[go: up one dir, main page]

WO2010040259A1 - Procédé et dispositif de protection de la confidentialité de l’identité de l’utilisateur d’un terminal de transmission - Google Patents

Procédé et dispositif de protection de la confidentialité de l’identité de l’utilisateur d’un terminal de transmission Download PDF

Info

Publication number
WO2010040259A1
WO2010040259A1 PCT/CN2008/072641 CN2008072641W WO2010040259A1 WO 2010040259 A1 WO2010040259 A1 WO 2010040259A1 CN 2008072641 W CN2008072641 W CN 2008072641W WO 2010040259 A1 WO2010040259 A1 WO 2010040259A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
communication terminal
pseudo
identity
name
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2008/072641
Other languages
English (en)
Chinese (zh)
Other versions
WO2010040259A8 (fr
Inventor
胡志远
骆志刚
万志坤
王楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Shanghai Bell Co Ltd
Alcatel Lucent SAS
Original Assignee
Alcatel Lucent Shanghai Bell Co Ltd
Alcatel Lucent SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alcatel Lucent Shanghai Bell Co Ltd, Alcatel Lucent SAS filed Critical Alcatel Lucent Shanghai Bell Co Ltd
Priority to PCT/CN2008/072641 priority Critical patent/WO2010040259A1/fr
Priority to CN200880130771.5A priority patent/CN102124767B/zh
Publication of WO2010040259A1 publication Critical patent/WO2010040259A1/fr
Publication of WO2010040259A8 publication Critical patent/WO2010040259A8/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden

Definitions

  • the present invention relates to the field of communications, and more particularly to a method, device, and computer for providing confidentiality protection for a communication terminal user, particularly an identity identifier such as an IMSI (International Mobile Subscriber Identity) for a communication terminal user. program. Background technique
  • IMSI International Mobile Subscriber Identity
  • FIG. 1 shows an example of a SAE/LTE architecture conforming to the 3GPP TS 23.401 standard.
  • the user equipment UE Whenever the user wants to access the service provided by the operator, for example, the IMS service, the user equipment UE first needs to be authenticated by the MME (Mobility Management Entity) via the E-UTRAN, and the MME performs the UE according to the related information provided by the HSS. Certification operation.
  • an access request from the UE is sent to the PDN gateway via the E-UTRAN and the service gateway.
  • the PDN gateway forwards the user request to the operator's IP service according to a policy obtained in advance or temporarily from the PCRF, such as an access rights policy and a charging policy.
  • the MME may provide a function of paging, selecting a PDN-GW, and an S-GW for a UE in an MME-IDLE state (ie, a state of staying but no message transmission);
  • the HSS is a database for storing user subscription information, User security information such as user identification, number, network access control information for authentication and authorization, user location information, and the like are stored.
  • the MME on the network side allocates a GUTI (Globally Unique Temporary Identity) to each mobile user who has an IMSI.
  • the network side MME obtains the IMSI of the user according to the GUTI of the user, and then according to The obtained IMSI is used to authenticate the user. After the authentication succeeds, the UE owned by the user can access the service provided by the operator.
  • the MME may not be able to identify the user identity IMSI in the user UE based on the user's GUTI.
  • the ME USIM is registered for the first time in the service network and does not receive a valid GUTI within a certain period of time, or the GUTI cannot regain the IMSI of the UE user due to a database failure in the service network, or After the UE roams to the new service network, the new service network cannot contact the previous old service network.
  • the GUTI cannot effectively identify the UE user. That is, the MME cannot obtain the IMSI of the user according to the GUTI, which causes the MME to send a request to the UE to send its permanent IMSI identity, as shown in FIG. 2 . Subsequently, in the user's response, the UE transmits the IMSI in plaintext so that the MME redistributes the new GUTL according to the IMSI which exposes the user's IMSI on the LTE radio link.
  • IMSI is also commonly referred to as a user identification code, consisting of a country code (MCC), a network code (MNC), and a user identity code (MSIN).
  • MCC country code
  • MNC network code
  • MSIN user identity code
  • IMSI uniquely identifies the user. It is the most information that users want to be protected.
  • IMSI is a unique identifier on a global scale, it provides a lot of users' private information, such as the home network and the country to which it belongs. Therefore, transmitting IMSI in plain text is very vulnerable to attackers. By collecting IMSI, attacking The IMSI can be associated with the user identity.
  • the UE also has the possibility of accepting IMSI requests from untrusted entities.
  • the service network originally intended to hide the user's IMSI for any device other than HE (Home Environment), rather than any device that can obtain the user's IMSI as described above.
  • the present invention provides a method for providing identity confidentiality protection for a user of a communication terminal, including the steps of:
  • the network entity identified by the management user assigns at least two pseudo-names to users of the communication terminal;
  • a related entity in the network sends a message requesting the user's permanent identity to the communication terminal to identify the communication terminal user;
  • the communication terminal In response to receiving the message, instead of transmitting the permanent identity, the communication terminal transmits a response message including an inactive pseudonym assigned to the user to a related entity in the network.
  • the network entity that manages the user identifier allocates a new pseudo-name to the communication terminal according to the pseudo-name usage of the communication terminal or according to a request of a related entity in the network.
  • the network entity managing the user identity When assigning a new pseudo-name to the communication terminal, the network entity managing the user identity sends a new pseudo-name to the communication terminal, or sends the new pseudo-name via a related entity in the network To the communication terminal.
  • integrity protection or cryptographic protection is provided for the transmission of the pseudonym.
  • the related entity in the network has the right to extract the new pseudo-name, or the network entity that manages the user identifier sends the new pseudo-name to the related entity in the network in an encrypted manner, so that When the communication terminal is still in the network where the related entity in the network is located, the related entity in the network does not send the identity request message to the mobile terminal when needed, but directly uses the New pseudonym.
  • the present invention also provides an apparatus for providing identity confidentiality protection to a user of a communication terminal, comprising:
  • a pseudo-name distribution device configured to allocate a pseudo-name to the communication terminal user
  • Network interface used to interact with other network devices; Wherein, when the communication terminal is requested to send the identity of the user, instead of transmitting the identity, the communication terminal sends a pseudo name assigned thereto.
  • the present invention also provides an apparatus for providing identity confidentiality protection for a user of a communication terminal, the apparatus being configured to assign a pseudonym to the communication terminal user, and to transmit the assigned pseudonym To the required network entity, so that when the communication terminal is requested to transmit the identity of the user, instead of transmitting the identity, the communication terminal sends a pseudo name assigned thereto.
  • the present invention also provides an apparatus for providing identity confidentiality protection for a communication terminal user, comprising:
  • a pseudo-name maintenance device configured to manage a user pseudo-name received by the communication terminal
  • the identity management device when receiving the message requesting the user to send the permanent identity of the user, instead of sending the permanent identity, sending a response message including the inactive pseudo name in the user pseudo name;
  • the network interface is used to interact with other network devices.
  • the present invention also provides an apparatus for providing identity confidentiality protection for a user of a communication terminal, the apparatus being configured to manage a user pseudo name received by the communication terminal for receiving a request to send the user When the message of the permanent identity is sent, instead of sending the permanent identity, a response message including the inactive pseudo-name in the user pseudo-name is sent.
  • the present invention also provides an apparatus for providing identity confidentiality protection to a user of a communication terminal, comprising:
  • a GUTI management device when receiving a message containing a user pseudo name from the communication terminal, assigning a GUTI to the communication terminal user;
  • the network interface is used to interact with other network devices.
  • the present invention also provides an apparatus for providing identity confidentiality protection for a user of a communication terminal, the apparatus being configured to send a message requesting a permanent identity to the communication terminal for receiving from the When the communication terminal contains a message of a user pseudo name, the communication terminal user is assigned a GUTI.
  • the network entity Providing the device for providing identity confidentiality protection to the user of the communication terminal to identify the management user
  • the network entity sends a message requesting the assignment of a pseudonym for the communication terminal user for future use by the communication terminal user.
  • the present invention also provides a computer program comprising instruction code for performing any of the above methods, or instruction code for executing any of the above means.
  • the present invention also provides a computer system comprising a processor configured to perform the above-described computational ordering.
  • the present invention also provides a computer readable storage medium having the above computer program stored thereon.
  • User identity is an important and sensitive message that should be kept confidential in communications.
  • the invention allocates a pseudo-name to the UE user, so that when the UE receives the permanent identity message requesting the user to send the user, the pseudo-name assigned to the UE is carried in the response message instead of the permanent identity of the sending user. Therefore, the invention eliminates the security risk caused by the UE transmitting the permanent identity of the user, provides the UE user with better identity confidentiality, thereby better protecting the privacy of the user and avoiding leakage of the user identity information.
  • Figure 1 schematically shows an example of a SAE/LTE architecture conforming to the 3GPP TS 23.401 standard
  • Figure 2 is a schematic diagram showing a flow chart of requesting ME/USIM to send IMSI in a 3GPP TS33.401 standard;
  • Figure 3 is a schematic diagram showing a flow chart of a method according to the invention in a SAE/LTE architecture
  • Figure 4 is a schematic diagram showing the flow of a method according to the invention in another SAE/LTE architecture
  • Figure 5 is a schematic diagram showing the flow of a method in accordance with the present invention in a UMTS network environment
  • Figure 6 is a block diagram schematically showing an example of the structure of a device included in an HE according to the present invention.
  • Figure 7 is a diagrammatic view showing an example of a device structure included in a UE according to the present invention.
  • Fig. 8 diagrammatically shows a block diagram of an example of a device structure included in an MME according to the present invention.
  • the basic idea of the present invention is that a network entity that is managed by a user, such as an HE, assigns a pseudo-name to a UE user having an identity such as an IMSI.
  • the service network cannot identify the user by using the temporary identifier GUTI, the related entity such as the MME sends the UE to the UE.
  • the message when requesting to send the permanent identity of the UE user, the UE no longer responds to the MME with a message containing its IMSI, but instead sends the pseudo-name assigned to it to the MME in the response message.
  • the present invention eliminates the risk of user identity leakage when IMSI is sent in clear text.
  • Figure 3 shows an example of assigning two pseudo names to a user.
  • the vertical line below the box indicating UE, MME, and HE represents time, and as the time continues, the above vertical line extends downward.
  • the HE allocates two pseudo-names TIMSU and T MSI 2 to the UE user to represent the IMSI of the UE user.
  • a pseudo-name TIM SI ⁇ is used for the current wireless connection, and its status is "active" (active), and another pseudo-name T IMSI _ 2 will be used when the MME requests the UE to send a permanent identity, the status of which is "Use in the future”.
  • the UE maintains two pseudo names assigned to it.
  • the correspondence between the UE user and the two pseudo names assigned thereto is maintained in the UE and the HE, respectively.
  • the MME When the service network cannot identify the user, that is, the MME cannot obtain the IMSI of the user according to the current GUTI, the MME sends a message requesting the permanent identity to the UE. In response to the received identity request, the UE sends a response message containing the second pseudo-name T msi 2 with the "future use" status to the MME. Preferably, the UE stops using the current "active" pseudo-name T IMSI 1 and sets its status to "expired” and sets the two pseudo-names TWsi-2 to "active".
  • the MME After receiving the response message, the MME allocates a new GUTI to the user, maintains the association between the GUTI and the 11 ⁇ 2 81 _ 2 , and informs the UE that the GUTI has been assigned to it. Subsequently, preferably, since the user's first pseudo-name Tsi1 is no longer available, the MME creates a message to request a new pseudo-name for the user for future use and sends the message to the HE. Roger that After the request from the MME, the HE assigns the user a new pseudo-name TIM SI _ 3 whose status is for future use. Preferably, in order to save resources, the HE releases the T!MSU for use by other users, and sets ⁇ 8 ⁇ _ 2 as active.
  • the HE can safely transmit a new pseudo-name TIM SI _ 3 in the usual AKA step and improved.
  • the HE sends a message containing the AUTN_T IMSI 3 (containing the third pseudo-name T-slot SI 3 ) and other relevant AKA authentication vectors back to the MME.
  • the AKA other related authentication vector is not different from the vector generated by the original AKA, so that when the new pseudo-name T msi _ 3 is sent, the AKA process is reused, and the only changed field is the authentication token AUTN.
  • SQN (Sequence Number) factor because the SQN factor in the original AUTN is replaced by T si 3 , the purpose is to transmit the new pseudo-name T MSI 3 .
  • the MME After receiving the message from the HE, the MME forwards the message to the UE.
  • the UE using the same method as the original AKA, to generate the same authentication vector and the authenticity of the authentication HE network, after successful authentication, the UE in the same method to extract the AKA SQN to extract the new pseudo name TIM SI _ 3.
  • the UE then replaces Tsu with the third pseudo-name ⁇ 8 ⁇ _ 3 and sets it for future use.
  • the HE may also directly transmit the newly assigned pseudonym to the MME.
  • the HE transmits a message containing a new pseudo-name assigned to the UE to the MME
  • it is not limited to use the AKA method described above to protect the new pseudo-name.
  • the original root key between the HE and the UE may also be used to directly encrypt the message to be transmitted, or to use any method known to those skilled in the art to encrypt the data content, such as HE and UE pre-negotiating.
  • the key is encrypted.
  • the UE may overwrite/replace the old invalid pseudonym with a new pseudonym when a new pseudonym is assigned, instead of stopping the use of the current state as "active" when sending a response message to the MME to the MME.
  • the HE may also actively allocate a new pseudo according to the usage of the pseudo-name of the UE end. Name.
  • the MME sends the message to the HE for the UE that satisfies a certain condition, for example, a certain i-person authentication mechanism or a UE with certain authority.
  • a certain condition for example, a certain i-person authentication mechanism or a UE with certain authority.
  • a message requesting a pseudonym for the user is requested, or the HE spontaneously assigns a new pseudonym to the user.
  • the user is assigned a plurality of pseudo-names, that is, at least three pseudo-names, so that the MME can select an appropriate timing for the user to request the user to use the pseudo for future use according to various factors such as the busyness of the user, the network load, and the like. name.
  • the MME may choose to send a message requesting a pseudonym to the HE upon receiving a message from the UE containing TIMSI_3 instead of T msi 2 .
  • the HE may alternatively not maintain the pseudo-name assigned to the UE user.
  • pseudo-names assigned to UE users such as a dedicated database, etc., may also be maintained by dedicated devices in the network.
  • the MME may also not send a message requesting a pseudo-name to the HE, that is, when a pseudo-name is assigned to the user for the first time, a certain number of pseudo-names are allocated, which may further improve security.
  • the user's pseudo-name is exhausted, the user can be set to pass a certain authentication mechanism, or set to be a user with certain authority, to further assign more pseudo-names, and a pseudo-name is required.
  • it needs to carry out further identity verification for example, when the UE is a mobile phone, the mobile phone user can obtain more pseudo-names by calling the customer service or going to the business hall.
  • the MME when the HE sends a message including the third pseudo name and the generated vector to the MME, the MME has the right to extract ⁇ 8 ⁇ _ 3 in the message.
  • does not have the right to extract TIMSI_3, so the message containing T IMSI _ 3 is encrypted and transmitted by the HE to the MME.
  • MME maintains the association between the user and both the UE 3 TIM SI _.
  • the MME does not have to send an identity request to the UE, and can directly use the T maintained by the MME.
  • UE using a pseudo-name for the new GUTIc UE partitioned between three symmetrical HE information, after the allocation of new GUTI MME may notify the UE of the event, it is preferable to use the TIM SI _ 3 Love The information related to the pseudonym, the status information, and the like, and the allocation of the new GUTI notify the UE once in one message. After receiving the message, the UE maintains the pseudo-name information it holds and performs corresponding status update. Similarly, the MME also notifies the HE of the event, and the HE maintains its stored pseudonym information for the user accordingly. Preferably, the MME using TIM SI _ 3 hour / after sending a request message to the new pseudo name to UE user HE.
  • the pseudonym for the user can be implemented by HLR/AuC (Home Location/Authentication Center) or HSS (Home Subscriber Server) of the HE.
  • HLR/AuC Home Location/Authentication Center
  • HSS Home Subscriber Server
  • it may be implemented by other network entities in the network as long as it can obtain user-related information required to assign a pseudonym to the user, such as the user's IMSI, the IMSI-related root key, and the like.
  • the solution provided by the present invention can reuse the messages defined in the existing network protocols to implement the solution of the present invention with minimal modifications to minimize the cost of implementing the present invention.
  • an existing identity request, identity response, etc. message may continue to be used, and a message for assigning a third pseudo name to the user is required.
  • the foregoing added message may also be an improvement to an existing message, for example, an authentication data request/response between the MME and the HE, a user authentication request from the MME to the ME USIM of the UE, and the like. Improve.
  • Figure 4 shows a flow chart for providing integrity protection in the embodiment shown in Figure 3.
  • most of the interaction process between the MME, the HE, and the UE in the figure is the same as that shown in FIG. 3.
  • the difference is that, in response to the identity request sent by the MME, when the UE sends the TIM SI _ 2 to the MME, it provides integrity protection, that is, in the response message including the T si 2 sent by the UE to the MME, and
  • the MME sends a specific verification vector to the message sent by the HE for the user request pseudo-name, and performs verification at the HE.
  • the UE sends a response message identity request (T!M SI 2 , RAND M E
  • the message sent by the MME to the HE is an identity request for future use (T IMSI 2 , SNID, network type, RAND ME
  • security policies such as encryption may also be provided in this embodiment to further improve security.
  • the process of providing protection for the pseudo name of the UE user is for example only, and those skilled in the art should understand that other various feasible ways may be used to provide integrity. protection.
  • other check vectors are added to the message, or are verified by the MME when receiving a message from the UE, rather than having to be implemented by the HE.
  • Figure 5 shows a flow diagram of a solution for implementing the present invention in a UMTS network environment.
  • the vertical line below the box representing the UE, VLR/SGSN. HSS indicates the time, and as the time continues, the above vertical line extends downward.
  • the communication flow of the UE, the VLR/SGSN HSS is similar to that of FIG. 4, except that the entity communicating with the UE is a VLR/SGSN instead of an MME due to different network architectures.
  • a vulnerability that may leak user privacy due to the UE transmitting IMSI to an entity in the network when the network cannot identify the user is eliminated.
  • the present invention can be used with any type of network architecture, and is not limited to mobile networks or mobile devices.
  • the solution provided by the present invention may be used, that is, the user is allocated.
  • a pseudonym, and the user's private information is replaced with the assigned pseudonym in the message sent to other network entities.
  • FIG. 6 shows an example of a device that can be included in an HE device to assign a pseudo name to a UE user.
  • the apparatus includes: a pseudo-name assignment means for having an IMSI such as The identity of the UE user is assigned a pseudo-name.
  • the network interface is configured to interact with other network devices to send the assigned pseudonym to a network entity that requires the pseudo name, such as an HE, a UE, or an MME.
  • a storage device such as a database, is used to maintain information such as a correspondence between the UE user and the pseudo name assigned thereto, a pseudo-name status, and the like.
  • the pseudo-name maintenance device may be further included for updating the state of the user pseudo-name (ie, active or future use), preferably, for saving resources, for releasing the pseudo-name that is no longer used.
  • the operations performed by the storage device and the pseudo-name maintenance device may be implemented by an HE in the network, or other devices such as a dedicated pseudo-name database, a pseudo-name server, or the like.
  • Fig. 7 shows an example of a device that can be included in a UE using a pseudonym.
  • the apparatus includes: a pseudo-name maintenance device, configured to maintain a pseudo-name received by the UE and allocated to the user, and preferably, is responsible for updating the status of the pseudo-name.
  • the pseudo-name maintenance device sets the state of the received pseudo-name to be used in the future, and overwrites/replaces the invalid pseudo-name with it.
  • the identity management device when receiving the identity request from the MME, sends a response message containing the pseudonym to the MME instead of transmitting the IMSI of the user, preferably stopping using the current "active" pseudonym.
  • the network ⁇ port is used to interact with other network devices to obtain pseudo-names assigned to them, or to send their pseudo-names to the required devices.
  • a storage device is further included for storing the pseudo name of the received user.
  • Fig. 8 shows an example of a device included in the MME according to the present invention.
  • the apparatus includes: a GUTI management apparatus, when receiving a message including a user pseudo name from a UE, assigning a GUTI to the UE user.
  • the network interface is used to interact with other network devices.
  • the method further includes user management means for transmitting an identity request message to the UE when the user cannot be identified, preferably sending a message to the HE when needed, in order to request the HE to allocate a new pseudo for the future use of the user. name.
  • the storage device is further configured to store the related information of the GTUI, the user's IMSI, and the like.
  • the MME has the pseudo name assigned to the user by the HE, the obtained pseudo name is stored.
  • the present invention also provides a method and apparatus for implementing the above methods.
  • a computer program, and a computer system, including a processor, is configured to execute a computer program for implementing the method or apparatus of the present invention.
  • the present invention takes MME, VLR/SGSN as an example, those skilled in the art should understand that the MME or VLR/SGSN can be replaced with any identifier in the network responsible for maintaining the UE user, or requesting identity when the UE user cannot be identified.
  • the present invention assigns pseudo-names to users by HE, those skilled in the art should understand that, as the network environment is different, the allocation pseudo-name is not limited to be implemented by the HE, which may be obtained by any relevant information of the user and has This is implemented by a network entity that assigns a pseudo-name authority to the user. To this end, the present invention collectively refers to the network entity that manages the user identity.
  • the network entity of the present invention may be any type of network element, either alone or in combination, such as a server or a router.
  • the present invention is exemplified by IMSI, those skilled in the art will appreciate that any other information including user privacy content may be protected by the solution provided by the present invention.
  • the present invention collectively refers to the permanent identity of the communication terminal user. It should be noted that the term "permanent" as used herein is relative, not absolute.
  • the user equipment UE refers to any communication terminal that can access a service provided by a network access operator, such as a mobile phone, a PDA, a desktop computer, a portable computer or the like.
  • the network interface of the present invention refers to any software, hardware or combination thereof that can be used to communicate with other network entities, devices, and the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L’invention concerne un procédé, un équipement et un programme informatique de protection de la confidentialité de l’identité de l’utilisateur d’un terminal de transmission. Au moins deux alias sont alloués pour ledit l’utilisateur d’un terminal de transmission, via l’entité réseau gérant l’identifiant de l’utilisateur. Quand, dans le réseau, l’entité correspondante envoie un message de demande de l’identité permanente de l’utilisateur au terminal de transmission pour identifier ledit l’utilisateur du terminal de transmission, ledit terminal de transmission répond au message reçu en remplaçant l’identifiant de l’identité permanente de l’utilisateur par un alias, alloué audit utilisateur, non utilisé à cet instant. Ledit terminal de transmission envoie le message de réponse à ladite entité correspondante dans le réseau et ainsi élimine les dangers de sécurité cachés, liés à l’envoi de l’identifiant de l’identité permanente du terminal de transmission à l’entité correspondante dans un réseau.
PCT/CN2008/072641 2008-10-10 2008-10-10 Procédé et dispositif de protection de la confidentialité de l’identité de l’utilisateur d’un terminal de transmission Ceased WO2010040259A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2008/072641 WO2010040259A1 (fr) 2008-10-10 2008-10-10 Procédé et dispositif de protection de la confidentialité de l’identité de l’utilisateur d’un terminal de transmission
CN200880130771.5A CN102124767B (zh) 2008-10-10 2008-10-10 一种为通信终端用户提供身份机密性保护的方法和装置

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2008/072641 WO2010040259A1 (fr) 2008-10-10 2008-10-10 Procédé et dispositif de protection de la confidentialité de l’identité de l’utilisateur d’un terminal de transmission

Publications (2)

Publication Number Publication Date
WO2010040259A1 true WO2010040259A1 (fr) 2010-04-15
WO2010040259A8 WO2010040259A8 (fr) 2010-12-29

Family

ID=42100188

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/072641 Ceased WO2010040259A1 (fr) 2008-10-10 2008-10-10 Procédé et dispositif de protection de la confidentialité de l’identité de l’utilisateur d’un terminal de transmission

Country Status (2)

Country Link
CN (1) CN102124767B (fr)
WO (1) WO2010040259A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107205173B (zh) * 2017-06-26 2020-07-31 武汉斗鱼网络科技有限公司 一种网络直播中的弹幕互动的方法和装置
CN107911813B (zh) * 2017-11-24 2020-07-07 中国科学院信息工程研究所 透明模式的移动用户身份管理方法及系统
CN111612467A (zh) * 2019-02-26 2020-09-01 陈善席 一种数据管理方法及装置

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1571529A (zh) * 2003-07-15 2005-01-26 华为技术有限公司 一种业务服务器识别用户终端的方法
US20080188200A1 (en) * 2007-02-02 2008-08-07 Nokia Corporation Security key generation for wireless communications

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1571529A (zh) * 2003-07-15 2005-01-26 华为技术有限公司 一种业务服务器识别用户终端的方法
US20080188200A1 (en) * 2007-02-02 2008-08-07 Nokia Corporation Security key generation for wireless communications

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project, Technical Specification Group Services and System Aspects, General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access, Release 8", 3GPPTS 23.401 V8.3.0, 30 September 2008 (2008-09-30), pages 51 - 56 *
"3rd Generation Partnership Project, Technical Specification Group Services and System Aspects, Rationale and track of security decisions in Long Term Evolved (LTE) RAN /3GPP System Architecture Evolution (SAE), Release 8", 3GPP TR 33.821 V1.0.0, 31 December 2007 (2007-12-31), pages 11 - 13 *
ATENIESE G ET AL.: "Untraceable mobility or how to travel incognito", COMPUTER NETWORKS, vol. 31, no. 8, 23 April 1999 (1999-04-23), pages 871 - 884 *

Also Published As

Publication number Publication date
CN102124767A (zh) 2011-07-13
CN102124767B (zh) 2017-03-15
WO2010040259A8 (fr) 2010-12-29

Similar Documents

Publication Publication Date Title
CN109511115B (zh) 一种授权方法和网元
CN109842880B (zh) 路由方法、装置及系统
US11974132B2 (en) Routing method, apparatus, and system
KR102769532B1 (ko) 서비스 애플리케이션과의 암호화된 통신을 위해 통신 네트워크에서의 애플리케이션 키 생성 및 관리를 위한 방법, 디바이스 및 시스템
US9768961B2 (en) Encrypted indentifiers in a wireless communication system
US9344881B2 (en) Identifiers in a communication system
KR102860267B1 (ko) 서비스 애플리케이션과의 암호화된 통신을 위한 통신 네트워크에서 앵커 키를 업데이트하기 위한 방법, 디바이스, 및 시스템
CN103597799B (zh) 服务访问认证方法和系统
CN103339911B (zh) 允许被授权方访问从移动设备发送的被加密的消息
US20230269690A1 (en) Registration methods using one-time identifiers for user equipments and nodes implementing the registration methods
CN115004742A (zh) 在通信网络中用于与服务应用的加密通信的锚密钥生成和管理的方法、设备和系统
CN101969638A (zh) 一种移动通信中对imsi进行保护的方法
CN101237444A (zh) 密钥处理方法、系统和设备
CN116569516B (zh) 用于认证网元以接入通信网络的方法、网元及介质
CN115699672B (zh) 防止加密用户身份受到重放攻击的方法
JP6892846B2 (ja) 認証用装置とサービス用装置とを含むコアネットワークシステムのユーザ認証方法
CN102124767B (zh) 一种为通信终端用户提供身份机密性保护的方法和装置
CN116711387B (zh) 利用边缘数据网络进行认证和授权的方法、设备和系统
CN105392112B (zh) Mtc设备信息的保护方法、设备及系统
TW202142011A (zh) 一種防止加密用戶識別符被重播攻擊的方法
CN101909052A (zh) 一种家庭网关认证方法和系统
JP2012060357A (ja) 移動体システムのリモートアクセス制御方法
CN107911814A (zh) 一种基于hss增强的用户身份信息保护方法及系统
CN116530119A (zh) 保护无线网络中序列号的方法、设备和系统
KR100968522B1 (ko) 상호 인증 및 핸드오버 보안을 강화한 모바일 인증 방법

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200880130771.5

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08877228

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08877228

Country of ref document: EP

Kind code of ref document: A1