CN108901018A - A kind of mobile communication system user identity hiding method that terminal is initiated - Google Patents

A kind of mobile communication system user identity hiding method that terminal is initiated Download PDF

Info

Publication number
CN108901018A
CN108901018A CN201810839413.7A CN201810839413A CN108901018A CN 108901018 A CN108901018 A CN 108901018A CN 201810839413 A CN201810839413 A CN 201810839413A CN 108901018 A CN108901018 A CN 108901018A
Authority
CN
China
Prior art keywords
supi
imsi
user
terminal
jump
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810839413.7A
Other languages
Chinese (zh)
Other versions
CN108901018B (en
Inventor
田永春
王俊
吴坤
曾浩洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
Chengdu Westone Information Industry Inc
Original Assignee
CETC 30 Research Institute
Chengdu Westone Information Industry Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute, Chengdu Westone Information Industry Inc filed Critical CETC 30 Research Institute
Priority to CN201810839413.7A priority Critical patent/CN108901018B/en
Publication of CN108901018A publication Critical patent/CN108901018A/en
Application granted granted Critical
Publication of CN108901018B publication Critical patent/CN108901018B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W60/00Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses the mobile communication system user identity hiding methods that a kind of terminal is initiated, new legal IMSI or SUPI are generated by terminal dynamic, and information update, synchronization and collision are carried out to network using new IMSI or SUPI from terminal and is eliminated, to change the identity in user's communication process, decouple user identity and communications identities.The present invention is only needed to be customized the USIM/eSIM card of terminal or be carried out to firmware portions customizable in communication processor software customized, and the HSS or AUSF/UDM/UDR of rear end are modified on a small quantity, enable the user with high safety demand or special industry in such a way that one kind does not change mobile communication standard framework and standard agreement process, achieve the effect that same user and the corresponding relationship of IMSI or SUPI change at random, increases attacker and track user by capture IMSI or SUPI or derive the difficulty of user's identity in real space.

Description

A kind of mobile communication system user identity hiding method that terminal is initiated
Technical field
The present invention relates to the mobile communication system user identity hiding methods that a kind of terminal is initiated.
Background technique
Current 5G mobile communication system first stage standard is it has been determined that but the 5G network ecosystem complicated as one System, the multiple types participant such as existence foundation infrastructure provider, mobile communication network operator, virtual operator, user data Storage, transmission and processing, face in this complex network by the interaction of a variety of access technologies, plurality of devices and multiple participants The risk of many privacy leakages.
Virtualization technology is largely introduced in 5G network, various vertical industry applications are supported, while bringing flexibility So that network security boundary is more fuzzy, in the case where multi-tenant shares computing resource, the private data of user is easier Under attack and leakage.For traditional network, privacy leakage coverage caused by such case is wider, endangers more Greatly.Therefore, higher challenge is proposed to the secret protection of 5G network.Also some privacy concerns are exposed in existing 4G network to be needed It solves, such as the leakage problem of international mobile subscriber identifier (IMSI) leakage problem and location information.Persistent identifier Leakage can directly result in the leakage of subscriber identity information.
And in 4G and 5G network, mainly uniquely marked by globally unique IMSI or signing persistent identifier (SUPI) Know user identity, and then the privacy informations such as identity, position, telephone number for being associated with user.And increasingly developed mobile payment It is also required to extract the IMSI/SUPI of user, as one of the foundation for determining user identity.Therefore the IMSI/SUPI of user is protected, It is the importance for protecting user privacy information.
In 4G network, IMSI meeting plaintext transmission when authenticating for the first time, there are the risks of leakage;Inside 5G, use The method of encryption acquisition signing hiding identification identifier (SUCI) is carried out to SUPI to avoid the plaintext transmission of eating dishes without rice or wine of SUPI.But state Border standard regulation, mobile communications network must satisfy the needs of national security, although 5G encrypts the SUPI of user, It is required that service network can identify the true identity of user to facilitate and execute specific national security policies, that is to say, that with Inside the service network of family roaming, the true IMSI or SUPI information of user still can be obtained and recorded from home network, and 5G is marked Provide that the SUPI that also provide with terminal is compared in quasi- process.Therefore, attacker can pass through attack service network or puppet It dresses up legal service network and other channels and obtains user IMSI or SUPI, to further obtain the privacy letter of user Breath, including GUTI (global unique temporary identity symbol, be commonly called as temporary identifications), Security Context Information (including various keys) Deng creating conditions for further attack.
With the development of mobile Internet and Internet of Things, mobile radio communication is more and more deep to the infiltration of society.It is mobile logical Letter system is no longer only towards the general public user, it is also necessary to carry special industry user and the business of high safety demand.This The information sensing of a little users, leakage will cause serious consequence or economic loss, be that the main target of attacker is even more organized The main target of attacker.And mobile communications network is mainly directed towards public user, the safety measure provided is difficult to meet Gao An The needs of full user can not also resist organized attack or APT attack.As mobile communications network moves towards to open from closing, After especially 5G is opened using Enterprise SOA (SBA), network virtualization technology and support network capabilities, network is caused Attack face expands, and the threat or attack being subject to are more, the concealment of user identity especially high safety user identity, it appears especially heavy It wants.
Therefore, there is an urgent need to provide IMSI for responsible consumer under the premise of meeting mobile communication system international standard Or the hiding method of the identity such as SUPI, solution is provided from network level for the secret protection of user.
Summary of the invention
In order to overcome the disadvantages mentioned above of the prior art, the present invention provides the mobile communication system users that a kind of terminal is initiated Identity hiding method, by terminal (UE) initiate user's IMSI or SUPI identity information concealment, meet 4G/5G relevant criterion and Under the premise of process, by less change and customization, the concealment and update of user identity are realized, increase attacker and pass through IMSI Or SUPI tracks the difficulty of user identity, meets the needs of high safety special industry user to user secret protection.
The technical solution adopted by the present invention to solve the technical problems is:A kind of mobile communication system user that terminal is initiated Identity hiding method, including following content:
One, terminal generates new IMSI or SUPI:
Step S101, specific industry apply for available IMSI or SUPI number resource and deliver to customize to service to operator, The quantity of the available number resource is greater than 2 times of number of users;
Available number resource is segmented by step S102, customization service, and the quantity of every section of number resource, which is more than or equal to, to be used Amount amount;
Step S103, special user hide service to the specific industry application identity belonging to oneself, and specific industry audit is logical Later this application is handed into customization service, customization service distributes initial IMS I or SUPI to the user from number section 1, and determines The hopping algorithms and jump control parameter of the user, determine the trigger condition of jump;
Step S104, customization service initial IMS I or SUPI is written in the usim card or eSIM of user, by trigger condition In jump control parameter write-in UE, and simultaneously will be in the customizable components of hopping algorithms and number section information write-in user terminal;
Step S105, UE are initially adhered to and are registered with initial IMS I or SUPI, if registration failure, UE is opened again Begin initial attaching process;If succeeded in registration, start normal communication, until trigger condition arrives;
Step S106, reaches trigger condition, and UE generates attachment removal behavior, using the process and agreement of standard to mobile network Nullify active user;
Two, terminal carries out information update, synchronization and collision elimination to network using new IMSI or SUPI:
Step S201, terminal initiate attachment removal process, old IMSI or SUPI are nullified, the agreement which passes through standard It notifies the HSS or UDM/UDR that are customized service to specific industry, receives after message HSS or UDM/UDR for the state of the user It is identified as offline, while its IMSI or SUPI still is saved to off-line state user and taken until by newly generated IMSI* or SUPI* Generation;
Step S202, terminal obtains IMSI* or SUPI*, and initiates register flow path to network according to normal process;
Step S203, AMF/MME send the attachment message according to the IMSI* or SUCI* and relevant indicator received To the HSS or AUSF/UDM/UDR for being customized service for specific industry;
Step S204, HSS or UDM/UDR are to the IMSI* or SUCI* progress collision detection in the attachment message received:Such as Fruit collides, and HSS or UDM/UDR notice endpoint to register failure, terminal are generated with new jump parameter in jump number section again New IMSI or SUPI, then goes to step S202;If there is no collision, HSS or UDM/UDR are by newly-generated IMSI* SUPI* in the registration message received IMSI* or SUPI* matched, if successful match, by the IMSI* or The corresponding User Status of SUPI* is revised as online, and according to consensus standard, return authentication vector continues subsequent normal process, If it fails to match, step S202 is gone to.
Compared with prior art, the positive effect of the present invention is:
The present invention is by using a kind of IMSI or SUPI hiding method that the terminal for mobile communication system is initiated, it is only necessary to The USIM/eSIM card of terminal is customized or software customized to may customize firmware portions progress in communication processor (CP), with And back-end services are modified on a small quantity in the HSS or AUSF/UDM/UDR of specific industry, so that the user with high safety demand Or special industry can by one kind do not change mobile communication standard framework and standard agreement process in a manner of, reach same user with The effect that the corresponding relationship of IMSI or SUPI changes at random increases attacker and tracks user by capture IMSI or SUPI or push away Lead the difficulty of user's identity in real space.This method is applied widely, is applicable not only to 5G network, applies also for 4G network And future is using IMSI or SUPI as the mobile communication system of permanent identification.This method is able to solve special industry use Family, the large-scale enterprises and institutions user of the crucial industry of country and high-value user group use mobile communication system common base The demand of secret protection, makes mobile communication system preferably serve all trades and professions of society when facility carries out high safety application.
Detailed description of the invention
Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:
Fig. 1 is that the user identity that terminal is initiated hides flow diagram.
Specific embodiment
Aiming at the problem that being difficult to hide true IMSI or SUPI of UE in the prior art in the service network, the present invention provides A method of the IMSI or SUPI initiated for mobile communication system by terminal hides, and this method is established on following basis On:The user (abbreviation special user) of this identity concealment is needed to belong to same industry or same tissue or the same group, they Can be specific industry, Party, government and army, government department, large enterprise or operator be directed to need specific safety service user and The particular group (abbreviation specific industry) of foundation, identity information concealment having the same require, and the signing information of user is non- It is invisible to mobile operator when authorization;Operator is ready to provide the support of identity concealment for special user, provide additional IMSI or SUPI number resource, and the specific of the number resource is distributed when unauthorized without intervening and knowing, by specific Industry oneself is responsible for;Specific industry oneself customizes IMSI or SUPI allocation rule and hopping algorithms, and can to UE, usim card (or ESIM card) necessary modification or customization are carried out, while can be to the entity HSS or AUSF/UDM/ for administering the user group in network UDR carries out necessary custom-modification (referred to as customization service), this customizes services and can be completed by specific industry oneself, can also be with License to operator or trusted third party.
Terminal initiate mobile communication system user identity hiding method include two method and process that are mutually related, one The method that terminal generates new IMSI or SUPI, second is that terminal using new IMSI or SUPI to network carry out information update, Synchronous and collision elimination process.
Terminal generates new IMSI or SUPI and specifically comprises the steps of:
Step S101, specific industry apply for available IMSI or No. SUPI to operator according to the number of users of the industry Code resource simultaneously delivers customization service, it is desirable that the quantity of available number resource is greater than 2 times of number of users;
Step S102, customization service available number resource is segmented according to number of users, be divided into initial number section (assuming that Referred to as number section 1) and jump number section, the quantity of every section of number resource is more than or equal to number of users, and number segment is as far as possible continuously to reduce Subsequent calculation amount selectes a number as primary number, after user jump, the number in number section 1 when user contracts Jump number section will be discharged and is added, to increase jump space;
Step S103, special user hide service to the specific industry application identity belonging to oneself, and specific industry audit is logical Later this application is handed into customization service, customization service distributes initial IMS I or SUPI to the user from number section 1, and determines The hopping algorithms and jump control parameter of the user, determine the trigger condition of jump;
Step S104, customization service will be triggered in the usim card (or eSIM card) of initial IMS I or SUPI write-in user In condition and jump control parameter write-in UE, and simultaneously by customizable group of the write-in user terminal such as hopping algorithms and number section information In part, customizable components include the usim card (or eSIM card) of customization, are also possible to may customize in the communication processor (CP) of UE Firmware portions;
Step S105, UE with initial IMS I or SUPI (in 5G be carried out with the encrypted code SUCI of SUPI) it is initial attached And registration, if succeeded in registration, start normal communication, until trigger condition arrive;If registration failure goes to step S107;
Step S106, reaches trigger condition, and UE generates attachment removal behavior, using the process and agreement of standard to mobile network Nullify active user;
Step S107, UE restart initial attaching process, and UE first regenerates new jump control parameter, inputs UE Customizable components in, customizable components according to jump control parameter, from belonging to current IMSI or SUPI jump number section in, call Hopping algorithms obtain a random new IMSI or SUPI number (being denoted as IMSI* or SUPI*), UE with the IMSI* or SUPI* restarts new attachment registration process.
In this method, hopping algorithms are mainly used for randomly choosing a new IMSI or SUPI number for UE, it is ensured that attack Person can not derive that new IMSI or SUPI, hopping algorithms can be number dynamic random and reflect from a upper IMSI or SUPI of UE The rule penetrated is also possible to retain the Encryption Algorithm of format, but must assure that in different jump control parameters, in same No.1 Section value is unique.Jump control parameter is the control variable for calculating IMSI* or SUPI*, in same number section value, Control hopping algorithms output value be it is unique, do not conflict mutually, the parameter is corresponding with current IMSI or SUPI, the user Key (or random number seed, amount of bias) and a retrievable unique state variable of the whole network (such as time or sequence number) have It closes, generates identical IMSI* or SUPI*, different user in the HSS or UDM/UDR of the side UE and network for controlling same user Between do not conflict mutually.Trigger condition refers to that terminal carries out the opportunity of number jump, then can be the time if it is periodical jumping, such as The notice that fruit triggering property then can be the pre-set event of terminal or network issues.Terminal UE and network side customization service HSS or UDM/UDR to save identical hopping algorithms and jump control parameter, to keep synchronous.
Terminal is as follows to network progress information update, synchronization and collision elimination process using new IMSI or SUPI:
Step S201, terminal initiate attachment removal process, and old IMSI or SUPI is nullified, which will pass through the association of standard View notice is customized the HSS or UDM/UDR of service to specific industry, they by the status indicator of the user be it is offline, otherwise Be identified as presence, HSS or UDM/UDR off-line state user is still saved its IMSI or SUPI until by IMSI* or SUPI* replaces;
Step S202, terminal obtains IMSI* or SUPI*, and initiates register flow path, process to network according to normal process Registration is the same for the first time, also consistent with agreement with process as defined in 4G/5G standard, is then directly to use IMSI* if it is 4G network It is registered, SUPI*, which is then carried out encryption, if it is 5G network becomes new SUCI*, and Encryption Algorithm can be calculated using standard Method can also be customized by specific industry;
Step S203, AMF/MME send the attachment message according to the IMSI* or SUCI* and relevant indicator received To the HSS or AUSF/UDM/UDR for being customized service for specific industry;
Step S204, customize the HSS or UDM/UDR of service in the attachment message received IMSI* or SUCI* touch Inspection is hit, for 4G network, is directly searched whether to be registered occupancy in the user of presence with the IMSI*, for 5G network then needs UDM/UDR that the SUCI* is decrypted, is reduced into SUPI*, with the SUPI* to the user of presence into Row searches whether to be registered occupancy;
Step S205 collides if be registered, HSS or UDM/UDR notice endpoint to register failure, terminal Again new IMSI or SUPI are generated in jump number section with new jump parameter, goes to step S202;
Step S206, if customizing the user of HSS or UDM/UDR to all off-line states of service there is no collision, Corresponding hopping function and current jump control parameter are called, generates IMSI* or SUPI*, and will receive in registration message IMSI* or SUPI* is matched with calculated IMSI* or SUPI*, if successful match, by the IMSI* or SUPI* pairs The User Status answered is revised as online, and according to consensus standard, return authentication vector etc., continues subsequent normal process, if It fails to match, then goes to step S202.
In step S206, a kind of method there are also accommodation is directly reversely to be decrypted with the IMSI* of non-collision or SUPI* IMSI or SUPI completes to register in turn, so that need not all offline users be carried out with jump calculating, but this method calculates jump Method and its security requirement are higher, can be used as low-security method of the invention and use.
There are also a kind of alternatives that jump number generates by the present invention, can obtain to reduce to the whole network in jump control parameter The requirement of the unique state variable or sequence number that take, is summarized as follows:Whole available numbers are divided according to number of users first Section, such as number section 1,2,3, and provide that user side and network jump value according to the sequence simultaneously, i.e., when user jumps for the first time Valued space is in number section 1, in number section 2 when jumping for the second time, for the third time in number section 3, then circulation;Hopping algorithms guarantee each use Family is uniquely, does not conflict in same number section value, but different round values are random;HSS or UDM/UDR is to each use Family saves two values, current Number and next-hop number, periodically calculates the value of each user and is stored in the next of the user In number-skipping code, the purpose periodically calculated is to ensure that the mapping relations of user are correspondingly, and the length in period is by particular row Industry determines that the period the short, jumps faster;If the current Number of IMSI* or SUPI* and online user occur when endpoint to register Collision is unsuccessful with the next-hop numbers match of all offline users, then shows that terminal and network are asynchronous, authentification failure, eventually End regenerates new digit and the value again in next number section, until authenticating successfully.Pass through limited (maximum time several times in this way Number is that number section number subtracts 1) re-register certification, so that it may it completes to synchronize, and jumping terminal and network in control parameter can all obtain simultaneously The whole network unique state variable taken can then be cancelled, and be replaced with number section and its value sequence.The process mainly changed is as follows:
1) available number resource is segmented by step s 102, customization service according to number of users, every segment number code money The quantity in source is more than or equal to number of users, and number segment is as far as possible continuously to reduce subsequent calculation amount, referred to as number section 1, number section 2 ..., and a selected number section is as initial number section (assuming that referred to as number section 1);
2) in step S104, UE is written in a part of number section information and sequence as jump control parameter together;
3) in step s 107, hopping algorithms are by from next sequence number section of the affiliated number section of current IMSI or SUPI, It generates IMSI* or SUPI* and registers;
4) in step S204, in registration message IMSI* or SUPI* looked into the current Number of presence user It looks for, to determine whether to be registered occupancy;
5) in step S206, if the HSS or UDM/UDR for customizing service are searched under offline user there is no collision One number-skipping code is simultaneously matched with the IMSI* or SUPI* received in registration message, if successful match, by the IMSI* or Current Number table is written in SUPI*, and corresponding User Status is revised as online, and according to consensus standard, return authentication vector etc., Continue subsequent normal process, if it fails to match, according to hit-treatment.
Remaining process is essentially identical, is not discussed here.The benefit of this alternative be UE and network HSS or UDM/UDR need not be synchronized by the whole network unique state variable, but by network HSS or UDM/UDR it is periodical calculate come It realizes and synchronizes, the disadvantage is that the probability of UE registration failure will increase.
The invention also discloses a kind of systems for mobile communication system IMSI or SUPI identity protection, it is characterised in that It follows international standard standard architecture, which includes UE (including USIM/eSIM card), service AMF/MME, specific industry Credible HSS or AUSF/UDM/UDR.The UE is asked for executing IMSI or SUPI change and initiating network attachment/attachment removal It asks, service AMF/MME is used to the message being correctly forwarded to credible HSS or AUSF/UDM/UDR, credible HSS or AUSF/UDM/ UDR is used to according to the strategy of the special user of specific industry be that UE generates new IMSI or SUPI information, and carries out collision detection, same Step etc..
By using above technical scheme, beneficial effects of the present invention are presented as several aspects:First, by changing IMSI Or SUPI, achieve the effect that same user and the corresponding relationship of IMSI or SUPI change at random, increases attacker and pass through capture IMSI or SUPI come track user or derive user's identity in real space difficulty;Second, all increased processing all exist The specific components and network backend of terminal serve the storage management network element of specific industry, intermediate protocol interaction, signaling format Etc. complying fully with related mobile communication consensus standard newly, extra demand is increased to service network network element, is industrially easy real Existing, specific industry needs increased construction operation cost not high;Third, terminal is initiated, the synchronous stream of explicit the whole network is not needed Journey, cost on network communication is small, passes through the selection of control and hopping algorithms to number section, it is easier to real according to industrial characteristic and scale Existing personalized customization, more preferably meets the needs of different specific industries;Fourth, this method is applied widely, it is applicable not only to 5G net Network applies also for 4G network and future using IMSI or SUPI as the mobile communication system of permanent identification.
The mobile communication system user identity hiding method and system initiated the present invention provides a kind of terminal, below in conjunction with Attached drawing and embodiment, by taking 5G network as an example, the present invention will be described in further detail.It should be appreciated that described herein Specific embodiment is used only for explaining the present invention, does not limit the present invention.
In the present embodiment, the functional entity packet for the mobile communication system user identity hiding method that this kind of terminal is initiated is used It includes:Mobile terminal UE, wireless access network RAN, visited network function, home network general utility functions, home network uniform data pipe Reason/authentication service function UDM/AUSF.
Mobile terminal UE obtains new cover by hopping algorithms operation for generating new jump parameter, and according to the parameter SUPI number is protected, and corresponding SUCI* is generated based on the SUPI, concurrently plays network attachment removal/attachment flow.
It accesses network, visited network and home network general utility functions and standard is completely the same, passively cooperate security terminal Complete network attachment removal and attaching process.
Home network UDM/AUSF be used for according to certain strategy judge the user new SUPI number whether with other users SUPI number clash or collide, if colliding to UE respond authentification failure.
After detailed process is as shown in Figure 1, mobile terminal UE triggers slip condition, UE will be initiated and be executed SUPI change Process more;If it is alternative of the invention, then UDM will periodically calculate the SUPI of next-hop (see the dashed box 1 of Fig. 1);
UE first initiates network detachment process, for disposing the trace of old SUPI in the mobile communication network;
After completing detachment process, UE generates new jump parameter, and new SUPI number is generated based on hopping algorithms, And corresponding SUCI* is generated based on the new SUPI number;
UE initiates network attachment process using SUCI*;
Home network UDM/AUSF decryption SUCI* obtains new SUPI number;
Home network UDM/AUSF checks whether the new SUPI number of the user conflicts or collision with other users, if not sending out Raw conflict then return authentication success, otherwise return authentication fails;
It is authenticated successfully if UE is received, continues to complete attachment flow;Otherwise new SUPI number is regenerated, then is sent out again Play attachment flow.

Claims (9)

1. the mobile communication system user identity hiding method that a kind of terminal is initiated, it is characterised in that:Including following content:
One, terminal generates new IMSI or SUPI:
Step S101, specific industry applies for available IMSI or SUPI number resource to operator and delivers customization service, described The quantity of available number resource is greater than 2 times of number of users;
Available number resource is segmented by step S102, customization service, and the quantity of every section of number resource is more than or equal to number of users Amount;
Step S103, special user hide service to the specific industry application identity belonging to oneself, and specific industry is after the approval This application is handed into customization service, customization service distributes initial IMS I or SUPI to the user from number section 1, and determines the use The hopping algorithms and jump control parameter at family, determine the trigger condition of jump;
Step S104, customization service initial IMS I or SUPI is written in the usim card or eSIM of user, by trigger condition and jump Become in control parameter write-in UE, and simultaneously will be in the customizable components of hopping algorithms and number section information write-in user terminal;
Step S105, UE are initially adhered to and are registered with initial IMS I or SUPI, if registration failure, UE restarts just Beginning attaching process;If succeeded in registration, start normal communication, until trigger condition arrives;
Step S106 reaches trigger condition, and UE generates attachment removal behavior, is nullified using the process and agreement of standard to mobile network Active user;
Two, terminal carries out information update, synchronization and collision elimination to network using new IMSI or SUPI:
Step S201, terminal initiate attachment removal process, old IMSI or SUPI are nullified, the notice of settlement which passes through standard It is customized the HSS or UDM/UDR of service to specific industry, receives after message HSS or UDM/UDR for the status indicator of the user To be offline, while its IMSI or SUPI still are saved to off-line state user and replaced until by newly generated IMSI* or SUPI*;
Step S202, terminal obtains IMSI* or SUPI*, and initiates register flow path to network according to normal process;
Step S203, AMF/MME according to the IMSI* or SUCI* and relevant indicator received, by the attachment message be sent to for Specific industry is customized the HSS or AUSF/UDM/UDR of service;
Step S204, HSS or UDM/UDR are to the IMSI* or SUCI* progress collision detection in the attachment message received:If hair Raw collision, HSS or UDM/UDR notice endpoint to register fail, and terminal is generated newly with new jump parameter in jump number section again IMSI or SUPI then goes to step S202;If there is no collision, HSS or UDM/UDR by newly-generated IMSI* or SUPI* in the registration message received IMSI* or SUPI* matched, if successful match, by the IMSI* or The corresponding User Status of SUPI* is revised as online, and according to consensus standard, return authentication vector continues subsequent normal process, If it fails to match, step S202 is gone to.
2. the mobile communication system user identity hiding method that a kind of terminal according to claim 1 is initiated, feature exist In:When being segmented to available number resource, it is classified as initial number section and jump number section, in initial number section when user contracts A selected number is as primary number, and after user jump, which will discharge and jump number section is added.
3. the mobile communication system user identity hiding method that a kind of terminal according to claim 2 is initiated, feature exist In:The UE restarts initial attaching process and refers to:UE first regenerates new jump control parameter, inputs determining for UE In component processed, customizable components call jump to calculate according to jump control parameter from jump number section belonging to current IMSI or SUPI Method obtains a random new IMSI or SUPI number, is denoted as IMSI* or SUPI*, UE IMSI* or SUPI* is opened again The attachment registration process for beginning new.
4. the mobile communication system user identity hiding method that a kind of terminal according to claim 3 is initiated, feature exist In:The method that new IMSI* or SUPI* are generated described in step S204 is:HSS or UDM/UDR to the users of all off-line states, Corresponding hopping function and current jump control parameter are called, new IMSI* or SUPI* are generated.
5. the mobile communication system user identity hiding method that a kind of terminal according to claim 1 is initiated, feature exist In:In step S204, if HSS or UDM/UDR are directly reversely decrypted with the IMSI* of non-collision or SUPI* there is no collision IMSI or SUPI completes to register in turn out.
6. the mobile communication system user identity hiding method that a kind of terminal according to claim 1 is initiated, feature exist In:When being segmented to available number resource, a number section is selected as initial number section, customization service is by number section information and suitable The a part of sequence as jump control parameter, is written UE together.
7. the mobile communication system user identity hiding method that a kind of terminal according to claim 6 is initiated, feature exist In:In step s105, in registration failure, next sequence number section of the hopping algorithms from the affiliated number section of current IMSI or SUPI In, it generates IMSI* or SUPI* and registers.
8. the mobile communication system user identity hiding method that a kind of terminal according to claim 7 is initiated, feature exist In:In step S204, if HSS or UDM/UDR search the next-hop number of offline user there is no collision, for connect The IMSI* in registration message or SUPI* received is matched, if successful match, the IMSI* or SUPI* write-in is worked as Then corresponding User Status is revised as online by preceding directory, and according to consensus standard, return authentication vector continues subsequent Normal process.
9. the mobile communication system user identity hiding method that a kind of terminal according to claim 1 is initiated, feature exist In:The customizable components include customization usim card or eSIM card, UE communication processor in customizable firmware portions.
CN201810839413.7A 2018-07-27 2018-07-27 Method for hiding user identity of mobile communication system initiated by terminal Active CN108901018B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810839413.7A CN108901018B (en) 2018-07-27 2018-07-27 Method for hiding user identity of mobile communication system initiated by terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810839413.7A CN108901018B (en) 2018-07-27 2018-07-27 Method for hiding user identity of mobile communication system initiated by terminal

Publications (2)

Publication Number Publication Date
CN108901018A true CN108901018A (en) 2018-11-27
CN108901018B CN108901018B (en) 2021-02-12

Family

ID=64352148

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810839413.7A Active CN108901018B (en) 2018-07-27 2018-07-27 Method for hiding user identity of mobile communication system initiated by terminal

Country Status (1)

Country Link
CN (1) CN108901018B (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109842877A (en) * 2019-04-09 2019-06-04 中国电子科技集团公司第三十研究所 A method of realizing that IMSI changes function in SIM card
CN110049483A (en) * 2019-04-09 2019-07-23 中国电子科技集团公司第三十研究所 Mobile communication system user network identity jumps the implementation method for hiding network function
CN111314899A (en) * 2018-12-11 2020-06-19 华为技术有限公司 Message processing method, related device and system
CN111405557A (en) * 2020-03-19 2020-07-10 中国电子科技集团公司第三十研究所 Method and system for enabling 5G network to flexibly support multiple main authentication algorithms
CN111431839A (en) * 2019-01-09 2020-07-17 中兴通讯股份有限公司 Processing method and device for hiding user identification
CN112105021A (en) * 2019-06-17 2020-12-18 华为技术有限公司 Authentication method, device and system
CN112105015A (en) * 2019-06-17 2020-12-18 华为技术有限公司 Secondary authentication method and device
CN112261640A (en) * 2020-09-29 2021-01-22 深圳市广和通无线股份有限公司 Method and device for eliminating false switching of SIM card firmware, electronic equipment and storage medium
CN113453212A (en) * 2020-03-26 2021-09-28 ***通信集团吉林有限公司 Disaster tolerance HSS (home subscriber server) subscription information method, device, storage medium and computer equipment
WO2021254172A1 (en) * 2020-06-15 2021-12-23 华为技术有限公司 Communication method and related apparatus
CN114079924A (en) * 2020-08-10 2022-02-22 ***通信有限公司研究院 Message processing method and device, related equipment and storage medium
CN114125807A (en) * 2019-04-25 2022-03-01 瑞典爱立信有限公司 Method and network node for tracking user equipment
CN114374963A (en) * 2020-10-15 2022-04-19 ***通信有限公司研究院 Information checking method and device and service registration method and device
CN117177238A (en) * 2023-11-02 2023-12-05 中国电子科技集团公司第三十研究所 Method and system for initiating control instruction by terminal

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104618887A (en) * 2015-02-04 2015-05-13 王家城 Method and device for wirelessly sharing SIM card by multiple communication terminals
WO2015157933A1 (en) * 2014-04-16 2015-10-22 Qualcomm Incorporated System and methods for dynamic sim provisioning on a dual-sim wireless communication device
CN105554728A (en) * 2015-12-10 2016-05-04 深圳市迪讯飞科技有限公司 Cloud SIM card pool system
CN105898735A (en) * 2016-03-24 2016-08-24 南京佰联信息技术有限公司 Method for obtaining SIM information and equipment
EP3125593A1 (en) * 2015-07-31 2017-02-01 BlackBerry Limited System and method for automatic detection and enablement of a virtual sim on a mobile device
CN107580324A (en) * 2017-09-22 2018-01-12 中国电子科技集团公司第三十研究所 A kind of method for GSM IMSI secret protections
CN107911814A (en) * 2017-11-24 2018-04-13 中国科学院信息工程研究所 A kind of subscriber identity information guard method and system based on HSS enhancings
CN108200007A (en) * 2017-11-24 2018-06-22 中国科学院信息工程研究所 A kind of mobile network's dynamic ID management method and system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015157933A1 (en) * 2014-04-16 2015-10-22 Qualcomm Incorporated System and methods for dynamic sim provisioning on a dual-sim wireless communication device
CN104618887A (en) * 2015-02-04 2015-05-13 王家城 Method and device for wirelessly sharing SIM card by multiple communication terminals
EP3125593A1 (en) * 2015-07-31 2017-02-01 BlackBerry Limited System and method for automatic detection and enablement of a virtual sim on a mobile device
CN105554728A (en) * 2015-12-10 2016-05-04 深圳市迪讯飞科技有限公司 Cloud SIM card pool system
CN105898735A (en) * 2016-03-24 2016-08-24 南京佰联信息技术有限公司 Method for obtaining SIM information and equipment
CN107580324A (en) * 2017-09-22 2018-01-12 中国电子科技集团公司第三十研究所 A kind of method for GSM IMSI secret protections
CN107911814A (en) * 2017-11-24 2018-04-13 中国科学院信息工程研究所 A kind of subscriber identity information guard method and system based on HSS enhancings
CN108200007A (en) * 2017-11-24 2018-06-22 中国科学院信息工程研究所 A kind of mobile network's dynamic ID management method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
周代卫: "嵌入式SIM卡标准化进程与远程管理技术研究", 《移动通信》 *

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111314899B (en) * 2018-12-11 2021-10-26 华为技术有限公司 Message processing method, related device and system
CN111314899A (en) * 2018-12-11 2020-06-19 华为技术有限公司 Message processing method, related device and system
CN111431839A (en) * 2019-01-09 2020-07-17 中兴通讯股份有限公司 Processing method and device for hiding user identification
CN110049483A (en) * 2019-04-09 2019-07-23 中国电子科技集团公司第三十研究所 Mobile communication system user network identity jumps the implementation method for hiding network function
CN109842877A (en) * 2019-04-09 2019-06-04 中国电子科技集团公司第三十研究所 A method of realizing that IMSI changes function in SIM card
CN114125807B (en) * 2019-04-25 2024-05-28 瑞典爱立信有限公司 Method and network node for tracking user equipment
CN114125807A (en) * 2019-04-25 2022-03-01 瑞典爱立信有限公司 Method and network node for tracking user equipment
CN112105021B (en) * 2019-06-17 2022-05-10 华为技术有限公司 Authentication method, device and system
CN112105015A (en) * 2019-06-17 2020-12-18 华为技术有限公司 Secondary authentication method and device
CN112105021A (en) * 2019-06-17 2020-12-18 华为技术有限公司 Authentication method, device and system
CN111405557B (en) * 2020-03-19 2022-03-15 中国电子科技集团公司第三十研究所 Method and system for enabling 5G network to flexibly support multiple main authentication algorithms
CN111405557A (en) * 2020-03-19 2020-07-10 中国电子科技集团公司第三十研究所 Method and system for enabling 5G network to flexibly support multiple main authentication algorithms
CN113453212A (en) * 2020-03-26 2021-09-28 ***通信集团吉林有限公司 Disaster tolerance HSS (home subscriber server) subscription information method, device, storage medium and computer equipment
CN113453212B (en) * 2020-03-26 2022-07-01 ***通信集团吉林有限公司 Disaster tolerance HSS (home subscriber server) subscription information method, device, storage medium and computer equipment
WO2021254172A1 (en) * 2020-06-15 2021-12-23 华为技术有限公司 Communication method and related apparatus
CN114079924A (en) * 2020-08-10 2022-02-22 ***通信有限公司研究院 Message processing method and device, related equipment and storage medium
CN112261640B (en) * 2020-09-29 2024-03-15 深圳市广和通无线股份有限公司 Method and device for eliminating SIM card firmware miscwitch, electronic equipment and storage medium
CN112261640A (en) * 2020-09-29 2021-01-22 深圳市广和通无线股份有限公司 Method and device for eliminating false switching of SIM card firmware, electronic equipment and storage medium
CN114374963A (en) * 2020-10-15 2022-04-19 ***通信有限公司研究院 Information checking method and device and service registration method and device
CN117177238B (en) * 2023-11-02 2024-01-23 中国电子科技集团公司第三十研究所 Method and system for initiating control instruction by terminal
CN117177238A (en) * 2023-11-02 2023-12-05 中国电子科技集团公司第三十研究所 Method and system for initiating control instruction by terminal

Also Published As

Publication number Publication date
CN108901018B (en) 2021-02-12

Similar Documents

Publication Publication Date Title
CN108901018A (en) A kind of mobile communication system user identity hiding method that terminal is initiated
US10475264B2 (en) Application method of Bluetooth low-energy electronic lock based on built-in offline pairing passwords, interactive unlocking method of a Bluetooth electronic lock and electronic lock system
US10904754B2 (en) Cellular network authentication utilizing unlinkable anonymous credentials
CN110636037B (en) One-number multi-card service application method, user node, operator system and block chain
CN111538979A (en) Integral module authentication with a device
US12047506B2 (en) Systems and methods for user-based authentication
US20090029677A1 (en) Mobile authentication through strengthened mutual authentication and handover security
Khan et al. Defeating the downgrade attack on identity privacy in 5G
Khan et al. Trashing IMSI catchers in mobile networks
CN102006294A (en) IP multimedia subsystem (IMS) multimedia communication method and system as well as terminal and IMS core network
Khan et al. Identity confidentiality in 5G mobile telephony systems
US20140335829A1 (en) Method and system for providing services to mobile communication subscribers
Khan et al. Improving air interface user privacy in mobile telephony
CN101990201A (en) Method, system and device for generating general bootstrapping architecture (GBA) secret key
Lee et al. An efficient authentication protocol for mobile communications
CN111314919B (en) Enhanced 5G authentication method for protecting user identity privacy at authentication server
KR102095136B1 (en) A method for replacing at least one authentication parameter for authenticating a secure element, and a corresponding secure element
Damir et al. A beyond-5G authentication and key agreement protocol
CN101610509B (en) Method, device and system for protecting communication security
US8380165B1 (en) Identifying a cloned mobile device in a communications network
CN105245526B (en) Call the method and apparatus of SIM card application
Khan et al. On de-synchronization of user pseudonyms in mobile networks
CN110933670A (en) Security USIM card for realizing main authentication enhancement and main authentication method of terminal
Ou et al. TK‐AKA: using temporary key on Authentication and Key Agreement protocol on UMTS
CN117692902B (en) Intelligent home interaction method and system based on embedded home gateway

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant