and obtains the shared key according to the user identity of the UE, the user identity of the user equipment, the pre-obtained The ID of the location server and the shared key generate a temporary user ID, and by using a random user ID to hide the user's real ID, the problem of user privacy exposure is solved, and the user's sense of security in the network experience is improved.

Optionally, the processor 1501 is further configured to: generate a temporary user identifier according to the random value, the shared key, the user identifier of the UE, and the identifier of the location server, and the common key is the same as the identifier of the location server. corresponding to the user identity of the UE.

Optionally, the processor 1501 is further configured to: forward a registration response message to the UE through the router through at least one communication interface 1503, where the registration response message includes the temporary user identifier.

In the location server provided by the embodiment of the present invention, the location server generates a temporary user identifier according to a random value generated randomly, and sends the temporary user identifier to the user equipment UE through a router through a registration response message, and then hides the real user ID by using the random user ID, It solves the problem of user privacy exposure and improves the user's sense of security in the network experience.

An embodiment of the present invention provides a communication system 16, as shown in FIG. 17, including: a location server SLS1601, a domain router DR1602, and a user equipment UE1603 connected to the DR, wherein,

The location server SLS1601 is the location server SLS shown in Figure 10;

The user equipment UE1603 is the user equipment UE shown in FIG. 9;

or,

The location server SLS1601 is the location server SLS shown in Figure 12;

The user equipment UE1603 is the user equipment UE shown in FIG. 11 ;

or,

The location server SLS1601 is the location server SLS shown in Figure 14;

The user equipment UE1603 is the user equipment UE shown in FIG. 13 ;

or,

The location server SLS1601 is the location server SLS shown in Figure 16;

The user equipment UE1603 is the user equipment UE shown in FIG. 15 .

In the communication system provided by the embodiment of the present invention, the user equipment UE sends the user identification of the user equipment to the location server through a registration request message, and obtains the shared key according to the user identification of the UE, the user identification of the user equipment, the pre-obtained The ID of the location server and the shared key generate a temporary user ID, and by using a random user ID to hide the user's real ID, the problem of user privacy exposure is solved, and the user's sense of security in the network experience is improved.

From the description of the above embodiments, those skilled in the art can clearly understand that the present invention can be implemented by hardware, firmware, or a combination thereof. When implemented in software, the functions described above may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage medium can be any available medium that a computer can access. Taking this as an example but not limited to: the computer readable medium may include RAM, ROM (Read Only Memory, read only memory) or other optical disk storage, magnetic disk storage medium or other magnetic storage devices, or can be used to carry or store instructions or desired program code in the form of data structures and any other medium that can be accessed by a computer. also. Any connection can be appropriately made into a computer-readable medium. For example, if the software is transmitted from a website, server, or other remote source using coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable , fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, wireless, and microwave are included in the fusing of the pertinent medium. As used in the present invention, Disk and disc include compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disc and blu-ray disc, where discs usually reproduce data magnetically, while discs Lasers are used to optically copy data. Combinations of the above should also be included within the scope of computer-readable media.

The above are only specific embodiments of the present invention, but the protection scope of the present invention is not limited thereto. Any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed by the present invention. should be included within the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.

Claims (23)

1. A method of user privacy protection, comprising:

user Equipment (UE) sends a registration request message to a location server through a router, so that the location server generates a random value when receiving the registration request message of the UE and sends the random value to the UE, wherein the registration request message comprises a user identifier of the UE, so that the location server generates a temporary user identifier according to the random value, a shared key, the user identifier of the UE and an identifier of the location server, and stores a corresponding relation among the temporary user identifier, the user identifier of the UE, the UE identifier and the identifier of the location server, so that the location server identifies the message which is sent by the UE and contains the temporary user identifier according to the corresponding relation, and the shared key corresponds to the user identifier of the UE;

the UE receives the random value sent by the location server through the router;

and the UE generates the temporary user identifier according to the shared secret key, the user identifier of the UE, the random value and the identifier of the position server acquired in advance, wherein the shared secret key corresponds to the user identifier of the UE.

2. The method of claim 1, wherein the UE receiving, by the router, the random value sent by the location server comprises:

and the UE receives an authentication request message sent by the location server through the router, wherein the authentication request message comprises the random value.

3. The method of claim 1, wherein the UE receiving, by the router, the random value sent by the location server comprises:

and the UE receives a registration response message sent by the location server through the router, wherein the registration response message comprises the random value.

4. A method of user privacy protection, comprising:

a location server receives a registration request message sent by User Equipment (UE) through a router, wherein the registration request message comprises a user identifier of the UE, and when the location server receives the registration request message sent by the UE, the location server generates a random value;

the location server sends the random value to the UE through the router, so that the UE generates a temporary user identifier according to a shared key, a user identifier of the UE, the random value and a pre-acquired identifier of the location server;

the location server acquires a shared key according to the user identifier of the UE, and generates the temporary user identifier according to the shared key, the user identifier of the UE, the random value and the identifier of the location server;

and the position server stores the corresponding relation among the temporary user identification, the user identification of the UE, the UE identification and the identification of the position server, and identifies the message which is sent by the UE and contains the temporary user identification through the corresponding relation.

5. The method of claim 4, wherein the location server sending the random value to the UE via the router comprises:

and the location server sends an authentication request message to the UE through the router, wherein the authentication request message comprises a random value, so that the UE generates a temporary user identifier according to the shared key, the user identifier of the UE, the random value and a pre-acquired identifier of the location server, and the shared key corresponds to the user identifier of the UE.

6. The method of claim 4, wherein the location server sending the random value to the UE via the router comprises:

and the location server forwards a registration response message to the UE through the router, wherein the registration response message comprises a random value, so that the UE generates a temporary user identifier according to the shared key, the user identifier of the UE, the random value and a pre-acquired identifier of the location server, and the shared key corresponds to the user identifier of the UE.

7. A method of user privacy protection, comprising:

user Equipment (UE) sends a registration request message to a location server through a router, wherein the registration request message contains a user identifier of the UE, so that the location server generates a random value when receiving the registration request message of the UE, generates a temporary user identifier according to the random value, the user identifier of the UE and an identifier of the location server, and stores a corresponding relation among the temporary user identifier, the user identifier of the UE, the UE identifier and the identifier of the location server, so that the location server identifies the message which contains the temporary user identifier and is sent by the UE according to the corresponding relation;

and the UE receives the temporary user identification through the router.

8. The method of claim 7, wherein the UE receiving the temporary subscriber identity through the router comprises:

and the UE receives a registration response message sent by the location server through the router, wherein the registration response message comprises the temporary user identification.

9. A method of user privacy protection, comprising:

a location server receives a registration request message sent by User Equipment (UE) through a router, wherein the registration request message comprises a user identifier of the UE, and when the location server receives the registration request message sent by the UE, the location server generates a random value;

the location server generates a temporary user identifier according to the random value, the user identifier of the UE and the identifier of the location server;

the location server stores the corresponding relation among the temporary user identifier, the user identifier of the UE, the UE identifier and the identifier of the location server, so that the location server identifies the message which is sent by the UE and contains the temporary user identifier according to the corresponding relation;

and the location server forwards the temporary user identification to the UE through the router.

10. The method of claim 9, wherein the location server generating a temporary subscriber identity based on the random value, the UE subscriber identity, and the location server identifier comprises:

and the location server generates a temporary user identifier according to the random value, a shared key, the user identifier of the UE and the identifier of the location server, wherein the shared key corresponds to the user identifier of the UE.

11. The method of claim 9, wherein the location server forwards the temporary subscriber identity to the UE through the router, comprising:

and the location server forwards a registration response message to the UE through the router, wherein the registration response message comprises the temporary user identification.

12. A user device, comprising:

a communication unit, configured to send a registration request message to a location server through a router, so that the location server generates a random value when receiving a registration request message of a UE, and sends the random value to the UE, where the registration request message includes a user identifier of the UE, so that the location server generates a temporary user identifier according to the random value, a shared key, the user identifier of the UE, and an identifier of the location server, and stores a correspondence between the temporary user identifier, the user identifier of the UE, the UE identifier, and the identifier of the location server, so that the location server identifies, according to the correspondence, a message sent by the UE and including the temporary user identifier, where the shared key corresponds to the user identifier of the UE;

the communication unit is further configured to receive, by the router, the random value sent by the location server;

and a generating unit, configured to generate the temporary user identifier according to the shared key, the user identifier of the UE, the random value, and a pre-acquired identifier of the location server, where the shared key corresponds to the user identifier of the UE.

13. The ue of claim 12, wherein the communication unit is further configured to:

and receiving an authentication request message sent by the location server through the router, wherein the authentication request message comprises the random value.

14. The ue of claim 12, wherein the communication unit is further configured to:

and receiving a registration response message sent by the location server through the router, wherein the registration response message comprises the random value.

15. A location server, comprising:

a communication unit, configured to receive, through a router, a registration request message sent by a user equipment UE, where the registration request message includes a user identifier of the UE, and where, when the location server receives the registration request message sent by the UE, the location server generates a random value;

the communication unit is further configured to send the random value to the UE through the router, so that the UE generates a temporary user identifier according to a shared key, a user identifier of the UE, the random value, and a pre-acquired identifier of the location server;

a generating unit, configured to obtain a shared key according to the user identifier of the UE, and generate the temporary user identifier according to the shared key, the user identifier of the UE, the random value, and the identifier of the location server;

and the storage unit is used for storing the corresponding relation among the temporary user identifier, the user identifier of the UE, the UE identifier and the identifier of the location server generated by the generation unit and identifying the message which is sent by the UE and contains the temporary user identifier through the corresponding relation.

16. The location server according to claim 15, wherein the communication unit is further configured to:

and sending an authentication request message to the UE through the router, wherein the authentication request message comprises a random value, so that the UE generates a temporary user identifier according to the shared secret key, the user identifier of the UE, the random value and the identifier of the position server acquired in advance, and the shared secret key corresponds to the user identifier of the UE.

17. The location server according to claim 15, wherein the communication unit is further configured to:

and forwarding a registration response message to the UE through the router, wherein the registration response message comprises a random value, so that the UE generates a temporary user identifier according to the shared key, the user identifier of the UE, the random value and the identifier of the location server acquired in advance, and the shared key corresponds to the user identifier of the UE.

18. A user device, comprising:

a sending unit, configured to send a registration request message to a location server through a router, where the registration request message includes a user identifier of a user equipment UE, so that the location server generates a random value when receiving the registration request message of the UE, generates a temporary user identifier according to the random value, the user identifier of the UE, and an identifier of the location server, and stores a correspondence between the temporary user identifier, the user identifier of the UE, the UE identifier, and the identifier of the location server, so that the location server identifies, according to the correspondence, the message that includes the temporary user identifier and is sent by the UE;

a receiving unit, configured to receive the temporary user identifier through the router.

19. The ue of claim 18, wherein the receiving unit is further specifically configured to:

and receiving a registration response message sent by the location server through the router, wherein the registration response message comprises the temporary user identification.

20. A location server, comprising:

a communication unit, configured to receive, through a router, a registration request message sent by a user equipment UE, where the registration request message includes a user identifier of the UE, and where, when the location server receives the registration request message sent by the user equipment UE, the location server generates a random value;

a generating unit, configured to generate a temporary user identifier according to the random value, the user identifier of the UE, and the identifier of the location server;

a storage unit, configured to store a correspondence between the temporary user identifier, the user identifier of the UE, the UE identifier, and the identifier of the location server, which are generated by the generation unit, so that the location server identifies, according to the correspondence, a message that is sent by the UE and contains the temporary user identifier;

the communication unit is further configured to forward the temporary user identifier generated by the generation unit to the UE through the router.

21. The location server according to claim 20, wherein the generating unit is further configured to:

and generating a temporary user identifier according to the random value, a shared key, the user identifier of the UE and the identifier of the location server, wherein the shared key corresponds to the user identifier of the UE.

22. The location server of claim 20, wherein the communication unit is further configured to:

and forwarding a registration response message to the UE through the router, wherein the registration response message comprises the temporary user identification.

23. A communication system, comprising: a location server, a router, and a user equipment, UE, connected to the router, wherein,

the location server is the location server of any one of claims 15-17;

the user equipment UE is the user equipment of any one of claims 12-14;

or,

the location server is the location server of any one of claims 20-22;

the user equipment UE is the user equipment of any one of claims 18-19.