CN100579010C - Method and system for generating and transmitting key - Google Patents

Method and system for generating and transmitting key Download PDF

Info

Publication number
CN100579010C
CN100579010C CN200710097491A CN200710097491A CN100579010C CN 100579010 C CN100579010 C CN 100579010C CN 200710097491 A CN200710097491 A CN 200710097491A CN 200710097491 A CN200710097491 A CN 200710097491A CN 100579010 C CN100579010 C CN 100579010C
Authority
CN
China
Prior art keywords
key
algorithm
user
anonymity
generate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200710097491A
Other languages
Chinese (zh)
Other versions
CN101039180A (en
Inventor
蒋亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wen Quanzhong
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN200710097491A priority Critical patent/CN100579010C/en
Publication of CN101039180A publication Critical patent/CN101039180A/en
Application granted granted Critical
Publication of CN100579010C publication Critical patent/CN100579010C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention is provided with a key generation and transmission method and system. The system comprises as follow: a first key generation device, which is used to generate n encryption keys CK1, CK2 to CKn, n integrity keys IK1, IK2 to IKn, n random number R1, R2 to Rn, a HASH value H, a first expected response XRES, a first right identification code MAC, insensitive parameter P1 and En(anonymous key AK, sensitive parameter P2), and send them to the user device via network element M which is used to distribute the keys for the user devices; network element, which is used to compare the first expected response XRES which comes from the contract signed server and the second expected response RES which comes from the user device; a second key generation device, which is used to generate n encryption keys CK1, CK2 to CKn, n integrity keys IK1, IK2 to IKn, the second expected response XRES, second right identification code XMAC, and feed back to the network element M. by the invention, two pair of session keys can be negotiated by AuC and USIM, and the requirement for session keys of the MME and eNB is satisfied.

Description

Key generation and transmission method and system
Technical field
The present invention relates to the security fields of telecom communication industry, particularly a kind of key generation and transmission method and system.
Background technology
In 3GPP LTE/SAE, AuC is an AUC, is arranged in user's subscribed services device, and UE is meant the subscriber equipment of similar mobile phone, and USIM is a SIM card, is arranged in UE, and MME is meant mobile management entity, and eNB is meant base station equipment.
3GPP LTE/SAE has proposed the hypothesis of two-layer safeguard protection; wherein MME provides the encipherment protection and the integrity protection of NAS signaling; the RRC of eNB provides the integrity protection of AS layer (Access Layer) signaling; the RLC/MAC of eNB provides signaling and professional encipherment protection; in LTE/SAE, need four keys so: NAS signaling encryption key CKNAS; NAS signaling Integrity Key IKNAS, AS signaling and professional encryption key CKAS, AS signaling Integrity Key IKAS.Yet in the AKA of UMTS agreement, AuC and USIM can only consult a pair of encryption key and Integrity Key, and this can not satisfy the requirement of LTE/SAE for key.
Summary of the invention
The objective of the invention is to, provide a kind of key to generate and transfer approach, make by this method can for system negotiates n to session key, satisfy system for many demands to session key.
According to an aspect of the present invention, provide a kind of key generation method, may further comprise the steps:
Step 1, user's subscribed services device and subscriber equipment are shared root key in advance, first key transmits identifying algorithm, second key transmission identifying algorithm, encryption key generating algorithm, Integrity Key generating algorithm, Anonymity Key generating algorithm, user's subscribed services device has anonymous cryptographic algorithm, and the user has the Anonymity Key decipherment algorithm;
Step 2, described user's subscribed services device generates n random number, uses the HASH digest algorithm to calculate the summary and the generation HASH value of a described n random number;
Step 3, described user's subscribed services device utilizes described root key, described first key transmission identifying algorithm, described HASH value, non-sensitive parameter, sensitive parameter to generate first authentication code, utilize described root key, described second key to transmit identifying algorithm, described HASH value generation first Expected Response, utilize described Anonymity Key generating algorithm, described root key, described HASH value to generate Anonymity Key, and utilize Anonymity Key, sensitive parameter and user's subscribed services device to have anonymous cryptographic algorithm to generate user's subscribed services device and have anonymous encryption function; And
Step 4, described user's subscribed services device utilizes described encryption key generating algorithm, described root key, a described n random number to generate n encryption key respectively, utilizes described Integrity Key generating algorithm, described root key and a described n random number to generate n Integrity Key respectively.
According to another aspect of the present invention, provide a kind of key to generate and transmission method, may further comprise the steps:
Step S102, user's subscribed services device and subscriber equipment are shared root key K in advance, first key transmits identifying algorithm f1, second key transmission identifying algorithm f2, encryption key generating algorithm f3, Integrity Key generating algorithm f4, Anonymity Key generating algorithm f5, user's subscribed services device has anonymous cryptographic algorithm En, and subscriber equipment has Anonymity Key decipherment algorithm En -1
Step S104, user's subscribed services device generates n random number R 1, R2..., Rn, uses HASH digest algorithm fh to calculate the summary of this n random number and generate a HASH value H;
Step S106, user's subscribed services device utilizes root key K, first key transmits identifying algorithm f1, HASH value H, some non-sensitive parameter P1, some sensitive parameter P2 generate the first authentication code MACMAC, utilize root key K, second key transmits identifying algorithm f2, HASH value H generates the first Expected Response XRES, utilize Anonymity Key generating algorithm f5, root key K, HASH value H generates Anonymity Key AK, and utilize Anonymity Key AK, sensitive parameter P2 and user's subscribed services device have Anonymity Key cryptographic algorithm generation user subscribed services device and have Anonymity Key cryptographic algorithm En (Anonymity Key AK, sensitive parameter P2);
Step S108, user's subscribed services device utilize encryption key generating algorithm f3, root key K, a n random number R 1, R2..., Rn generate respectively n encryption key CK1, CK2 ... CKn, utilize Integrity Key generating algorithm f4, root key K and n random number R 1, R2..., Rn generate respectively n Integrity Key IK1, IK2 ..., IKn;
Step S110, user's subscribed services device with n encryption key CK1, CK2 ..., CKn, n Integrity Key IK1, IK2 ..., IKn, a n random number R 1, R2..., Rn, root key K, HASH value H, the first Expected Response XRES, the first authentication code MAC, non-sensitive parameter P1, En (Anonymity Key AK, sensitive parameter P2) send to subscriber equipment by the network element M of subscriber equipment distributed key;
Step S112, subscriber equipment utilizes Anonymity Key generating algorithm f5, root key K, HASH value H to generate Anonymity Key AK and utilizes Anonymity Key AK and user to have Anonymity Key decipherment algorithm deciphering En (Anonymity Key AK, sensitive parameter P2) to obtain sensitive parameter P2;
Step S114, subscriber equipment utilization institute first states key transmission identifying algorithm f1, root key K, HASH value H, non-sensitive parameter P1 and sensitive parameter P2 and generates the second authentication code XMAC, determine whether the first shared in advance authentication code MAC of the second authentication code XMAC and subscriber equipment is identical, execution in step S116 under identical situation does not operate under different situations;
Step S116, subscriber equipment utilizes encryption key generating algorithm f3, root key K, a n random number R 1, R2..., Rn to generate n encryption key, utilize Integrity Key IK1, IK2 ..., IKn generating algorithm f4, root key K, a n random number R 1, R2..., Rn generate n Integrity Key IK1, IK2 ..., IKn;
Step S118, subscriber equipment utilize the second shared key transmission identifying algorithm f2, root key K, HASH value H to generate the second Expected Response RES and the second Expected Response RES is fed back to network element M;
Step S120, whether network element M relatively more identical with the first Expected Response XRES from the second Expected Response RES of subscriber equipment, and if identical would use n encryption key CK1, CK2 receiving from user's subscribed services device ..., CKn and n Integrity Key IK1, IK2 ..., IKn.
In step S106, sensitive parameter P2 and non-sensitive parameter P1 are a parameter or a plurality of parameter, are a parameter or a plurality of parameter.
In above-mentioned key generation and transmission method, method is used for 3GPP LTE/SAE.
According to another aspect of the present invention, provide a kind of key generation and transmission system to comprise: first key generating device, be positioned at user's subscribed services device side, be used for by root key K, first key transmission identifying algorithm f1, second key transmission identifying algorithm f2, encryption key generating algorithm f3, Integrity Key generating algorithm f4, the Anonymity Key generating algorithm f5 shared in advance with subscriber equipment, user's subscribed services device has anonymous cryptographic algorithm En, and the user has Anonymity Key decipherment algorithm En -1Generate n encryption key CK1, CK2, ..., CKn, n Integrity Key IK1, IK2, ..., IKn, n random number R 1, R2..., Rn, HASH value H, the first Expected Response XRES, the first authentication code MAC, non-sensitive parameter P1, En (Anonymity Key AK, sensitive parameter P2), and with n encryption key CK1, CK2, ..., CKn, n Integrity Key IK1, IK2, ..., IKn, n random number R 1, R2..., Rn, root key K, HASH value H, the first Expected Response XRES, the first authentication code MAC, non-sensitive parameter P1, En (Anonymity Key AK, sensitive parameter P2) sends to subscriber equipment by the network element M that gives the subscriber equipment distributed key; Network element, be used for and from the first Expected Response XRES of user's subscribed services device and will compare from the second Expected Response RES of user's equipment, under the first Expected Response XRES situation consistent with the second Expected Response RES, enable n encryption key CK1, CK2 ..., CKn and n Integrity Key IK1, IK2 ..., IKn; And second key generating device, be positioned at user equipment side, be used for according to the pre-root key K that shares, first key transmit identifying algorithm f1, second key transmit identifying algorithm f2, encryption key generating algorithm f3, Integrity Key generating algorithm f4, Anonymity Key and user have Anonymity Key decipherment algorithm generating algorithm f5 generate n encryption key CK1, CK2 ..., CKn, n Integrity Key IK1, IK2 ..., IKn, the second Expected Response RES, the second authentication code XMAC, and it is fed back to network element M.
In above-mentioned key generation and transmission system, first key generating device comprises: the random number generation module is used to generate n random number R 1, R2..., Rn; HASH value H generation module is used to the summary that uses the HASH digest algorithm to calculate n random number R 1, R2..., Rn and generates HASH value H.User's subscribed services device has anonymous encryption function generation module, be used to utilize root key K, first key transmits identifying algorithm f1, HASH value H, non-sensitive parameter P1, sensitive parameter P2 generates message authentication code MAC, utilize root key K, second key transmits identifying algorithm f2, HASH value H generates the first Expected Response XRES, utilize Anonymity Key AK generating algorithm f5, root key K, HASH value H generates Anonymity Key AK, and utilize Anonymity Key AK and sensitive parameter P2, have the Anonymity Key cryptographic algorithm with user's subscribed services device and generate En (Anonymity Key AK, sensitive parameter P2); The Integrity Key generation module, be used to utilize encryption key generating algorithm f3, root key K, a n random number R 1, R2..., Rn generate respectively n encryption key CK1, CK2 ..., CKn, utilize Integrity Key generating algorithm f4, root key K and n random number R 1, R2..., Rn generate respectively n Integrity Key IK1, IK2 ..., IKn; The key sending module, be used for n encryption key CK1, CK2 ..., CKn, n Integrity Key IK1, IK2 ..., IKn, a n random number R 1, R2..., Rn, root key K, HASH value H, the first Expected Response XRES, message authentication code MAC, non-sensitive parameter P1, En (Anonymity Key AK, sensitive parameter P2) send to subscriber equipment by the network element M of subscriber equipment distributed key.
Second key generating device comprises: the sensitive parameter acquisition module is used to utilize Anonymity Key generating algorithm f5, root key K, HASH value H to generate Anonymity Key AK and utilize Anonymity Key AK and user to have Anonymity Key decipherment algorithm En -1Deciphering En (Anonymity Key AK, sensitive parameter P2) is to obtain sensitive parameter P2; Authentication module is used for utilizing institute first to state key transmission identifying algorithm f1, root key K, HASH value H, non-sensitive parameter P1 and sensitive parameter P2 and generates the second authentication code XMAC, determines whether the second authentication code XMAC is identical with the first authentication code MAC; Key production module, be used under the authentication code situation identical with message authentication code, utilize encryption key generating algorithm f3, root key K, a n random number R 1, R2..., Rn generate n encryption key CK1, CK2 ..., CKn, utilize Integrity Key generating algorithm f4, root key K, a n random number R 1, R2..., Rn generation n Integrity Key IK1, IK2 ..., IKn; And the second Expected Response generation module, utilize second to share that key transmits identifying algorithm f2, root key K, HASH value H generate the second Expected Response RES and the second Expected Response RES is fed back to network element M.
In above-mentioned key generation and transmission system, sensitive parameter P2 and non-sensitive parameter P1 are a parameter or a plurality of parameter, and this system is used for 3GPP LTE/SAE.
By the present invention, can allow AuC and USIM consult two pairs of session keys on the one hand, when AuC gives MME with the session key distribution, MME further is distributed to it after MME and the eNB, and this is for providing corresponding session key between USIM and the eNB and between USIM and the MME.On the other hand, the method also provides the mutual authentication method in the key transport process, has guaranteed that the session key that USIM generates is identical with the session key that AuC generates.
Other features and advantages of the present invention will be set forth in the following description, and, partly from specification, become apparent, perhaps understand by implementing the present invention.Purpose of the present invention and other advantages can realize and obtain by specifically noted structure in the specification of being write, claims and accompanying drawing.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 generates and the transmission method flow chart according to key of the present invention;
Fig. 2 is the block diagram according to key generation of the present invention and transmission system;
Fig. 3 is the key generation schematic diagram according to user's subscribed services device of the embodiment of the invention;
Fig. 4 is the key generation schematic diagram according to the user of the embodiment of the invention;
Fig. 5 is the key generation schematic diagram according to user's subscribed services device of the embodiment of the invention;
Fig. 6 is the key generation schematic diagram according to the user of the embodiment of the invention; And
Fig. 7 is that key according to an embodiment of the invention generates and transfer process figure.
Embodiment
Below with reference to accompanying drawing, describe the specific embodiment of the present invention in detail.
Fig. 1 generates and the transmission method flow chart according to key of the present invention.With reference to Fig. 1, the invention provides a kind of key and generate and transmission method, may further comprise the steps:
Step S102, user's subscribed services device and subscriber equipment are shared root key K in advance, first key transmits identifying algorithm f1, second key transmission identifying algorithm f2, encryption key generating algorithm f3, Integrity Key generating algorithm f4, Anonymity Key generating algorithm f5, user's subscribed services device has anonymous cryptographic algorithm En, and the user has Anonymity Key decipherment algorithm En -1As shown in Figure 3.
Step S104, user's subscribed services device generates n random number R 1, R2..., Rn, uses HASH digest algorithm fh to calculate the summary of this n random number and generate a HASH value H, as shown in Figure 3.
Step S106, user's subscribed services device utilizes root key K, first key transmits identifying algorithm f1, HASH value H, some non-sensitive parameter P1, some sensitive parameter P2 generate the first authentication code MACMAC, utilize root key K, second key transmits identifying algorithm f2, HASH value H generates the first Expected Response XRES, utilize Anonymity Key generating algorithm f5, root key K, HASH value H generates Anonymity Key AK, and utilize Anonymity Key AK, sensitive parameter P2 and user's subscribed services device have the Anonymity Key cryptographic algorithm and generate En (Anonymity Key AK, sensitive parameter P2), as shown in Figure 3.
Step S108, user's subscribed services device utilize encryption key generating algorithm f3, root key K, a n random number R 1, R2..., Rn generate respectively n encryption key CK1, CK2 ... CKn, utilize Integrity Key generating algorithm f4, root key K and n random number R 1, R2..., Rn generate respectively n Integrity Key IK1, IK2 ..., IKn, as shown in Figure 3.
Step S110, user's subscribed services device with n encryption key CK1, CK2 ..., CKn, n Integrity Key IK1, IK2 ..., IKn, a n random number R 1, R2..., Rn, root key K, HASH value H, the first Expected Response XRES, the first authentication code MAC, non-sensitive parameter P1, En (Anonymity Key AK, sensitive parameter P2) the network element M by the subscriber equipment distributed key sends to subscriber equipment, as shown in Figure 4.
Step S112, subscriber equipment utilize Anonymity Key generating algorithm f5, root key K, HASH value H to generate Anonymity Key AK and utilize Anonymity Key AK and user to have Anonymity Key decipherment algorithm En -1Deciphering En (Anonymity Key AK, sensitive parameter P2) is to obtain sensitive parameter P2, as shown in Figure 4.
Step S114, subscriber equipment utilization institute first states key transmission identifying algorithm f1, root key K, HASH value H, non-sensitive parameter P1 and sensitive parameter P2 and generates the second authentication code XMAC, determine whether the first shared in advance authentication code MAC of the second authentication code XMAC and subscriber equipment is identical, execution in step S116 under identical situation, under different situations, do not operate, as shown in Figure 4.
Step S116, subscriber equipment utilizes encryption key generating algorithm f3, root key K, a n random number R 1, R2..., Rn to generate n encryption key, utilize Integrity Key generating algorithm f4, root key K, a n random number R 1, R2..., Rn generate n Integrity Key IK1, IK2 ..., IKn, as shown in Figure 4.
Step S118, subscriber equipment utilize the second shared key transmission identifying algorithm f2, root key K, HASH value H to generate the second Expected Response RES and the second Expected Response RES is fed back to network element M.
Step S120, whether network element M relatively more identical with the first Expected Response XRES from the second Expected Response RES of subscriber equipment, and if identical would use n encryption key CK1, CK2 receiving from user's subscribed services device ..., CKn and n Integrity Key IK1, IK2 ..., IKn.
In step S106, sensitive parameter P2 and non-sensitive parameter P1 are a parameter or a plurality of parameter, are a parameter or a plurality of parameter.
This method can be used for 3GPP LTE/SAE.
Fig. 2 is the block diagram according to key generation of the present invention and transmission system.The invention provides with reference to Fig. 2 that a kind of key generates and transmission system 200 comprises: first key generating device 202, be positioned at user's subscribed services device side, be used for by the root key K shared in advance with subscriber equipment, first key transmits identifying algorithm f1, second key transmits identifying algorithm f2, encryption key generating algorithm f3, Integrity Key generating algorithm f4, Anonymity Key generating algorithm f5, user's subscribed services device has anonymous cryptographic algorithm En and generates n encryption key CK1, CK2, ..., CKn, n Integrity Key IK1, IK2, ..., IKn, n random number R 1, R2..., Rn, HASH value H, the first Expected Response XRES, the first authentication code MAC, non-sensitive parameter P1, En (Anonymity Key AK, sensitive parameter P2), and with n encryption key CK1, CK2, ..., CKn, n Integrity Key IK1, IK2, ..., IKn, n random number R 1, R2..., Rn, root key K, HASH value H, the first Expected Response XRES, the first authentication code MAC, non-sensitive parameter P1, En (Anonymity Key AK, sensitive parameter P2) sends to subscriber equipment by the network element M that gives the subscriber equipment distributed key; Network element 204, be used for and from the first Expected Response XRES of user's subscribed services device and will compare from the second Expected Response RES of user's equipment, under the first Expected Response XRES situation consistent with the second Expected Response RES, enable n encryption key CK1, CK2 ..., CKn and n Integrity Key IK1, IK2 ..., IKn; And second key generating device 206, be positioned at user equipment side, be used for according to the pre-root key K that shares, first key transmit identifying algorithm f1, second key transmits identifying algorithm f2, encryption key and user and has Anonymity Key decipherment algorithm En -1Generating algorithm f3, Integrity Key generating algorithm f4, Anonymity Key generating algorithm f5 generate n encryption key CK1, CK2 ..., CKn, n Integrity Key IK1, IK2 ..., IKn, the second Expected Response XRES, the second authentication code XMAC, and it is fed back to network element M.
First key generating device 202 comprises: random number generation module 202-2 is used to generate n random number R 1, R2..., Rn; HASH value generation module 202-4 is used to the summary that uses the HASH digest algorithm to calculate n random number R 1, R2..., Rn and generates HASH value H; User's subscribed services device has Anonymity Key encryption function generation module 202-6, be used to utilize root key K, first key transmits identifying algorithm f1, HASH value H, non-sensitive parameter P1, sensitive parameter P2 generates message authentication code MAC, utilize root key K, second key transmits identifying algorithm f2, HASH value H generates the first Expected Response XRES, utilize Anonymity Key AK generating algorithm f5, root key K, HASH value H generates Anonymity Key AK, and utilize Anonymity Key AK, sensitive parameter P2 and user's subscribed services device have anonymous cryptographic algorithm and generate En (Anonymity Key AK, sensitive parameter P2); Integrity Key generation module 202-8, be used to utilize encryption key generating algorithm f3, root key K, a n random number R 1, R2..., Rn generate respectively n encryption key CK1, CK2 ..., CKn, utilize Integrity Key generating algorithm f4, root key K and n random number R 1, R2..., Rn generate respectively n Integrity Key IK1, IK2 ..., IKn; Key sending module 202-10, be used for n encryption key CK1, CK2 ..., CKn, n Integrity Key IK1, IK2 ..., IKn, a n random number R 1, R2..., Rn, root key K, HASH value H, the first Expected Response XRES, message authentication code MAC, non-sensitive parameter P1, En (Anonymity Key AK, sensitive parameter P2) send to subscriber equipment by the network element M that gives the subscriber equipment distributed key.
Second key generating device 206 comprises: sensitive parameter acquisition module 206-2 is used to utilize Anonymity Key generating algorithm f5, root key K, HASH value H to generate Anonymity Key AK and utilize Anonymity Key AK and user to have Anonymity Key decipherment algorithm En -1Deciphering En (Anonymity Key AK, sensitive parameter P2) is to obtain sensitive parameter P2; Authentication module 206-4 is used for utilizing institute first to state key transmission identifying algorithm f1, root key K, HASH value H, non-sensitive parameter P1 and sensitive parameter P2 and generates the second authentication code XMAC, determines whether the second authentication code MAC is identical with the first authentication code MAC; Key production module 206-6, be used under the authentication code situation identical with message authentication code, utilize encryption key generating algorithm f3, root key K, a n random number R 1, R2..., Rn generate n encryption key CK1, CK2 ..., CKn, utilize Integrity Key generating algorithm f4, root key K, a n random number R 1, R2..., Rn generation n Integrity Key IK1, IK2 ..., IKn; And the second Expected Response generation module 206-8, utilize second to share that key transmits identifying algorithm f2, root key K, HASH value H generate the second Expected Response RES and the second Expected Response RES is fed back to network element M.
In above-mentioned key generation and transmission system, sensitive parameter P2 and non-sensitive parameter P1 are a parameter or a plurality of parameter, and this system can be used for 3GPP LTE/SAE.
Describe one embodiment of the present of invention in detail with reference to Fig. 5 to Fig. 7 and in conjunction with the key agreement of 3GPP LTE/SAE below.This embodiment may further comprise the steps:
Step S702:AuC and USIM share root key K in advance, wildcard transmits identifying algorithm f1, f2, the pre-encryption key generating algorithm f3 that shares, the pre-Integrity Key generating algorithm f4 that shares, the pre-Anonymity Key generating algorithm f5 that shares, user's subscribed services device has anonymous cryptographic algorithm En, and the user has Anonymity Key decipherment algorithm En -1As shown in Figure 5.
Step S704:AuC generates 2 random number R 1, R2, and AuC utilizes HASH digest algorithm fh to calculate the summary of these 2 random numbers, generates a HASH value H, as shown in Figure 5.
Step S706:AuC utilizes f1, K, H, SQN, AMF to generate message authentication code MAC; AuC utilizes f2, K, H to generate Expected Response XRES; AuC utilizes f5, K, H to generate Anonymity Key AK, and utilizes AK XOR encryption parameter SQN, generates SQN+AK, as shown in Figure 5.
Step S708:AuC utilizes f3, K, R1 to generate encryption key CK1, utilizes f3, K, R2 to generate encryption key CK2; AuC utilizes f4, K, R1 to generate Integrity Key IK1, utilizes f4, K, R2 to generate Integrity Key IK2, as shown in Figure 5.
(AK P2) sends to MME to step S710:AuC, and MME sends R1, R2, H, MAC, AMF, SQN+AK to USIM with CK1, CK2, IK1, IK2, R1, R2, H, XRES, MAC, P1, En.
Step S712:USIM utilizes f5, K, H to generate Anonymity Key AK, and utilizes AK XOR deciphering SQN+AK (in the present invention, agreement '+' expression step-by-step XOR), obtains SQN, as shown in Figure 6.
Step S714:USIM utilizes f1, K, H, AMF, SQN to generate authentication code XMAC, and USIM judges whether XMAC and MAC equate to determine whether message is distorted, if XMAC equals MAC, then message is not distorted in the transport process, as shown in Figure 6 in transport process.
Step S716:USIM utilizes f3, K, R1 to generate encryption key CK1, utilizes f3, K, R2 to generate encryption key CK2, and USIM utilizes f4, K, R1 to generate Integrity Key IK1, utilizes f4, K, R2 to generate Integrity Key IK2, as shown in Figure 6.
Step S718:USIM utilizes f2, K, H to generate Expected Response RES, and gives MME with the RES loopback, as shown in Figure 6.
Step S720:MME is RES and XRES relatively, finds that RES is consistent with XRES, then begins encryption enabled ciphering key K1, CK2 and Integrity Key IK1, IK2.
Alternatively, in step S706, P1, P2 can be made of a parameter, also can be made of a plurality of parameters.
Alternatively, in step S714, when the user judges that XMAC is not equal to MAC, show that then message is distorted in transmittance process, this moment, the user need not proceed step S718 and step afterwards.
By this embodiment, AuC and USIM can consult two pairs of session keys, can satisfy MME and the eNB demand for session key thus.
By the present invention, can allow on the one hand AuC and USIM consult two pairs of session keys, when AuC gives MME with the session key distribution, MME further is distributed to after MME and the eNB, just for corresponding session key is provided between USIM and the eNB and between USIM and the MME.On the other hand, the method also provides the mutual authentication method in the key transport process, has guaranteed that the session key that USIM generates is identical with the session key that AuC generates.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (11)

1. a key generation method is characterized in that, may further comprise the steps:
Step 1, user's subscribed services device and subscriber equipment are shared root key in advance, first key transmits identifying algorithm, second key transmission identifying algorithm, encryption key generating algorithm, Integrity Key generating algorithm, Anonymity Key generating algorithm, user's subscribed services device has anonymous cryptographic algorithm, and the user has the Anonymity Key decipherment algorithm;
Step 2, described user's subscribed services device generates n random number, uses the HASH digest algorithm to calculate the summary and the generation HASH value of a described n random number;
Step 3, described user's subscribed services device utilizes described root key, described first key transmission identifying algorithm, described HASH value, non-sensitive parameter, sensitive parameter to generate first authentication code, utilize described root key, described second key to transmit identifying algorithm, described HASH value generation first Expected Response, utilize described Anonymity Key generating algorithm, described root key, described HASH value to generate Anonymity Key, and utilize Anonymity Key, sensitive parameter and user's subscribed services device to have anonymous cryptographic algorithm to generate user's subscribed services device and have anonymous encryption function; And
Step 4, described user's subscribed services device utilizes described encryption key generating algorithm, described root key, a described n random number to generate n encryption key respectively, utilizes described Integrity Key generating algorithm, described root key and a described n random number to generate n Integrity Key respectively.
2. a key generates and transmission method, it is characterized in that, may further comprise the steps:
Step 1, user's subscribed services device and subscriber equipment are shared root key in advance, first key transmits identifying algorithm, second key transmission identifying algorithm, encryption key generating algorithm, Integrity Key generating algorithm, Anonymity Key generating algorithm, user's subscribed services device has anonymous cryptographic algorithm, and the user has the Anonymity Key decipherment algorithm;
Step 2, described user's subscribed services device generates n random number, uses the HASH digest algorithm to calculate the summary and the generation HASH value of a described n random number;
Step 3, described user's subscribed services device utilizes described root key, described first key transmission identifying algorithm, described HASH value, non-sensitive parameter, sensitive parameter to generate first authentication code, utilize described root key, described second key to transmit identifying algorithm, described HASH value generation first Expected Response, utilize described Anonymity Key generating algorithm, described root key, described HASH value to generate Anonymity Key, and utilize Anonymity Key, sensitive parameter and user's subscribed services device to have anonymous cryptographic algorithm to generate user's subscribed services device and have anonymous encryption function;
Step 4, described user's subscribed services device utilizes described encryption key generating algorithm, described root key, a described n random number to generate n encryption key respectively, utilizes described Integrity Key generating algorithm, described root key and a described n random number to generate n Integrity Key respectively;
Step 5, described user's subscribed services device have anonymous encryption function with a described n encryption key, a described n Integrity Key, a described n random number, described root key, described HASH value, described first Expected Response, described first authentication code, described non-sensitive parameter, described user's subscribed services device and send to described subscriber equipment by the network element of giving described subscriber equipment distributed key;
Step 6, described subscriber equipment are utilized described Anonymity Key generating algorithm, described root key, described HASH value to generate Anonymity Key and are utilized described Anonymity Key and user to have the Anonymity Key decipherment algorithm and decipher described user's subscribed services device and have anonymous encryption function to obtain described sensitive parameter;
Step 7, described subscriber equipment utilization institute first states key and transmits identifying algorithm, described root key, described HASH value, described non-sensitive parameter and described sensitive parameter and generate second authentication code, determine whether the first shared in advance authentication code of described second authentication code and described subscriber equipment is identical, execution in step eight under identical situation, do not operate under different situations;
Step 8, described subscriber equipment utilize described encryption key generating algorithm, described root key, a described n random number to generate n encryption key, utilize described Integrity Key generating algorithm, described root key, a described n random number to generate n Integrity Key;
Step 9, described subscriber equipment utilize the described second shared key transmission identifying algorithm, described root key, described HASH value to generate second Expected Response and expect extremely described network element of responsive feedback with described second;
Step 10, whether described network element is relatively identical with described first Expected Response from second Expected Response of described subscriber equipment, if identical then use n encryption key and n the Integrity Key that receives from described user's subscribed services device.
3. key according to claim 2 generates and transmission method, it is characterized in that in described step 3, described sensitive parameter is a parameter or a plurality of parameter.
4. key according to claim 2 generates and transmission method, it is characterized in that in described step 3, described non-sensitive parameter is a parameter or a plurality of parameter.
5. generate and transmission method according to each described key in the claim 1 to 4, it is characterized in that described method is used for 3GPP LTE/SAE.
6. a key generates and transmission system, it is characterized in that comprising:
First key generating device, be positioned at user's subscribed services device side, be used for by the root key shared in advance with subscriber equipment, first key transmits identifying algorithm, second key transmits identifying algorithm, the encryption key generating algorithm, the Integrity Key generating algorithm, the Anonymity Key generating algorithm, user's subscribed services device has anonymous cryptographic algorithm and the user has n encryption key of Anonymity Key decipherment algorithm generation, n Integrity Key, n random number, the HASH value, first Expected Response, first authentication code, non-sensitive parameter, user's subscribed services device has anonymous encryption function, and with a described n encryption key, a described n Integrity Key, a described n random number, described root key, described HASH value, described first Expected Response, described first authentication code, described non-sensitive parameter, described user's subscribed services device has anonymous encryption function and sends to described subscriber equipment by the network element of giving described subscriber equipment distributed key;
Described network element, be used for and from first Expected Response of described user's subscribed services device and will compare from second Expected Response of described subscriber equipment, under described first Expected Response situation consistent, start a described n encryption key and a described n Integrity Key with described second Expected Response; And
Second key generating device, be positioned at described user equipment side, be used for transmitting identifying algorithm, second key transmission identifying algorithm, encryption key generating algorithm, Integrity Key generating algorithm, Anonymity Key generating algorithm and user and have n encryption key of Anonymity Key decipherment algorithm generation, a n Integrity Key, second Expected Response, second authentication code, and it is fed back to described network element according to the described pre-root key of sharing, first key.
7. key according to claim 6 generates and transmission system, it is characterized in that described first key generating device comprises:
The random number generation module is used to generate n random number;
HASH value generation module is used to the summary that uses the HASH digest algorithm to calculate a described n random number and generates the HASH value;
User's subscribed services device has anonymous encryption function generation module, be used to utilize described root key, described first key transmits identifying algorithm, described HASH value, non-sensitive parameter, sensitive parameter generates message authentication code, utilize described root key, described second key transmits identifying algorithm, described HASH value generates first Expected Response, utilize described Anonymity Key generating algorithm, described root key, described HASH value generates Anonymity Key, and utilizes Anonymity Key, sensitive parameter and described user's subscribed services device have Anonymity Key cryptographic algorithm generation user subscribed services device and have anonymous encryption function;
The Integrity Key generation module, be used to utilize described encryption key generating algorithm, described root key, a described n random number to generate n encryption key respectively, utilize described Integrity Key generating algorithm, described root key and a described n random number to generate n Integrity Key respectively;
The key sending module is used for that a described n encryption key, a described n Integrity Key, a described n random number, described root key, described HASH value, described first Expected Response, described message authentication code, described non-sensitive parameter, described user's subscribed services device are had anonymous encryption function and sends to described subscriber equipment by the network element of giving described subscriber equipment distributed key.
8. key according to claim 7 generates and transmission system, it is characterized in that described second key generating device comprises:
The sensitive parameter acquisition module is used to utilize described Anonymity Key generating algorithm, described root key, described HASH value to generate Anonymity Key and utilizes described Anonymity Key and user to have the Anonymity Key decipherment algorithm and decipher described user's subscribed services device and have anonymous encryption function to obtain described sensitive parameter;
Authentication module, be used for utilizing institute first to state key and transmit identifying algorithm, described root key, described HASH value, described non-sensitive parameter and described sensitive parameter generation authentication code, determine whether the pre-message authentication code of sharing of described authentication code and described subscriber equipment is identical;
Second key production module, be used under the described authentication code situation identical with described message authentication code, utilize described encryption key generating algorithm, described root key, a described n random number to generate n encryption key, utilize described Integrity Key generating algorithm, described root key, a described n random number to generate n Integrity Key; And
The second Expected Response generation module utilizes the described second shared key transmission identifying algorithm, described root key, described HASH value to generate second Expected Response and expect extremely described network element of responsive feedback with described second.
9. key according to claim 8 generates and transmission system, it is characterized in that described sensitive parameter is a parameter or a plurality of parameter.
10. key according to claim 8 generates and transmission system, it is characterized in that described non-sensitive parameter is a parameter or a plurality of parameter.
11. generate and transmission system according to each described key in the claim 6 to 10, it is characterized in that described system is used for 3GPP LTE/SAE.
CN200710097491A 2007-05-09 2007-05-09 Method and system for generating and transmitting key Expired - Fee Related CN100579010C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200710097491A CN100579010C (en) 2007-05-09 2007-05-09 Method and system for generating and transmitting key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200710097491A CN100579010C (en) 2007-05-09 2007-05-09 Method and system for generating and transmitting key

Publications (2)

Publication Number Publication Date
CN101039180A CN101039180A (en) 2007-09-19
CN100579010C true CN100579010C (en) 2010-01-06

Family

ID=38889843

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200710097491A Expired - Fee Related CN100579010C (en) 2007-05-09 2007-05-09 Method and system for generating and transmitting key

Country Status (1)

Country Link
CN (1) CN100579010C (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102170450A (en) * 2011-05-16 2011-08-31 北京和利时系统工程有限公司 Key processing method, apparatus and system of train operation control system

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101159538A (en) * 2007-11-16 2008-04-09 西安西电捷通无线网络通信有限公司 Key management method
CN101547443B (en) * 2008-03-28 2011-12-21 上海华为技术有限公司 Method for transmitting signaling and communication device
CN101938743B (en) * 2009-06-30 2013-05-08 中兴通讯股份有限公司 Generation method and device of safe keys
CN102045210B (en) * 2009-10-10 2014-05-28 中兴通讯股份有限公司 End-to-end session key consultation method and system for supporting lawful interception
CN101872338B (en) * 2010-06-04 2012-08-29 杭州电子科技大学 Method for obtaining safe information abstract in authentication header
CN102045333B (en) * 2010-06-29 2013-06-19 飞天诚信科技股份有限公司 Method for generating safety message process key
CN101951590B (en) * 2010-09-03 2015-07-22 中兴通讯股份有限公司 Authentication method, device and system
WO2015062239A1 (en) * 2013-11-04 2015-05-07 华为技术有限公司 Method and device for key negotiation processing
CN106330442B (en) * 2015-06-17 2020-04-28 中兴通讯股份有限公司 Identity authentication method, device and system
US10382206B2 (en) * 2016-03-10 2019-08-13 Futurewei Technologies, Inc. Authentication mechanism for 5G technologies
US10873464B2 (en) 2016-03-10 2020-12-22 Futurewei Technologies, Inc. Authentication mechanism for 5G technologies
CN109150899B (en) * 2018-09-18 2021-03-16 恒宝股份有限公司 Mobile communication method and system for Internet of things
CN109495454A (en) * 2018-10-26 2019-03-19 北京车和家信息技术有限公司 Authentication method, device, cloud server and vehicle

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102170450A (en) * 2011-05-16 2011-08-31 北京和利时系统工程有限公司 Key processing method, apparatus and system of train operation control system

Also Published As

Publication number Publication date
CN101039180A (en) 2007-09-19

Similar Documents

Publication Publication Date Title
CN100579010C (en) Method and system for generating and transmitting key
US11290869B2 (en) Method for managing communication between a server and a user equipment
EP3493462B1 (en) Authentication method, authentication apparatus and authentication system
CN101822082B (en) Techniques for secure channelization between UICC and terminal
CN101512537B (en) Method and system for secure processing of authentication key material in an ad hoc wireless network
US5689563A (en) Method and apparatus for efficient real-time authentication and encryption in a communication system
US8769284B2 (en) Securing communication
US9473941B1 (en) Method, apparatus, and computer program product for creating an authenticated relationship between wireless devices
US20190089530A1 (en) Secure Key Transmission Protocol without Certificates or Pre-shared Symmetrical Keys
US20070055877A1 (en) Security in a communication network
Mirzadeh et al. Secure device pairing: A survey
WO2016161583A1 (en) Gprs system key enhancement method, sgsn device, ue, hlr/hss and gprs system
CN101820629A (en) Identity authentication method, device and system in wireless local area network (WLAN)
EP3892022B1 (en) Method and apparatuses for ensuring secure attachment in size constrained authentication protocols
CN101242264A (en) Data transmission method, device and system and mobile terminal
CN105007163A (en) Pre-shared key (PSK) transmitting and acquiring methods and transmitting and acquiring devices
Hwang et al. On the security of an enhanced UMTS authentication and key agreement protocol
CN114362944B (en) D2D secure mobile communication method and system based on quantum key
CN102264068A (en) Shared key consultation method, system, network platform and terminal
CN101715190B (en) System and method for realizing authentication of terminal and server in WLAN (Wireless Local Area Network)
WO2018047132A1 (en) A system and method for authentication and secure communication
WO2012165901A2 (en) Method for inter-terminal security channelization
CN1484409A (en) Method for distributing enciphered key in wireless local area network
WO2008004174A2 (en) Establishing a secure authenticated channel
CN101366229B (en) Sharing a secret element

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20171025

Address after: 510000 unit 2414-2416, building, No. five, No. 371, Tianhe District, Guangdong, China

Patentee after: Guangdong Gaohang Intellectual Property Operation Co., Ltd.

Address before: 518057 Nanshan District science and Technology Industrial Park, Guangdong high tech Industrial Park, ZTE building

Patentee before: ZTE Corporation

CB03 Change of inventor or designer information

Inventor after: Wen Quanzhong

Inventor before: Jiang Liang

CB03 Change of inventor or designer information
TR01 Transfer of patent right

Effective date of registration: 20171102

Address after: 075000 Hebei province Zhangjiakou city Chicheng County Red Town Cang pit back street 47

Patentee after: Wen Quanzhong

Address before: 510000 unit 2414-2416, building, No. five, No. 371, Tianhe District, Guangdong, China

Patentee before: Guangdong Gaohang Intellectual Property Operation Co., Ltd.

TR01 Transfer of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100106

Termination date: 20180509

CF01 Termination of patent right due to non-payment of annual fee