[go: up one dir, main page]

WO2018171486A1 - Method and device for updating position of mobile terminal - Google Patents

Method and device for updating position of mobile terminal Download PDF

Info

Publication number
WO2018171486A1
WO2018171486A1 PCT/CN2018/079032 CN2018079032W WO2018171486A1 WO 2018171486 A1 WO2018171486 A1 WO 2018171486A1 CN 2018079032 W CN2018079032 W CN 2018079032W WO 2018171486 A1 WO2018171486 A1 WO 2018171486A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
ccf
information
information content
generated based
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2018/079032
Other languages
French (fr)
Chinese (zh)
Inventor
谢振华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2018171486A1 publication Critical patent/WO2018171486A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud

Definitions

  • the present disclosure relates to the field of communications technologies, and, for example, to a method and apparatus for location update of a mobile terminal.
  • FIG. 1 is a schematic diagram of a process for updating a location of a mobile terminal according to the related art, as shown in FIG.
  • the terminal UE sends an attach request to a core network Call Control Function (CCF) (such as a Mobility Management Entity (MME), or an Access Management Function (AMF)).
  • CCF Core Network Call Control Function
  • MME Mobility Management Entity
  • AMF Access Management Function
  • an Attach Request message is sent, and the message carries the identifier 1 of the UE.
  • the identifier 1 may be a Temporary Mobile Subscriber Identity (TMSI) or an International Mobile Subscriber Identity (IMSI).
  • the CCF sends an authentication data request to a Home Network Function (HF), such as a Unified Data Manager (UDM) or a Home Subscriber Server (HSS), such as sending an Authentication.
  • HF Home Network Function
  • UDM Unified Data Manager
  • HSS Home Subscriber Server
  • the data request message carries the identifier 2, for example, the identifier 2 is the IMSI.
  • the identifier 1 is the TMSI
  • the identifier 1 can be converted into the identifier 2 by the CCF.
  • the HF sends an authentication data response to the CCF, such as sending an Authentication Data Response message carrying Auth, Xres, and Key, where Auth is authentication information, such as AUTN for the UE authentication network and RAND for the UE to generate Res.
  • Xres is an expected response, such as for the CCF to determine whether the Res sent by the UE is equal to Xres to authenticate the UE, and the Key is used by the CCF for secure communication between the UE and the CCF.
  • step 104 the CCF sends a user authentication request to the UE, for example, sending a User Authentication Request message carrying the AUTN and the RAND.
  • step 105 the UE checks the AUTN to authenticate the network. If the authentication is successful, the Res is generated based on the RAND, and a user authentication response is sent to the CCF, such as sending a User Authentication Response message carrying the Res.
  • step 106 the CCF checks the Res using Xres, and if the two are the same, sends a location update to the HF, such as sending an Update Location message.
  • the HF receiving the message can know the current location information of the UE and consider that the UE has access to the mobile network using the service.
  • step 106 If the CCF does not perform steps 104 and 105, but directly performs step 106, that is, the CCF uses Xres as the Res to notify the HF that the UE has been authenticated, the HF can be spoofed to let the HF assume that the UE has accessed the network, which may cause the home network to occur as a UE. The risk of incorrect billing.
  • the present disclosure provides a method and apparatus for updating a location of a mobile terminal, so as to at least solve the problem that the CCF can initiate a legal location update without authenticating the UE in the related art.
  • the present disclosure provides a method for updating a location of a mobile terminal, which is applied to a core network control function CCF, including: after receiving an attach request message from a user terminal UE, the CCF sends a request message to the home network function HF, where the The request message is used to request to acquire the first information content IE1 and the second information content IE2, where the IE1 includes an encryption key Key, and the IE2 includes at least one of the following: challenge information and key generation information; the CCF is at the receiving station.
  • the CCF After the IE1 and the IE2 sent by the HF, send the IE2 to the UE, and receive a fourth information content IE4 from the UE, where the IE4 is generated based on the IE2, where the IE4 is at least Include one of: an actual key and an actual response; the CCF verifies the Key based on the IE1 and the IE4; based on the result of the verification, the CCF sends a location update message to the HF, wherein the location The update message carries a fifth information content IE5 generated based on the Key.
  • the IE1 is generated based on a third information content IE3 and a key Key, the IE3 being generated based on the IE2, the IE3 comprising at least one of: a desired key and a desired response.
  • the method further includes: the CCF verifying the Key based on the IE1 and the IE4, the CCF receiving the IE3 from the HF; and the CCF verifying the IE4 After the IE3 is successfully matched, the Key is verified based on the IE1 and the IE4.
  • the method before the CCF initiates a location update message to the HF, the method further comprises: the CCF receiving a sixth information content IE6 from the HF, wherein the IE6 includes verification information The check information is used to check the IE4; after the CCF determines the Key, the IE6 is verified based on the Key and the IE4.
  • the present disclosure also provides another method for updating a location of a mobile terminal, which is applied to a home network function HF.
  • the method includes: receiving, by the HF, a request message sent by the core network control function CCF for the user terminal UE, where the request message is used by the HF.
  • the HF Requesting to acquire the first information content IE1 and the second information content IE2; the HF transmitting the first information content IE1 and the second information content IE2 to the CCF, wherein the IE1 includes an encryption key Key,
  • the IE2 includes at least one of: challenge information and key generation information; the challenge information includes a random number challenge RAND; the HF receives a location update message sent by the CCF, where the location update message is carried There is a fifth information content IE5 generated based on the Key; the HF verifies the IE5 based on the Key.
  • the IE1 is generated based on a third information content IE3 and a key Key, the IE3 being generated based on the IE2, the IE3 comprising at least one of: a desired key and a desired response.
  • the HF before the HF receives the location update message sent by the CCF, the HF further includes: sending, by the HF, the IE3 to the CCF.
  • the HF before the HF receives the location update message sent by the CCF, the HF further includes: the HF sending a sixth content information IE6 to the CCF, where the IE6 includes verification information, the school The verification information is used to check IE4, and the IE4 is generated based on the IE2, wherein the IE4 includes at least one of the following: an actual key and an actual response.
  • the present disclosure further provides an apparatus for updating a location of a mobile terminal, which is applied to a core network control function CCF, and the apparatus includes: a requesting module, configured to: after receiving an attach request message from the user terminal UE, to the home network function HF Sending a request message, wherein the request message is used to request to acquire the first information content IE1 and the second information content IE2, where the IE1 includes an encryption key Key, and the IE2 includes at least one of the following: challenge information and key generation And a transmission module, configured to: after receiving the IE1 and the IE2 sent by the HF, send the IE2 to the UE, and receive a fourth information content IE4 from the UE, where the IE4 is The UE is generated based on the IE2, where the IE4 includes at least one of the following: an actual key and an actual response; a first verification module, configured to verify the Key based on the IE1 and the IE4; and an update module, Set to be based on the result
  • the IE1 is generated based on a third information content IE3 and a key Key, the IE3 being generated based on the IE2, the IE3 comprising at least one of: a desired key and a desired response.
  • the first receiving module is configured to receive the IE3 from the HF; the first verification module is configured to, after verifying that the IE4 and the IE3 are successfully matched, based on the IE1 And verifying the Key with the IE4.
  • the apparatus further comprises: a second receiving module, configured to receive a sixth information content IE6 from the HF before the update module initiates a location update message to the HF, wherein the The IE6 includes verification information, and the verification information is used to verify the IE4.
  • the second verification module is configured to verify the IE6 based on the Key and the IE4 after determining the Key.
  • the present disclosure further provides another apparatus for updating a location of a mobile terminal, which is applied to a home network function HF, the apparatus comprising: a first receiving module, configured to receive a request message sent by a core network control function CCF for a user terminal UE, The request message is used to request to acquire the first information content IE1 and the second information content IE2, and send the first information content IE1 and the second information content IE2 to the CCF, where the IE1 includes an encryption key.
  • a first receiving module configured to receive a request message sent by a core network control function CCF for a user terminal UE, The request message is used to request to acquire the first information content IE1 and the second information content IE2, and send the first information content IE1 and the second information content IE2 to the CCF, where the IE1 includes an encryption key.
  • the IE2 includes at least one of the following: challenge information and key generation information; and a second receiving module, configured to receive a location update message sent by the CCF, where the location update message is carried based on the The fifth information content IE5 generated by the Key; the verification module is configured to verify the IE5 based on the Key.
  • the IE1 is generated based on a third information content IE3 and a key Key, the IE3 being generated based on the IE2, the IE3 comprising at least one of: a desired key and a desired response.
  • the apparatus further includes: a first sending module, configured to send the IE3 to the CCF before receiving the location update message sent by the CCF.
  • the apparatus further includes: a second sending module, configured to send a sixth content information IE6 to the CCF before receiving the location update message sent by the CCF, where the IE6 includes a school
  • the verification information is used to check IE4, and the IE4 is generated based on the IE2, wherein the IE4 includes at least one of the following: an actual key and an actual response.
  • the present disclosure also provides a storage medium.
  • the storage medium is arranged to store program code for performing the following steps:
  • the request message After receiving the attach request message from the user terminal UE, the request message is sent to the home network function HF, where the request message is used to request to acquire the first information content IE1 and the second information content IE2, where the IE1 includes the encryption key.
  • the IE2 includes at least one of the following: challenge information and key generation information;
  • the IE4 includes at least one of the following: an actual key and an actual response;
  • the method and the device for updating the location of the mobile terminal provided by the present disclosure can solve the problem that the CCF can initiate a legal location update without the UE being authenticated in the related art, and prevent the CCF from spoofing the home network when the UE does not access the network. happening.
  • FIG. 1 is a schematic diagram of a mobile terminal location update process in the related art
  • FIG. 2 is a flowchart of a method for updating a location of a mobile terminal according to an embodiment
  • FIG. 3 is a flowchart of another method for updating a location of a mobile terminal according to an embodiment
  • FIG. 4 is a structural block diagram of an apparatus for updating a location of a mobile terminal according to an embodiment
  • FIG. 5 is a structural block diagram of another apparatus for updating a location of a mobile terminal according to an embodiment
  • FIG. 6 is a schematic diagram of a mobile terminal location update process according to an embodiment
  • FIG. 7 is a schematic diagram of another mobile terminal location update process according to an embodiment.
  • FIG. 2 is a flowchart of a method for updating a location of a mobile terminal according to the embodiment. As shown in FIG. The process includes the following steps:
  • step 202 after receiving the attach request message from the user terminal UE, the CCF sends a request message to the home network function HF, where the request message is used to request to acquire the first information content (IE) IE1 and The second information content IE2, wherein the IE1 includes an encryption key Key, and the IE2 includes at least one of the following: challenge information and key generation information.
  • IE information content
  • IE2 includes at least one of the following: challenge information and key generation information.
  • the CCF After receiving the IE1 and IE2 sent by the HF, the CCF sends the IE2 to the UE, and receives the fourth information content IE4 from the UE.
  • the IE4 is generated based on the IE2, where the IE4 includes at least one of the following: Key and actual response.
  • step 206 the CCF verifies the Key based on IE1 and IE4.
  • step 208 based on the result of the verification, the CCF sends a location update message to the HF, where the location update message carries the fifth information content IE5 generated based on the Key.
  • the CCF After receiving the message from the user terminal UE, the CCF requests the first information content IE1 and the second information content IE2 from the home network function HF, where the IE1 includes an encryption key, and the IE2 includes at least one of the following: The information and the key generation information; the CCF sends the IE2 to the UE, and receives the fourth information content IE4 from the UE, and the IE4 is generated based on the IE2, wherein the IE4 includes at least one of the following: the actual key and the actual response; the CCF is based on the IE1 and the IE4 Verifying the Key; when the verification is passed, the CCF sends a fifth information content IE5 generated based on the Key to the HF, and initiates a location update to the HF.
  • the IE1 includes an encryption key
  • the IE2 includes at least one of the following: The information and the key generation information
  • the CCF sends the IE2 to the UE, and receives the fourth information content
  • the CCF Since the CCF carries the authentication information generated based on the key in the location update, the key must be in the After the UE is authenticated, the CCF can not initiate a legal location update without authenticating the UE. This solves the problem that the CCF can initiate a legal location update without the UE being authenticated in the related art, and prevents the CCF from being in the UE. The case of spoofing the home network when accessing the network.
  • the execution body of the above steps may be an entity or software related to the CCF.
  • IE1 is generated based on the third information content IE3 and the key Key
  • IE3 is generated based on IE2
  • IE3 includes at least one of the following: a desired key and a desired response.
  • the CCF verifies the Key based on the IE1 and the IE4, including:
  • the CCF receives the IE3 from the HF.
  • the CCF After the CCF verifies that the IE4 matches the IE3, the Key is verified based on the IE1 and the IE4.
  • the method further includes:
  • the CCF receives IE3 from HF.
  • the method before the CCF initiates the location update message to the HF, the method further includes:
  • the CCF receives the sixth information content IE6 from the HF, wherein the IE6 includes verification information, wherein the verification information is used to verify the IE4 in this embodiment.
  • the CCF After the CCF determines the Key, it verifies IE6 based on Key and IE4.
  • FIG. 3 is a flowchart of another method for updating a location of a mobile terminal according to the embodiment. As shown in FIG. The process includes the following steps:
  • the HF receives a request message sent by the core network control function CCF for the user terminal UE, the request message is used to request to acquire the first information content IE1 and the second information content IE2; the HF sends the IE1 and the IE2 to the CCF, where IE1 includes an encryption key Key, and IE2 includes at least one of the following: challenge information and key generation information;
  • the HF receives a location update message carrying the fifth information content IE5 from the CCF for the UE, where the IE5 is generated based on the Key;
  • step 306 HF verifies IE5 based on Key.
  • IE1 is generated based on the third information content IE3 and the key Key
  • IE3 is generated based on IE2
  • IE3 includes at least one of the following: a desired key and a desired response.
  • the method further comprises: before the HF receives the location update message sent by the CCF, the HF sends the IE3 to the CCF.
  • the method further includes: before the HF receives the location update message sent by the CCF, the HF sends the sixth content information IE6 to the CCF, where the IE6 includes verification information, and the verification information is used to verify the IE4.
  • the method of the foregoing embodiment can be implemented by means of software plus a necessary general hardware platform, and can also be implemented by hardware, and can be embodied in the form of a software product, which can be stored in a storage medium (such as ROM/RAM, disk or optical disk, etc., includes a number of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method of the above embodiments.
  • a terminal device which may be a mobile phone, a computer, a server, or a network device, etc.
  • a device for updating a location of a mobile terminal is also provided, and the device may perform the method provided in the foregoing embodiment, and details are not described herein.
  • the term "module" can be a combination of at least one of software and hardware that implements a predetermined function.
  • the apparatus described in the following embodiments may be implemented in software, but hardware, or a combination of software and hardware, is also possible and conceivable.
  • FIG. 4 is a structural block diagram of an apparatus for updating a location of a mobile terminal according to the embodiment, which is applied to a CCF. As shown in FIG. 4, the apparatus includes:
  • the requesting module 40 is configured to, after receiving the attach request message from the user terminal UE, send a request message requesting the first information content IE1 and the second information content IE2 to the home network function HF, where the IE1 includes an encryption key Key, IE2 includes at least one of the following: challenge information and key generation information;
  • the transmission module 42 is configured to: after receiving the IE1 and the IE2 sent by the HF, send the IE2 to the UE, and receive the fourth information content IE4 from the UE, where the IE4 is generated based on the IE2, where the IE4 includes at least one of the following: an actual key and Actual response
  • the first verification module 44 is configured to verify the Key based on IE1 and IE4 by the CCF;
  • the update module 46 is configured to, when the verification passes, send a fifth information content IE5 carrying the Key-based generation to the HF, and initiate a location update message to the HF.
  • IE1 is generated based on the third information content IE3 and the key Key
  • IE3 is generated based on IE2
  • IE3 includes at least one of the following: a desired key and a desired response.
  • the apparatus further includes: a first receiving module configured to receive the IE3 from the HF; and a first verification module configured to verify that the IE4 and the IE3 match successfully, and verify the IE1 and the IE4 based on the IE1 and the IE4 Key.
  • the first update module is further configured to set a CCF to verify that the IE4 and the IE3 match successfully, and initiate a location update message to the HF.
  • the apparatus further comprises: a second receiving module, configured to receive the sixth information content IE6 from the HF before the update module initiates the location update to the HF, wherein the IE6 includes verification information, the verification information For verifying the IE4; the second verification module is configured to verify the IE6 based on the Key and IE4 after determining the Key.
  • a second receiving module configured to receive the sixth information content IE6 from the HF before the update module initiates the location update to the HF, wherein the IE6 includes verification information, the verification information For verifying the IE4; the second verification module is configured to verify the IE6 based on the Key and IE4 after determining the Key.
  • FIG. 5 is a structural block diagram of another apparatus for updating a location of a mobile terminal according to an embodiment of the present invention, which is applied to an HF. As shown in FIG. 5, the apparatus includes:
  • the first receiving module 50 is configured to receive a request message sent by the core network control function CCF for the user terminal UE, where the request message is used to request to acquire the first information content IE1 and the second information content IE2, and send the first message to the CCF.
  • the second receiving module 52 is configured to receive a location update message carrying the fifth information content IE5 from the CCF for the UE, where the IE5 is generated based on the Key;
  • the verification module 54 is set to verify the IE 13 based on the Key.
  • IE1 is generated based on the third information content IE3 and the key Key
  • IE3 is generated based on IE2
  • IE3 includes at least one of the following: a desired key and a desired response.
  • the apparatus further comprises: a first sending module, configured to send the IE3 to the CCF before receiving the location update message sent by the CCF.
  • the apparatus further includes: a second sending module, configured to send the sixth content information IE6 to the CCF before receiving the location update message sent by the CCF, where the IE6 includes the check information, the check information Used to verify IE4.
  • the IE4 is generated based on the IE2, wherein the IE4 includes at least one of the following: an actual key and an actual response.
  • modules may be implemented by software or hardware.
  • the modules may be implemented in the same manner: the modules are located in different processors in any combination. in.
  • FIG. 6 is a schematic diagram of a mobile terminal location update process according to the embodiment.
  • the process may include the following steps: Steps 601-602 are the same as steps 101-102 in FIG.
  • the HF sends an authentication data response to the CCF, such as sending an Authentication Data Response message carrying Auth, Seed, Xres, and Encl, where Auth is authentication information, such as AUTN for UE authentication network and Res for UE generation.
  • Auth is authentication information, such as AUTN for UE authentication network and Res for UE generation.
  • RAND Xres is the expected response, such as for CCF to determine whether the Res sent by the UE is equal to Xres to authenticate the UE
  • Seed for HF to generate Xkey2 and UE to generate key2 (if the UE is legal, Xkey2 will be equal to key2)
  • Encl is based on Xkey2 And Key1 is generated, and Key1 is used by the CCF for secure communication between the UE and the CCF.
  • step 604 the CCF sends a user authentication request to the UE, such as sending a User Authentication Request message carrying the AUTN, RAND, and Seed.
  • step 605 the UE checks the AUTN to authenticate the network. If the authentication succeeds, the Res is generated based on the RAND, the key2 is generated based on the Seed, and the user authentication response is sent to the CCF, for example, a User Authentication Response message is sent, carrying Res and key2.
  • HF generates Xverification based on Xkey2 and checks if Xverification is equal to Verification, or HF calculates Xkey3 based on Verification and checks if Xkey3 is equal to Xkey2.
  • FIG. 7 is a schematic diagram of another mobile terminal location update process provided by this embodiment.
  • the process includes the following steps: Steps 701-702 are the same as steps 101-102 in FIG.
  • the HF sends an authentication data response to the CCF, such as sending an Authentication Data Response message carrying Auth, Verification1, and Enc, where Auth is authentication information, such as AUTN for the UE authentication network and RAND for the UE to generate Res.
  • Verification1 is response verification information, based on expected response Xres generation, Xres is generated based on RAND, Enc is generated based on Xres and Key, and Key is used by CCF for secure communication between UE and CCF.
  • step 704 the CCF sends a user authentication request to the UE, such as sending a User Authentication Request message carrying the AUTN and the RAND.
  • step 705 the UE checks the AUTN to authenticate the network. If the authentication is successful, the Res is generated based on the RAND, and a user authentication response is sent to the CCF, such as sending a User Authentication Response message carrying the Res.
  • Verification1 such as calculating Xverification1 based on XKey and comparing it with Verification1, or calculating Xres based on Verification1 and comparing it with Res
  • the CCF sends a location update to the HF, such as sending an Update Location message, carrying the verification information Verification2 generated based on the Key.
  • the HF that receives the message is based on the Key Verification Verification 2. If the verification succeeds, it can be known that the current location information of the UE is legal, and that the UE has accessed the mobile network to use the service, and the verification operation can be performed as follows:
  • HF generates Xverification2 based on Key and checks if Xverification2 is equal to Verification2, or HF calculates XKey2 based on Verification2 and checks if XKey2 is equal to Key.
  • the CCF needs to carry the authentication information generated by the key in the location update, and the key must be obtained after the UE is authenticated, so that the CCF cannot be initiated without authenticating the UE.
  • a legitimate location update prevents the CCF from spoofing the home network without the UE accessing the network.
  • This embodiment provides a storage medium.
  • the above storage medium may be configured to store program code for performing the following steps:
  • the IE1 includes an encryption key
  • the IE2 is at least Includes one of the following: challenge information and key generation information
  • the IE4 includes at least one of the following: an actual key and an actual response;
  • the foregoing storage medium may include: a U disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a mobile hard disk, a magnetic disk, or an optical disk.
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • mobile hard disk a magnetic disk
  • magnetic disk a magnetic disk
  • optical disk a medium in which the program code is stored.
  • the processor may, after receiving the message from the user terminal UE, request the first information content IE1 and the second information content IE2 from the home network function HF according to the stored program code in the storage medium, where
  • the IE1 includes an encryption key
  • the IE2 includes at least one of the following: challenge information and key generation information;
  • the processor performs to send the IE2 to the UE according to the stored program code in the storage medium, and receives a fourth information content IE4 from the UE, where the IE4 is generated based on the IE2, where The IE4 includes at least one of the following: an actual key, an actual response;
  • the processor performs verification based on the IE1 and the IE4 to verify the Key according to the stored program code in the storage medium;
  • the processor performs, according to the stored program code in the storage medium, sending a fifth information content IE5 generated based on the Key to the HF to initiate a location update to the HF when the verification passes.
  • the modules or steps provided by the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices. In one embodiment, they may be calculated.
  • the program code executable by the apparatus is implemented such that they may be stored in a storage device by a computing device, and in some cases, the steps shown or described may be performed in an order different than that herein, or They are fabricated separately for each integrated circuit module, or a plurality of modules or steps thereof are fabricated into a single integrated circuit module.
  • the present disclosure provides a method and a device for updating a location of a mobile terminal, which can solve the problem that the CCF can initiate a legal location update without authenticating the UE, and reduce the risk that the home network is incorrectly charged by the UE.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method and a device for updating the position of a mobile terminal. The method is applicable to a core network control function (CCF), and comprises: upon reception of a message from user equipment (UE), a CCF sending a request message to a home network function (HF), the request message being used for requesting first information content (IE1) and second information content (IE2), upon reception of the IE1 and IE2 sent from the HF, sending the IE2 to the UE, and receiving fourth information content (IE4) from the UE, the IE4 being generated on the basis of the IE2; the CCF verifying a Key on the basis of the IE1 and the IE4; and on the basis of the result of the verification, the CCF sending a position update message to the HF, the position update message carrying fifth information content (IE5) generated on the basis of the Key.

Description

移动终端位置更新的方法及装置Method and device for updating mobile terminal location 技术领域Technical field

本公开涉及通信技术领域,例如涉及一种移动终端位置更新的方法及装置。The present disclosure relates to the field of communications technologies, and, for example, to a method and apparatus for location update of a mobile terminal.

背景技术Background technique

在相关技术中,第三代合作伙伴计划(3rd Generation Partnership Project,3GPP)提出了一种移动终端位置更新的方法,图1为相关技术的移动终端位置更新流程示意图,如图1所示:In the related art, the 3rd Generation Partnership Project (3GPP) proposes a method for updating a location of a mobile terminal, and FIG. 1 is a schematic diagram of a process for updating a location of a mobile terminal according to the related art, as shown in FIG.

在步骤101中,终端UE发送附着请求给核心网呼叫控制功能(Call Control Function,CCF)(比如移动管理实体(Mobility Management Entity,MME),或接入管理功能(Access Management Function,AMF)),比如发送Attach Request消息,消息携带UE的标识1,比如标识1可以是临时国际移动终端标识(Temporary Mobile Subscriber Identity,TMSI),或国际移动终端标识(International Mobile Subscriber Identity,IMSI)。In step 101, the terminal UE sends an attach request to a core network Call Control Function (CCF) (such as a Mobility Management Entity (MME), or an Access Management Function (AMF)). For example, an Attach Request message is sent, and the message carries the identifier 1 of the UE. For example, the identifier 1 may be a Temporary Mobile Subscriber Identity (TMSI) or an International Mobile Subscriber Identity (IMSI).

在步骤102中,CCF向归属网功能(Home network Function,HF)(比如统一数据管理(Unified Data Manager,UDM),或归属签约服务(Home Subscriber Server,HSS))发送认证数据请求,比如发送Authentication Data Request消息,消息携带标识2,比如标识2为IMSI,当标识1为TMSI时,可以由CCF将标识1转换为标识2。In step 102, the CCF sends an authentication data request to a Home Network Function (HF), such as a Unified Data Manager (UDM) or a Home Subscriber Server (HSS), such as sending an Authentication. The data request message carries the identifier 2, for example, the identifier 2 is the IMSI. When the identifier 1 is the TMSI, the identifier 1 can be converted into the identifier 2 by the CCF.

在步骤103中,HF向CCF发送认证数据响应,比如发送Authentication Data Response消息,携带Auth,Xres,和Key,其中Auth是认证信息,比如用于UE认证网络的AUTN和用于UE生成Res的RAND,Xres是期望响应,比如用 于CCF判断UE发送的Res是否等于Xres以认证UE,Key被CCF用于UE和CCF间的安全通信。In step 103, the HF sends an authentication data response to the CCF, such as sending an Authentication Data Response message carrying Auth, Xres, and Key, where Auth is authentication information, such as AUTN for the UE authentication network and RAND for the UE to generate Res. Xres is an expected response, such as for the CCF to determine whether the Res sent by the UE is equal to Xres to authenticate the UE, and the Key is used by the CCF for secure communication between the UE and the CCF.

在步骤104中,CCF向UE发送用户认证请求,比如发送User Authentication Request消息,携带AUTN和RAND。In step 104, the CCF sends a user authentication request to the UE, for example, sending a User Authentication Request message carrying the AUTN and the RAND.

在步骤105中,UE检查AUTN以认证网络,如果认证成功,则基于RAND生成Res,并向CCF发送用户认证响应,比如发送User Authentication Response消息,携带Res。In step 105, the UE checks the AUTN to authenticate the network. If the authentication is successful, the Res is generated based on the RAND, and a user authentication response is sent to the CCF, such as sending a User Authentication Response message carrying the Res.

在步骤106中,CCF使用Xres检查Res,如果两者相同,则向HF发送位置更新,比如发送Update Location消息。接收到该消息的HF可以知道UE的当前位置信息,并认为UE已经接入移动网络使用服务。In step 106, the CCF checks the Res using Xres, and if the two are the same, sends a location update to the HF, such as sending an Update Location message. The HF receiving the message can know the current location information of the UE and consider that the UE has access to the mobile network using the service.

如果CCF不执行步骤104和105,而是直接执行步骤106,即CCF使用Xres作为Res通知HF已经认证过UE,就可以欺骗HF让HF以为UE已经接入网络,这使得归属网可能发生为UE错误计费的风险。If the CCF does not perform steps 104 and 105, but directly performs step 106, that is, the CCF uses Xres as the Res to notify the HF that the UE has been authenticated, the HF can be spoofed to let the HF assume that the UE has accessed the network, which may cause the home network to occur as a UE. The risk of incorrect billing.

发明内容Summary of the invention

本公开提供了一种移动终端位置更新的方法及装置,以至少解决相关技术中CCF在不认证UE的情况下就能发起合法位置更新的问题。The present disclosure provides a method and apparatus for updating a location of a mobile terminal, so as to at least solve the problem that the CCF can initiate a legal location update without authenticating the UE in the related art.

本公开提供了一种移动终端位置更新的方法,应用于核心网控制功能CCF,包括:CCF在接收到来自用户终端UE的附着请求消息后,向归属网功能HF发送请求消息,其中,所述请求消息用于请求获取第一信息内容IE1和第二信息内容IE2,所述IE1包括加密密钥Key,所述IE2至少包括以下之一:挑战信息和密钥生成信息;所述CCF在接收所述HF发送的所述IE1和所述IE2后,向所述UE发送所述IE2,并接收来自所述UE的第四信息内容IE4,所述IE4基 于所述IE2生成,其中,所述IE4至少包括以下之一:实际密钥和实际响应;所述CCF基于所述IE1和所述IE4验证所述Key;基于验证的结果,所述CCF向所述HF发送位置更新消息,其中,所述位置更新消息中携带有基于所述Key生成的第五信息内容IE5。The present disclosure provides a method for updating a location of a mobile terminal, which is applied to a core network control function CCF, including: after receiving an attach request message from a user terminal UE, the CCF sends a request message to the home network function HF, where the The request message is used to request to acquire the first information content IE1 and the second information content IE2, where the IE1 includes an encryption key Key, and the IE2 includes at least one of the following: challenge information and key generation information; the CCF is at the receiving station. After the IE1 and the IE2 sent by the HF, send the IE2 to the UE, and receive a fourth information content IE4 from the UE, where the IE4 is generated based on the IE2, where the IE4 is at least Include one of: an actual key and an actual response; the CCF verifies the Key based on the IE1 and the IE4; based on the result of the verification, the CCF sends a location update message to the HF, wherein the location The update message carries a fifth information content IE5 generated based on the Key.

在一实施例中,所述IE1基于第三信息内容IE3和密钥Key生成,所述IE3基于所述IE2生成,所述IE3至少包括以下之一:期望密钥和期望响应。In an embodiment, the IE1 is generated based on a third information content IE3 and a key Key, the IE3 being generated based on the IE2, the IE3 comprising at least one of: a desired key and a desired response.

在一实施例中,所述方法还包括:所述CCF基于所述IE1和所述IE4验证所述Key包括:所述CCF接收来自所述HF的所述IE3;所述CCF验证所述IE4与所述IE3匹配成功后,基于所述IE1和所述IE4验证所述Key。In an embodiment, the method further includes: the CCF verifying the Key based on the IE1 and the IE4, the CCF receiving the IE3 from the HF; and the CCF verifying the IE4 After the IE3 is successfully matched, the Key is verified based on the IE1 and the IE4.

在一实施例中,在所述CCF向所述HF发起位置更新消息之前,所述方法还包括:所述CCF接收来自所述HF的第六信息内容IE6,其中,所述IE6包括校验信息,所述校验信息用于校验所述IE4;所述CCF确定所述Key后,基于所述Key和所述IE4验证所述IE6。In an embodiment, before the CCF initiates a location update message to the HF, the method further comprises: the CCF receiving a sixth information content IE6 from the HF, wherein the IE6 includes verification information The check information is used to check the IE4; after the CCF determines the Key, the IE6 is verified based on the Key and the IE4.

本公开还提供了另一种移动终端位置更新的方法,应用于归属网功能HF,所述方法包括:HF接收到来自核心网控制功能CCF针对用户终端UE发送的请求消息,所述请求消息用于请求获取第一信息内容IE1和第二信息内容IE2;所述HF向所述CCF发送所述第一信息内容IE1和所述第二信息内容IE2,其中,所述IE1包括加密密钥Key,所述IE2至少包括以下之一:挑战信息和密钥生成信息;所述挑战信息包括随机数挑战RAND;所述HF接收到所述CCF发送的位置更新消息,其中,所述位置更新消息中携带有基于所述Key生成的第五信息内容IE5;所述HF基于所述Key验证所述IE5。The present disclosure also provides another method for updating a location of a mobile terminal, which is applied to a home network function HF. The method includes: receiving, by the HF, a request message sent by the core network control function CCF for the user terminal UE, where the request message is used by the HF. Requesting to acquire the first information content IE1 and the second information content IE2; the HF transmitting the first information content IE1 and the second information content IE2 to the CCF, wherein the IE1 includes an encryption key Key, The IE2 includes at least one of: challenge information and key generation information; the challenge information includes a random number challenge RAND; the HF receives a location update message sent by the CCF, where the location update message is carried There is a fifth information content IE5 generated based on the Key; the HF verifies the IE5 based on the Key.

在一实施例中,所述IE1基于第三信息内容IE3和密钥Key生成,所述IE3基于所述IE2生成,所述IE3至少包括以下之一:期望密钥和期望响应。In an embodiment, the IE1 is generated based on a third information content IE3 and a key Key, the IE3 being generated based on the IE2, the IE3 comprising at least one of: a desired key and a desired response.

在一实施例中,所述HF接收到所述CCF发送的位置更新消息之前还包括:所述HF向所述CCF发送所述IE3。In an embodiment, before the HF receives the location update message sent by the CCF, the HF further includes: sending, by the HF, the IE3 to the CCF.

在一实施例中,所述HF接收到所述CCF发送的位置更新消息之前还包括:所述HF向所述CCF发送第六内容信息IE6,其中,所述IE6包括校验信息,所述校验信息用于校验IE4,所述IE4基于所述IE2生成,其中,所述IE4至少包括以下之一:实际密钥和实际响应。In an embodiment, before the HF receives the location update message sent by the CCF, the HF further includes: the HF sending a sixth content information IE6 to the CCF, where the IE6 includes verification information, the school The verification information is used to check IE4, and the IE4 is generated based on the IE2, wherein the IE4 includes at least one of the following: an actual key and an actual response.

本公开还提供了一种移动终端位置更新的装置,应用于核心网控制功能CCF,所述装置包括:请求模块,设置为在接收到来自用户终端UE的附着请求消息后,向归属网功能HF发送请求消息,其中,所述请求消息用于请求获取第一信息内容IE1和第二信息内容IE2,所述IE1包括加密密钥Key,所述IE2至少包括以下之一:挑战信息和密钥生成信息;传输模块,设置为在接收所述HF发送的所述IE1和所述IE2后,向所述UE发送所述IE2,并接收来自所述UE的第四信息内容IE4,所述IE4是所述UE基于所述IE2生成的,其中,所述IE4至少包括以下之一:实际密钥和实际响应;第一验证模块,设置为基于所述IE1和所述IE4验证所述Key;更新模块,设置为基于验证的结果,所述CCF向所述HF发送位置更新消息,其中,所述位置更新消息中携带有基于所述Key生成的第五信息内容IE5。The present disclosure further provides an apparatus for updating a location of a mobile terminal, which is applied to a core network control function CCF, and the apparatus includes: a requesting module, configured to: after receiving an attach request message from the user terminal UE, to the home network function HF Sending a request message, wherein the request message is used to request to acquire the first information content IE1 and the second information content IE2, where the IE1 includes an encryption key Key, and the IE2 includes at least one of the following: challenge information and key generation And a transmission module, configured to: after receiving the IE1 and the IE2 sent by the HF, send the IE2 to the UE, and receive a fourth information content IE4 from the UE, where the IE4 is The UE is generated based on the IE2, where the IE4 includes at least one of the following: an actual key and an actual response; a first verification module, configured to verify the Key based on the IE1 and the IE4; and an update module, Set to be based on the result of the verification, the CCF sends a location update message to the HF, wherein the location update message carries a fifth information content IE5 generated based on the Key.

在一实施例中,所述IE1基于第三信息内容IE3和密钥Key生成,所述IE3基于所述IE2生成,所述IE3至少包括以下之一:期望密钥和期望响应。In an embodiment, the IE1 is generated based on a third information content IE3 and a key Key, the IE3 being generated based on the IE2, the IE3 comprising at least one of: a desired key and a desired response.

在一实施例中,第一接收模块,设置为接收来自所述HF的所述IE3;所述第一验证模块,是设置为在验证所述IE4与所述IE3匹配成功后,基于所述IE1和所述IE4验证所述Key。In an embodiment, the first receiving module is configured to receive the IE3 from the HF; the first verification module is configured to, after verifying that the IE4 and the IE3 are successfully matched, based on the IE1 And verifying the Key with the IE4.

在一实施例中,所述装置还包括:第二接收模块,设置为在所述更新模块 向所述HF发起位置更新消息之前,接收来自所述HF的第六信息内容IE6,其中,所述IE6包括校验信息,所述校验信息用于校验所述IE4;第二验证模块,设置为确定所述Key后,基于所述Key和所述IE4验证所述IE6。In an embodiment, the apparatus further comprises: a second receiving module, configured to receive a sixth information content IE6 from the HF before the update module initiates a location update message to the HF, wherein the The IE6 includes verification information, and the verification information is used to verify the IE4. The second verification module is configured to verify the IE6 based on the Key and the IE4 after determining the Key.

本公开还提供了另一种移动终端位置更新的装置,应用于归属网功能HF,所述装置包括:第一接收模块,设置为接收来自核心网控制功能CCF针对用户终端UE发送的请求消息,所述请求消息用于请求获取第一信息内容IE1和第二信息内容IE2,向所述CCF发送所述第一信息内容IE1和所述第二信息内容IE2,其中,所述IE1包括加密密钥Key,所述IE2至少包括以下之一:挑战信息和密钥生成信息;第二接收模块,设置为接收到所述CCF发送的位置更新消息,其中,所述位置更新消息中携带有基于所述Key生成的第五信息内容IE5;验证模块,设置为所述HF基于所述Key验证所述IE5。The present disclosure further provides another apparatus for updating a location of a mobile terminal, which is applied to a home network function HF, the apparatus comprising: a first receiving module, configured to receive a request message sent by a core network control function CCF for a user terminal UE, The request message is used to request to acquire the first information content IE1 and the second information content IE2, and send the first information content IE1 and the second information content IE2 to the CCF, where the IE1 includes an encryption key. Key, the IE2 includes at least one of the following: challenge information and key generation information; and a second receiving module, configured to receive a location update message sent by the CCF, where the location update message is carried based on the The fifth information content IE5 generated by the Key; the verification module is configured to verify the IE5 based on the Key.

在一实施例中,所述IE1基于第三信息内容IE3和密钥Key生成,所述IE3基于所述IE2生成,所述IE3至少包括以下之一:期望密钥和期望响应。In an embodiment, the IE1 is generated based on a third information content IE3 and a key Key, the IE3 being generated based on the IE2, the IE3 comprising at least one of: a desired key and a desired response.

在一实施例中,所述装置还包括:第一发送模块,设置为在接收所述CCF发送的位置更新消息之前,向所述CCF发送所述IE3。In an embodiment, the apparatus further includes: a first sending module, configured to send the IE3 to the CCF before receiving the location update message sent by the CCF.

在一实施例中,所述装置还包括:第二发送模块,设置为在接收到所述CCF发送的位置更新消息之前,向所述CCF发送第六内容信息IE6,其中,所述IE6包括校验信息,所述校验信息用于校验IE4,所述IE4基于所述IE2生成,其中,所述IE4至少包括以下之一:实际密钥和实际响应。In an embodiment, the apparatus further includes: a second sending module, configured to send a sixth content information IE6 to the CCF before receiving the location update message sent by the CCF, where the IE6 includes a school The verification information is used to check IE4, and the IE4 is generated based on the IE2, wherein the IE4 includes at least one of the following: an actual key and an actual response.

本公开还提供了一种存储介质。该存储介质设置为存储用于执行以下步骤的程序代码:The present disclosure also provides a storage medium. The storage medium is arranged to store program code for performing the following steps:

在接收到来自用户终端UE的附着请求消息后,向归属网功能HF发送请求消息,其中,所述请求消息用于请求获取第一信息内容IE1和第二信息内容IE2, 所述IE1包括加密密钥Key,所述IE2至少包括以下之一:挑战信息和密钥生成信息;After receiving the attach request message from the user terminal UE, the request message is sent to the home network function HF, where the request message is used to request to acquire the first information content IE1 and the second information content IE2, where the IE1 includes the encryption key. Key Key, the IE2 includes at least one of the following: challenge information and key generation information;

在接收所述HF发送的所述IE1和所述IE2后,向所述UE发送所述IE2,并接收来自所述UE的第四信息内容IE4,所述IE4基于所述IE2生成,其中,所述IE4至少包括以下之一:实际密钥和实际响应;After receiving the IE1 and the IE2 sent by the HF, sending the IE2 to the UE, and receiving a fourth information content IE4 from the UE, where the IE4 is generated based on the IE2, where The IE4 includes at least one of the following: an actual key and an actual response;

基于所述IE1和所述IE4验证所述Key;Verifying the Key based on the IE1 and the IE4;

基于验证的结果,向所述HF发送位置更新消息,其中,所述位置更新消息中携带有基于所述Key生成的第五信息内容IE5。And transmitting, according to the result of the verification, a location update message to the HF, where the location update message carries a fifth information content IE5 generated based on the Key.

本公开提供的移动终端位置更新的方法及装置可以解决相关技术中CCF在不认证UE的情况下就能发起合法位置更新的问题,防止了CCF在UE没有接入网络的情况下欺骗归属网的情况。The method and the device for updating the location of the mobile terminal provided by the present disclosure can solve the problem that the CCF can initiate a legal location update without the UE being authenticated in the related art, and prevent the CCF from spoofing the home network when the UE does not access the network. Happening.

附图说明DRAWINGS

图1是相关技术中的移动终端位置更新流程示意图;1 is a schematic diagram of a mobile terminal location update process in the related art;

图2是一实施例的一种移动终端位置更新的方法流程图;2 is a flowchart of a method for updating a location of a mobile terminal according to an embodiment;

图3是一实施例的另一种移动终端位置更新的方法流程图;FIG. 3 is a flowchart of another method for updating a location of a mobile terminal according to an embodiment; FIG.

图4是一实施例的一种移动终端位置更新的装置的结构框图;4 is a structural block diagram of an apparatus for updating a location of a mobile terminal according to an embodiment;

图5是一实施例的另一种移动终端位置更新的装置的结构框图;FIG. 5 is a structural block diagram of another apparatus for updating a location of a mobile terminal according to an embodiment; FIG.

图6是一实施例的一种移动终端位置更新流程示意图;FIG. 6 is a schematic diagram of a mobile terminal location update process according to an embodiment; FIG.

图7是一实施例的另一种移动终端位置更新流程示意图。FIG. 7 is a schematic diagram of another mobile terminal location update process according to an embodiment.

具体实施方式detailed description

本公开的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于 区别类似的对象,而不必用于描述特定的顺序或先后次序。The terms "first", "second" and the like in the specification and claims of the present disclosure and the above-mentioned drawings are used to distinguish similar objects, and are not necessarily used to describe a particular order or order.

实施例1Example 1

在本实施例中提供了一种运行于核心网控制功能CCF的移动终端位置更新的方法,图2是本实施例提供的一种移动终端位置更新的方法流程图,如图2所示,该流程包括如下步骤:In this embodiment, a method for updating a location of a mobile terminal in a core network control function CCF is provided. FIG. 2 is a flowchart of a method for updating a location of a mobile terminal according to the embodiment. As shown in FIG. The process includes the following steps:

在步骤202中,CCF在接收到来自用户终端UE的附着请求消息后,向归属网功能HF发送请求消息,其中,所述请求消息用于请求获取第一信息内容(Information Element,IE)IE1和第二信息内容IE2,其中,IE1包括加密密钥Key,IE2至少包括以下之一:挑战信息和密钥生成信息。In step 202, after receiving the attach request message from the user terminal UE, the CCF sends a request message to the home network function HF, where the request message is used to request to acquire the first information content (IE) IE1 and The second information content IE2, wherein the IE1 includes an encryption key Key, and the IE2 includes at least one of the following: challenge information and key generation information.

在步骤204中,CCF在接收HF发送的IE1和IE2后,向UE发送IE2,并接收来自UE的第四信息内容IE4,IE4基于所述IE2生成,其中,IE4至少包括以下之一:实际密钥和实际响应。In step 204, after receiving the IE1 and IE2 sent by the HF, the CCF sends the IE2 to the UE, and receives the fourth information content IE4 from the UE. The IE4 is generated based on the IE2, where the IE4 includes at least one of the following: Key and actual response.

在步骤206中,CCF基于IE1和IE4验证Key。In step 206, the CCF verifies the Key based on IE1 and IE4.

在步骤208中,基于验证的结果,CCF向HF发送位置更新消息,其中,位置更新消息中携带有基于Key生成的第五信息内容IE5。In step 208, based on the result of the verification, the CCF sends a location update message to the HF, where the location update message carries the fifth information content IE5 generated based on the Key.

通过上述步骤,CCF在接收到来自用户终端UE的消息后,向归属网功能HF请求第一信息内容IE1和第二信息内容IE2,其中,IE1包括加密密钥,IE2至少包括以下之一:挑战信息和密钥生成信息;CCF向UE发送IE2,并接收来自UE的第四信息内容IE4,IE4基于IE2生成,其中,IE4至少包括以下之一:实际密钥和实际响应;CCF基于IE1和IE4验证Key;在验证通过时,CCF向HF发送携带基于Key生成的第五信息内容IE5,向HF发起位置更新,由于CCF在位置更新中携带基于密钥生成的验证信息,而该密钥必须在认证UE后才能获得,使得CCF不能在不认证UE的情况下发起合法的位置更新,解决了相关技 术中CCF在不认证UE的情况下就能发起合法位置更新的问题,防止了CCF在UE没有接入网络的情况下欺骗归属网的情况。After receiving the message from the user terminal UE, the CCF requests the first information content IE1 and the second information content IE2 from the home network function HF, where the IE1 includes an encryption key, and the IE2 includes at least one of the following: The information and the key generation information; the CCF sends the IE2 to the UE, and receives the fourth information content IE4 from the UE, and the IE4 is generated based on the IE2, wherein the IE4 includes at least one of the following: the actual key and the actual response; the CCF is based on the IE1 and the IE4 Verifying the Key; when the verification is passed, the CCF sends a fifth information content IE5 generated based on the Key to the HF, and initiates a location update to the HF. Since the CCF carries the authentication information generated based on the key in the location update, the key must be in the After the UE is authenticated, the CCF can not initiate a legal location update without authenticating the UE. This solves the problem that the CCF can initiate a legal location update without the UE being authenticated in the related art, and prevents the CCF from being in the UE. The case of spoofing the home network when accessing the network.

在一实施例中,上述步骤的执行主体可以为与CCF相关的实体或软件。In an embodiment, the execution body of the above steps may be an entity or software related to the CCF.

在一实施例中,IE1基于第三信息内容IE3和密钥Key生成,IE3基于IE2生成,IE3至少包括以下之一:期望密钥和期望响应。In an embodiment, IE1 is generated based on the third information content IE3 and the key Key, and IE3 is generated based on IE2, and IE3 includes at least one of the following: a desired key and a desired response.

在一实施例中,所述CCF基于所述IE1和所述IE4验证所述Key包括:In an embodiment, the CCF verifies the Key based on the IE1 and the IE4, including:

所述CCF接收来自所述HF的所述IE3。The CCF receives the IE3 from the HF.

所述CCF验证所述IE4与所述IE3匹配成功后,基于所述IE1和所述IE4验证所述Key。After the CCF verifies that the IE4 matches the IE3, the Key is verified based on the IE1 and the IE4.

在一实施例中,所述方法还包括:In an embodiment, the method further includes:

CCF接收来自HF的IE3。The CCF receives IE3 from HF.

CCF验证IE4与IE3匹配后,向HF发起位置更新。After the CCF verifies that IE4 matches IE3, it initiates a location update to the HF.

在一实施例中,在CCF向HF发起位置更新消息之前,还包括:In an embodiment, before the CCF initiates the location update message to the HF, the method further includes:

CCF接收来自HF的第六信息内容IE6,其中,IE6包括校验信息,其中,校验信息用于校验本实施例中的IE4。The CCF receives the sixth information content IE6 from the HF, wherein the IE6 includes verification information, wherein the verification information is used to verify the IE4 in this embodiment.

CCF确定Key后,基于Key和IE4验证IE6。After the CCF determines the Key, it verifies IE6 based on Key and IE4.

在本实施例中提供了一种运行于归属网功能HF的移动终端位置更新的方法,图3是本实施例提供的另一种移动终端位置更新的方法流程图,如图3所示,该流程包括如下步骤:In this embodiment, a method for updating a location of a mobile terminal that operates on a home network function HF is provided. FIG. 3 is a flowchart of another method for updating a location of a mobile terminal according to the embodiment. As shown in FIG. The process includes the following steps:

在步骤302中,HF接收到来自核心网控制功能CCF针对用户终端UE发送的请求消息,请求消息用于请求获取第一信息内容IE1和第二信息内容IE2;HF向CCF发送IE1和IE2,其中,IE1包括加密密钥Key,IE2至少包括以下之一:挑战信息和密钥生成信息;In step 302, the HF receives a request message sent by the core network control function CCF for the user terminal UE, the request message is used to request to acquire the first information content IE1 and the second information content IE2; the HF sends the IE1 and the IE2 to the CCF, where IE1 includes an encryption key Key, and IE2 includes at least one of the following: challenge information and key generation information;

在步骤304中,HF接收到来自CCF针对UE的携带第五信息内容IE5的位置更新消息,其中,IE5是基于Key生成的;In step 304, the HF receives a location update message carrying the fifth information content IE5 from the CCF for the UE, where the IE5 is generated based on the Key;

在步骤306中,HF基于Key验证IE5。In step 306, HF verifies IE5 based on Key.

在一实施例中,IE1基于第三信息内容IE3和密钥Key生成,IE3基于IE2生成,IE3至少包括以下之一:期望密钥和期望响应。In an embodiment, IE1 is generated based on the third information content IE3 and the key Key, and IE3 is generated based on IE2, and IE3 includes at least one of the following: a desired key and a desired response.

在一实施例中,所述方法还包括:HF接收CCF发送的位置更新消息之前,HF向CCF发送IE3。In an embodiment, the method further comprises: before the HF receives the location update message sent by the CCF, the HF sends the IE3 to the CCF.

在一实施例中,所述方法还包括:HF接收CCF发送的位置更新消息之前,HF向CCF发送第六内容信息IE6,其中,IE6包括校验信息,校验信息用于校验IE4。In an embodiment, the method further includes: before the HF receives the location update message sent by the CCF, the HF sends the sixth content information IE6 to the CCF, where the IE6 includes verification information, and the verification information is used to verify the IE4.

上述实施例的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件的方式来实现,可以以软件产品的形式体现出来,该计算机软件产品可以存储在一个存储介质(如ROM/RAM、磁碟或光盘等)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行上述实施例的方法。The method of the foregoing embodiment can be implemented by means of software plus a necessary general hardware platform, and can also be implemented by hardware, and can be embodied in the form of a software product, which can be stored in a storage medium (such as ROM/RAM, disk or optical disk, etc., includes a number of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method of the above embodiments.

实施例2Example 2

在本实施例中还提供了一种移动终端位置更新的装置,该装置可以执行上述实施例提供的方法,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以是实现预定功能的软件和硬件中的至少一种的组合。以下实施例所描述的装置可以以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In this embodiment, a device for updating a location of a mobile terminal is also provided, and the device may perform the method provided in the foregoing embodiment, and details are not described herein. As used hereinafter, the term "module" can be a combination of at least one of software and hardware that implements a predetermined function. The apparatus described in the following embodiments may be implemented in software, but hardware, or a combination of software and hardware, is also possible and conceivable.

图4是根据本实施例提供的一种移动终端位置更新的装置的结构框图,应用于CCF,如图4所示,该装置包括:4 is a structural block diagram of an apparatus for updating a location of a mobile terminal according to the embodiment, which is applied to a CCF. As shown in FIG. 4, the apparatus includes:

请求模块40,设置为在接收到来自用户终端UE的附着请求消息后,向归属网功能HF发送请求第一信息内容IE1和第二信息内容IE2的请求消息,其中,IE1包括加密密钥Key,IE2至少包括以下之一:挑战信息和密钥生成信息;The requesting module 40 is configured to, after receiving the attach request message from the user terminal UE, send a request message requesting the first information content IE1 and the second information content IE2 to the home network function HF, where the IE1 includes an encryption key Key, IE2 includes at least one of the following: challenge information and key generation information;

传输模块42,设置为在接收HF发送的IE1和IE2后,向UE发送IE2,并接收来自UE的第四信息内容IE4,IE4基于IE2生成,其中,IE4至少包括以下之一:实际密钥和实际响应;The transmission module 42 is configured to: after receiving the IE1 and the IE2 sent by the HF, send the IE2 to the UE, and receive the fourth information content IE4 from the UE, where the IE4 is generated based on the IE2, where the IE4 includes at least one of the following: an actual key and Actual response

第一验证模块44,设置为CCF基于IE1和IE4验证Key;The first verification module 44 is configured to verify the Key based on IE1 and IE4 by the CCF;

更新模块46,设置为在验证通过时,向HF发送携带基于Key生成的第五信息内容IE5,向HF发起位置更新消息。The update module 46 is configured to, when the verification passes, send a fifth information content IE5 carrying the Key-based generation to the HF, and initiate a location update message to the HF.

在一实施例中,IE1基于第三信息内容IE3和密钥Key生成,IE3基于IE2生成,IE3至少包括以下之一:期望密钥和期望响应。In an embodiment, IE1 is generated based on the third information content IE3 and the key Key, and IE3 is generated based on IE2, and IE3 includes at least one of the following: a desired key and a desired response.

在一实施例中,装置还包括:第一接收模块,设置为接收来自HF的IE3;第一验证模块,是设置为验证IE4与IE3匹配成功后,基于所述IE1和所述IE4验证所述Key。In an embodiment, the apparatus further includes: a first receiving module configured to receive the IE3 from the HF; and a first verification module configured to verify that the IE4 and the IE3 match successfully, and verify the IE1 and the IE4 based on the IE1 and the IE4 Key.

在一实施例中,还包括第一更新模块,设置为CCF验证IE4与IE3匹配成功后,向HF发起位置更新消息。In an embodiment, the first update module is further configured to set a CCF to verify that the IE4 and the IE3 match successfully, and initiate a location update message to the HF.

在一实施例中,装置还包括:第二接收模块,设置为在更新模块向HF发起位置更新之前,接收来自HF的第六信息内容IE6,其中,IE6包括校验信息,所述校验信息用于校验所述IE4;第二验证模块,设置为确定Key后,基于Key和IE4验证IE6。In an embodiment, the apparatus further comprises: a second receiving module, configured to receive the sixth information content IE6 from the HF before the update module initiates the location update to the HF, wherein the IE6 includes verification information, the verification information For verifying the IE4; the second verification module is configured to verify the IE6 based on the Key and IE4 after determining the Key.

图5是根据本发明实施例的另一种移动终端位置更新的装置的结构框图,应用于HF,如图5所示,该装置包括:FIG. 5 is a structural block diagram of another apparatus for updating a location of a mobile terminal according to an embodiment of the present invention, which is applied to an HF. As shown in FIG. 5, the apparatus includes:

第一接收模块50,设置为接收到来自核心网控制功能CCF针对用户终端 UE发送的请求消息,所述请求消息用于请求获取第一信息内容IE1和第二信息内容IE2,向CCF发送第一信息内容IE1和第二信息内容IE2,其中,IE1包括加密密钥,IE2至少包括以下之一:挑战信息和密钥生成信息;The first receiving module 50 is configured to receive a request message sent by the core network control function CCF for the user terminal UE, where the request message is used to request to acquire the first information content IE1 and the second information content IE2, and send the first message to the CCF. The information content IE1 and the second information content IE2, wherein the IE1 includes an encryption key, and the IE2 includes at least one of the following: challenge information and key generation information;

第二接收模块52,设置为接收来自CCF针对UE的携带第五信息内容IE5的位置更新消息,其中,IE5是基于Key生成的;The second receiving module 52 is configured to receive a location update message carrying the fifth information content IE5 from the CCF for the UE, where the IE5 is generated based on the Key;

验证模块54,设置为基于Key验证IE13。The verification module 54 is set to verify the IE 13 based on the Key.

在一实施例中,IE1基于第三信息内容IE3和密钥Key生成,IE3基于IE2生成,IE3至少包括以下之一:期望密钥和期望响应。In an embodiment, IE1 is generated based on the third information content IE3 and the key Key, and IE3 is generated based on IE2, and IE3 includes at least one of the following: a desired key and a desired response.

在一实施例中,装置还包括:第一发送模块,设置为在接收所述CCF发送的位置更新消息之前,向CCF发送IE3。In an embodiment, the apparatus further comprises: a first sending module, configured to send the IE3 to the CCF before receiving the location update message sent by the CCF.

在一实施例中,装置还包括:第二发送模块,设置为在接收到所述CCF发送的位置更新消息之前,向CCF发送第六内容信息IE6,其中,IE6包括校验信息,校验信息用于校验IE4。所述IE4基于所述IE2生成,其中,所述IE4至少包括以下之一:实际密钥和实际响应。In an embodiment, the apparatus further includes: a second sending module, configured to send the sixth content information IE6 to the CCF before receiving the location update message sent by the CCF, where the IE6 includes the check information, the check information Used to verify IE4. The IE4 is generated based on the IE2, wherein the IE4 includes at least one of the following: an actual key and an actual response.

上述每个模块是可以通过软件或硬件来实现的,对于后者,可以通过以下方式实现:上述模块均位于同一处理器中;或者,上述多个模块以任意组合的形式分别位于不同的处理器中。Each of the above modules may be implemented by software or hardware. For the latter, the modules may be implemented in the same manner: the modules are located in different processors in any combination. in.

实施例3Example 3

图6是本实施例提供的一种移动终端位置更新流程示意图,该流程可以包括如下步骤:其中,步骤601~602与图1中的步骤101~102相同。FIG. 6 is a schematic diagram of a mobile terminal location update process according to the embodiment. The process may include the following steps: Steps 601-602 are the same as steps 101-102 in FIG.

在步骤603中,HF向CCF发送认证数据响应,比如发送Authentication Data Response消息,携带Auth,Seed,Xres,和Encl,其中Auth是认证信息,比如用于UE认证网络的AUTN和用于UE生成Res的RAND,Xres是期望响应, 比如用于CCF判断UE发送的Res是否等于Xres以认证UE,Seed用于HF生成Xkey2和UE生成key2(如果UE是合法的,Xkey2将等于key2),Encl基于Xkey2和Key1生成,Key1被CCF用于UE和CCF间的安全通信。In step 603, the HF sends an authentication data response to the CCF, such as sending an Authentication Data Response message carrying Auth, Seed, Xres, and Encl, where Auth is authentication information, such as AUTN for UE authentication network and Res for UE generation. RAND, Xres is the expected response, such as for CCF to determine whether the Res sent by the UE is equal to Xres to authenticate the UE, Seed for HF to generate Xkey2 and UE to generate key2 (if the UE is legal, Xkey2 will be equal to key2), Encl is based on Xkey2 And Key1 is generated, and Key1 is used by the CCF for secure communication between the UE and the CCF.

在步骤604中,CCF向UE发送用户认证请求,比如发送User Authentication Request消息,携带AUTN,RAND,和Seed。In step 604, the CCF sends a user authentication request to the UE, such as sending a User Authentication Request message carrying the AUTN, RAND, and Seed.

在步骤605中,UE检查AUTN以认证网络,如果认证成功,则基于RAND生成Res,基于Seed生成key2,并向CCF发送用户认证响应,比如发送User Authentication Response消息,携带Res和key2。In step 605, the UE checks the AUTN to authenticate the network. If the authentication succeeds, the Res is generated based on the RAND, the key2 is generated based on the Seed, and the user authentication response is sent to the CCF, for example, a User Authentication Response message is sent, carrying Res and key2.

在步骤606中,CCF使用Xres检查Res,如果两者相同(则Xkey2=key2),则基于key2和Encl计算Key1,并向HF发送位置更新,比如发送Update Location消息,携带基于Key1生成的验证信息Verification。接收到该消息的HF基于Xkey2验证Verification,如果验证成功,则可以知道UE的当前位置信息是合法的,并认为UE已经接入移动网络使用服务,验证操作可按如下方式进行:In step 606, the CCF checks the Res using Xres. If the two are the same (then Xkey2=key2), Key1 is calculated based on key2 and Encl, and a location update is sent to the HF, such as sending an Update Location message carrying the authentication information generated based on Key1. Verification. The HF that receives the message verifies the Verification based on Xkey2. If the verification succeeds, it can be known that the current location information of the UE is legal, and that the UE has accessed the mobile network to use the service, and the verification operation can be performed as follows:

HF基于Xkey2生成Xverification并检查Xverification是否等于Verification,或者HF基于Verification计算Xkey3并检查Xkey3是否等于Xkey2。HF generates Xverification based on Xkey2 and checks if Xverification is equal to Verification, or HF calculates Xkey3 based on Verification and checks if Xkey3 is equal to Xkey2.

图7是本实施例提供的另一种移动终端位置更新流程示意图,该流程包括如下步骤:其中,步骤701~702与图1中的步骤101~102相同。FIG. 7 is a schematic diagram of another mobile terminal location update process provided by this embodiment. The process includes the following steps: Steps 701-702 are the same as steps 101-102 in FIG.

在步骤703中,HF向CCF发送认证数据响应,比如发送Authentication Data Response消息,携带Auth,Verification1,和Enc,其中Auth是认证信息,比如用于UE认证网络的AUTN和用于UE生成Res的RAND,Verification1是响应验证信息,基于期望响应Xres生成,Xres基于RAND生成,Enc基于Xres和Key生成,Key被CCF用于UE和CCF间的安全通信。In step 703, the HF sends an authentication data response to the CCF, such as sending an Authentication Data Response message carrying Auth, Verification1, and Enc, where Auth is authentication information, such as AUTN for the UE authentication network and RAND for the UE to generate Res. Verification1 is response verification information, based on expected response Xres generation, Xres is generated based on RAND, Enc is generated based on Xres and Key, and Key is used by CCF for secure communication between UE and CCF.

在步骤704中,CCF向UE发送用户认证请求,比如发送User Authentication  Request消息,携带AUTN和RAND。In step 704, the CCF sends a user authentication request to the UE, such as sending a User Authentication Request message carrying the AUTN and the RAND.

在步骤705中,UE检查AUTN以认证网络,如果认证成功,则基于RAND生成Res,并向CCF发送用户认证响应,比如发送User Authentication Response消息,携带Res。In step 705, the UE checks the AUTN to authenticate the network. If the authentication is successful, the Res is generated based on the RAND, and a user authentication response is sent to the CCF, such as sending a User Authentication Response message carrying the Res.

在步骤706中,CCF基于Enc和Res计算XKey,然后基于XKey验证Verification1(比如基于XKey计算Xverification1并将其与Verification1进行比较,或者基于Verification1计算Xres并将其与Res进行比较),如果验证成功(则Xres=Res并且XKey=Key),则UE认证通过。In step 706, the CCF calculates XKey based on Enc and Res, and then verifies Verification1 based on XKey (such as calculating Xverification1 based on XKey and comparing it with Verification1, or calculating Xres based on Verification1 and comparing it with Res), if the verification is successful ( Then Xres=Res and XKey=Key), then the UE passes the authentication.

在步骤707中,CCF向HF发送位置更新,比如发送Update Location消息,携带基于Key生成的验证信息Verification2。接收到该消息的HF基于Key验证Verification2,如果验证成功,则可以知道UE的当前位置信息是合法的,并认为UE已经接入移动网络使用服务,验证操作可按如下方式进行:In step 707, the CCF sends a location update to the HF, such as sending an Update Location message, carrying the verification information Verification2 generated based on the Key. The HF that receives the message is based on the Key Verification Verification 2. If the verification succeeds, it can be known that the current location information of the UE is legal, and that the UE has accessed the mobile network to use the service, and the verification operation can be performed as follows:

HF基于Key生成Xverification2并检查Xverification2是否等于Verification2,或者HF基于Verification2计算XKey2并检查XKey2是否等于Key。HF generates Xverification2 based on Key and checks if Xverification2 is equal to Verification2, or HF calculates XKey2 based on Verification2 and checks if XKey2 is equal to Key.

采用上述方案就能够实现防止CCF欺骗HFUE已接入网络。With the above scheme, it is possible to prevent the CCF from spoofing that the HF UE has access to the network.

本实施例提供的移动终端位置更新的方法,CCF需要在位置更新中携带基于密钥生成的验证信息,而该密钥必须在认证UE后才能获得,使得CCF不能在不认证UE的情况下发起合法的位置更新,防止了CCF在UE没有接入网络的情况下欺骗归属网的情况。In the method for updating the location of the mobile terminal provided by the embodiment, the CCF needs to carry the authentication information generated by the key in the location update, and the key must be obtained after the UE is authenticated, so that the CCF cannot be initiated without authenticating the UE. A legitimate location update prevents the CCF from spoofing the home network without the UE accessing the network.

实施例4Example 4

本实施例提供了一种存储介质。在本实施例中,上述存储介质可以被设置为存储用于执行以下步骤的程序代码:This embodiment provides a storage medium. In this embodiment, the above storage medium may be configured to store program code for performing the following steps:

S 1,在接收到来自用户终端UE的消息后,向归属网功能HF发送请求第一 信息内容IE1和第二信息内容IE2的请求信息,其中,所述IE1包括加密密钥,所述IE2至少包括以下之一:挑战信息和密钥生成信息;S1, after receiving the message from the user terminal UE, sending request information for requesting the first information content IE1 and the second information content IE2 to the home network function HF, where the IE1 includes an encryption key, and the IE2 is at least Includes one of the following: challenge information and key generation information;

S2,在接收所述HF发送的所述IE1和所述IE2后,向所述UE发送所述IE2,并接收来自所述UE的第四信息内容IE4,所述IE4基于所述IE2生成,其中,所述IE4至少包括以下之一:实际密钥和实际响应;S2, after receiving the IE1 and the IE2 sent by the HF, sending the IE2 to the UE, and receiving a fourth information content IE4 from the UE, where the IE4 is generated based on the IE2, where The IE4 includes at least one of the following: an actual key and an actual response;

S3,基于所述IE1和所述IE4验证所述Key;S3, verifying the Key based on the IE1 and the IE4;

S4,在验证通过时,向所述HF发送携带基于所述Key生成的第五信息内容IE5,向所述HF发起位置更新。S4. When the verification is passed, send the fifth information content IE5 generated based on the Key to the HF, and initiate a location update to the HF.

在一实施例中,上述存储介质可以包括:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。In an embodiment, the foregoing storage medium may include: a U disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a mobile hard disk, a magnetic disk, or an optical disk. The medium in which the program code is stored.

在一实施例中,处理器可以根据存储介质中已存储的程序代码执行在接收到来自用户终端UE的消息后,向归属网功能HF请求第一信息内容IE1和第二信息内容IE2,其中,所述IE1包括加密密钥,所述IE2至少包括以下之一:挑战信息和密钥生成信息;In an embodiment, the processor may, after receiving the message from the user terminal UE, request the first information content IE1 and the second information content IE2 from the home network function HF according to the stored program code in the storage medium, where The IE1 includes an encryption key, and the IE2 includes at least one of the following: challenge information and key generation information;

在一实施例中,处理器根据存储介质中已存储的程序代码执行向所述UE发送所述IE2,并接收来自所述UE的第四信息内容IE4,所述IE4基于所述IE2生成,其中,所述IE4至少包括以下之一:实际密钥,实际响应;In an embodiment, the processor performs to send the IE2 to the UE according to the stored program code in the storage medium, and receives a fourth information content IE4 from the UE, where the IE4 is generated based on the IE2, where The IE4 includes at least one of the following: an actual key, an actual response;

在一实施例中,处理器根据存储介质中已存储的程序代码执行基于所述IE1和所述IE4验证所述Key;In an embodiment, the processor performs verification based on the IE1 and the IE4 to verify the Key according to the stored program code in the storage medium;

在一实施例中,处理器根据存储介质中已存储的程序代码执行在验证通过时,向所述HF发送携带基于所述Key生成的第五信息内容IE5,向所述HF发起位置更新。In an embodiment, the processor performs, according to the stored program code in the storage medium, sending a fifth information content IE5 generated based on the Key to the HF to initiate a location update to the HF when the verification passes.

本实施例中的示例可以参考上述实施例及可选实施方式中所描述的示例,本实施例在此不再赘述。上述实施例提供的模块或步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,在一实施例中,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在一些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成每个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。For examples in this embodiment, reference may be made to the examples described in the foregoing embodiments and the optional embodiments, and details are not described herein again. The modules or steps provided by the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices. In one embodiment, they may be calculated. The program code executable by the apparatus is implemented such that they may be stored in a storage device by a computing device, and in some cases, the steps shown or described may be performed in an order different than that herein, or They are fabricated separately for each integrated circuit module, or a plurality of modules or steps thereof are fabricated into a single integrated circuit module.

工业实用性Industrial applicability

本公开提供了一种移动终端位置更新的方法及装置,可以解决CCF在不认证UE的情况下就能发起合法位置更新的问题,降低归属网为UE错误计费的风险。The present disclosure provides a method and a device for updating a location of a mobile terminal, which can solve the problem that the CCF can initiate a legal location update without authenticating the UE, and reduce the risk that the home network is incorrectly charged by the UE.

Claims (17)

一种移动终端位置更新的方法,应用于核心网控制功能CCF,所述方法包括:A method for updating a location of a mobile terminal is applied to a core network control function CCF, and the method includes: CCF在接收到来自用户终端UE的消息后,向归属网功能HF发送请求消息,其中,所述请求消息用于请求获取第一信息内容IE1和第二信息内容IE2,所述IE1包括加密密钥Key,所述IE2至少包括以下之一:挑战信息和密钥生成信息;After receiving the message from the user terminal UE, the CCF sends a request message to the home network function HF, where the request message is used to request to acquire the first information content IE1 and the second information content IE2, where the IE1 includes an encryption key. Key, the IE2 includes at least one of the following: challenge information and key generation information; 所述CCF在接收所述HF发送的所述IE1和所述IE2后,向所述UE发送所述IE2,并接收来自所述UE的第四信息内容IE4,所述IE4基于所述IE2生成,其中,所述IE4至少包括以下之一:实际密钥和实际响应;After receiving the IE1 and the IE2 sent by the HF, the CCF sends the IE2 to the UE, and receives a fourth information content IE4 from the UE, where the IE4 is generated based on the IE2, The IE4 includes at least one of the following: an actual key and an actual response; 所述CCF基于所述IE1和所述IE4验证所述Key;The CCF verifies the Key based on the IE1 and the IE4; 基于验证的结果,所述CCF向所述HF发送位置更新消息,其中,所述位置更新消息中携带有基于所述Key生成的第五信息内容IE5。Based on the result of the verification, the CCF sends a location update message to the HF, where the location update message carries a fifth information content IE5 generated based on the Key. 根据权利要求1所述的方法,其中,所述IE1基于第三信息内容IE3和密钥Key生成,所述IE3基于所述IE2生成,所述IE3至少包括以下之一:期望密钥和期望响应。The method according to claim 1, wherein the IE1 is generated based on a third information content IE3 and a key Key, the IE3 being generated based on the IE2, the IE3 comprising at least one of: a desired key and an expected response . 根据权利要求2所述的方法,其中,所述CCF基于所述IE1和所述IE4验证所述Key包括:The method of claim 2, wherein the CCF verifies the Key based on the IE1 and the IE4 comprises: 所述CCF接收来自所述HF的所述IE3;The CCF receives the IE3 from the HF; 所述CCF验证所述IE4与所述IE3匹配成功后,基于所述IE1和所述IE4验证所述Key。After the CCF verifies that the IE4 matches the IE3, the Key is verified based on the IE1 and the IE4. 根据权利要求1所述的方法,其中,在所述CCF向所述HF发起位置更新消息之前,所述方法还包括:The method of claim 1, wherein before the CCF initiates a location update message to the HF, the method further comprises: 所述CCF接收来自所述HF的第六信息内容IE6,其中,所述IE6包括校验信息,所述校验信息用于校验所述IE4;The CCF receives the sixth information content IE6 from the HF, where the IE6 includes verification information, and the verification information is used to verify the IE4; 所述CCF确定所述Key后,基于所述Key和所述IE4验证所述IE6。After the CCF determines the Key, the IE6 is verified based on the Key and the IE4. 一种移动终端位置更新的方法,应用于归属网功能HF,所述方法包括:A method for updating a location of a mobile terminal is applied to a home network function HF, and the method includes: HF接收来自核心网控制功能CCF针对用户终端UE发送的请求消息,所述请求消息用于请求获取第一信息内容IE1和第二信息内容IE2;The HF receives a request message sent by the core network control function CCF for the user terminal UE, the request message is used to request to acquire the first information content IE1 and the second information content IE2; 所述HF向所述CCF发送所述第一信息内容IE1和所述第二信息内容IE2,其中,所述IE1包括加密密钥Key,所述IE2至少包括以下之一:挑战信息和密钥生成信息;The HF sends the first information content IE1 and the second information content IE2 to the CCF, where the IE1 includes an encryption key Key, and the IE2 includes at least one of the following: challenge information and key generation information; 所述HF接收到所述CCF发送的位置更新消息,其中,所述位置更新消息中携带有基于所述Key生成的第五信息内容IE5;The HF receives a location update message sent by the CCF, where the location update message carries a fifth information content IE5 generated based on the Key; 所述HF基于所述Key验证所述IE5。The HF verifies the IE5 based on the Key. 根据权利要求5所述的方法,其中,所述IE1基于第三信息内容IE3和密钥Key生成,所述IE3基于所述IE2生成,所述IE3至少包括以下之一:期望密钥和期望响应。The method according to claim 5, wherein the IE1 is generated based on a third information content IE3 and a key Key, the IE3 being generated based on the IE2, the IE3 comprising at least one of: a desired key and an expected response . 根据权利要求6所述的方法,其中,所述HF接收所述CCF发送的位置更新消息之前还包括:The method of claim 6, wherein the receiving, by the HF, the location update message sent by the CCF further comprises: 所述HF向所述CCF发送所述IE3。The HF sends the IE3 to the CCF. 根据权利要求5所述的方法,其中,所述HF接收到所述CCF发送的位置更新消息之前还包括:The method of claim 5, wherein the receiving, by the HF, the location update message sent by the CCF further comprises: 所述HF向所述CCF发送第六内容信息IE6,其中,所述IE6包括校验信息,所述校验信息用于校验IE4,所述IE4基于所述IE2生成,其中,所述IE4至少包括以下之一:实际密钥和实际响应。The HF sends a sixth content information IE6 to the CCF, where the IE6 includes check information, the check information is used to check IE4, and the IE4 is generated based on the IE2, where the IE4 is at least Includes one of the following: the actual key and the actual response. 一种移动终端位置更新的装置,应用于核心网控制功能CCF,所述装置包括:A device for updating a location of a mobile terminal is applied to a core network control function CCF, and the device includes: 请求模块,设置为在接收到来自用户终端UE的附着请求消息后,向归属网功能HF发送请求消息,其中,所述请求消息用于请求获取第一信息内容IE1和第二信息内容IE2,所述IE1包括加密密钥Key,所述IE2至少包括以下之一:挑战信息和密钥生成信息;The requesting module is configured to send a request message to the home network function HF after receiving the attach request message from the user terminal UE, where the request message is used to request to acquire the first information content IE1 and the second information content IE2, The IE1 includes an encryption key Key, and the IE2 includes at least one of the following: challenge information and key generation information; 传输模块,设置为在接收所述HF发送的所述IE1和所述IE2后,向所述UE发送所述IE2,并接收来自所述UE的第四信息内容IE4,所述IE4基于所述IE2生成,其中,所述IE4至少包括以下之一:实际密钥和实际响应;a transmission module, configured to: after receiving the IE1 and the IE2 sent by the HF, send the IE2 to the UE, and receive a fourth information content IE4 from the UE, where the IE4 is based on the IE2 Generating, wherein the IE4 includes at least one of: an actual key and an actual response; 第一验证模块,设置为基于所述IE1和所述IE4验证所述Key;a first verification module, configured to verify the Key based on the IE1 and the IE4; 更新模块,设置为基于验证的结果,向所述HF发送位置更新消息,其中,所述位置更新消息中携带有基于所述Key生成的第五信息内容IE5。The update module is configured to send a location update message to the HF based on the result of the verification, wherein the location update message carries a fifth information content IE5 generated based on the Key. 根据权利要求9所述的装置,其中,所述IE1基于第三信息内容IE3和密钥Key生成,所述IE3基于所述IE2生成,所述IE3至少包括以下之一:期望密钥和期望响应。The apparatus according to claim 9, wherein the IE1 is generated based on a third information content IE3 and a key Key, the IE3 being generated based on the IE2, the IE3 comprising at least one of: a desired key and an expected response . 根据权利要求10所述的装置,其中,所述装置还包括:The device of claim 10, wherein the device further comprises: 第一接收模块,设置为接收来自所述HF的所述IE3;a first receiving module, configured to receive the IE3 from the HF; 所述第一验证模块,是设置为在验证所述IE4与所述IE3匹配成功后,基于所述IE1和所述IE4验证所述Key。The first verification module is configured to verify the key based on the IE1 and the IE4 after verifying that the IE4 and the IE3 are successfully matched. 根据权利要求9所述的装置,其中,所述装置还包括:The apparatus of claim 9 wherein said apparatus further comprises: 第二接收模块,设置为在所述更新模块向所述HF发起位置更新消息之前,接收来自所述HF的第六信息内容IE6,其中,所述IE6包括校验信息,所述校验信息用于校验所述IE4;a second receiving module, configured to receive a sixth information content IE6 from the HF before the update module initiates a location update message to the HF, where the IE6 includes verification information, and the verification information is used by For verifying the IE4; 第二验证模块,设置为确定所述Key后,基于所述Key和所述IE4验证所述IE6。The second verification module is configured to verify the IE6 based on the Key and the IE4 after determining the Key. 一种移动终端位置更新的装置,应用于归属网功能HF,所述装置包括:A device for updating a location of a mobile terminal is applied to a home network function HF, and the device includes: 第一接收模块,设置为接收来自核心网控制功能CCF针对用户终端UE发送的请求消息,所述请求消息用于请求获取第一信息内容IE1和第二信息内容IE2,向所述CCF发送所述第一信息内容IE1和所述第二信息内容IE2,其中,所述IE1包括加密密钥Key,所述IE2至少包括以下之一:挑战信息和密钥生成信息;a first receiving module, configured to receive a request message sent by the core network control function CCF for the user terminal UE, where the request message is used to request to acquire the first information content IE1 and the second information content IE2, and send the message to the CCF The first information content IE1 and the second information content IE2, wherein the IE1 includes an encryption key Key, and the IE2 includes at least one of the following: challenge information and key generation information; 第二接收模块,设置为接收到所述CCF发送的位置更新消息,其中,所述位置更新消息中携带有基于所述Key生成的第五信息内容IE5;The second receiving module is configured to receive the location update message sent by the CCF, where the location update message carries the fifth information content IE5 generated based on the Key; 验证模块,设置为基于所述Key验证所述IE5。A verification module is configured to verify the IE5 based on the Key. 根据权利要求13所述的装置,其中,所述IE1基于第三信息内容IE3和密钥Key生成,所述IE3基于所述IE2生成,所述IE3至少包括以下之一:期望密钥和期望响应。The apparatus according to claim 13, wherein the IE1 is generated based on a third information content IE3 and a key Key, the IE3 being generated based on the IE2, the IE3 comprising at least one of: a desired key and an expected response . 根据权利要求14所述的装置,其中,所述装置还包括:The apparatus of claim 14 wherein said apparatus further comprises: 第一发送模块,设置为在接收所述CCF发送的位置更新消息之前,向所述CCF发送所述IE3。The first sending module is configured to send the IE3 to the CCF before receiving the location update message sent by the CCF. 根据权利要求13所述的装置,其中,所述装置还包括:The device of claim 13 wherein said device further comprises: 第二发送模块,设置为在接收到所述CCF发送的位置更新消息之前,向所述CCF发送第六内容信息IE6,其中,所述IE6包括校验信息,所述校验信息用于校验IE4,所述IE4基于所述IE2生成,其中,所述IE4至少包括以下之一:实际密钥和实际响应。a second sending module, configured to send a sixth content information IE6 to the CCF before receiving the location update message sent by the CCF, where the IE6 includes check information, where the check information is used for verification IE4, the IE4 is generated based on the IE2, wherein the IE4 includes at least one of the following: an actual key and an actual response. 一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行权利要求1-8中任一项所述的方法。A computer readable storage medium storing computer executable instructions for performing the method of any of claims 1-8.
PCT/CN2018/079032 2017-03-21 2018-03-14 Method and device for updating position of mobile terminal Ceased WO2018171486A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710170950.2 2017-03-21
CN201710170950.2A CN108632818A (en) 2017-03-21 2017-03-21 The method and device of mobile terminal position updating

Publications (1)

Publication Number Publication Date
WO2018171486A1 true WO2018171486A1 (en) 2018-09-27

Family

ID=63585010

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/079032 Ceased WO2018171486A1 (en) 2017-03-21 2018-03-14 Method and device for updating position of mobile terminal

Country Status (2)

Country Link
CN (1) CN108632818A (en)
WO (1) WO2018171486A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050250474A1 (en) * 2004-05-07 2005-11-10 Samsung Electronics Co., Ltd. System and method for controlling idle mode location in a broadband wireless access communication system
CN1997212A (en) * 2006-01-05 2007-07-11 华为技术有限公司 Method for location update in the wireless communication network
CN101330747A (en) * 2007-07-26 2008-12-24 中兴通讯股份有限公司 Optimization method for acquiring authentication cryptographic key during position updating process
CN102595400A (en) * 2012-03-19 2012-07-18 中兴通讯股份有限公司 Method, system and user device for detecting whether universal integrated circuit card (UICC) is used on authorized device
CN104093132A (en) * 2013-04-01 2014-10-08 华为技术有限公司 Data processing method, mobile management network element, home user server and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050250474A1 (en) * 2004-05-07 2005-11-10 Samsung Electronics Co., Ltd. System and method for controlling idle mode location in a broadband wireless access communication system
CN1997212A (en) * 2006-01-05 2007-07-11 华为技术有限公司 Method for location update in the wireless communication network
CN101330747A (en) * 2007-07-26 2008-12-24 中兴通讯股份有限公司 Optimization method for acquiring authentication cryptographic key during position updating process
CN102595400A (en) * 2012-03-19 2012-07-18 中兴通讯股份有限公司 Method, system and user device for detecting whether universal integrated circuit card (UICC) is used on authorized device
CN104093132A (en) * 2013-04-01 2014-10-08 华为技术有限公司 Data processing method, mobile management network element, home user server and system

Also Published As

Publication number Publication date
CN108632818A (en) 2018-10-09

Similar Documents

Publication Publication Date Title
US11825303B2 (en) Method for performing verification by using shared key, method for performing verification by using public key and private key, and apparatus
US11405780B2 (en) Method for performing verification by using shared key, method for performing verification by using public key and private key, and apparatus
US9292670B2 (en) Systems and methods for generating and authenticating one time dynamic password based on context information
US8375432B2 (en) Methods, apparatus, and computer program products for subscriber authentication and temporary code generation
CN106899410B (en) A kind of method and device of equipment identities certification
US9270672B2 (en) Performing a group authentication and key agreement procedure
US11159940B2 (en) Method for mutual authentication between user equipment and a communication network
AU2017405089A1 (en) Enhanced registration procedure in a mobile system supporting network slicing
WO2011127810A1 (en) Method and apparatus for authenticating communication devices
CN111630882B (en) User equipment, authentication server, medium, and method and system for determining key
CN111641498A (en) Method and device for determining key
WO2019056971A1 (en) Authentication method and device
CN109845185A (en) A kind of data transmission method, terminal, node device and system
CN110719292A (en) Connection authentication method and system between edge computing equipment and central cloud platform
WO2013023566A1 (en) Method, system, and device for controlling mtc server permission validation
US11223954B2 (en) Network authentication method, device, and system
CN104796255A (en) A safety certification method, device and system for a client end
US11974129B2 (en) Token-based security risk assessment for multi-factor authentication
US12177666B2 (en) Enhancement of authentication
CN113569210A (en) Distributed identity authentication method, device access method and device
CN106657034B (en) A service authentication method and authentication capability opening server
CN109429225A (en) Message sink, sending method and device, terminal, network functional entity
WO2012000313A1 (en) Method and system for home gateway certification
CN112887979A (en) Network access method and related equipment
WO2019192275A1 (en) Authentication method and network element

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18771751

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18771751

Country of ref document: EP

Kind code of ref document: A1