A secure hss/udm design method and system for realizing privacy protection function

Abstract

The invention relates to the technical field of wireless communication, and the invention discloses a security HSS / UDM design method and system for realizing privacy protection function. The functions of HSS / UDM other than the authentication vector, the privacy protection device dynamically and randomly selects a new IMSI / SUPI, and securely encapsulates it into the authentication vector, completes the generation of the authentication vector, and synchronizes with the terminal based on the main authentication and authentication success message Switch new IMSI / SUPI. The privacy protection device and the customized HSS / UDM device cooperate to complete the privacy protection function on the network side through the customized interface. The present invention can realize the privacy protection equipment of different security algorithms and IMSI / SUPI space according to the user configuration of different security requirements, thus not only meeting the requirements of privacy protection function, but also adapting to the development status of the existing industrial chain to the greatest extent, and can make a HSS / UDM can support multiple users in special industries, which is conducive to the realization and promotion of privacy protection functions.

Description

technical field [0001] The present invention relates to the technical field of wireless communication networks, in particular to a secure HSS / UDM design method and system for realizing a privacy protection function. Background technique [0002] IMSI / SUPI (International Mobile Subscriber Identity, International Mobile Subscriber Identity, Subscription Permanent Identifier, subscriber permanent identifier) ​​is used in the 5G network as the identity identifier of the mobile terminal. Under the 3GPP R15 architecture, the IMSI / SUPI can be legally accessed by the visited network. However, if there is a malicious administrator inside the operator accessing the network, there is a security risk leaking to a third party. If the privacy information such as the identity and location of some security-sensitive terminals in special industries is leaked, the terminal's related signaling and traffic information can be intercepted on the visited network with IMSI / SUPI as the index, and th...

AI Technical Summary

Problems solved by technology

[0002] In the 5G network, IMSI / SUPI (International Mobile Subscriber Identity, International Mobile Subscriber Identity, Subscription Permanent Identifier, User Permanent Identifier) ​​is used as the identity identifier of the mobile terminal. Under the 3GPP R15 architecture, the IMSI / SUPI can be legally accessed by the visited network. Notified, but if there is a malicious administrator inside the operator visiting the network, there is a security risk of leakage to third parties

[0004] (1) Lack of specific methods for HSS / UDM transformation: It is necessary to explain how to transform the HSS / UDM (Home Subscriber Server, attributable subscriber server / Unified Data Management, unified data management) functional entity, and propose a device-level implementation that can be implemented Solution

[0005] (2) HSS / UDM with privacy protection capabilities needs to be able to serve multiple users in special industries at the same time: in the real 5G network of operators, the capacity and processing capacity of HSS / UDM are on the order of millions of users; In the 5G private network where industry users provide high-security services, the number of users in a single special industry is relatively small. If a modified HSS / UDM only serves a single user in a special industry, it will inevitably cause waste of HSS / UDM resources

[0007] (4) HSS / UDM with privacy protection capabilities needs to conform to the existing industry chain model: if HSS / UDM is developed and produced according to the model customized by industry users, it will have a major impact on the production model of equipment manufacturers and the operation and maintenance management of operators. It will produce a series of customized products that differ from industry users, and it will be difficult for operators to conduct network access testing and maintenance. These are not conducive to the implementation and promotion of privacy protection functions in 5G networks.

Images