[go: up one dir, main page]

CN103152731A - 3G accessed IMSI (international mobile subscriber identity) privacy protection method - Google Patents

3G accessed IMSI (international mobile subscriber identity) privacy protection method Download PDF

Info

Publication number
CN103152731A
CN103152731A CN2013100630444A CN201310063044A CN103152731A CN 103152731 A CN103152731 A CN 103152731A CN 2013100630444 A CN2013100630444 A CN 2013100630444A CN 201310063044 A CN201310063044 A CN 201310063044A CN 103152731 A CN103152731 A CN 103152731A
Authority
CN
China
Prior art keywords
imsi
key
hlr
new
vlr
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2013100630444A
Other languages
Chinese (zh)
Inventor
黄杰
张莎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
Original Assignee
Southeast University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University filed Critical Southeast University
Priority to CN2013100630444A priority Critical patent/CN103152731A/en
Publication of CN103152731A publication Critical patent/CN103152731A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a 3G accessed IMSI (international mobile subscriber identity) privacy protection method. The method comprises the following steps that a VLR (visitor location register) sends a subscriber identity request, an MS (mobile subscriber) replies the subscriber identity response; the VLR/SGSN (serving GPRS supported node) sends an authentication data request to an HLR (home location register), and the HLR replies the authentication data response; and when the MS is authorized, the VLR/SGSN sends a subscriber authorization request to the MS, and the MS replies the subscriber authorization response. Through the method, the confidentiality of the IMSI is protected by means of key identifiers and key groups; and after the user transmitted IMSI information is encrypted, the information is transmitted by means of cipher texts, so that the IMSI is avoided from being leaked. At the same time, when the HLR generates an authentication vector for the user, an encryption key which is updated in real time is distributed, so that the representation forms are different after the user encrypts the IMSI information for each time, and the user can be avoided from being tracked.

Description

一种3G接入的IMSI隐私保护方法A 3G Access IMSI Privacy Protection Method

技术领域technical field

本发明涉及3G网络通信安全技术领域,特别是涉及一种3G接入的IMSI隐私保护方法。The invention relates to the technical field of 3G network communication security, in particular to an IMSI privacy protection method for 3G access.

背景技术Background technique

3G网络中,移动用户(Mobile Subscriber,MS)的身份是由国际移动用户识别码(International Mobile Subscriber Identification Number,IMSI)在全球范围内唯一确定的。MS接入3G网络的身份认证阶段是利用认证和密钥分配协议(AKA)完成,通过核心网与MS交互认证信息实现MS和网络之间相互认证和协商通信密钥,在整个验证过程中IMSI是以明文的形式传输的,因此,AKA协议虽有效的改进了GSM系统的安全漏洞,但同样存在MS身份泄露的问题。为此,在3GPP的规范中,3G网络利用临时分配的临时识别码(Temporary MobileSubscriber Identity,TMSI)代替IMSI来保护用户的身份。但是,某些情况下系统无法通过TMSI来确定用户的身份,如:当用户在服务网络中进行初始注册的时候,或者当服务网络不能由MS的TMSI检索出IMSI的时候,服务网络仍然要求MS提供IMSI,此时,MS将响应明文形式的IMSI信息。In the 3G network, the identity of a mobile subscriber (Mobile Subscriber, MS) is uniquely determined globally by the International Mobile Subscriber Identification Number (IMSI). The identity authentication phase of MS accessing the 3G network is completed by using the authentication and key distribution protocol (AKA). Through the exchange of authentication information between the core network and the MS, the mutual authentication and negotiation of communication keys between the MS and the network are realized. During the entire verification process, the IMSI It is transmitted in the form of plain text. Therefore, although the AKA protocol has effectively improved the security loopholes of the GSM system, it also has the problem of MS identity leakage. For this reason, in the 3GPP specification, the 3G network uses a temporarily assigned Temporary Mobile Subscriber Identity (TMSI) instead of the IMSI to protect the user's identity. However, in some cases, the system cannot determine the identity of the user through the TMSI, such as: when the user performs initial registration in the service network, or when the service network cannot retrieve the IMSI from the MS's TMSI, the service network still requires the MS to Provide the IMSI. At this time, the MS will respond with the IMSI information in plain text.

而有些MS的IMSI保护方法是通过加密IMSI信息或分配别名来实现,但实用性都不强,如:利用归属位置寄存器(Home Location Register,HLR)的公钥加密IMSI信息,并定时更新HLR的公私钥对,这将给网络设备带来较大的计算负担,增加认证的延时;HLR与归属它的所有MS共享一个密钥,每次提交IMSI信息时,利用这一个共享密钥产生一个加密密钥,用于对IMSI信息进行对称加密,但这种方法存在密钥暴露的风险,很容易因为某个MS的密钥泄露导致归属于同一个HLR的所有MS遭受攻击;每个MS利用自身密钥Ki进行加密,在网络端对HLR中所有存储的(IMSI,Ki)记录进行遍历,直到找到正确的IMSI信息。这种方式利用自身密钥进行加密,虽然可以避免共享密钥的弊端,保证MS身份的机密性,但在网络端的计算量大,效率低。The IMSI protection methods of some MSs are realized by encrypting IMSI information or assigning aliases, but the practicability is not strong, such as: using the public key of the Home Location Register (Home Location Register, HLR) to encrypt the IMSI information, and regularly updating the IMSI information of the HLR Public-private key pair, which will bring a large calculation burden to network equipment and increase the delay of authentication; HLR shares a key with all MSs belonging to it, and uses this shared key to generate a The encryption key is used to symmetrically encrypt the IMSI information, but this method has the risk of key exposure, and it is easy to attack all MSs belonging to the same HLR due to the key leakage of a certain MS; each MS uses It encrypts with its own key K i , and traverses all (IMSI, K i ) records stored in the HLR on the network side until the correct IMSI information is found. This method uses its own key for encryption, although it can avoid the disadvantages of sharing the key and ensure the confidentiality of the MS identity, but it requires a large amount of calculation on the network side and has low efficiency.

发明内容Contents of the invention

发明目的:本发明提供一种3G接入的IMSI隐私保护方法,利用密钥标识和对称密钥组的方式保护IMSI信息,防止MS身份的泄露,同时保证HLR解密IMSI密文时能够很容易的找到解密密钥,实现快速认证。Purpose of the invention: the present invention provides a 3G access IMSI privacy protection method, which uses key identification and symmetric key group to protect IMSI information, prevent MS identity from leaking, and at the same time ensure that HLR can easily decrypt IMSI ciphertext Find the decryption key for fast authentication.

技术方案:一种3G接入的IMSI隐私保护方法,包括如下步骤:Technical solution: an IMSI privacy protection method for 3G access, comprising the following steps:

(1)VLR向用户发起身份标识请求,请求用户的永久身份标识IMSI;(1) The VLR initiates an identity request to the user, requesting the user's permanent identity IMSI;

(2)MS响应加密的MSIN信息,与HLR的路由信息HLR_ID共同构成加密的IMSI信息,同时提交加密密钥标识号K_IDold;MS需要利用分配到的对称密钥加密MSIN,然后与MCC||MNC组合在一起共同构成IMSI的加密信息;(2) The MS responds to the encrypted MSIN information, forms the encrypted IMSI information together with the routing information HLR_ID of the HLR, and submits the encryption key identification number K_ID old at the same time; the MS needs to use the assigned symmetric key to encrypt the MSIN, and then communicate with the MCC|| The MNCs are combined together to form the encrypted information of the IMSI;

(3)VLR/SGSN收到用户身份响应消息后,根据HLR的路由信息HLR_ID,即MCC||MNC,向HLR发送认证数据请求消息,内容包含加密后的IMSI信息及加密密钥标识号K_IDold(3) After receiving the user identity response message, the VLR/SGSN sends an authentication data request message to the HLR according to the routing information HLR_ID of the HLR, that is, MCC||MNC, and the content includes the encrypted IMSI information and the encryption key identification number K_ID old ;

(4)HLR根据收到的K_IDold从密钥库中找到相应的加密密钥Kold,解密IMSI;然后将K_IDold对应的记录状态改为FREE;接着为该IMSI产生认证向量组,同时分配新的密钥标识K_IDnew和新的加密密钥Knew;得到已嵌入密钥信息的认证向量,随后将新的认证向量组AVs与IMSI信息一起传送给VLR/SGSN;(4) HLR finds the corresponding encryption key K old from the key store according to the received K_ID old , and decrypts the IMSI; then changes the record state corresponding to K_ID old to FREE; then generates an authentication vector group for the IMSI, and distributes it at the same time The new key identifier K_ID new and the new encryption key K new ; obtain the authentication vector embedded in the key information, and then transmit the new authentication vector group AV s together with the IMSI information to the VLR/SGSN;

(5)VLR/SGSN存储来自HLR的认证向量组AVs和IMSI信息,并将认证信息RANDIN(i)||AUTN(i)发送给MS;(5) VLR/SGSN stores the authentication vector group AV s and IMSI information from HLR, and sends the authentication information RAND IN (i)||AUTN(i) to MS;

(6)MS利用嵌入函数F的逆函数F′从RANDIN中提取出随机数RAND和K_IDnew||Knew;计算XMAC=f1k(SQN||RAND||AMF),判断等式MAC=XMAC是否成立,若成立则计算出响应值RES=f2k(RAND)发送给VLR/SGSN,并将K_IDnew和Knew存储为新的IMSI加密密钥标识号和加密密钥;(6) MS uses the inverse function F′ of the embedded function F to extract random numbers RAND and K_ID new ||K new from RAND IN ; calculate XMAC=f1 k (SQN||RAND||AMF), and determine the equation MAC= Whether XMAC is set up, if set up then calculate response value RES=f2 k (RAND) and send to VLR/SGSN, and store K_ID new and K new as new IMSI encryption key identification number and encryption key;

(7)VLR/SGSN获得MS发送的RES后,判断等式XRES=RES是否成立,成立则认证成功,否则认证失败。(7) After the VLR/SGSN obtains the RES sent by the MS, it judges whether the equation XRES=RES is established. If it is established, the authentication succeeds, otherwise the authentication fails.

其中,HLR需要维护一个密钥库,其大小根据HLR所属MS的数量决定,每条记录包括四个属性,即:密钥标识号KEY_ID、加密密钥KEY、密钥使用状态STATUS和更新时间TIME。Among them, HLR needs to maintain a key store, its size is determined according to the number of MSs to which HLR belongs, and each record includes four attributes, namely: key identification number KEY_ID, encryption key KEY, key usage status STATUS and update time TIME .

本发明采用上述技术方案,具有以下有益效果:本发明中,由于每次向HLR提供IMSI信息时,都是以加密的形式传送的,则攻击者无法获取IMSI的明文形式。其次,HLR为用户产生认证向量的时候会重新分配一个加密密钥给用户,即用户每次加密IMSI信息后的表现形式都是不同的,从而避免用户被追踪。The present invention adopts the above technical scheme and has the following beneficial effects: in the present invention, since the IMSI information is transmitted in encrypted form each time the HLR is provided, the attacker cannot obtain the plaintext form of the IMSI. Secondly, when the HLR generates the authentication vector for the user, it will redistribute an encryption key to the user, that is, the expression form of the user's encrypted IMSI information is different every time, so as to avoid the user from being tracked.

附图说明Description of drawings

图1为本发明中实施例的IMSI结构示意图;FIG. 1 is a schematic structural diagram of an IMSI in an embodiment of the present invention;

图2为本发明实施例的密钥库结构示意图;Fig. 2 is a schematic diagram of a key storehouse structure according to an embodiment of the present invention;

图3为本发明实施例的HLR的密钥标识处理流程图;Fig. 3 is the key identification processing flowchart of the HLR of the embodiment of the present invention;

图4为本发明实施例的保护用户隐私的AKA协议图;FIG. 4 is an AKA protocol diagram for protecting user privacy according to an embodiment of the present invention;

图5为本发明实施例的嵌入函数F产生RANDIN的过程图;Fig. 5 is the process figure that the embedding function F of the embodiment of the present invention produces RAND IN ;

图6为本发明实施例的嵌入函数F获取K_IDnew||Knew的过程。FIG. 6 shows the process of obtaining K_ID new ||K new by the embedding function F of the embodiment of the present invention.

具体实施方式Detailed ways

下面结合具体实施例,进一步阐明本发明,应理解这些实施例仅用于说明本发明而不用于限制本发明的范围,在阅读了本发明之后,本领域技术人员对本发明的各种等价形式的修改均落于本申请所附权利要求所限定的范围。Below in conjunction with specific embodiment, further illustrate the present invention, should be understood that these embodiments are only used to illustrate the present invention and are not intended to limit the scope of the present invention, after having read the present invention, those skilled in the art will understand various equivalent forms of the present invention All modifications fall within the scope defined by the appended claims of the present application.

一种3G接入的IMSI隐私保护方法的实施过程如下:The implementation process of an IMSI privacy protection method for 3G access is as follows:

1、系统的初始化1. System initialization

图1为本发明中实施例的IMSI结构示意图,每个MS都拥有一个不同的IMSI。每个HLR产生1个由多条记录组成密钥库,密钥库的大小根据HLR所属MS的数量决定,每条记录包括四个属性,分别是密钥标识号KEY_ID、加密密钥KEY、密钥使用状态STATUS、更新时间TIME。密钥使用状态是指目前该密钥是否被分配给用户用于IMSI加密,若未使用则标示为FREE,反之为USED;更新时间TIME是指该记录状态被改变的最新时间。从密钥库中随机选择一个密钥Ki和密钥标识号K_IDi保存在MS的USIM(Universal Subscriber IdentityModule全球用户识别卡)卡上。图2为本发明实施例的密钥库结构示意图。图3为本发明实施例的HLR的密钥标识处理流程图。FIG. 1 is a schematic diagram of an IMSI structure in an embodiment of the present invention, and each MS has a different IMSI. Each HLR generates a keystore composed of multiple records. The size of the keystore is determined according to the number of MSs that the HLR belongs to. Each record includes four attributes, namely the key identification number KEY_ID, the encryption key KEY, and the encryption key. Key usage status STATUS, update time TIME. The key usage status refers to whether the key is currently assigned to the user for IMSI encryption. If it is not used, it is marked as FREE, otherwise it is marked as USED; the update time TIME refers to the latest time when the record status is changed. Randomly select a key K i and key identification number K_ID i from the key storehouse and save it on the USIM (Universal Subscriber Identity Module) card of the MS. FIG. 2 is a schematic structural diagram of a key store according to an embodiment of the present invention. Fig. 3 is a flow chart of the key identification processing of the HLR according to the embodiment of the present invention.

2、3G接入的IMSI隐私保护方法步骤,如图4所示:2. The steps of the IMSI privacy protection method for 3G access, as shown in Figure 4:

(1)VLR(Visitor Location Register,拜访位置寄存器)向用户发起身份标识请求,请求用户的永久身份标识IMSI;(1) VLR (Visitor Location Register) initiates an identity request to the user, requesting the user's permanent identity IMSI;

(2)MS回复加密的MSIN(Mobile Subscriber Identification Number,移动用户识别号码)信息,与HLR的路由信息HLR_ID共同构成加密的IMSI信息。同时提交加密密钥标识号K_IDold,大小为128bit;MS响应信息为:(2) The MS replies with encrypted MSIN (Mobile Subscriber Identification Number, mobile subscriber identification number) information, which forms encrypted IMSI information together with HLR routing information HLR_ID. At the same time, submit the encryption key identification number K_ID old , the size is 128bit; the MS response information is:

HLR_ID||K_IDold||f11(Kold,MSIN),其中f11为加密IMSI信息的函数,HLR_ID||K_ID old ||f 11 (K old ,MSIN), where f 11 is the function of encrypting IMSI information,

在USIM卡中会保存一个初始的密钥标识号和加密密钥,该初始值是在USIM卡生成时由HLR密钥库随机分配的;An initial key identification number and encryption key will be stored in the USIM card, which is randomly assigned by the HLR key store when the USIM card is generated;

(3)VLR/SGSN(Visitor Location Register/Serving GPRS SUPPORT NODE拜访位置寄存器/GPRS服务支持节点)接收到来自MS的用户身份响应消息后,根据HLR的路由信息HLR_ID,即MCC||MNC,向HLR发送认证数据请求消息,内容包含加密后的IMSI信息及密钥标识号K_IDold(3) VLR/SGSN (Visitor Location Register/Serving GPRS SUPPORT NODE Visitor Location Register/GPRS Service Support Node) receives the user identity response message from MS, according to the HLR routing information HLR_ID, that is, MCC||MNC, to HLR Send an authentication data request message, the content includes the encrypted IMSI information and the key identification number K_ID old ;

(4)HLR根据收到的K_IDold从密钥库中找到对应的加密密钥Kold,大小为128bit,其中,利用该密钥解密得到IMSI,然后将K_IDold对应的状态记录改为FREE;接着为该IMSI产生认证向量组AVs(4) HLR finds the corresponding encryption key K old from the key store according to the received K_ID old , the size of which is 128bit. Among them, use this key to decrypt to get the IMSI, and then change the status record corresponding to K_ID old to FREE; The authentication vector set AV s is then generated for the IMSI:

AV=RAND||XRES||CK||IK||AUTNAV=RAND||XRES||CK||IK||AUTN

Figure BDA00002866203800041
Figure BDA00002866203800041

MAC=f1K(SQN||RAND||AMF)MAC=f1 K (SQN||RAND||AMF)

XRES=f2K(RAND)AK=f5K(RAND)XRES=f2 K (RAND) AK=f5 K (RAND)

CK=f3K(RAND)IK=f4K(RAND)CK= f3K (RAND)IK= f4K (RAND)

其中,RAND为随机数、XRES为期望响应值、CK为加密密钥、IK为完整性密钥、AUTN为认证令牌;Among them, RAND is a random number, XRES is an expected response value, CK is an encryption key, IK is an integrity key, and AUTN is an authentication token;

同时分配新的密钥标识号K_IDnew和新的加密密钥Knew(大小均为128bit),并将二者嵌入到AVs的随机数RAND中,嵌入函数为F,如图5所示。得到已嵌入密钥信息的认证向量:AVIN=RANDIN||XRES||CK||IK||AUTN,随后将新的认证向量组与IMSI信息一起传送给VLR/SGSN:AVs||IMSI;At the same time, assign a new key identification number K_ID new and a new encryption key K new (both 128 bits in size), and embed them into the random number RAND of AV s , and the embedding function is F, as shown in Figure 5. Get the authentication vector with embedded key information: AV IN =RAND IN ||XRES||CK||IK||AUTN, and then send the new authentication vector group and IMSI information to VLR/SGSN: AV s ||IMSI ;

(5)VLR/SGSN存储来自HLR的认证向量组AVs和IMSI信息,当需要对MS认证时取出一个未用的认证向量,然后向MS发送用户认证请求消息,内容包括向量中的RANDIN(i)||AUTN(i);(5) VLR/SGSN stores the authentication vector group AV s and IMSI information from the HLR, takes out an unused authentication vector when it needs to authenticate the MS, and then sends a user authentication request message to the MS, including the RAND IN ( i)||AUTN(i);

(6)MS利用嵌入函数F的逆函数F′从RANDIN中提取出随机数RAND和K_IDnew||Knew,如图6所示。计算XMAC=f1k(SQN||RAND||AMF),判断等式MAC=XMAC是否成立。若成立则继续验证SQN是否属于正常范围内,假如SQN不属于正常范围,则向VLR/SGSN发送同步失败消息并结束验证过程,否则用户对网络身份认证成功。接着MS计算响应值RES=f2k(RAND),将该值发送给VLR/SGSN,并计算CK=f3K(RAND)和IK=f4K(RAND)作为与网络通信时的加密密钥和完整性密钥,同时将K_IDnew和Knew存储为新的IMSI加密密钥标识和加密密钥;(6) MS uses the inverse function F' of the embedded function F to extract the random number RAND and K_ID new ||K new from RAND IN , as shown in Figure 6. Calculate XMAC=f1 k (SQN||RAND||AMF), and judge whether the equation MAC=XMAC holds true. If it is established, continue to verify whether the SQN belongs to the normal range, if the SQN does not belong to the normal range, then send a synchronization failure message to the VLR/SGSN and end the verification process, otherwise the user successfully authenticates the network identity. Then the MS calculates the response value RES=f2 k (RAND), sends this value to the VLR/SGSN, and calculates CK=f3 K (RAND) and IK=f4 K (RAND) as the encryption key and complete unique key, and store K_ID new and K new as a new IMSI encryption key identifier and encryption key at the same time;

(7)VLR/SGSN获得MS发送的RES后,判断等式XRES=RES是否成立。若成立,则网络对用户认证成功,VLR/SGSN从认证向量中取出CK和IK作为与该MS通信时的加密密钥和完整性密钥,否则,网络对用户认证失败。(7) After the VLR/SGSN obtains the RES sent by the MS, it judges whether the equation XRES=RES is established. If established, the network authenticates the user successfully, and the VLR/SGSN takes out CK and IK from the authentication vector as the encryption key and integrity key when communicating with the MS; otherwise, the network fails to authenticate the user.

Claims (3)

1. the IMSI method for secret protection of a 3G access, is characterized in that, comprises the steps:
(1) VLR initiates the identify label request to the user, request user's permanent identification IMSI;
(2) the MS response MSIN information of encrypting consists of the IMSI information of encryption jointly with the routing iinformation HLR_ID of HLR, submits simultaneously encryption key identification number K_ID to old
(3) after VLR/SGSN received the user identity response message, according to the routing iinformation HLR_ID of HLR, namely MCC||MNC, sent authentication data request message to HLR, and content comprises IMSI information and the encryption key identification number K_ID after encryption old
(4) HLR is according to the K_ID that receives oldFind corresponding encryption key K from cipher key store old, deciphering IMSI; Then with K_ID oldCorresponding recording status changes FREE into; Then for this IMSI produces the Ciphering Key group, distribute simultaneously new encryption key sign K_ID newWith new encryption key K newObtain the Ciphering Key of embedded key information, subsequently with new Ciphering Key group AV sSend VLR/SGSN to together with IMSI information;
(5) the VLR/SGSN storage is from the Ciphering Key group AV of HLR sWith IMSI information, and with authentication information RAND IN(i) || AUTN (i) sends to MS;
(6) MS utilizes the inverse function F ' of imbedding function F from RAND INIn extract random parameter RAND and K_ID new|| K newCalculate XMAC=f1 k(SQN||RAND||AMF), judge whether equation MAC=XMAC sets up, calculate response RES=f2 if set up k(RAND) send to VLR/SGSN, and with K_ID newAnd K newBe stored as new IMSI encryption key identification number and encryption key;
(7) after VLR/SGSN obtains the RES of MS transmission, judge whether equation XRES=RES sets up, and sets up authentication success, otherwise authentification failure.
2. the IMSI method for secret protection of a kind of 3G access as claimed in claim 1; it is characterized in that: described HLR need to safeguard a cipher key store; its size determines according to the quantity of MS under HLR; every record comprises four attributes, that is: encryption key identification number KEY_ID, encryption key KEY, key use state STATUS and update time TIME.
3. the IMSI method for secret protection of a kind of 3G access as claimed in claim 1, it is characterized in that: in described step (2), MS need to utilize the symmetric key encryption MSIN that is assigned to, and then combines the enciphered message of common formation IMSI with MCC||MNC.
CN2013100630444A 2013-02-27 2013-02-27 3G accessed IMSI (international mobile subscriber identity) privacy protection method Pending CN103152731A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2013100630444A CN103152731A (en) 2013-02-27 2013-02-27 3G accessed IMSI (international mobile subscriber identity) privacy protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2013100630444A CN103152731A (en) 2013-02-27 2013-02-27 3G accessed IMSI (international mobile subscriber identity) privacy protection method

Publications (1)

Publication Number Publication Date
CN103152731A true CN103152731A (en) 2013-06-12

Family

ID=48550549

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2013100630444A Pending CN103152731A (en) 2013-02-27 2013-02-27 3G accessed IMSI (international mobile subscriber identity) privacy protection method

Country Status (1)

Country Link
CN (1) CN103152731A (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104270737A (en) * 2014-10-17 2015-01-07 中国联合网络通信集团有限公司 IMSI protection method and device
CN104754581A (en) * 2015-03-24 2015-07-01 河海大学 Public key password system based LTE wireless network security certification system
CN105208552A (en) * 2015-09-06 2015-12-30 集怡嘉数码科技(深圳)有限公司 Realization method for binding of mobile terminal and smart card
GB2529391A (en) * 2014-08-12 2016-02-24 Vodafone Ip Licensing Ltd Machine-to-machine cellular communication security
WO2017219673A1 (en) * 2016-06-21 2017-12-28 中兴通讯股份有限公司 Vowifi network access method and system, and terminal
CN107896370A (en) * 2017-12-27 2018-04-10 海能达通信股份有限公司 The method, apparatus of network is accessed under a kind of fail soft mode
US9992670B2 (en) 2014-08-12 2018-06-05 Vodafone Ip Licensing Limited Machine-to-machine cellular communication security
CN108347404A (en) * 2017-01-24 2018-07-31 中国移动通信有限公司研究院 A kind of identity identifying method and device
CN108683510A (en) * 2018-05-18 2018-10-19 兴唐通信科技有限公司 A kind of user identity update method of encrypted transmission
CN109155775A (en) * 2016-05-09 2019-01-04 华为技术有限公司 A mobile device, network node and method thereof
CN109691058A (en) * 2016-07-18 2019-04-26 瑞典爱立信有限公司 User equipment-related operations using secret identifiers
CN109803251A (en) * 2017-11-16 2019-05-24 诺基亚技术有限公司 Method and apparatus for the privacy management entity selection in communication system
CN110621016A (en) * 2019-10-18 2019-12-27 中国联合网络通信集团有限公司 User identity protection method, user terminal and base station
CN112134831A (en) * 2019-06-25 2020-12-25 中兴通讯股份有限公司 Method and device for sending and processing access request
US11438317B2 (en) 2017-01-31 2022-09-06 Hewlett Packard Enterprise Development Lp Device identification encryption

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101511082A (en) * 2008-02-15 2009-08-19 中国移动通信集团公司 Method, equipment and system for updating group cipher key
CN102111760A (en) * 2009-12-28 2011-06-29 北京安码科技有限公司 Method for promoting safety of international mobile subscriber identity (IMSI)
US20120263298A1 (en) * 2009-12-31 2012-10-18 Samsung Electronics Co. Ltd. Method and system for supporting security in a mobile communication system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101511082A (en) * 2008-02-15 2009-08-19 中国移动通信集团公司 Method, equipment and system for updating group cipher key
CN102111760A (en) * 2009-12-28 2011-06-29 北京安码科技有限公司 Method for promoting safety of international mobile subscriber identity (IMSI)
US20120263298A1 (en) * 2009-12-31 2012-10-18 Samsung Electronics Co. Ltd. Method and system for supporting security in a mobile communication system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
K.BOMAN: "UMTS security", 《ELECTRONICS & COMMUNICATION ENGINEERING JOURNAL》 *

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9992670B2 (en) 2014-08-12 2018-06-05 Vodafone Ip Licensing Limited Machine-to-machine cellular communication security
GB2529391A (en) * 2014-08-12 2016-02-24 Vodafone Ip Licensing Ltd Machine-to-machine cellular communication security
CN104270737A (en) * 2014-10-17 2015-01-07 中国联合网络通信集团有限公司 IMSI protection method and device
CN104270737B (en) * 2014-10-17 2018-07-03 中国联合网络通信集团有限公司 The guard method of IMSI and device
CN104754581A (en) * 2015-03-24 2015-07-01 河海大学 Public key password system based LTE wireless network security certification system
CN104754581B (en) * 2015-03-24 2018-01-19 河海大学 A kind of safety certifying method of the LTE wireless networks based on public-key cryptosystem
CN105208552A (en) * 2015-09-06 2015-12-30 集怡嘉数码科技(深圳)有限公司 Realization method for binding of mobile terminal and smart card
CN109155775A (en) * 2016-05-09 2019-01-04 华为技术有限公司 A mobile device, network node and method thereof
CN109155775B (en) * 2016-05-09 2020-11-17 华为技术有限公司 Mobile device, network node and method thereof
WO2017219673A1 (en) * 2016-06-21 2017-12-28 中兴通讯股份有限公司 Vowifi network access method and system, and terminal
CN107529160B (en) * 2016-06-21 2022-07-15 中兴通讯股份有限公司 VoWiFi network access method and system, terminal and wireless access point equipment
CN107529160A (en) * 2016-06-21 2017-12-29 中兴通讯股份有限公司 A kind of VoWiFi method for network access and system, terminal and wireless access points equipment
US11870765B2 (en) 2016-07-18 2024-01-09 Telefonaktiebolaget Lm Ericsson (Publ) Operation related to user equipment using secret identifier
US11539683B2 (en) 2016-07-18 2022-12-27 Telefonaktiebolaget Lm Ericsson (Publ) Operation related to user equipment using secret identifier
CN109691058A (en) * 2016-07-18 2019-04-26 瑞典爱立信有限公司 User equipment-related operations using secret identifiers
CN108347404B (en) * 2017-01-24 2021-10-26 中国移动通信有限公司研究院 Identity authentication method and device
CN108347404A (en) * 2017-01-24 2018-07-31 中国移动通信有限公司研究院 A kind of identity identifying method and device
US11438317B2 (en) 2017-01-31 2022-09-06 Hewlett Packard Enterprise Development Lp Device identification encryption
CN109803251A (en) * 2017-11-16 2019-05-24 诺基亚技术有限公司 Method and apparatus for the privacy management entity selection in communication system
CN109803251B (en) * 2017-11-16 2021-11-26 诺基亚技术有限公司 Method and apparatus for privacy management entity selection in a communication system
CN107896370B (en) * 2017-12-27 2020-12-18 海能达通信股份有限公司 Method and device for accessing network under failure weakening mode
CN107896370A (en) * 2017-12-27 2018-04-10 海能达通信股份有限公司 The method, apparatus of network is accessed under a kind of fail soft mode
CN108683510A (en) * 2018-05-18 2018-10-19 兴唐通信科技有限公司 A kind of user identity update method of encrypted transmission
CN112134831A (en) * 2019-06-25 2020-12-25 中兴通讯股份有限公司 Method and device for sending and processing access request
CN112134831B (en) * 2019-06-25 2023-02-21 中兴通讯股份有限公司 Method and device for sending and processing access request
CN110621016A (en) * 2019-10-18 2019-12-27 中国联合网络通信集团有限公司 User identity protection method, user terminal and base station
CN110621016B (en) * 2019-10-18 2022-08-12 中国联合网络通信集团有限公司 A user identity protection method, user terminal and base station

Similar Documents

Publication Publication Date Title
CN103152731A (en) 3G accessed IMSI (international mobile subscriber identity) privacy protection method
CN110971415B (en) An anonymous access authentication method and system for a space-earth integrated spatial information network
US11228442B2 (en) Authentication method, authentication apparatus, and authentication system
CN103533539B (en) Virtual SIM card parameter management method and device
EP2666316B1 (en) Method and apparatus for authenticating a communication device
US11799650B2 (en) Operator-assisted key establishment
CN101969638B (en) Method for protecting international mobile subscriber identity (IMSI) in mobile communication
CN107888560B (en) Mail safe transmission system and method for mobile intelligent terminal
CN108683510B (en) User identity updating method for encrypted transmission
CN106506161B (en) Privacy protection method and privacy protection device in vehicle communication
CN108683501B (en) Multiple identity authentication system and method with timestamp as random number based on quantum communication network
CN100589381C (en) A method for keeping user identity secret in communication system
US20100266128A1 (en) Credential provisioning
US8332628B2 (en) Method for accessing data safely suitable for electronic tag
CN108848495B (en) User identity updating method using preset key
CN108964897B (en) Identity authentication system and method based on group communication
WO2017188895A1 (en) Method and system for authentication with asymmetric key
CN101895881B (en) Method for realizing GBA secret key and pluggable equipment of terminal
CN108880799B (en) Multi-time identity authentication system and method based on group key pool
CN101116284A (en) Anti-clone mutual authentication in a radio communication network
CN108012266A (en) A kind of data transmission method and relevant device
JP7404540B2 (en) Privacy information transmission methods, devices, computer equipment and computer readable media
CN108964896B (en) Kerberos identity authentication system and method based on group key pool
CN108964895B (en) User-to-User identity authentication system and method based on group key pool and improved Kerberos
CN108965266B (en) User-to-User identity authentication system and method based on group key pool and Kerberos

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20130612