CN111770488B - EHPLMN updating method, related equipment and storage medium - Google Patents

Abstract

The application discloses an EHPLMN update method, a chip, a communication device and a storage medium. Wherein, the method includes: the terminal receives the first information sent by the network device; the first information includes at least one piece of EHPLMN information; the first information includes EHPLMN information updated relative to the preset EHPLMN information in the terminal; the The terminal saves the first information; and uses the first information and the preset EHPLMN information in the terminal together as updated EHPLMN information.

Description

EHPLMN update method, related equipment and storage medium

technical field

The present application relates to the field of communication technologies, and in particular to an Equivalent Home Public Land Mobile Network (EHPLMN, Equivalent Home Public Land Mobile Network) update method, related equipment and storage media.

Background technique

From Global System for Mobile Communications (GSM, Global System for Mobile Communications), Universal Mobile Telecommunications System (UMTS, Universal Mobile Telecommunications System), Long Term Evolution (LTE, Long Term Evolution) system to the current fifth generation mobile communication technology (5G, 5th Generation) system, EHPLMN both play an important role in the terminal.

However, in the related art, the method for updating the EHPLMN still needs to be optimized.

Contents of the invention

In order to solve related technical problems, embodiments of the present application provide an EHPLMN update method, related equipment, and a storage medium.

The technical scheme of the embodiment of the application is realized in this way:

The embodiment of the present application provides a method for updating EHPLMN, including:

The terminal receives the first information sent by the network device; the first information includes at least one piece of EHPLMN information; the first information includes EHPLMN information updated relative to the preset EHPLMN information in the terminal;

The terminal saves the first information; and uses the first information and the preset EHPLMN information in the terminal together as updated EHPLMN information.

In the above solution, the terminal receives the first information sent by the network device, including:

The terminal receives the first information sent by the network device through non-access stratum (NAS, Non-access Stratum) signaling.

In the above solution, the terminal receives the first information sent by the network device, including:

The terminal receives the encrypted first information sent by the network device;

The saving of the first information includes:

The terminal decrypts the encrypted first information to obtain the decrypted first information;

Save the decrypted first information.

In the above solution, the decrypting the encrypted first information includes:

The terminal uses the second information as a key to decrypt the encrypted first information; the second information includes EHPLMN information preset in the terminal.

In the above solution, the terminal decrypts the encrypted first information, including:

The terminal performs an integrity check on the encrypted first information;

After the integrity check of the encrypted first information passes, the terminal decrypts the encrypted first information.

In the above solution, the integrity check of the encrypted first information includes:

The terminal uses the length of the encrypted first information, the first identifier, and the length of the first identifier to perform an integrity check on the encrypted first information; the first identifier represents the first The version corresponding to the information.

In the above scheme, when receiving the first information, the method further includes:

The terminal receives the first identifier sent by the network device; the first identifier represents a version corresponding to the first information;

The saving of the first information includes:

When the version represented by the first identification is higher than the version represented by the second identification, the terminal uses the first information to update the locally stored third information; the second identification represents the locally stored third information of the terminal A version corresponding to the third information; the third information includes EHPLMN information updated by the terminal based on information sent by the network device in history.

The embodiment of the present application also provides a method for updating EHPLMN, including:

The network device detects the event of updating EHPLMN information;

The network device generates first information according to the detected event of updating EHPLMN information; the first information includes at least one piece of EHPLMN information; the first information includes EHPLMN information updated relative to the preset EHPLMN information in the terminal.

The network device sends the generated first information to the terminal.

In the above solution, the first information is generated according to the detected event of updating EHPLMN information, including:

The network device determines fourth information according to the detected event of updating EHPLMN information; the fourth information includes all EHPLMN information after performing an operation corresponding to the event of updating EHPLMN information;

The network device removes the EHPLMN information preset by the terminal in the fourth information to obtain the first information.

In the above solution, the sending the generated first information to the terminal includes:

The network device sends the first information to the terminal through NAS signaling.

In the above solution, the sending the generated first information to the terminal includes:

The network device encrypts the first information to obtain encrypted first information;

sending the encrypted first information to the terminal.

In the above solution, the encrypting the first information includes:

The network device encrypts the first information by using the second information as a key; the second information includes EHPLMN information preset in the terminal.

In the above solution, the sending the encrypted first information to the terminal includes:

The network device performs integrity protection on the encrypted first information;

sending the encrypted first information with integrity protection to the terminal.

In the above solution, the integrity protection of the encrypted first information includes:

The network device uses the length of the encrypted first information, the first identifier, and the length of the first identifier to perform integrity protection on the encrypted first information; the first identifier represents the first A version corresponding to the information.

In the above solution, when sending the generated first information to the terminal, the method further includes:

The network device sends a first identifier to the terminal; the first identifier represents a version corresponding to the first information.

The embodiment of the present application also provides a chip, including: a processor and an interface; wherein,

When the processor is used to run a computer program, it executes the steps of any one of the above-mentioned methods on the terminal side, or executes the steps of any one of the above-mentioned methods on the network device side.

The embodiment of the present application also provides a communication device, including: a processor and a memory for storing a computer program that can run on the processor; wherein,

When the processor is used to run the computer program, it executes the steps of any method on the terminal side, or executes the steps of any method on the network device side.

The embodiment of the present application also provides a storage medium, the medium stores a computer program, and when the computer program is executed by a processor, it implements the steps of any of the above methods on the terminal side, or realizes the steps of any of the above methods on the network device side .

In the EHPLMN update method, device, related equipment, and storage medium provided in the embodiments of the present application, the network equipment detects an event of updating EHPLMN information; generates first information according to the detected event of updating EHPLMN information; and sends the generated information to the terminal the first information; and the terminal saves the first information, and uses the first information and the preset EHPLMN information in the terminal together as the updated EHPLMN information, and the first information contains information relative to the terminal The EHPLMN information updated by the preset EHPLMN information in the application; the solution of the embodiment of this application, the terminal uses at least one EHPLMN information sent by the network device and the EHPLMN information preset by itself as the updated EHPLMN information, so that the terminal does not need to actively collect corresponding operation information. Instead, the network equipment of the corresponding operator sends the updated EHPLMN information to the terminal, so that the terminal can update the EHPLMN information in real time and accurately.

Description of drawings

Fig. 1 is the schematic flow chart of the EHPLMN updating method that the embodiment of the present application is applied to network equipment;

FIG. 2 is a schematic flow diagram of an EHPLMN update method applied to a terminal according to an embodiment of the present application;

3 is a schematic diagram of the sequence of the EHPLMN update method of the application embodiment of the present application;

Fig. 4 is a schematic flow diagram of encrypting an additional EHPLMN list (Additional EHPLMN List) in an application embodiment of the present application;

Fig. 5 is a schematic flow diagram of decrypting the encrypted Additional EHPLMN List according to the application embodiment of the present application;

FIG. 6 is a schematic structural diagram of an EHPLMN update device according to an embodiment of the present application;

FIG. 7 is a schematic structural diagram II of an EHPLMN update device according to an embodiment of the present application;

FIG. 8 is a schematic structural diagram of a chip according to an embodiment of the present application;

FIG. 9 is a schematic diagram of a hardware structure of a communication device according to an embodiment of the present application.

Detailed ways

The technical solution of the present application will be further described in detail below in conjunction with the drawings and embodiments of the description.

In related technologies, the elementary file (EF, Elementary File) EF _EHPLMN in the Universal Subscriber Identity Module (USIM, Universal Subscriber Identity Module) of the terminal usually pre-stores a plurality of EHPLMN information, and the plurality of EHPLMN information can be represented by an EHPLMN list (List) method; the terminal can judge whether the currently registered PLMN is a roaming PLMN according to the EHPLMNList, and when it is determined that the currently registered PLMN is a RoamingPLMN, it starts to periodically search the network so that it can correctly return to the corresponding PLMN. The home public land mobile network (HPLMN, Home PLMN) designated by the operator.

In recent years, due to the rapid development of wireless technology and the surge of end users caused by the popularity of smart phones, some large operators are gradually expanding and/or upgrading the wireless network, which makes the EHPLMN pre-set in the USIM of the terminal List may not meet the needs of the corresponding operator. In the process of expanding and/or upgrading the wireless network, the operator will add new EHPLMN information on the basis of the EHPLMN List preset by the USIM. These new EHPLMN information can also be reflected in a List. Usually, for Different from the EHPLMN List, the table corresponding to the EHPLMN information added by the operator can be called an additional (Additional) EHPLMN list; at the same time, after the corresponding operator adds the Additional EHPLMN List on the basis of the EHPLMN List, in order to ensure that the terminal is The correct judgment of RoamingPLMN needs to update the corresponding operator's expanded Additional EHPLMN List to the terminal synchronously.

Usually, in order to synchronously update the Additional EHPLMN List extended by the corresponding operator, the terminal needs to actively collect the Additional EHPLMN List extended by the corresponding operator, and then save the collected Additional EHPLMN List in its own fixed memory (NVM, Non-volatile memory) ;Due to the large number of large operators in the world, it is very difficult to cover the accurate information of all large operators, that is, it is difficult for the terminal to collect the accurate Additional EHPLMN List expanded by the corresponding operator; Due to multiple expansions and/or upgrades, the terminal cannot obtain the Additional EHPLMN List expanded each time by the corresponding operator in a timely manner (that is, in real time); therefore, the terminal cannot update the Additional EHPLMN List expanded by the corresponding operator synchronously and accurately in real time by using the above method.

Based on this, in various embodiments of the present application, the network device sends at least one EHPLMN information (that is, the above-mentioned Additional EHPLMN List) to the terminal, so that the terminal sends at least one EHPLMN information sent by the network device and its own preset EHPLMN information ( That is, the above-mentioned EHPLMN List) together serve as the updated EHPLMN information; the terminal does not need to actively collect the updated EHPLMN information of the corresponding operator, but the network equipment of the corresponding operator sends the updated EHPLMN information to the terminal, so that the terminal can real-time and accurately Update the EHPLMN information accordingly.

The embodiment of the present application provides a kind of EHPLMN updating method, is applied to network equipment, as shown in Figure 1, described method comprises the following steps:

Step 101: the network device detects an event of updating EHPLMN information;

Step 102: The network device generates first information according to the detected event of updating EHPLMN information;

Here, the first information includes at least one piece of EHPLMN information; the first information does not include second information; the second information includes EHPLMN information preset in the terminal; that is, the first information includes information relative to The EHPLMN information updated by the preset EHPLMN information in the terminal;

Step 103: The network device sends the generated first information to the terminal.

Here, the first information and the second information are used as EHPLMN information usable by the terminal, for example, for the terminal to determine whether the currently registered PLMN is a roaming PLMN.

The first information does not include the second information, that is, the EHPLMN information included in the first information is completely different from the EHPLMN information included in the second information.

Wherein, the second information is the above-mentioned EHPLMN List; the first information is the above-mentioned AdditionalEHPLMN List.

Here, it should be noted that the terminal is any terminal registered in the network corresponding to the network device.

In step 101, in actual application, the event of updating the EHPLMN information may be various forms of events, for example, the event of updating the EHPLMN information may be the visual management of the network device corresponding to the administrator of the corresponding operator The operation of adding EHPLMN information on the page; as another example, the event of updating EHPLMN information may be that the network device receives an instruction for adding EHPLMN information sent by an administrator of a corresponding operator.

In actual application, the event of updating EHPLMN information may occur during the network upgrade process and/or network expansion process of the corresponding operator.

In step 102, in actual application, after the network device detects the event of updating the EHPLMN information, it can be determined according to the event of updating the EHPLMN information that the network device has performed the operation corresponding to the event of updating the EHPLMN information All subsequent EHPLMN information (may be recorded as fourth information in subsequent descriptions); since the second information is pre-stored in the network device, and all events that update EHPLMN information are updates for the second information event; therefore, the fourth information includes the second information, and the network device can obtain an Additional EHPLMN List by removing the second information from the fourth information, that is, obtain the first information.

Based on this, in an embodiment, the generating the first information according to the detected event of updating EHPLMN information may include:

The network device determines fourth information according to the detected event of updating EHPLMN information; the fourth information includes all EHPLMN information after the operation corresponding to the event of updating EHPLMN information is performed; that is, the the fourth information includes the second information;

The network device removes the second information (that is, the preset EHPLMN information in the terminal) from the fourth information to obtain the first information.

In practical application, in order to reduce the transformation cost of the network device and the terminal, when the network device sends the first information to the terminal, the existing signaling interaction process between the network side and the terminal side can be used The signaling in transmits the first information, for example, a NAS transport (Transport) process.

Based on this, in an embodiment, in step 103, the sending the generated first information to the terminal may include:

The network device sends the first information to the terminal through NAS signaling.

Here, in various embodiments of the present application, all information exchanged between the network device and the terminal may be transmitted through NAS signaling.

In actual application, the first information may be set in the payload container (PayloadContainer) field of the NAS signaling; correspondingly, after the terminal receives the NAS signaling, it may The Payload Container domain in obtains the first information.

In practical applications, in order to enable the terminal to distinguish between NAS signaling carrying the first information and other NAS signaling, the network device may set an identifier in the NAS signaling carrying the first information (subsequent may be recorded as a third identifier in the description), and the third identifier may be a value that is not used or defined in any related technology and has no special meaning; when the terminal detects the third identifier from NAS signaling In the case of identification, the terminal may determine that the NAS signaling carrying the first information is received, that is, the first information sent by the network device is received. Here, the third identifier can be set in the payload container type (Payload Container Type) field of the NAS signaling (for example, the Payload Container Type field is set to 9); in this way, the terminal can be improved to determine the current NAS signal Order whether to carry the efficiency of the first information.

Based on this, in step 103, in actual application, when the network device sends the generated first information to the terminal, the method may further include: the network device sends a third identifier to the terminal; the The third identifier is used for the terminal to determine that the first information sent by the network device has been received.

In actual application, the network device may include at least two network elements on the network side, such as a unified data management (UDM, Unified Data Management) network element and an access and mobility management function (AMF, Access and Mobility Management Function) network element . Specifically, the UDM network element may detect the event of updating the EHPLMN information, and when the event of updating the EHPLMN information is detected, the UDM network element may determine the fourth information according to the event of updating the EHPLMN information, and send the fourth The second information in the information is removed, the first information is generated, and then the first information is sent to the AMF network element through the subscription data notification (Nudm_SDM_Notification) message, and the AMF network element transmits the downlink NAS transport (Downlink NAS Transport ) message to send the first information to the terminal.

In actual application, in order to enable the terminal to determine whether the first information is the Additional EHPLMN List required by itself, that is, to determine whether the version corresponding to the first information is higher than the version of the EHPLNM information stored in itself (in the terminal When determining that the version corresponding to the first information is higher than the version of the EHPLNM information stored by itself, the terminal saves the first information; when the terminal determines that the version corresponding to the first information is lower than or equal to the version stored by itself EHPLNM information version, the terminal discards the first information), when the network device sends the generated first information to the terminal, it may also send to the terminal a version representing the version corresponding to the first information Identification information (which may be referred to as a first identification in subsequent descriptions); in this way, the terminal may determine whether to save the first information according to the first identification.

Based on this, in an embodiment, when sending the generated first information to the terminal, the method may further include:

The network device sends a first identifier to the terminal; the first identifier represents a version corresponding to the first information.

Specifically, the network device may send the first identifier to the terminal through NAS signaling.

In practical applications, since the first information is very important, in order to prevent the first information from being incorrectly or maliciously tampered with during data transmission, the terminal stays on a Visited Public Land Mobile Network (VPLMN, Visited PLMN) and mistakenly think that the VPLMN is an HPLMN, the terminal and the network device need to transmit the first information securely; for example, encrypt the first information; for another example, through the terminal and the The secure tunnel established by the network device transmits the first information.

Based on this, in an embodiment, the sending the generated first information to the terminal may include:

The network device encrypts the first information to obtain encrypted first information;

sending the encrypted first information to the terminal.

In practical applications, the network device and the terminal may locally preset an encryption key for encrypting and decrypting the first information. Here, since both the terminal and the network device store the second information, and only the terminal and the network device can know the content of the second information; therefore, in order to save the terminal and the network The storage space of the device, and to further improve the security of transmitting the first information, the second information can be directly set as an encryption key stream, that is, the second information is used as a key; that is, the network device uses the The second information is used as a key to encrypt the first information to obtain the encrypted first information; after the terminal receives the encrypted first information, it can use the second information for the Decrypt the encrypted first information to obtain the decrypted first information.

In actual application, the network device and the terminal may use any encryption method to encrypt and decrypt the first information; for example, when the network device encrypts the first information, it may encrypt the first information Execute an XOR operation on information and an encrypted key stream (for example, the second information), and the obtained XOR operation result is the encrypted first information; correspondingly, the terminal encrypts the encrypted When decrypting the first information, an XOR operation can be performed on the encrypted first information and the decryption key stream (corresponding to the encryption key stream, that is, the second information), and the obtained XOR operation result That is, the decrypted first information.

In actual application, when the network device is composed of a UDM network element and an AMF network element, the UDM network element may encrypt the first information after generating the first information to obtain the encrypted first information. information, and then send the encrypted first information to the AMF network element through a Nudm_SDM_Notification message, and the AMF network element sends the encrypted first information to the terminal through a DownlinkNAS Transport message.

In practical applications, in order to ensure the integrity of the encrypted first information received by the terminal, the network device may further perform integrity protection on the encrypted first information, and send the encrypted first information to the terminal. The encrypted first information is integrity protected.

Based on this, in an embodiment, the sending the encrypted first information to the terminal may include:

The network device performs integrity protection on the encrypted first information;

sending the encrypted first information with integrity protection to the terminal.

Here, when the network device sends the encrypted first information with integrity protection to the terminal, it also needs to send first integrity verification information at the same time, and the first integrity verification information is the generated by the device after performing integrity protection on the encrypted first information, and the first integrity verification information is used for the terminal to verify the encrypted first information after receiving the encrypted first information The first message is sanity checked.

In practical application, the first integrity verification information may include a Message Authentication Code (MAC, Message Authentication Code).

In practical applications, the network device may also send the first integrity verification information corresponding to the encrypted first information that has been integrity protected to the terminal through a Downlink NAS Transport message; therefore, the sending to the The terminal sending the encrypted first information with integrity protection may include: the network device sending the encrypted first information and the encrypted first information to the terminal. - Integrity verification information.

In actual application, parameters required for integrity protection of the encrypted first information and parameters required for integrity check of the encrypted first information (for the encrypted first information) may be set as required. The parameters required for the integrity protection of the first information are the same as the parameters required for the integrity check of the encrypted first information), such as the length of the encrypted first information, the first identifier, The length of the first identification, etc.

Based on this, in an embodiment, the performing integrity protection on the encrypted first information may include:

The network device performs integrity protection on the encrypted first information by using the length of the encrypted first information, the first identifier, and the length of the first identifier.

In actual application, the network device and the terminal may use any data integrity protection algorithm to perform integrity protection on the encrypted first information, and perform an integrity check on the encrypted first information; For example, MD5 message digest algorithm (MD5, Message Digest Algorithm MD5), key derivation function (KDF, KeyDerivation Function), etc. Meanwhile, the network device may further include an Authentication Server Function (AUSF, Authentication Server Function) network element, and the AUSF network element performs integrity protection on the encrypted first information.

For example, when the network device is composed of a UDM network element, an AUSF network element, and an AMF network element, the network device uses KDF to protect the integrity of the encrypted first information, which may specifically be implemented as follows of: after the UDM network element generates the first information, it encrypts the first information to obtain the encrypted first information, and sends an integrity protection message carrying the encrypted first information to the AUSF network element request (may be expressed as Nausf_AddEHPLMN_Protection) message, to request the AUSF network element to perform integrity protection on the encrypted first information. After the AUSF network element receives the Nausf_AddEHPLMN_Protection message, it can generate a counter whose initial value is the first value (the first value can be a value that is not used or defined in any related technology and has no special meaning, such as 0x00 0x01) (may be expressed as Counter _EHPLMN ), and Counter _EHPLMN can characterize the version corresponding to at least one EHPLMN information contained in the first information (that is, the first identification); and the preset first FC value (the first The FC value can be a value that is not used or defined in any related technology and has no special meaning, such as 0x80. The FC value is the KDF instance identifier, which is used to identify different KDF instances, that is, to distinguish KDF instances with different computing purposes ), the encrypted first information, the length of the encrypted first information, Counter _EHPLMN (i.e. the first identification) and the length of Counter _EHPLMN (i.e. the length of the first identification) as KDF Input parameters, use the AUSF key (K _AUSF ) negotiated between the terminal and the AUSF network element in the process of registering the terminal to the network corresponding to the network device as the designated key of KDF, and run KDF; AUSF network element The lower 128 bits (bit) of the result output after running the KDF can be determined as the MAC (can be expressed as EHPLMN-MAC-I _AUSF ) obtained after the integrity protection of the encrypted first information; obtain EHPLMN-MAC After -I _AUSF , the AUSF network element can return to the UDM network element an integrity protection request response (which can be expressed as Nausf_AddEHPLMN_Protection_Rsp) carrying EHPLMN-MAC-I _AUSF and Counter _EHPLMN ; after the AUSF network element returns Nausf_AddEHPLMN_Protection_Rsp, it can control the Counter _EHPLMN to add 1. That is, use the result of adding 1 to Counter _EHPLMN to update Counter _EHPLMN for the AUSF network element to calculate EHPLMN-MAC-I _AUSF next time. After the UDM network element receives the Nausf_AddEHPLMN_Protection_Rsp message, it can send the encrypted first information, EHPLMN-MAC-I _AUSF , and Counter _EHPLMN to the AMF network element through the Nudm_SDM_Notification message, and then the AMF network element sends the encrypted information to the AMF network element through the Downlink NAS Transport message. The encrypted first information, EHPLMN-MAC-I _AUSF (that is, the first integrity verification information), and Counter _EHPLMN (that is, the first identifier) are sent to the terminal. Here, the encrypted first information, EHPLMN-MAC-I _AUSF and Counter _EHPLMN can be set in the Payload Container field of the Downlink NAS Transport message, and the Payload ContainerType field of the Downlink NAS Transport message can be set as the third An identifier (the third identifier may be a value that is not used or defined in any related art and has no special meaning, such as 9).

Correspondingly, for the above-mentioned process of performing integrity protection on the encrypted first information, the terminal uses KDF to perform an integrity check on the encrypted first information, which may specifically be implemented as follows: the terminal receives In the Downlink NAS Transport message from the network device, when it is detected that the Payload Container Type field of the Downlink NAS Transport message is the first identifier, the terminal determines that the encrypted first information has been received, that is, determines that the Downlink NAS Transport The Payload Container field of the Transport message contains the encrypted first information; at this time, the terminal needs to perform a security check on the Payload Container field of the Downlink NAS Transport message, and the security check is "The terminal uses the Downlink NAS The PayloadContainer field of the Transport message contains other information except the encrypted first information, and the integrity check of the encrypted first information is performed, and the integrity check of the encrypted first information passes Then, the process of decrypting the encrypted first information”; specifically, the terminal obtains the encrypted first information, EHPLMN-MAC-I _AUSF and Counter from the PayloadContainer field of the Downlink NAS Transport message _EHPLMN , and the preset first FC value, the encrypted first information, the length of the encrypted first information, Counter _EHPLMN and the length of Counter _EHPLMN are used as input parameters of KDF, and the K _AUSF As the specified key of KDF, run KDF; the terminal can determine the low 128bit of the output result after running KDF as the MAC (may be expressed as EHPLMN-XMAC) obtained after integrity checking of the encrypted first information -I _AUSF ); After obtaining EHPLMN-XMAC-I _AUSF , the terminal can compare EHPLMN-XMAC-I _AUSF and EHPLMN-MAC-I _AUSF , and EHPLMN-XMAC-I _AUSF and EHPLMN-MAC-I _AUSF are equal In the case of , the terminal may determine that the integrity check of the encrypted first information passes; at this time, the terminal may decrypt the encrypted first information to obtain the decrypted first information , and save the decrypted first information. Here, the way the terminal calculates the EHPLMN-XMAC-I _AUSF is the same as the way the AUSF network element calculates the EHPLMN-MAC-I _AUSF , that is, the parameters required by the terminal to calculate the EHPLMN-XMAC-I _AUSF are the same as those of the AUSF network element. The parameters required to meta-calculate EHPLMN-MAC-I _AUSF are the same.

In actual application, in order to enable the network device to determine that the terminal has completed the EHPLMN update, the Downlink NAS Transport message (that is, NAS signaling) may also include reception confirmation indication (which may be expressed as ACKIndication) information; ACK Indication information is used for Instructing the terminal to send receipt confirmation information to the network device after storing the first information; of course, in order to ensure the integrity of information transmission, the reception confirmation information may be integrity protected; the network device receives the After receiving the confirmation information, an integrity check may be performed on the reception confirmation information, and after the integrity check of the reception confirmation information passes, the network device may determine that the terminal has completed the EHPLMN update. When the integrity check of the receipt confirmation information fails, the network device may resend the first information to the terminal, or may not process it, which may be specifically set according to requirements of the operator. Therefore, when sending the generated first information to the terminal, the method may further include: the network device sending reception confirmation indication information (which may be sent through NAS signaling) to the terminal; the reception confirmation indication The information is used to instruct the terminal to send reception confirmation information to the network device after saving the first information. Here, when the reception confirmation information is integrity protected, when the network device receives the reception confirmation information sent by the terminal, it also receives the second integrity verification information sent by the terminal, and uses the second The integrity verification information performs an integrity check on the reception confirmation information; the second integrity verification information is generated when the terminal performs integrity protection on the reception confirmation information.

Specifically, the network device is composed of a UDM network element, an AUSF network element, and an AMF network element, and the terminal and the network device use KDF to protect the integrity of the reception confirmation information, and the reception confirmation In the case of information integrity check, when the UDM network element sends the Nausf_AddEHPLMN_Protection message carrying the encrypted first information to the AUSF network element, the Nausf_AddEHPLMN_Protection message also needs to carry ACKIndication information, and the ACK Indication information is used to instruct the AUSF network element to calculate The MAC of the terminal (may be expressed as EHPLMN-XMAC-I _UE ), and the EHPLMN-XMAC-I _UE is used for the UDM network element to check the integrity of the reception confirmation information returned by the terminal after storing the first information. After the AUSF network element receives the Nausf_AddEHPLMN_Protection message, and obtains the Counter _EHPLMN and the EHPLMN-MAC-I _AUSF , the preset second FC value (the second FC value may be unused or defined in any related technology A value with no special meaning, such as 0x81), a preset first character string (the first character string can be set as required, such as "0x01 ("Additional EHPLMN List"Acknowledgment)", etc.), the first character string The length of the string, Counter _EHPLMN , and the length of Counter _EHPLMN are used as the input parameters of KDF, and the K _AUSF is used as the specified key of KDF to run KDF; the AUSF network element can determine the lower 128 bits of the output result after running KDF as EHPLMN- XMAC-I _UE , and return the Nausf_AddEHPLMN_Protection_Rsp message carrying EHPLMN-MAC-I _AUSF , EHPLMN-XMAC-I _UE and Counter _EHPLMN to the UDM network element. After the UDM network element receives the Nausf_AddEHPLMN_Protection_Rsp message, it can save the EHPLMN-XMAC-I _UE locally, and can send the encrypted first information, EHPLMN-MAC-I _AUSF and Counter _EHPLMN to the AMF network element through the Nudm_SDM_Notification message , and then the AMF network element sends the encrypted first information, EHPLMN-MAC-I _AUSF , ACK Indication information, and Counter _EHPLMN to the terminal through a Downlink NAS Transport message. The terminal receives the Downlink NAS Transport message from the network device, checks the integrity of the encrypted first information, and decrypts the encrypted first information to obtain the decrypted first information. After storing the decrypted first information, the terminal can store the second FC value, the first character string, the length of the first character string, Counter _EHPLMN , and Counter _EHPLMN The length is used as the input parameter of KDF, and the K _AUSF is used as the specified key of KDF to run KDF; the terminal can determine the lower 128 bits of the output result after running KDF as the integrity protection of the receiving confirmation information obtained MAC (may be expressed as EHPLMN-MAC-I _UE , namely the second integrity verification information), and carry EHPLMN-MAC-I _UE in the uplink NAS signaling (Uplink NAS Transport) message in response to the Downlink NASTransport message Send to the AMF network element; the AMF network element sends the EHPLMN-MAC-I _UE to the UDM network element through the Nudm_SDM_Info message in response to the Nudm_SDM_Notification message; the UDM network element can communicate the EHPLMN-MAC-I _UE with the local EHPLMN-XMAC-I _UE In contrast, when the EHPLMN-MAC-I _UE is equal to the EHPLMN-XMAC-I _UE , the UDM network element may determine that the integrity check of the reception confirmation information passes, and the terminal completes the EHPLMN update. Here, the terminal calculates the EHPLMN-MAC-I _UE in the same manner as the AUSF network element calculates the EHPLMN-XMAC-I _UE , that is, the terminal calculates the parameters required for the EHPLMN-MAC-I _UE and the AUSF network element The parameters required for meta-calculation of EHPLMN-XMAC-I _UE are the same.

Correspondingly, the embodiment of the present application also provides an EHPLMN update method, which is applied to a terminal, as shown in FIG. 2, and the method includes the following steps:

Step 201: The terminal receives the first information sent by the network device;

Here, the first information includes at least one piece of EHPLMN information; the first information does not include second information; the second information includes EHPLMN information preset in the terminal; that is, the first information includes EHPLMN information updated relative to the EHPLMN information preset in the terminal;

Step 202: The terminal saves the first information; and uses the first information and the EHPLMN information preset in the terminal (that is, the operator presets in the terminal) together as the updated EHPLMN information .

Here, the first information and the second information together serve as the EHPLMN information that the terminal can use, for example, it can be used for the terminal to judge whether the currently registered PLMN is a roaming PLMN.

Wherein, the second information is the above-mentioned EHPLMN List; the first information is the above-mentioned AdditionalEHPLMN List.

Here, it should be noted that the terminal is any terminal registered in the network corresponding to the network device.

In step 201, in actual application, the mobility management module of the terminal may receive the first information sent by the network device.

In step 202, in actual application, the mobility management module of the terminal may store the first information in the NVM of the terminal, and use the first information and the second information to determine the currently registered Whether the PLMN is a roaming PLMN; if it is determined that the currently registered PLMN is a roaming PLMN, the mobility management module may instruct the network search module of the terminal to leave the current roaming PLMN and return to the HPLMN.

In step 201, in actual application, when the terminal receives the first information sent by the network device, it may also receive the third identifier sent by the network device. Specifically, the terminal may determine whether the information received from the network device carries the third identifier, and if it is determined that the information received from the network device carries the third identifier, the terminal may Determine that the first information sent by the network device is received. Of course, when the terminal determines that the information received from the network device does not carry the third identifier, it may discard the corresponding information received from the network device, or may not accept the information received from the network device. to process.

In an embodiment, the terminal receiving the first information sent by the network device may include:

The terminal receives the first information sent by the network device through NAS signaling.

Here, in various embodiments of the present application, all information exchanged between the network device and the terminal may be transmitted through NAS signaling.

In actual application, after the terminal receives the NAS signaling, it may determine whether the PayloadContainer Type field of the NAS signaling carries the third identifier, and if it is determined that the NAS signaling carries the third identifier, It is determined that the NAS signaling carries the first information, and the first information may be obtained from a Payload Container field in the NAS signaling.

In an embodiment, the terminal receiving the first information sent by the network device may include:

The terminal receives the encrypted first information sent by the network device;

Correspondingly, the saving of the first information may include:

The terminal decrypts the encrypted first information to obtain the decrypted first information;

Save the decrypted first information.

In practical applications, the terminal may preset the same encryption key as that of the network device locally, for example, setting the second information as an encryption key stream, that is, using the second information as a key; that is, the The network device encrypts the first information by using the second information to obtain encrypted first information; the terminal uses the second information as a key to decrypt the encrypted first information, The decrypted first information is obtained.

In an embodiment, the encrypted first information is integrity-protected, and the terminal decrypts the encrypted first information, which may include:

The terminal performs an integrity check on the encrypted first information;

After the integrity check of the encrypted first information passes, the terminal decrypts the encrypted first information.

In practical applications, in order to check the integrity of the encrypted first information, when the terminal receives the first information sent by the network device, it may also receive the first integrity verification information sent by the network device; The first integrity verification information is generated by the network device after performing integrity protection on the encrypted first information, and the first integrity verification information is used for the terminal to receive the encrypted first information After the first information, an integrity check is performed on the encrypted first information. Therefore, the receiving the first information sent by the network device may include: the terminal receiving the encrypted first information sent by the network device and the first integrity verification corresponding to the encrypted first information information.

In an embodiment, the performing integrity check on the encrypted first information may include:

The terminal uses the length of the encrypted first information, the first identifier, and the length of the first identifier to perform an integrity check on the encrypted first information; the first identifier represents the first The version corresponding to the information.

In practical applications, if the integrity check of the encrypted first information fails, the terminal may not process it, and wait for the network device to resend the first information; of course, the terminal may also sending an EHPLMN update request message to the network device to accept the first information again.

In an embodiment, when receiving the first information, the method may further include:

The terminal receives the first identifier sent by the network device;

Correspondingly, the saving of the first information may include:

When the version represented by the first identification is higher than the version represented by the second identification, the terminal uses the first information to update the locally stored third information; the second identification represents the locally stored third information of the terminal A version corresponding to the third information; the third information includes EHPLMN information updated by the terminal based on information sent by the network device in history.

In actual application, the first identifier and the first information may be received by the terminal through the same NAS signaling, that is, the above-mentioned Downlink NAS Transport message; the first identifier is the above-mentioned Counter _EHPLMN .

Specifically, after receiving the first information, in order to verify whether the first information is wrong information (for example, at least one piece of EHPLMN information contained in the first information is EHPLMN information that has been updated by the terminal), the The terminal may determine whether the version represented by the first logo is higher than the version represented by the second logo, and if the version represented by the first logo is higher than the version represented by the second logo, use the update the third information with one piece of information; and at the same time, update the second identifier with the first identifier. Of course, in the case that the version represented by the first identification is lower than or equal to the version represented by the second identification, the terminal may discard the first information.

In practical applications, when the terminal receives the first information sent by the network device, it may also receive reception confirmation indication information sent by the network device; the reception confirmation indication information is used to indicate that the terminal is saving the first information. After receiving the information, the receiving confirmation information is sent to the network device. Therefore, in response to the receiving confirmation indication information, the terminal may generate receiving confirmation information after storing the first information, and send the generated receiving confirmation information to the network device for the network device to confirm the received The terminal has completed the EHPLMN update. Certainly, in order to ensure the integrity of information transmission, the terminal may perform integrity protection on the reception confirmation information, and generate second integrity verification information corresponding to the integrity-protected reception confirmation information, and convert the first The second integrity verification message and the integrity-protected reception confirmation information are sent to the network device together, so that the network device can use the second integrity verification message to perform integrity verification on the reception confirmation information.

In the EHPLMN update method provided by the embodiment of the present application, the network device detects the event of updating the EHPLMN information; generates the first information according to the detected event of updating the EHPLMN information; and sends the generated first information to the terminal; and the terminal saves the The first information, using the first information and the preset EHPLMN information in the terminal together as the updated EHPLMN information, the first information includes information updated relative to the preset EHPLMN information in the terminal EHPLMN information, so that the terminal does not need to actively collect the updated EHPLMN information of the corresponding operator, but the network equipment of the corresponding operator sends the updated EHPLMN information to the terminal, so that the terminal can update EHPLMN information in real time and accurately.

The present application will be further described in detail below in conjunction with application examples.

This application embodiment proposes a mechanism for dynamically updating the Additional EHPLMN List (that is, the first information above) initiated by the network side (that is, the above-mentioned network device) to the terminal. The network side utilizes the security architecture of the existing 5G network and the existing The 5G NAS Transport process is used to update the Additional EHPLMN List, and the security network element function of the current 5G network is fully utilized to protect the security of the Additional EHPLMN List through the cooperation of UDM network elements and AUSF network elements. Specifically, after the terminal registers on the New Radio (NR, New Radio) network, when the UDM network element detects that the pre-stored EHPLMN List (that is, the above-mentioned second information) in the terminal needs to be expanded, that is, when the UDM network When it is determined that an AdditionalEHPLMN List needs to be provided for the terminal through the event that the administrator of the corresponding operator updates the EHPLMN List, the UDM network element encrypts the Additional EHPLMN List, and the AUSF network element performs integrity protection on the encrypted Additional EHPLMN List , and finally the AMF network element sends the encrypted and integrity-protected Additional EHPLMN List to the terminal through the DL (Downlink) NAS Transport process. The mobile management module of the terminal receives the DL NAS Transport information, performs integrity check and decryption on the Additional EHPLMN List information, and stores the decrypted Additional EHPLMN List in the NVM of the terminal; the Additional EHPLMNList is composed of the EHPLMN List in the USIM card The EHPLMN List is used for the mobility management module to guide the network search module of the terminal to leave the current Roaming PLMN and return to the HPLMN.

The EHPLMN update method provided by this application embodiment, as shown in Figure 3, may specifically include the following steps:

Step 301: The terminal is registered on the NR network; then step 302 is executed.

Step 302: The UDM network element detects that the current EHPLMN List is insufficient, and needs to update the EHPLMN, and generate an Additional EHPLMN List; then execute step 303.

Specifically, the UDM network element detects an event of updating the EHPLMN List, determines that an Additional EHPLMN List needs to be sent to the terminal, and generates an Additional EHPLMN List according to the event of updating the EHPLMN List.

Step 303: The UDM network element and the AUSF network element perform security protection on the Additional EHPLMN List; then step 304 is executed.

Here, performing security protection on the Additional EHPLMN List may include encrypting the Additional EHPLMNList and performing integrity protection on the Additional EHPLMN List; specifically, the process of performing step 303 may include the following steps:

Step 3031: The UDM network element encrypts the Additional EHPLMN List; then execute step 3032.

Specifically, only the terminal and the UDM network element can know the EF _EHPLMN content (that is, the EHPLMN List) of the USIM card of the terminal. Therefore, the EHPLMN List can be designed as an encryption key stream, and the UDM network element completes the simple encryption of the Additional EHPLMN List through the process shown in Figure 4, that is, the plaintext of the EHPLMN List and the AdditionalEHPLMN List (that is, the unencrypted Additional EHPLMN List) Perform an XOR operation, and the content obtained by the XOR operation is the encrypted Additional EHPLMN List.

Step 3032: After the UDM network element completes the information encryption, it sends a Nausf_AddEHPLMN_Protection message to the AUSF network element, requesting the AUSF network element to perform information integrity protection on the encrypted Additional EHPLMN List; then execute step 3033.

Here, the Nausf_AddEHPLMN_Protection message contains the encrypted Additional EHPLMNList and ACK Indication. The _{ACK Indication indicates that the AUSF network element needs to calculate EHPLMN-XMAC-I UE .} When receiving an acknowledgment message (Acknowledgment) sent by the terminal, an integrity check is performed on the acknowledgment message.

Step 3033: The AUSF network element returns the Nausf_AddEHPLMN_Protection_Rsp message to the UDM network element after completing the integrity protection of the encrypted Additional EHPLMN List; and then executes step 304.

Here, the Nausf_AddEHPLMN_Protection_Rsp message includes EHPLMN-MAC-I _AUSF , EHPLMN-XMAC-I _UE and Counter _EHPLMN .

Specifically, the process for the AUSF network element to perform integrity protection on the encrypted Additional EHPLMN List may include the following two steps:

Step 1: The AUSF network element generates the Counter _EHPLMN (ie, the above-mentioned first identifier) for integrity protection, and the initial value of the Counter _EHPLMN (ie, the first value) can be 0x00 0x01. After completing the generation of a Nausf_AddEHPLMN_Protection_Rsp message, the Counter _EHPLMN value plus 1.

Step 2: The AUSF network element uses 0x80 (that is, the first FC value above) as the input parameter FC of KDF, the encrypted Additional EHPLMN List as the input parameter P0 of KDF, and the length of the encrypted Additional EHPLMN List as the input of KDF Parameter L0, use Counter _EHPLMN as the input parameter P1 of KDF, and use the length of Counter _EHPLMN as the input parameter L1 of KDF, use K _AUSF as the specified key key of KDF, and execute KDF; the lower 128 bits of the output result after executing KDF are It is the EHPLMN-MAC-I _AUSF obtained after performing integrity protection on the encrypted Additional EHPLMN List.

At the same time, the AUSF network element uses 0x81 (that is, the above-mentioned second FC value) as the input parameter FC of KDF, and uses the string "0x01 ("Additional EHPLMN List"Acknowledgment)" (that is, the above-mentioned first string) as the input parameter P0 of KDF , use the length of the character string as the input parameter L0 of KDF, use Counter _EHPLMN as the input parameter P1 of KDF, and use the length of Counter _EHPLMN as the input parameter L1 of KDF, use K _AUSF as the specified key key of KDF, and execute KDF; The lower 128 bits of the output result after executing KDF is EHPLMN-XMAC-I _UE .

Step 304: The UDM network element sends a Nudm_SDM_Notification message to the AMF network element; then step 305 is executed.

Here, the Nudm_SDM_Notification message includes the encrypted Additional EHPLMN List, EHPLMN-MAC-I _AUSF and Counter _EHPLMN .

Step 305: After receiving the Nudm_SDM_Notification message sent by the UDM network element, the AMF network element sends a DL NAS Transport message to the terminal; and then executes step 306.

Here, the Payload Container Type field of the DL NAS Transport message can be set to 9 (that is, the third identifier above); the Payload Container field of the DL NAS Transport message can include the encrypted AdditionalEHPLMN List, ACK Indication (that is, the above-mentioned reception confirmation indication information), EHPLMN-MAC-I _AUSF (that is, the above-mentioned first integrity verification information) and Counter _EHPLMN (that is, the above-mentioned first identifier).

Step 306: After receiving the DL NAS Transport message from the AMF network element, the mobile management module of the terminal detects that the Payload Container Type field of the DL NAS Transport message is 9, and instructs the security module of the terminal to check the DL NAS Transport message in the Payload Container field. The encrypted Additional EHPLMN List is checked for safety; then step 307 is executed.

Here, performing a security check on the encrypted Additional EHPLMN List may include performing an integrity check on the encrypted Additional EHPLMN List and decrypting the encrypted Additional EHPLMN List; specifically, the process of performing step 306 may include the following steps:

Step 3061: The terminal checks the integrity of the encrypted Additional EHPLMN List; then executes step 3062.

Here, the terminal calculates the EHPLMN-XMAC-I _AUSF value in the same way as the AUSF network element calculates the EHPLMN-MAC-I _AUSF , and compares the EHPLMN-MAC-I _AUSF with the EHPLMN-XMAC-I _AUSF , if they are equal , the integrity check is passed; that is, the terminal uses the same KDF input parameters FC, P0, L0, P1, L1 and the same key to calculate EHPLMN-XMAC when the AUSF network element calculates EHPLMN-MAC-I _AUSF -I _AUSF value. Specifically, the terminal uses 0x80 as the input parameter FC of the KDF, uses the encrypted Additional EHPLMN List contained in the Payload Container field of the DL NAS Transport message as the input parameter P0 of the KDF, and uses the length of the encrypted Additional EHPLMN List as The input parameter L0 of KDF, the Counter _EHPLMN contained in the Payload Container field of the DL NAS Transport message is used as the input parameter P1 of KDF, the length of Counter _EHPLMN is used as the input parameter L1 of KDF, and K _AUSF is used as the designated key key of KDF , execute KDF; the lower 128 bits of the output result after executing KDF is the EHPLMN-XMAC-I _AUSF obtained after integrity checking of the encrypted Additional EHPLMN List.

Step 3062: After the integrity check of the encrypted Additional EHPLMN List is passed, the terminal decrypts the encrypted Additional EHPLMN List in the same way as the UDM network element encrypts the Additional EHPLMN List, and the obtained Additional EHPLMN List plaintext (that is, the above-mentioned decrypted first information); then execute step 307.

Specifically, the terminal regards the EHPLMN List as a key stream, and performs an exclusive OR operation on the EHPLMN List and the encrypted Additional EHPLMN List through the process shown in Figure 5, and the content obtained by the exclusive OR operation is the Additional EHPLMN List plaintext content.

Step 307: After the security module of the terminal passes the security check of the encrypted Additional EHPLMN List, calculate EHPLMN-MAC-I _UE , and include EHPLMN-MAC-I _UE in the UL NAS Transport message and send it to the AMF network element; then execute step 308.

Here, the UL NAS Transport message is an Acknowledgment of the DL NAS Transport message. Specifically, after obtaining the plain text of the Additional EHPLMN List, in order to respond to the previously received DL NASTransport message, the terminal _needs to use the same KDF input parameters FC, P0, L0, P1, L1 and the same key calculate EHPLMN-MAC-I _UE .

Step 308: The AMF network element sends the EHPLMN-MAC-I _UE (that is, the above-mentioned second integrity verification information) in the DL NAS Transport message received from the terminal to the UDM network element through the Nudm_SDM_Info message; then execute step 309.

Step 309: The UDM network element checks the integrity _of the Acknowledgment of the terminal by comparing whether the _EHPLMN -MAC-I _UE is the same as the previously saved EHPLMN-XMAC-I _UE . If they are the same, the integrity check of the Acknowledgment of the terminal passes.

Here, the specific implementation process of the EHPLMN update method provided in this application embodiment is the same as the specific implementation process of the EHPLMN update method shown in FIG. 1 and the EHPLMN update method shown in FIG. 2 , and will not be repeated here.

When the operator upgrades the network, it needs to add the Additional EHPLMN List on the basis of the EHPLMNList of the current USIM card of the corresponding terminal; if the terminal collects the Additional EHPLMN List, it is very difficult to collect; and, because the collected Additional EHPLMN The List may be inaccurate, and it is difficult for the terminal to update the Additional EHPLMN List synchronously with the operator. However, using the EHPLMN update method provided by the embodiment of this application, the network side initiates the update action of the Additional EHPLMN List, making full use of the 5G security architecture and signaling process to ensure the security and integrity of the Additional EHPLMN List during transmission, and finally The AdditionalEHPLMN List can be updated to the terminal side in real time and safely.

Therefore, the EHPLMN update method provided in this application embodiment has the following advantages:

First, the update of EHPLMN is real-time and accurate; since the network side of the operator can provide the most accurate Additional EHPLMN List, it is the most real-time and accurate to initiate the update of EHPLMN by the network side; EHPLMN List is difficult, EHPLMN update is not timely (for example, EHPLMN update lag), ensure that the Additional EHPLMN List obtained by the terminal is always the latest EHPLMN information of the corresponding operator (that is, the service operator corresponding to the terminal).

Second, make full use of the existing security architecture and signaling process of the current 5G network. Under the premise of minimizing changes to existing 5G network equipment and terminals (that is, under the premise of controlling costs), the information transmission process Integrity and confidentiality (that is, security) of the Additional EHPLMN List are guaranteed, and finally the Additional EHPLMN List is updated to the terminal side in real time and safely.

In order to implement the method on the terminal side of the embodiment of the present application, the embodiment of the present application also provides an EHPLMN update device, which is set on the terminal, as shown in Figure 6, the EHPLMN update device includes: a receiving unit 61 and a first processing unit 62; where,

The receiving unit 61 is configured to receive first information sent by a network device; the first information includes at least one piece of EHPLMN information; the first information includes EHPLMN information updated relative to the preset EHPLMN information in the terminal;

The first processing unit 62 is configured to save the first information; and use the first information and the preset EHPLMN information in the terminal together as updated EHPLMN information.

In an embodiment, the receiving unit 61 is specifically configured to receive the first information sent by the network device through NAS signaling.

In an embodiment, the receiving unit 61 is also used for:

receiving the encrypted first information sent by the network device;

Correspondingly, the first processing unit 62 is also used for:

Decrypting the encrypted first information to obtain the decrypted first information;

Save the decrypted first information.

In an embodiment, the first processing unit 62 is further configured to:

Deciphering the encrypted first information by using the second information as a key; the second information includes EHPLMN information preset in the terminal.

In an embodiment, the first processing unit 62 is further configured to:

performing an integrity check on the encrypted first information;

After the integrity check of the encrypted first information passes, the encrypted first information is decrypted.

In an embodiment, the first processing unit 62 is further configured to:

Perform an integrity check on the encrypted first information by using the length of the encrypted first information, the first identifier, and the length of the first identifier; the first identifier indicates that the first information corresponds to Version.

In an embodiment, the receiving unit 61 is further configured to receive a first identifier sent by the network device; the first identifier represents a version corresponding to the first information;

The first processing unit 62 is also used for:

When the version represented by the first identification is higher than the version represented by the second identification, the terminal uses the first information to update the locally stored third information; the second identification represents the locally stored third information of the terminal A version corresponding to the third information; the third information includes EHPLMN information updated by the terminal based on information sent by the network device in history.

Here, the functions of the receiving unit 61 and the first processing unit 62 may be equivalent to the functions of the mobile management module and the security module of the terminal in the application embodiment of the present application.

In actual application, the receiving unit 61 may be realized by a communication interface in the updated EHPLMN device; the first processing unit 62 may be realized by a processor in the updated EHPLMN device.

It should be noted that: when the EHPLMN update device provided by the above-mentioned embodiment updates the EHPLMN, it only uses the division of the above-mentioned program modules for illustration. The internal structure of the EHPLMN update device is divided into different program modules to complete all or part of the processing described above. In addition, the EHPLMN update device provided in the above embodiment is based on the same idea as the terminal-side EHPLMN update method embodiment, and its specific implementation process is detailed in the method embodiment, and will not be repeated here.

In order to implement the method on the network device side of the embodiment of the present application, the embodiment of the present application also provides an EHPLMN update device, which is set on the network device. As shown in FIG. 7, the EHPLMN update device includes: a detection unit 71, a second processing unit 72 and sending unit 73; wherein,

The detection unit 71 is configured to detect an event of updating EHPLMN information;

The second processing unit 72 is configured to generate first information according to the detected event of updating EHPLMN information; the first information includes at least one piece of EHPLMN information; the first information includes information relative to the preset EHPLMN in the terminal. EHPLMN information for information updates;

The sending unit 73 is configured to send the generated first information to the terminal.

In an embodiment, the second processing unit 72 is specifically used for:

According to the detected event of updating EHPLMN information, determine fourth information; the fourth information includes all EHPLMN information after performing the operation corresponding to the event of updating EHPLMN information; the fourth information includes the first Two information, the second information includes EHPLMN information preset in the terminal;

removing the second information from the fourth information to obtain the first information.

In an embodiment, the sending unit 73 is specifically configured to send the first information to the terminal through NAS signaling.

In an embodiment, the second processing unit 72 is further configured to encrypt the first information to obtain encrypted first information;

The sending unit 73 is further configured to send the encrypted first information to the terminal.

In an embodiment, the second processing unit 72 is also used for:

Encrypting the first information by using the second information as a key.

In an embodiment, the second processing unit 72 is further configured to perform integrity protection on the encrypted first information;

The sending unit 73 is further configured to send the encrypted first information with integrity protection to the terminal.

In an embodiment, the second processing unit 72 is also used for:

Integrity protection of the encrypted first information is performed using the length of the encrypted first information, the first identifier, and the length of the first identifier; the first identifier indicates that the first information corresponds to Version.

In an embodiment, when sending the generated first information to the terminal, the sending unit 73 is further configured to:

Sending a first identifier to the terminal; the first identifier represents a version corresponding to the first information.

In practical application, the detection unit 71 and the second processing unit 72 may be realized by a processor in the EHPLMN updating device; the sending unit 73 may be realized by a communication interface in the EHPLMN updating device.

It should be noted that: when the EHPLMN update device provided by the above-mentioned embodiment updates the EHPLMN, it only uses the division of the above-mentioned program modules for illustration. The internal structure of the EHPLMN update device is divided into different program modules to complete all or part of the processing described above. In addition, the EHPLMN updating apparatus provided in the above embodiments and the EHPLMN updating method embodiments on the network device side belong to the same idea, and the specific implementation process thereof is detailed in the method embodiments, and will not be repeated here.

In order to implement the method on the terminal side or the network device side of the embodiment of the present application, the embodiment of the present application also provides a chip. As shown in FIG. 8 , the chip 80 includes:

Interface 81, used for information interaction with the memory;

The processor 82 is connected to the interface 81 to implement information interaction with the memory, and is used to read the computer program stored in the memory through the interface 81, and when running the computer program, execute the above-mentioned terminal side or A method provided by one or more technical solutions on the network device side.

In actual application, as shown in FIG. 8 , the chip 80 may further include a memory 83 for storing various types of data to support the operation of the chip 80 . Examples of such data include any computer programs for operating on chip 80 .

Certainly, the research and development personnel also can not arrange memory in described chip 80 according to chip design requirement, store the computer that can run on described processor 82 by the memory of described chip 80 place communication device (such as terminal or network device). program.

Specifically, when the chip 80 is used to implement the method on the terminal side of the embodiment of the present application, the processor 82 is used to perform the following operations:

Receiving first information sent by a network device; the first information includes at least one piece of EHPLMN information; the first information includes EHPLMN information updated relative to the preset EHPLMN information in the terminal;

saving the first information; using the first information and the preset EHPLMN information in the terminal together as updated EHPLMN information.

In an embodiment, the processor 82 is further configured to receive the first information sent by the network device through NAS signaling.

In one embodiment, the processor 82 is further configured to perform the following operations:

receiving the encrypted first information sent by the network device;

Decrypting the encrypted first information to obtain the decrypted first information;

Save the decrypted first information.

In one embodiment, the processor 82 is further configured to perform the following operations:

Deciphering the encrypted first information by using the second information as a key; the second information includes EHPLMN information preset in the terminal.

In one embodiment, the processor 82 is further configured to perform the following operations:

performing an integrity check on the encrypted first information;

After the integrity check of the encrypted first information passes, the encrypted first information is decrypted.

In one embodiment, the processor 82 is further configured to perform the following operations:

Perform an integrity check on the encrypted first information by using the length of the encrypted first information, the first identifier, and the length of the first identifier; the first identifier indicates that the first information corresponds to Version.

In an embodiment, when receiving the first information, the processor 82 is further configured to perform the following operations:

receiving a first identifier sent by the network device; the first identifier represents a version corresponding to the first information;

When the version represented by the first identification is higher than the version represented by the second identification, the terminal uses the first information to update the locally stored third information; the second identification represents the locally stored third information of the terminal A version corresponding to the third information; the third information includes EHPLMN information updated by the terminal based on information sent by the network device in history.

When the chip 80 is used to implement the method on the network device side of the embodiment of the present application, the processor 82 is specifically configured to perform the following operations:

An event to update EHPLMN information is detected;

Generate first information according to the detected event of updating EHPLMN information; the first information includes at least one piece of EHPLMN information; the first information includes EHPLMN information updated relative to the preset EHPLMN information in the terminal;

Send the generated first information to the terminal.

In one embodiment, the processor 82 is further configured to perform the following operations:

Determine fourth information according to the detected event of updating EHPLMN information; the fourth information includes all EHPLMN information after performing the operation corresponding to the event of updating EHPLMN information;

The first information is obtained by removing the EHPLMN information preset by the terminal in the fourth information.

In one embodiment, the processor 82 is further configured to perform the following operations:

sending the first information to the terminal through NAS signaling.

In one embodiment, the processor 82 is further configured to perform the following operations:

Encrypting the first information to obtain encrypted first information;

sending the encrypted first information to the terminal.

In one embodiment, the processor 82 is further configured to perform the following operations:

Encrypting the first information by using the second information as a key; the second information includes EHPLMN information preset in the terminal.

In one embodiment, the processor 82 is further configured to perform the following operations:

performing integrity protection on the encrypted first information;

sending the encrypted first information with integrity protection to the terminal.

In one embodiment, the processor 82 is further configured to perform the following operations:

Integrity protection of the encrypted first information is performed using the length of the encrypted first information, the first identifier, and the length of the first identifier; the first identifier indicates that the first information corresponds to Version.

In one embodiment, the processor 82 is further configured to perform the following operations:

Sending a first identifier to the terminal; the first identifier represents a version corresponding to the first information.

It should be noted that: for the specific process of the processor 82 performing the above operations, refer to the method embodiment on the terminal side and the method embodiment on the network device side in this application, and details are not repeated here.

Based on the hardware implementation of the above program modules, and in order to implement the method on the terminal side or the network device side of the embodiment of the present application, the embodiment of the present application also provides a communication device, the communication device may be a terminal or a network device, as shown in Figure 9 As shown, the communication device 90 includes:

Communication interface 91, capable of information interaction with other communication devices;

The processor 92 is connected to the communication interface 91 to implement information interaction with other communication devices, and is used to execute the method provided by one or more technical solutions on the terminal side or network device side when running a computer program;

The memory 93 is used to store computer programs that can run on the processor 92 .

Here, when the communication device 90 is a terminal, the other communication device may be a network device; when the communication device 90 is a network device, the other communication device may be a terminal.

Specifically, when the communication device 90 is used to implement the method on the terminal side of the embodiment of the present application, the processor 92 is used to perform the following operations:

Receiving first information sent by a network device; the first information includes at least one piece of EHPLMN information; the first information includes EHPLMN information updated relative to the preset EHPLMN information in the terminal;

saving the first information; using the first information and the preset EHPLMN information in the terminal together as updated EHPLMN information.

In an embodiment, the processor 92 is further configured to receive the first information sent by the network device through NAS signaling.

In one embodiment, the processor 92 is further configured to perform the following operations:

receiving the encrypted first information sent by the network device;

Decrypting the encrypted first information to obtain the decrypted first information;

Save the decrypted first information.

In one embodiment, the processor 92 is further configured to perform the following operations:

Deciphering the encrypted first information by using the second information as a key; the second information includes EHPLMN information preset in the terminal.

In one embodiment, the processor 92 is further configured to perform the following operations:

performing an integrity check on the encrypted first information;

After the integrity check of the encrypted first information passes, the encrypted first information is decrypted.

In one embodiment, the processor 92 is further configured to perform the following operations:

Perform an integrity check on the encrypted first information by using the length of the encrypted first information, the first identifier, and the length of the first identifier; the first identifier indicates that the first information corresponds to Version.

In an embodiment, when receiving the first information, the processor 92 is further configured to perform the following operations:

receiving a first identifier sent by the network device; the first identifier represents a version corresponding to the first information;

When the version represented by the first identification is higher than the version represented by the second identification, the terminal uses the first information to update the locally stored third information; the second identification represents the locally stored third information of the terminal A version corresponding to the third information; the third information includes EHPLMN information updated by the terminal based on information sent by the network device in history.

When the communication device 90 is used to implement the method on the network device side of the embodiment of the present application, the processor 92 is used to perform the following operations:

An event to update EHPLMN information is detected;

Generate first information according to the detected event of updating EHPLMN information; the first information includes at least one piece of EHPLMN information; the first information includes EHPLMN information updated relative to the preset EHPLMN information in the terminal;

Send the generated first information to the terminal.

In one embodiment, the processor 92 is further configured to perform the following operations:

Determine fourth information according to the detected event of updating EHPLMN information; the fourth information includes all EHPLMN information after performing the operation corresponding to the event of updating EHPLMN information;

The first information is obtained by removing the EHPLMN information preset by the terminal in the fourth information.

In one embodiment, the processor 92 is further configured to perform the following operations:

sending the first information to the terminal through NAS signaling.

In one embodiment, the processor 92 is further configured to perform the following operations:

Encrypting the first information to obtain encrypted first information;

sending the encrypted first information to the terminal.

In one embodiment, the processor 92 is further configured to perform the following operations:

Encrypting the first information by using the second information as a key; the second information includes EHPLMN information preset in the terminal.

In one embodiment, the processor 92 is further configured to perform the following operations:

performing integrity protection on the encrypted first information;

sending the encrypted first information with integrity protection to the terminal.

In one embodiment, the processor 92 is further configured to perform the following operations:

Integrity protection of the encrypted first information is performed using the length of the encrypted first information, the first identifier, and the length of the first identifier; the first identifier indicates that the first information corresponds to Version.

In one embodiment, the processor 92 is further configured to perform the following operations:

Sending a first identifier to the terminal; the first identifier represents a version corresponding to the first information.

It should be noted that: for the specific process of the processor 92 performing the above operations, refer to the method embodiment on the terminal side and the method embodiment on the network device side in this application, and details are not repeated here.

Of course, in practical applications, various components in the communication device 90 may be coupled together through the bus system 94 . It can be understood that the bus system 94 is used to realize connection and communication between these components. In addition to the data bus, the bus system 94 also includes a power bus, a control bus and a status signal bus. However, the various buses are labeled as bus system 94 in FIG. 9 for clarity of illustration.

The methods disclosed in the above method embodiments on the terminal side or the network device side of the present application may be applied to the processor 92 or implemented by the processor 92 . The processor 92 may be an integrated circuit chip with signal processing capability. In the implementation process, each step of the above method can be completed by an integrated logic circuit of hardware in the processor 92 or instructions in the form of software. The aforementioned processor 92 may be a general-purpose processor, a digital signal processor (DSP, Digital Signal Processor), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. The processor 92 may implement or execute various methods, steps, and logic block diagrams disclosed in the method embodiments of the terminal side or the network device side of the present application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the method embodiments on the terminal side or the network device side of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in a storage medium, the storage medium is located in the memory 93, and the processor 92 reads the information in the memory 93, and completes the steps of the foregoing method in combination with its hardware.

In an exemplary embodiment, the communication device 90 may be implemented by one or more Application Specific Integrated Circuit (ASIC, Application Specific Integrated Circuit), DSP, Programmable Logic Device (PLD, ProgrammableLogic Device), Complex Programmable Logic Device (CPLD, Complex Programmable Logic Device), field-programmable gate array (FPGA, Field-Programmable Gate Array), general-purpose processor, controller, microcontroller (MCU, Micro Controller Unit), microprocessor (Microprocessor), or other electronic components Implementation, for executing the aforementioned method on the terminal side or on the network device side.

It can be understood that the memory in the embodiment of the present application (such as the memory 83 in the chip 80 or the memory 93 in the communication device 90) can be a volatile memory or a non-volatile memory, and can also include volatile and non-volatile memory. memory both. Wherein, non-volatile memory can be read-only memory (ROM, Read Only Memory), programmable read-only memory (PROM, Programmable Read-Only Memory), erasable programmable read-only memory (EPROM, ErasableProgrammable Read-Only Memory) Memory), Electrically Erasable Programmable Read-Only Memory (EEPROM, ElectricallyErasable Programmable Read-Only Memory), Magnetic Random Access Memory (FRAM, ferromagnetic random access memory), Flash Memory (Flash Memory), Magnetic Surface Memory, CD-ROM, Or CD-ROM (Compact Disc Read-Only Memory); magnetic surface storage can be disk storage or tape storage. The volatile memory may be random access memory (RAM, Random Access Memory), which is used as an external cache. By way of illustration and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM, Static Random Access Memory), Synchronous Static Random Access Memory (SSRAM, Synchronous Static Random Access Memory), Dynamic Random Access Memory (DRAM, Dynamic Random Access Memory), Synchronous Dynamic Random Access Memory (SDRAM, Synchronous Dynamic Random Access Memory), Double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM, Double Data Rate Synchronous Dynamic Random Access Memory), Enhanced Synchronous Dynamic Random Access Memory Access memory (ESDRAM, Enhanced Synchronous Dynamic Random Access Memory), synchronous connection dynamic random access memory (SLDRAM, SyncLink Dynamic Random Access Memory), direct memory bus random access memory (DRRAM, Direct Rambus Random Access Memory). The memories described in the embodiments of the present application are intended to include but not limited to these and any other suitable types of memories.

In an exemplary embodiment, the embodiment of the present application also provides a storage medium, that is, a computer storage medium, specifically a computer-readable storage medium, such as the memory 83 storing computer programs in the chip 80, and the computer stored in the memory 83 The program can be executed by the processor 82 in the chip 80, so as to complete the steps described in the foregoing method on the terminal side or the network side. Another example is the memory 93 storing computer programs. The computer programs stored in the memory 93 can be executed by the processor 92 in the communication device 90, so as to complete the steps described in the foregoing terminal-side or network-side methods. The computer-readable storage medium may be memory such as FRAM, ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface memory, optical disk, or CD-ROM.

In the several embodiments provided in this application, it should be understood that the disclosed methods and smart devices may be implemented in other ways. The device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods, such as: multiple units or components can be combined, or May be integrated into another system, or some features may be ignored, or not implemented. In addition, the coupling, or direct coupling, or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms of.

The units described above as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place or distributed to multiple network units; Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application can be integrated into one processing unit, or each unit can be used as a single unit, or two or more units can be integrated into one unit; the above-mentioned integration The unit can be realized in the form of hardware or in the form of hardware plus software functional unit.

Those of ordinary skill in the art can understand that all or part of the steps for realizing the above-mentioned method embodiments can be completed by hardware related to program instructions, and the aforementioned program can be stored in a computer-readable storage medium. When the program is executed, the It includes the steps of the above method embodiments; and the aforementioned storage medium includes: various media that can store program codes such as removable storage devices, ROM, RAM, magnetic disks or optical disks.

Alternatively, if the above-mentioned integrated units of the present application are realized in the form of software function modules and sold or used as independent products, they can also be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the embodiment of the present application is essentially or the part that contributes to the prior art can be embodied in the form of a software product. The computer software product is stored in a storage medium and includes several instructions for Make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the methods described in the various embodiments of the present application. The aforementioned storage medium includes: various media capable of storing program codes such as removable storage devices, ROM, RAM, magnetic disks or optical disks.

It should be noted that: "first", "second", etc. are used to distinguish similar objects, and not necessarily used to describe a specific order or sequence.

In addition, the technical solutions described in the embodiments of the present application may be combined arbitrarily if there is no conflict.

The above is only a specific implementation of the application, but the scope of protection of the application is not limited thereto. Anyone familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the application. Should be covered within the protection scope of this application.

Claims (14)

1. An Equivalent Home Public Land Mobile Network (EHPLMN) updating method, comprising:

a terminal receives first information sent by network equipment; the first information comprises at least one EHPLMN information; the first information includes EHPLMN information updated with respect to EHPLMN information preset in the terminal;

the terminal saves the first information; the first information and EHPLMN information preset in the terminal are jointly used as updated EHPLMN information;

the terminal receives first information sent by network equipment, and the first information comprises:

the terminal receives first information sent by the network equipment through non-access stratum (NAS) signaling;

the method for receiving the first information sent by the network device by the terminal includes:

the terminal receives encrypted first information sent by the network equipment; the encrypted first information is obtained by encrypting the first information by the network equipment by using the second information;

the second information includes EHPLMN information preset in the terminal.

2. The method of claim 1, wherein the saving the first information comprises:

the terminal decrypts the encrypted first information to obtain decrypted first information;

and storing the decrypted first information.

3. The method according to claim 2, wherein said decrypting the encrypted first information comprises:

and the terminal decrypts the encrypted first information by using the second information as a secret key.

4. The method according to claim 2, wherein the terminal performs decryption processing on the encrypted first information, and the decryption processing includes:

the terminal carries out integrity check on the encrypted first information;

and after the integrity check of the encrypted first information passes, the terminal decrypts the encrypted first information.

5. The method of claim 4, wherein the integrity checking the encrypted first information comprises:

the terminal carries out integrity check on the encrypted first information by using the length of the encrypted first information, the first identifier and the length of the first identifier; the first identification represents a version corresponding to the first information.

6. The method of claim 1, wherein receiving the first information, the method further comprises:

the terminal receives a first identifier sent by the network equipment; the first identification represents a version corresponding to the first information;

the saving the first information includes:

under the condition that the version of the first identification representation is higher than that of the second identification representation, the terminal updates locally stored third information by using the first information; the second identifier represents a version corresponding to the third information locally stored by the terminal; the third information comprises EHPLMN information updated by the terminal based on information sent by network equipment history.

7. An EHPLMN update method, comprising:

the network equipment detects an event for updating the EHPLMN information;

the network equipment generates first information according to the detected event for updating the EHPLMN information; the first information comprises at least one EHPLMN information; the first information comprises EHPLMN information updated relative to EHPLMN information preset in the terminal;

the network equipment sends the generated first information to the terminal;

the sending the generated first information to the terminal includes:

the network equipment sends the first information to the terminal through NAS signaling;

wherein the sending the generated first information to the terminal further includes:

the network equipment encrypts the first information to obtain encrypted first information;

sending the encrypted first information to the terminal;

wherein, the encrypting the first information comprises:

the network equipment uses second information as a key to encrypt the first information; the second information includes EHPLMN information preset in the terminal.

8. The method of claim 7, wherein generating the first information based on the detected event that updates the EHPLMN information comprises:

the network equipment determines fourth information according to the detected event for updating the EHPLMN information; the fourth information includes all EHPLMN information after the operation corresponding to the event of updating EHPLMN information is performed;

and the network equipment removes the EHPLMN information preset by the terminal in the fourth information to obtain the first information.

9. The method according to claim 7, wherein the sending the encrypted first information to the terminal comprises:

the network equipment performs integrity protection on the encrypted first information;

and sending the encrypted first information subjected to integrity protection to the terminal.

10. The method according to claim 9, wherein said integrity protecting the encrypted first information comprises:

the network equipment performs integrity protection on the encrypted first information by using the length of the encrypted first information, the first identifier and the length of the first identifier; the first identification represents a version corresponding to the first information.

11. The method according to any one of claims 7 to 8, wherein when the generated first information is transmitted to a terminal, the method further comprises:

the network equipment sends a first identifier to the terminal; the first identification represents a version corresponding to the first information.

12. A chip, comprising: a processor and an interface; wherein,

the processor, when being configured to execute a computer program, is configured to perform the steps of the method of any one of claims 1 to 6 or to perform the steps of the method of any one of claims 7 to 11.

13. A communication device, comprising: a processor and a memory for storing a computer program capable of running on the processor; wherein,

the processor is adapted to perform the steps of the method of any one of claims 1 to 6 or the steps of the method of any one of claims 7 to 11 when running the computer program.

14. A storage medium storing a computer program, wherein the computer program when executed by a processor implements the steps of the method of any one of claims 1 to 6 or implements the steps of the method of any one of claims 7 to 11.

Images