Safe HSS/UDM design method and system for achieving privacy protection function

Abstract

The invention relates to the technical field of wireless communication. The invention discloses a safe HSS / UDM design method and system for achieving a privacy protection function. The system comprises customized HSS / UDM equipment and at least one privacy protection equipment. HSS / UDM equipment is customized to complete the functions of the standard HSS / UDM except the authentication vector; and the privacy protection equipment dynamically and randomly selects a new IMSI / SUPI, securely encapsulates the new IMSI / SUPI into the authentication vector to complete the generation of the authenticationvector, and synchronously switches the new IMSI / SUPI with the terminal based on the main authentication success message. And the privacy protection function of the network side is cooperatively completed between the privacy protection equipment and the customized HSS / UDM equipment through a user-defined interface. According to the invention, privacy protection equipment with different security algorithms and IMSI / SUPI spaces can be realized according to user configurations with different security requirements; and, in this way, the requirement for the privacy protection function is met, the current development situation of an existing industrial chain is adapted to the maximum extent, one HSS / UDM can support multiple special industry users, and implementation and popularization of the privacy protection function are facilitated.

Description

Technical field [0001] The invention relates to the technical field of wireless communication networks, in particular to a safe HSS / UDM design method and system for realizing privacy protection functions. Background technique [0002] The 5G network uses IMSI / SUPI (International Mobile Subscriber Identity, Subscription Permanent Identifier) ​​as the identity identifier of the mobile terminal. Under the 3GPP R15 architecture, the IMSI / SUPI can be legally accessed by the visited network Known, but if there is a malicious administrator inside the operator visiting the network, there is a security risk of leaking to a third party. If privacy information such as the identity location of a security-sensitive terminal in some special industries is leaked, it can intercept the signaling and traffic information related to the terminal with IMSI / SUPI as the index on the visited network, and perform the terminal location, communication behavior, communication content, etc. Illegal monitori...

AI Technical Summary

Problems solved by technology

[0002] In the 5G network, IMSI / SUPI (International Mobile Subscriber Identity, International Mobile Subscriber Identity, Subscription Permanent Identifier, User Permanent Identifier) ​​is used as the identity identifier of the mobile terminal. Under the 3GPP R15 architecture, the IMSI / SUPI can be legally accessed by the visited network. Notified, but if there is a malicious administrator inside the operator visiting the network, there is a security risk of leakage to third parties

[0004] (1) Lack of specific methods for HSS / UDM transformation: It is necessary to explain how to transform the HSS / UDM (Home Subscriber Server, attributable subscriber server / Unified Data Management, unified data management) functional entity, and propose a device-level implementation that can be implemented Solution

[0005] (2) HSS / UDM with privacy protection capabilities needs to be able to serve multiple users in special industries at the same time: in the real 5G network of operators, the capacity and processing capacity of HSS / UDM are on the order of millions of users; In the 5G private network where industry users provide high-security services, the number of users in a single special industry is relatively small. If a modified HSS / UDM only serves a single user in a special industry, it will inevitably cause waste of HSS / UDM resources

[0007] (4) HSS / UDM with privacy protection capabilities needs to conform to the existing industry chain model: if HSS / UDM is developed and produced according to the model customized by industry users, it will have a major impact on the production model of equipment manufacturers and the operation and maintenance management of operators. It will produce a series of customized products that differ from industry users, and it will be difficult for operators to conduct network access testing and maintenance. These are not conducive to the implementation and promotion of privacy protection functions in 5G networks.

Images