WO2020177716A1 - Method and apparatus for protecting auxiliary information - Google Patents

Method and apparatus for protecting auxiliary information Download PDF

Info

Publication number
WO2020177716A1
WO2020177716A1 PCT/CN2020/077787 CN2020077787W WO2020177716A1 WO 2020177716 A1 WO2020177716 A1 WO 2020177716A1 CN 2020077787 W CN2020077787 W CN 2020077787W WO 2020177716 A1 WO2020177716 A1 WO 2020177716A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
key
auxiliary information
message
network element
Prior art date
Application number
PCT/CN2020/077787
Other languages
French (fr)
Chinese (zh)
Inventor
郭龙华
马景旺
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2020177716A1 publication Critical patent/WO2020177716A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/021Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services

Definitions

  • This application relates to the field of communications, and more specifically, to a method and device for protecting auxiliary information.
  • the enhanced serving mobile location center issues a broadcast key to a mobility management entity (mobility management entity, MME), and the MME stores the broadcast key.
  • MME mobility management entity
  • the MME carries the broadcast key in the response message of the attach request or the response message of the TAU request and sends it to the terminal, so that the terminal is The key encrypts the auxiliary information, which is used to assist the terminal to achieve high-precision positioning.
  • the MME can assign a unified key to multiple terminals, and the subsequent MME can use the key assigned to the terminal to encrypt the auxiliary information, and the terminal uses the key to decrypt the auxiliary information.
  • the security performance of the auxiliary information Relatively low.
  • the present application provides a method and device for protecting auxiliary information, which can improve the security performance of auxiliary information.
  • a method for protecting auxiliary information includes: access and mobility management function network element AMF receives a tracking area identifier to which a first terminal belongs, and the tracking area identifier is used to indicate the first terminal The tracking area to which the first terminal belongs; the AMF determines the first key assigned to the first terminal according to the tracking area to which the first terminal belongs, and the first key is used to protect auxiliary information; the AMF sends the first key to the first terminal The first key.
  • the AMF receives the tracking area identifier used to indicate the tracking area to which the first terminal belongs, and then allocates a key (ie, the first key) to the first terminal according to the tracking area to which the first terminal belongs, and sends the first key to For the first terminal, compared to the traditional solution, the mobility management network element uniformly assigns a key to the terminal.
  • the embodiment of the present application can assign a suitable key to the first terminal and protect the auxiliary information of the first terminal through the key , Thereby improving the security performance of auxiliary information.
  • the method further includes: the AMF obtains the positioning mode of the first terminal; wherein, the AMF determines the first key assigned to the first terminal according to the tracking area to which the first terminal belongs Including: the AMF determines the first key according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs.
  • the AMF can also obtain the positioning mode of the first terminal, and determine the first key assigned to the first terminal by combining the tracking area to which the first terminal belongs and the positioning mode of the first terminal, so that a more appropriate key can be assigned to the first terminal.
  • the key further improves the security performance of auxiliary information.
  • the method further includes: the AMF receives a first message from the location management function network element LMF, the first message includes multiple keys supported by the LMF, and each of the multiple keys The positioning mode and tracking area corresponding to each key; wherein, the AMF determines the first key assigned to the first terminal according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs includes: the AMF according to The positioning mode of the first terminal and the tracking area to which the first terminal belongs are determined from a plurality of keys supported by the LMF.
  • the AMF may receive a first message from the LMF.
  • the first message may include multiple keys supported by the LMF, at least one positioning mode, at least one tracking area, and the at least one positioning mode, the at least one tracking area, and the multiple The keys have a mapping relationship, so that the AMF can select the appropriate key (ie, the first key) from the multiple keys supported by the LMF in combination with the positioning mode of the first terminal and the tracking area to which the first terminal belongs , Which saves the power consumption overhead of AMF determining the first key.
  • the AMF determining the first key from the plurality of keys supported by the LMF according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs includes: the AMF according to the The positioning mode of the first terminal and the first mapping relationship are determined, a second key set is determined from the first key set, the first key set includes the multiple keys, and the second key is at least one positioning The mapping relationship between the method and at least one key; the AMF determines the first key from the second key set according to the tracking area to which the first terminal belongs and the second mapping relationship, and the first mapping relationship is at least one The mapping relationship between the tracking area and at least one key.
  • the AMF can determine a more suitable first key according to the first mapping relationship and the second mapping relationship, which further saves the power consumption of the AMF.
  • the first message further includes multiple positioning modes supported by the LMF
  • the method further includes: the AMF obtains positioning capability information of the first terminal, and the positioning capability information is used to indicate the first terminal The positioning mode supported by the terminal; where the AMF acquiring the positioning mode of the first terminal includes: the AMF determines the positioning mode of the first terminal according to the positioning mode supported by the first terminal and the multiple positioning modes supported by the LMF.
  • the AMF can also receive the positioning capability information of the first terminal.
  • the positioning capability information is used to indicate the positioning mode supported by the first terminal and to obtain the positioning mode supported by the LMF, so that the AMF can combine the positioning mode supported by the first terminal with the LMF.
  • the supported positioning mode determines the positioning mode of the first terminal, thereby determining a suitable positioning mode for the first terminal, which in turn helps to select a suitable first key for the first terminal, thereby improving the security performance of the auxiliary information.
  • acquiring, by the AMF, the positioning capability information of the first terminal includes: the AMF receives a second message, and the second message includes the positioning capability information; wherein, the AMF sends the first terminal to the first terminal.
  • a key includes: the AMF sends a response message of the second message to the first terminal, and the response message includes the first key.
  • the acquisition of the positioning capability information of the first terminal by the AMF may be carried in the second message of the first terminal, and accordingly, the first key may be carried in the response message of the second message.
  • the first terminal does not need to specifically send the positioning capability information
  • the AMF does not need to specifically send the first key.
  • the distribution of the key may also be triggered by the second message, that is, the embodiment of the present application provides a way to trigger the key distribution.
  • the AMF receiving the tracking area identifier includes: the AMF receives a third message, the third message is used to request to update the tracking area, the third message includes the tracking area identifier; wherein, the AMF sends the The first terminal sending the first key includes: the AMF sends a response message of the third message to the first terminal, and the response message of the third message includes the first key.
  • the AMF receiving tracking area identifier may be a third message received by the AMF, the third message including the tracking area identifier, and accordingly, the first key is carried in the response message of the third message.
  • the first terminal does not need to specifically send the third message
  • the AMF does not need to specifically send the first key.
  • signaling overhead is saved.
  • the embodiments of the present application provide another way to trigger key distribution.
  • the method further includes: the AMF sends one or more of an expiration date and indication information to the first terminal, and the expiration date is used to indicate that the first terminal can use the first secret.
  • the key duration threshold or the threshold of the number of times the first key can be used, the indication information is used to indicate whether the AMF supports auxiliary information in the tracking area to which the first terminal belongs.
  • the AMF can send the expiration date to the first terminal, so that the first terminal can determine the effective period of the first key according to the expiration date, avoiding the use of unreasonable keys for analysis and improving the security performance of auxiliary information.
  • AMF can also send indication information to indicate whether the tracking area to which the first terminal belongs supports auxiliary information. If it supports auxiliary information, the first terminal can be configured to receive auxiliary information, which prevents the first terminal from receiving auxiliary information. The auxiliary information is still waiting in the state, which saves the power consumption of the first terminal.
  • the method further includes: the AMF obtains the auxiliary information setting from the UDM; the AMF determines to send the auxiliary information to the first terminal when the auxiliary information setting indicates that the first terminal signs the auxiliary information The first key.
  • the AMF can determine whether the first terminal has subscribed to the auxiliary information according to the auxiliary information setting. In the case of subscribing to the auxiliary information, the first key is sent to the first terminal, so that this embodiment of the application can be created for future commercial applications Conditions, for example, can achieve high-precision positioning and charging.
  • the AMF may send a positioning setting request to the UDM, the positioning setting request may be used to request the auxiliary information setting of the first terminal, the UDM feeds back a response message of the positioning setting request to the AMF, and the response message of the positioning setting request includes the auxiliary information setting.
  • the method further includes: the AMF receives a fourth message, the fourth message includes a third mapping relationship between at least one area list and at least one auxiliary information; the AMF determines according to the third mapping relationship The first auxiliary information corresponding to the first area list in the at least one area list; the AMF sends the first auxiliary information through the access network device corresponding to the first area list.
  • the LMF sends a fourth message to the AMF.
  • the fourth message includes at least one area list and at least one auxiliary information, and the at least one area list and the at least one auxiliary information have a mapping relationship (that is, a third mapping relationship), so that the AMF can
  • the third mapping relationship determines the auxiliary information corresponding to any area list (for example, the first area list), so that the AMF can broadcast the first auxiliary information to the terminals covered by the access network device through the access network device corresponding to the first area list Information, that is, AMF can send different auxiliary information through access network devices corresponding to different area lists.
  • AMF sends auxiliary information through all access network devices covered, it saves signaling overhead.
  • the embodiments of the present application can reduce the interference of irrelevant auxiliary information to the auxiliary information of the first terminal, and improve the efficiency of auxiliary information transmission.
  • the fourth message further includes a fourth mapping relationship between at least one positioning mode and the at least one auxiliary information
  • the method further includes: the AMF determines the at least one positioning mode according to the fourth mapping relationship The at least one auxiliary information corresponding to the first positioning mode in the AMF; wherein, the AMF determining the first auxiliary information corresponding to the first area list in the at least one area list according to the third mapping relationship includes: the AMF according to the third The mapping relationship is used to determine the first auxiliary information from at least one auxiliary information corresponding to the first positioning mode.
  • the fourth message may also include multiple positioning modes and at least one auxiliary information, and the at least one positioning mode and the at least one auxiliary information have a mapping relationship.
  • the AMF may also determine according to at least one auxiliary information corresponding to the first positioning method in combination with the auxiliary information corresponding to the first area list box The first auxiliary information, so as to further accurately broadcast auxiliary information.
  • the method further includes: when the first key of the first terminal becomes invalid, the AMF obtains the second key; and the AMF sends the second key to the first terminal.
  • the first key invalidation may be determined by AMF.
  • the first key may also be determined by the first terminal, or determined by the LMF, and then notify the AMF.
  • AMF can obtain the second key when the first key is invalid, that is, update the first key to the second key, and send the second key to the first terminal, so that AMF can use the second key.
  • the key encrypts the auxiliary information, and the first terminal can use the second key to decrypt the auxiliary information, that is, the key is updated in time, which further improves the security performance of the auxiliary information.
  • the method further includes: the AMF receives a fifth message, the fifth message is used to request the location information of the first terminal; wherein, the AMF sends the second key to the first terminal
  • the method includes: the AMF sends the second key to the first terminal according to the fifth message.
  • the fifth message can be used to trigger the AMF to send the second key to the first terminal. That is, the embodiment of this application provides a key update method, so that both ends of the communication can use a suitable key for auxiliary information transmission, which further improves Improve the security performance of auxiliary information.
  • the method further includes: the AMF receives a sixth message from the first terminal, the sixth message is used to request to update the key; wherein, the AMF sends the second terminal to the first terminal.
  • the key includes: the AMF sends the second key to the first terminal according to the sixth message.
  • the first terminal When detecting that the first key has expired, the first terminal sends a sixth message to the AMF through the access network device, and the sixth message may be used to request to update the key.
  • the AMF receives the sixth message, and sends the second key to the first terminal according to the sixth message. That is, the sixth message can be used to trigger the AMF to send the second key.
  • the second key can be carried in the response message of the sixth message. That is to say, the embodiment of the present application provides another key update method, so that both ends of the communication can use an appropriate key to transmit auxiliary information, which further improves the security performance of the auxiliary information.
  • a method for protecting positioning assistance information includes: a first terminal sends a tracking area identifier to an access and mobility management function network element AMF, where the tracking area identifier is used to indicate the first The tracking area to which the terminal belongs; the first terminal receives a first key, the first key is determined by the AMF according to the tracking area to which the first terminal belongs, and the first key is used to protect auxiliary information.
  • the first terminal sends to the AMF a tracking area identifier used to indicate the tracking area to which the first terminal belongs.
  • the tracking area identifier of the tracking area to which the first terminal belongs is used by the AMF to determine the first key used to protect the auxiliary information.
  • the first terminal obtains the first key from the AMF, that is, the embodiment of the present application can allocate a more suitable key to the first terminal, and protect the auxiliary information of the first terminal through the first key, thereby Improve the security performance of auxiliary information.
  • the method further includes: the first terminal receives the encrypted auxiliary information; and the first terminal decrypts the encrypted auxiliary information according to the first key.
  • the first terminal receives the encrypted auxiliary information, so that the first terminal can decrypt the auxiliary information encrypted by using the first key according to the first key, thereby improving the security performance of the auxiliary information.
  • the method further includes: the first terminal sends positioning capability information to the AMF, where the positioning capability information is used to indicate a positioning manner supported by the first terminal.
  • the first terminal sends the positioning mode of the first terminal to the AMF, and the AMF determines the first key assigned by the first terminal based on the tracking area to which the first terminal belongs and the positioning mode of the first terminal.
  • the distribution of more appropriate keys further improves the security performance of auxiliary information.
  • the first terminal sending positioning capability information to the AMF includes: the first terminal sends a second message to the AMF, the second message includes the positioning capability information, and the second message is used to request Access the AMF; wherein, the first terminal receiving the first key includes: the first terminal receives a response message of the second message, and the response message includes the first key.
  • the first terminal sends the positioning capability information of the first terminal to the AMF.
  • the positioning capability information of the first terminal can be carried in the second message of the first terminal.
  • the first key can be carried in the second message. Response message.
  • the first terminal does not need to specifically send the positioning capability information
  • the AMF does not need to specifically send the first key.
  • the distribution of the key may also be triggered by the second message, that is, the embodiment of the present application provides a way to trigger the key distribution.
  • sending the tracking area identifier by the first terminal to the AMF includes: the first terminal sends a third message to the AMF, the third message including the tracking area identifier; wherein, the first terminal receives the first terminal A key includes: the first terminal receives a response message of the third message, and the response message includes the first key.
  • the first terminal sends a third message including the tracking area identifier to the AMF, and accordingly, the first key is carried in the response message of the third message.
  • the first terminal does not need to specifically send the third message, and the AMF does not need to specifically send the first key.
  • signaling overhead is saved.
  • the embodiments of the present application provide another way to trigger key distribution.
  • the method further includes: the first terminal receives one or more of an expiration date and indication information from the AMF, and the expiration date is used to indicate that the first terminal can use the first secret.
  • the key duration threshold or the threshold of the number of times the first key can be used, the indication information is used to indicate whether the AMF supports auxiliary information in the tracking area to which the first terminal belongs.
  • the first terminal can receive the expiration date sent by the AMF, so that the first terminal can determine the effective period of the first key according to the expiration date, avoiding the use of unreasonable keys for parsing and improving the security performance of auxiliary information.
  • AMF can also send indication information to indicate whether the tracking area to which the first terminal belongs supports auxiliary information. If it supports auxiliary information, the first terminal can be configured to receive auxiliary information, which prevents the first terminal from receiving auxiliary information. The auxiliary information is still waiting in the state, which saves the power consumption of the first terminal.
  • the method further includes: the first terminal determines whether the first key is invalid according to the expiration date; when the first terminal determines that the first key is invalid, report to the AMF Send a sixth message, the sixth message is used to request to update the key; the first terminal receives the response message of the sixth message, the response message of the sixth message includes the second key; the first terminal according to the second Key to decrypt the encrypted auxiliary information.
  • the first terminal can detect whether the first key has expired according to the expiration date of the first key, and in the case of detecting that the first key has expired, send a sixth message to the AMF through the access network device, and the AMF selects the first terminal New key (for example, the second key), and send the second key to the first terminal, so that the first terminal can decrypt the encrypted auxiliary information according to the second key, that is, the embodiment of the present application can Update the key for the first terminal, thereby further improving the security performance of the auxiliary information.
  • the first terminal can detect whether the first key has expired according to the expiration date of the first key, and in the case of detecting that the first key has expired, send a sixth message to the AMF through the access network device, and the AMF selects the first terminal New key (for example, the second key), and send the second key to the first terminal, so that the first terminal can decrypt the encrypted auxiliary information according to the second key, that is, the embodiment of the present application can Update the key for the first terminal, thereby further improving the
  • the first terminal determining whether the first key is invalid according to the expiration date includes: the first terminal determining that the first terminal uses the first key for a period of time greater than the duration threshold In a case, it is determined that the first key is invalid; or the first terminal determines that the first key is invalid in the case that the number of times the first terminal uses the first key is greater than the threshold of the number of times.
  • the first terminal may specifically detect whether the duration of using the first key exceeds the duration threshold, and if the duration of using the first key exceeds the duration threshold, determine that the first key has expired, otherwise the first key has not expired; or A terminal can detect whether the number of times of using the first key exceeds the threshold of times. If the number of times of using the first key exceeds the threshold of times, the first key expires; otherwise, the first key expires.
  • the method further includes: the first terminal receives a second key from the AMF; and the first terminal decrypts the auxiliary information received from the AMF according to the second key.
  • the AMF When the AMF detects the second key, it sends the second key to the first terminal, and the first terminal parses the auxiliary information according to the second key, that is, the first terminal can obtain the new key from the AMF. Update the key to improve the security performance of auxiliary information.
  • a method for protecting auxiliary information includes: a location management function network element LMF determines a first message, the first message includes multiple keys supported by the LMF, and the multiple secrets The tracking areas corresponding to the keys respectively; the LMF sends the first message to the access and mobility management function network element AMF.
  • the LMF sends a first message to the AMF.
  • the first message may include multiple keys supported by the LMF and at least one tracking area, and the at least one tracking area and the multiple keys have a mapping relationship, so that the AMF can
  • the tracking area to which the first terminal belongs selects an appropriate key (that is, the first key) from the multiple keys supported by the LMF, which saves the power consumption of the AMF for determining the first key.
  • the first message further includes a mapping relationship between the multiple keys and at least one positioning mode.
  • the first message may include multiple keys supported by the LMF, at least one tracking area, and at least one positioning mode, and the at least one positioning mode, the at least one tracking area, and the multiple keys have a mapping relationship, so that the AMF An appropriate key (ie, the first key) can be selected from the multiple keys supported by the LMF according to the tracking area to which the first terminal belongs and the positioning mode of the first terminal, thereby further saving the AMF to determine the first key.
  • the power consumption overhead of a key is a mapping relationship
  • the method further includes: the LMF generates at least one auxiliary information; the LMF sends a fourth message, and the fourth message includes a third mapping relationship between at least one area list and at least one auxiliary information.
  • the LMF sends a fourth message to the AMF.
  • the fourth message includes at least one area list and at least one auxiliary information, and the at least one area list and the at least one auxiliary information have a mapping relationship (that is, a third mapping relationship), so that the AMF can
  • the third mapping relationship determines the auxiliary information corresponding to any area list (for example, the first area list), so that the AMF can broadcast the first auxiliary information to the terminals covered by the access network device through the access network device corresponding to the first area list Information, that is, AMF can send different auxiliary information through access network devices corresponding to different area lists.
  • AMF sends auxiliary information through all access network devices covered, it saves signaling overhead.
  • the embodiments of the present application can reduce the interference of irrelevant auxiliary information to the auxiliary information of the first terminal, and improve the efficiency of auxiliary information transmission.
  • the fourth message further includes a fourth mapping relationship between multiple positioning modes and the at least one auxiliary information.
  • the fourth message may also include multiple positioning modes and at least one auxiliary information, and the at least one positioning mode and the at least one auxiliary information have a mapping relationship.
  • the AMF may also determine according to at least one auxiliary information corresponding to the first positioning method in combination with the auxiliary information corresponding to the first area list box The first auxiliary information, so as to further accurately broadcast auxiliary information.
  • generating the at least one auxiliary information by the LMF includes: the LMF determines the first area list corresponding to the second auxiliary information according to the second auxiliary information in the at least one auxiliary information and the third mapping relationship The LMF determines the first key corresponding to the first area list according to the first area list; the LMF uses the first key to encrypt the second auxiliary information to generate the first auxiliary information.
  • the LMF assigns keys to the auxiliary information corresponding to the different area lists according to the mapping relationship carried in the first message sent, and accordingly, the AMF also determines the auxiliary information corresponding to the different area lists according to the mapping relationship in the first message And send the determined key to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • generating the at least one auxiliary information by the LMF includes: the LMF determines the first area list corresponding to the second auxiliary information according to the second auxiliary information in the at least one auxiliary information and the third mapping relationship The LMF determines the first positioning mode corresponding to the second auxiliary information according to the second auxiliary information and the fourth mapping relationship; the LMF determines the first key according to the first area list and the first positioning mode; The LMF encrypts the second auxiliary information by using the first key to generate the first auxiliary information.
  • the LMF assigns keys to the corresponding auxiliary information according to the area list and positioning mode. Accordingly, the AMF also determines the different area lists according to the mapping relationship in the first message. The key of the auxiliary information corresponding to the positioning mode is sent to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • a method for transmitting auxiliary information includes a mobility management function network element AMF acquiring a first message, the first message including a first mapping relationship between at least one area list and at least one auxiliary information, and Each area list in the at least one area list corresponds to part of the access network equipment among the multiple access network equipment managed by the AMF; the AMF determines the first area list in the at least one area list according to the first mapping relationship Corresponding first auxiliary information; the AMF sends the first auxiliary information through the access network device corresponding to the first area list.
  • the AMF obtains a first message.
  • the first message includes that the LMF allocates keys for the auxiliary information corresponding to different area lists according to the mapping relationship carried in the first message, and the AMF determines the key corresponding to the different area lists according to the mapping relationship in the first message.
  • the key of the auxiliary information is sent to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • the first message further includes a second mapping relationship between multiple positioning modes and the at least one auxiliary information
  • the method further includes: the AMF determines the at least one positioning mode according to the second mapping relationship The at least one auxiliary information corresponding to the first positioning mode in the AMF; wherein the AMF determining the first auxiliary information corresponding to the first area list in the at least one area list according to the first mapping relationship includes: the AMF according to the first The mapping relationship is used to determine the first auxiliary information from at least one auxiliary information corresponding to the first positioning mode.
  • the first message also includes a second mapping relationship between multiple positioning modes and the at least one auxiliary information.
  • AMF determines at least one auxiliary information corresponding to the first positioning mode in the at least one positioning mode according to the second mapping relationship, and
  • the first mapping relationship determines the first auxiliary information from at least one auxiliary information corresponding to the first positioning mode, that is, the AMF determines the different area lists and the auxiliary information corresponding to the positioning mode according to the mapping relationship in the first message.
  • send the determined key to the terminal so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • the method further includes: the AMF determines the first key corresponding to the first auxiliary information; and the AMF sends the first key to the first terminal covered by the access network device corresponding to the first area list.
  • the AMF determines the first key corresponding to the first auxiliary information
  • the AMF sends the first key to the first terminal covered by the access network device corresponding to the first area list.
  • AMF can distribute the first key corresponding to the first auxiliary information to specific terminals, so that the corresponding terminal can decrypt the corresponding auxiliary information according to the key.
  • the embodiments of this application can create conditions for future commercial applications, such as , Can achieve high-precision positioning and charging.
  • a method for transmitting auxiliary information includes: a location management function network element LMF generates at least one auxiliary information; the LMF sends a first message, and the first message includes at least one area list and at least one auxiliary information.
  • the first mapping relationship of the information, each area list in the at least one area list corresponds to a part of the access network equipment of the multiple access network equipment managed by the AMF.
  • LMF assigns keys to the auxiliary information corresponding to different area lists according to the mapping relationship carried in the first message sent, so that AMF also determines the keys of auxiliary information corresponding to different area lists according to the mapping relationship in the first message, and The determined key is sent to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • the first message further includes a second mapping relationship between multiple positioning modes and the at least one auxiliary information.
  • the LMF determines the first positioning mode corresponding to the second auxiliary information in the at least one auxiliary information supported by the LMF according to the mapping relationship between the auxiliary information and the positioning mode (ie the second mapping relationship), and determines it according to the first area list and the first positioning mode
  • the first key is generated, and the second auxiliary information is encrypted according to the first key to generate the first auxiliary information. That is to say, according to the mapping relationship carried in the first message sent, the LMF assigns keys to the corresponding auxiliary information according to the area list and positioning mode. Accordingly, the AMF also determines the different area lists according to the mapping relationship in the first message.
  • the key of the auxiliary information corresponding to the positioning mode is sent to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • a device for protecting auxiliary information may be an AMF or a chip in the AMF.
  • the device has the function of realizing the above-mentioned first aspect and various possible implementation modes. This function can be realized by hardware, or by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above-mentioned functions.
  • the device includes a processing module and a transceiver module.
  • the transceiver module may be, for example, at least one of a transceiver, a receiver, and a transmitter, and the transceiver module may include a radio frequency circuit or an antenna.
  • the processing module may be a processor.
  • the device further includes a storage module, and the storage module may be a memory, for example.
  • the storage module is used to store instructions.
  • the processing module is connected to the storage module, and the processing module can execute instructions stored in the storage module or instructions derived from other sources, so that the device executes the first aspect or any one of the methods described above.
  • the chip when the device is a chip, the chip includes: a processing module.
  • the chip also includes a transceiver module.
  • the transceiver module may be, for example, an input/output interface or pin on the chip. Or circuits, etc.
  • the processing module may be a processor, for example. The processing module can execute instructions so that the chip in the AMF executes the first aspect and any possible implementation communication methods.
  • the processing module may execute instructions in the storage module, and the storage module may be a storage module in the chip, such as a register, a cache, and the like.
  • the storage module may also be located in the communication device but outside the chip, such as read-only memory (ROM) or other types of static storage devices that can store static information and instructions, random access memory (random access memory) memory, RAM) etc.
  • ROM read-only memory
  • RAM random access memory
  • the processor mentioned in any of the above can be a general-purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more for controlling the above All aspects of the communication method program execution integrated circuit.
  • CPU central processing unit
  • ASIC application-specific integrated circuit
  • a device for protecting auxiliary information may be a terminal or a chip in the terminal.
  • the device has the function of realizing the above-mentioned second aspect and various possible implementation manners. This function can be realized by hardware, or by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above-mentioned functions.
  • the device includes a transceiver module.
  • the device further includes a processing module.
  • the transceiver module may be, for example, at least one of a transceiver, a receiver, and a transmitter.
  • the transceiver module may include a radio frequency circuit or an antenna.
  • the processing module may be a processor.
  • the device further includes a storage module, and the storage module may be a memory, for example.
  • the storage module is used to store instructions.
  • the processing module is connected to the storage module, and the processing module can execute instructions stored in the storage module or from other instructions, so that the device executes the communication methods of the second aspect and various possible implementation manners.
  • the device can be a terminal.
  • the chip when the device is a chip, the chip includes a transceiver module.
  • the device further includes a processing module, and the transceiver module may be, for example, an input/output interface, pin or circuit on the chip.
  • the processing module may be a processor, for example. The processing module can execute instructions so that the chip in the AMF executes the second aspect and any possible implementation communication methods.
  • the processing module may execute instructions in the storage module, and the storage module may be a storage module in the chip, such as a register, a cache, and the like.
  • the storage module may also be located in the communication device but outside the chip, such as a read-only memory or other types of static storage devices that can store static information and instructions, random access memory, etc.
  • the processor mentioned in any of the above may be a general-purpose central processing unit, a microprocessor, a specific application integrated circuit, or one or more integrated circuits used to control the execution of the programs of the above-mentioned communication methods.
  • a device for protecting auxiliary information may be a terminal or a chip in the terminal.
  • the device has the function of realizing the aforementioned third aspect and various possible implementation modes. This function can be realized by hardware, or by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above-mentioned functions.
  • the device includes a transceiver module.
  • the device further includes a processing module.
  • the transceiver module may be, for example, at least one of a transceiver, a receiver, and a transmitter.
  • the transceiver module may include a radio frequency circuit or an antenna.
  • the processing module may be a processor.
  • the device further includes a storage module, and the storage module may be a memory, for example.
  • the storage module is used to store instructions.
  • the processing module is connected to the storage module, and the processing module can execute the instructions stored in the storage module or from other instructions, so that the device executes the third aspect described above and various possible implementation modes of communication methods.
  • the device can be a terminal.
  • the chip when the device is a chip, the chip includes a transceiver module.
  • the device further includes a processing module, and the transceiver module may be, for example, an input/output interface, pin, or circuit on the chip.
  • the processing module may be a processor, for example. The processing module can execute instructions so that the chip in the AMF executes the third aspect and any possible implemented communication methods.
  • the processing module may execute instructions in the storage module, and the storage module may be a storage module in the chip, such as a register, a cache, and the like.
  • the storage module may also be located in the communication device but outside the chip, such as a read-only memory or other types of static storage devices that can store static information and instructions, random access memory, etc.
  • the processor mentioned in any of the above may be a general-purpose central processing unit, a microprocessor, a specific application integrated circuit, or one or more integrated circuits used to control the execution of the programs of the above-mentioned communication methods.
  • a device for protecting auxiliary information may be an AMF or a chip in the AMF.
  • the device has the function of realizing the above-mentioned fourth aspect and various possible implementation modes. This function can be realized by hardware, or by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above-mentioned functions.
  • the device includes a processing module and a transceiver module.
  • the transceiver module may be, for example, at least one of a transceiver, a receiver, and a transmitter, and the transceiver module may include a radio frequency circuit or an antenna.
  • the processing module may be a processor.
  • the device further includes a storage module, and the storage module may be a memory, for example.
  • the storage module is used to store instructions.
  • the processing module is connected to the storage module, and the processing module can execute instructions stored in the storage module or instructions derived from other sources, so that the device executes the foregoing fourth aspect or any one of the methods.
  • the chip when the device is a chip, the chip includes: a processing module.
  • the chip also includes a transceiver module.
  • the transceiver module may be, for example, an input/output interface or pin on the chip. Or circuits, etc.
  • the processing module may be a processor, for example. The processing module can execute instructions so that the chip in the AMF executes the fourth aspect and any possible implementation communication methods.
  • the processing module may execute instructions in the storage module, and the storage module may be a storage module in the chip, such as a register, a cache, and the like.
  • the storage module may also be located in the communication device but outside the chip, such as read-only memory (ROM) or other types of static storage devices that can store static information and instructions, random access memory (random access memory) memory, RAM) etc.
  • ROM read-only memory
  • RAM random access memory
  • the processor mentioned in any of the above can be a general-purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more for controlling the above All aspects of the communication method program execution integrated circuit.
  • CPU central processing unit
  • ASIC application-specific integrated circuit
  • a device for protecting auxiliary information may be a terminal or a chip in the terminal.
  • the device has the function of realizing the above-mentioned fifth aspect and various possible implementation modes. This function can be realized by hardware, or by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above-mentioned functions.
  • the device includes a transceiver module.
  • the device further includes a processing module.
  • the transceiver module may be, for example, at least one of a transceiver, a receiver, and a transmitter.
  • the transceiver module may include a radio frequency circuit or an antenna.
  • the processing module may be a processor.
  • the device further includes a storage module, and the storage module may be a memory, for example.
  • the storage module is used to store instructions.
  • the processing module is connected to the storage module, and the processing module can execute the instructions stored in the storage module or from other instructions, so that the device executes the fifth aspect described above and various possible implementation modes of communication methods.
  • the device can be a terminal.
  • the chip when the device is a chip, the chip includes a transceiver module.
  • the device further includes a processing module, and the transceiver module may be, for example, an input/output interface, pin or circuit on the chip.
  • the processing module may be a processor, for example. The processing module can execute instructions so that the chip in the AMF executes the fifth aspect and any possible implementation communication methods.
  • the processing module may execute instructions in the storage module, and the storage module may be a storage module in the chip, such as a register, a cache, and the like.
  • the storage module may also be located in the communication device but outside the chip, such as a read-only memory or other types of static storage devices that can store static information and instructions, random access memory, etc.
  • the processor mentioned in any of the above may be a general-purpose central processing unit, a microprocessor, a specific application integrated circuit, or one or more integrated circuits used to control the execution of the programs of the above-mentioned communication methods.
  • a computer storage medium stores program code, and the program code is used to instruct the execution of the method in the first aspect or the fourth aspect, or any of its possible implementations. instruction.
  • a computer storage medium is provided, and program code is stored in the computer storage medium, and the program code is used to instruct the execution of the method in the second aspect or the fifth aspect, or any of its possible implementations. instruction.
  • a computer storage medium is provided, and program code is stored in the computer storage medium, and the program code is used to instruct instructions to execute the method in the third aspect or any possible implementation manner thereof.
  • a computer program product containing instructions which when running on a computer, causes the computer to execute the method in any possible implementation manner of the first aspect or the fourth aspect.
  • a computer program product containing instructions which when running on a computer, causes the computer to execute the method in the second aspect or the fifth aspect, or any possible implementation manner thereof.
  • a computer program product containing instructions which when running on a computer, causes the computer to execute the method in the third aspect described above, or any possible implementation manner thereof.
  • a processor configured to be coupled with a memory, and configured to execute the method in the first aspect or the fourth aspect, or any possible implementation manner thereof.
  • a processor configured to be coupled with a memory, and configured to execute the method in the second aspect or the fifth aspect, or any possible implementation manner thereof.
  • a processor is provided, which is configured to be coupled with a memory and configured to execute the method in the foregoing third aspect or any possible implementation manner thereof.
  • a communication system including the device described in the sixth aspect, the device described in the seventh aspect, and the device described in the eighth aspect.
  • a communication system including the device described in the ninth aspect and the device described in the tenth aspect.
  • the AMF receives the tracking area identifier used to indicate the tracking area to which the first terminal belongs, assigns the first key to the first terminal according to the tracking area to which the first terminal belongs, and sends the first key to the first terminal.
  • the mobility management network element assigns a unified key to all terminals that can be managed.
  • the embodiment of the present application can assign a suitable key to the first terminal, and protect the first terminal with the key The auxiliary information, thereby improving the safety performance of auxiliary information.
  • Fig. 1 is a schematic diagram of a communication system according to an embodiment of the present application.
  • FIG. 2 is a schematic diagram of a specific architecture of a communication system according to an embodiment of the present application
  • Figure 3 is a schematic flow chart of protecting auxiliary information in a traditional solution
  • FIG. 4 is a schematic flowchart of a method for protecting auxiliary information according to an embodiment of the present application
  • FIG. 5 is a schematic flowchart of a method for protecting auxiliary information according to a specific embodiment of the present application
  • FIG. 6 is a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
  • FIG. 7 is a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
  • FIG. 8 is a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
  • FIG. 9 is a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
  • FIG. 10 is a schematic block diagram of an apparatus for protecting auxiliary information according to an embodiment of the present application.
  • FIG. 11 is a schematic structural diagram of an apparatus for protecting auxiliary information according to an embodiment of the present application.
  • FIG. 12 is a schematic block diagram of a device for protecting auxiliary information according to another embodiment of the present application.
  • FIG. 13 is a schematic structural diagram of a device for protecting auxiliary information according to another embodiment of the present application.
  • FIG. 14 is a schematic block diagram of a device for protecting auxiliary information according to another embodiment of the present application.
  • 15 is a schematic structural diagram of a device for protecting auxiliary information according to another embodiment of the present application.
  • 16 is a schematic block diagram of a device for protecting auxiliary information according to another embodiment of the present application.
  • FIG. 17 is a schematic block diagram of a device for protecting auxiliary information according to another embodiment of the present application.
  • FIG. 18 is a schematic block diagram of a device for protecting auxiliary information according to another embodiment of the present application.
  • GSM global system for mobile communications
  • CDMA code division multiple access
  • WCDMA broadband code division multiple access
  • GPRS general packet radio service
  • LTE long term evolution
  • FDD frequency division duplex
  • TDD LTE Time division duplex
  • UMTS universal mobile telecommunication system
  • WiMAX worldwide interoperability for microwave access
  • the terminal in the embodiment of this application may refer to user equipment (UE), access terminal, user unit, user station, mobile station, mobile station, remote station, remote terminal, mobile equipment, user terminal, terminal, wireless communication Equipment, user agent or user device.
  • the terminal can also be a cellular phone, a cordless phone, a session initiation protocol (SIP) phone, a wireless local loop (WLL) station, a personal digital assistant (PDA), and a wireless communication function Handheld devices, computing devices or other processing devices connected to wireless modems, vehicle-mounted devices, wearable devices, terminals in the future 5G network or terminals in the future evolved public land mobile network (PLMN), etc.
  • SIP session initiation protocol
  • WLL wireless local loop
  • PDA personal digital assistant
  • PLMN personal digital assistant
  • the access network equipment in the embodiments of the present application may be equipment used to communicate with terminals, and the access network equipment may be a global system for mobile communications (GSM) system or code division multiple access (code division multiple access)
  • GSM global system for mobile communications
  • code division multiple access code division multiple access
  • the base station (transceiver station, BTS) in CDMA) can also be the base station (NodeB, NB) in the wideband code division multiple access (WCDMA) system, and it can also be an evolved LTE system.
  • a base station can also be a wireless controller in a cloud radio access network (cloud radio access network, CRAN) scenario, or the access network device can be a relay station, an access point, a vehicle device, Wearable devices and access network equipment (gNodeB, gNB) in the future 5G network or access network equipment in the future evolved PLMN network are not limited in the embodiment of the present application.
  • cloud radio access network cloud radio access network, CRAN
  • the access network device can be a relay station, an access point, a vehicle device, Wearable devices and access network equipment (gNodeB, gNB) in the future 5G network or access network equipment in the future evolved PLMN network are not limited in the embodiment of the present application.
  • the terminal or the access network device includes a hardware layer, an operating system layer running on the hardware layer, and an application layer running on the operating system layer.
  • the hardware layer includes hardware such as a central processing unit (CPU), a memory management unit (MMU), and memory (also referred to as main memory).
  • the operating system may be any one or more computer operating systems that implement business processing through processes, for example, Linux operating system, Unix operating system, Android operating system, iOS operating system, or windows operating system.
  • the application layer includes applications such as browsers, address books, word processing software, and instant messaging software.
  • the embodiments of the application do not specifically limit the specific structure of the execution subject of the methods provided in the embodiments of the application, as long as the program that records the codes of the methods provided in the embodiments of the application can be provided according to the embodiments of the application.
  • the execution subject of the method provided in the embodiments of the present application may be a terminal or an access network device, or a functional module in the terminal or the access network device that can call and execute the program.
  • FIG. 1 is a schematic diagram of a possible network architecture applicable to this application.
  • the network architecture includes terminal 101, access network equipment 102, unified data management platform 103, third-party equipment 104, network open function entity 105, network capability open entity 105, location management function entity 106, and access and mobility management network functions Entity 107, the following are respectively explained:
  • Terminal device (TD) 101 Referred to as terminal for short, it is a device with wireless transceiver function, which can include various handheld devices with wireless communication functions, vehicle-mounted devices, wearable devices, computing devices or connected to Other processing equipment of wireless modems, as well as various forms of terminals, mobile stations (mobile stations, MS), terminals (terminals), user equipment (UE), soft terminals, and so on. Terminals can be deployed on land, including indoor or outdoor, handheld or vehicle-mounted; they can also be deployed on the water (such as ships, etc.); they can also be deployed in the air (such as airplanes, balloons, and satellites, etc.).
  • mobile phones, tablets, computers with wireless transceiver functions virtual reality (VR) terminals, augmented reality (AR) terminals, industrial control (industrial control) wireless Terminals, wireless terminals in self-driving (self-driving), wireless terminals in remote medical (remote medical), wireless terminals in smart grid (smart grid), wireless terminals in transportation safety, smart cities ( Wireless terminals in smart city, wireless terminals in smart home, etc.
  • VR virtual reality
  • AR augmented reality
  • industrial control industrial control
  • wireless Terminals wireless terminals in self-driving
  • wireless terminals in remote medical remote medical
  • wireless terminals in smart grid smart grid
  • wireless terminals in transportation safety smart cities
  • smart cities Wireless terminals in smart city, wireless terminals in smart home, etc.
  • (Wireless) access network equipment (radio access network, (R)AN) 102 is a device that provides wireless communication functions for terminals, including but not limited to: next-generation base stations (gnodeB, gNB) in 5G , Evolved node B (evolved node B, eNB), radio network controller (RNC), node B (node B, NB), base station controller (BSC), base transceiver station (base transceiver station, BTS), home base station (for example, home evolved nodeB, or home node B, HNB), baseband unit (BBU), transmission and receiving point (TRP), transmission point (TP) )Wait.
  • next-generation base stations evolved node B, eNB
  • RNC radio network controller
  • node B node B
  • BSC base station controller
  • BTS base transceiver station
  • BTS home base station
  • home base station for example, home evolved nodeB, or home node B, HNB
  • BBU
  • Unified data management platform 103 used to process user identification, access authentication, registration, and mobility management.
  • the data management network element may be a home subscriber server (HSS)
  • the data management network element may be a unified data management (UDM) network element.
  • unified data management may still be UDM network elements, or may also have other names, which are not limited by this application.
  • the third-party device 104 a device used to manage the terminal 101, and the third-party device 112 stores attribute information of the managed terminal, such as location information and type of the terminal.
  • the network architecture of this application includes a terminal 101 as an example. In actual applications, the network architecture may include multiple terminals. Accordingly, the multiple terminals can be managed by the third-party device 112. Of course The multiple terminals can also be managed by different third-party devices.
  • the third-party device 112 connects to the capability opening network element through an application interface provided by the capability opening network element, and manages the terminal 101 through the capability opening network element.
  • the third-party device 112 may be a server device or an application function (AF) network element of a vertical industry control center.
  • AF application function
  • Network opening function entity 105 used to safely open services and capabilities provided by 3GPP network function network elements to the outside.
  • the network opening network element may be a service capability exposure function (SCEF) network element.
  • SCEF service capability exposure function
  • NEF network exposure function
  • the network open network element may still be a NEF network element, or may have other names, which is not limited by this application.
  • the location management function entity 106 is used to perform location management of the UE, for example, to determine the location information of the UE.
  • the location management network element in the fifth generation (5G) wireless communication system can be an LMF (location management function, LMF) network element, and LMF can be based on core network entities (such as access and mobility management functions).
  • the entity access and mobility management function, AMF
  • LCS location services
  • the AMF may allocate at least one LMF to the UE to provide positioning services to the UE.
  • the UE may request the LMF for location information through the AMF.
  • the location management network element may still be an LMF network element or have other names, which is not limited by this application.
  • Access and mobility management function entity 107 mainly used for terminal access and mobility management.
  • the mobility management network element may be a mobility management entity (MME), and in a 5G network, the mobility management network element may be an access management function (access and mobility management function, AMF) network yuan.
  • the mobility management network element may still be an AMF network element, or may also have other names, which are not limited in this application.
  • a mobility management network element can also be referred to as a mobility management function or a mobility management functional entity
  • a data management network element can also be referred to as It is a data management function or a data management function entity, etc.
  • the name of each network element is not limited in this application, and those skilled in the art can change the name of the above-mentioned network element to another name to perform the same function, which all fall within the protection scope of this application
  • network elements or functions may be network elements in hardware devices, software functions running on dedicated hardware, or virtualization functions instantiated on a platform (for example, a cloud platform).
  • Figure 2 is a schematic diagram of another possible network architecture applicable to this application.
  • the network architecture includes: terminal 201, (R) AN202, user plane function (UPF) network element 203, data network (DN) network element 204, authentication server function (authentication server function, AUSF) network Element 205, AMF network element 206, session management function (SMF) network element 207, NEF network element 208, network storage function (NRF) network element 209, PCF network element 210, UDM network element 211 .
  • the network architecture includes: terminal 201, (R) AN202, user plane function (UPF) network element 203, data network (DN) network element 204, authentication server function (authentication server function, AUSF) network Element 205, AMF network element 206, session management function (SMF) network element 207, NEF network element 208, network storage function (NRF) network element 209, PCF network element 210, UDM network element 211 .
  • UPF network element 203 As follows, UPF network element 203, DN network element 204, AUSF network element 205, AMF network element 206, SMF network element 207, NEF network element 208, NRF network element 209, and policy control function (PCF) network elements 210.
  • the UDM network element 211 is referred to as UPF203, DN204, AUSF205, AMF206, SMF207, NEF208, NRF209, PCF120, UDM211 for short.
  • the access network device in the network architecture shown in FIG. 1 may be the (R)AN 202 in the network architecture shown in FIG. 2.
  • Nausf is the service-based interface displayed by AUSF105
  • Namf is the service-based interface displayed by AMF106
  • Nsmf is the service-based interface displayed by SMF107
  • Nnef is the service-based interface displayed by NEF108
  • Nnrf is displayed by NRF109
  • Npcf is the service-based interface displayed by PCF110
  • Nudm is the service-based interface displayed by UDM111.
  • N1 is the reference point between UE101 and AMF106
  • N2 is the reference point of (R)AN102 and AMF106, used for non-access stratum (NAS) message transmission, etc.
  • N3 is (R)AN102 and UPF103 The reference point between is used to transmit user plane data, etc.
  • N4 is the reference point between SMF107 and UPF103, used to transmit information such as tunnel identification information of the N3 connection, data buffer indication information, and downlink data notification messages
  • the N6 interface is the reference point between UPF103 and DN104, used to transmit user plane data.
  • network function network element entities such as AMF network element 206, SMF network element 207, PCF network element 210, and UDM network element 211 are all called network function network elements (NF) network elements;
  • NF network function network elements
  • a collection of network elements such as the AMF network element 206, the SMF network element 207, the PCF network element 210, and the UDM network element 211 may all be called control plane function network elements.
  • NF network elements can be defined as different NFs according to the types of functions, such as: authentication and security functions, packet data session management functions, mobility management functions and access control functions, policy control functions, etc. These functions are composed of corresponding NF components To achieve, each NF component provides services to other NF components or functions through a defined service interface.
  • Multiple network slices (sliceA, sliceB, and sliceC) of the same operator use the same public land mobile network (PLMN), and can be deployed in the operator's infrastructure through cloud technology and virtualization technology ,
  • PLMN public land mobile network
  • the operator’s technical facilities include the operator’s cloud computing and transmission infrastructure.
  • MME network element AMF network element, UDM network element, eNB, and gNB described in the subsequent embodiments are just examples and do not constitute a limitation to the embodiments of the present application. That is, the MME network elements and AMF network elements described later in this application can be replaced with mobility management network elements, UDM network elements can be replaced with data management network elements, and eNBs and gNBs can be replaced with access network equipment.
  • MME network element is abbreviated as MME
  • AMF network element AMF
  • UDM network element UDM.
  • Fig. 3 shows a schematic flow chart of protecting auxiliary information in a traditional scheme.
  • E-SMLC sends the key to the MME
  • the MME stores the key
  • the terminal sends an attachment request or a tracking area update (tracking area update, TAU) request to the base station;
  • TAU tracking area update
  • the base station sends the attach request or TAU request to the MME;
  • the MME feeds back the attachment request response message or the TAU request response message to the base station, and the attachment request response message or the TAU request response message carries the key;
  • the base station sends a response message carrying the key attachment request or the response message of the TAU request to the terminal.
  • the E-SMLC uses the key to encrypt the auxiliary information
  • the E-SMLC sends the encrypted auxiliary information to the terminal;
  • the terminal uses the key to decrypt the auxiliary information.
  • the MME can uniformly distribute a key to the terminal. Since the distribution of the key does not consider the area to which the terminal currently belongs, the auxiliary information is encrypted with such a key, and the security performance of the auxiliary information is relatively low.
  • FIG. 4 shows a schematic flowchart of a method for protecting auxiliary information according to an embodiment of the present application.
  • the AMF receives a tracking area identifier, where the tracking area identifier is used to indicate the tracking area to which the first terminal belongs.
  • one tracking area may include one or more access network devices, and the AMF may receive the tracking area identifier from one or more access network devices included in the tracking area to which the terminal belongs.
  • the access network device may send the identification of the tracking area to which the first terminal belongs periodically, or when it detects that the tracking area to which the first terminal belongs has changed.
  • a tracking area may be a geographic area composed of a continuous coverage cell, and is used for terminal location management of the access network/core network system.
  • the AMF determines a first key assigned to the first terminal according to the tracking area to which the first terminal belongs, and the first key is used to protect auxiliary information.
  • the AMF may allocate different keys to different tracking areas to which the first terminal belongs.
  • at least one tracking area and at least one key to which the first terminal belongs may have a mapping relationship, that is, the at least one key may respectively correspond to one tracking area or multiple tracking areas, so that the AMF can determine the corresponding tracking area according to a certain tracking area.
  • the first key may be used to encrypt or decrypt the auxiliary information.
  • the AMF may encrypt the auxiliary information using the first key, and the first terminal may decrypt the auxiliary information using the first key.
  • mapping relationship between the at least one tracking area and the at least one key can be one-to-one correspondence between the tracking area and the key, or one tracking area corresponds to one or more keys, or one key corresponds to one key. Or multiple tracking areas, this application does not limit this.
  • mapping relationship between the at least one tracking area and the at least one key may be carried in a first message, and the first message may be sent by the LMF to the AMF.
  • the first message may also include a general key, that is, no matter which tracking area the terminal is in, the general key can be used, which is not limited in this application.
  • the first message may be a key message.
  • step 402 may be that the AMF determines the first key assigned to the first terminal according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs.
  • the first terminal sends the positioning mode of the first terminal.
  • AMF can combine the positioning mode of the first terminal and the tracking area to which the first terminal belongs to assign a key (ie, the first key) to the first terminal.
  • a key ie, the first key
  • the embodiment of the present application can allocate a suitable key to the first terminal, and protect the auxiliary information of the first terminal by the key, thereby improving the security performance of the auxiliary information.
  • the keys of the auxiliary information of different terminals may be different, and the keys of the auxiliary information corresponding to the same terminal in different tracking areas may also be different.
  • the AMF may calculate the first key by combining a certain association relationship or functional relationship between the positioning mode of the first terminal and the tracking area to which the first terminal belongs.
  • the positioning method of the first terminal may be a positioning method supported by the terminal.
  • the positioning method may be wireless fidelity (wifi) positioning, wireless local area network (wlan) positioning, or global positioning system GPS (global position system, GPS) positioning, Bluetooth positioning, or other positioning methods, which are not limited in this application.
  • the AMF in step 402 may also read the positioning mode of the first terminal from its own storage area. That is, the AMF can store the positioning mode corresponding to each terminal, so that the AMF can learn the positioning mode of any terminal from the storage area.
  • the AMF may receive the positioning mode of the first terminal from the LMF.
  • the LMF stores the positioning modes corresponding to different terminals, and the AMF can obtain the positioning mode of the first terminal from the LMF.
  • the AMF may also receive the positioning capability information of the first terminal, and the positioning capability information is used to indicate the positioning mode supported by the first terminal. In this way, in step 402, the AMF may be based on the positioning supported by the first terminal. The mode determines the positioning mode of the first terminal.
  • the positioning mode supported by the first terminal may be one or more.
  • the first message may also include a mapping relationship between at least one key and at least one positioning mode, that is, the at least one key corresponds to one or more positioning modes respectively.
  • the AMF may receive a first message from the LMF, the first message may include multiple keys supported by the LMF, and the first message may also include the location corresponding to each key in the multiple keys Mode and tracking area, so that AMF can combine the positioning mode of the first terminal and the tracking area to which the first terminal belongs to select a suitable key (ie, the first key) from the multiple keys supported by the LMF, saving The AMF determines the power consumption overhead of the first key.
  • a suitable key ie, the first key
  • a positioning mode of the first terminal has a first mapping relationship with multiple keys, and each tracking area of the first terminal also has a second mapping relationship with multiple keys, so that the AMF can be based on the first end And the tracking area to which the first terminal belongs combined with the first mapping relationship and the second mapping relationship to select the first key.
  • the multiple keys supported by the LMF can be referred to as the "first key set”
  • the AMF can select one or more keys from the first key set according to the positioning mode of the first terminal and the first mapping relationship.
  • a third key set including one or more keys is selected from the first key set, and the first key set includes one or more keys.
  • AMF determines the second key set from the first key set according to the tracking area to which the first terminal belongs and the first mapping relationship, and then obtains the second key set from the second key set according to the positioning mode of the first terminal and the second mapping relationship Determine the first key in.
  • AMF determines a second key set including one or more keys from the first key set according to the tracking area to which the first terminal belongs and the second mapping relationship, and then according to the positioning mode of the first terminal and the first mapping Relationship, the first key is determined from the second key set.
  • the same key can correspond to one or more positioning methods, and the same key can also correspond to one or more tracking areas.
  • mapping relationship may be implemented through a table.
  • first mapping relationship and second mapping relationship may be in different tables (for example, the first mapping relationship and the second mapping relationship are tables including two columns respectively) It may also be in the same table (for example, the first mapping relationship and the second mapping relationship are in the same table including three columns), which is not limited in this application.
  • the first message may also include multiple positioning modes supported by the LMF, and the AMF may select one of the multiple positioning modes as the positioning mode of the first terminal.
  • the AMF may determine the positioning mode of the first terminal in combination with the positioning mode supported by the first terminal and the positioning mode supported by the LMF.
  • the positioning capability information and tracking area identifier of the first terminal acquired by the AMF may be carried in a second message, and the second message may be used to request access to the AMF.
  • the first key may be carried in the first message.
  • the first terminal does not need to specifically send the positioning capability information and the tracking area identifier, and the AMF does not need to specifically send the first key.
  • the distribution of the key may also be triggered by the second message, that is, the embodiment of the present application provides a way to trigger the key distribution.
  • the second message may be an "attach request”.
  • step 401 may also be that the AMF receives a third message.
  • the third message may be used to request to update the tracking area.
  • the third message includes the tracking area identifier. Accordingly, the first key is carried in the third message. In the response message. In this way, the first terminal does not need to specifically send the third message, and the AMF does not need to specifically send the first key. By carrying it in the third message and the response message of the third message, signaling overhead is saved.
  • the embodiments of the present application provide another way to trigger key distribution.
  • the third message may be a "TAU request”.
  • the attach request and the TAU request can be carried in a message, for example, a registration request (registration request), an initial registration request corresponds to an attach request, and a mobile registration update (mobility registration update) request Corresponding to TAU request.
  • the registration request may have the functions of attach request and TAU request at the same time, which is not limited in this application.
  • the registration request can also carry registration type information elements.
  • the AMF may also send one or more of an expiration date and indication information to the first terminal, where the expiration date is used to indicate that the first terminal can use the first key duration threshold or can use the The number threshold of the first key, the indication information is used to indicate whether the AMF supports auxiliary information.
  • the indication information may be used to indicate whether the AMF supports auxiliary information. If the AMF does not support the auxiliary information, the subsequent AMF will not send the auxiliary information to the first terminal through the access network device.
  • the AMF may send one or more of the validity period and the indication information through a message (that is, the message may include one or more of the validity period and the indication information).
  • the message may be the same message as the response message of the second message, that is, one or more of the validity period and the indication information may be carried in the response message of the second message.
  • the response message of the third message is the same message, which is not limited in this application.
  • the AMF may also obtain auxiliary information settings from the UDM.
  • the auxiliary information settings are used to indicate whether the first terminal has subscribed to the auxiliary information. If the auxiliary information is subscribed, the AMF sends the first key to the first terminal. If the first terminal does not have the auxiliary information, the AMF does not send the first key to the first terminal. In this way, the embodiment of this application can be used for future commercial applications. Create conditions, for example, to achieve high-precision positioning fees.
  • the AMF may send a positioning setting request to the UDM.
  • the positioning setting request may be used to request the auxiliary information setting of the first terminal.
  • the UDM feeds back a response message for the positioning setting request to the AMF, and the response message for the positioning setting request includes the auxiliary information.
  • the positioning setting request may include the identification of the first terminal.
  • the AMF sends the first key to the first terminal.
  • the first terminal receives the first key sent by the AMF.
  • the AMF sends the first key to the first terminal through the access network device, and the first terminal can decrypt the auxiliary information according to the first key, which improves the security performance of the auxiliary information.
  • the AMF determines the first key of the first terminal in the tracking area to which the first terminal currently belongs
  • the first key may be sent through the access network device in the tracking area to which the first terminal currently belongs.
  • the AMF may send auxiliary information to the terminal through the access network device.
  • the AMF can send the auxiliary information of the first terminal to all access network devices under management.
  • the AMF receives a fourth message from the LMF, the fourth message includes a third mapping relationship between at least one area list and at least one auxiliary information, and each area list in the at least one area list corresponds to a plurality of areas managed by the AMF
  • the AMF can determine the first auxiliary information corresponding to the first area list in the at least one area list according to the third mapping relationship, and then use the access corresponding to the first area list The network access device sends the first auxiliary information.
  • the LMF sends a fourth message to the AMF.
  • the fourth message includes at least one area list and at least one auxiliary information, and the at least one area list and the at least one auxiliary information have a mapping relationship (that is, a third mapping relationship), so that the AMF
  • the auxiliary information corresponding to any area list (for example, the first area list) can be determined according to the third mapping relationship, so that the AMF can broadcast to the terminals covered by the access network equipment through the access network equipment corresponding to the first area list
  • the first auxiliary information that is, different auxiliary information sent by AMF can be sent through the access network equipment corresponding to different area lists.
  • the AMF sends auxiliary information through all the access network equipment covered, which saves signaling. Overhead.
  • the embodiments of the present application can reduce the interference of irrelevant auxiliary information to the auxiliary information of the first terminal, and improve the efficiency of auxiliary information transmission.
  • the area list includes tracking areas to which one or more access network devices that can be used for the terminal to communicate with the AMF belong. For example, taking the access network device as a gNB as an example, gNB1, gNB2, and gNB3 can be used for the terminal to communicate with the AMF.
  • the gNB1 belongs to TA1, and the gNB2 and gNB3 belong to TA2. Then the area list includes TA1 and TA2.
  • the access network device corresponding to the tracking area included in the area list is an access network device that can be used for communication between the terminal and the AMF.
  • the fourth message further includes a fourth mapping relationship between multiple positioning modes and at least one auxiliary information
  • AMF may determine at least one auxiliary corresponding to the first positioning mode in the at least one positioning mode according to the fourth mapping relationship.
  • Information and determine the first auxiliary information from at least one auxiliary information corresponding to the first positioning mode.
  • the fourth message may further include multiple positioning modes and at least one auxiliary information, and the at least one positioning mode and the at least one auxiliary information have a mapping relationship.
  • the AMF may also determine according to at least one auxiliary information corresponding to the first positioning method in combination with the auxiliary information corresponding to the first area list box The first auxiliary information, so as to further accurately broadcast auxiliary information.
  • the first auxiliary information is encrypted auxiliary information.
  • the fourth message may be a "location message”.
  • the LMF generates the at least one auxiliary information, and sends a fourth message to the AMF.
  • the LMF encrypts the auxiliary information by using the key, and sends the AMF through the fourth message.
  • the AMF determines the auxiliary information of different area lists and/or positioning modes of different terminals according to the first mapping relationship and the second mapping relationship (for example, , The first auxiliary information) (the first key), and send the first key to the terminal (for example, the first terminal) that has subscribed to the first auxiliary information, so that the first terminal receives the access
  • the first auxiliary information can be parsed using the first key, which improves the security performance of the auxiliary information.
  • the LMF generating the first auxiliary information may specifically be that the LMF determines the first area list corresponding to the second auxiliary information according to the second auxiliary information and the third mapping relationship in at least one auxiliary information supported by the LMF, and according to the area The correspondence between the list and the key determines the first key corresponding to the first area list, and then encrypts the second auxiliary information with the first key to generate the first auxiliary information.
  • the LMF assigns keys to the auxiliary information corresponding to the different area lists according to the mapping relationship carried in the first message sent, and accordingly, the AMF also determines the auxiliary information corresponding to the different area lists according to the mapping relationship in the first message And send the determined key to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • the first auxiliary information generated by the LMF is specifically that the LMF determines the first positioning mode corresponding to the second auxiliary information according to the second auxiliary information and the fourth mapping relationship in the at least one auxiliary information supported by the LMF, and according to the first The area list and the first positioning method determine the first key, and then encrypt the second auxiliary information according to the first key to generate the first auxiliary information. That is to say, according to the mapping relationship carried in the first message sent, the LMF assigns keys to the corresponding auxiliary information according to the area list and positioning mode. Accordingly, the AMF also determines the different area lists according to the mapping relationship in the first message. The key of the auxiliary information corresponding to the positioning mode is sent to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • the AMF can obtain the second key when it learns that the first key is invalid, that is, update the first key to the second key, and send the second key to the first terminal, so that the AMF can
  • the second key is used to encrypt the auxiliary information
  • the first terminal can use the second key to decrypt the auxiliary information, that is, the key is updated in time, which further improves the security performance of the auxiliary information.
  • the first key invalidation may be determined by AMF.
  • the first key may also be determined by the first terminal, or determined by the LMF, and then notify the AMF.
  • the manner in which the AMF determines the second key for the first terminal in the embodiment of the present application may be the same as the manner in which the first key is determined.
  • the first terminal may detect whether the first key has expired according to the validity period of the first key, where the first terminal may specifically detect whether the duration of using the first key exceeds a duration threshold, and when using the first key If the duration exceeds the duration threshold, it is determined that the first key has expired, otherwise the first key has not expired; or the first terminal can detect whether the number of times the first key is used exceeds the number threshold, if the number of times the first key is used If the threshold is exceeded, the first key expires, otherwise the first key expires.
  • the first terminal may also receive a fifth message, which is used to request the location information of the first terminal, and the first terminal may start to detect whether the first key has expired according to the fifth message. That is, the fifth message is used to trigger the first terminal to detect whether the first key has expired.
  • the fifth key can be a "location service request” or other "service request” on the network side, which is not limited in this application.
  • the first terminal when detecting that the first key has expired, the first terminal sends a sixth message to the AMF through the access network device, and the sixth message may be used to request to update the key.
  • the AMF receives the sixth message, and sends the second key to the first terminal according to the sixth message. That is, the sixth message can be used to trigger the AMF to send the second key.
  • the second key can be carried in the response message of the sixth message.
  • the sixth message may be a "key update request”
  • the response message of the sixth message may be a "key update request response message”.
  • the key update request may be a NAS message. If the first terminal sends a key update request to the AMF through the access network device, when the first terminal sends the key update request to the access network device, the key update request may be an RRC connection reconfiguration message. When the network device sends the key update request to the AMF, the key update request may be an N2 message.
  • the AMF may receive a fifth message, the fifth message may be used to request the location information of the first terminal, and the AMF sends the second key to the first terminal according to the fifth message, for example, the The fifth message is used to trigger the first terminal to send the second key.
  • the fifth message may be a "location service request", where the location service request may be used to request a subscriber permanent identifier (SUPI), customer type, required Qos, and so on.
  • SUPI subscriber permanent identifier
  • the location service request may be sent by a gateway mobile location center (GMLC) to the AMF.
  • GMLC gateway mobile location center
  • an external client external client
  • the request content of the location service request includes Qos, client type, and so on.
  • the GMLC requests the UDM for the location and privacy settings of the first terminal, and the UDM feeds back to the GMLC the network address and privacy settings of the AMF serving the first terminal, and the GMLC can send a location service request to the AMF.
  • the AMF after receiving the location service request, the AMF sends a network-side location service request to the first terminal when the first terminal is in an idle state to establish a signaling interaction with the first terminal.
  • the AMF may send a seventh message to the first terminal.
  • the seventh message carries the second key.
  • the first terminal feeds back the response message of the seventh message to the AMF to indicate the The first terminal receives the second key, so that the first terminal can decrypt the auxiliary information according to the second key, thereby further improving the security performance of the auxiliary information.
  • the seventh message may be a "key update request”
  • the response message of the seventh message may be a "key update request response message”.
  • the AMF determines and the first terminal determines that the key update is complete, it can also select the LMF and request the current location information of the first terminal from the selected LMF.
  • the LMF measures and calculates the location of the first terminal.
  • the calculated location information of the first terminal is sent to the AMF, and the AMF reports the location information of the first terminal to the GMLC, and the GMLC reports the location information of the first terminal to the external client.
  • the location information of the first terminal may include at least one of a location service (location service, LCS) related identifier, estimated location, accuracy, and positioning mode.
  • LCS location service
  • the seventh message may also carry the expiration date of the second key, and the expiration date may also be a time threshold for indicating that the first terminal can use the second key or can use the second key.
  • the key count threshold may also be a time threshold for indicating that the first terminal can use the second key or can use the second key.
  • the responsive message of the key update request may be a non-access stratum (NAS) message.
  • NAS non-access stratum
  • the key update request response message may be It is a radio resource control (RRC) connection reconfiguration message.
  • RRC radio resource control
  • the key update request may also carry the expiration date of the second key, and the expiration date may also be a time threshold for indicating that the first terminal can use the second key or can use the second key.
  • the key count threshold may also be a time threshold for indicating that the first terminal can use the second key or can use the second key.
  • the MME can broadcast and send auxiliary information through all the access network devices that the MME can manage, which causes a relatively large signaling overhead. Accordingly, a certain terminal (for example, the first terminal) will also receive irrelevant auxiliary information. That is, the interference of the auxiliary information of the first terminal with other irrelevant auxiliary information is relatively large, and therefore, the transmission efficiency of the auxiliary information is low.
  • Fig. 5 shows a schematic flowchart of a method for transmitting auxiliary information according to a specific embodiment of the present application.
  • the LMF generates at least one auxiliary information.
  • the LMF determines the first area list corresponding to the second auxiliary information in the at least one auxiliary information supported by the LMF according to the mapping relationship between the auxiliary information and the area list (ie, the first mapping relationship), and according to the area list and The correspondence between the keys determines the first key corresponding to the first area list, and then encrypts the second auxiliary information with the first key to generate the first auxiliary information.
  • the LMF assigns keys to the auxiliary information corresponding to the different area lists according to the mapping relationship carried in the first message sent, and accordingly, the AMF also determines the auxiliary information corresponding to the different area lists according to the mapping relationship in the first message And send the determined key to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • the LMF determines the first positioning mode corresponding to the second auxiliary information in the at least one auxiliary information supported by the LMF according to the mapping relationship between the auxiliary information and the positioning mode (ie, the second mapping relationship), and according to the first area
  • the list and the first positioning method determine the first key, and then encrypt the second auxiliary information according to the first key to generate the first auxiliary information. That is to say, according to the mapping relationship carried in the first message sent, the LMF assigns keys to the corresponding auxiliary information according to the area list and positioning mode. Accordingly, the AMF also determines the different area lists according to the mapping relationship in the first message.
  • the key of the auxiliary information corresponding to the positioning mode is sent to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
  • first message in the embodiment of this application has the same meaning as the "fourth message” in the embodiment described in FIG.
  • third mapping relationship in the embodiment described in 4 is the same
  • second mapping relationship in the embodiment of this application is the same as the "fourth mapping relationship” in the embodiment described in FIG.
  • the same terms in the illustrated embodiments have the same meaning.
  • the LMF sends a first message to the AMF.
  • the first message includes a first mapping relationship between at least one area list and at least one auxiliary information.
  • Each area list in the at least one area list corresponds to a plurality of areas managed by the AMF. Part of the access network equipment in the access network equipment.
  • first mapping relationship and the second mapping relationship may each be a table, or the first mapping relationship and the second mapping relationship may be in a table.
  • the AMF determines the first auxiliary information corresponding to the first area list in the at least one area list according to the first mapping relationship.
  • the AMF sends the first auxiliary information through the access network device corresponding to the first area list.
  • LMF uses a key to encrypt auxiliary information, and sends the AMF through a first message.
  • AMF determines the first key used by a certain auxiliary information (for example, the first auxiliary information), and sends the first key To the terminal (for example, the first terminal) that has subscribed to the first auxiliary information, so that the first terminal can parse the first auxiliary information using the first key after receiving multiple auxiliary information broadcast by the access network device , Improve the security performance of auxiliary information.
  • step 504 the AMF determines the key used for each auxiliary information and sends the key to the corresponding terminal.
  • the steps are the same as the steps in the embodiment shown in FIG. 4. To avoid repetition, it will not be performed here. Repeat.
  • FIG. 6 shows a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
  • the AMF receives a key message from the LMF, where the key message includes multiple keys supported by the LMF, multiple positioning modes supported by the LMF, and at least one area list corresponding to the multiple keys.
  • the AMF stores the key message.
  • the first terminal initiates an attach request to the access network device.
  • the attach request includes the positioning capability information of the first terminal and an area identifier, where the area identifier is used to indicate the area to which the first terminal belongs.
  • the access network device sends the attachment request to the AMF.
  • the AMF sends a location setting request to the UDM.
  • the AMF obtains a positioning setting response from the UDM, where the positioning setting response includes auxiliary information setting.
  • the AMF determines the first key of the first terminal according to the positioning capability information of the first terminal and the positioning mode supported by the LMF.
  • the AMF sends a response message for the attachment request to the access network device, where the response message includes at least one of the expiration date, indication information, and auxiliary information, and also includes the first key.
  • the access network device sends a response message of the attach request to the AMF.
  • the AMF determines the first key suitable for the current first terminal according to the positioning mode supported by the LMF and the positioning capability information of the first terminal, and sends the first key to the first terminal, so that The first terminal parses the auxiliary information according to the first key, thereby improving the security performance of the auxiliary information.
  • the capability information and the area identifier of the first terminal can be carried in the attach request, and the first key can be carried in the attach request response message, that is, it does not need to be specially sent, thereby saving signaling overhead.
  • FIG. 7 shows a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
  • the AMF receives a key message from the LMF, where the key message includes multiple keys supported by the LMF, multiple positioning modes supported by the LMF, and at least one area list corresponding to the multiple keys.
  • the AMF stores the key message.
  • the first terminal initiates a TAU request to the access network device.
  • the TAU request includes the positioning capability information of the first terminal and an area identifier, where the area identifier is used to indicate the area to which the first terminal belongs.
  • the access network device sends the TAU request to the AMF.
  • the AMF sends a location setting request to the UDM.
  • the AMF obtains a positioning setting response from the UDM, where the positioning setting response includes auxiliary information setting.
  • the AMF determines the first key of the first terminal according to the positioning capability information of the first terminal and the positioning mode supported by the LMF.
  • the AMF sends a TAU request response message to the access network device, where the response message includes at least one of the expiration date, the indication information, and the auxiliary information, and also includes the first key.
  • the access network device sends a response message for the TAU request to the AMF.
  • the AMF determines the first key suitable for the current first terminal according to the positioning mode supported by the LMF and the positioning capability information of the first terminal, and sends the first key to the first terminal, so that The first terminal parses the auxiliary information according to the first key, thereby improving the security performance of the auxiliary information.
  • the capability information and the area identifier of the first terminal can be carried in the TAU request, and the first key can be carried in the response message of the TAU request, that is, it does not need to be specially sent, thereby saving signaling overhead.
  • FIG. 8 shows a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
  • the AMF may receive the second key, and store the second key for subsequent analysis when needed.
  • the GMLC receives an LCS request from an external client.
  • the GMLC sends an LCS request to the AMF.
  • the AMF sends an LCS request to the first terminal.
  • LCS request may also be another service request, which is not limited in this application.
  • the first terminal After receiving the LCS request, the first terminal detects whether the first key has expired.
  • the first terminal may specifically detect whether the duration of using the first key exceeds a duration threshold, and if the duration of using the first key exceeds the duration threshold, determine that the first key has expired, otherwise the first key has not Expired; or the first terminal can detect whether the number of times the first key is used exceeds the number threshold, if the number of times the first key is used exceeds the number threshold, the first key expires, otherwise the first key expires.
  • the first terminal After detecting that the first terminal has expired, the first terminal sends a key update request to the access network device.
  • the access network device sends a key update request to the AMF.
  • the AMF obtains the second key.
  • the AMF may know in advance that the first key detected by the first terminal in step 805 is invalid, and upon receiving the key update request, send the second key to the first terminal.
  • step 808 may be after step 805 and before step 809, which is not limited in this application.
  • the AMF sends a second key to the access network device, where the second key may be carried in a response message to the key update request.
  • the access network device sends a response message to the key update request to the first terminal.
  • the first terminal detects whether the first key has expired, and in the case of detecting that the first key has expired, sends a key update request to the AMF through the access network device, and the AMF determines the first key update request.
  • the second key is obtained, and the second key is sent to the first terminal when the key update request is received, so that the first terminal can detect the current key when triggered by the LCS request.
  • the key is appropriate, and the AMF is triggered to send the second key to the first terminal through the key update request, so that the first terminal and the AMF use appropriate keys to protect the auxiliary information, thereby improving the security performance of the auxiliary information.
  • FIG. 9 shows a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
  • the AMF may receive the second key, and store the second key for subsequent analysis when needed.
  • the GMLC receives an LCS request from an external client.
  • the GMLC sends an LCS request to the AMF.
  • the AMF analyzes the second key when determining that the first key is invalid.
  • the AMF sends a key update request to the access network device, where the key update request includes the second key.
  • the access network device sends the key update request to the first terminal.
  • the first terminal sends a response message to the key update request to the AMF.
  • the AMF selects the LMF according to the response message.
  • the AMF sends a location request to the LMF.
  • the LMF calculates the location of the first terminal.
  • the LMF sends the location information of the first terminal to the external client.
  • the AMF determines that the first key is invalid, it obtains the second key, and after receiving the LCS request, sends the second key to the first terminal, so that AMF can send the second key to the first terminal triggered by the LCS request.
  • a terminal sends the second key, so that the first terminal and the AMF use a suitable key to protect the auxiliary information, thereby improving the security performance of the auxiliary information.
  • FIG. 10 shows a schematic block diagram of an apparatus for protecting auxiliary information according to an embodiment of the present application.
  • the device 1000 may correspond to the AMF in the embodiment shown in FIG. 4, and may have any function of the AMF in the method.
  • the device 1000 includes a transceiver module 1010 and a processing module 1020.
  • the transceiver module 1010 is configured to receive a tracking area identifier to which the first terminal belongs, where the tracking area identifier is used to indicate the tracking area to which the first terminal belongs;
  • the processing module 1020 is configured to determine a first key assigned to the first terminal according to the tracking area to which the first terminal belongs, and the first key is used to protect auxiliary information;
  • the transceiver module 1010 is also used to send the first key to the first terminal.
  • the transceiver module 1010 is also used to obtain the positioning mode of the first terminal;
  • the processing module 1020 is specifically used for:
  • the first key is determined according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs.
  • the transceiver module 1010 is further configured to receive a first message from the location management function network element LMF, where the first message includes multiple keys supported by the LMF, and each key in the multiple keys Corresponding positioning method and tracking area;
  • the processing module 1020 is specifically used for:
  • the first key is determined from a plurality of keys supported by the LMF.
  • the first message further includes multiple positioning modes supported by the LMF.
  • the transceiver module 1010 is also used to obtain positioning capability information of the first terminal.
  • the positioning capability information is used to indicate the positioning capability information supported by the first terminal. Targeting;
  • the transceiver module 1010 is specifically used for:
  • the positioning capability information and the identification of the tracking area are carried in a second message, and the second message is used to request access to the AMF, and the transceiver module 1010 is specifically used to:
  • the transceiver module 1010 is specifically used for:
  • the transceiver module 1010 is specifically used for:
  • the transceiver module 1010 is further configured to send one or more of an expiration date and indication information to the first terminal, where the expiration date is used to indicate the length of time that the first terminal can use the first key
  • the threshold or the threshold of the number of times the first key can be used, and the indication information is used to indicate whether the AMF supports auxiliary information in the tracking area to which the first terminal belongs.
  • the transceiver module 1010 is further configured to obtain the auxiliary information setting from the unified data management network element UDM, and the auxiliary information setting is used to indicate the Whether the first terminal signs the auxiliary information;
  • the processing module 1020 is further configured to determine to send the first key to the first terminal when the auxiliary information setting indicates that the first terminal subscribes to the auxiliary information.
  • the transceiver module 1010 is further configured to receive a fourth message, where the fourth message includes a third mapping relationship between at least one area list and at least one auxiliary information;
  • the processing module 1010 is further configured to determine the first auxiliary information corresponding to the first area list in the at least one area list according to the third mapping relationship;
  • the transceiver module 1010 is further configured to send the first auxiliary information through the access network device corresponding to the first area list.
  • the fourth message further includes a fourth mapping relationship between at least one positioning mode and the at least one auxiliary information
  • the processing module 1020 is further configured to determine the first position in the at least one positioning mode according to the fourth mapping relationship.
  • At least one piece of auxiliary information corresponding to a positioning method
  • the processing module 1020 is specifically used for:
  • the first auxiliary information is determined from at least one auxiliary information corresponding to the first positioning mode.
  • the transceiver module 1010 is further configured to obtain a second key when the first key of the first terminal becomes invalid;
  • the transceiver module 1010 is also used to send the second key to the first terminal.
  • the fourth message further includes a fourth mapping relationship between at least one positioning mode and the at least one auxiliary information
  • the processing module is further configured to determine the first in the at least one positioning mode according to the fourth mapping relationship.
  • the processing module 1020 is specifically used for:
  • the first auxiliary information is determined from at least one auxiliary information corresponding to the first positioning mode.
  • the transceiver module 1010 is further configured to obtain a second key when the first key of the first terminal becomes invalid;
  • the transceiver module 1010 is also used to send the second key to the first terminal.
  • the transceiver module 1010 is further configured to receive a fifth message, where the fifth message is used to request location information of the first terminal;
  • the transceiver module 1010 is specifically used for:
  • the second key is sent to the first terminal.
  • the transceiver module 1010 is further configured to receive a sixth message from the first terminal, where the sixth message is used to request to update the key;
  • the transceiver module 1010 is specifically used for:
  • the second key is sent to the first terminal.
  • the AMF in the embodiment of the present application receives the tracking area identifier used to indicate the tracking area to which the first terminal belongs, and then allocates a key (ie, the first key) to the first terminal according to the tracking area to which the first terminal belongs. And send the first key to the first terminal.
  • the mobility management network element uniformly distributes the key to the terminal.
  • the embodiment of the present application can allocate a suitable key to the first terminal and pass the key. The key protects the auxiliary information of the first terminal, thereby improving the security performance of the auxiliary information.
  • FIG. 11 shows a schematic block diagram of a device 1100 for protecting auxiliary information provided by an embodiment of the present application.
  • the device 1100 may be the AMF described in FIG. 4.
  • the device can adopt the hardware architecture shown in FIG. 11.
  • the device may include a processor 1110 and a transceiver 1120.
  • the device may also include a memory 1130.
  • the processor 1110, the transceiver 1120, and the memory 1130 communicate with each other through an internal connection path.
  • Related functions implemented by the processing module 1020 in FIG. 10 may be implemented by the processor 1110, and related functions implemented by the transceiver module 1011 may be implemented by the processor 1110 controlling the transceiver 1120.
  • the processor 1110 may be a general-purpose central processing unit (central processing unit, CPU), microprocessor, application-specific integrated circuit (ASIC), dedicated processor, or one or more An integrated circuit used to implement the technical solutions of the embodiments of this application.
  • a processor may refer to one or more devices, circuits, and/or processing cores for processing data (for example, computer program instructions).
  • it can be a baseband processor or a central processing unit.
  • the baseband processor can be used to process communication protocols and communication data
  • the central processor can be used to control devices (such as base stations, terminals, or chips) used to protect auxiliary information, execute software programs, and process software programs The data.
  • the processor 1110 may include one or more processors, such as one or more central processing units (CPU).
  • processors such as one or more central processing units (CPU).
  • CPU central processing units
  • the CPU may be a single processor.
  • the core CPU can also be a multi-core CPU.
  • the transceiver 1120 is used to send and receive data and/or signals, and receive data and/or signals.
  • the transceiver may include a transmitter and a receiver, the transmitter is used to send data and/or signals, and the receiver is used to receive data and/or signals.
  • the memory 1130 includes, but is not limited to, random access memory (RAM), read-only memory (ROM), erasable programmable memory (erasable programmable memory, EPROM), and read-only memory.
  • RAM random access memory
  • ROM read-only memory
  • EPROM erasable programmable memory
  • read-only memory erasable programmable memory
  • CD-ROM compact disc
  • the memory 1130 is used to store AMF program codes and data, and may be a separate device or integrated in the processor 1110.
  • the processor 1110 is configured to control the transceiver to perform information transmission with the terminal.
  • the processor 1110 is configured to control the transceiver to perform information transmission with the terminal.
  • FIG. 11 only shows a simplified design of the device for protecting auxiliary information.
  • the device can also contain other necessary components, including but not limited to any number of transceivers, processors, controllers, memories, etc., and all AMFs that can implement this application are within the protection scope of this application within.
  • the device 1100 may be a chip, for example, a communication chip that can be used in the AMF to implement related functions of the processor 1110 in the AMF.
  • the chip can be a field programmable gate array, a dedicated integrated chip, a system chip, a central processing unit, a network processor, a digital signal processing circuit, a microcontroller, and a programmable controller or other integrated chips for realizing related functions.
  • the chip may optionally include one or more memories for storing program codes. When the codes are executed, the processor realizes corresponding functions.
  • the apparatus 1100 may further include an output device and an input device.
  • the output device communicates with the processor 1110 and can display information in a variety of ways.
  • the output device may be a liquid crystal display (LCD), a light emitting diode (LED) display device, a cathode ray tube (CRT) display device, or a projector, etc.
  • the input device communicates with the processor 601 and can receive user input in various ways.
  • the input device may be a mouse, a keyboard, a touch screen device, or a sensor device.
  • FIG. 12 shows a schematic block diagram of an apparatus 1200 for protecting auxiliary information according to an embodiment of the present application.
  • the apparatus 1200 may correspond to the terminal in the embodiment shown in FIG. 4, and may have any function of the terminal in the method.
  • the device 1200 includes a transceiver module 1210.
  • the transceiver module 1210 is configured to send a tracking area identifier to the access and mobility management function network element AMF, where the tracking area identifier is used to indicate the tracking area to which the first terminal belongs;
  • the processing module 1210 is further configured to receive a first key, the first key is determined by the AMF according to the tracking area to which the first terminal belongs, and the first key is used to protect auxiliary information.
  • the transceiver module 1210 is also used to receive encrypted auxiliary information
  • the processing module 1220 is configured to decrypt the encrypted auxiliary information according to the first key.
  • the transceiver module is further configured to send positioning capability information to the AMF, where the positioning capability information is used to indicate a positioning mode supported by the first terminal.
  • the transceiver module 1210 is specifically used for:
  • a response message of the second message is received, where the response message includes the first key.
  • the transceiver module 1210 is specifically used for:
  • a response message of the third message is received, where the response message includes the first key.
  • the transceiver module 1210 is further configured to receive one or more of an expiration date and indication information from the AMF, and the expiration date is used to indicate a time threshold or a time period during which the first terminal can use the first key.
  • the threshold of the number of times the first key can be used, and the indication information is used to indicate whether the AMF supports auxiliary information in the tracking area to which the first terminal belongs.
  • processing module 1220 is specifically configured to:
  • the transceiver module 1210 is further configured to send a sixth message to the AMF when it is determined that the first key is invalid, where the sixth message is used to request to update the key;
  • the transceiver module 1210 is further configured to receive a response message of the sixth message, where the response message of the sixth message includes the second key;
  • the processing module 1220 is also used to decrypt the encrypted auxiliary information according to the second key.
  • processing module 1220 is specifically configured to:
  • the transceiver module 1210 is further configured to receive a second key from the AMF when it is determined that the first key is invalid;
  • the processing module 1220 is also used to decrypt the auxiliary information received from the AMF according to the second key.
  • the first terminal in the embodiment of the present application sends to AMF the tracking area identifier used to indicate the tracking area to which the first terminal belongs, and the tracking area identifier of the tracking area to which the first terminal belongs is used for AMF determination for protection assistance
  • the first key of the information the first terminal obtains the first key from the AMF, that is, the embodiment of the present application can allocate a more suitable key to the first terminal, and protect the first key through the first key
  • the auxiliary information of the first terminal improves the security performance of the auxiliary information.
  • FIG. 13 shows an apparatus 1300 for protecting auxiliary information provided by an embodiment of the present application.
  • the apparatus 1300 may be the terminal described in FIG. 4.
  • the device can adopt the hardware architecture shown in FIG. 13.
  • the device may include a processor 1310 and a transceiver 1320.
  • the device may also include a memory 1330.
  • the processor 1310, the transceiver 1320 and the memory 1330 communicate with each other through an internal connection path.
  • the relevant functions implemented by the processing module 1320 in FIG. 13 may be implemented by the processor 1310, and the relevant functions implemented by the transceiver module 1310 may be implemented by the processor 1310 controlling the transceiver 1320.
  • the processor 1310 may be a general-purpose central processing unit (central processing unit, CPU), a microprocessor, an application-specific integrated circuit (ASIC), a dedicated processor, or one or more It is an integrated circuit that implements the technical solutions of the embodiments of the present application.
  • a processor may refer to one or more devices, circuits, and/or processing cores for processing data (for example, computer program instructions).
  • it can be a baseband processor or a central processing unit.
  • the baseband processor can be used to process communication protocols and communication data
  • the central processor can be used to control devices (such as base stations, terminals, or chips) used to protect auxiliary information, execute software programs, and process software programs The data.
  • the processor 1310 may include one or more processors, such as one or more central processing units (CPU).
  • processors such as one or more central processing units (CPU).
  • CPU central processing units
  • the CPU may be a single processor.
  • the core CPU can also be a multi-core CPU.
  • the transceiver 1320 is used to send and receive data and/or signals, and to receive data and/or signals.
  • the transceiver may include a transmitter and a receiver, the transmitter is used to send data and/or signals, and the receiver is used to receive data and/or signals.
  • the memory 1330 includes, but is not limited to, random access memory (RAM), read-only memory (ROM), erasable programmable memory (erasable read only memory, EPROM), read-only memory A compact disc (read-only memory, CD-ROM), the memory 1330 is used to store related instructions and data.
  • RAM random access memory
  • ROM read-only memory
  • EPROM erasable programmable memory
  • CD-ROM compact disc
  • the memory 1330 is used to store program codes and data of the terminal, and may be a separate device or integrated in the processor 1310.
  • the processor 1310 is configured to control the transceiver to perform information transmission with the terminal.
  • the processor 1310 is configured to control the transceiver to perform information transmission with the terminal.
  • the apparatus 1300 may further include an output device and an input device.
  • the output device communicates with the processor 1310 and can display information in a variety of ways.
  • the output device may be a liquid crystal display (LCD), a light emitting diode (LED) display device, a cathode ray tube (CRT) display device, or a projector, etc.
  • the input device communicates with the processor 601 and can receive user input in various ways.
  • the input device may be a mouse, a keyboard, a touch screen device, or a sensor device.
  • FIG. 13 only shows a simplified design of the device for protecting auxiliary information.
  • the device may also contain other necessary components, including but not limited to any number of transceivers, processors, controllers, memories, etc., and all terminals that can implement this application are within the protection scope of this application. within.
  • the device 1300 may be a chip, for example, a communication chip that can be used in a terminal to implement related functions of the processor 1310 in the terminal.
  • the chip can be a field programmable gate array, a dedicated integrated chip, a system chip, a central processing unit, a network processor, a digital signal processing circuit, a microcontroller, and a programmable controller or other integrated chips for realizing related functions.
  • the chip may optionally include one or more memories for storing program codes. When the codes are executed, the processor realizes corresponding functions.
  • the embodiment of the present application also provides a device, which may be a terminal or a circuit.
  • the device can be used to perform the actions performed by the terminal in the foregoing method embodiments.
  • FIG. 14 shows a schematic block diagram of an apparatus 1400 for protecting auxiliary information according to an embodiment of the present application.
  • the device 1400 may correspond to the LMF in the embodiment shown in FIG. 4, and may have any function of the LMF in the method.
  • the device 1400 includes a processing module 1410 and a transceiver module 1420.
  • the processing module 1410 is configured to determine a first message.
  • the first message includes multiple keys supported by the LMF and tracking areas corresponding to the multiple keys respectively;
  • the transceiver module 1420 is configured to send the first message to the access and mobility management function network element AMF.
  • the first message further includes the positioning modes respectively corresponding to the multiple keys.
  • processing module 1410 is further configured to generate at least one auxiliary information
  • the transceiver module 1410 is further configured to send a fourth message, the fourth message including a third mapping relationship between at least one area list and at least one auxiliary information.
  • the fourth message further includes a fourth mapping relationship between multiple positioning modes and the at least one auxiliary information.
  • processing module 1420 is specifically configured to:
  • Encrypting the second auxiliary information by the first key generates the first auxiliary information.
  • processing module 1420 is specifically configured to:
  • Encrypting the second auxiliary information by the first key generates the first auxiliary information.
  • FIG. 15 shows a device 1500 for protecting auxiliary information provided by an embodiment of the present application.
  • the device 1500 may be the terminal described in FIG. 4.
  • the device can adopt the hardware architecture shown in FIG. 15.
  • the device may include a processor 1510 and a transceiver 1520.
  • the device may also include a memory 1530.
  • the processor 1510, the transceiver 1520, and the memory 1530 communicate with each other through an internal connection path.
  • the related functions implemented by the processing module 1520 in FIG. 15 may be implemented by the processor 1510, and the related functions implemented by the transceiver module 1510 may be implemented by the processor 1510 controlling the transceiver 1520.
  • the processor 1510 may be a general-purpose central processing unit (central processing unit, CPU), a microprocessor, an application-specific integrated circuit (ASIC), a dedicated processor, or one or more It is an integrated circuit that implements the technical solutions of the embodiments of the present application.
  • a processor may refer to one or more devices, circuits, and/or processing cores for processing data (for example, computer program instructions).
  • it can be a baseband processor or a central processing unit.
  • the baseband processor can be used to process communication protocols and communication data
  • the central processor can be used to control devices (such as base stations, terminals, or chips) used to protect auxiliary information, execute software programs, and process software programs The data.
  • the processor 1510 may include one or more processors, such as one or more central processing units (CPU).
  • processors such as one or more central processing units (CPU).
  • CPU central processing units
  • the CPU may be a single processor.
  • the core CPU can also be a multi-core CPU.
  • the transceiver 1520 is used to send and receive data and/or signals, and to receive data and/or signals.
  • the transceiver may include a transmitter and a receiver, the transmitter is used to send data and/or signals, and the receiver is used to receive data and/or signals.
  • the memory 1530 includes but is not limited to random access memory (RAM), read-only memory (ROM), erasable programmable memory (erasable read only memory, EPROM), read-only memory A compact disc (read-only memory, CD-ROM), the memory 1530 is used to store related instructions and data.
  • RAM random access memory
  • ROM read-only memory
  • EPROM erasable programmable memory
  • CD-ROM compact disc
  • the memory 1530 is used to store program codes and data of the terminal, and may be a separate device or integrated in the processor 1510.
  • the processor 1510 is configured to control the transceiver and the terminal to perform information transmission.
  • the processor 1510 is configured to control the transceiver and the terminal to perform information transmission.
  • the apparatus 1500 may further include an output device and an input device.
  • the output device communicates with the processor 1510 and can display information in a variety of ways.
  • the output device may be a liquid crystal display (LCD), a light emitting diode (LED) display device, a cathode ray tube (CRT) display device, or a projector, etc.
  • the input device communicates with the processor 601 and can receive user input in various ways.
  • the input device may be a mouse, a keyboard, a touch screen device, or a sensor device.
  • FIG. 15 only shows a simplified design of the device for protecting auxiliary information.
  • the device may also contain other necessary components, including but not limited to any number of transceivers, processors, controllers, memories, etc., and all terminals that can implement this application are within the protection scope of this application. within.
  • the device 1500 may be a chip, for example, a communication chip that can be used in a terminal to implement related functions of the processor 1510 in the terminal.
  • the chip can be a field programmable gate array, a dedicated integrated chip, a system chip, a central processing unit, a network processor, a digital signal processing circuit, a microcontroller, and a programmable controller or other integrated chips for realizing related functions.
  • the chip may optionally include one or more memories for storing program codes. When the codes are executed, the processor realizes corresponding functions.
  • the embodiment of the present application also provides a device, which may be a terminal or a circuit.
  • the device can be used to perform the actions performed by the terminal in the foregoing method embodiments.
  • FIG. 16 shows a simplified structural diagram of a terminal. It is easy to understand and easy to illustrate.
  • the terminal uses a mobile phone as an example.
  • the terminal includes a processor, a memory, a radio frequency circuit, an antenna, and an input and output device.
  • the processor is mainly used to process the communication protocol and communication data, control the terminal, execute the software program, and process the data of the software program.
  • the memory is mainly used to store software programs and data.
  • the radio frequency circuit is mainly used for the conversion of baseband signal and radio frequency signal and the processing of radio frequency signal.
  • the antenna is mainly used to send and receive radio frequency signals in the form of electromagnetic waves.
  • Input and output devices such as touch screens, display screens, and keyboards, are mainly used to receive data input by users and output data to users. It should be noted that some types of terminals may not have input and output devices.
  • the processor When data needs to be sent, the processor performs baseband processing on the data to be sent, and outputs the baseband signal to the radio frequency circuit.
  • the radio frequency circuit performs radio frequency processing on the baseband signal and sends the radio frequency signal to the outside in the form of electromagnetic waves through the antenna.
  • the radio frequency circuit receives the radio frequency signal through the antenna, converts the radio frequency signal into a baseband signal, and outputs the baseband signal to the processor, and the processor converts the baseband signal into data and processes the data.
  • only one memory and processor are shown in FIG. 16. In actual end products, there may be one or more processors and one or more memories.
  • the memory may also be referred to as a storage medium or storage device.
  • the memory may be set independently of the processor, or may be integrated with the processor, which is not limited in the embodiment of the present application.
  • the antenna and radio frequency circuit with the transceiver function may be regarded as the transceiver unit of the terminal, and the processor with the processing function may be regarded as the processing unit of the terminal.
  • the terminal includes a transceiver unit 1610 and a processing unit 1620.
  • the transceiver unit may also be referred to as a transceiver, a transceiver, a transceiver, and so on.
  • the processing unit may also be called a processor, a processing board, a processing module, a processing device, and so on.
  • the device for implementing the receiving function in the transceiver unit 1610 can be regarded as the receiving unit, and the device for implementing the sending function in the transceiver unit 1610 as the sending unit, that is, the transceiver unit 1610 includes a receiving unit and a sending unit.
  • the transceiver unit may sometimes be called a transceiver, a transceiver, or a transceiver circuit.
  • the receiving unit may sometimes be called a receiver, receiver, or receiving circuit.
  • the transmitting unit may sometimes be called a transmitter, a transmitter, or a transmitting circuit.
  • transceiving unit 1610 is used to perform the sending and receiving operations on the terminal side in the foregoing method embodiment, and the processing unit 1620 is used to perform other operations on the terminal in addition to the transceiving operation in the foregoing method embodiment.
  • the processing unit 1620 is configured to perform the operations in step 402 and step 403 in FIG. 4, and/or the processing unit 1620 is further configured to perform other processing steps on the terminal side in the embodiment of the present application.
  • the transceiving unit 1610 is configured to perform the transceiving operations in step 401 and/or step 404 in FIG. 4, and/or the transceiving unit 1610 is further configured to perform other transceiving steps on the terminal side in the embodiment of the present application.
  • the chip When the device for protecting auxiliary information is a chip, the chip includes a transceiver unit and a processing unit.
  • the transceiver unit may be an input/output circuit or a communication interface;
  • the processing unit is a processor or microprocessor or integrated circuit integrated on the chip.
  • the device shown in FIG. 17 can also be referred to.
  • the device can perform functions similar to the processor 1610 in Fig. 16.
  • the device includes a processor 1701, a data sending processor 1703, and a data receiving processor 1705.
  • the processing module 1220 in the foregoing embodiment may be the processor 1701 in FIG. 17, and completes corresponding functions.
  • the transceiver module 1210 in the foregoing embodiment may be the sending data processor 1703 and the receiving data processor 1705 in FIG. 17.
  • the channel encoder and the channel decoder are shown in FIG. 17, it can be understood that these modules do not constitute a restrictive description of this embodiment, and are merely illustrative.
  • the processing device 1800 includes modules such as a modulation subsystem, a central processing subsystem, and a peripheral subsystem.
  • the communication device in this embodiment can be used as the modulation subsystem therein.
  • the modulation subsystem may include a processor 1803 and an interface 1804.
  • the processor 1803 completes the function of the aforementioned processing module 1220
  • the interface 1804 completes the function of the aforementioned transceiver module 1210.
  • the modulation subsystem includes a memory 1806, a processor 1803, and a program stored in the memory and capable of running on the processor. When the processor executes the program, the program described in the first to fifth embodiments is implemented. method.
  • the memory 1806 can be nonvolatile or volatile, and its location can be located inside the modulation subsystem or in the processing device 1800, as long as the memory 1806 can be connected to the The processor 1803 is fine.
  • the disclosed system, device, and method may be implemented in other ways.
  • the device embodiments described above are only illustrative.
  • the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or It can be integrated into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • each unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the function is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium.
  • the technical solution of this application essentially or the part that contributes to the existing technology or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or an access network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic disk or optical disk and other media that can store program code .

Abstract

Provided are a method and apparatus for protecting auxiliary information about location. The method comprises: an AMF receiving a tracking area identifier for indicating a tracking area to which a first terminal belongs, allocating a first secret key to the first terminal according to the tracking area to which the first terminal belongs, and sending the first secret key to the first terminal. With respect to the case in the traditional solution where a mobility management network element allocates a unified secret key to all terminals that can be managed, the embodiments of the present application can allocate an appropriate secret key to the first terminal and protect auxiliary information of the first terminal by means of the secret key, thereby improving the security performance of the auxiliary information.

Description

用于保护辅助信息的方法和装置Method and device for protecting auxiliary information
本申请要求于2019年3月4日提交中国专利局、申请号为201910161370.6、申请名称为“用于保护辅助信息的方法和装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on March 4, 2019, the application number is 201910161370.6, and the application name is "Methods and Devices for Protecting Auxiliary Information", the entire content of which is incorporated herein by reference Applying.
技术领域Technical field
本申请涉及通信领域,更具体地,涉及一种用于保护辅助信息的方法和装置。This application relates to the field of communications, and more specifically, to a method and device for protecting auxiliary information.
背景技术Background technique
传统方案中,增强的服务移动定位中心(evolved serving mobile location center,E-SMLC)向移动管理实体(mobility management entity,MME)下发广播密钥,MME存储广播密钥。在终端发起附着(attach)请求或跟踪区更新(tracking area update,TAU)请求的情况下,MME在附着请求的响应消息或TAU请求的响应消息中携带广播密钥发给终端,使得终端根据该密钥对辅助信息进行加密辅助信息,辅助信息是用于辅助终端实现高精度的定位。In the traditional solution, the enhanced serving mobile location center (E-SMLC) issues a broadcast key to a mobility management entity (mobility management entity, MME), and the MME stores the broadcast key. When a terminal initiates an attach (attach) request or tracking area update (tracking area update, TAU) request, the MME carries the broadcast key in the response message of the attach request or the response message of the TAU request and sends it to the terminal, so that the terminal is The key encrypts the auxiliary information, which is used to assist the terminal to achieve high-precision positioning.
也就是说,MME可以为多个终端分配统一的密钥,后续MME可以采用分配给终端的密钥对辅助信息进行加密,相应地终端采用该密钥对辅助信息进行解密,辅助信息的安全性能比较低。In other words, the MME can assign a unified key to multiple terminals, and the subsequent MME can use the key assigned to the terminal to encrypt the auxiliary information, and the terminal uses the key to decrypt the auxiliary information. The security performance of the auxiliary information Relatively low.
发明内容Summary of the invention
本申请提供一种用于保护辅助信息的方法和装置,能够提高辅助信息的安全性能。The present application provides a method and device for protecting auxiliary information, which can improve the security performance of auxiliary information.
第一方面,提供了一种用于保护辅助信息的方法,该方法包括:接入与移动性管理功能网元AMF接收第一终端所属的跟踪区标识,该跟踪区标识用于指示第一终端所属的跟踪区;该AMF根据该第一终端所属的跟踪区,确定为该第一终端分配的第一密钥,该第一密钥用于保护辅助信息;该AMF向该第一终端发送该第一密钥。In a first aspect, a method for protecting auxiliary information is provided. The method includes: access and mobility management function network element AMF receives a tracking area identifier to which a first terminal belongs, and the tracking area identifier is used to indicate the first terminal The tracking area to which the first terminal belongs; the AMF determines the first key assigned to the first terminal according to the tracking area to which the first terminal belongs, and the first key is used to protect auxiliary information; the AMF sends the first key to the first terminal The first key.
AMF接收用于指示第一终端所属的跟踪区的跟踪区标识,进而根据第一终端所属的跟踪区为第一终端分配密钥(即第一密钥),并将该第一密钥发送给第一终端,相对于传统方案中,移动性管理网元为终端统一分配密钥,本申请实施例能够为第一终端分配合适的密钥,并通过该密钥保护该第一终端的辅助信息,从而提高了辅助信息的安全性能。The AMF receives the tracking area identifier used to indicate the tracking area to which the first terminal belongs, and then allocates a key (ie, the first key) to the first terminal according to the tracking area to which the first terminal belongs, and sends the first key to For the first terminal, compared to the traditional solution, the mobility management network element uniformly assigns a key to the terminal. The embodiment of the present application can assign a suitable key to the first terminal and protect the auxiliary information of the first terminal through the key , Thereby improving the security performance of auxiliary information.
在一些可能的实现方式中,该方法还包括:该AMF获取该第一终端的定位方式;其中,该AMF根据该第一终端所属的跟踪区,确定为该第一终端分配的第一密钥包括:该AMF根据该第一终端的定位方式和该第一终端所属的跟踪区,确定该第一密钥。In some possible implementation manners, the method further includes: the AMF obtains the positioning mode of the first terminal; wherein, the AMF determines the first key assigned to the first terminal according to the tracking area to which the first terminal belongs Including: the AMF determines the first key according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs.
AMF还可以获取该第一终端的定位方式,结合该第一终端所属的跟踪区和第一终端的定位方式确定为第一终端分配的第一密钥,这样能够为第一终端分配更加合适的密钥,更进一步提高了辅助信息的安全性能。The AMF can also obtain the positioning mode of the first terminal, and determine the first key assigned to the first terminal by combining the tracking area to which the first terminal belongs and the positioning mode of the first terminal, so that a more appropriate key can be assigned to the first terminal. The key further improves the security performance of auxiliary information.
在一些可能的实现方式中,该方法还包括:该AMF从位置管理功能网元LMF接收第一消息,该第一消息包括该LMF支持的多个密钥,以及该多个密钥中的每个密钥对应的定位方式和跟踪区;其中,该AMF根据该第一终端的定位方式和该第一终端所属的跟踪区,确定为该第一终端分配的第一密钥包括:该AMF根据该第一终端的定位方式和该第一终端所属的跟踪区,从该LMF支持的多个密钥中确定该第一密钥。In some possible implementation manners, the method further includes: the AMF receives a first message from the location management function network element LMF, the first message includes multiple keys supported by the LMF, and each of the multiple keys The positioning mode and tracking area corresponding to each key; wherein, the AMF determines the first key assigned to the first terminal according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs includes: the AMF according to The positioning mode of the first terminal and the tracking area to which the first terminal belongs are determined from a plurality of keys supported by the LMF.
AMF可以从LMF中接收第一消息,该第一消息中可以包括LMF支持的多个密钥和至少一个定位方式、至少一个跟踪区,且该至少一个定位方式、该至少一个跟踪区和该多个密钥具有映射关系,这样AMF可以结合该第一终端的定位方式和该第一终端所属的跟踪区从该LMF支持的多个密钥中选择出合适的密钥(即第一密钥),节省了AMF确定第一密钥的功耗开销。The AMF may receive a first message from the LMF. The first message may include multiple keys supported by the LMF, at least one positioning mode, at least one tracking area, and the at least one positioning mode, the at least one tracking area, and the multiple The keys have a mapping relationship, so that the AMF can select the appropriate key (ie, the first key) from the multiple keys supported by the LMF in combination with the positioning mode of the first terminal and the tracking area to which the first terminal belongs , Which saves the power consumption overhead of AMF determining the first key.
在一些可能的实现方式中,该AMF根据该第一终端的定位方式和该第一终端所属的跟踪区,从该LMF支持的多个密钥中确定该第一密钥包括:该AMF根据该第一终端的定位方式和第一映射关系,从该第一密钥集合中确定第二密钥集合,该第一密钥集合包括该多个密钥,该第二密钥为至少一种定位方式和至少一个密钥的映射关系;该AMF根据该第一终端所属的跟踪区和第二映射关系,从该第二密钥集合中确定该第一密钥,该第一映射关系为至少一个跟踪区和至少一个密钥的映射关系。In some possible implementation manners, the AMF determining the first key from the plurality of keys supported by the LMF according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs includes: the AMF according to the The positioning mode of the first terminal and the first mapping relationship are determined, a second key set is determined from the first key set, the first key set includes the multiple keys, and the second key is at least one positioning The mapping relationship between the method and at least one key; the AMF determines the first key from the second key set according to the tracking area to which the first terminal belongs and the second mapping relationship, and the first mapping relationship is at least one The mapping relationship between the tracking area and at least one key.
这样AMF可以根据第一映射关系和第二映射关系,确定出更加合适的第一密钥,更进一步节省了AMF的功耗开销。In this way, the AMF can determine a more suitable first key according to the first mapping relationship and the second mapping relationship, which further saves the power consumption of the AMF.
在一些可能的实现方式中,该第一消息还包括该LMF支持的多个定位方式,该方法还包括:该AMF获取该第一终端的定位能力信息,该定位能力信息用于指示该第一终端支持的定位方式;其中,该AMF获取第一终端的定位方式包括:该AMF根据该第一终端支持的定位方式和该LMF支持的多个定位方式,确定该第一终端的定位方式。In some possible implementation manners, the first message further includes multiple positioning modes supported by the LMF, and the method further includes: the AMF obtains positioning capability information of the first terminal, and the positioning capability information is used to indicate the first terminal The positioning mode supported by the terminal; where the AMF acquiring the positioning mode of the first terminal includes: the AMF determines the positioning mode of the first terminal according to the positioning mode supported by the first terminal and the multiple positioning modes supported by the LMF.
AMF还可以接收该第一终端的定位能力信息,该定位能力信息用于指示该第一终端支持的定位方式,以及获取LMF支持的定位方式,这样AMF可以结合第一终端支持的定位方式和LMF支持的定位方式确定该第一终端的定位方式,从而为该第一终端确定合适的定位方式,进而有助于为第一终端选择合适的第一密钥,从而提高了辅助信息的安全性能。The AMF can also receive the positioning capability information of the first terminal. The positioning capability information is used to indicate the positioning mode supported by the first terminal and to obtain the positioning mode supported by the LMF, so that the AMF can combine the positioning mode supported by the first terminal with the LMF The supported positioning mode determines the positioning mode of the first terminal, thereby determining a suitable positioning mode for the first terminal, which in turn helps to select a suitable first key for the first terminal, thereby improving the security performance of the auxiliary information.
在一些可能的实现方式中,该AMF获取该第一终端的定位能力信息包括:该AMF接收第二消息,该第二消息包括该定位能力信息;其中,该AMF向该第一终端发送该第一密钥包括:该AMF向该第一终端发送该第二消息的响应消息,该响应消息包括该第一密钥。In some possible implementation manners, acquiring, by the AMF, the positioning capability information of the first terminal includes: the AMF receives a second message, and the second message includes the positioning capability information; wherein, the AMF sends the first terminal to the first terminal. A key includes: the AMF sends a response message of the second message to the first terminal, and the response message includes the first key.
AMF获取第一终端的定位能力信息可以携带在第一终端的第二消息中,相应地,第一密钥可以携带在该第二消息的响应消息中。这样不需要第一终端专门发送该定位能力信息,AMF也不需要专门发送该第一密钥,通过携带在第二消息和第二消息的响应消息中,节省了信令开销。此外,本申请实施例中,密钥的分发也可以是由该第二消息触发,即本申请实施例提供了一种能够触发密钥分发的方式。The acquisition of the positioning capability information of the first terminal by the AMF may be carried in the second message of the first terminal, and accordingly, the first key may be carried in the response message of the second message. In this way, the first terminal does not need to specifically send the positioning capability information, and the AMF does not need to specifically send the first key. By carrying it in the second message and the response message of the second message, signaling overhead is saved. In addition, in the embodiment of the present application, the distribution of the key may also be triggered by the second message, that is, the embodiment of the present application provides a way to trigger the key distribution.
在一些可能的实现方式中,该AMF接收跟踪区标识包括:该AMF接收第三消息,该第三消息用于请求更新跟踪区,该第三消息包括该跟踪区标识;其中,该AMF向该第一终端发送该第一密钥包括:该AMF向该第一终端发送该第三消息的响应消息,该第三 消息的响应消息包括该第一密钥。In some possible implementations, the AMF receiving the tracking area identifier includes: the AMF receives a third message, the third message is used to request to update the tracking area, the third message includes the tracking area identifier; wherein, the AMF sends the The first terminal sending the first key includes: the AMF sends a response message of the third message to the first terminal, and the response message of the third message includes the first key.
该AMF接收跟踪区标识可以是AMF接收第三消息,该第三消息包括跟踪区标识,相应地,该第一密钥携带在该第三消息的响应消息中。这样不需要第一终端专门发送该第三消息,AMF也不需要专门发送该第一密钥,通过携带在第三消息和第三消息的响应消息中,节省了信令开销。此外,本申请实施例提供了另一种能够触发密钥分发的方式。The AMF receiving tracking area identifier may be a third message received by the AMF, the third message including the tracking area identifier, and accordingly, the first key is carried in the response message of the third message. In this way, the first terminal does not need to specifically send the third message, and the AMF does not need to specifically send the first key. By carrying it in the third message and the response message of the third message, signaling overhead is saved. In addition, the embodiments of the present application provide another way to trigger key distribution.
在一些可能的实现方式中,该方法还包括:该AMF向该第一终端发送有效期限、指示信息中的一项或者多项,该有效期限用于指示该第一终端能够使用该第一密钥的时长阈值或能够使用该第一密钥的次数阈值,该指示信息用于指示该AMF在该第一终端所属的跟踪区是否支持辅助信息。In some possible implementation manners, the method further includes: the AMF sends one or more of an expiration date and indication information to the first terminal, and the expiration date is used to indicate that the first terminal can use the first secret. The key duration threshold or the threshold of the number of times the first key can be used, the indication information is used to indicate whether the AMF supports auxiliary information in the tracking area to which the first terminal belongs.
AMF可以向第一终端发送有效期限,这样第一终端可以根据该有效期限判断第一密钥的生效时段,避免了采用不合理的密钥进行解析,提高了辅助信息的安全性能。AMF还可以发送指示信息以指示第一终端所属的跟踪区是否支持辅助信息,若支持辅助信息,则第一终端可以配置为接收辅助信息的状态,避免了第一终端在接收不到辅助信息的状态下依然等待辅助信息,节省了第一终端的功耗开销。The AMF can send the expiration date to the first terminal, so that the first terminal can determine the effective period of the first key according to the expiration date, avoiding the use of unreasonable keys for analysis and improving the security performance of auxiliary information. AMF can also send indication information to indicate whether the tracking area to which the first terminal belongs supports auxiliary information. If it supports auxiliary information, the first terminal can be configured to receive auxiliary information, which prevents the first terminal from receiving auxiliary information. The auxiliary information is still waiting in the state, which saves the power consumption of the first terminal.
在一些可能的实现方式中,该方法还包括:该AMF从UDM中获取该辅助信息设置;该AMF在该辅助信息设置指示该第一终端签约辅助信息的情况下,确定向该第一终端发送该第一密钥。In some possible implementation manners, the method further includes: the AMF obtains the auxiliary information setting from the UDM; the AMF determines to send the auxiliary information to the first terminal when the auxiliary information setting indicates that the first terminal signs the auxiliary information The first key.
AMF可以根据该辅助信息设置确定第一终端是否签约了辅助信息,在签约了辅助信息的情况下,向该第一终端发送该第一密钥,这样本申请实施例能够为以后的商业应用创造条件,例如,可以实现高精度的定位收费。AMF可以向UDM发送定位设置请求,该定位设置请求可以用于请求第一终端的辅助信息设置,UDM向AMF反馈定位设置请求的响应消息,该定位设置请求的响应消息包括该辅助信息设置。The AMF can determine whether the first terminal has subscribed to the auxiliary information according to the auxiliary information setting. In the case of subscribing to the auxiliary information, the first key is sent to the first terminal, so that this embodiment of the application can be created for future commercial applications Conditions, for example, can achieve high-precision positioning and charging. The AMF may send a positioning setting request to the UDM, the positioning setting request may be used to request the auxiliary information setting of the first terminal, the UDM feeds back a response message of the positioning setting request to the AMF, and the response message of the positioning setting request includes the auxiliary information setting.
在一些可能的实现方式中,该方法还包括:该AMF接收第四消息,该第四消息包括至少一个区域列表和至少一个辅助信息的第三映射关系;该AMF根据该第三映射关系,确定该至少一个区域列表中的第一区域列表对应的第一辅助信息;该AMF通过该第一区域列表对应的接入网设备发送该第一辅助信息。In some possible implementation manners, the method further includes: the AMF receives a fourth message, the fourth message includes a third mapping relationship between at least one area list and at least one auxiliary information; the AMF determines according to the third mapping relationship The first auxiliary information corresponding to the first area list in the at least one area list; the AMF sends the first auxiliary information through the access network device corresponding to the first area list.
LMF向AMF发送第四消息,该第四消息包括至少一个区域列表和至少一个辅助信息,且该至少一个区域列表和至少一个辅助信息具有映射关系(即第三映射关系),这样AMF可以根据该第三映射关系,确定出任意一个区域列表(例如,第一区域列表)对应的辅助信息,这样AMF可以通过第一区域列表对应的接入网设备向接入网设备覆盖的终端广播第一辅助信息,也就是说,AMF发送不同的辅助信息可以通过不同的区域列表对应的接入网设备,相对于传统方案中AMF通过覆盖的所有接入网设备发送辅助信息,节省了信令开销。此外,本申请实施例能够减少不相关辅助信息对第一终端的辅助信息的干扰,提高了辅助信息传输效率。The LMF sends a fourth message to the AMF. The fourth message includes at least one area list and at least one auxiliary information, and the at least one area list and the at least one auxiliary information have a mapping relationship (that is, a third mapping relationship), so that the AMF can The third mapping relationship determines the auxiliary information corresponding to any area list (for example, the first area list), so that the AMF can broadcast the first auxiliary information to the terminals covered by the access network device through the access network device corresponding to the first area list Information, that is, AMF can send different auxiliary information through access network devices corresponding to different area lists. Compared with the traditional scheme AMF sends auxiliary information through all access network devices covered, it saves signaling overhead. In addition, the embodiments of the present application can reduce the interference of irrelevant auxiliary information to the auxiliary information of the first terminal, and improve the efficiency of auxiliary information transmission.
在一些可能的实现方式中,该第四消息还包括至少一个定位方式和该至少一个辅助信息的第四映射关系,该方法还包括:该AMF根据该第四映射关系,确定该至少一个定位方式中的第一定位方式对应的至少一个辅助信息;其中,该AMF根据该第三映射关系,确定该至少一个区域列表中的第一区域列表对应的第一辅助信息包括:该AMF根据该第三映射关系,从该第一定位方式对应的至少一个辅助信息中确定该第一辅助信息。In some possible implementation manners, the fourth message further includes a fourth mapping relationship between at least one positioning mode and the at least one auxiliary information, and the method further includes: the AMF determines the at least one positioning mode according to the fourth mapping relationship The at least one auxiliary information corresponding to the first positioning mode in the AMF; wherein, the AMF determining the first auxiliary information corresponding to the first area list in the at least one area list according to the third mapping relationship includes: the AMF according to the third The mapping relationship is used to determine the first auxiliary information from at least one auxiliary information corresponding to the first positioning mode.
该第四消息还可以包括多个定位方式和至少一个辅助信息,且该至少一个定位方式和至少一个辅助信息具有映射关系。在一个定位方式对应多个辅助信息,或者一个区域列表对应多个辅助信息的情况下,AMF还可以根据第一定位方式对应的至少一个辅助信息中结合第一区域列表框对应的辅助信息确定出第一辅助信息,从而更进一步准确的广播辅助信息。The fourth message may also include multiple positioning modes and at least one auxiliary information, and the at least one positioning mode and the at least one auxiliary information have a mapping relationship. In the case that one positioning method corresponds to multiple auxiliary information, or one area list corresponds to multiple auxiliary information, the AMF may also determine according to at least one auxiliary information corresponding to the first positioning method in combination with the auxiliary information corresponding to the first area list box The first auxiliary information, so as to further accurately broadcast auxiliary information.
在一些可能的实现方式中,该方法还包括:当第一终端的第一密钥失效时,该AMF获取第二密钥;该AMF向该第一终端发送该第二密钥。In some possible implementation manners, the method further includes: when the first key of the first terminal becomes invalid, the AMF obtains the second key; and the AMF sends the second key to the first terminal.
第一密钥失效可以是AMF确定的。或者该第一密钥也可以是第一终端确定的,还可以是LMF确定的,进而告知该AMF。AMF可以在获知第一密钥失效的情况下,获取第二密钥,即将第一密钥更新为第二密钥,并向第一终端发送该第二密钥,这样AMF可以采用第二密钥对辅助信息进行加密,第一终端可以采用第二密钥对辅助信息进行解密,即及时的更新密钥,更进一步提高辅助信息的安全性能。The first key invalidation may be determined by AMF. Or, the first key may also be determined by the first terminal, or determined by the LMF, and then notify the AMF. AMF can obtain the second key when the first key is invalid, that is, update the first key to the second key, and send the second key to the first terminal, so that AMF can use the second key. The key encrypts the auxiliary information, and the first terminal can use the second key to decrypt the auxiliary information, that is, the key is updated in time, which further improves the security performance of the auxiliary information.
在一些可能的实现方式中,该方法还包括:该AMF接收第五消息,该第五消息用于请求该第一终端的位置信息;其中,该AMF向该第一终端发送该第二密钥包括:该AMF根据该第五消息,向该第一终端发送该第二密钥。In some possible implementations, the method further includes: the AMF receives a fifth message, the fifth message is used to request the location information of the first terminal; wherein, the AMF sends the second key to the first terminal The method includes: the AMF sends the second key to the first terminal according to the fifth message.
第五消息可以用于触发AMF向第一终端发送第二密钥,即本申请实施例提供了一种密钥更新的手段,使得通信两端采用合适的密钥进行辅助信息传输,更进一步提高了辅助信息的安全性能。The fifth message can be used to trigger the AMF to send the second key to the first terminal. That is, the embodiment of this application provides a key update method, so that both ends of the communication can use a suitable key for auxiliary information transmission, which further improves Improve the security performance of auxiliary information.
在一些可能的实现方式中,该方法还包括:该AMF接收来自该第一终端的第六消息,该第六消息用于请求更新密钥;其中,该AMF向该第一终端发送该第二密钥包括:该AMF根据该第六消息,向该第一终端发送该第二密钥。In some possible implementation manners, the method further includes: the AMF receives a sixth message from the first terminal, the sixth message is used to request to update the key; wherein, the AMF sends the second terminal to the first terminal. The key includes: the AMF sends the second key to the first terminal according to the sixth message.
第一终端在检测到第一密钥过期的情况下,通过接入网设备向AMF发送第六消息,该第六消息可以用于请求更新密钥。相应地,AMF接收该第六消息,并根据该第六消息,将第二密钥发送该第一终端。即第六消息可以用于触发该AMF发送该第二密钥。相应地,该第二密钥可以携带在该第六消息的响应消息中。即本申请实施例提供了另一种密钥更新的手段,使得通信两端采用合适的密钥进行辅助信息传输,更进一步提高了辅助信息的安全性能。When detecting that the first key has expired, the first terminal sends a sixth message to the AMF through the access network device, and the sixth message may be used to request to update the key. Correspondingly, the AMF receives the sixth message, and sends the second key to the first terminal according to the sixth message. That is, the sixth message can be used to trigger the AMF to send the second key. Correspondingly, the second key can be carried in the response message of the sixth message. That is to say, the embodiment of the present application provides another key update method, so that both ends of the communication can use an appropriate key to transmit auxiliary information, which further improves the security performance of the auxiliary information.
第二方面,提供了一种用于保护定位辅助信息的方法,该方法包括:第一终端向接入与移动性管理功能网元AMF发送跟踪区标识,该跟踪区标识用于指示该第一终端所属的跟踪区;该第一终端接收第一密钥,该第一密钥是由该AMF根据该第一终端所属的跟踪区确定的,且该第一密钥用于保护辅助信息。In a second aspect, a method for protecting positioning assistance information is provided. The method includes: a first terminal sends a tracking area identifier to an access and mobility management function network element AMF, where the tracking area identifier is used to indicate the first The tracking area to which the terminal belongs; the first terminal receives a first key, the first key is determined by the AMF according to the tracking area to which the first terminal belongs, and the first key is used to protect auxiliary information.
第一终端向AMF发送用于指示该第一终端所属的跟踪区的跟踪区标识,该第一终端所属的跟踪区的跟踪区标识用于AMF确定用于保护辅助信息的第一密钥,该第一终端从该AMF获取该第一密钥,也就是说,本申请实施例能够为第一终端分配更加合适的密钥,并通过该第一密钥保护该第一终端的辅助信息,从而提高了辅助信息的安全性能。The first terminal sends to the AMF a tracking area identifier used to indicate the tracking area to which the first terminal belongs. The tracking area identifier of the tracking area to which the first terminal belongs is used by the AMF to determine the first key used to protect the auxiliary information. The first terminal obtains the first key from the AMF, that is, the embodiment of the present application can allocate a more suitable key to the first terminal, and protect the auxiliary information of the first terminal through the first key, thereby Improve the security performance of auxiliary information.
在一些可能的实现方式中,该方法还包括:该第一终端接收加密后的辅助信息;该第一终端根据该第一密钥,解密该加密后的辅助信息。In some possible implementation manners, the method further includes: the first terminal receives the encrypted auxiliary information; and the first terminal decrypts the encrypted auxiliary information according to the first key.
第一终端接收到加密后的辅助信息,这样第一终端可以根据该第一密钥解密采用该第一密钥加密后的辅助信息,从而提高了辅助信息的安全性能。The first terminal receives the encrypted auxiliary information, so that the first terminal can decrypt the auxiliary information encrypted by using the first key according to the first key, thereby improving the security performance of the auxiliary information.
在一些可能的实现方式中,该方法还包括:该第一终端向该AMF发送定位能力信息,该定位能力信息用于指示该第一终端支持的定位方式。In some possible implementation manners, the method further includes: the first terminal sends positioning capability information to the AMF, where the positioning capability information is used to indicate a positioning manner supported by the first terminal.
第一终端向该AMF发送该第一终端的定位方式,AMF结合该第一终端所属的跟踪区和第一终端的定位方式确定为第一终端分配的第一密钥,这样能够为第一终端分配更加合适的密钥,更进一步提高了辅助信息的安全性能。The first terminal sends the positioning mode of the first terminal to the AMF, and the AMF determines the first key assigned by the first terminal based on the tracking area to which the first terminal belongs and the positioning mode of the first terminal. The distribution of more appropriate keys further improves the security performance of auxiliary information.
在一些可能的实现方式中,该第一终端向该AMF发送定位能力信息包括:该第一终端向该AMF发送第二消息,该第二消息包括定位能力信息,且该第二消息用于请求接入该AMF;其中,该第一终端接收第一密钥包括:该第一终端接收该第二消息的响应消息,该响应消息包括该第一密钥。In some possible implementations, the first terminal sending positioning capability information to the AMF includes: the first terminal sends a second message to the AMF, the second message includes the positioning capability information, and the second message is used to request Access the AMF; wherein, the first terminal receiving the first key includes: the first terminal receives a response message of the second message, and the response message includes the first key.
第一终端向该AMF发送第一终端的定位能力信息,该第一终端的定位能力信息可以携带在第一终端的第二消息中,相应地,第一密钥可以携带在该第二消息的响应消息中。这样不需要第一终端专门发送该定位能力信息,AMF也不需要专门发送该第一密钥,通过携带在第二消息和第二消息的响应消息中,节省了信令开销。此外,本申请实施例中,密钥的分发也可以是由该第二消息触发,即本申请实施例提供了一种能够触发密钥分发的方式。The first terminal sends the positioning capability information of the first terminal to the AMF. The positioning capability information of the first terminal can be carried in the second message of the first terminal. Accordingly, the first key can be carried in the second message. Response message. In this way, the first terminal does not need to specifically send the positioning capability information, and the AMF does not need to specifically send the first key. By carrying it in the second message and the response message of the second message, signaling overhead is saved. In addition, in the embodiment of the present application, the distribution of the key may also be triggered by the second message, that is, the embodiment of the present application provides a way to trigger the key distribution.
在一些可能的实现方式中,该第一终端向AMF发送跟踪区标识包括:该第一终端向该AMF发送第三消息,该第三消息包括该跟踪区标识;其中,该第一终端接收第一密钥包括:该第一终端接收该第三消息的响应消息,该响应消息包括该第一密钥。In some possible implementation manners, sending the tracking area identifier by the first terminal to the AMF includes: the first terminal sends a third message to the AMF, the third message including the tracking area identifier; wherein, the first terminal receives the first terminal A key includes: the first terminal receives a response message of the third message, and the response message includes the first key.
第一终端向AMF发送包括跟踪区标识的第三消息,相应地,该第一密钥携带在该第三消息的响应消息中。这样不需要第一终端专门发送该第三消息,AMF也不需要专门发送该第一密钥,通过携带在第三消息和第三消息的响应消息中,节省了信令开销。此外,本申请实施例提供了另一种能够触发密钥分发的方式。The first terminal sends a third message including the tracking area identifier to the AMF, and accordingly, the first key is carried in the response message of the third message. In this way, the first terminal does not need to specifically send the third message, and the AMF does not need to specifically send the first key. By carrying it in the third message and the response message of the third message, signaling overhead is saved. In addition, the embodiments of the present application provide another way to trigger key distribution.
在一些可能的实现方式中,该方法还包括:该第一终端从该AMF接收有效期限、指示信息中的一项或者多项,该有效期限用于指示该第一终端能够使用该第一密钥的时长阈值或能够使用该第一密钥的次数阈值,该指示信息用于指示该AMF在该第一终端所属的跟踪区是否支持辅助信息。In some possible implementation manners, the method further includes: the first terminal receives one or more of an expiration date and indication information from the AMF, and the expiration date is used to indicate that the first terminal can use the first secret. The key duration threshold or the threshold of the number of times the first key can be used, the indication information is used to indicate whether the AMF supports auxiliary information in the tracking area to which the first terminal belongs.
第一终端可以接收AMF发送的有效期限,这样第一终端可以根据该有效期限判断第一密钥的生效时段,避免了采用不合理的密钥进行解析,提高了辅助信息的安全性能。AMF还可以发送指示信息以指示第一终端所属的跟踪区是否支持辅助信息,若支持辅助信息,则第一终端可以配置为接收辅助信息的状态,避免了第一终端在接收不到辅助信息的状态下依然等待辅助信息,节省了第一终端的功耗开销。The first terminal can receive the expiration date sent by the AMF, so that the first terminal can determine the effective period of the first key according to the expiration date, avoiding the use of unreasonable keys for parsing and improving the security performance of auxiliary information. AMF can also send indication information to indicate whether the tracking area to which the first terminal belongs supports auxiliary information. If it supports auxiliary information, the first terminal can be configured to receive auxiliary information, which prevents the first terminal from receiving auxiliary information. The auxiliary information is still waiting in the state, which saves the power consumption of the first terminal.
在一些可能的实现方式中,该方法还包括:该第一终端根据该有效期限,确定该第一密钥是否失效;该第一终端在确定该第一密钥失效的情况下,向该AMF发送第六消息,该第六消息用于请求更新密钥;该第一终端接收该第六消息的响应消息,该第六消息的响应消息包括第二密钥;该第一终端根据该第二密钥,解密该加密后的辅助信息。In some possible implementation manners, the method further includes: the first terminal determines whether the first key is invalid according to the expiration date; when the first terminal determines that the first key is invalid, report to the AMF Send a sixth message, the sixth message is used to request to update the key; the first terminal receives the response message of the sixth message, the response message of the sixth message includes the second key; the first terminal according to the second Key to decrypt the encrypted auxiliary information.
第一终端可以根据第一密钥的有效期限检测第一密钥是否过期,在检测到第一密钥过期的情况下,通过接入网设备向AMF发送第六消息,AMF为第一终端选择新的密钥(例如,第二密钥),并将第二密钥发送该第一终端,这样第一终端可以根据该第二密钥解密该加密后的辅助信息,即本申请实施例能够为第一终端更新密钥,从而更进一步提高辅助 信息的安全性能。The first terminal can detect whether the first key has expired according to the expiration date of the first key, and in the case of detecting that the first key has expired, send a sixth message to the AMF through the access network device, and the AMF selects the first terminal New key (for example, the second key), and send the second key to the first terminal, so that the first terminal can decrypt the encrypted auxiliary information according to the second key, that is, the embodiment of the present application can Update the key for the first terminal, thereby further improving the security performance of the auxiliary information.
在一些可能的实现方式中,该第一终端根据该有效期限,确定该第一密钥是否失效包括:该第一终端在确定该第一终端使用该第一密钥的时长大于该时长阈值的情况下,确定该第一密钥失效;或该第一终端在确定该第一终端使用该第一密钥的次数大于该次数阈值的情况下,确定该第一密钥失效。In some possible implementation manners, the first terminal determining whether the first key is invalid according to the expiration date includes: the first terminal determining that the first terminal uses the first key for a period of time greater than the duration threshold In a case, it is determined that the first key is invalid; or the first terminal determines that the first key is invalid in the case that the number of times the first terminal uses the first key is greater than the threshold of the number of times.
第一终端具体可以检测使用第一密钥的时长是否超过时长阈值,在使用第一密钥的时长超过时长阈值的情况下确定该第一密钥过期,否则第一密钥没有过期;或第一终端可以检测使用第一密钥的次数是否超过次数阈值,若使用第一密钥的次数超过次数阈值,则第一密钥过期,否则第一密钥过期。The first terminal may specifically detect whether the duration of using the first key exceeds the duration threshold, and if the duration of using the first key exceeds the duration threshold, determine that the first key has expired, otherwise the first key has not expired; or A terminal can detect whether the number of times of using the first key exceeds the threshold of times. If the number of times of using the first key exceeds the threshold of times, the first key expires; otherwise, the first key expires.
在一些可能的实现方式中,该方法还包括:该第一终端从该AMF接收第二密钥;该第一终端根据该第二密钥,解密从该AMF接收到的辅助信息。In some possible implementation manners, the method further includes: the first terminal receives a second key from the AMF; and the first terminal decrypts the auxiliary information received from the AMF according to the second key.
在AMF检测到第二密钥时,向第一终端发送该第二密钥,第一终端根据该第二密钥解析辅助信息,也就是说,第一终端可以从AMF获取的新密钥来更新密钥,从而提高辅助信息的安全性能。When the AMF detects the second key, it sends the second key to the first terminal, and the first terminal parses the auxiliary information according to the second key, that is, the first terminal can obtain the new key from the AMF. Update the key to improve the security performance of auxiliary information.
第三方面,提供了一种用于保护辅助信息的方法,该方法包括:位置管理功能网元LMF确定第一消息,该第一消息包括该LMF支持的多个密钥,以及该多个密钥分别对应的跟踪区;该LMF向接入与移动性管理功能网元AMF发送该第一消息。In a third aspect, a method for protecting auxiliary information is provided. The method includes: a location management function network element LMF determines a first message, the first message includes multiple keys supported by the LMF, and the multiple secrets The tracking areas corresponding to the keys respectively; the LMF sends the first message to the access and mobility management function network element AMF.
LMF向AMF发送第一消息,该第一消息中可以包括LMF支持的多个密钥和至少一个跟踪区,且该至少一个跟踪区和该多个密钥具有映射关系,这样使得AMF可以根据该第一终端所属的跟踪区从该LMF支持的多个密钥中选择出合适的密钥(即第一密钥),节省了AMF确定第一密钥的功耗开销。The LMF sends a first message to the AMF. The first message may include multiple keys supported by the LMF and at least one tracking area, and the at least one tracking area and the multiple keys have a mapping relationship, so that the AMF can The tracking area to which the first terminal belongs selects an appropriate key (that is, the first key) from the multiple keys supported by the LMF, which saves the power consumption of the AMF for determining the first key.
可选地,该第一消息还包括该多个密钥分别与至少一个定位方式的映射关系。Optionally, the first message further includes a mapping relationship between the multiple keys and at least one positioning mode.
该第一消息中可以包括LMF支持的多个密钥、至少一个跟踪区和至少一个定位方式,且该至少一个定位方式、该至少一个跟踪区和该多个密钥具有映射关系,这样使得AMF可以根据该第一终端所属的跟踪区和该第一终端的定位方式从该LMF支持的多个密钥中选择出合适的密钥(即第一密钥),从而更进一步节省了AMF确定第一密钥的功耗开销。The first message may include multiple keys supported by the LMF, at least one tracking area, and at least one positioning mode, and the at least one positioning mode, the at least one tracking area, and the multiple keys have a mapping relationship, so that the AMF An appropriate key (ie, the first key) can be selected from the multiple keys supported by the LMF according to the tracking area to which the first terminal belongs and the positioning mode of the first terminal, thereby further saving the AMF to determine the first key. The power consumption overhead of a key.
在一些可能的实现方式中,该方法还包括:该LMF生成至少一个辅助信息;该LMF发送第四消息,该第四消息包括至少一个区域列表和至少一个辅助信息的第三映射关系。In some possible implementation manners, the method further includes: the LMF generates at least one auxiliary information; the LMF sends a fourth message, and the fourth message includes a third mapping relationship between at least one area list and at least one auxiliary information.
LMF向AMF发送第四消息,该第四消息包括至少一个区域列表和至少一个辅助信息,且该至少一个区域列表和至少一个辅助信息具有映射关系(即第三映射关系),这样AMF可以根据该第三映射关系,确定出任意一个区域列表(例如,第一区域列表)对应的辅助信息,这样AMF可以通过第一区域列表对应的接入网设备向接入网设备覆盖的终端广播第一辅助信息,也就是说,AMF发送不同的辅助信息可以通过不同的区域列表对应的接入网设备,相对于传统方案中AMF通过覆盖的所有接入网设备发送辅助信息,节省了信令开销。此外,本申请实施例能够减少不相关辅助信息对第一终端的辅助信息的干扰,提高了辅助信息传输效率。The LMF sends a fourth message to the AMF. The fourth message includes at least one area list and at least one auxiliary information, and the at least one area list and the at least one auxiliary information have a mapping relationship (that is, a third mapping relationship), so that the AMF can The third mapping relationship determines the auxiliary information corresponding to any area list (for example, the first area list), so that the AMF can broadcast the first auxiliary information to the terminals covered by the access network device through the access network device corresponding to the first area list Information, that is, AMF can send different auxiliary information through access network devices corresponding to different area lists. Compared with the traditional scheme AMF sends auxiliary information through all access network devices covered, it saves signaling overhead. In addition, the embodiments of the present application can reduce the interference of irrelevant auxiliary information to the auxiliary information of the first terminal, and improve the efficiency of auxiliary information transmission.
在一些可能的实现方式中,该第四消息还包括多个定位方式和该至少一个辅助信息的第四映射关系。In some possible implementation manners, the fourth message further includes a fourth mapping relationship between multiple positioning modes and the at least one auxiliary information.
该第四消息还可以包括多个定位方式和至少一个辅助信息,且该至少一个定位方式和 至少一个辅助信息具有映射关系。在一个定位方式对应多个辅助信息,或者一个区域列表对应多个辅助信息的情况下,AMF还可以根据第一定位方式对应的至少一个辅助信息中结合第一区域列表框对应的辅助信息确定出第一辅助信息,从而更进一步准确的广播辅助信息。The fourth message may also include multiple positioning modes and at least one auxiliary information, and the at least one positioning mode and the at least one auxiliary information have a mapping relationship. In the case that one positioning method corresponds to multiple auxiliary information, or one area list corresponds to multiple auxiliary information, the AMF may also determine according to at least one auxiliary information corresponding to the first positioning method in combination with the auxiliary information corresponding to the first area list box The first auxiliary information, so as to further accurately broadcast auxiliary information.
在一些可能的实现方式中,该LMF生成至少一个辅助信息包括:该LMF根据该至少一个辅助信息中的第二辅助信息和该第三映射关系,确定该第二辅助信息对应的第一区域列表;该LMF根据该第一区域列表,确定该第一区域列表对应的第一密钥;该LMF通过该第一密钥对该第二辅助信息进行加密生成该第一辅助信息。In some possible implementation manners, generating the at least one auxiliary information by the LMF includes: the LMF determines the first area list corresponding to the second auxiliary information according to the second auxiliary information in the at least one auxiliary information and the third mapping relationship The LMF determines the first key corresponding to the first area list according to the first area list; the LMF uses the first key to encrypt the second auxiliary information to generate the first auxiliary information.
也就是说,LMF根据发送的第一消息中携带的映射关系为不同区域列表对应的辅助信息分配密钥,相应地,AMF也根据该第一消息中的映射关系确定不同区域列表对应的辅助信息的密钥,并将确定出的密钥发送给终端,使得终端能够解密该辅助信息,进一步提高了辅助信息的安全性能。That is to say, the LMF assigns keys to the auxiliary information corresponding to the different area lists according to the mapping relationship carried in the first message sent, and accordingly, the AMF also determines the auxiliary information corresponding to the different area lists according to the mapping relationship in the first message And send the determined key to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
在一些可能的实现方式中,该LMF生成至少一个辅助信息包括:该LMF根据该至少一个辅助信息中的第二辅助信息和该第三映射关系,确定该第二辅助信息对应的第一区域列表;该LMF根据该第二辅助信息和该第四映射关系,确定该第二辅助信息对应的第一定位方式;该LMF根据该第一区域列表和该第一定位方式,确定第一密钥;该LMF通过该第一密钥对该第二辅助信息进行加密生成该第一辅助信息。In some possible implementation manners, generating the at least one auxiliary information by the LMF includes: the LMF determines the first area list corresponding to the second auxiliary information according to the second auxiliary information in the at least one auxiliary information and the third mapping relationship The LMF determines the first positioning mode corresponding to the second auxiliary information according to the second auxiliary information and the fourth mapping relationship; the LMF determines the first key according to the first area list and the first positioning mode; The LMF encrypts the second auxiliary information by using the first key to generate the first auxiliary information.
也就是说,LMF根据发送的第一消息中携带的映射关系为根据区域列表和定位方式为对应的辅助信息分配密钥,相应地,AMF也根据该第一消息中的映射关系确定不同区域列表和定位方式对应的辅助信息的密钥,并将确定出的密钥发送给终端,使得终端能够解密该辅助信息,进一步提高了辅助信息的安全性能。That is to say, according to the mapping relationship carried in the first message sent, the LMF assigns keys to the corresponding auxiliary information according to the area list and positioning mode. Accordingly, the AMF also determines the different area lists according to the mapping relationship in the first message. The key of the auxiliary information corresponding to the positioning mode is sent to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
第四方面,提供了一种传输辅助信息的方法,该方法包括移动性管理功能网元AMF获取第一消息,该第一消息包括至少一个区域列表和至少一个辅助信息的第一映射关系,该至少一个区域列表中的每个区域列表对应该AMF管理的多个接入网设备中的部分接入网设备;该AMF根据该第一映射关系,确定该至少一个区域列表中的第一区域列表对应的第一辅助信息;该AMF通过该第一区域列表对应的接入网设备发送该第一辅助信息。In a fourth aspect, a method for transmitting auxiliary information is provided. The method includes a mobility management function network element AMF acquiring a first message, the first message including a first mapping relationship between at least one area list and at least one auxiliary information, and Each area list in the at least one area list corresponds to part of the access network equipment among the multiple access network equipment managed by the AMF; the AMF determines the first area list in the at least one area list according to the first mapping relationship Corresponding first auxiliary information; the AMF sends the first auxiliary information through the access network device corresponding to the first area list.
AMF获取第一消息,该第一消息包括LMF根据该第一消息中携带的映射关系为不同区域列表对应的辅助信息分配密钥,AMF根据该第一消息中的映射关系确定不同区域列表对应的辅助信息的密钥,并将确定出的密钥发送给终端,使得终端能够解密该辅助信息,进一步提高了辅助信息的安全性能。The AMF obtains a first message. The first message includes that the LMF allocates keys for the auxiliary information corresponding to different area lists according to the mapping relationship carried in the first message, and the AMF determines the key corresponding to the different area lists according to the mapping relationship in the first message. The key of the auxiliary information is sent to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
在一些可能的实现方式中,该第一消息还包括多个定位方式和该至少一个辅助信息的第二映射关系,该方法还包括:该AMF根据该第二映射关系,确定该至少一个定位方式中的第一定位方式对应的至少一个辅助信息;其中,该AMF根据该第一映射关系,确定该至少一个区域列表中的第一区域列表对应的第一辅助信息包括:该AMF根据该第一映射关系,从该第一定位方式对应的至少一个辅助信息中确定该第一辅助信息。In some possible implementation manners, the first message further includes a second mapping relationship between multiple positioning modes and the at least one auxiliary information, and the method further includes: the AMF determines the at least one positioning mode according to the second mapping relationship The at least one auxiliary information corresponding to the first positioning mode in the AMF; wherein the AMF determining the first auxiliary information corresponding to the first area list in the at least one area list according to the first mapping relationship includes: the AMF according to the first The mapping relationship is used to determine the first auxiliary information from at least one auxiliary information corresponding to the first positioning mode.
该第一消息还包括多个定位方式和该至少一个辅助信息的第二映射关系,AMF根据该第二映射关系确定该至少一个定位方式中的第一定位方式对应的至少一个辅助信息,并根据第一映射关系从该第一定位方式对应的至少一个辅助信息中确定该第一辅助信息,也就是说,AMF根据该第一消息中的映射关系确定不同区域列表和定位方式对应的辅助信 息的密钥,并将确定出的密钥发送给终端,使得终端能够解密该辅助信息,进一步提高了辅助信息的安全性能。The first message also includes a second mapping relationship between multiple positioning modes and the at least one auxiliary information. AMF determines at least one auxiliary information corresponding to the first positioning mode in the at least one positioning mode according to the second mapping relationship, and The first mapping relationship determines the first auxiliary information from at least one auxiliary information corresponding to the first positioning mode, that is, the AMF determines the different area lists and the auxiliary information corresponding to the positioning mode according to the mapping relationship in the first message. And send the determined key to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
在一些可能的实现方式中,该方法还包括:该AMF确定该第一辅助信息对应的第一密钥;该AMF向该第一区域列表对应的接入网设备覆盖的第一终端发送该第一密钥。In some possible implementations, the method further includes: the AMF determines the first key corresponding to the first auxiliary information; and the AMF sends the first key to the first terminal covered by the access network device corresponding to the first area list. One key.
AMF可以将第一辅助信息对应的第一密钥,分发给特定终端,使得对应的终端能够根据该密钥进行解密对应的辅助信息,这样本申请实施例能够为以后的商业应用创造条件,例如,可以实现高精度的定位收费。AMF can distribute the first key corresponding to the first auxiliary information to specific terminals, so that the corresponding terminal can decrypt the corresponding auxiliary information according to the key. In this way, the embodiments of this application can create conditions for future commercial applications, such as , Can achieve high-precision positioning and charging.
第五方面,提供了一种传输辅助信息的方法,该方法包括:位置管理功能网元LMF生成至少一个辅助信息;该LMF发送第一消息,该第一消息包括至少一个区域列表和至少一个辅助信息的第一映射关系,该至少一个区域列表中的每个区域列表对应该AMF管理的多个接入网设备中的部分接入网设备。In a fifth aspect, a method for transmitting auxiliary information is provided. The method includes: a location management function network element LMF generates at least one auxiliary information; the LMF sends a first message, and the first message includes at least one area list and at least one auxiliary information. The first mapping relationship of the information, each area list in the at least one area list corresponds to a part of the access network equipment of the multiple access network equipment managed by the AMF.
LMF根据发送的第一消息中携带的映射关系为不同区域列表对应的辅助信息分配密钥,使得AMF也根据该第一消息中的映射关系确定不同区域列表对应的辅助信息的密钥,并将确定出的密钥发送给终端,使得终端能够解密该辅助信息,进一步提高了辅助信息的安全性能。LMF assigns keys to the auxiliary information corresponding to different area lists according to the mapping relationship carried in the first message sent, so that AMF also determines the keys of auxiliary information corresponding to different area lists according to the mapping relationship in the first message, and The determined key is sent to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
在一些可能的实现方式中,该第一消息还包括多个定位方式和该至少一个辅助信息的第二映射关系。In some possible implementation manners, the first message further includes a second mapping relationship between multiple positioning modes and the at least one auxiliary information.
LMF根据辅助信息和定位方式的映射关系(即第二映射关系),确定LMF支持的至少一个辅助信息中的第二辅助信息对应的第一定位方式,根据第一区域列表和第一定位方式确定出第一密钥,进而根据该第一密钥对该第二辅助信息进行加密生成该第一辅助信息。也就是说,LMF根据发送的第一消息中携带的映射关系为根据区域列表和定位方式为对应的辅助信息分配密钥,相应地,AMF也根据该第一消息中的映射关系确定不同区域列表和定位方式对应的辅助信息的密钥,并将确定出的密钥发送给终端,使得终端能够解密该辅助信息,进一步提高了辅助信息的安全性能。The LMF determines the first positioning mode corresponding to the second auxiliary information in the at least one auxiliary information supported by the LMF according to the mapping relationship between the auxiliary information and the positioning mode (ie the second mapping relationship), and determines it according to the first area list and the first positioning mode The first key is generated, and the second auxiliary information is encrypted according to the first key to generate the first auxiliary information. That is to say, according to the mapping relationship carried in the first message sent, the LMF assigns keys to the corresponding auxiliary information according to the area list and positioning mode. Accordingly, the AMF also determines the different area lists according to the mapping relationship in the first message. The key of the auxiliary information corresponding to the positioning mode is sent to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
第六方面,提供了一种用于保护辅助信息的装置,该装置可以是AMF,也可以是AMF内的芯片。该装置具有实现上述第一方面及各种可能的实现方式的功能。该功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。该硬件或软件包括一个或多个与上述功能相对应的模块。In a sixth aspect, a device for protecting auxiliary information is provided. The device may be an AMF or a chip in the AMF. The device has the function of realizing the above-mentioned first aspect and various possible implementation modes. This function can be realized by hardware, or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above-mentioned functions.
在一种可能的设计中,该装置包括:处理模块和收发模块,所述收发模块例如可以是收发器、接收器、发射器中的至少一种,该收发模块可以包括射频电路或天线。该处理模块可以是处理器。In a possible design, the device includes a processing module and a transceiver module. The transceiver module may be, for example, at least one of a transceiver, a receiver, and a transmitter, and the transceiver module may include a radio frequency circuit or an antenna. The processing module may be a processor.
可选地,所述装置还包括存储模块,该存储模块例如可以是存储器。当包括存储模块时,该存储模块用于存储指令。该处理模块与该存储模块连接,该处理模块可以执行该存储模块存储的指令或源自其他的指令,以使该装置执行上述第一方面或其任意一项的方法。Optionally, the device further includes a storage module, and the storage module may be a memory, for example. When a storage module is included, the storage module is used to store instructions. The processing module is connected to the storage module, and the processing module can execute instructions stored in the storage module or instructions derived from other sources, so that the device executes the first aspect or any one of the methods described above.
在另一种可能的设计中,当该装置为芯片时,该芯片包括:处理模块,可选地,该芯片还包括收发模块,收发模块例如可以是该芯片上的输入/输出接口、管脚或电路等。处理模块例如可以是处理器。该处理模块可执行指令,以使该AMF内的芯片执行上述第一方面以及任意可能的实现的通信方法。In another possible design, when the device is a chip, the chip includes: a processing module. Optionally, the chip also includes a transceiver module. The transceiver module may be, for example, an input/output interface or pin on the chip. Or circuits, etc. The processing module may be a processor, for example. The processing module can execute instructions so that the chip in the AMF executes the first aspect and any possible implementation communication methods.
可选地,该处理模块可以执行存储模块中的指令,该存储模块可以为芯片内的存储模块,如寄存器、缓存等。该存储模块还可以是位于通信设备内,但位于芯片外部,如只读存储器(read-only memory,ROM)或可存储静态信息和指令的其他类型的静态存储设备,随机存取存储器(random access memory,RAM)等。Optionally, the processing module may execute instructions in the storage module, and the storage module may be a storage module in the chip, such as a register, a cache, and the like. The storage module may also be located in the communication device but outside the chip, such as read-only memory (ROM) or other types of static storage devices that can store static information and instructions, random access memory (random access memory) memory, RAM) etc.
其中,上述任一处提到的处理器,可以是一个通用中央处理器(CPU),微处理器,特定应用集成电路(application-specific integrated circuit,ASIC),或一个或多个用于控制上述各方面通信方法的程序执行的集成电路。Among them, the processor mentioned in any of the above can be a general-purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more for controlling the above All aspects of the communication method program execution integrated circuit.
第七方面,提供了一种用于保护辅助信息的装置,该装置可以是终端,也可以是终端内的芯片。该装置具有实现上述第二方面及各种可能的实现方式的功能。该功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。该硬件或软件包括一个或多个与上述功能相对应的模块。In a seventh aspect, a device for protecting auxiliary information is provided. The device may be a terminal or a chip in the terminal. The device has the function of realizing the above-mentioned second aspect and various possible implementation manners. This function can be realized by hardware, or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above-mentioned functions.
在一种可能的设计中,该装置包括:收发模块。可选地,该装置还包括处理模块,所述收发模块例如可以是收发器、接收器、发射器中的至少一种,该收发模块可以包括射频电路或天线。该处理模块可以是处理器。In one possible design, the device includes a transceiver module. Optionally, the device further includes a processing module. The transceiver module may be, for example, at least one of a transceiver, a receiver, and a transmitter. The transceiver module may include a radio frequency circuit or an antenna. The processing module may be a processor.
可选地,所述装置还包括存储模块,该存储模块例如可以是存储器。当包括存储模块时,该存储模块用于存储指令。该处理模块与该存储模块连接,该处理模块可以执行该存储模块存储的指令或源自其他的指令,以使该装置执行上述第二方面及各种可能的实现方式的通信方法。在本设计中,该装置可以为终端。Optionally, the device further includes a storage module, and the storage module may be a memory, for example. When a storage module is included, the storage module is used to store instructions. The processing module is connected to the storage module, and the processing module can execute instructions stored in the storage module or from other instructions, so that the device executes the communication methods of the second aspect and various possible implementation manners. In this design, the device can be a terminal.
在另一种可能的设计中,当该装置为芯片时,该芯片包括:收发模块。可选地,该装置还包括处理模块,收发模块例如可以是该芯片上的输入/输出接口、管脚或电路等。处理模块例如可以是处理器。该处理模块可执行指令,以使该AMF内的芯片执行上述第二方面以及任意可能的实现的通信方法。In another possible design, when the device is a chip, the chip includes a transceiver module. Optionally, the device further includes a processing module, and the transceiver module may be, for example, an input/output interface, pin or circuit on the chip. The processing module may be a processor, for example. The processing module can execute instructions so that the chip in the AMF executes the second aspect and any possible implementation communication methods.
可选地,该处理模块可以执行存储模块中的指令,该存储模块可以为芯片内的存储模块,如寄存器、缓存等。该存储模块还可以是位于通信设备内,但位于芯片外部,如只读存储器或可存储静态信息和指令的其他类型的静态存储设备,随机存取存储器等。Optionally, the processing module may execute instructions in the storage module, and the storage module may be a storage module in the chip, such as a register, a cache, and the like. The storage module may also be located in the communication device but outside the chip, such as a read-only memory or other types of static storage devices that can store static information and instructions, random access memory, etc.
其中,上述任一处提到的处理器,可以是一个通用中央处理器,微处理器,特定应用集成电路,或一个或多个用于控制上述各方面通信方法的程序执行的集成电路。Wherein, the processor mentioned in any of the above may be a general-purpose central processing unit, a microprocessor, a specific application integrated circuit, or one or more integrated circuits used to control the execution of the programs of the above-mentioned communication methods.
第八方面,提供了一种用于保护辅助信息的装置,该装置可以是终端,也可以是终端内的芯片。该装置具有实现上述第三方面,及各种可能的实现方式的功能。该功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。该硬件或软件包括一个或多个与上述功能相对应的模块。In an eighth aspect, a device for protecting auxiliary information is provided. The device may be a terminal or a chip in the terminal. The device has the function of realizing the aforementioned third aspect and various possible implementation modes. This function can be realized by hardware, or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above-mentioned functions.
在一种可能的设计中,该装置包括:收发模块。可选地,该装置还包括处理模块,所述收发模块例如可以是收发器、接收器、发射器中的至少一种,该收发模块可以包括射频电路或天线。该处理模块可以是处理器。In one possible design, the device includes a transceiver module. Optionally, the device further includes a processing module. The transceiver module may be, for example, at least one of a transceiver, a receiver, and a transmitter. The transceiver module may include a radio frequency circuit or an antenna. The processing module may be a processor.
可选地,所述装置还包括存储模块,该存储模块例如可以是存储器。当包括存储模块时,该存储模块用于存储指令。该处理模块与该存储模块连接,该处理模块可以执行该存储模块存储的指令或源自其他的指令,以使该装置执行上述第三方面,及各种可能的实现方式的通信方法。在本设计中,该装置可以为终端。Optionally, the device further includes a storage module, and the storage module may be a memory, for example. When a storage module is included, the storage module is used to store instructions. The processing module is connected to the storage module, and the processing module can execute the instructions stored in the storage module or from other instructions, so that the device executes the third aspect described above and various possible implementation modes of communication methods. In this design, the device can be a terminal.
在另一种可能的设计中,当该装置为芯片时,该芯片包括:收发模块。可选地,该装 置还包括处理模块,收发模块例如可以是该芯片上的输入/输出接口、管脚或电路等。处理模块例如可以是处理器。该处理模块可执行指令,以使该AMF内的芯片执行上述第三方面,以及任意可能的实现的通信方法。In another possible design, when the device is a chip, the chip includes a transceiver module. Optionally, the device further includes a processing module, and the transceiver module may be, for example, an input/output interface, pin, or circuit on the chip. The processing module may be a processor, for example. The processing module can execute instructions so that the chip in the AMF executes the third aspect and any possible implemented communication methods.
可选地,该处理模块可以执行存储模块中的指令,该存储模块可以为芯片内的存储模块,如寄存器、缓存等。该存储模块还可以是位于通信设备内,但位于芯片外部,如只读存储器或可存储静态信息和指令的其他类型的静态存储设备,随机存取存储器等。Optionally, the processing module may execute instructions in the storage module, and the storage module may be a storage module in the chip, such as a register, a cache, and the like. The storage module may also be located in the communication device but outside the chip, such as a read-only memory or other types of static storage devices that can store static information and instructions, random access memory, etc.
其中,上述任一处提到的处理器,可以是一个通用中央处理器,微处理器,特定应用集成电路,或一个或多个用于控制上述各方面通信方法的程序执行的集成电路。Wherein, the processor mentioned in any of the above may be a general-purpose central processing unit, a microprocessor, a specific application integrated circuit, or one or more integrated circuits used to control the execution of the programs of the above-mentioned communication methods.
第九方面,提供了一种用于保护辅助信息的装置,该装置可以是AMF,也可以是AMF内的芯片。该装置具有实现上述第四方面,及各种可能的实现方式的功能。该功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。该硬件或软件包括一个或多个与上述功能相对应的模块。In a ninth aspect, a device for protecting auxiliary information is provided. The device may be an AMF or a chip in the AMF. The device has the function of realizing the above-mentioned fourth aspect and various possible implementation modes. This function can be realized by hardware, or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above-mentioned functions.
在一种可能的设计中,该装置包括:处理模块和收发模块,所述收发模块例如可以是收发器、接收器、发射器中的至少一种,该收发模块可以包括射频电路或天线。该处理模块可以是处理器。In a possible design, the device includes a processing module and a transceiver module. The transceiver module may be, for example, at least one of a transceiver, a receiver, and a transmitter, and the transceiver module may include a radio frequency circuit or an antenna. The processing module may be a processor.
可选地,所述装置还包括存储模块,该存储模块例如可以是存储器。当包括存储模块时,该存储模块用于存储指令。该处理模块与该存储模块连接,该处理模块可以执行该存储模块存储的指令或源自其他的指令,以使该装置执行上述第四方面,或其任意一项的方法。Optionally, the device further includes a storage module, and the storage module may be a memory, for example. When a storage module is included, the storage module is used to store instructions. The processing module is connected to the storage module, and the processing module can execute instructions stored in the storage module or instructions derived from other sources, so that the device executes the foregoing fourth aspect or any one of the methods.
在另一种可能的设计中,当该装置为芯片时,该芯片包括:处理模块,可选地,该芯片还包括收发模块,收发模块例如可以是该芯片上的输入/输出接口、管脚或电路等。处理模块例如可以是处理器。该处理模块可执行指令,以使该AMF内的芯片执行上述第四方面,以及任意可能的实现的通信方法。In another possible design, when the device is a chip, the chip includes: a processing module. Optionally, the chip also includes a transceiver module. The transceiver module may be, for example, an input/output interface or pin on the chip. Or circuits, etc. The processing module may be a processor, for example. The processing module can execute instructions so that the chip in the AMF executes the fourth aspect and any possible implementation communication methods.
可选地,该处理模块可以执行存储模块中的指令,该存储模块可以为芯片内的存储模块,如寄存器、缓存等。该存储模块还可以是位于通信设备内,但位于芯片外部,如只读存储器(read-only memory,ROM)或可存储静态信息和指令的其他类型的静态存储设备,随机存取存储器(random access memory,RAM)等。Optionally, the processing module may execute instructions in the storage module, and the storage module may be a storage module in the chip, such as a register, a cache, and the like. The storage module may also be located in the communication device but outside the chip, such as read-only memory (ROM) or other types of static storage devices that can store static information and instructions, random access memory (random access memory) memory, RAM) etc.
其中,上述任一处提到的处理器,可以是一个通用中央处理器(CPU),微处理器,特定应用集成电路(application-specific integrated circuit,ASIC),或一个或多个用于控制上述各方面通信方法的程序执行的集成电路。Among them, the processor mentioned in any of the above can be a general-purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more for controlling the above All aspects of the communication method program execution integrated circuit.
第十方面,提供了一种用于保护辅助信息的装置,该装置可以是终端,也可以是终端内的芯片。该装置具有实现上述第五方面,及各种可能的实现方式的功能。该功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。该硬件或软件包括一个或多个与上述功能相对应的模块。In a tenth aspect, a device for protecting auxiliary information is provided. The device may be a terminal or a chip in the terminal. The device has the function of realizing the above-mentioned fifth aspect and various possible implementation modes. This function can be realized by hardware, or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above-mentioned functions.
在一种可能的设计中,该装置包括:收发模块。可选地,该装置还包括处理模块,所述收发模块例如可以是收发器、接收器、发射器中的至少一种,该收发模块可以包括射频电路或天线。该处理模块可以是处理器。In one possible design, the device includes a transceiver module. Optionally, the device further includes a processing module. The transceiver module may be, for example, at least one of a transceiver, a receiver, and a transmitter. The transceiver module may include a radio frequency circuit or an antenna. The processing module may be a processor.
可选地,所述装置还包括存储模块,该存储模块例如可以是存储器。当包括存储模块时,该存储模块用于存储指令。该处理模块与该存储模块连接,该处理模块可以执行该存 储模块存储的指令或源自其他的指令,以使该装置执行上述第五方面,及各种可能的实现方式的通信方法。在本设计中,该装置可以为终端。Optionally, the device further includes a storage module, and the storage module may be a memory, for example. When a storage module is included, the storage module is used to store instructions. The processing module is connected to the storage module, and the processing module can execute the instructions stored in the storage module or from other instructions, so that the device executes the fifth aspect described above and various possible implementation modes of communication methods. In this design, the device can be a terminal.
在另一种可能的设计中,当该装置为芯片时,该芯片包括:收发模块。可选地,该装置还包括处理模块,收发模块例如可以是该芯片上的输入/输出接口、管脚或电路等。处理模块例如可以是处理器。该处理模块可执行指令,以使该AMF内的芯片执行上述第五方面,以及任意可能的实现的通信方法。In another possible design, when the device is a chip, the chip includes a transceiver module. Optionally, the device further includes a processing module, and the transceiver module may be, for example, an input/output interface, pin or circuit on the chip. The processing module may be a processor, for example. The processing module can execute instructions so that the chip in the AMF executes the fifth aspect and any possible implementation communication methods.
可选地,该处理模块可以执行存储模块中的指令,该存储模块可以为芯片内的存储模块,如寄存器、缓存等。该存储模块还可以是位于通信设备内,但位于芯片外部,如只读存储器或可存储静态信息和指令的其他类型的静态存储设备,随机存取存储器等。Optionally, the processing module may execute instructions in the storage module, and the storage module may be a storage module in the chip, such as a register, a cache, and the like. The storage module may also be located in the communication device but outside the chip, such as a read-only memory or other types of static storage devices that can store static information and instructions, random access memory, etc.
其中,上述任一处提到的处理器,可以是一个通用中央处理器,微处理器,特定应用集成电路,或一个或多个用于控制上述各方面通信方法的程序执行的集成电路。Wherein, the processor mentioned in any of the above may be a general-purpose central processing unit, a microprocessor, a specific application integrated circuit, or one or more integrated circuits used to control the execution of the programs of the above-mentioned communication methods.
第十一方面,提供了一种计算机存储介质,该计算机存储介质中存储有程序代码,该程序代码用于指示执行上述第一方面或第四方面,或其任意可能的实现方式中的方法的指令。In an eleventh aspect, a computer storage medium is provided, and the computer storage medium stores program code, and the program code is used to instruct the execution of the method in the first aspect or the fourth aspect, or any of its possible implementations. instruction.
第十二方面,提供了一种计算机存储介质,该计算机存储介质中存储有程序代码,该程序代码用于指示执行上述第二方面或第五方面,或其任意可能的实现方式中的方法的指令。In a twelfth aspect, a computer storage medium is provided, and program code is stored in the computer storage medium, and the program code is used to instruct the execution of the method in the second aspect or the fifth aspect, or any of its possible implementations. instruction.
第十三方面,提供了一种计算机存储介质,该计算机存储介质中存储有程序代码,该程序代码用于指示执行上述第三方面,或其任意可能的实现方式中的方法的指令。In a thirteenth aspect, a computer storage medium is provided, and program code is stored in the computer storage medium, and the program code is used to instruct instructions to execute the method in the third aspect or any possible implementation manner thereof.
第十四方面,提供了一种包含指令的计算机程序产品,其在计算机上运行时,使得计算机执行上述第一方面或第四方面,其任意可能的实现方式中的方法。In a fourteenth aspect, a computer program product containing instructions is provided, which when running on a computer, causes the computer to execute the method in any possible implementation manner of the first aspect or the fourth aspect.
第十五方面,提供了一种包含指令的计算机程序产品,其在计算机上运行时,使得计算机执行上述第二方面或第五方面,或其任意可能的实现方式中的方法。In a fifteenth aspect, a computer program product containing instructions is provided, which when running on a computer, causes the computer to execute the method in the second aspect or the fifth aspect, or any possible implementation manner thereof.
第十六方面,提供了一种包含指令的计算机程序产品,其在计算机上运行时,使得计算机执行上述第三方面,或其任意可能的实现方式中的方法。In a sixteenth aspect, a computer program product containing instructions is provided, which when running on a computer, causes the computer to execute the method in the third aspect described above, or any possible implementation manner thereof.
第十七方面,提供了一种处理器,用于与存储器耦合,用于执行上述第一方面或第四方面,或其任意可能的实现方式中的方法。In a seventeenth aspect, a processor is provided, configured to be coupled with a memory, and configured to execute the method in the first aspect or the fourth aspect, or any possible implementation manner thereof.
第十八方面,提供了一种处理器,用于与存储器耦合,用于执行上述第二方面或第五方面,或其任意可能的实现方式中的方法。In an eighteenth aspect, a processor is provided, configured to be coupled with a memory, and configured to execute the method in the second aspect or the fifth aspect, or any possible implementation manner thereof.
第十九方面,提供了一种处理器,用于与存储器耦合,用于执行上述第三方面,或其任意可能的实现方式中的方法。In a nineteenth aspect, a processor is provided, which is configured to be coupled with a memory and configured to execute the method in the foregoing third aspect or any possible implementation manner thereof.
第二十方面,提供了一种通信***,包括上述第六方面所述的装置、第七方面所述的装置和第八方面所述的装置。In a twentieth aspect, a communication system is provided, including the device described in the sixth aspect, the device described in the seventh aspect, and the device described in the eighth aspect.
第二十一方面,提供了一种通信***,包括上述第九方面所述的装置和第十方面所述的装置。In a twenty-first aspect, a communication system is provided, including the device described in the ninth aspect and the device described in the tenth aspect.
基于上述技术方案,AMF接收用于指示第一终端所属的跟踪区的跟踪区标识,根据第一终端所属的跟踪区为第一终端分配第一密钥,并将该第一密钥发送给第一终端,相对于传统方案中,移动管理网元为能够管理的所有终端分配统一的密钥,本申请实施例能够为第一终端分配合适的密钥,并通过该密钥保护该第一终端的辅助信息,从而提高了辅助 信息的安全性能。Based on the above technical solution, the AMF receives the tracking area identifier used to indicate the tracking area to which the first terminal belongs, assigns the first key to the first terminal according to the tracking area to which the first terminal belongs, and sends the first key to the first terminal. A terminal, compared to the traditional solution, the mobility management network element assigns a unified key to all terminals that can be managed. The embodiment of the present application can assign a suitable key to the first terminal, and protect the first terminal with the key The auxiliary information, thereby improving the safety performance of auxiliary information.
附图说明Description of the drawings
图1是本申请实施例的通信***的示意图;Fig. 1 is a schematic diagram of a communication system according to an embodiment of the present application;
图2是本申请实施例的通信***的具体架构的示意图;FIG. 2 is a schematic diagram of a specific architecture of a communication system according to an embodiment of the present application;
图3是传统方案中保护辅助信息的示意性流程图;Figure 3 is a schematic flow chart of protecting auxiliary information in a traditional solution;
图4是本申请实施例的保护辅助信息的方法的示意性流程图;FIG. 4 is a schematic flowchart of a method for protecting auxiliary information according to an embodiment of the present application;
图5是本申请一个具体实施例的保护辅助信息的方法的示意性流程图;FIG. 5 is a schematic flowchart of a method for protecting auxiliary information according to a specific embodiment of the present application;
图6是本申请另一个具体实施例的保护辅助信息的方法的示意性流程图;FIG. 6 is a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application;
图7是本申请又一个具体实施例的保护辅助信息的方法的示意性流程图;FIG. 7 is a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application;
图8是本申请又一个具体实施例的保护辅助信息的方法的示意性流程图;FIG. 8 is a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application;
图9是本申请又一个具体实施例的保护辅助信息的方法的示意性流程图;FIG. 9 is a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application;
图10是本申请一个实施例的保护辅助信息的装置的示意性框图;FIG. 10 is a schematic block diagram of an apparatus for protecting auxiliary information according to an embodiment of the present application;
图11是本申请一个实施例的保护辅助信息的装置的示意性结构图;FIG. 11 is a schematic structural diagram of an apparatus for protecting auxiliary information according to an embodiment of the present application;
图12是本申请另一个实施例的保护辅助信息的装置的示意性框图;FIG. 12 is a schematic block diagram of a device for protecting auxiliary information according to another embodiment of the present application;
图13是本申请另一个实施例的保护辅助信息的装置的示意性结构图;FIG. 13 is a schematic structural diagram of a device for protecting auxiliary information according to another embodiment of the present application;
图14是本申请又一个实施例的保护辅助信息的装置的示意性框图;FIG. 14 is a schematic block diagram of a device for protecting auxiliary information according to another embodiment of the present application;
图15是本申请又一个实施例的保护辅助信息的装置的示意性结构图;15 is a schematic structural diagram of a device for protecting auxiliary information according to another embodiment of the present application;
图16是本申请又一个实施例的保护辅助信息的装置的示意性框图;16 is a schematic block diagram of a device for protecting auxiliary information according to another embodiment of the present application;
图17是本申请又一个实施例的保护辅助信息的装置的示意性框图;FIG. 17 is a schematic block diagram of a device for protecting auxiliary information according to another embodiment of the present application;
图18是本申请又一个实施例的保护辅助信息的装置的示意性框图。FIG. 18 is a schematic block diagram of a device for protecting auxiliary information according to another embodiment of the present application.
具体实施方式detailed description
下面将结合附图,对本申请中的技术方案进行描述。The technical solution in this application will be described below in conjunction with the drawings.
本申请实施例的技术方案可以应用于各种通信***,例如:全球移动通信(global system for mobile communications,GSM)***、码分多址(code division multiple access,CDMA)***、宽带码分多址(wideband code division multiple access,WCDMA)***、通用分组无线业务(general packet radio service,GPRS)、长期演进(long term evolution,LTE)***、LTE频分双工(frequency division duplex,FDD)***、LTE时分双工(time division duplex,TDD)、通用移动通信***(universal mobile telecommunication system,UMTS)、全球互联微波接入(worldwide interoperability for microwave access,WiMAX)通信***、未来的第五代(5th generation,5G)***或新无线(new radio,NR)等。The technical solutions of the embodiments of this application can be applied to various communication systems, such as: global system for mobile communications (GSM) system, code division multiple access (CDMA) system, broadband code division multiple access (wideband code division multiple access, WCDMA) system, general packet radio service (GPRS), long term evolution (LTE) system, LTE frequency division duplex (FDD) system, LTE Time division duplex (TDD), universal mobile telecommunication system (UMTS), worldwide interoperability for microwave access (WiMAX) communication system, the future fifth generation (5th generation, 5G) system or new radio (NR), etc.
本申请实施例中的终端可以指用户设备(user equipment,UE)、接入终端、用户单元、用户站、移动站、移动台、远方站、远程终端、移动设备、用户终端、终端、无线通信设备、用户代理或用户装置。终端还可以是蜂窝电话、无绳电话、会话启动协议(session initiation protocol,SIP)电话、无线本地环路(wireless local loop,WLL)站、个人数字助理(personal digital assistant,PDA)、具有无线通信功能的手持设备、计算设备或连接到无线调制解调器的其它处理设备、车载设备、可穿戴设备,未来5G网络中的终端或者未来演进的公用陆地移动通信网络(public land mobile network,PLMN)中的终端等,本 申请实施例对此并不限定。The terminal in the embodiment of this application may refer to user equipment (UE), access terminal, user unit, user station, mobile station, mobile station, remote station, remote terminal, mobile equipment, user terminal, terminal, wireless communication Equipment, user agent or user device. The terminal can also be a cellular phone, a cordless phone, a session initiation protocol (SIP) phone, a wireless local loop (WLL) station, a personal digital assistant (PDA), and a wireless communication function Handheld devices, computing devices or other processing devices connected to wireless modems, vehicle-mounted devices, wearable devices, terminals in the future 5G network or terminals in the future evolved public land mobile network (PLMN), etc. This embodiment of the application is not limited to this.
本申请实施例中的接入网设备可以是用于与终端通信的设备,该接入网设备可以是全球移动通信(global system for mobile communications,GSM)***或码分多址(code division multiple access,CDMA)中的基站(base transceiver station,BTS),也可以是宽带码分多址(wideband code division multiple access,WCDMA)***中的基站(NodeB,NB),还可以是LTE***中的演进型基站(evoled NodeB,eNB或eNodeB),还可以是云无线接入网络(cloud radio access network,CRAN)场景下的无线控制器,或者该接入网设备可以为中继站、接入点、车载设备、可穿戴设备以及未来5G网络中的接入网设备(gNodeB,gNB)或者未来演进的PLMN网络中的接入网设备等,本申请实施例并不限定。The access network equipment in the embodiments of the present application may be equipment used to communicate with terminals, and the access network equipment may be a global system for mobile communications (GSM) system or code division multiple access (code division multiple access) The base station (transceiver station, BTS) in CDMA) can also be the base station (NodeB, NB) in the wideband code division multiple access (WCDMA) system, and it can also be an evolved LTE system. A base station (evoled NodeB, eNB, or eNodeB) can also be a wireless controller in a cloud radio access network (cloud radio access network, CRAN) scenario, or the access network device can be a relay station, an access point, a vehicle device, Wearable devices and access network equipment (gNodeB, gNB) in the future 5G network or access network equipment in the future evolved PLMN network are not limited in the embodiment of the present application.
在本申请实施例中,终端或接入网设备包括硬件层、运行在硬件层之上的操作***层,以及运行在操作***层上的应用层。该硬件层包括中央处理器(central processing unit,CPU)、内存管理单元(memory management unit,MMU)和内存(也称为主存)等硬件。该操作***可以是任意一种或多种通过进程(process)实现业务处理的计算机操作***,例如,Linux操作***、Unix操作***、Android操作***、iOS操作***或windows操作***等。该应用层包含浏览器、通讯录、文字处理软件、即时通信软件等应用。并且,本申请实施例并未对本申请实施例提供的方法的执行主体的具体结构特别限定,只要能够通过运行记录有本申请实施例的提供的方法的代码的程序,以根据本申请实施例提供的方法进行通信即可,例如,本申请实施例提供的方法的执行主体可以是终端或接入网设备,或者,是终端或接入网设备中能够调用程序并执行程序的功能模块。In the embodiment of the present application, the terminal or the access network device includes a hardware layer, an operating system layer running on the hardware layer, and an application layer running on the operating system layer. The hardware layer includes hardware such as a central processing unit (CPU), a memory management unit (MMU), and memory (also referred to as main memory). The operating system may be any one or more computer operating systems that implement business processing through processes, for example, Linux operating system, Unix operating system, Android operating system, iOS operating system, or windows operating system. The application layer includes applications such as browsers, address books, word processing software, and instant messaging software. In addition, the embodiments of the application do not specifically limit the specific structure of the execution subject of the methods provided in the embodiments of the application, as long as the program that records the codes of the methods provided in the embodiments of the application can be provided according to the embodiments of the application. For example, the execution subject of the method provided in the embodiments of the present application may be a terminal or an access network device, or a functional module in the terminal or the access network device that can call and execute the program.
图1为本申请适用的一种可能的网络架构示意图。该网络架构包括终端101、接入网设备102、统一数据管理平台103、第三方设备104,、网络开放功能实体105、网络能力开放实体105、位置管理功能实体106以及接入和移动管理网功能实体107,下面分别进行说明:Figure 1 is a schematic diagram of a possible network architecture applicable to this application. The network architecture includes terminal 101, access network equipment 102, unified data management platform 103, third-party equipment 104, network open function entity 105, network capability open entity 105, location management function entity 106, and access and mobility management network functions Entity 107, the following are respectively explained:
1、终端设备(terminal device,TD)101:简称为终端,是一种具有无线收发功能的设备,可以包括各种具有无线通信功能的手持设备、车载设备、可穿戴设备、计算设备或连接到无线调制解调器的其它处理设备,以及各种形式的终端,移动台(mobile station,MS),终端(terminal),用户设备(user equipment,UE),软终端等等。终端可以部署在陆地上,包括室内或室外、手持或车载;也可以部署在水面上(如轮船等);还可以部署在空中(例如飞机、气球和卫星上等)。例如,手机(mobile phone)、平板电脑(pad)、带无线收发功能的电脑、虚拟现实(virtual reality,VR)终端、增强现实(augmented reality,AR)终端、工业控制(industrial control)中的无线终端、无人驾驶(self driving)中的无线终端、远程医疗(remote medical)中的无线终端、智能电网(smart grid)中的无线终端、运输安全(transportation safety)中的无线终端、智慧城市(smart city)中的无线终端、智慧家庭(smart home)中的无线终端等。1. Terminal device (TD) 101: Referred to as terminal for short, it is a device with wireless transceiver function, which can include various handheld devices with wireless communication functions, vehicle-mounted devices, wearable devices, computing devices or connected to Other processing equipment of wireless modems, as well as various forms of terminals, mobile stations (mobile stations, MS), terminals (terminals), user equipment (UE), soft terminals, and so on. Terminals can be deployed on land, including indoor or outdoor, handheld or vehicle-mounted; they can also be deployed on the water (such as ships, etc.); they can also be deployed in the air (such as airplanes, balloons, and satellites, etc.). For example, mobile phones, tablets, computers with wireless transceiver functions, virtual reality (VR) terminals, augmented reality (AR) terminals, industrial control (industrial control) wireless Terminals, wireless terminals in self-driving (self-driving), wireless terminals in remote medical (remote medical), wireless terminals in smart grid (smart grid), wireless terminals in transportation safety, smart cities ( Wireless terminals in smart city, wireless terminals in smart home, etc.
2、(无线)接入网设备(radio access network,(R)AN)102:是一种为终端提供无线通信功能的设备,包括但不限于:5G中的下一代基站(g nodeB,gNB)、演进型节点B(evolved node B,eNB)、无线网络控制器(radio network controller,RNC)、节点B(node B,NB)、基站控制器(base station controller,BSC)、基站收发台(base transceiver station,BTS)、家庭基站(例如,home evolved nodeB,或home node B,HNB)、基带单元(baseBand  unit,BBU)、传输点(transmitting and receiving point,TRP)、发射点(transmitting point,TP)等。2. (Wireless) access network equipment (radio access network, (R)AN) 102: is a device that provides wireless communication functions for terminals, including but not limited to: next-generation base stations (gnodeB, gNB) in 5G , Evolved node B (evolved node B, eNB), radio network controller (RNC), node B (node B, NB), base station controller (BSC), base transceiver station (base transceiver station, BTS), home base station (for example, home evolved nodeB, or home node B, HNB), baseband unit (BBU), transmission and receiving point (TRP), transmission point (TP) )Wait.
3、统一数据管理平台103:用于处理用户标识,接入鉴权,注册以及移动性管理等。在4G网络中,该数据管理网元可以是归属用户服务器(home subscriber server,HSS),在5G网络中,该数据管理网元可以是统一数据管理(unified data management,UDM)网元。在未来通信***中,统一数据管理仍可以是UDM网元,或者,还可以有其它的名称,本申请不做限定。3. Unified data management platform 103: used to process user identification, access authentication, registration, and mobility management. In a 4G network, the data management network element may be a home subscriber server (HSS), and in a 5G network, the data management network element may be a unified data management (UDM) network element. In the future communication system, unified data management may still be UDM network elements, or may also have other names, which are not limited by this application.
4、第三方设备104:用于管理终端101的设备,该第三方设备112中存储所管理的终端的属性信息,例如终端的位置信息、类型等。需要说明的是,本申请网络架构中以包括一个终端101为例示意,实际应用中该网络架构中可以包括多个终端,相应的,该多个终端均可以由第三方设备112来管理,当然该多个终端也可以由不同的第三方设备来管理。具体来说,第三方设备112通过能力开放网元提供的应用接口连接至能力开放网元,并通过能力开放网元管理终端101。例如,第三方设备112可以是垂直行业控制中心的服务器设备或应用功能(application function,AF)网元。4. The third-party device 104: a device used to manage the terminal 101, and the third-party device 112 stores attribute information of the managed terminal, such as location information and type of the terminal. It should be noted that the network architecture of this application includes a terminal 101 as an example. In actual applications, the network architecture may include multiple terminals. Accordingly, the multiple terminals can be managed by the third-party device 112. Of course The multiple terminals can also be managed by different third-party devices. Specifically, the third-party device 112 connects to the capability opening network element through an application interface provided by the capability opening network element, and manages the terminal 101 through the capability opening network element. For example, the third-party device 112 may be a server device or an application function (AF) network element of a vertical industry control center.
5、网络开放功能实体105:用于安全地向外部开放由3GPP网络功能网元提供的业务和能力等。在4G网络中,该网络开放网元可以是业务能力开放功能(service capability exposure function,SCEF)网元。在5G网络中,该网络开放网元可以是网络开放功能(network exposure function,NEF)网元。在未来通信***中,网络开放网元仍可以是NEF网元,或者,还可以有其它的名称,本申请不做限定。5. Network opening function entity 105: used to safely open services and capabilities provided by 3GPP network function network elements to the outside. In a 4G network, the network opening network element may be a service capability exposure function (SCEF) network element. In a 5G network, the network open network element may be a network exposure function (NEF) network element. In the future communication system, the network open network element may still be a NEF network element, or may have other names, which is not limited by this application.
6、位置管理功能实体106,用于进行UE的位置管理,例如,确定UE的位置信息。具体来说,第五代(the 5th generation,5G)无线通信***中的位置管理网元可以是LMF(location management function,LMF)网元,LMF可以根据核心网实体(如接入和移动管理功能实体(access and mobility management function,AMF))的请求确定UE的位置信息,并将UE的位置信息提供给AMF,从而提供定位服务(location services,LCS)。在实施中,AMF可以向UE分配至少一个LMF,用于向UE提供定位服务,UE在需要获取定位信息时,可以通过AMF向LMF请求位置信息。在未来通信(例如6G或者其他的网络中),位置管理网元仍可以是LMF网元,或有其它的名称,本申请不做限定。6. The location management function entity 106 is used to perform location management of the UE, for example, to determine the location information of the UE. Specifically, the location management network element in the fifth generation (5G) wireless communication system can be an LMF (location management function, LMF) network element, and LMF can be based on core network entities (such as access and mobility management functions). The entity (access and mobility management function, AMF) requests to determine the location information of the UE, and provides the location information of the UE to the AMF, thereby providing location services (LCS). In implementation, the AMF may allocate at least one LMF to the UE to provide positioning services to the UE. When the UE needs to obtain positioning information, it may request the LMF for location information through the AMF. In future communications (for example, in 6G or other networks), the location management network element may still be an LMF network element or have other names, which is not limited by this application.
7、接入和移动管理功能实体107:主要用于终端的接入和移动性管理。在4G网络中,该移动管理网元可以是移动性管理实体(mobility management entity,MME),在5G网络中,该移动管理网元可以是接入管理功能(access and mobility management function,AMF)网元。在未来通信***中,移动管理网元仍可以是AMF网元,或者,还可以有其它的名称,本申请不做限定。7. Access and mobility management function entity 107: mainly used for terminal access and mobility management. In a 4G network, the mobility management network element may be a mobility management entity (MME), and in a 5G network, the mobility management network element may be an access management function (access and mobility management function, AMF) network yuan. In the future communication system, the mobility management network element may still be an AMF network element, or may also have other names, which are not limited in this application.
需要说明的是,本申请实施例中所涉及的网元还可以称为功能或功能实体,例如,移动管理网元还可以称为移动管理功能或移动管理功能实体,数据管理网元还可以称为数据管理功能或数据管理功能实体等。各个网元的名称在本申请中不做限定,本领域技术人员可以将上述网元的名称更换为其它名称而执行相同的功能,均属于本申请保护的范围It should be noted that the network elements involved in the embodiments of this application can also be referred to as functions or functional entities. For example, a mobility management network element can also be referred to as a mobility management function or a mobility management functional entity, and a data management network element can also be referred to as It is a data management function or a data management function entity, etc. The name of each network element is not limited in this application, and those skilled in the art can change the name of the above-mentioned network element to another name to perform the same function, which all fall within the protection scope of this application
可以理解的是,上述网元或者功能既可以是硬件设备中的网络元件,也可以是在专用硬件上运行软件功能,或者是平台(例如,云平台)上实例化的虚拟化功能。It can be understood that the foregoing network elements or functions may be network elements in hardware devices, software functions running on dedicated hardware, or virtualization functions instantiated on a platform (for example, a cloud platform).
图2为本申请适用的另一种可能的网络架构示意图。图2中以5G网络架构为例。该 网络架构包括:终端201、(R)AN202、用户面功能(user plane function,UPF)网元203、数据网络(data network,DN)网元204、认证服务器功能(authentication server function,AUSF)网元205、AMF网元206、会话管理功能(session management function,SMF)网元207、NEF网元208、网络存储功能(network repository function,NRF)网元209、PCF网元210、UDM网元211。下述将UPF网元203、DN网元204、AUSF网元205、AMF网元206、SMF网元207、NEF网元208、NRF网元209、策略控制功能(policy control function,PCF)网元210、UDM网元211简称为UPF203、DN204、AUSF205、AMF206、SMF207、NEF208、NRF209、PCF120、UDM211。其中,图1所示的网络架构中的接入网设备可以是图2所示的网络架构中的(R)AN202。Figure 2 is a schematic diagram of another possible network architecture applicable to this application. Figure 2 takes the 5G network architecture as an example. The network architecture includes: terminal 201, (R) AN202, user plane function (UPF) network element 203, data network (DN) network element 204, authentication server function (authentication server function, AUSF) network Element 205, AMF network element 206, session management function (SMF) network element 207, NEF network element 208, network storage function (NRF) network element 209, PCF network element 210, UDM network element 211 . As follows, UPF network element 203, DN network element 204, AUSF network element 205, AMF network element 206, SMF network element 207, NEF network element 208, NRF network element 209, and policy control function (PCF) network elements 210. The UDM network element 211 is referred to as UPF203, DN204, AUSF205, AMF206, SMF207, NEF208, NRF209, PCF120, UDM211 for short. The access network device in the network architecture shown in FIG. 1 may be the (R)AN 202 in the network architecture shown in FIG. 2.
在该网络架构中,Nausf为AUSF105展现的基于服务的接口,Namf为AMF106展现的基于服务的接口,Nsmf为SMF107展现的基于服务的接口,Nnef为NEF108展现的基于服务的接口,Nnrf为NRF109展现的基于服务的接口,Npcf为PCF110展现的基于服务的接口,Nudm为UDM111展现的基于服务的接口。N1为UE101和AMF106之间的参考点,N2为(R)AN102和AMF106的参考点,用于非接入层(non-access stratum,NAS)消息的发送等;N3为(R)AN102和UPF103之间的参考点,用于传输用户面的数据等;N4为SMF107和UPF103之间的参考点,用于传输例如N3连接的隧道标识信息,数据缓存指示信息,以及下行数据通知消息等信息;N6接口为UPF103和DN104之间的参考点,用于传输用户面的数据等。In this network architecture, Nausf is the service-based interface displayed by AUSF105, Namf is the service-based interface displayed by AMF106, Nsmf is the service-based interface displayed by SMF107, Nnef is the service-based interface displayed by NEF108, and Nnrf is displayed by NRF109. Npcf is the service-based interface displayed by PCF110, and Nudm is the service-based interface displayed by UDM111. N1 is the reference point between UE101 and AMF106, N2 is the reference point of (R)AN102 and AMF106, used for non-access stratum (NAS) message transmission, etc.; N3 is (R)AN102 and UPF103 The reference point between is used to transmit user plane data, etc.; N4 is the reference point between SMF107 and UPF103, used to transmit information such as tunnel identification information of the N3 connection, data buffer indication information, and downlink data notification messages; The N6 interface is the reference point between UPF103 and DN104, used to transmit user plane data.
应理解,上述应用于本申请实施例的网络架构仅是举例说明的从服务化架构的角度描述的网络架构,适用本申请实施例的网络架构并不局限于此,任何能够实现上述各个网元的功能的网络架构都适用于本申请实施例。It should be understood that the above-mentioned network architecture applied to the embodiments of the present application is only an example of a network architecture described from the perspective of a service-oriented architecture, and the network architecture applicable to the embodiments of the present application is not limited to this, and any network element that can implement the foregoing various network elements The network architectures of all functions are applicable to the embodiments of this application.
例如,在某些网络架构中,AMF网元206、SMF网元207、PCF网元210以及UDM网元211等网络功能网元实体都称为网络功能网元(network function,NF)网元;或者,在另一些网络架构中,AMF网元206、SMF网元207、PCF网元210以及UDM网元211等网元的集合都可以称为控制面功能网元。For example, in some network architectures, network function network element entities such as AMF network element 206, SMF network element 207, PCF network element 210, and UDM network element 211 are all called network function network elements (NF) network elements; Or, in some other network architectures, a collection of network elements such as the AMF network element 206, the SMF network element 207, the PCF network element 210, and the UDM network element 211 may all be called control plane function network elements.
其中,NF网元可按照功能的类别定义为不同的NF,例如:认证和安全功能、分组数据会话管理功能、移动管理功能及接入控制功能、策略控制功能等,这些功能由对应的NF组件实现,每个NF组件通过定义的服务接口对其他NF组件或功能提供服务。同一个运营商的多个网络切片(sliceA、sliceB和sliceC)使用同一个公共陆地移动网络(public land mobile network,PLMN),并可以通过云技术和虚拟化技术等部署在运营商的基础设施中,运营商的技术设施包括运营商的云计算和传输基础设施。Among them, NF network elements can be defined as different NFs according to the types of functions, such as: authentication and security functions, packet data session management functions, mobility management functions and access control functions, policy control functions, etc. These functions are composed of corresponding NF components To achieve, each NF component provides services to other NF components or functions through a defined service interface. Multiple network slices (sliceA, sliceB, and sliceC) of the same operator use the same public land mobile network (PLMN), and can be deployed in the operator's infrastructure through cloud technology and virtualization technology , The operator’s technical facilities include the operator’s cloud computing and transmission infrastructure.
需要说明的是,后续实施例中所描述的MME网元、AMF网元、UDM网元、eNB、gNB只是举例说明,并不构成对本申请实施例的限定。即本申请后续所描述的MME网元、AMF网元均可替换为移动管理网元,UDM网元可替换为数据管理网元,eNB、gNB均可替换为接入网络设备。且MME网元简称为MME,AMF网元简称为AMF,UDM网元简称为UDM。It should be noted that the MME network element, AMF network element, UDM network element, eNB, and gNB described in the subsequent embodiments are just examples and do not constitute a limitation to the embodiments of the present application. That is, the MME network elements and AMF network elements described later in this application can be replaced with mobility management network elements, UDM network elements can be replaced with data management network elements, and eNBs and gNBs can be replaced with access network equipment. And the MME network element is abbreviated as MME, AMF network element is abbreviated as AMF, and UDM network element is abbreviated as UDM.
图3示出了传统方案中保护辅助信息的示意性流程图。Fig. 3 shows a schematic flow chart of protecting auxiliary information in a traditional scheme.
301,E-SMLC向MME发送密钥;301, E-SMLC sends the key to the MME;
302,MME存储该密钥;302. The MME stores the key;
303,终端向基站发送附着请求或跟踪区更新(tracking area update,TAU)请求;303. The terminal sends an attachment request or a tracking area update (tracking area update, TAU) request to the base station;
304,基站向MME发送该附着请求或TAU请求;304. The base station sends the attach request or TAU request to the MME;
305,MME向基站反馈附着请求的响应消息或TAU请求的响应消息,且附着请求的响应消息或TAU请求的响应消息中携带密钥;305. The MME feeds back the attachment request response message or the TAU request response message to the base station, and the attachment request response message or the TAU request response message carries the key;
306,基站向终端发送携带密钥附着请求的响应消息或TAU请求的响应消息;306. The base station sends a response message carrying the key attachment request or the response message of the TAU request to the terminal.
307,E-SMLC对辅助信息采用该密钥进行加密;307. The E-SMLC uses the key to encrypt the auxiliary information;
308,E-SMLC将加密后的辅助信息发送给终端;308. The E-SMLC sends the encrypted auxiliary information to the terminal;
309,终端采用该密钥对该辅助信息进行解密。309. The terminal uses the key to decrypt the auxiliary information.
也就是说,MME可以为终端统一分配密钥,由于该密钥的分配并不能考虑终端当前所属的区域,通过这样的密钥对辅助信息进行加密,辅助信息的安全性能比较低。That is to say, the MME can uniformly distribute a key to the terminal. Since the distribution of the key does not consider the area to which the terminal currently belongs, the auxiliary information is encrypted with such a key, and the security performance of the auxiliary information is relatively low.
图4示出了本申请实施例的保护辅助信息的方法的示意性流程图。FIG. 4 shows a schematic flowchart of a method for protecting auxiliary information according to an embodiment of the present application.
401,AMF接收跟踪区标识,该跟踪区标识用于指示第一终端所属的跟踪区。401. The AMF receives a tracking area identifier, where the tracking area identifier is used to indicate the tracking area to which the first terminal belongs.
具体地,一个跟踪区可以包括一个或多个接入网设备,AMF可以从终端所属的跟踪区包括的一个或多个接入网设备中接收到该跟踪区标识。接入网设备可以周期性的,或者在检测到第一终端所属的跟踪区发生变化的情况下,发送该第一终端所属的跟踪区的标识。Specifically, one tracking area may include one or more access network devices, and the AMF may receive the tracking area identifier from one or more access network devices included in the tracking area to which the terminal belongs. The access network device may send the identification of the tracking area to which the first terminal belongs periodically, or when it detects that the tracking area to which the first terminal belongs has changed.
应理解,跟踪区(tracking area)可以是由一片连续覆盖的小区组成的地理区域,用于接入网/核心网***的终端位置管理。It should be understood that a tracking area may be a geographic area composed of a continuous coverage cell, and is used for terminal location management of the access network/core network system.
402,AMF根据第一终端所属的跟踪区,确定为该第一终端分配的第一密钥,该第一密钥用于保护辅助信息。402. The AMF determines a first key assigned to the first terminal according to the tracking area to which the first terminal belongs, and the first key is used to protect auxiliary information.
具体地,AMF可以为第一终端所属的不同的跟踪区分配不同的密钥。例如,第一终端所属的至少一个跟踪区和至少一个密钥可以具有映射关系,即该至少一个密钥可以分别对应一个跟踪区或多个跟踪区,这样AMF可以根据某一个跟踪区确定出对应的密钥。第一密钥可以用于对辅助信息进行加密或解密,例如,AMF可以通过该第一密钥对辅助信息进行加密,第一终端可以通过该第一密钥对辅助信息进行解密。Specifically, the AMF may allocate different keys to different tracking areas to which the first terminal belongs. For example, at least one tracking area and at least one key to which the first terminal belongs may have a mapping relationship, that is, the at least one key may respectively correspond to one tracking area or multiple tracking areas, so that the AMF can determine the corresponding tracking area according to a certain tracking area. Key. The first key may be used to encrypt or decrypt the auxiliary information. For example, the AMF may encrypt the auxiliary information using the first key, and the first terminal may decrypt the auxiliary information using the first key.
应理解,该至少一个跟踪区和至少一个密钥的映射关系可以是跟踪区和密钥一一对应,也可以是一个跟踪区对应一个或多个密钥,或者还可以是一个密钥对应一个或多个跟踪区,本申请对此不进行限定。It should be understood that the mapping relationship between the at least one tracking area and the at least one key can be one-to-one correspondence between the tracking area and the key, or one tracking area corresponds to one or more keys, or one key corresponds to one key. Or multiple tracking areas, this application does not limit this.
可选地,该至少一个跟踪区和至少一个密钥的映射关系可以携带在第一消息中,该第一消息可以是LMF向AMF发送的。Optionally, the mapping relationship between the at least one tracking area and the at least one key may be carried in a first message, and the first message may be sent by the LMF to the AMF.
需要说明的是,该第一消息还可以包括通用的密钥,即不论终端在哪个跟踪区都可以采用通用的密钥,本申请对此不进行限定。It should be noted that the first message may also include a general key, that is, no matter which tracking area the terminal is in, the general key can be used, which is not limited in this application.
应理解,该第一消息可以是密钥消息。It should be understood that the first message may be a key message.
可选地,AMF获取第一终端的定位方式,这样步骤402可以是AMF根据该第一终端的定位方式和该第一终端所属的跟踪区确定为该第一终端分配的第一密钥。相应地,第一终端发送该第一终端的定位方式。Optionally, the AMF obtains the positioning mode of the first terminal. In this way, step 402 may be that the AMF determines the first key assigned to the first terminal according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs. Correspondingly, the first terminal sends the positioning mode of the first terminal.
具体地,AMF可以结合第一终端的定位方式和第一终端所属的跟踪区为第一终端分配密钥(即第一密钥),相对于传统方案中,移动性管理网元为终端统一分配密钥,本申请实施例能够为第一终端分配合适的密钥,并通过该密钥保护该第一终端的辅助信息,从 而提高了辅助信息的安全性能。例如,不同终端的辅助信息的密钥可以不同,相同终端在不同跟踪区时对应的辅助信息的密钥也可以不同。Specifically, AMF can combine the positioning mode of the first terminal and the tracking area to which the first terminal belongs to assign a key (ie, the first key) to the first terminal. Compared with the traditional solution, the mobility management network element uniformly assigns the terminal Key, the embodiment of the present application can allocate a suitable key to the first terminal, and protect the auxiliary information of the first terminal by the key, thereby improving the security performance of the auxiliary information. For example, the keys of the auxiliary information of different terminals may be different, and the keys of the auxiliary information corresponding to the same terminal in different tracking areas may also be different.
应理解,步骤403中AMF可以结合该第一终端的定位方式和该第一终端所属的跟踪区的某种关联关系或者函数关系计算出第一密钥。It should be understood that in step 403, the AMF may calculate the first key by combining a certain association relationship or functional relationship between the positioning mode of the first terminal and the tracking area to which the first terminal belongs.
可选地,第一终端的定位方式可以是终端支持的定位方式,例如,该定位方式可以是无线局域网(wireless fidelity,wifi)定位、无线局域网(wireless local area network,wlan)定位或全球定位***(global position system,GPS)定位、蓝牙定位,还可以是其他定位方式,本申请对此不进行限定。Optionally, the positioning method of the first terminal may be a positioning method supported by the terminal. For example, the positioning method may be wireless fidelity (wifi) positioning, wireless local area network (wlan) positioning, or global positioning system GPS (global position system, GPS) positioning, Bluetooth positioning, or other positioning methods, which are not limited in this application.
在一个实施例中,步骤402中AMF还可以是从自己的存储区域读取该第一终端的定位方式。即AMF可以存储每个终端分别对应的定位方式,这样AMF可以从存储区域中获知任意一个终端的定位方式。In an embodiment, the AMF in step 402 may also read the positioning mode of the first terminal from its own storage area. That is, the AMF can store the positioning mode corresponding to each terminal, so that the AMF can learn the positioning mode of any terminal from the storage area.
在另一个实施例中,步骤402中AMF可以从LMF接收该第一终端的定位方式。也就是说,LMF存储不同终端对应的定位方式,AMF可以从LMF中获取到第一终端的定位方式。In another embodiment, in step 402, the AMF may receive the positioning mode of the first terminal from the LMF. In other words, the LMF stores the positioning modes corresponding to different terminals, and the AMF can obtain the positioning mode of the first terminal from the LMF.
在又一个实施例中,AMF还可以接收该第一终端的定位能力信息,该定位能力信息用于指示该第一终端支持的定位方式,这样步骤402中,AMF可以根据第一终端支持的定位方式确定第一终端的定位方式。In another embodiment, the AMF may also receive the positioning capability information of the first terminal, and the positioning capability information is used to indicate the positioning mode supported by the first terminal. In this way, in step 402, the AMF may be based on the positioning supported by the first terminal. The mode determines the positioning mode of the first terminal.
需要说明的是,第一终端支持的定位方式可以是一种或多种。It should be noted that the positioning mode supported by the first terminal may be one or more.
可选地,该第一消息还可以包括至少一个密钥与至少一个定位方式的映射关系,即该至少一个密钥分别对应一个或多个定位方式。Optionally, the first message may also include a mapping relationship between at least one key and at least one positioning mode, that is, the at least one key corresponds to one or more positioning modes respectively.
可选地,AMF可以从LMF中接收第一消息,该第一消息中可以包括LMF支持的多个密钥,且该第一消息还包括该多个密钥中的每个密钥对应的定位方式和跟踪区,这样AMF可以结合该第一终端的定位方式和该第一终端所属的跟踪区从该LMF支持的多个密钥中选择出合适的密钥(即第一密钥),节省了AMF确定第一密钥的功耗开销。Optionally, the AMF may receive a first message from the LMF, the first message may include multiple keys supported by the LMF, and the first message may also include the location corresponding to each key in the multiple keys Mode and tracking area, so that AMF can combine the positioning mode of the first terminal and the tracking area to which the first terminal belongs to select a suitable key (ie, the first key) from the multiple keys supported by the LMF, saving The AMF determines the power consumption overhead of the first key.
可选地,第一终端的一种定位方式与多个密钥具有第一映射关系,第一终端的每个跟踪区也与多个密钥具有第二映射关系,这样AMF可以根据第一端的定位方式和该第一终端所属的跟踪区结合该第一映射关系和第二映射关系,选择出第一密钥。具体地,可以将LMF支持的多个密钥称为“第一密钥集合”,AMF可以根据第一终端的定位方式和第一映射关系从该第一密钥集合中选择出包括一个或多个密钥的第二密钥集合,根据第一终端所属的跟踪区和第二映射关系从该第一密钥集合中选择出包括一个或多个密钥的第三密钥集合,将第一密钥集合和第二密钥集合中相同的密钥作为该第一密钥。或者AMF根据第一终端所属的跟踪区和第一映射关系从该第一密钥集合中确定第二密钥集合,再根据第一终端的定位方式和第二映射关系从该第二密钥集合中确定该第一密钥。或者AMF根据第一终端所属的跟踪区和第二映射关系从第一密钥集合中确定出包括一个或多个密钥的第二密钥集合,再根据第一终端的定位方式和第一映射关系,从第二密钥集合中确定出第一密钥。Optionally, a positioning mode of the first terminal has a first mapping relationship with multiple keys, and each tracking area of the first terminal also has a second mapping relationship with multiple keys, so that the AMF can be based on the first end And the tracking area to which the first terminal belongs combined with the first mapping relationship and the second mapping relationship to select the first key. Specifically, the multiple keys supported by the LMF can be referred to as the "first key set", and the AMF can select one or more keys from the first key set according to the positioning mode of the first terminal and the first mapping relationship. According to the tracking area to which the first terminal belongs and the second mapping relationship, a third key set including one or more keys is selected from the first key set, and the first key set includes one or more keys. The same key in the key set and the second key set serves as the first key. Or AMF determines the second key set from the first key set according to the tracking area to which the first terminal belongs and the first mapping relationship, and then obtains the second key set from the second key set according to the positioning mode of the first terminal and the second mapping relationship Determine the first key in. Or AMF determines a second key set including one or more keys from the first key set according to the tracking area to which the first terminal belongs and the second mapping relationship, and then according to the positioning mode of the first terminal and the first mapping Relationship, the first key is determined from the second key set.
需要说明的是,同一个密钥可以对应一个或多种定位方式,同一个密钥也可以对应一个或多个跟踪区。It should be noted that the same key can correspond to one or more positioning methods, and the same key can also correspond to one or more tracking areas.
应理解,上述的映射关系可以是通过表格实现,此外,上述第一映射关系、第二映射 关系可以在不同的表格(例如,第一映射关系和第二映射关系分别为包括两列的表格),也可以在同一个表格中(例如,第一映射关系和第二映射关系在同一个包括三列的表格),本申请对此不进行限定。It should be understood that the foregoing mapping relationship may be implemented through a table. In addition, the foregoing first mapping relationship and second mapping relationship may be in different tables (for example, the first mapping relationship and the second mapping relationship are tables including two columns respectively) It may also be in the same table (for example, the first mapping relationship and the second mapping relationship are in the same table including three columns), which is not limited in this application.
可选地,该第一消息还可以包括LMF支持的多个定位方式,AMF可以从该多个定位方式中选择一个作为第一终端的定位方式。Optionally, the first message may also include multiple positioning modes supported by the LMF, and the AMF may select one of the multiple positioning modes as the positioning mode of the first terminal.
可选地,在AMF能够获知终端的定位能力信息和LMF支持的定位方式的情况下,AMF可以结合第一终端支持的定位方式和LMF支持的定位方式确定该第一终端的定位方式。Optionally, in the case where the AMF can learn the positioning capability information of the terminal and the positioning mode supported by the LMF, the AMF may determine the positioning mode of the first terminal in combination with the positioning mode supported by the first terminal and the positioning mode supported by the LMF.
可选地,AMF获取的第一终端的定位能力信息和跟踪区标识可以携带在第二消息中,该第二消息可以用于请求接入AMF,相应地,第一密钥可以携带在该第二消息的响应消息中。这样不需要第一终端专门发送该定位能力信息和该跟踪区标识,AMF也不需要专门发送该第一密钥,通过携带在第二消息和第二消息的响应消息中,节省了信令开销。此外,本申请实施例中,密钥的分发也可以是由该第二消息触发,即本申请实施例提供了一种能够触发密钥分发的方式。Optionally, the positioning capability information and tracking area identifier of the first terminal acquired by the AMF may be carried in a second message, and the second message may be used to request access to the AMF. Accordingly, the first key may be carried in the first message. In the response message of the second message. In this way, the first terminal does not need to specifically send the positioning capability information and the tracking area identifier, and the AMF does not need to specifically send the first key. By carrying it in the second message and the response message of the second message, signaling overhead is saved. . In addition, in the embodiment of the present application, the distribution of the key may also be triggered by the second message, that is, the embodiment of the present application provides a way to trigger the key distribution.
应理解,该第二消息可以是“附着请求”。It should be understood that the second message may be an "attach request".
可选地,步骤401还可以是AMF接收第三消息,该第三消息可以用于请求更新跟踪区,该第三消息包括跟踪区标识,相应地,该第一密钥携带在该第三消息的响应消息中。这样不需要第一终端专门发送该第三消息,AMF也不需要专门发送该第一密钥,通过携带在第三消息和第三消息的响应消息中,节省了信令开销。此外,本申请实施例提供了另一种能够触发密钥分发的方式。Optionally, step 401 may also be that the AMF receives a third message. The third message may be used to request to update the tracking area. The third message includes the tracking area identifier. Accordingly, the first key is carried in the third message. In the response message. In this way, the first terminal does not need to specifically send the third message, and the AMF does not need to specifically send the first key. By carrying it in the third message and the response message of the third message, signaling overhead is saved. In addition, the embodiments of the present application provide another way to trigger key distribution.
应理解,该第三消息可以是“TAU请求”。It should be understood that the third message may be a "TAU request".
需要说明的是,在5G中,attach请求和TAU请求可以是通过一条消息携带,例如,注册请求(registration request),初始注册(initial registration)请求对应attach请求,移动注册更新(mobility registration update)请求对应TAU请求。或者,该registration request可以同时具有attach请求和TAU请求的功能,本申请对此不进行限定。此外,该注册请求还可以携带注册类型信元。It should be noted that in 5G, the attach request and the TAU request can be carried in a message, for example, a registration request (registration request), an initial registration request corresponds to an attach request, and a mobile registration update (mobility registration update) request Corresponding to TAU request. Alternatively, the registration request may have the functions of attach request and TAU request at the same time, which is not limited in this application. In addition, the registration request can also carry registration type information elements.
可选地,该AMF还可以向第一终端发送有效期限、指示信息中的一项或多项,该有效期限用于指示该第一终端能够使用该第一密钥的时长阈值或能够使用该第一密钥的次数阈值,该指示信息用于指示该AMF是否支持辅助信息。Optionally, the AMF may also send one or more of an expiration date and indication information to the first terminal, where the expiration date is used to indicate that the first terminal can use the first key duration threshold or can use the The number threshold of the first key, the indication information is used to indicate whether the AMF supports auxiliary information.
具体地,该指示信息可以用于指示AMF是否支持辅助信息,若该AMF不支持辅助信息,则后续AMF也不会通过接入网设备向第一终端发送辅助信息。Specifically, the indication information may be used to indicate whether the AMF supports auxiliary information. If the AMF does not support the auxiliary information, the subsequent AMF will not send the auxiliary information to the first terminal through the access network device.
具体的,该AMF可以通过一个消息发送有效期限、指示信息中的一项或多项(即该消息可以包括有效期限、指示信息中的一项或多项)。应理解,该消息可以与第二消息的响应消息为同一个消息,也就是说,有效期限、指示信息中的一项或多项可以携带在该第二消息的响应消息中。或者与第三消息的响应消息为同一个消息,本申请对此不进行限定。Specifically, the AMF may send one or more of the validity period and the indication information through a message (that is, the message may include one or more of the validity period and the indication information). It should be understood that the message may be the same message as the response message of the second message, that is, one or more of the validity period and the indication information may be carried in the response message of the second message. Or the response message of the third message is the same message, which is not limited in this application.
可选地,该AMF在向第一终端发送第一密钥之前,该AMF还可以从UDM中获取辅助信息设置,该辅助信息设置用于指示第一终端是否签约了辅助信息,若第一终端签约了辅助信息,则AMF向第一终端发送第一密钥,若第一终端没有签约辅助信息,则AMF不向第一终端发送第一密钥,这样本申请实施例能够为以后的商业应用创造条件,例如, 可以实现高精度的定位收费。Optionally, before the AMF sends the first key to the first terminal, the AMF may also obtain auxiliary information settings from the UDM. The auxiliary information settings are used to indicate whether the first terminal has subscribed to the auxiliary information. If the auxiliary information is subscribed, the AMF sends the first key to the first terminal. If the first terminal does not have the auxiliary information, the AMF does not send the first key to the first terminal. In this way, the embodiment of this application can be used for future commercial applications. Create conditions, for example, to achieve high-precision positioning fees.
可选地,AMF可以向UDM发送定位设置请求,该定位设置请求可以用于请求第一终端的辅助信息设置,UDM向AMF反馈定位设置请求的响应消息,该定位设置请求的响应消息包括该辅助信息设置。可选地,该定位设置请求可以包括该第一终端的标识。Optionally, the AMF may send a positioning setting request to the UDM. The positioning setting request may be used to request the auxiliary information setting of the first terminal. The UDM feeds back a response message for the positioning setting request to the AMF, and the response message for the positioning setting request includes the auxiliary information. Information settings. Optionally, the positioning setting request may include the identification of the first terminal.
403,AMF向该第一终端发送第一密钥。相应地,第一终端接收该AMF发送的第一密钥。403. The AMF sends the first key to the first terminal. Correspondingly, the first terminal receives the first key sent by the AMF.
具体地,AMF通过接入网设备将该第一密钥发送给第一终端,进而第一终端可以根据该第一密钥解密辅助信息,提高了辅助信息的安全性能。Specifically, the AMF sends the first key to the first terminal through the access network device, and the first terminal can decrypt the auxiliary information according to the first key, which improves the security performance of the auxiliary information.
应理解,AMF确定第一终端在当前所属的跟踪区的第一密钥,则可以通过该第一终端当前所属的跟踪区中的接入网设备发送该第一密钥。It should be understood that, if the AMF determines the first key of the first terminal in the tracking area to which the first terminal currently belongs, the first key may be sent through the access network device in the tracking area to which the first terminal currently belongs.
可选地,AMF可以通过接入网设备向终端发送辅助信息。Optionally, the AMF may send auxiliary information to the terminal through the access network device.
需要说明的是,AMF可以向管理的所有接入网设备发送该第一终端的辅助信息。It should be noted that the AMF can send the auxiliary information of the first terminal to all access network devices under management.
可选地,AMF从LMF接收第四消息,该第四消息包括至少一个区域列表和至少一个辅助信息的第三映射关系,该至少一个区域列表中的每个区域列表对应该AMF管理的多个接入网设备中的部分接入网设备,AMF根据该第三映射关系可以确定出该至少一个区域列表中的第一区域列表对应的第一辅助信息,进而通过该第一区域列表对应的接入网设备发送该第一辅助信息。Optionally, the AMF receives a fourth message from the LMF, the fourth message includes a third mapping relationship between at least one area list and at least one auxiliary information, and each area list in the at least one area list corresponds to a plurality of areas managed by the AMF For some of the access network devices in the access network device, the AMF can determine the first auxiliary information corresponding to the first area list in the at least one area list according to the third mapping relationship, and then use the access corresponding to the first area list The network access device sends the first auxiliary information.
具体地,LMF向AMF发送第四消息,该第四消息包括至少一个区域列表和至少一个辅助信息,且该至少一个区域列表和至少一个辅助信息具有映射关系(即第三映射关系),这样AMF可以根据该第三映射关系,确定出任意一个区域列表(例如,第一区域列表)对应的辅助信息,这样AMF可以通过第一区域列表对应的接入网设备向接入网设备覆盖的终端广播第一辅助信息,也就是说,AMF发送不同的辅助信息可以通过不同的区域列表对应的接入网设备,相对于传统方案中AMF通过覆盖的所有接入网设备发送辅助信息,节省了信令开销。此外,本申请实施例能够减少不相关辅助信息对第一终端的辅助信息的干扰,提高了辅助信息传输效率。Specifically, the LMF sends a fourth message to the AMF. The fourth message includes at least one area list and at least one auxiliary information, and the at least one area list and the at least one auxiliary information have a mapping relationship (that is, a third mapping relationship), so that the AMF The auxiliary information corresponding to any area list (for example, the first area list) can be determined according to the third mapping relationship, so that the AMF can broadcast to the terminals covered by the access network equipment through the access network equipment corresponding to the first area list The first auxiliary information, that is, different auxiliary information sent by AMF can be sent through the access network equipment corresponding to different area lists. Compared with the traditional scheme, the AMF sends auxiliary information through all the access network equipment covered, which saves signaling. Overhead. In addition, the embodiments of the present application can reduce the interference of irrelevant auxiliary information to the auxiliary information of the first terminal, and improve the efficiency of auxiliary information transmission.
需要说明的是,区域列表包括能够用于终端和该AMF进行通信的一个或多个接入网设备所属的跟踪区。例如,以接入网设备为gNB为例进行说明,gNB1、gNB2和gNB3能够用于终端和该AMF进行通信,该gNB1属于TA1,gNB2和gNB3属于TA2,则该区域列表包括TA1和TA2。It should be noted that the area list includes tracking areas to which one or more access network devices that can be used for the terminal to communicate with the AMF belong. For example, taking the access network device as a gNB as an example, gNB1, gNB2, and gNB3 can be used for the terminal to communicate with the AMF. The gNB1 belongs to TA1, and the gNB2 and gNB3 belong to TA2. Then the area list includes TA1 and TA2.
应理解,区域列表包括的跟踪区对应的接入网设备为能够用于终端和AMF进行通信的接入网设备。It should be understood that the access network device corresponding to the tracking area included in the area list is an access network device that can be used for communication between the terminal and the AMF.
可选地,该第四消息还包括多个定位方式和至少一个辅助信息的第四映射关系,AMF可以根据该第四映射关系确定该至少一个定位方式中的第一定位方式对应的至少一个辅助信息,并从该第一定位方式对应的至少一个辅助信息中确定该第一辅助信息。Optionally, the fourth message further includes a fourth mapping relationship between multiple positioning modes and at least one auxiliary information, and AMF may determine at least one auxiliary corresponding to the first positioning mode in the at least one positioning mode according to the fourth mapping relationship. Information, and determine the first auxiliary information from at least one auxiliary information corresponding to the first positioning mode.
具体地,该第四消息还可以包括多个定位方式和至少一个辅助信息,且该至少一个定位方式和至少一个辅助信息具有映射关系。在一个定位方式对应多个辅助信息,或者一个区域列表对应多个辅助信息的情况下,AMF还可以根据第一定位方式对应的至少一个辅助信息中结合第一区域列表框对应的辅助信息确定出第一辅助信息,从而更进一步准确的广播辅助信息。Specifically, the fourth message may further include multiple positioning modes and at least one auxiliary information, and the at least one positioning mode and the at least one auxiliary information have a mapping relationship. In the case that one positioning method corresponds to multiple auxiliary information, or one area list corresponds to multiple auxiliary information, the AMF may also determine according to at least one auxiliary information corresponding to the first positioning method in combination with the auxiliary information corresponding to the first area list box The first auxiliary information, so as to further accurately broadcast auxiliary information.
应理解,该第一辅助信息为加密后的辅助信息。It should be understood that the first auxiliary information is encrypted auxiliary information.
还应理解,该第四消息可以是“定位消息”。It should also be understood that the fourth message may be a "location message".
可选地,LMF生成该至少一个辅助信息,并向AMF发送第四消息。Optionally, the LMF generates the at least one auxiliary information, and sends a fourth message to the AMF.
具体地,LMF采用密钥对辅助信息加密,并通过第四消息发送该AMF,AMF根据第一映射关系和第二映射关系确定出不同区域列表和/或不同终端的定位方式的辅助信息(例如,第一辅助信息)采用的(第一密钥),并将该第一密钥发送给已经签约了该第一辅助信息的终端(例如第一终端),这样第一终端在接收到接入网设备广播的多个辅助信息后,采用该第一密钥能够解析该第一辅助信息,提高了辅助信息的安全性能。Specifically, the LMF encrypts the auxiliary information by using the key, and sends the AMF through the fourth message. The AMF determines the auxiliary information of different area lists and/or positioning modes of different terminals according to the first mapping relationship and the second mapping relationship (for example, , The first auxiliary information) (the first key), and send the first key to the terminal (for example, the first terminal) that has subscribed to the first auxiliary information, so that the first terminal receives the access After the multiple auxiliary information broadcast by the network device, the first auxiliary information can be parsed using the first key, which improves the security performance of the auxiliary information.
可选地,LMF生成第一辅助信息具体可以是LMF根据LMF支持的至少一个辅助信息中的第二辅助信息和第三映射关系,确定该第二辅助信息对应的第一区域列表,并根据区域列表和密钥的对应关系确定出该第一区域列表对应的第一密钥,进而通过该第一密钥对该第二辅助信息进行加密生成该第一辅助信息。也就是说,LMF根据发送的第一消息中携带的映射关系为不同区域列表对应的辅助信息分配密钥,相应地,AMF也根据该第一消息中的映射关系确定不同区域列表对应的辅助信息的密钥,并将确定出的密钥发送给终端,使得终端能够解密该辅助信息,进一步提高了辅助信息的安全性能。Optionally, the LMF generating the first auxiliary information may specifically be that the LMF determines the first area list corresponding to the second auxiliary information according to the second auxiliary information and the third mapping relationship in at least one auxiliary information supported by the LMF, and according to the area The correspondence between the list and the key determines the first key corresponding to the first area list, and then encrypts the second auxiliary information with the first key to generate the first auxiliary information. That is to say, the LMF assigns keys to the auxiliary information corresponding to the different area lists according to the mapping relationship carried in the first message sent, and accordingly, the AMF also determines the auxiliary information corresponding to the different area lists according to the mapping relationship in the first message And send the determined key to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
可选地,LMF生成第一辅助信息具体还以是LMF根据LMF支持的至少一个辅助信息中的第二辅助信息和第四映射关系确定该第二辅助信息对应的第一定位方式,根据第一区域列表和第一定位方式确定出第一密钥,进而根据该第一密钥对该第二辅助信息进行加密生成该第一辅助信息。也就是说,LMF根据发送的第一消息中携带的映射关系为根据区域列表和定位方式为对应的辅助信息分配密钥,相应地,AMF也根据该第一消息中的映射关系确定不同区域列表和定位方式对应的辅助信息的密钥,并将确定出的密钥发送给终端,使得终端能够解密该辅助信息,进一步提高了辅助信息的安全性能。Optionally, the first auxiliary information generated by the LMF is specifically that the LMF determines the first positioning mode corresponding to the second auxiliary information according to the second auxiliary information and the fourth mapping relationship in the at least one auxiliary information supported by the LMF, and according to the first The area list and the first positioning method determine the first key, and then encrypt the second auxiliary information according to the first key to generate the first auxiliary information. That is to say, according to the mapping relationship carried in the first message sent, the LMF assigns keys to the corresponding auxiliary information according to the area list and positioning mode. Accordingly, the AMF also determines the different area lists according to the mapping relationship in the first message. The key of the auxiliary information corresponding to the positioning mode is sent to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
可选地,AMF可以在获知第一密钥失效的情况下,获取第二密钥,即将第一密钥更新为第二密钥,并向第一终端发送该第二密钥,这样AMF可以采用第二密钥对辅助信息进行加密,第一终端可以采用第二密钥对辅助信息进行解密,即及时的更新密钥,更进一步提高辅助信息的安全性能。Optionally, the AMF can obtain the second key when it learns that the first key is invalid, that is, update the first key to the second key, and send the second key to the first terminal, so that the AMF can The second key is used to encrypt the auxiliary information, and the first terminal can use the second key to decrypt the auxiliary information, that is, the key is updated in time, which further improves the security performance of the auxiliary information.
具体地,第一密钥失效可以是AMF确定的。或者该第一密钥也可以是第一终端确定的,还可以是LMF确定的,进而告知该AMF。Specifically, the first key invalidation may be determined by AMF. Or, the first key may also be determined by the first terminal, or determined by the LMF, and then notify the AMF.
应理解,本申请实施例中AMF为第一终端确定第二密钥的方式可以与确定第一密钥的方式相同,为避免赘述,在此不进行重复。It should be understood that the manner in which the AMF determines the second key for the first terminal in the embodiment of the present application may be the same as the manner in which the first key is determined.
可选地,第一终端可以根据第一密钥的有效期限检测第一密钥是否过期,其中,第一终端具体可以检测使用第一密钥的时长是否超过时长阈值,在使用第一密钥的时长超过时长阈值的情况下确定该第一密钥过期,否则第一密钥没有过期;或第一终端可以检测使用第一密钥的次数是否超过次数阈值,若使用第一密钥的次数超过次数阈值,则第一密钥过期,否则第一密钥过期。Optionally, the first terminal may detect whether the first key has expired according to the validity period of the first key, where the first terminal may specifically detect whether the duration of using the first key exceeds a duration threshold, and when using the first key If the duration exceeds the duration threshold, it is determined that the first key has expired, otherwise the first key has not expired; or the first terminal can detect whether the number of times the first key is used exceeds the number threshold, if the number of times the first key is used If the threshold is exceeded, the first key expires, otherwise the first key expires.
可选地,第一终端还可以接收第五消息,该第五消息用于请求第一终端的位置信息,第一终端可以根据该第五消息启动检测第一密钥是否过期。即该第五消息用于触发该第一终端检测第一密钥是否过期。Optionally, the first terminal may also receive a fifth message, which is used to request the location information of the first terminal, and the first terminal may start to detect whether the first key has expired according to the fifth message. That is, the fifth message is used to trigger the first terminal to detect whether the first key has expired.
应理解,该第五密钥可以是“定位服务请求”,还可以是网络侧的其他“服务请求”, 本申请对此不进行限定。It should be understood that the fifth key can be a "location service request" or other "service request" on the network side, which is not limited in this application.
在一个实施例中,第一终端在检测到第一密钥过期的情况下,通过接入网设备向AMF发送第六消息,该第六消息可以用于请求更新密钥。相应地,AMF接收该第六消息,并根据该第六消息,将第二密钥发送该第一终端。即第六消息可以用于触发该AMF发送该第二密钥。相应地,该第二密钥可以携带在该第六消息的响应消息中。In one embodiment, when detecting that the first key has expired, the first terminal sends a sixth message to the AMF through the access network device, and the sixth message may be used to request to update the key. Correspondingly, the AMF receives the sixth message, and sends the second key to the first terminal according to the sixth message. That is, the sixth message can be used to trigger the AMF to send the second key. Correspondingly, the second key can be carried in the response message of the sixth message.
应理解,该第六消息可以是“密钥更新请求”,第六消息的响应消息可以是“密钥更新请求的响应消息”。It should be understood that the sixth message may be a "key update request", and the response message of the sixth message may be a "key update request response message".
应理解,若第一终端直接向AMF发送密钥更新请求,则该密钥更新请求可以是NAS消息。若第一终端通过接入网设备向AMF发送密钥更新请求,则在第一终端向接入网设备发送密钥更新请求时,该密钥更新请求可以是RRC连接重配消息,在接入网设备向AMF发送该密钥更新请求时,该密钥更新请求可以是N2消息。It should be understood that if the first terminal directly sends a key update request to the AMF, the key update request may be a NAS message. If the first terminal sends a key update request to the AMF through the access network device, when the first terminal sends the key update request to the access network device, the key update request may be an RRC connection reconfiguration message. When the network device sends the key update request to the AMF, the key update request may be an N2 message.
在另一个实施例中,AMF可以接收第五消息,该第五消息可以用于请求第一终端的位置信息,AMF根据该第五消息,向第一终端发送该第二密钥,例如,该第五消息用于触发该第一终端发送该第二密钥。In another embodiment, the AMF may receive a fifth message, the fifth message may be used to request the location information of the first terminal, and the AMF sends the second key to the first terminal according to the fifth message, for example, the The fifth message is used to trigger the first terminal to send the second key.
需要说明的是,该第五消息可以是“定位服务请求”,其中,该定位服务请求可以用于请求用户永久标识(subscription permanent identifier,SUPI)、客户类型、需求的Qos等。It should be noted that the fifth message may be a "location service request", where the location service request may be used to request a subscriber permanent identifier (SUPI), customer type, required Qos, and so on.
还需要说明的是,定位服务请求可以是网关移动定位中心(gateway mobile location center,GMLC)向AMF发送的。例如,外部客户端(external client)向GMLC发起定位服务请求,该定位服务请求的请求内容包括Qos、客户类型等。GMLC向UDM请求第一终端的位置和隐私设置,UDM向GMLC反馈服务该第一终端的AMF的网络地址和隐私设置等,进而GMLC可以向该AMF发送定位服务请求。It should also be noted that the location service request may be sent by a gateway mobile location center (GMLC) to the AMF. For example, an external client (external client) initiates a location service request to the GMLC, and the request content of the location service request includes Qos, client type, and so on. The GMLC requests the UDM for the location and privacy settings of the first terminal, and the UDM feeds back to the GMLC the network address and privacy settings of the AMF serving the first terminal, and the GMLC can send a location service request to the AMF.
应理解,AMF在接收到定位服务请求之后,在第一终端处于空闲态的状况下,向第一终端发送网络侧的定位服务请求进而建立和第一终端之间的信令交互。It should be understood that after receiving the location service request, the AMF sends a network-side location service request to the first terminal when the first terminal is in an idle state to establish a signaling interaction with the first terminal.
可选地,AMF可以向第一终端发送第七消息,该第七消息携带该第二密钥,第一终端接收到该第二密钥后向AMF反馈第七消息的响应消息,以指示该第一终端接收到该第二密钥,这样第一终端可以根据该第二密钥对该辅助信息进行解密,从而更进一步提高了辅助信息的安全性能。Optionally, the AMF may send a seventh message to the first terminal. The seventh message carries the second key. After receiving the second key, the first terminal feeds back the response message of the seventh message to the AMF to indicate the The first terminal receives the second key, so that the first terminal can decrypt the auxiliary information according to the second key, thereby further improving the security performance of the auxiliary information.
应理解,该第七消息可以是“密钥更新请求”,该第七消息的响应消息可以是“密钥更新请求的响应消息”。It should be understood that the seventh message may be a "key update request", and the response message of the seventh message may be a "key update request response message".
需要说明的是,AMF在确定和第一终端确定密钥更新完成之后,还可以选择LMF,并向选中的LMF请求第一终端当前的位置信息,LMF对第一终端的位置进行测量和计算,并将计算得到的第一终端的位置信息发送给AMF,AMF再向GMLC上报第一终端的位置信息,GMLC将第一终端的位置信息上报到外部客户端。其中,第一终端的位置信息可以包括定位服务(location service,LCS)相关标识、估计的位置、精度、定位方式中的至少一项。It should be noted that after the AMF determines and the first terminal determines that the key update is complete, it can also select the LMF and request the current location information of the first terminal from the selected LMF. The LMF measures and calculates the location of the first terminal. The calculated location information of the first terminal is sent to the AMF, and the AMF reports the location information of the first terminal to the GMLC, and the GMLC reports the location information of the first terminal to the external client. The location information of the first terminal may include at least one of a location service (location service, LCS) related identifier, estimated location, accuracy, and positioning mode.
可选地,该第七消息还可以携带该第二密钥的有效期限,该有效期限也可以是用于指示该第一终端能够使用该第二密钥的时长阈值或能够使用该第二密钥的次数阈值。Optionally, the seventh message may also carry the expiration date of the second key, and the expiration date may also be a time threshold for indicating that the first terminal can use the second key or can use the second key. The key count threshold.
应理解,若第一终端直接向AMF发送密钥更新请求的响应消息,则该密钥更新请求 的响应性消息可以是非接入层(non-access stratum,NAS)消息。若第一终端通过接入网设备向AMF发送密钥更新请求的响应消息,则在第一终端向接入网设备发送密钥更新请求的响应消息时,该密钥更新请求的响应性消息可以是无线资源控制(radio resource control,RRC)连接重配消息,在接入网设备向AMF发送该密钥更新请求的响应消息时,该密钥更新请求的响应消息可以是N2消息。It should be understood that if the first terminal directly sends the response message of the key update request to the AMF, the responsive message of the key update request may be a non-access stratum (NAS) message. If the first terminal sends a key update request response message to the AMF through the access network device, when the first terminal sends the key update request response message to the access network device, the key update request response message may be It is a radio resource control (RRC) connection reconfiguration message. When the access network device sends a response message to the key update request to the AMF, the response message to the key update request may be an N2 message.
可选地,该密钥更新请求还可以携带该第二密钥的有效期限,该有效期限也可以是用于指示该第一终端能够使用该第二密钥的时长阈值或能够使用该第二密钥的次数阈值。Optionally, the key update request may also carry the expiration date of the second key, and the expiration date may also be a time threshold for indicating that the first terminal can use the second key or can use the second key. The key count threshold.
MME可以通过该MME能够管理的所有接入网设备广播发送辅助信息,这样造成了信令开销比较大,相应地,某一个终端(例如,第一终端)也会接收到不相关的辅助信息,即第一终端的辅助信息收到其他不相关辅助信息的干扰也比较大,因此,辅助信息的传输效率较低。The MME can broadcast and send auxiliary information through all the access network devices that the MME can manage, which causes a relatively large signaling overhead. Accordingly, a certain terminal (for example, the first terminal) will also receive irrelevant auxiliary information. That is, the interference of the auxiliary information of the first terminal with other irrelevant auxiliary information is relatively large, and therefore, the transmission efficiency of the auxiliary information is low.
图5示出了本申请一个具体实施例的传输辅助信息的方法的示意性流程图。Fig. 5 shows a schematic flowchart of a method for transmitting auxiliary information according to a specific embodiment of the present application.
501,LMF生成至少一个辅助信息。501. The LMF generates at least one auxiliary information.
在一个实施例中,LMF根据辅助信息和区域列表的映射关系(即第一映射关系),确定LMF支持的至少一个辅助信息中的第二辅助信息对应的第一区域列表,并根据区域列表和密钥的对应关系确定出该第一区域列表对应的第一密钥,进而通过该第一密钥对该第二辅助信息进行加密生成该第一辅助信息。也就是说,LMF根据发送的第一消息中携带的映射关系为不同区域列表对应的辅助信息分配密钥,相应地,AMF也根据该第一消息中的映射关系确定不同区域列表对应的辅助信息的密钥,并将确定出的密钥发送给终端,使得终端能够解密该辅助信息,进一步提高了辅助信息的安全性能。In one embodiment, the LMF determines the first area list corresponding to the second auxiliary information in the at least one auxiliary information supported by the LMF according to the mapping relationship between the auxiliary information and the area list (ie, the first mapping relationship), and according to the area list and The correspondence between the keys determines the first key corresponding to the first area list, and then encrypts the second auxiliary information with the first key to generate the first auxiliary information. That is to say, the LMF assigns keys to the auxiliary information corresponding to the different area lists according to the mapping relationship carried in the first message sent, and accordingly, the AMF also determines the auxiliary information corresponding to the different area lists according to the mapping relationship in the first message And send the determined key to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
在另一个实施例中,LMF根据辅助信息和定位方式的映射关系(即第二映射关系),确定LMF支持的至少一个辅助信息中的第二辅助信息对应的第一定位方式,根据第一区域列表和第一定位方式确定出第一密钥,进而根据该第一密钥对该第二辅助信息进行加密生成该第一辅助信息。也就是说,LMF根据发送的第一消息中携带的映射关系为根据区域列表和定位方式为对应的辅助信息分配密钥,相应地,AMF也根据该第一消息中的映射关系确定不同区域列表和定位方式对应的辅助信息的密钥,并将确定出的密钥发送给终端,使得终端能够解密该辅助信息,进一步提高了辅助信息的安全性能。In another embodiment, the LMF determines the first positioning mode corresponding to the second auxiliary information in the at least one auxiliary information supported by the LMF according to the mapping relationship between the auxiliary information and the positioning mode (ie, the second mapping relationship), and according to the first area The list and the first positioning method determine the first key, and then encrypt the second auxiliary information according to the first key to generate the first auxiliary information. That is to say, according to the mapping relationship carried in the first message sent, the LMF assigns keys to the corresponding auxiliary information according to the area list and positioning mode. Accordingly, the AMF also determines the different area lists according to the mapping relationship in the first message. The key of the auxiliary information corresponding to the positioning mode is sent to the terminal, so that the terminal can decrypt the auxiliary information, which further improves the security performance of the auxiliary information.
需要说明的是,本申请实施例中的“第一消息”与图4所述的实施例中的“第四消息”表示的含义相同,本申请实施例中的“第一映射关系”与图4所述的实施例中的“第三映射关系”相同,本申请实施例中的“第二映射关系”与图4所述的实施例中的“第四映射关系”相同,其他与图4所示的实施例中的相同术语表示的含义相同。It should be noted that the "first message" in the embodiment of this application has the same meaning as the "fourth message" in the embodiment described in FIG. The "third mapping relationship" in the embodiment described in 4 is the same, the "second mapping relationship" in the embodiment of this application is the same as the "fourth mapping relationship" in the embodiment described in FIG. The same terms in the illustrated embodiments have the same meaning.
502,LMF向AMF发送第一消息,该第一消息包括至少一个区域列表和至少一个辅助信息的第一映射关系,所述至少一个区域列表中的每个区域列表对应所述AMF管理的多个接入网设备中的部分接入网设备。502. The LMF sends a first message to the AMF. The first message includes a first mapping relationship between at least one area list and at least one auxiliary information. Each area list in the at least one area list corresponds to a plurality of areas managed by the AMF. Part of the access network equipment in the access network equipment.
应理解,该第一映射关系和该第二映射关系分别可以是一个表格,或者该第一映射关系和该第二映射关系在一个表格中。It should be understood that the first mapping relationship and the second mapping relationship may each be a table, or the first mapping relationship and the second mapping relationship may be in a table.
503,AMF根据该第一映射关系,确定该至少一个区域列表中的第一区域列表对应的第一辅助信息。503. The AMF determines the first auxiliary information corresponding to the first area list in the at least one area list according to the first mapping relationship.
504,AMF通过第一区域列表对应的接入网设备发送该第一辅助信息。504. The AMF sends the first auxiliary information through the access network device corresponding to the first area list.
具体地,LMF采用密钥对辅助信息加密,并通过第一消息发送该AMF,AMF确定某一个辅助信息(例如,第一辅助信息)采用的第一密钥,并将该第一密钥发送给已经签约了该第一辅助信息的终端(例如第一终端),这样第一终端在接收到接入网设备广播的多个辅助信息后,采用该第一密钥能够解析该第一辅助信息,提高了辅助信息的安全性能。Specifically, LMF uses a key to encrypt auxiliary information, and sends the AMF through a first message. AMF determines the first key used by a certain auxiliary information (for example, the first auxiliary information), and sends the first key To the terminal (for example, the first terminal) that has subscribed to the first auxiliary information, so that the first terminal can parse the first auxiliary information using the first key after receiving multiple auxiliary information broadcast by the access network device , Improve the security performance of auxiliary information.
应理解,步骤504之后,AMF确定每个辅助信息采用的密钥,并将该密钥发送给对应的终端的步骤与图4所示的实施例的步骤相同,为避免重复,在此不进行赘述。It should be understood that after step 504, the AMF determines the key used for each auxiliary information and sends the key to the corresponding terminal. The steps are the same as the steps in the embodiment shown in FIG. 4. To avoid repetition, it will not be performed here. Repeat.
图6示出了本申请另一个具体实施例的保护辅助信息的方法的示意性流程图。FIG. 6 shows a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
需要说明的是,本申请实施例中与图4所示的实施例中的相同术语表示的含义相同,本申请实施例对此不进行限定。It should be noted that the same terms in the embodiment of the present application and the embodiment shown in FIG. 4 have the same meaning, and the embodiment of the present application does not limit this.
601,AMF从LMF中接收密钥消息,该密钥消息包括LMF支持的多个密钥,LMF支持的多个定位方式和该多个密钥对应的至少一个区域列表。601. The AMF receives a key message from the LMF, where the key message includes multiple keys supported by the LMF, multiple positioning modes supported by the LMF, and at least one area list corresponding to the multiple keys.
602,AMF存储该密钥消息。602. The AMF stores the key message.
603,第一终端在附着过程中,向接入网设备发起附着请求,该附着请求包括第一终端的定位能力信息和区域标识,该区域标识用于指示该第一终端所属的区域。603. During the attach process, the first terminal initiates an attach request to the access network device. The attach request includes the positioning capability information of the first terminal and an area identifier, where the area identifier is used to indicate the area to which the first terminal belongs.
604,接入网设备向AMF发送该附着请求。604. The access network device sends the attachment request to the AMF.
605,AMF向UDM发送定位设置请求。605. The AMF sends a location setting request to the UDM.
606,AMF从UDM中获取定位设置响应,该定位设置响应包括辅助信息设置。606. The AMF obtains a positioning setting response from the UDM, where the positioning setting response includes auxiliary information setting.
607,AMF根据第一终端的定位能力信息和LMF支持的定位方式,确定第一终端的第一密钥。607. The AMF determines the first key of the first terminal according to the positioning capability information of the first terminal and the positioning mode supported by the LMF.
608,AMF向接入网设备发送附着请求的响应消息,该响应消息包括有效期限、指示信息和辅助信息中的至少一项,还包括第一密钥。608. The AMF sends a response message for the attachment request to the access network device, where the response message includes at least one of the expiration date, indication information, and auxiliary information, and also includes the first key.
609,接入网设备向AMF发送该附着请求的响应消息。609. The access network device sends a response message of the attach request to the AMF.
因此,本申请实施例中,AMF根据LMF支持的定位方式和第一终端的定位能力信息确定出适合当前第一终端的第一密钥,并将该第一密钥发送该第一终端,使得第一终端根据该第一密钥解析辅助信息,从而提高了辅助信息的安全性能。此外,第一终端的能力信息和区域标识可以携带在附着请求中,第一密钥可以携带在附着请求的响应消息中,即不需要专门发送,从而节省了信令开销。Therefore, in this embodiment of the application, the AMF determines the first key suitable for the current first terminal according to the positioning mode supported by the LMF and the positioning capability information of the first terminal, and sends the first key to the first terminal, so that The first terminal parses the auxiliary information according to the first key, thereby improving the security performance of the auxiliary information. In addition, the capability information and the area identifier of the first terminal can be carried in the attach request, and the first key can be carried in the attach request response message, that is, it does not need to be specially sent, thereby saving signaling overhead.
图7示出了本申请又一个具体实施例的保护辅助信息的方法的示意性流程图。FIG. 7 shows a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
需要说明的是,本申请实施例中与图4所示的实施例中的相同术语表示的含义相同,本申请实施例对此不进行限定。It should be noted that the same terms in the embodiment of the present application and the embodiment shown in FIG. 4 have the same meaning, and the embodiment of the present application does not limit this.
701,AMF从LMF中接收密钥消息,该密钥消息包括LMF支持的多个密钥,LMF支持的多个定位方式和该多个密钥对应的至少一个区域列表。701. The AMF receives a key message from the LMF, where the key message includes multiple keys supported by the LMF, multiple positioning modes supported by the LMF, and at least one area list corresponding to the multiple keys.
702,AMF存储该密钥消息。702. The AMF stores the key message.
703,第一终端在TAU过程中,向接入网设备发起TAU请求,该TAU请求包括第一终端的定位能力信息和区域标识,该区域标识用于指示该第一终端所属的区域。703. During the TAU process, the first terminal initiates a TAU request to the access network device. The TAU request includes the positioning capability information of the first terminal and an area identifier, where the area identifier is used to indicate the area to which the first terminal belongs.
704,接入网设备向AMF发送该TAU请求。704. The access network device sends the TAU request to the AMF.
705,AMF向UDM发送定位设置请求。705. The AMF sends a location setting request to the UDM.
706,AMF从UDM中获取定位设置响应,该定位设置响应包括辅助信息设置。706. The AMF obtains a positioning setting response from the UDM, where the positioning setting response includes auxiliary information setting.
707,AMF根据第一终端的定位能力信息和LMF支持的定位方式,确定第一终端的 第一密钥。707. The AMF determines the first key of the first terminal according to the positioning capability information of the first terminal and the positioning mode supported by the LMF.
708,AMF向接入网设备发送TAU请求的响应消息,该响应消息包括有效期限、指示信息和辅助信息中的至少一项,还包括第一密钥。708. The AMF sends a TAU request response message to the access network device, where the response message includes at least one of the expiration date, the indication information, and the auxiliary information, and also includes the first key.
709,接入网设备向AMF发送该TAU请求的响应消息。709: The access network device sends a response message for the TAU request to the AMF.
因此,本申请实施例中,AMF根据LMF支持的定位方式和第一终端的定位能力信息确定出适合当前第一终端的第一密钥,并将该第一密钥发送该第一终端,使得第一终端根据该第一密钥解析辅助信息,从而提高了辅助信息的安全性能。此外,第一终端的能力信息和区域标识可以携带在TAU请求中,第一密钥可以携带在TAU请求的响应消息中,即不需要专门发送,从而节省了信令开销。Therefore, in this embodiment of the application, the AMF determines the first key suitable for the current first terminal according to the positioning mode supported by the LMF and the positioning capability information of the first terminal, and sends the first key to the first terminal, so that The first terminal parses the auxiliary information according to the first key, thereby improving the security performance of the auxiliary information. In addition, the capability information and the area identifier of the first terminal can be carried in the TAU request, and the first key can be carried in the response message of the TAU request, that is, it does not need to be specially sent, thereby saving signaling overhead.
图8示出了本申请又一个具体实施例的保护辅助信息的方法的示意性流程图。FIG. 8 shows a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
需要说明的是,本申请实施例中与图4所示的实施例中的相同术语表示的含义相同,本申请实施例对此不进行限定。It should be noted that the same terms in the embodiment of the present application and the embodiment shown in FIG. 4 have the same meaning, and the embodiment of the present application does not limit this.
801,AMF可以接收第二密钥,并对第二密钥进行存储,以备后续需要时进行解析。801. The AMF may receive the second key, and store the second key for subsequent analysis when needed.
802,GMLC从外部客户端接收LCS请求。802. The GMLC receives an LCS request from an external client.
803,GMLC向AMF发送LCS请求。803. The GMLC sends an LCS request to the AMF.
804,AMF向第一终端发送LCS请求。804. The AMF sends an LCS request to the first terminal.
应理解,该LCS请求还可以是其他服务请求,本申请对此不进行限定。It should be understood that the LCS request may also be another service request, which is not limited in this application.
805,第一终端在接收到LCS请求之后,检测第一密钥是否过期。805: After receiving the LCS request, the first terminal detects whether the first key has expired.
可选地,第一终端具体可以检测使用第一密钥的时长是否超过时长阈值,在使用第一密钥的时长超过时长阈值的情况下确定该第一密钥过期,否则第一密钥没有过期;或第一终端可以检测使用第一密钥的次数是否超过次数阈值,若使用第一密钥的次数超过次数阈值,则第一密钥过期,否则第一密钥过期。Optionally, the first terminal may specifically detect whether the duration of using the first key exceeds a duration threshold, and if the duration of using the first key exceeds the duration threshold, determine that the first key has expired, otherwise the first key has not Expired; or the first terminal can detect whether the number of times the first key is used exceeds the number threshold, if the number of times the first key is used exceeds the number threshold, the first key expires, otherwise the first key expires.
806,第一终端在检测到第一终端过期之后,向接入网设备发送密钥更新请求。806: After detecting that the first terminal has expired, the first terminal sends a key update request to the access network device.
807,接入网设备向AMF发送密钥更新请求。807. The access network device sends a key update request to the AMF.
808,AMF在第一密钥失效时,获取第二密钥。808. When the first key becomes invalid, the AMF obtains the second key.
具体地,AMF可以提前获知在步骤805中第一终端检测到的第一密钥失效,并在接收到密钥更新请求的情况下,向第一终端发送第二密钥。Specifically, the AMF may know in advance that the first key detected by the first terminal in step 805 is invalid, and upon receiving the key update request, send the second key to the first terminal.
应理解,该步骤808可以在步骤805之后,且在步骤809之前,本申请对此不进行限定。It should be understood that step 808 may be after step 805 and before step 809, which is not limited in this application.
809,AMF向接入网设备发送第二密钥,该第二密钥可以携带在密钥更新请求的响应消息中。809. The AMF sends a second key to the access network device, where the second key may be carried in a response message to the key update request.
810,接入网设备向第一终端发送该密钥更新请求的响应消息。810. The access network device sends a response message to the key update request to the first terminal.
因此,第一终端在接收到LCS请求之后,进行检测第一密钥是否过期,在检测到第一密钥过期的情况下,通过接入网设备向AMF发送密钥更新请求,AMF在确定第一密钥失效的情况下获取第二密钥,并在接收到密钥更新请求的情况下向第一终端发送该第二密钥,这样第一终端能够在LCS请求的触发下,检测当前密钥是否合适,且通过密钥更新请求触发AMF向第一终端发送第二密钥,使得第一终端和AMF采用合适的密钥保护辅助信息,从而提高了辅助信息的安全性能。Therefore, after receiving the LCS request, the first terminal detects whether the first key has expired, and in the case of detecting that the first key has expired, sends a key update request to the AMF through the access network device, and the AMF determines the first key update request. When a key is invalid, the second key is obtained, and the second key is sent to the first terminal when the key update request is received, so that the first terminal can detect the current key when triggered by the LCS request. Whether the key is appropriate, and the AMF is triggered to send the second key to the first terminal through the key update request, so that the first terminal and the AMF use appropriate keys to protect the auxiliary information, thereby improving the security performance of the auxiliary information.
图9示出了本申请又一个具体实施例的保护辅助信息的方法的示意性流程图。FIG. 9 shows a schematic flowchart of a method for protecting auxiliary information according to another specific embodiment of the present application.
需要说明的是,本申请实施例中与图4所示的实施例中的相同术语表示的含义相同,本申请实施例对此不进行限定。It should be noted that the same terms in the embodiment of the present application and the embodiment shown in FIG. 4 have the same meaning, and the embodiment of the present application does not limit this.
901,AMF可以接收第二密钥,并对第二密钥进行存储,以备后续需要时进行解析。901. The AMF may receive the second key, and store the second key for subsequent analysis when needed.
902,GMLC从外部客户端接收LCS请求。902. The GMLC receives an LCS request from an external client.
903,GMLC向AMF发送LCS请求。903. The GMLC sends an LCS request to the AMF.
904,AMF在确定第一密钥失效的情况下,解析第二密钥。904. The AMF analyzes the second key when determining that the first key is invalid.
905,AMF向接入网设备发送密钥更新请求,该密钥更新请求包括第二密钥。905. The AMF sends a key update request to the access network device, where the key update request includes the second key.
906,接入网设备向第一终端发送该密钥更新请求。906: The access network device sends the key update request to the first terminal.
907,第一终端向AMF发送该密钥更新请求的响应消息。907: The first terminal sends a response message to the key update request to the AMF.
908,AMF根据该响应消息,选择LMF。908. The AMF selects the LMF according to the response message.
909,AMF向LMF发送位置请求。In 909, the AMF sends a location request to the LMF.
910,LMF计算第一终端的位置。910. The LMF calculates the location of the first terminal.
911,LMF向外部客户端发送第一终端的位置信息。911: The LMF sends the location information of the first terminal to the external client.
因此,AMF在确定第一密钥失效的情况下,获取第二密钥,并在接收到LCS请求之后,向第一终端发送第二密钥,这样AMF能够在LCS请求的触发下,向第一终端发送该第二密钥,使得第一终端和AMF采用合适的密钥保护辅助信息,从而提高了辅助信息的安全性能。Therefore, when the AMF determines that the first key is invalid, it obtains the second key, and after receiving the LCS request, sends the second key to the first terminal, so that AMF can send the second key to the first terminal triggered by the LCS request. A terminal sends the second key, so that the first terminal and the AMF use a suitable key to protect the auxiliary information, thereby improving the security performance of the auxiliary information.
图10示出了本申请实施例的用于保护辅助信息的装置的示意性框图。FIG. 10 shows a schematic block diagram of an apparatus for protecting auxiliary information according to an embodiment of the present application.
应理解,该装置1000可以对应于图4所示的实施例中的AMF,可以具有方法中的AMF的任意功能。该装置1000,包括收发模块1010和处理模块1020。It should be understood that the device 1000 may correspond to the AMF in the embodiment shown in FIG. 4, and may have any function of the AMF in the method. The device 1000 includes a transceiver module 1010 and a processing module 1020.
该收发模块1010,用于接收第一终端所属的跟踪区标识,该跟踪区标识用于指示第一终端所属的跟踪区;The transceiver module 1010 is configured to receive a tracking area identifier to which the first terminal belongs, where the tracking area identifier is used to indicate the tracking area to which the first terminal belongs;
该处理模块1020,用于根据该第一终端所属的跟踪区,确定为该第一终端分配的第一密钥,该第一密钥用于保护辅助信息;The processing module 1020 is configured to determine a first key assigned to the first terminal according to the tracking area to which the first terminal belongs, and the first key is used to protect auxiliary information;
该收发模块1010,还用于向该第一终端发送该第一密钥。The transceiver module 1010 is also used to send the first key to the first terminal.
可选地,该收发模块1010,还用于获取该第一终端的定位方式;Optionally, the transceiver module 1010 is also used to obtain the positioning mode of the first terminal;
该处理模块1020具体用于:The processing module 1020 is specifically used for:
根据该第一终端的定位方式和该第一终端所属的跟踪区,确定该第一密钥。The first key is determined according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs.
可选地,该收发模块1010,还用于从位置管理功能网元LMF接收第一消息,该第一消息包括该LMF支持的多个密钥,以及该多个密钥中的每个密钥对应的定位方式和跟踪区;Optionally, the transceiver module 1010 is further configured to receive a first message from the location management function network element LMF, where the first message includes multiple keys supported by the LMF, and each key in the multiple keys Corresponding positioning method and tracking area;
该处理模块1020具体用于:The processing module 1020 is specifically used for:
根据该第一终端的定位方式和该第一终端所属的跟踪区,从该LMF支持的多个密钥中确定该第一密钥。According to the positioning mode of the first terminal and the tracking area to which the first terminal belongs, the first key is determined from a plurality of keys supported by the LMF.
可选地,该第一消息还包括该LMF支持的多个定位方式,该收发模块1010,还用于获取该第一终端的定位能力信息,该定位能力信息用于指示该第一终端支持的定位方式;Optionally, the first message further includes multiple positioning modes supported by the LMF. The transceiver module 1010 is also used to obtain positioning capability information of the first terminal. The positioning capability information is used to indicate the positioning capability information supported by the first terminal. Targeting;
该收发模块1010具体用于:The transceiver module 1010 is specifically used for:
根据该第一终端支持的定位方式和该LMF支持的多个定位方式,确定该第一终端的定位方式。Determine the positioning mode of the first terminal according to the positioning mode supported by the first terminal and the multiple positioning modes supported by the LMF.
可选地,该定位能力信息和该跟踪区的标识携带在第二消息中,该第二消息用于请求接入该AMF,该收发模块1010具体用于:Optionally, the positioning capability information and the identification of the tracking area are carried in a second message, and the second message is used to request access to the AMF, and the transceiver module 1010 is specifically used to:
向该第一终端发送该第二消息的响应消息,该第二消息的响应消息包括该第一密钥。Sending a response message of the second message to the first terminal, where the response message of the second message includes the first key.
可选地,该收发模块1010具体用于:Optionally, the transceiver module 1010 is specifically used for:
接收第三消息,该第三消息用于请求更新跟踪区,该第三消息包括该跟踪区标识;Receiving a third message, the third message being used to request to update the tracking area, the third message including the tracking area identifier;
该收发模块1010具体用于:The transceiver module 1010 is specifically used for:
向该第一终端发送该第三消息的响应消息,该第三消息的响应消息包括该第一密钥。Sending a response message of the third message to the first terminal, where the response message of the third message includes the first key.
可选地,该收发模块1010,还用于向该第一终端发送有效期限、指示信息中的一项或者多项,该有效期限用于指示该第一终端能够使用该第一密钥的时长阈值或能够使用该第一密钥的次数阈值,该指示信息用于指示该AMF在该第一终端所属的跟踪区是否支持辅助信息。Optionally, the transceiver module 1010 is further configured to send one or more of an expiration date and indication information to the first terminal, where the expiration date is used to indicate the length of time that the first terminal can use the first key The threshold or the threshold of the number of times the first key can be used, and the indication information is used to indicate whether the AMF supports auxiliary information in the tracking area to which the first terminal belongs.
可选地,在该AMF向该第一终端发送该第一密钥之前,该收发模块1010,还用于从统一数据管理网元UDM中获取该辅助信息设置,该辅助信息设置用于指示该第一终端是否签约辅助信息;Optionally, before the AMF sends the first key to the first terminal, the transceiver module 1010 is further configured to obtain the auxiliary information setting from the unified data management network element UDM, and the auxiliary information setting is used to indicate the Whether the first terminal signs the auxiliary information;
该处理模块1020,还用于在该辅助信息设置指示该第一终端签约辅助信息的情况下,确定向该第一终端发送该第一密钥。The processing module 1020 is further configured to determine to send the first key to the first terminal when the auxiliary information setting indicates that the first terminal subscribes to the auxiliary information.
可选地,该收发模块1010,还用于接收第四消息,该第四消息包括至少一个区域列表和至少一个辅助信息的第三映射关系;Optionally, the transceiver module 1010 is further configured to receive a fourth message, where the fourth message includes a third mapping relationship between at least one area list and at least one auxiliary information;
该处理模块1010,还用于根据该第三映射关系,确定该至少一个区域列表中的第一区域列表对应的第一辅助信息;The processing module 1010 is further configured to determine the first auxiliary information corresponding to the first area list in the at least one area list according to the third mapping relationship;
该收发模块1010,还用于通过该第一区域列表对应的接入网设备发送该第一辅助信息。The transceiver module 1010 is further configured to send the first auxiliary information through the access network device corresponding to the first area list.
可选地,该第四消息还包括至少一个定位方式和该至少一个辅助信息的第四映射关系,该处理模块1020,还用于根据该第四映射关系,确定该至少一个定位方式中的第一定位方式对应的至少一个辅助信息;Optionally, the fourth message further includes a fourth mapping relationship between at least one positioning mode and the at least one auxiliary information, and the processing module 1020 is further configured to determine the first position in the at least one positioning mode according to the fourth mapping relationship. At least one piece of auxiliary information corresponding to a positioning method;
该处理模块1020具体用于:The processing module 1020 is specifically used for:
根据该第三映射关系,从该第一定位方式对应的至少一个辅助信息中确定该第一辅助信息。According to the third mapping relationship, the first auxiliary information is determined from at least one auxiliary information corresponding to the first positioning mode.
可选地,该收发模块1010,还用于当第一终端的第一密钥失效时,获取第二密钥;Optionally, the transceiver module 1010 is further configured to obtain a second key when the first key of the first terminal becomes invalid;
该收发模块1010,还用于向该第一终端发送该第二密钥。The transceiver module 1010 is also used to send the second key to the first terminal.
可选地,该第四消息还包括至少一个定位方式和该至少一个辅助信息的第四映射关系,该处理模块,还用于根据该第四映射关系,确定该至少一个定位方式中的第一定位方式对应的至少一个辅助信息;Optionally, the fourth message further includes a fourth mapping relationship between at least one positioning mode and the at least one auxiliary information, and the processing module is further configured to determine the first in the at least one positioning mode according to the fourth mapping relationship. At least one piece of auxiliary information corresponding to the positioning mode;
该处理模块1020具体用于:The processing module 1020 is specifically used for:
根据该第三映射关系,从该第一定位方式对应的至少一个辅助信息中确定该第一辅助信息。According to the third mapping relationship, the first auxiliary information is determined from at least one auxiliary information corresponding to the first positioning mode.
可选地,该收发模块1010,还用于当第一终端的第一密钥失效时,获取第二密钥;Optionally, the transceiver module 1010 is further configured to obtain a second key when the first key of the first terminal becomes invalid;
该收发模块1010,还用于向该第一终端发送该第二密钥。The transceiver module 1010 is also used to send the second key to the first terminal.
可选地,该收发模块1010,还用于接收第五消息,该第五消息用于请求该第一终端 的位置信息;Optionally, the transceiver module 1010 is further configured to receive a fifth message, where the fifth message is used to request location information of the first terminal;
该收发模块1010具体用于:The transceiver module 1010 is specifically used for:
根据该第五消息,向该第一终端发送该第二密钥。According to the fifth message, the second key is sent to the first terminal.
可选地,该收发模块1010,还用于接收来自该第一终端的第六消息,该第六消息用于请求更新密钥;Optionally, the transceiver module 1010 is further configured to receive a sixth message from the first terminal, where the sixth message is used to request to update the key;
该收发模块1010具体用于:The transceiver module 1010 is specifically used for:
根据该第六消息,向该第一终端发送该第二密钥。According to the sixth message, the second key is sent to the first terminal.
因此,本申请实施例的AMF,通过接收用于指示第一终端所属的跟踪区的跟踪区标识,进而根据第一终端所属的跟踪区为第一终端分配密钥(即第一密钥),并将该第一密钥发送给第一终端,相对于传统方案中,移动性管理网元为终端统一分配密钥,本申请实施例能够为第一终端分配合适的密钥,并通过该密钥保护该第一终端的辅助信息,从而提高了辅助信息的安全性能。Therefore, the AMF in the embodiment of the present application receives the tracking area identifier used to indicate the tracking area to which the first terminal belongs, and then allocates a key (ie, the first key) to the first terminal according to the tracking area to which the first terminal belongs. And send the first key to the first terminal. Compared with the traditional solution, the mobility management network element uniformly distributes the key to the terminal. The embodiment of the present application can allocate a suitable key to the first terminal and pass the key. The key protects the auxiliary information of the first terminal, thereby improving the security performance of the auxiliary information.
图11示出了本申请实施例提供的用于保护辅助信息的装置1100的示意框图,该装置1100可以为图4所述的AMF。该装置可以采用如图11所示的硬件架构。该装置可以包括处理器1110和收发器1120,可选地,该装置还可以包括存储器1130,该处理器1110、收发器1120和存储器1130通过内部连接通路互相通信。图10中的处理模块1020所实现的相关功能可以由处理器1110来实现,收发模块1011所实现的相关功能可以由处理器1110控制收发器1120来实现。FIG. 11 shows a schematic block diagram of a device 1100 for protecting auxiliary information provided by an embodiment of the present application. The device 1100 may be the AMF described in FIG. 4. The device can adopt the hardware architecture shown in FIG. 11. The device may include a processor 1110 and a transceiver 1120. Optionally, the device may also include a memory 1130. The processor 1110, the transceiver 1120, and the memory 1130 communicate with each other through an internal connection path. Related functions implemented by the processing module 1020 in FIG. 10 may be implemented by the processor 1110, and related functions implemented by the transceiver module 1011 may be implemented by the processor 1110 controlling the transceiver 1120.
可选地,该处理器1110可以是一个通用中央处理器(central processing unit,CPU),微处理器,特定应用集成电路(application-specific integrated circuit,ASIC),专用处理器,或一个或多个用于执行本申请实施例技术方案的集成电路。或者,处理器可以指一个或多个设备、电路、和/或用于处理数据(例如计算机程序指令)的处理核。例如可以是基带处理器、或中央处理器。基带处理器可以用于对通信协议以及通信数据进行处理,中央处理器可以用于对用于保护辅助信息的装置(如,基站、终端、或芯片等)进行控制,执行软件程序,处理软件程序的数据。Optionally, the processor 1110 may be a general-purpose central processing unit (central processing unit, CPU), microprocessor, application-specific integrated circuit (ASIC), dedicated processor, or one or more An integrated circuit used to implement the technical solutions of the embodiments of this application. Alternatively, a processor may refer to one or more devices, circuits, and/or processing cores for processing data (for example, computer program instructions). For example, it can be a baseband processor or a central processing unit. The baseband processor can be used to process communication protocols and communication data, and the central processor can be used to control devices (such as base stations, terminals, or chips) used to protect auxiliary information, execute software programs, and process software programs The data.
可选地,该处理器1110可以包括是一个或多个处理器,例如包括一个或多个中央处理单元(central processing unit,CPU),在处理器是一个CPU的情况下,该CPU可以是单核CPU,也可以是多核CPU。Optionally, the processor 1110 may include one or more processors, such as one or more central processing units (CPU). In the case where the processor is a CPU, the CPU may be a single processor. The core CPU can also be a multi-core CPU.
该收发器1120用于发送和接收数据和/或信号,以及接收数据和/或信号。该收发器可以包括发射器和接收器,发射器用于发送数据和/或信号,接收器用于接收数据和/或信号。The transceiver 1120 is used to send and receive data and/or signals, and receive data and/or signals. The transceiver may include a transmitter and a receiver, the transmitter is used to send data and/or signals, and the receiver is used to receive data and/or signals.
该存储器1130包括但不限于是随机存取存储器(random access memory,RAM)、只读存储器(read-only memory,ROM)、可擦除可编程存储器(erasable programmable read only memory,EPROM)、只读光盘(compact disc read-only memory,CD-ROM),该存储器1130用于存储相关指令及数据。The memory 1130 includes, but is not limited to, random access memory (RAM), read-only memory (ROM), erasable programmable memory (erasable programmable memory, EPROM), and read-only memory. A compact disc (read-only memory, CD-ROM), the memory 1130 is used to store related instructions and data.
存储器1130用于存储AMF的程序代码和数据,可以为单独的器件或集成在处理器1110中。The memory 1130 is used to store AMF program codes and data, and may be a separate device or integrated in the processor 1110.
具体地,所述处理器1110用于控制收发器与终端进行信息传输。具体可参见方法实施例中的描述,在此不再赘述。Specifically, the processor 1110 is configured to control the transceiver to perform information transmission with the terminal. For details, please refer to the description in the method embodiment, which will not be repeated here.
可以理解的是,图11仅仅示出了用于保护辅助信息的装置的简化设计。在实际应用 中,该装置还可以分别包含必要的其他元件,包含但不限于任意数量的收发器、处理器、控制器、存储器等,而所有可以实现本申请的AMF都在本申请的保护范围之内。It can be understood that FIG. 11 only shows a simplified design of the device for protecting auxiliary information. In practical applications, the device can also contain other necessary components, including but not limited to any number of transceivers, processors, controllers, memories, etc., and all AMFs that can implement this application are within the protection scope of this application within.
在一种可能的设计中,该装置1100可以是芯片,例如可以为可用于AMF中的通信芯片,用于实现AMF中处理器1110的相关功能。该芯片可以为实现相关功能的现场可编程门阵列,专用集成芯片,***芯片,中央处理器,网络处理器,数字信号处理电路,微控制器,还可以采用可编程控制器或其他集成芯片。该芯片中,可选的可以包括一个或多个存储器,用于存储程序代码,当所述代码被执行时,使得处理器实现相应的功能。In a possible design, the device 1100 may be a chip, for example, a communication chip that can be used in the AMF to implement related functions of the processor 1110 in the AMF. The chip can be a field programmable gate array, a dedicated integrated chip, a system chip, a central processing unit, a network processor, a digital signal processing circuit, a microcontroller, and a programmable controller or other integrated chips for realizing related functions. The chip may optionally include one or more memories for storing program codes. When the codes are executed, the processor realizes corresponding functions.
在具体实现中,作为一种实施例,装置1100还可以包括输出设备和输入设备。输出设备和处理器1110通信,可以以多种方式来显示信息。例如,输出设备可以是液晶显示器(liquid crystal display,LCD),发光二级管(light emitting diode,LED)显示设备,阴极射线管(cathode ray tube,CRT)显示设备,或投影仪(projector)等。输入设备和处理器601通信,可以以多种方式接收用户的输入。例如,输入设备可以是鼠标、键盘、触摸屏设备或传感设备等。In a specific implementation, as an embodiment, the apparatus 1100 may further include an output device and an input device. The output device communicates with the processor 1110 and can display information in a variety of ways. For example, the output device may be a liquid crystal display (LCD), a light emitting diode (LED) display device, a cathode ray tube (CRT) display device, or a projector, etc. . The input device communicates with the processor 601 and can receive user input in various ways. For example, the input device may be a mouse, a keyboard, a touch screen device, or a sensor device.
图12示出了本申请实施例的用于保护辅助信息的装置1200的示意性框图。FIG. 12 shows a schematic block diagram of an apparatus 1200 for protecting auxiliary information according to an embodiment of the present application.
应理解,该装置1200可以对应于图4所示的实施例中的终端,可以具有方法中的终端的任意功能。该装置1200,包括收发模块1210。It should be understood that the apparatus 1200 may correspond to the terminal in the embodiment shown in FIG. 4, and may have any function of the terminal in the method. The device 1200 includes a transceiver module 1210.
该收发模块1210,用于向接入与移动性管理功能网元AMF发送跟踪区标识,该跟踪区标识用于指示第一终端所属的跟踪区;The transceiver module 1210 is configured to send a tracking area identifier to the access and mobility management function network element AMF, where the tracking area identifier is used to indicate the tracking area to which the first terminal belongs;
该处理模块1210,还用于接收第一密钥,该第一密钥是由该AMF根据该第一终端所属的跟踪区确定的,且该第一密钥用于保护辅助信息。The processing module 1210 is further configured to receive a first key, the first key is determined by the AMF according to the tracking area to which the first terminal belongs, and the first key is used to protect auxiliary information.
可选地,该收发模块1210,还用于接收加密后的辅助信息;Optionally, the transceiver module 1210 is also used to receive encrypted auxiliary information;
处理模块1220,用于根据该第一密钥,解密该加密后的辅助信息。The processing module 1220 is configured to decrypt the encrypted auxiliary information according to the first key.
可选地,该收发模块,还用于向该AMF发送定位能力信息,该定位能力信息用于指示该第一终端支持的定位方式。Optionally, the transceiver module is further configured to send positioning capability information to the AMF, where the positioning capability information is used to indicate a positioning mode supported by the first terminal.
可选地,该收发模块1210具体用于:Optionally, the transceiver module 1210 is specifically used for:
向该AMF发送第二消息,该第二消息包括定位能力信息,且该第二消息用于请求接入该AMF;Sending a second message to the AMF, where the second message includes positioning capability information, and the second message is used to request access to the AMF;
接收该第二消息的响应消息,该响应消息包括该第一密钥。A response message of the second message is received, where the response message includes the first key.
可选地,该收发模块1210具体用于:Optionally, the transceiver module 1210 is specifically used for:
向该AMF发送第三消息,该第三消息用于请求更新跟踪区,且该第三消息包括该跟踪区标识;Sending a third message to the AMF, where the third message is used to request to update the tracking area, and the third message includes the tracking area identifier;
接收该第三消息的响应消息,该响应消息包括该第一密钥。A response message of the third message is received, where the response message includes the first key.
可选地,该收发模块1210,还用于从该AMF接收有效期限和指示信息中的一项或者多项,该有效期限用于指示该第一终端能够使用该第一密钥的时长阈值或能够使用该第一密钥的次数阈值,该指示信息用于指示该AMF在该第一终端所属的跟踪区是否支持辅助信息。Optionally, the transceiver module 1210 is further configured to receive one or more of an expiration date and indication information from the AMF, and the expiration date is used to indicate a time threshold or a time period during which the first terminal can use the first key. The threshold of the number of times the first key can be used, and the indication information is used to indicate whether the AMF supports auxiliary information in the tracking area to which the first terminal belongs.
可选地,该处理模块1220具体用于:Optionally, the processing module 1220 is specifically configured to:
根据该有效期限,确定该第一密钥是否失效;According to the validity period, determine whether the first key is invalid;
该收发模块1210,还用于在确定该第一密钥失效的情况下,向该AMF发送第六消息, 该第六消息用于请求更新密钥;The transceiver module 1210 is further configured to send a sixth message to the AMF when it is determined that the first key is invalid, where the sixth message is used to request to update the key;
该收发模块1210,还用于接收该第六消息的响应消息,该第六消息的响应消息包括第二密钥;The transceiver module 1210 is further configured to receive a response message of the sixth message, where the response message of the sixth message includes the second key;
该处理模块1220,还用于根据该第二密钥,解密该加密后的辅助信息。The processing module 1220 is also used to decrypt the encrypted auxiliary information according to the second key.
可选地,该处理模块1220具体用于:Optionally, the processing module 1220 is specifically configured to:
在确定该第一终端使用该第一密钥的时长大于该时长阈值的情况下,确定该第一密钥失效;或In the case where it is determined that the first terminal uses the first key for a duration greater than the duration threshold, determining that the first key is invalid; or
在确定该第一终端使用该第一密钥的次数大于该次数阈值的情况下,确定该第一密钥失效。In a case where it is determined that the number of times the first terminal uses the first key is greater than the number threshold, it is determined that the first key is invalid.
可选地,该收发模块1210,还用于在确定该第一密钥失效的情况下,从该AMF接收第二密钥;Optionally, the transceiver module 1210 is further configured to receive a second key from the AMF when it is determined that the first key is invalid;
该处理模块1220,还用于根据该第二密钥,解密从该AMF接收到的辅助信息。The processing module 1220 is also used to decrypt the auxiliary information received from the AMF according to the second key.
因此,本申请实施例的第一终端,向AMF发送用于指示该第一终端所属的跟踪区的跟踪区标识,该第一终端所属的跟踪区的跟踪区标识用于AMF确定用于保护辅助信息的第一密钥,该第一终端从该AMF获取该第一密钥,也就是说,本申请实施例能够为第一终端分配更加合适的密钥,并通过该第一密钥保护该第一终端的辅助信息,从而提高了辅助信息的安全性能。Therefore, the first terminal in the embodiment of the present application sends to AMF the tracking area identifier used to indicate the tracking area to which the first terminal belongs, and the tracking area identifier of the tracking area to which the first terminal belongs is used for AMF determination for protection assistance The first key of the information, the first terminal obtains the first key from the AMF, that is, the embodiment of the present application can allocate a more suitable key to the first terminal, and protect the first key through the first key The auxiliary information of the first terminal improves the security performance of the auxiliary information.
图13示出了本申请实施例提供的用于保护辅助信息的装置1300,该装置1300可以为图4中所述的终端。该装置可以采用如图13所示的硬件架构。该装置可以包括处理器1310和收发器1320,可选地,该装置还可以包括存储器1330,该处理器1310、收发器1320和存储器1330通过内部连接通路互相通信。图13中的处理模块1320所实现的相关功能可以由处理器1310来实现,收发模块1310所实现的相关功能可以由处理器1310控制收发器1320来实现。FIG. 13 shows an apparatus 1300 for protecting auxiliary information provided by an embodiment of the present application. The apparatus 1300 may be the terminal described in FIG. 4. The device can adopt the hardware architecture shown in FIG. 13. The device may include a processor 1310 and a transceiver 1320. Optionally, the device may also include a memory 1330. The processor 1310, the transceiver 1320 and the memory 1330 communicate with each other through an internal connection path. The relevant functions implemented by the processing module 1320 in FIG. 13 may be implemented by the processor 1310, and the relevant functions implemented by the transceiver module 1310 may be implemented by the processor 1310 controlling the transceiver 1320.
可选地,处理器1310可以是一个通用中央处理器(central processing unit,CPU),微处理器,特定应用集成电路(application-specific integrated circuit,ASIC),专用处理器,或一个或多个用于执行本申请实施例技术方案的集成电路。或者,处理器可以指一个或多个设备、电路、和/或用于处理数据(例如计算机程序指令)的处理核。例如可以是基带处理器、或中央处理器。基带处理器可以用于对通信协议以及通信数据进行处理,中央处理器可以用于对用于保护辅助信息的装置(如,基站、终端、或芯片等)进行控制,执行软件程序,处理软件程序的数据。Optionally, the processor 1310 may be a general-purpose central processing unit (central processing unit, CPU), a microprocessor, an application-specific integrated circuit (ASIC), a dedicated processor, or one or more It is an integrated circuit that implements the technical solutions of the embodiments of the present application. Alternatively, a processor may refer to one or more devices, circuits, and/or processing cores for processing data (for example, computer program instructions). For example, it can be a baseband processor or a central processing unit. The baseband processor can be used to process communication protocols and communication data, and the central processor can be used to control devices (such as base stations, terminals, or chips) used to protect auxiliary information, execute software programs, and process software programs The data.
可选地,该处理器1310可以包括是一个或多个处理器,例如包括一个或多个中央处理单元(central processing unit,CPU),在处理器是一个CPU的情况下,该CPU可以是单核CPU,也可以是多核CPU。Optionally, the processor 1310 may include one or more processors, such as one or more central processing units (CPU). In the case where the processor is a CPU, the CPU may be a single processor. The core CPU can also be a multi-core CPU.
该收发器1320用于发送和接收数据和/或信号,以及接收数据和/或信号。该收发器可以包括发射器和接收器,发射器用于发送数据和/或信号,接收器用于接收数据和/或信号。The transceiver 1320 is used to send and receive data and/or signals, and to receive data and/or signals. The transceiver may include a transmitter and a receiver, the transmitter is used to send data and/or signals, and the receiver is used to receive data and/or signals.
该存储器1330包括但不限于是随机存取存储器(random access memory,RAM)、只读存储器(read-only memory,ROM)、可擦除可编程存储器(erasable programmable read only memory,EPROM)、只读光盘(compact disc read-only memory,CD-ROM),该存储器1330用于存储相关指令及数据。The memory 1330 includes, but is not limited to, random access memory (RAM), read-only memory (ROM), erasable programmable memory (erasable read only memory, EPROM), read-only memory A compact disc (read-only memory, CD-ROM), the memory 1330 is used to store related instructions and data.
存储器1330用于存储终端的程序代码和数据,可以为单独的器件或集成在处理器1310中。The memory 1330 is used to store program codes and data of the terminal, and may be a separate device or integrated in the processor 1310.
具体地,所述处理器1310用于控制收发器与终端进行信息传输。具体可参见方法实施例中的描述,在此不再赘述。Specifically, the processor 1310 is configured to control the transceiver to perform information transmission with the terminal. For details, please refer to the description in the method embodiment, which will not be repeated here.
在具体实现中,作为一种实施例,装置1300还可以包括输出设备和输入设备。输出设备和处理器1310通信,可以以多种方式来显示信息。例如,输出设备可以是液晶显示器(liquid crystal display,LCD),发光二级管(light emitting diode,LED)显示设备,阴极射线管(cathode ray tube,CRT)显示设备,或投影仪(projector)等。输入设备和处理器601通信,可以以多种方式接收用户的输入。例如,输入设备可以是鼠标、键盘、触摸屏设备或传感设备等。In a specific implementation, as an embodiment, the apparatus 1300 may further include an output device and an input device. The output device communicates with the processor 1310 and can display information in a variety of ways. For example, the output device may be a liquid crystal display (LCD), a light emitting diode (LED) display device, a cathode ray tube (CRT) display device, or a projector, etc. . The input device communicates with the processor 601 and can receive user input in various ways. For example, the input device may be a mouse, a keyboard, a touch screen device, or a sensor device.
可以理解的是,图13仅仅示出了用于保护辅助信息的装置的简化设计。在实际应用中,该装置还可以分别包含必要的其他元件,包含但不限于任意数量的收发器、处理器、控制器、存储器等,而所有可以实现本申请的终端都在本申请的保护范围之内。It is understandable that FIG. 13 only shows a simplified design of the device for protecting auxiliary information. In practical applications, the device may also contain other necessary components, including but not limited to any number of transceivers, processors, controllers, memories, etc., and all terminals that can implement this application are within the protection scope of this application. within.
在一种可能的设计中,该装置1300可以是芯片,例如可以为可用于终端中的通信芯片,用于实现终端中处理器1310的相关功能。该芯片可以为实现相关功能的现场可编程门阵列,专用集成芯片,***芯片,中央处理器,网络处理器,数字信号处理电路,微控制器,还可以采用可编程控制器或其他集成芯片。该芯片中,可选的可以包括一个或多个存储器,用于存储程序代码,当所述代码被执行时,使得处理器实现相应的功能。In a possible design, the device 1300 may be a chip, for example, a communication chip that can be used in a terminal to implement related functions of the processor 1310 in the terminal. The chip can be a field programmable gate array, a dedicated integrated chip, a system chip, a central processing unit, a network processor, a digital signal processing circuit, a microcontroller, and a programmable controller or other integrated chips for realizing related functions. The chip may optionally include one or more memories for storing program codes. When the codes are executed, the processor realizes corresponding functions.
本申请实施例还提供一种装置,该装置可以是终端也可以是电路。该装置可以用于执行上述方法实施例中由终端所执行的动作。The embodiment of the present application also provides a device, which may be a terminal or a circuit. The device can be used to perform the actions performed by the terminal in the foregoing method embodiments.
图14示出了本申请实施例的用于保护辅助信息的装置1400的示意性框图。FIG. 14 shows a schematic block diagram of an apparatus 1400 for protecting auxiliary information according to an embodiment of the present application.
应理解,该装置1400可以对应于图4所示的实施例中的LMF,可以具有方法中的LMF的任意功能。该装置1400,包括处理模块1410和收发模块1420。It should be understood that the device 1400 may correspond to the LMF in the embodiment shown in FIG. 4, and may have any function of the LMF in the method. The device 1400 includes a processing module 1410 and a transceiver module 1420.
该处理模块1410,用于确定第一消息,该第一消息包括LMF支持的多个密钥,以及该多个密钥分别对应的跟踪区;The processing module 1410 is configured to determine a first message. The first message includes multiple keys supported by the LMF and tracking areas corresponding to the multiple keys respectively;
该收发模块1420,用于向接入与移动性管理功能网元AMF发送该第一消息。The transceiver module 1420 is configured to send the first message to the access and mobility management function network element AMF.
可选地,该第一消息还包括该多个密钥分别对应的定位方式。Optionally, the first message further includes the positioning modes respectively corresponding to the multiple keys.
可选地,该处理模块1410,还用于生成至少一个辅助信息;Optionally, the processing module 1410 is further configured to generate at least one auxiliary information;
该收发模块1410,还用于发送第四消息,该第四消息包括至少一个区域列表和至少一个辅助信息的第三映射关系。The transceiver module 1410 is further configured to send a fourth message, the fourth message including a third mapping relationship between at least one area list and at least one auxiliary information.
可选地,该第四消息还包括多个定位方式和该至少一个辅助信息的第四映射关系。Optionally, the fourth message further includes a fourth mapping relationship between multiple positioning modes and the at least one auxiliary information.
可选地,该处理模块1420具体用于:Optionally, the processing module 1420 is specifically configured to:
根据该至少一个辅助信息中的第二辅助信息和该第三映射关系,确定该第二辅助信息对应的第一区域列表;Determine the first area list corresponding to the second auxiliary information according to the second auxiliary information in the at least one auxiliary information and the third mapping relationship;
根据该第一区域列表,确定该第一区域列表对应的第一密钥;Determine the first key corresponding to the first area list according to the first area list;
通过该第一密钥对该第二辅助信息进行加密生成该第一辅助信息。Encrypting the second auxiliary information by the first key generates the first auxiliary information.
可选地,该处理模块1420具体用于:Optionally, the processing module 1420 is specifically configured to:
根据该至少一个辅助信息中的第二辅助信息和该第三映射关系,确定该第二辅助信息对应的第一区域列表;Determine the first area list corresponding to the second auxiliary information according to the second auxiliary information in the at least one auxiliary information and the third mapping relationship;
根据该第二辅助信息和该第四映射关系,确定该第二辅助信息对应的第一定位方式;Determine the first positioning mode corresponding to the second auxiliary information according to the second auxiliary information and the fourth mapping relationship;
根据该第一区域列表和该第一定位方式,确定第一密钥;Determine a first key according to the first area list and the first positioning mode;
通过该第一密钥对该第二辅助信息进行加密生成该第一辅助信息。Encrypting the second auxiliary information by the first key generates the first auxiliary information.
图15示出了本申请实施例提供的用于保护辅助信息的装置1500,该装置1500可以为图4中所述的终端。该装置可以采用如图15所示的硬件架构。该装置可以包括处理器1510和收发器1520,可选地,该装置还可以包括存储器1530,该处理器1510、收发器1520和存储器1530通过内部连接通路互相通信。图15中的处理模块1520所实现的相关功能可以由处理器1510来实现,收发模块1510所实现的相关功能可以由处理器1510控制收发器1520来实现。FIG. 15 shows a device 1500 for protecting auxiliary information provided by an embodiment of the present application. The device 1500 may be the terminal described in FIG. 4. The device can adopt the hardware architecture shown in FIG. 15. The device may include a processor 1510 and a transceiver 1520. Optionally, the device may also include a memory 1530. The processor 1510, the transceiver 1520, and the memory 1530 communicate with each other through an internal connection path. The related functions implemented by the processing module 1520 in FIG. 15 may be implemented by the processor 1510, and the related functions implemented by the transceiver module 1510 may be implemented by the processor 1510 controlling the transceiver 1520.
可选地,处理器1510可以是一个通用中央处理器(central processing unit,CPU),微处理器,特定应用集成电路(application-specific integrated circuit,ASIC),专用处理器,或一个或多个用于执行本申请实施例技术方案的集成电路。或者,处理器可以指一个或多个设备、电路、和/或用于处理数据(例如计算机程序指令)的处理核。例如可以是基带处理器、或中央处理器。基带处理器可以用于对通信协议以及通信数据进行处理,中央处理器可以用于对用于保护辅助信息的装置(如,基站、终端、或芯片等)进行控制,执行软件程序,处理软件程序的数据。Optionally, the processor 1510 may be a general-purpose central processing unit (central processing unit, CPU), a microprocessor, an application-specific integrated circuit (ASIC), a dedicated processor, or one or more It is an integrated circuit that implements the technical solutions of the embodiments of the present application. Alternatively, a processor may refer to one or more devices, circuits, and/or processing cores for processing data (for example, computer program instructions). For example, it can be a baseband processor or a central processing unit. The baseband processor can be used to process communication protocols and communication data, and the central processor can be used to control devices (such as base stations, terminals, or chips) used to protect auxiliary information, execute software programs, and process software programs The data.
可选地,该处理器1510可以包括是一个或多个处理器,例如包括一个或多个中央处理单元(central processing unit,CPU),在处理器是一个CPU的情况下,该CPU可以是单核CPU,也可以是多核CPU。Optionally, the processor 1510 may include one or more processors, such as one or more central processing units (CPU). In the case where the processor is a CPU, the CPU may be a single processor. The core CPU can also be a multi-core CPU.
该收发器1520用于发送和接收数据和/或信号,以及接收数据和/或信号。该收发器可以包括发射器和接收器,发射器用于发送数据和/或信号,接收器用于接收数据和/或信号。The transceiver 1520 is used to send and receive data and/or signals, and to receive data and/or signals. The transceiver may include a transmitter and a receiver, the transmitter is used to send data and/or signals, and the receiver is used to receive data and/or signals.
该存储器1530包括但不限于是随机存取存储器(random access memory,RAM)、只读存储器(read-only memory,ROM)、可擦除可编程存储器(erasable programmable read only memory,EPROM)、只读光盘(compact disc read-only memory,CD-ROM),该存储器1530用于存储相关指令及数据。The memory 1530 includes but is not limited to random access memory (RAM), read-only memory (ROM), erasable programmable memory (erasable read only memory, EPROM), read-only memory A compact disc (read-only memory, CD-ROM), the memory 1530 is used to store related instructions and data.
存储器1530用于存储终端的程序代码和数据,可以为单独的器件或集成在处理器1510中。The memory 1530 is used to store program codes and data of the terminal, and may be a separate device or integrated in the processor 1510.
具体地,所述处理器1510用于控制收发器与终端进行信息传输。具体可参见方法实施例中的描述,在此不再赘述。Specifically, the processor 1510 is configured to control the transceiver and the terminal to perform information transmission. For details, please refer to the description in the method embodiment, which will not be repeated here.
在具体实现中,作为一种实施例,装置1500还可以包括输出设备和输入设备。输出设备和处理器1510通信,可以以多种方式来显示信息。例如,输出设备可以是液晶显示器(liquid crystal display,LCD),发光二级管(light emitting diode,LED)显示设备,阴极射线管(cathode ray tube,CRT)显示设备,或投影仪(projector)等。输入设备和处理器601通信,可以以多种方式接收用户的输入。例如,输入设备可以是鼠标、键盘、触摸屏设备或传感设备等。In a specific implementation, as an embodiment, the apparatus 1500 may further include an output device and an input device. The output device communicates with the processor 1510 and can display information in a variety of ways. For example, the output device may be a liquid crystal display (LCD), a light emitting diode (LED) display device, a cathode ray tube (CRT) display device, or a projector, etc. . The input device communicates with the processor 601 and can receive user input in various ways. For example, the input device may be a mouse, a keyboard, a touch screen device, or a sensor device.
可以理解的是,图15仅仅示出了用于保护辅助信息的装置的简化设计。在实际应用中,该装置还可以分别包含必要的其他元件,包含但不限于任意数量的收发器、处理器、控制器、存储器等,而所有可以实现本申请的终端都在本申请的保护范围之内。It is understandable that FIG. 15 only shows a simplified design of the device for protecting auxiliary information. In practical applications, the device may also contain other necessary components, including but not limited to any number of transceivers, processors, controllers, memories, etc., and all terminals that can implement this application are within the protection scope of this application. within.
在一种可能的设计中,该装置1500可以是芯片,例如可以为可用于终端中的通信芯 片,用于实现终端中处理器1510的相关功能。该芯片可以为实现相关功能的现场可编程门阵列,专用集成芯片,***芯片,中央处理器,网络处理器,数字信号处理电路,微控制器,还可以采用可编程控制器或其他集成芯片。该芯片中,可选的可以包括一个或多个存储器,用于存储程序代码,当所述代码被执行时,使得处理器实现相应的功能。In a possible design, the device 1500 may be a chip, for example, a communication chip that can be used in a terminal to implement related functions of the processor 1510 in the terminal. The chip can be a field programmable gate array, a dedicated integrated chip, a system chip, a central processing unit, a network processor, a digital signal processing circuit, a microcontroller, and a programmable controller or other integrated chips for realizing related functions. The chip may optionally include one or more memories for storing program codes. When the codes are executed, the processor realizes corresponding functions.
本申请实施例还提供一种装置,该装置可以是终端也可以是电路。该装置可以用于执行上述方法实施例中由终端所执行的动作。The embodiment of the present application also provides a device, which may be a terminal or a circuit. The device can be used to perform the actions performed by the terminal in the foregoing method embodiments.
可选地,本实施例中的装置为终端时,图16示出了一种简化的终端的结构示意图。便于理解和图示方便,图16中,终端以手机作为例子。如图16所示,终端包括处理器、存储器、射频电路、天线以及输入输出装置。处理器主要用于对通信协议以及通信数据进行处理,以及对终端进行控制,执行软件程序,处理软件程序的数据等。存储器主要用于存储软件程序和数据。射频电路主要用于基带信号与射频信号的转换以及对射频信号的处理。天线主要用于收发电磁波形式的射频信号。输入输出装置,例如触摸屏、显示屏,键盘等主要用于接收用户输入的数据以及对用户输出数据。需要说明的是,有些种类的终端可以不具有输入输出装置。Optionally, when the device in this embodiment is a terminal, FIG. 16 shows a simplified structural diagram of a terminal. It is easy to understand and easy to illustrate. In Figure 16, the terminal uses a mobile phone as an example. As shown in Figure 16, the terminal includes a processor, a memory, a radio frequency circuit, an antenna, and an input and output device. The processor is mainly used to process the communication protocol and communication data, control the terminal, execute the software program, and process the data of the software program. The memory is mainly used to store software programs and data. The radio frequency circuit is mainly used for the conversion of baseband signal and radio frequency signal and the processing of radio frequency signal. The antenna is mainly used to send and receive radio frequency signals in the form of electromagnetic waves. Input and output devices, such as touch screens, display screens, and keyboards, are mainly used to receive data input by users and output data to users. It should be noted that some types of terminals may not have input and output devices.
当需要发送数据时,处理器对待发送的数据进行基带处理后,输出基带信号至射频电路,射频电路将基带信号进行射频处理后将射频信号通过天线以电磁波的形式向外发送。当有数据发送到终端时,射频电路通过天线接收到射频信号,将射频信号转换为基带信号,并将基带信号输出至处理器,处理器将基带信号转换为数据并对该数据进行处理。为便于说明,图16中仅示出了一个存储器和处理器。在实际的终端产品中,可以存在一个或多个处理器和一个或多个存储器。存储器也可以称为存储介质或者存储设备等。存储器可以是独立于处理器设置,也可以是与处理器集成在一起,本申请实施例对此不做限制。When data needs to be sent, the processor performs baseband processing on the data to be sent, and outputs the baseband signal to the radio frequency circuit. The radio frequency circuit performs radio frequency processing on the baseband signal and sends the radio frequency signal to the outside in the form of electromagnetic waves through the antenna. When data is sent to the terminal, the radio frequency circuit receives the radio frequency signal through the antenna, converts the radio frequency signal into a baseband signal, and outputs the baseband signal to the processor, and the processor converts the baseband signal into data and processes the data. For ease of description, only one memory and processor are shown in FIG. 16. In actual end products, there may be one or more processors and one or more memories. The memory may also be referred to as a storage medium or storage device. The memory may be set independently of the processor, or may be integrated with the processor, which is not limited in the embodiment of the present application.
在本申请实施例中,可以将具有收发功能的天线和射频电路视为终端的收发单元,将具有处理功能的处理器视为终端的处理单元。如图16所示,终端包括收发单元1610和处理单元1620。收发单元也可以称为收发器、收发机、收发装置等。处理单元也可以称为处理器,处理单板,处理模块、处理装置等。可选的,可以将收发单元1610中用于实现接收功能的器件视为接收单元,将收发单元1610中用于实现发送功能的器件视为发送单元,即收发单元1610包括接收单元和发送单元。收发单元有时也可以称为收发机、收发器、或收发电路等。接收单元有时也可以称为接收机、接收器、或接收电路等。发送单元有时也可以称为发射机、发射器或者发射电路等。In the embodiments of the present application, the antenna and radio frequency circuit with the transceiver function may be regarded as the transceiver unit of the terminal, and the processor with the processing function may be regarded as the processing unit of the terminal. As shown in FIG. 16, the terminal includes a transceiver unit 1610 and a processing unit 1620. The transceiver unit may also be referred to as a transceiver, a transceiver, a transceiver, and so on. The processing unit may also be called a processor, a processing board, a processing module, a processing device, and so on. Optionally, the device for implementing the receiving function in the transceiver unit 1610 can be regarded as the receiving unit, and the device for implementing the sending function in the transceiver unit 1610 as the sending unit, that is, the transceiver unit 1610 includes a receiving unit and a sending unit. The transceiver unit may sometimes be called a transceiver, a transceiver, or a transceiver circuit. The receiving unit may sometimes be called a receiver, receiver, or receiving circuit. The transmitting unit may sometimes be called a transmitter, a transmitter, or a transmitting circuit.
应理解,收发单元1610用于执行上述方法实施例中终端侧的发送操作和接收操作,处理单元1620用于执行上述方法实施例中终端上除了收发操作之外的其他操作。It should be understood that the transceiving unit 1610 is used to perform the sending and receiving operations on the terminal side in the foregoing method embodiment, and the processing unit 1620 is used to perform other operations on the terminal in addition to the transceiving operation in the foregoing method embodiment.
例如,在一种实现方式中,处理单元1620用于执行图4中的步骤402和步骤403中的操作,和/或处理单元1620还用于执行本申请实施例中终端侧的其他处理步骤。收发单元1610,用于执行图4中的步骤401和/或步骤404中的收发操作,和/或收发单元1610还用于执行本申请实施例中终端侧的其他收发步骤。For example, in an implementation manner, the processing unit 1620 is configured to perform the operations in step 402 and step 403 in FIG. 4, and/or the processing unit 1620 is further configured to perform other processing steps on the terminal side in the embodiment of the present application. The transceiving unit 1610 is configured to perform the transceiving operations in step 401 and/or step 404 in FIG. 4, and/or the transceiving unit 1610 is further configured to perform other transceiving steps on the terminal side in the embodiment of the present application.
当该用于保护辅助信息的装置为芯片时,该芯片包括收发单元和处理单元。其中,收发单元可以是输入输出电路、通信接口;处理单元为该芯片上集成的处理器或者微处理器或者集成电路。When the device for protecting auxiliary information is a chip, the chip includes a transceiver unit and a processing unit. Among them, the transceiver unit may be an input/output circuit or a communication interface; the processing unit is a processor or microprocessor or integrated circuit integrated on the chip.
可选地,该装置为终端时,还可以参照图17所示的设备。作为一个例子,该设备可 以完成类似于图16中处理器1610的功能。在图17中,该设备包括处理器1701,发送数据处理器1703,接收数据处理器1705。上述实施例中的处理模块1220可以是图17中的该处理器1701,并完成相应的功能。上述实施例中的收发模块1210可以是图17中的发送数据处理器1703和接收数据处理器1705。虽然图17中示出了信道编码器、信道解码器,但是可以理解这些模块并不对本实施例构成限制性说明,仅是示意性的。Optionally, when the device is a terminal, the device shown in FIG. 17 can also be referred to. As an example, the device can perform functions similar to the processor 1610 in Fig. 16. In FIG. 17, the device includes a processor 1701, a data sending processor 1703, and a data receiving processor 1705. The processing module 1220 in the foregoing embodiment may be the processor 1701 in FIG. 17, and completes corresponding functions. The transceiver module 1210 in the foregoing embodiment may be the sending data processor 1703 and the receiving data processor 1705 in FIG. 17. Although the channel encoder and the channel decoder are shown in FIG. 17, it can be understood that these modules do not constitute a restrictive description of this embodiment, and are merely illustrative.
图18示出本实施例的另一种形式。处理装置1800中包括调制子***、中央处理子***、周边子***等模块。本实施例中的通信设备可以作为其中的调制子***。具体的,该调制子***可以包括处理器1803,接口1804。其中处理器1803完成上述处理模块1220的功能,接口1804完成上述收发模块1210的功能。作为另一种变形,该调制子***包括存储器1806、处理器1803及存储在存储器上并可在处理器上运行的程序,所述处理器执行所述程序时实现实施例一至五之一所述方法。需要注意的是,所述存储器1806可以是非易失性的,也可以是易失性的,其位置可以位于调制子***内部,也可以位于处理装置1800中,只要该存储器1806可以连接到所述处理器1803即可。Fig. 18 shows another form of this embodiment. The processing device 1800 includes modules such as a modulation subsystem, a central processing subsystem, and a peripheral subsystem. The communication device in this embodiment can be used as the modulation subsystem therein. Specifically, the modulation subsystem may include a processor 1803 and an interface 1804. The processor 1803 completes the function of the aforementioned processing module 1220, and the interface 1804 completes the function of the aforementioned transceiver module 1210. As another variation, the modulation subsystem includes a memory 1806, a processor 1803, and a program stored in the memory and capable of running on the processor. When the processor executes the program, the program described in the first to fifth embodiments is implemented. method. It should be noted that the memory 1806 can be nonvolatile or volatile, and its location can be located inside the modulation subsystem or in the processing device 1800, as long as the memory 1806 can be connected to the The processor 1803 is fine.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。A person of ordinary skill in the art may be aware that the units and algorithm steps of the examples described in combination with the embodiments disclosed herein can be implemented by electronic hardware or a combination of computer software and electronic hardware. Whether these functions are executed by hardware or software depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的***、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and conciseness of description, the specific working process of the above-described system, device, and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.
在本申请所提供的几个实施例中,应该理解到,所揭露的***、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个***,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed system, device, and method may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or It can be integrated into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。In addition, the functional units in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者接入网设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(read-only memory,ROM)、随机存取存储器(random access memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。If the function is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium. Based on this understanding, the technical solution of this application essentially or the part that contributes to the existing technology or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or an access network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic disk or optical disk and other media that can store program code .
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。The above are only specific implementations of this application, but the protection scope of this application is not limited to this. Any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed in this application. Should be covered within the scope of protection of this application. Therefore, the protection scope of this application should be subject to the protection scope of the claims.

Claims (32)

  1. 一种用于保护辅助信息的方法,其特征在于,包括:A method for protecting auxiliary information, characterized in that it comprises:
    接入与移动性管理功能网元接收第一终端所属的跟踪区标识,所述跟踪区标识用于指示第一终端所属的跟踪区;The access and mobility management function network element receives the tracking area identifier to which the first terminal belongs, where the tracking area identifier is used to indicate the tracking area to which the first terminal belongs;
    所述移动性管理功能网元根据所述第一终端所属的跟踪区,确定为所述第一终端分配的第一密钥,所述第一密钥用于保护辅助信息;Determining, by the mobility management function network element, a first key assigned to the first terminal according to the tracking area to which the first terminal belongs, where the first key is used to protect auxiliary information;
    所述移动性管理功能网元向所述第一终端发送所述第一密钥。The mobility management function network element sends the first key to the first terminal.
  2. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1, wherein the method further comprises:
    所述移动性管理功能网元获取所述第一终端的定位方式;Acquiring, by the mobility management function network element, the positioning mode of the first terminal;
    其中,所述移动性管理功能网元根据所述第一终端所属的跟踪区,确定为所述第一终端分配的第一密钥包括:Wherein, the mobility management function network element determines that the first key assigned to the first terminal according to the tracking area to which the first terminal belongs includes:
    所述移动性管理功能网元根据所述第一终端的定位方式和所述第一终端所属的跟踪区,确定所述第一密钥。The mobility management function network element determines the first key according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs.
  3. 根据权利要求2所述的方法,其特征在于,所述方法还包括:The method of claim 2, wherein the method further comprises:
    所述移动性管理功能网元从位置管理功能网元接收第一消息,所述第一消息包括所述位置管理功能网元支持的多个密钥,以及所述多个密钥中的每个密钥对应的定位方式和跟踪区;The mobility management function network element receives a first message from the location management function network element, the first message includes a plurality of keys supported by the location management function network element, and each of the plurality of keys The location method and tracking area corresponding to the key;
    其中,所述移动性管理功能网元根据所述第一终端的定位方式和所述第一终端所属的跟踪区,确定为所述第一终端分配的第一密钥包括:Wherein, the mobility management function network element determines that the first key assigned to the first terminal according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs includes:
    所述移动性管理功能网元根据所述第一终端的定位方式和所述第一终端所属的跟踪区,从所述位置管理功能网元支持的多个密钥中确定所述第一密钥。The mobility management function network element determines the first key from a plurality of keys supported by the location management function network element according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs .
  4. 根据权利要求1至3中任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 3, wherein the method further comprises:
    所述移动性管理功能网元向所述第一终端发送有效期限、指示信息中的一项或者多项,所述有效期限用于指示所述第一终端能够使用所述第一密钥的时长阈值或能够使用所述第一密钥的次数阈值,所述指示信息用于指示所述移动性管理功能网元在所述第一终端所属的跟踪区是否支持辅助信息。The mobility management function network element sends one or more of an expiration date and indication information to the first terminal, where the expiration date is used to indicate the length of time during which the first terminal can use the first key The threshold or the threshold of the number of times the first key can be used, and the indication information is used to indicate whether the mobility management function network element supports auxiliary information in the tracking area to which the first terminal belongs.
  5. 根据权利要求1至4中任一项所述的方法,其特征在于,在所述移动性管理功能网元向所述第一终端发送所述第一密钥之前,所述方法还包括:The method according to any one of claims 1 to 4, characterized in that, before the mobility management function network element sends the first key to the first terminal, the method further comprises:
    所述移动性管理功能网元从统一数据管理网元中获取辅助信息设置,所述辅助信息设置用于指示所述第一终端是否签约辅助信息;The mobility management function network element obtains auxiliary information settings from a unified data management network element, and the auxiliary information settings are used to indicate whether the first terminal signs up for auxiliary information;
    所述移动性管理功能网元在所述辅助信息设置指示所述第一终端签约辅助信息的情况下,确定向所述第一终端发送所述第一密钥。The mobility management function network element determines to send the first key to the first terminal when the auxiliary information setting indicates that the first terminal subscribes to the auxiliary information.
  6. 根据权利要求1至5中任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 5, wherein the method further comprises:
    所述移动性管理功能网元接收来自位置管理功能网元的第四消息,所述第四消息包括至少一个区域列表和至少一个辅助信息的第三映射关系;The mobility management function network element receives a fourth message from the location management function network element, where the fourth message includes a third mapping relationship between at least one area list and at least one auxiliary information;
    所述移动性管理功能网元根据所述第三映射关系,确定所述至少一个区域列表中的第一区域列表对应的第一辅助信息;Determining, by the mobility management function network element, the first auxiliary information corresponding to the first area list in the at least one area list according to the third mapping relationship;
    所述移动性管理功能网元通过所述第一区域列表对应的接入网设备发送所述第一辅助信息。The mobility management function network element sends the first auxiliary information through the access network device corresponding to the first area list.
  7. 根据权利要求1至6中任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 6, wherein the method further comprises:
    当第一终端的第一密钥失效时,所述移动性管理功能网元获取第二密钥;When the first key of the first terminal becomes invalid, the mobility management function network element obtains the second key;
    所述移动性管理功能网元向所述第一终端发送所述第二密钥。The mobility management function network element sends the second key to the first terminal.
  8. 根据权利要求7所述的方法,其特征在于,所述方法还包括:The method according to claim 7, wherein the method further comprises:
    所述移动性管理功能网元接收第五消息,所述第五消息用于请求所述第一终端的位置信息;Receiving, by the mobility management function network element, a fifth message, where the fifth message is used to request the location information of the first terminal;
    其中,所述移动性管理功能网元向所述第一终端发送所述第二密钥包括:Wherein, the sending of the second key by the mobility management function network element to the first terminal includes:
    所述移动性管理功能网元根据所述第五消息,向所述第一终端发送所述第二密钥。The mobility management function network element sends the second key to the first terminal according to the fifth message.
  9. 根据权利要求8所述的方法,其特征在于,所述方法还包括:The method according to claim 8, wherein the method further comprises:
    所述移动性管理功能网元接收来自所述第一终端的第六消息,所述第六消息用于请求更新密钥;The mobility management function network element receives a sixth message from the first terminal, where the sixth message is used to request to update a key;
    其中,所述移动性管理功能网元向所述第一终端发送所述第二密钥包括:Wherein, the sending of the second key by the mobility management function network element to the first terminal includes:
    所述移动性管理功能网元根据所述第六消息,向所述第一终端发送所述第二密钥。The mobility management function network element sends the second key to the first terminal according to the sixth message.
  10. 一种用于保护辅助信息的方法,其特征在于,包括:A method for protecting auxiliary information, characterized in that it comprises:
    位置管理功能网元确定第一消息,所述第一消息包括所述位置管理功能网元支持的多个密钥,以及所述多个密钥分别对应的跟踪区;The location management function network element determines a first message, where the first message includes multiple keys supported by the location management function network element and tracking areas corresponding to the multiple keys respectively;
    所述位置管理功能网元向接入与移动性管理功能网元发送所述第一消息。The location management function network element sends the first message to the access and mobility management function network element.
  11. 根据权利要求10所述的方法,其特征在于,所述方法还包括:The method according to claim 10, wherein the method further comprises:
    所述位置管理功能网元生成至少一个辅助信息;The location management function network element generates at least one auxiliary information;
    所述位置管理功能网元发送第四消息,所述第四消息包括至少一个区域列表和至少一个辅助信息的第三映射关系。The location management function network element sends a fourth message, where the fourth message includes a third mapping relationship between at least one area list and at least one auxiliary information.
  12. 一种用于保护定位辅助信息的方法,其特征在于,包括:A method for protecting positioning assistance information, characterized in that it comprises:
    第一终端向接入与移动性管理功能网元发送跟踪区标识,所述跟踪区标识用于指示所述第一终端所属的跟踪区;The first terminal sends a tracking area identifier to the access and mobility management function network element, where the tracking area identifier is used to indicate the tracking area to which the first terminal belongs;
    所述第一终端接收第一密钥,所述第一密钥是由所述移动性管理功能网元根据所述第一终端所属的跟踪区确定的,且所述第一密钥用于保护辅助信息。The first terminal receives a first key, the first key is determined by the mobility management function network element according to the tracking area to which the first terminal belongs, and the first key is used to protect Supplementary information.
  13. 根据权利要求12所述的方法,其特征在于,所述方法还包括:The method of claim 12, wherein the method further comprises:
    所述第一终端接收加密后的辅助信息;Receiving the encrypted auxiliary information by the first terminal;
    所述第一终端根据所述第一密钥,解密所述加密后的辅助信息。The first terminal decrypts the encrypted auxiliary information according to the first key.
  14. 一种传输辅助信息的方法,其特征在于,包括:A method for transmitting auxiliary information, characterized in that it comprises:
    移动性管理功能网元获取第一消息,所述第一消息包括至少一个区域列表和至少一个辅助信息的第一映射关系;The mobility management function network element acquires a first message, where the first message includes a first mapping relationship between at least one area list and at least one auxiliary information;
    所述移动性管理功能网元根据所述第一映射关系,确定所述至少一个区域列表中的第一区域列表对应的第一辅助信息;Determining, by the mobility management function network element, the first auxiliary information corresponding to the first area list in the at least one area list according to the first mapping relationship;
    所述移动性管理功能网元通过所述第一区域列表对应的接入网设备发送所述第一辅助信息。The mobility management function network element sends the first auxiliary information through the access network device corresponding to the first area list.
  15. 一种传输辅助信息的方法,其特征在于,包括:A method for transmitting auxiliary information, characterized in that it comprises:
    位置管理功能网元生成至少一个辅助信息;The location management function network element generates at least one auxiliary information;
    所述位置管理功能网元发送第一消息,所述第一消息包括至少一个区域列表和至少一个辅助信息的第一映射关系,所述至少一个区域列表中的每个区域列表对应所述移动性管理功能网元管理的多个接入网设备中的部分接入网设备。The location management function network element sends a first message, the first message includes a first mapping relationship between at least one area list and at least one auxiliary information, and each area list in the at least one area list corresponds to the mobility Some of the multiple access network devices managed by the management function network element.
  16. 一种用于保护辅助信息的装置,其特征在于,包括:A device for protecting auxiliary information, characterized in that it comprises:
    收发模块,用于接收第一终端所属的跟踪区标识,所述跟踪区标识用于指示第一终端所属的跟踪区;A transceiver module, configured to receive a tracking area identifier to which the first terminal belongs, where the tracking area identifier is used to indicate the tracking area to which the first terminal belongs;
    处理模块,用于根据所述第一终端所属的跟踪区,确定为所述第一终端分配的第一密钥,所述第一密钥用于保护辅助信息;A processing module, configured to determine a first key assigned to the first terminal according to the tracking area to which the first terminal belongs, where the first key is used to protect auxiliary information;
    所述收发模块,还用于向所述第一终端发送所述第一密钥。The transceiver module is further configured to send the first key to the first terminal.
  17. 根据权利要求16所述的装置,其特征在于,所述收发模块,还用于获取所述第一终端的定位方式;The device according to claim 16, wherein the transceiver module is further configured to obtain a positioning mode of the first terminal;
    所述处理模块具体用于:The processing module is specifically used for:
    根据所述第一终端的定位方式和所述第一终端所属的跟踪区,确定所述第一密钥。The first key is determined according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs.
  18. 根据权利要求17所述的装置,其特征在于,所述收发模块,还用于从位置管理功能网元接收第一消息,所述第一消息包括所述位置管理功能网元支持的多个密钥,以及所述多个密钥中的每个密钥对应的定位方式和跟踪区;The device according to claim 17, wherein the transceiver module is further configured to receive a first message from a location management function network element, and the first message includes multiple secrets supported by the location management function network element. Key, and the positioning mode and tracking area corresponding to each key in the plurality of keys;
    所述处理模块具体用于:The processing module is specifically used for:
    根据所述第一终端的定位方式和所述第一终端所属的跟踪区,从所述位置管理功能网元支持的多个密钥中确定所述第一密钥。The first key is determined from multiple keys supported by the location management function network element according to the positioning mode of the first terminal and the tracking area to which the first terminal belongs.
  19. 根据权利要求16至18中任一项所述的装置,其特征在于,所述收发模块,还用于向所述第一终端发送有效期限、指示信息中的一项或者多项,所述有效期限用于指示所述第一终端能够使用所述第一密钥的时长阈值或能够使用所述第一密钥的次数阈值,所述指示信息用于指示所述移动性管理功能网元在所述第一终端所属的跟踪区是否支持辅助信息。The device according to any one of claims 16 to 18, wherein the transceiver module is further configured to send one or more of an expiration date and indication information to the first terminal, and the effective The time limit is used to indicate the time threshold for the first terminal to be able to use the first key or the threshold for the number of times the first key can be used, and the indication information is used to indicate that the mobility management function network element is in place. Whether the tracking area to which the first terminal belongs supports auxiliary information.
  20. 根据权利要求16至19中任一项所述的装置,其特征在于,在所述移动性管理功能网元向所述第一终端发送所述第一密钥之前,所述收发模块,还用于从统一数据管理网元中获取所述辅助信息设置,所述辅助信息设置用于指示所述第一终端是否签约辅助信息;The apparatus according to any one of claims 16 to 19, wherein before the mobility management function network element sends the first key to the first terminal, the transceiver module further uses Acquiring the auxiliary information setting from a unified data management network element, where the auxiliary information setting is used to indicate whether the first terminal subscribes to the auxiliary information;
    所述处理模块,还用于在所述辅助信息设置指示所述第一终端签约辅助信息的情况下,确定向所述第一终端发送所述第一密钥。The processing module is further configured to determine to send the first key to the first terminal when the auxiliary information setting indicates that the first terminal subscribes to the auxiliary information.
  21. 根据权利要求16至20中任一项所述的装置,其特征在于,所述收发模块,还用于接收第四消息,所述第四消息包括至少一个区域列表和至少一个辅助信息的第三映射关系;The apparatus according to any one of claims 16 to 20, wherein the transceiver module is further configured to receive a fourth message, the fourth message including at least one area list and at least one third of auxiliary information Mapping relations;
    所述处理模块,还用于根据所述第三映射关系,确定所述至少一个区域列表中的第一区域列表对应的第一辅助信息;The processing module is further configured to determine the first auxiliary information corresponding to the first area list in the at least one area list according to the third mapping relationship;
    所述收发模块,还用于通过所述第一区域列表对应的接入网设备发送所述第一辅助信息。The transceiver module is further configured to send the first auxiliary information through the access network device corresponding to the first area list.
  22. 根据权利要求16至21中任一项所述的装置,其特征在于,所述收发模块,还用 于当第一终端的第一密钥失效时,获取第二密钥;The device according to any one of claims 16 to 21, wherein the transceiver module is further used to obtain the second key when the first key of the first terminal becomes invalid;
    所述收发模块,还用于向所述第一终端发送所述第二密钥。The transceiver module is also used to send the second key to the first terminal.
  23. 根据权利要求22所述的装置,其特征在于,所述收发模块,还用于接收第五消息,所述第五消息用于请求所述第一终端的位置信息;The apparatus according to claim 22, wherein the transceiver module is further configured to receive a fifth message, and the fifth message is used to request location information of the first terminal;
    所述收发模块具体用于:The transceiver module is specifically used for:
    根据所述第五消息,向所述第一终端发送所述第二密钥。According to the fifth message, the second key is sent to the first terminal.
  24. 根据权利要求22所述的装置,其特征在于,所述收发模块,还用于接收来自所述第一终端的第六消息,所述第六消息用于请求更新密钥;The device according to claim 22, wherein the transceiver module is further configured to receive a sixth message from the first terminal, and the sixth message is used to request to update a key;
    所述收发模块具体用于:The transceiver module is specifically used for:
    根据所述第六消息,向所述第一终端发送所述第二密钥。According to the sixth message, the second key is sent to the first terminal.
  25. 一种用于保护辅助信息的装置,其特征在于,包括:A device for protecting auxiliary information, characterized in that it comprises:
    处理模块,用于确定第一消息,所述第一消息包括位置管理功能网元支持的多个密钥,以及所述多个密钥分别对应的跟踪区;A processing module, configured to determine a first message, where the first message includes multiple keys supported by the location management function network element, and tracking areas corresponding to the multiple keys;
    收发模块,用于向接入与移动性管理功能网元发送所述第一消息。The transceiver module is configured to send the first message to the access and mobility management function network element.
  26. 根据权利要求25所述的装置,其特征在于,所述处理模块,还用于生成至少一个辅助信息;The device according to claim 25, wherein the processing module is further configured to generate at least one auxiliary information;
    所述收发模块,还用于发送第四消息,所述第四消息包括至少一个区域列表和至少一个辅助信息的第三映射关系。The transceiver module is further configured to send a fourth message, where the fourth message includes a third mapping relationship between at least one area list and at least one auxiliary information.
  27. 一种用于保护定位辅助信息的装置,其特征在于,包括:A device for protecting positioning assistance information, characterized in that it comprises:
    收发模块,用于向接入与移动性管理功能网元发送跟踪区标识,所述跟踪区标识用于指示第一终端所属的跟踪区;A transceiver module, configured to send a tracking area identifier to an access and mobility management function network element, where the tracking area identifier is used to indicate the tracking area to which the first terminal belongs;
    所述收发模块,还用于接收第一密钥,所述第一密钥是由所述移动性管理功能网元根据所述第一终端所属的跟踪区确定的,且所述第一密钥用于保护辅助信息。The transceiver module is further configured to receive a first key, the first key being determined by the mobility management function network element according to the tracking area to which the first terminal belongs, and the first key Used to protect auxiliary information.
  28. 根据权利要求27所述的装置,其特征在于,所述收发模块,还用于接收加密后的辅助信息;The device according to claim 27, wherein the transceiver module is further configured to receive encrypted auxiliary information;
    处理模块,用于根据所述第一密钥,解密所述加密后的辅助信息。The processing module is configured to decrypt the encrypted auxiliary information according to the first key.
  29. 一种传输辅助信息的装置,其特征在于,包括:A device for transmitting auxiliary information, characterized in that it comprises:
    收发模块,用于获取第一消息,所述第一消息包括至少一个区域列表和至少一个辅助信息的第一映射关系;A transceiver module, configured to obtain a first message, the first message including a first mapping relationship between at least one area list and at least one auxiliary information;
    处理模块,用于根据所述第一映射关系,确定所述至少一个区域列表中的第一区域列表对应的第一辅助信息;A processing module, configured to determine first auxiliary information corresponding to a first area list in the at least one area list according to the first mapping relationship;
    所述收发模块,还用于通过所述第一区域列表对应的接入网设备发送所述第一辅助信息。The transceiver module is further configured to send the first auxiliary information through the access network device corresponding to the first area list.
  30. 一种传输辅助信息的装置,其特征在于,包括:A device for transmitting auxiliary information, characterized in that it comprises:
    处理模块,用于生成至少一个辅助信息;Processing module for generating at least one auxiliary information;
    收发模块,用于发送第一消息,所述第一消息包括至少一个区域列表和至少一个辅助信息的第一映射关系,所述至少一个区域列表中的每个区域列表对应接入与移动性管理功能网元管理的多个接入网设备中的部分接入网设备。The transceiver module is configured to send a first message, the first message including a first mapping relationship between at least one area list and at least one auxiliary information, and each area list in the at least one area list corresponds to access and mobility management Part of the access network equipment among multiple access network equipment managed by the functional network element.
  31. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质包括计算机程 序或指令,当所述计算机程序或指令在计算机上运行时,使得计算机执行如权利要求1-15中任一项所述的方法。A computer-readable storage medium, wherein the computer-readable storage medium includes a computer program or instruction, and when the computer program or instruction runs on a computer, the computer executes any one of claims 1-15. The method described in the item.
  32. 一种计算机程序产品,其特征在于,所述计算机程序产品包括计算机程序或指令,当所述计算机程序或指令在计算机上运行时,使得计算机执行如权利要求1-15中任一项所述的方法。A computer program product, characterized in that, the computer program product comprises a computer program or instruction, when the computer program or instruction is run on a computer, the computer is caused to execute the computer program according to any one of claims 1-15 method.
PCT/CN2020/077787 2019-03-04 2020-03-04 Method and apparatus for protecting auxiliary information WO2020177716A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910161370.6 2019-03-04
CN201910161370.6A CN111726800A (en) 2019-03-04 2019-03-04 Method and apparatus for protecting auxiliary information

Publications (1)

Publication Number Publication Date
WO2020177716A1 true WO2020177716A1 (en) 2020-09-10

Family

ID=72337684

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/077787 WO2020177716A1 (en) 2019-03-04 2020-03-04 Method and apparatus for protecting auxiliary information

Country Status (2)

Country Link
CN (1) CN111726800A (en)
WO (1) WO2020177716A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023283779A1 (en) * 2021-07-12 2023-01-19 Oppo广东移动通信有限公司 Communication method and apparatus
CN116456322A (en) * 2022-01-07 2023-07-18 华为技术有限公司 Communication method and communication device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018009030A1 (en) * 2016-07-08 2018-01-11 엘지전자 주식회사 Method and device for altering tracking area on basis of mobility of terminal
CN108702724A (en) * 2016-11-27 2018-10-23 Lg 电子株式会社 Cancellation method in wireless communication system and its device
CN109155949A (en) * 2017-01-09 2019-01-04 Lg 电子株式会社 Interoperability methods and its device in wireless communication between networks
CN109167847A (en) * 2018-08-09 2019-01-08 中国联合网络通信集团有限公司 A kind of generation method and SMF, communication system of the address IPv6

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110858951B (en) * 2018-08-22 2021-06-18 ***通信有限公司研究院 Method for realizing user terminal positioning, user terminal and network side equipment
CN111107483B (en) * 2018-10-10 2021-03-09 电信科学技术研究院有限公司 Method, device and system for changing positioning service authority
CN111031486B (en) * 2018-10-10 2021-05-11 电信科学技术研究院有限公司 Positioning service key distribution method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018009030A1 (en) * 2016-07-08 2018-01-11 엘지전자 주식회사 Method and device for altering tracking area on basis of mobility of terminal
CN108702724A (en) * 2016-11-27 2018-10-23 Lg 电子株式会社 Cancellation method in wireless communication system and its device
CN109155949A (en) * 2017-01-09 2019-01-04 Lg 电子株式会社 Interoperability methods and its device in wireless communication between networks
CN109167847A (en) * 2018-08-09 2019-01-08 中国联合网络通信集团有限公司 A kind of generation method and SMF, communication system of the address IPv6

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CATT: "pCR to TR33.814-Solution of Provisioning Keys for Broadcast Assistant Data Protection", 3GPP DRAFT; S3-190246, 1 February 2019 (2019-02-01), Kochi , India, pages 1 - 3, XP051596848 *

Also Published As

Publication number Publication date
CN111726800A (en) 2020-09-29

Similar Documents

Publication Publication Date Title
US10555285B2 (en) Network service exposure method and apparatus utilizing the same
US9717074B2 (en) Relay user equipment device and status announcement method thereof
WO2019148401A1 (en) Paging method, network equipment, and terminal equipment
US11172460B2 (en) User location monitoring in mobile edge environment
TWI763563B (en) Apparatuses and methods for small data transmission in an inactive state
US20190141769A1 (en) Data Transmission Method and Device
US10764779B2 (en) Apparatuses and methods for mobility management (MM) congestion control
US11310658B2 (en) Method and apparatus for determining status of terminal device, and device
KR20230019969A (en) Method for determining timing advance (TA), network device and terminal
WO2020177716A1 (en) Method and apparatus for protecting auxiliary information
US20210392612A1 (en) Method, device and terminal for location message transmission processing
WO2018137716A1 (en) Method and device for keeping continuity of udc function
CN111867057A (en) Communication method, device and system
CN110121203B (en) Communication method and communication device
WO2021087996A1 (en) Communication method and communication device
WO2020052638A1 (en) Location information transmission method and apparatus, and device
WO2022253150A1 (en) Data transmission method and apparatus
JP2005528061A (en) Supplementary service access using multimode wireless devices
WO2020248749A1 (en) Key update method and device
WO2020224582A1 (en) Network slice update method and device
US11930424B2 (en) Method and apparatus for location based group message delivery
CN116918401A (en) Positioning measurement reporting using small data transmissions
WO2020052460A1 (en) Location information transmission method, apparatus and device
CN109936590B (en) Information transmission method and device, computer storage medium and communication system
WO2019149105A1 (en) Communication method and communication apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20766319

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20766319

Country of ref document: EP

Kind code of ref document: A1