CN112788598B

CN112788598B - Method and device for protecting parameters in authentication process

Info

Publication number: CN112788598B
Application number: CN201911060007.1A
Authority: CN
Inventors: 邓娟; 赵绪文
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2019-11-01
Filing date: 2019-11-01
Publication date: 2022-11-11
Anticipated expiration: 2039-11-01
Also published as: CN112788598A; WO2021083012A1

Abstract

The embodiment of the application discloses a method and a device for protecting parameters in an authentication process, wherein the method comprises the following steps: in the authentication process, the SEAF/AMF sends security-related parameters with integrity protection to the UE, and the UE verifies the integrity of the security-related parameters to prevent the security-related parameters from being tampered in the transmission process, so that the subsequent authentication process is influenced.

Description

Method and device for protecting parameters in authentication process

Technical Field

The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for protecting parameters in an authentication process.

Background

In a wireless communication scenario, before data transmission is performed between user equipment and a core network, the core network equipment needs to authenticate the user equipment, so that the core network is prevented from being illegally accessed and attacked, and other legal terminals are prevented from being influenced to normally access core network resources. The standard third Generation Partnership project (3 gpp) TS 33.501 defines a main Authentication and Key Agreement (AKA) procedure of a 5th-Generation (5G) system for enabling mutual Authentication between a User Equipment (UE) and a network and providing keying material that can be used in subsequent secure interactions between the UE and the serving network.

In the authentication process, security-related parameters are interacted between the UE and the network-side device, and the security-related parameters are used for deriving the secret key, but there is a risk that the security-related parameters are tampered during the interaction process.

Disclosure of Invention

The embodiment of the application provides a parameter protection method and device, and whether security-related parameters transmitted in an authentication process are tampered or not is identified by performing integrity verification on the security-related parameters such as Anti-biding down Between Architectures and architecture (ABBA) in a main authentication process.

In different embodiments, the first message authentication code and the second message authentication code may be generated by different network elements, and keys and parameters used in the generation may also be different, so that the first message authentication code or the second message authentication code in different embodiments cannot be regarded as the same message authentication code. Moreover, the terms "first," "second," and the like, as used herein, are used for descriptive purposes only and are not intended to indicate or imply relative importance.

In a first aspect, an embodiment of the present application provides a method for protecting parameters in an authentication process, where the method includes:

user equipment receives an authentication request message sent by a Security Anchor Function (SEAF); the authentication request message includes an inter-architecture anti-dimensionality reduction parameter (ABBA); and the user equipment carries out integrity verification on the ABBA.

It should be noted that, before the UE receives the Authentication request message sent by the SEAF, the UE sends a registration request message to the SEAF, so that the SEAF initiates an Authentication request to an Authentication service Function (AUSF) after receiving the registration request message of the UE.

In addition, it is further noted that, after the user equipment performs integrity verification on the ABBA, the method further includes: and if the integrity verification of the ABBA is successful, the user equipment sends an authentication response message to the SEAF.

In addition, it is further noted that, after the user equipment performs integrity verification on the ABBA, the method further includes: and if the integrity verification of the ABBA fails, the user equipment sends indication information to the SEAF, wherein the indication information is used for indicating the failure of the integrity verification. It can be understood that if the integrity authentication fails, the authentication procedure is terminated in time, thereby saving signaling resources for subsequent interaction.

In addition, it should be noted that, in the authentication process, the UE receives an authentication request message sent by the SEAF, where the authentication request message includes security-related parameters such as ABBA and/or key set identifier ngKSI. The authentication request message also carries a first message authentication code for integrity protection. The authentication request message also contains parameters such as an authentication token AUTN and a random number RAND.

In one implementation, the first message authentication code is a message authentication code of a security-related parameter such as ABBA and/ngKSI;

in another implementation manner, the first message authentication code is a message authentication code of the authentication request message carrying the security related parameters such as ABBA and/ngKSI.

After receiving the authentication request message, the UE performs integrity verification on the security-related parameters such as ABBA and/or ngKSI or the authentication message carrying the security-related parameters, including: and the UE generates a security key and generates the security related parameters or a second message authentication code of the authentication message carrying the security related parameters by using the security key.

The generation of the security key differs depending on the authentication method.

When the authentication method is EAP AKA', the UE may generate an encryption key CK and an integrity key IK according to the root key K, and use (CK, IK) to generate or serve as a security key; the UE may also generate CK ', IK' using the CK, IK, and the service network name SN name, etc., and generate or use (CK ', IK') as a security key; the UE may further generate a security key according to the CK, the IK, and an access type, where the access type may be a 3GPP type or a non-3 GPP type, the type identifier of the 3GPP is 1, and the type identifier of the non-3 GPP is 2; the UE can also generate MK according to the parameters such as CK ', IK' and user identification, and generate or use MK as a security key; the UE may also use K _AUSF Generating or as a security key, wherein said K _AUSF Is part of the MK.

When the authentication method is 5G AKA, the UE may generate an encryption key CK and an integrity key IK according to the root key K, and generate or use (CK, IK) as a security key; the UE can also generate K according to the CK, the IK, the service network name SN name and the like _AUSF And use of said K _AUSF Generating or as a security key; the UE may also be authenticated at the receipt according to the response RESGenerating a 5G AKA response RES by using a random number RAND and an SN name carried in a request message, and generating or using the RES as a security key; the UE may further hash the RES and the RAND to generate a hash response HRES, and generate or use the HRES as a security key;

and the UE generates a message authentication code of the security related parameters such as ABBA and/or ngKSI by using the generated security key as a second message authentication code.

In another possible implementation, the UE generates a message authentication code of the authentication request message carrying the security-related parameter by using the generated security key, and uses the message authentication code as the second message authentication code.

And the UE verifies the integrity of the safety related parameters or the authentication request message carrying the safety related parameters according to the received first message authentication code and the generated second message authentication code. Specifically, the UE compares the first message authentication code with the second message authentication code. If the result is the same, the integrity verification is successful; if the results are different, the integrity verification fails.

And if the integrity verification is successful, the UE sends an authentication response to the SEAF, and the network side continues the authentication process. The UE receives the authentication result (verification result) or the N1 message sent by the SEAF. If the authentication is successful, the UE performs authentication according to the anchor key K _SEAF User Permanent Identity (SUPI) and generation of underlying secret key K by the ABBA _AMF . The UE is according to the K _AMF A non-access stratum key is generated.

And if the integrity verification fails, the UE sends indication information or authentication rejection information for indicating the integrity verification failure to the SEAF. The authentication rejection message carries the indication information for indicating the integrity verification failure.

In a second aspect, an embodiment of the present application provides a method for protecting parameters in an authentication process, where the method includes:

and the safety anchor point function network element SEAF receives a registration request message sent by the user equipment UE. And the SEAF initiates an authentication request to an authentication service function AUSF after receiving the registration request message of the UE.

In the authentication process, the SEAF sends an authentication request message to the UE, where the authentication request message contains security-related parameters such as ABBA and/or key set identifier ngKSI.

The authentication request message also carries a first message authentication code for integrity protection.

In one possible implementation, the SEAF generates a message authentication code of security-related parameters such as ABBA and/ngKSI as the first message authentication code.

In another possible implementation, the SEAF generates the message authentication code of the authentication request message carrying the security-related parameters such as ABBA and/ngKSI, and uses the message authentication code as the first message authentication code.

Specifically, the SEAF generates the security-related parameter or the message authentication code of the authentication request message carrying the security-related parameter using the security key as the first message authentication code.

In one possible implementation, the SEAF receives a security key sent by the AUSF, and performs integrity protection on the security-related parameter or an authentication request message carrying the security-related parameter by using the received security key to generate a first message authentication code;

in another possible implementation, the SEAF generates a security key, and performs integrity protection on the security-related parameter or the authentication request message carrying the security-related parameter by using the generated security key to generate the first message authentication code. Specifically, the SEAF may generate the security key using HXRES, and/or a portion of HXRES, as the security key, or using HXRES, and/or a portion of HXRES. Wherein the HXRES is a hashed expected response from the AUSF. The generation of the security key may also include other input parameters, and the application is not limited thereto. The embodiment of the present application does not limit the algorithm used for generating the security key and the length of the security key.

In a third aspect, an embodiment of the present application provides a method for protecting parameters in an authentication process, where the method includes:

and the authentication service function AUSF receives an authentication request message sent by the security anchor point function network element SEAF. The AUSF receives the authentication request message and then sends an authentication vector acquisition request to a Unified Data Manager (UDM). The AUSF receives the authentication vector and optionally the user permanent identity SUPI returned by the UDM. Optionally, the AUSF also receives a ciphering key CK, an integrity key IK returned by the UDM.

When the authentication method is EAP AKA ', the authentication vector received by the AUSF includes an authentication token AUTN, a random number RAND, an expected response XRES, an intermediate encryption key CK ', and an intermediate integrity key IK ';

when the authentication method is 5G AKA, the authentication vector received by the AUSF includes: authentication token AUTN, random number RAND,5G AKA expected response XRES and authentication service function key K _AUSF ；

Optionally, the AUSF also receives the UDM expected response XRES at 5G AKA.

And after receiving the authentication vector and the optional user permanent identifier SUPI, the encryption key CK and the integrity key IK, the AUSF generates a security key which is used for carrying out integrity protection on security related parameters such as ABBA and ngKSI.

When the authentication method is EAP AKA', the AUSF may generate or serve as a security key from the received CK and IK, i.e., (CK, IK); the AUSF may also generate or act as a security key from CK ', IK', i.e. (CK ', IK') in the received authentication vector; the AUSF can also generate a security key according to the CK, the IK and an access type, wherein the access type can be a 3GPP type or a non-3 GPP type, the type identifier of the 3GPP is 1, and the type identifier of the non-3 GPP is 2; the AUSF can also generate MK according to the parameters such as CK ', IK', user identification and the like, and generate MK by using MK or as a security key; AUSF may also use K _AUSF Generating or as a security key, wherein said K _AUSF Is part of the MK.

When the authentication method is 5G AKA, the AUSF may generate or act as a security key from the received CK and IK, i.e., (CK, IK); the AUSF may also be based on K in the received authentication vector _AUSF Generating or as a security key; the AUSF may also generate or do this using XRES in the received authentication vectorIs a security key; the AUSF may further perform a hash operation on XRES and RAND to generate HXRES, and generate or use the HXRES as a security key;

in one possible implementation, the AUSF sends the generated security key to the SEAF.

In one possible implementation, the AUSF receives the ABBA and/or the ngKSI security-related parameter sent by the SEAF, and the AUSF performs integrity protection on the ABBA and/or the ngKSI security-related parameter with the generated security key to generate a first message authentication code, and sends the first message authentication code to the SEAF.

In a fourth aspect, an embodiment of the present application provides an apparatus, including:

a receiving module, configured to receive an authentication request message sent by a Security Anchor Function (SEAF); the authentication request message includes an inter-architecture anti-dimensionality reduction parameter (ABBA);

and the processing module is used for carrying out integrity verification on the ABBA.

A sending module, configured to send a registration request message to the SEAF before the receiving module receives the Authentication request message sent by the SEAF, so that the SEAF initiates an Authentication request to an Authentication Server Function (AUSF) after receiving the registration request message of the UE.

In addition, it is further noted that, after the processing module performs integrity verification on the ABBA, if the integrity verification of the ABBA is successful, the sending module sends an authentication response message to the SEAF.

In addition, it is further noted that, after the processing module performs integrity verification on the ABBA, if the integrity verification of the ABBA fails, the user equipment sends indication information to the SEAF, where the indication information is used to indicate that the integrity verification fails.

In addition, it should be noted that the receiving module is configured to receive an authentication request message sent by the SEAF; the authentication request message comprises security related parameters such as ABBA and/or ngKSI; the authentication request message also includes a first message authentication code. The first message authentication code is used for performing integrity protection on the security-related parameter or the authentication request message

In one implementation, the first message authentication code is a message authentication code of security-related parameters such as ABBA and/ngKSI;

After the receiving module receives the authentication request message, the processing module performs integrity verification on the security-related parameters such as the ABBA and/or the ngKSI or the authentication message carrying the security-related parameters, including: and the processing module generates a security key and generates the security-related parameter or a second message authentication code of the authentication message carrying the security-related parameter by using the security key.

In a possible implementation, the processing module generates a message authentication code of the security-related parameter, such as ABBA and/or ngKSI, using the generated security key as the second message authentication code.

In another possible implementation, the processing module generates a message authentication code of the authentication request message carrying the security-related parameter by using the generated security key, and uses the message authentication code as a second message authentication code.

And the processing module verifies the integrity of the safety-related parameters or the authentication request messages carrying the safety-related parameters according to the received first message authentication codes and the generated second message authentication codes. Specifically, the processing module compares the first message authentication code with the second message authentication code. If the result is the same, the integrity verification is successful; and if the results are different, the integrity verification fails.

And if the integrity verification is successful, the sending module sends an authentication response to the SEAF, and the network side continues the authentication process. The receiving module receives an authentication result (verification result) or an N1 message sent by the SEAF. If the authentication is successful, the processing module is used for processing the anchor key K according to the anchor key K _SEAF User Permanent Identity (SUPI) and said ABBA generating a lower layer key K _AMF . The processing module is according to the K _AMF A non-access stratum key is generated.

If the integrity verification fails, the sending module sends indication information or authentication rejection information for indicating the integrity verification fails to the SEAF. The authentication rejection message carries the indication information for indicating the integrity verification failure.

The apparatus has the functionality to implement any of the possible implementations of the first aspect of the above-mentioned user equipment UE behavior.

In a fifth aspect, an embodiment of the present application provides an apparatus, including:

and the sending module is used for sending an authentication request message to the UE, wherein the authentication request message comprises security related parameters such as ABBA and/or ngKSI. The security-related parameter or the authentication request message is integrity protected.

And the processing module is used for carrying out integrity protection on the ABBA and/or ngKSI and other security related parameters or the authentication request message carrying the security related parameters.

A receiving module, configured to receive a registration request message and an authentication response message sent by the UE; the receiving module may be further configured to receive a security key sent by the AUSF.

The apparatus has the functionality to implement the SEAF behavior in any of the possible implementations of the second aspect described above.

In a sixth aspect, an embodiment of the present application provides an apparatus, including:

the receiving module is used for receiving an authentication request sent by the SEAF;

the system comprises a processing module and a processing module, wherein the processing module is used for generating a security key which is used for carrying out integrity protection on security related parameters such as ABBA and/or ngKSI or an authentication request message carrying the security related parameters;

the sending module is used for sending the security key generated by the processing module to the SEAF;

the apparatus has the functionality to implement the AUSF behaviour in any one of the possible implementations of the third aspect described above.

In a seventh aspect, an embodiment of the present application provides a parameter protection method, including:

user Equipment (UE) sends a registration request message carrying a user identifier to a security anchor point function network element (SEAF) at a network side, so that the SEAF initiates an authentication request to an authentication service function (AUSF) after receiving the registration request message of the UE.

In the authentication process, the UE receives an authentication request message sent by the SEAF, wherein the authentication request message comprises security related parameters such as ABBA and/or ngKSI, and the authentication request message also comprises parameters such as an authentication token AUTN and a random number RAND.

After the UE receives the authentication request message carrying the security-related parameters, the UE performs integrity protection on the security-related parameters, including: and the UE generates a security key, and performs integrity protection on the security related parameters by using the security key, namely generates a first message authentication code by using the security key.

When the authentication method is EAP AKA', the UE may generate an encryption key CK and an integrity key IK according to the root key K, and use the (CK, IK) to generate or serve as a security key; the UE may also generate CK ', IK' using the CK, IK and the serving network name SN name, and generate or use the (CK ', IK') as a security key; the UE may further generate a security key according to the CK, the IK, and an access type, where the access type may be a 3GPP type or a non-3 GPP type, the type identifier of the 3GPP is 1, and the type identifier of the non-3 GPP is 2; the UE can also generate MK according to the parameters such as CK ', IK', user identification and the like, and generate MK or use MK as a security key; the UE may also use K _AUSF Generating or as a security key, wherein said K _AUSF Is part of the MK.

When the authentication method is 5G AKA, the UE may generate an encryption key CK and an integrity key IK according to the root key K, and generate or use the (CK, IK) as a security key; the UE can also generate K according to the CK, the IK and the service network name SN name _AUSF And use of said K _AUSF Generating or as a security key; the UE alsoAccording to the response RES, the random number RAND and the SN name carried in the received authentication request message can generate a 5G AKA response RES, and the RES is used for generating or serving as a security key; the UE may further hash the RES and the RAND to generate a hash response HRES, and generate or use the HRES as a security key;

in a possible implementation, the UE uses the security key to perform integrity protection on the relevant security parameters, and includes that the UE uses the generated security key to calculate a message authentication code of the security relevant parameters, such as ABBA and/or ngKSI, and uses the message authentication code as the first message authentication code.

In another possible implementation, the UE uses the security key to perform integrity protection on the authentication response message carrying the relevant security parameter, including that the UE uses the generated security key to calculate a message authentication code of the authentication response message carrying the relevant security parameter, and uses the message authentication code as the first message authentication code. The authentication response message carries security related parameters such as ABBA and/or ngKSI.

And the UE sends the first message authentication code to the SEAF, wherein the first message authentication code comprises an authentication response message carrying the first message authentication code sent by the UE to the SEAF, or the authentication response message and the first message authentication code sent by the UE to the SEAF.

In an eighth aspect, an embodiment of the present application provides a parameter protection method, including:

and the security anchor point function network element SEAF receives a registration request message sent by the user equipment UE. And after receiving the registration request message of the UE, the SEAF initiates an authentication request to an authentication service function AUSF.

In the authentication process, the SEAF sends an authentication request message to the UE, where the authentication request message includes security-related parameters such as ABBA and/or ngKSI.

And the SEAF receives an authentication response message which is sent by the UE and carries the first message authentication code, or the SEAF receives the authentication response message and the first message authentication code. The first message authentication code is a message authentication code of security-related parameters such as ABBA and/or ngKSI, or a message authentication code of an authentication response message carrying the security-related parameters.

And after receiving the authentication response message sent by the UE, the SEAF performs integrity verification on the ABBA and/or the ngKSI and other security related parameters or the authentication response message carrying the security related parameters.

Specifically, the SEAF generates a second message authentication code, where the second message authentication code is a message authentication code of the security-related parameter or a message authentication code of an authentication response message carrying the security-related parameter, and performs integrity verification according to the second message authentication code and the first message authentication code from the UE.

Possibly, the SEAF receives the security key sent by the AUSF and calculates the second message authentication code using the received security key. The second message authentication code is the message authentication code of the safety-related parameter or the message authentication code of the authentication response message carrying the safety-related parameter.

Possibly, the SEAF generates a security key and calculates the second message authentication code using the generated security key. In particular, the SEAF may generate the security key using the hashed expected response HXRES, and/or a portion of said HXRES, as the security key, or using HXRES, and/or a portion of HXRES. Wherein the HXRES is a hashed expected response from the AUSF, and the SEAF receives the HXRES sent by the AUSF.

In another possible implementation, when the SEAF receives the first message authentication code, the SEAF sends the first message authentication code to the AUSF, so that the AUSF generates a security key and performs integrity verification of the security-related parameter using the generated security key. Alternatively, if the AUSF fails to verify integrity, the AUSF notifies the SEAF that the integrity verification failed.

If the integrity verification performed by the SEAF is successful, continuing the authentication process;

and if the integrity verification performed by the SEAF fails or the SEAF receives a notification of the integrity verification failure sent by the AUSF, the SEAF terminates the authentication process. Optionally, the SEAF sends an authentication reject message to the UE.

In a ninth aspect, an embodiment of the present application provides an apparatus, including:

a sending module, configured to send a registration request message to a security anchor point function network element SEAF on a network side; a receiving module, configured to receive an authentication request message sent by the SEAF; the authentication request message includes security-related parameters such as ABBA and/or ngKSI.

And the processing module is used for generating a security key and performing integrity protection on the security-related parameters such as the ABBA and/or the ngKSI or the authentication response message carrying the security-related parameters by using the security key.

The sending module is further configured to send the security-related parameters subjected to integrity protection to the SEAF, or send an authentication response message which is subjected to integrity protection and carries the security-related parameters.

The apparatus has the functionality to implement the user equipment UE behavior in any of the possible implementations of the seventh aspect described above.

In a tenth aspect, an embodiment of the present application provides an apparatus, including:

a sending module, configured to send an authentication request message to a UE, where the authentication request message includes security-related parameters such as ABBA and/or ngKSI;

the processing module is used for carrying out integrity verification on the ABBA and/or ngKSI and other security related parameters or the authentication response message carrying the security related parameters;

The apparatus has the functionality to implement the SEAF behavior in any one of the possible implementations of the above-mentioned eighth aspect.

In an eleventh aspect, an embodiment of the present application provides a method for updating an authentication result, where the method includes:

after the main authentication process of the user side and the network side, the user equipment UE receives a non-access stratum security mode command (NAS SMC) sent by the SEAF/AMF, and the NAS SMC message uses an NAS integrity key to perform integrity protection through the network side. Wherein the NAS integrity key is based on K _AMF The deduction is generated. The NAS SMC message comprises parameters such as UE security capability, NAS algorithm, ngKSI, ABBA and the like.

The UE receives the NAS SMC and then is based on K _AMF The integrity key is derived and used for integrity verification. The UE also verifies whether the UE security capability in the NAS SMC is the same as the security capability saved by the UE.

If the verification is passed, the UE sends a safety mode completion message to the SEAF/AMF;

and if the verification fails, the UE sends a security mode rejection message to the SEAF/AMF.

And after receiving a security mode completion or security mode rejection message sent by the UE, the SEAF/AMF sends a notification to a unified data management function network element (UDM) for notifying the UDM and the authentication result or authentication state of the UE, or for updating the authentication result or authentication state of the UE at the UDM.

In another possible implementation, after receiving a security mode complete message or a security mode reject message sent by the UE, the SEAF/AMF sends a notification to the AUSF, where the notification is used to notify the AUSF of an authentication result of the UE or an authentication state of the UE; and after receiving the notification, the AUSF sends a notification to the UDM, and the notification is used for notifying the UDM of the authentication result or the authentication state of the UE or updating the authentication result or the authentication state of the UE at the UDM.

The UDM saves or updates the authentication result or authentication status of the UE after receiving the notification of the SEAF/AUSF.

In a twelfth aspect, an embodiment of the present application provides an apparatus, including: the device comprises a receiving module, a sending module and a processing module.

The receiving module is used for receiving a notification message sent by the SEAF/AUSF, wherein the notification comprises an authentication result or an authentication state of the UE;

the processing module is used for saving or updating an authentication result or an authentication state of the UE;

the sending module is used for sending the authentication vector to the AUSF in the authentication process.

The apparatus has the functionality to implement UDM behaviour in any one of the possible implementations of the eleventh aspect described above.

In a thirteenth aspect, there is provided an apparatus comprising: a memory unit for storing computer instructions, a communication interface for transceiving data, and a processor coupled to the memory unit and the communication interface;

the processor executes the computer instructions to implement the functionality of the user equipment UE behaviour in any one of the possible designs of the first aspect described above.

In a fourteenth aspect, there is provided an apparatus comprising: a memory unit for storing computer instructions, a communication interface for transceiving data, and a processor coupled to the memory unit and the communication interface;

the processor executes the computer instructions to carry out the functions of SEAF behaviour in any one of the possible designs of the second aspect described above.

In a fifteenth aspect, there is provided an apparatus comprising: a memory unit for storing computer instructions, a communication interface for transceiving data, and a processor coupled to the memory unit and the communication interface;

the processor executes the computer instructions to implement the functionality of the AUSF behavior in any one of the possible designs of the third aspect described above.

In a sixteenth aspect, there is provided an apparatus comprising: a memory unit for storing computer instructions, a communication interface for transceiving data, and a processor coupled to the memory unit and the communication interface;

the processor executes the computer instructions to implement the functionality of the user equipment UE behaviour in any one of the possible designs of the seventh aspect described above.

In a seventeenth aspect, there is provided an apparatus comprising: a memory unit for storing computer instructions, a communication interface for transceiving data, and a processor coupled to the memory unit and the communication interface;

the processor executes the computer instructions to perform the function of SEAF behaviour in any one of the possible designs of the eighth aspect described above.

In an eighteenth aspect, there is provided an apparatus comprising: a memory unit for storing computer instructions, a communication interface for transceiving data, and a processor coupled to the memory unit and the communication interface;

the processor executes the computer instructions to implement the functionality of UDM behavior in any one of the possible designs of the eleventh aspect described above.

In a nineteenth aspect, an apparatus is provided that includes a communication interface for transceiving data and a processor coupled with the communication interface;

the processor implements the function of the UE behavior in any one of the possible designs of the first aspect; the processor is further configured to perform data transceiving related to the user equipment UE in any one of the possible designs of the first aspect through the communication interface.

In a twentieth aspect, there is provided an apparatus comprising a communication interface for transceiving data, and a processor coupled with the communication interface;

the processor implementing the functionality of the SEAF behaviour in any one of the possible designs of the second aspect; the processor is further configured to perform data transceiving related to SEAF in any one of the possible designs of the second aspect through the communication interface.

In a twenty-first aspect, there is provided an apparatus comprising a communication interface for transceiving data, and a processor coupled with the communication interface;

the processor implements the functionality of the AUSF behavior in any one of the possible designs of the third aspect above; the processor is further configured to perform data transceiving related to the AUSF in any one of the possible designs of the third aspect via the communication interface.

In a twenty-second aspect, there is provided an apparatus comprising a communication interface for transceiving data and a processor coupled with the communication interface;

the processor may implement the functionality of the UE behavior in any one of the possible designs of the seventh aspect above; the processor is further configured to perform data transceiving related to the user equipment UE in any one of the possible designs of the seventh aspect via the communication interface.

A twenty-third aspect provides an apparatus comprising a communication interface for transceiving data, and a processor coupled with the communication interface;

the processor implements the functionality of the SEAF behavior in any one of the possible designs of the above eighth aspect; the processor is further configured to perform data transceiving related to SEAF in any one of the possible designs of the eighth aspect through the communication interface.

A twenty-fourth aspect provides an apparatus comprising a communication interface for transceiving data and a processor coupled with the communication interface;

the processor implementing the functionality of UDM behavior in any one of the possible designs of the eleventh aspect; the processor is further configured to perform data transceiving involved in UDM in any one of the possible designs of the eleventh aspect through the communication interface.

In a twenty-fifth aspect, a non-transitory computer-readable storage medium is provided, where the computer-readable storage medium stores a program, where the program is executed by a processor to perform some or all of the steps of any one of the methods performed by any one of the apparatuses provided in the embodiments of the present application.

In a twenty-sixth aspect, a computer program product is provided, which, when run on a computer device, causes the computer device to perform some or all of the steps of any one of the methods performed by any one of the devices provided in the embodiments of the present application.

It can be seen that, in the authentication process of the embodiment of the present application, when the network side sends the authentication request to the user equipment UE, the network side carries the security related parameters such as ABBA and/or ngKSI; the network side uses the security key to carry out integrity protection on the security related parameters or the authentication request message carrying the security related parameters, and the UE generates the security key by adopting the same method as the network side and carries out integrity verification; or the UE uses the security key to carry out integrity protection on the security-related parameters or the authentication response message carrying the security-related parameters, and the network side generates the security key by adopting the same method and carries out integrity verification. And identifying whether the safety related parameters transmitted in the authentication process are tampered by an attacker, and if the parameters are tampered, terminating the authentication process in time.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments or the background art of the present application, the drawings required to be used in the embodiments or the background art of the present application will be described below.

Fig. 1a is a diagram illustrating a network system architecture according to an embodiment of the present application;

FIG. 1b is a diagram illustrating another network system architecture according to an embodiment of the present application;

FIG. 2 is a schematic diagram of a main authentication process in the prior art;

FIG. 3 is a schematic diagram of another prior art main authentication process;

FIG. 4 is a diagram of a prior art key architecture;

fig. 5 is a schematic flowchart of a parameter protection method according to an embodiment of the present application;

FIG. 6 is a schematic flow chart illustrating another parameter protection method according to an embodiment of the present application;

FIG. 7 is a schematic flow chart illustrating another parameter protection method according to an embodiment of the present application;

FIG. 8 is a flowchart illustrating another parameter protection method according to an embodiment of the present application;

FIG. 9 is a flowchart illustrating another parameter protection method according to an embodiment of the present application;

FIG. 10 is a flowchart illustrating another method for parameter protection according to an embodiment of the present application;

FIG. 11 is a schematic flow chart illustrating another parameter protection method according to an embodiment of the present application;

FIG. 12 is a schematic flow chart illustrating a further method for parameter protection according to an embodiment of the present application;

fig. 13 is a flowchart illustrating an authentication result updating method according to an embodiment of the present application;

fig. 14 is a flowchart illustrating a further authentication result updating method according to an embodiment of the present application;

FIG. 15 is a schematic diagram of an apparatus according to an embodiment of the present application;

FIG. 16 is a schematic view of an apparatus according to an embodiment of the present application;

fig. 17 is a schematic structural diagram of another apparatus according to an embodiment of the present application.

Detailed Description

The embodiment of the application provides a parameter protection method and device, and integrity verification of safety related parameters is introduced into a main authentication process so as to solve the problems of resource waste and potential network fraud caused by tampering of the safety related parameters by an attacker. The method and the device are based on the same inventive concept, and because the principles of solving the problems of the method and the device are similar, the implementation of the device and the method can be mutually referred, and repeated parts are not repeated.

Some terms referred to in the embodiments of the present application are explained below for convenience of understanding.

1) Message Authentication Codes (MAC), a technique for integrity verification of messages and Authentication of their sources, is implemented by calculating a fixed-length MAC value from a Message using a key shared by both the sender and the receiver.

2) Hash operation is mainly used for encryption algorithm in the field of information security, and converts information with different lengths into a disordered 128-bit code, which is called a Hash value.

In addition, the term "and/or" in the embodiments of the present application describes an association relationship of associated objects, and means that there may be three relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein, A and B can be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. Unless stated to the contrary, the embodiments of the present application refer to the ordinal numbers "first", "second", etc., for distinguishing between a plurality of objects, and do not limit the sequence, timing, priority, or importance of the plurality of objects.

Furthermore, the terms "comprising" and "having" in the description of the embodiments and claims of the present application and the accompanying drawings are not exclusive. For example, a process, method, system, article, or apparatus that comprises a list of steps or modules is not limited to only those steps or modules listed, but may include other steps or modules not listed.

The parameter protection method provided by the embodiment of the application can be applied to various communication systems, for example: 5G communication system, or future various communication systems, etc.

The network architecture and the service scenario described in the embodiment of the present application are for more clearly illustrating the technical solution of the embodiment of the present application, and do not form a limitation on the technical solution provided in the embodiment of the present application, and as a person of ordinary skill in the art knows that along with the evolution of the network architecture and the appearance of a new service scenario, the technical solution provided in the embodiment of the present application is also applicable to similar technical problems.

Taking the 5G system as an example, a new communication scenario is defined in the 5G system: ultra-high-Reliable and Low-Latency Communication (URLLC), enhanced Mobile Broadband (eMBB), and mass Machine connectivity Communication (mtc), which are Communication scenarios that have more stringent requirements on Communication security. Therefore, before the terminal performs data transmission with the core network, authentication is the most basic security technology, and is especially important in the 5G communication process. The terminal and the core network are mutually authenticated through an AKA process, and a security context which can be used in a subsequent security process is negotiated, wherein the security context comprises security parameters for authentication, integrity protection and encryption and the like. The 5G main authentication process is divided into two types, namely 5G AKA and an improved extensible authentication protocol EAP AKA'.

Fig. 1a is a schematic diagram of a possible Network architecture applicable to the embodiment of the present application, where the Network architecture is composed of User Equipment (UE), an Access Network (RAN), and an operator Network, where the operator Network includes a Core Network (Core Network, CN) and a Data Network (Data Network, DN), and the UE accesses the operator Network through the RAN. The CN, as a bearer network, provides an interface to the DN, and provides communication connection, authentication, management, policy control, bearer completion for data services, and the like for the UE. Wherein, CN includes: access and Mobility Management Network elements (AMFs), security Anchor Function (SEAF), session Management Function (SMF), user Plane node Function (User Plane Function, UPF), authentication Server Function (AUSF), unified Data Management Function (UDM), network Exposure Function (NEF), application Function (AF), network Slice Selection Function (NSSF), policy Control Function (Policy Control Function, PCF), network Function Repository Function (NF), NRF), and the like.

In fig. 1a, N1, N2, N3, N4 and N6 are interfaces between corresponding network elements; namf, nsmf, nausf, nudm, nnef, npcf, naf, nnssf, and Nnrf are the service interfaces presented by AMF, SMF, AUSF, UDM, NEF, PCF, AF, NSSF, and NRF, respectively.

Fig. 1b is a diagram of the network architecture diagram, where the main network elements and their connection relationships according to the embodiment of the present application include UE, AMF, AUSF, UDM, and the like. The specific description is as follows:

the UE is a logical entity, and specifically, the UE may be any one of a Terminal Device (Terminal Equipment), a Communication Device (Communication Device), an Internet of Things (IoT) Device, and an Internet of vehicles Device. The terminal device may be a Smart Phone (Smart Phone), a Smart Watch (Smart Watch), a Smart Tablet (Smart Tablet), a wearable device, a locomotive (automobile or electric vehicle) or a vehicle-mounted terminal, and the like. The communication device may be a server, gateway (GW), controller, or the like. The internet of things equipment can be a sensor, an electric meter, a water meter and the like. The UE communicates with the AMF over an N1 interface.

The AMF is responsible for access management and mobility management of the terminal, such as registration management, connection management, mobility management, reachability management, and the like; in practical application, the Mobility Management function in a Mobility Management Entity (MME) in a network framework in a Long Term Evolution (LTE) system is included, and an access Management function is added. In addition, a Security Anchor Function (SEAF) provides a main authentication service. The SEAF and AMF are combined in the current standard definition. Namf is the servitization interface provided by the AMF.

The UDM is a control plane network element provided by an operator, and is responsible for generating authentication parameters, and storing a Subscriber Permanent Identifier (SUPI), registration information, credentials (Credential), subscription data, and the like of an operator network. Nudm is the serviced interface provided by UDMs. Furthermore, an Authentication credential Repository and Processing Function (ARPF) is located in the UDM for generating Authentication parameters.

The AUSF is a control plane network element provided by an operator, and can be used for authentication of a network subscriber by an operator network. Nausf is a service interface provided by AUSF.

The SEAF/AMF and the AUSF may be located in the same Network, for example, the SEAF/AMF and the AUSF are both located in a Home Public Land Mobile Network (HPLMN), which is simply referred to as a Home Network; the SEAF/AMF and the AUSF may also be located in different networks, for example, the SEAF/AMF is located in a Visited Public Land Mobile Network (VPLMN), which is referred to as a Visited Network for short, and the AUSF is located in a home Network, and if the UE is outside the coverage of the home Network, the UE cannot directly access the home Network to obtain a service, and at this time, if the UE is within the coverage of the Visited Network, the UE needs to access the Visited Network in order to obtain Network services provided by the Visited Network and the home Network;

the UE sends a registration request to the SEAF/AMF through a Non-Access Stratum (NAS) message, the SEAF/AMF decides to initiate authentication, and sends an authentication request carrying a user persistent Identifier (SUPI) or a user hidden Identifier (suii), and a Service Network Name (SN Name) to the AUSF, where the Service Network Name is composed of a Service Code (Service Code) and a Service Network Identifier (SN Id), for example, the Service Code may be a string 5G, 6G, or 7G, which is not limited herein; the AUSF checks whether the service network name in the authentication request is consistent with the expected service network name, and if the authentication is successful, an authentication vector acquisition request is sent to the UDM; the UDM, upon receiving the request, selects an Authentication method, which may be EAP AKA' or 5G AKA, and generates an Authentication Vector (AV).

Fig. 2 depicts the EAP AKA' main authentication procedure:

s201, the UDM generates an authentication vector.

The UDM in EAP AKA 'generates a morphed Authentication vector AV', which contains an Authentication Token (AUTN), a random number RAND, an eXpected RESponse (XRES), an intermediate encryption Key CK '(Cipher Key) and an intermediate Integrity Key IK' (Integrity Key).

S202, the UDM sends the deformed authentication vector AV' to the AUSF through a Nudm authentication Response message Nudm _ UEauthentication _ Get Response, wherein the Nudm _ UEauthentication _ Get Response may also carry a user permanent identifier SUPI.

S203, after receiving the deformed authentication vector sent by the UDM, the AUSF sends EAP Request/AKA' -Challenge message to the SEAF/AMF through a Nausf authentication Response message Nausf _ UEauthentication _ authentication Response, wherein the message comprises parameters such as AUTN and RAND.

S204, the SEAF/AMF transparently transmits the EAP Request/AKA' -Challenge message in S203 to the UE through the NAS authentication Request message, where the authentication Request message also carries security-related parameters such as ABBA and Key Set Identifier (ngKSI).

It should be noted that, if the SEAF and the AMF are not combined, in an implementation manner, the SEAF may forward the authentication parameters sent by the AUSF to the AMF, and then the AMF sends ABBA and ngKSI to the UE through the NAS authentication request message.

S205, the UE verifies the freshness of the deformed authentication vector, and generates an encryption key CK, an integrity key IK and a response RES after the verification is successful. After the authentication request is successfully verified, the UE will derive the intermediate ciphering key CK 'and the intermediate integrity key IK'. As one possible implementation, the UE also generates an extended master session from CK' and IKThe key EMSK, and using the 256 most significant bits of EMSK as AUSF key K _AUSF Then calculates an anchor key K _SEAF . And use of K _SEAF ABBA and SUPI calculate K _AMF 。

S206, the UE sends NAS authentication Response information to the SEAF/AMF, the NAS authentication Response information carries EAP Response/AKA '-Challenge information, and the EAP Response/AKA' -Challenge information comprises Response RES.

S207, the SEAF/AMF transparently transmits EAP Response/AKA' -Challenge message to the AUSF through the Nausf authentication Request Nausf _ UEauthentication _ authentication Request, and the corresponding AUSF receives the message.

S208, the AUSF verifies the received message and informs the UDM of the authentication result. The AUSF notifies the UDM of the authentication status of the UE, including the SUPI, the authentication result, the timestamp of the authentication procedure, and the service network name, through the numdm _ UEAuthentication _ resultconfiguration Request. Possibly, the AUSF only informs the UDM of successful authentication, but this depends on operator policy.

If the AUSF fails to verify, returning an error message to the SEAF/AMF;

if the verification is successful, the following steps are continued:

s209, optionally, the AUSF and the UE can transparently transmit the message between the AUSF and the UE through the SEAF/AMF exchange Notification messages EAP-Request/AKA '-Notification and EAP-Response/AKA' -Notification.

S210, the AUSF calculates and deduces an extended main session key EMSK by using CK 'and IK' received from the UDM, and selects 256 most significant bits of the EMSK as an AUSF key K _AUSF Then from K _AUSF Deduction anchor key K _SEAF 。

The AUSF sends EAP Success message and anchor key K to SEAF/AMF through Nausf authentication Response Nausf-UEauthentication-authentication Response _SEAF And the corresponding SEAF/AMF receives an EAP Success message, namely an authentication Success message.

After the SEAF/AMF receives the authentication success message, it utilizes ABBA, SUPI and K from AUSF _SEAF Generating an AMF key K _AMF 。

S211, SEAF sends EAP Success message to UE through NAS message, which also carries ngKSI, ABBA and other security parameters.

After receiving the authentication success message, the UE calculates K _AUSF ，K _SEAF ，K _AMF In which K is _AMF By ABBA, SUPI and K _SEAF Deducing to obtain; optionally, after receiving the authentication request (step S204), the UE calculates the key and establishes a temporary security context (including K) _AUSF ，K _SEAF And K _AMF ) And when the UE receives the authentication success message, the UE takes the temporary security context as a part of security context. In addition, the secret key K _AUSF ，K _SEAF ，K _AMF Reference may be made to the key architecture of fig. 4.

Fig. 3 depicts the 5G AKA primary authentication flow:

s301, the UDM generates an authentication vector.

The authentication vector in the 5G AKA is the first authentication vector 5G HEAV, which comprises AUTN, RAND, and expected responses XRES and K of the 5G AKA _AUSF A quadruple of (c).

S302, the UDM sends the first authentication vector 5G HE AV and the optional user permanent identity SUPI to the AUSF through the numm authentication Response message numm _ UEAuthentication _ Get Response, and the AUSF receives the first authentication vector and the optional user permanent identity SUPI accordingly.

S303, AUSF saves XRES and optionally the user permanent identity SUPI in the authentication vector.

S304, the AUSF carries out hash operation on XRES and RAND to generate a hash expected response HXRES, and K _AUSF Deducing to generate K _SEAF And combining AUTN, RAND, HXRES and K _SEAF As a second authentication vector 5G SE AV.

S305, the AUSF sends AUTN, RAND and HXRES in the second authentication vector to the SEAF/AMF through a Nausf authentication Response message Nausf _ UEAuthentication _ authentication Response.

S306, the SEAF/AMF transmits AUTN and RAND in the second authentication vector to the UE through NAS authentication request information, and the authentication request also carries security relevant parameters such as ngKSI, ABBA and the like.

S307, after the UE verifies the authentication request,generating a 5G AKA response RES, the UE may also generate K _AUSF And K _SEAF ；

And S308, the UE sends RES to the SEAF/AMF through the NAS authentication response.

And S309, after receiving the authentication response, the SEAF/AMF performs hash operation on RES and RAND to calculate a hash response HRES, compares the HRES with the HXRES from the AUSF, continues the authentication process if the HRES is the same as the HXRES, and terminates the authentication process if the HRES and the RAND are not the same as the HXRES.

S310, the SEAF/AMF forwards RES returned by the UE to the AUSF through a Nausf authentication Request message Nausf _ UEauthentication _ authentication Request, and the AUSF carries out the next verification.

S311, after receiving the Nausf authentication request message including the response RES, the AUSF verifies the response RES, specifically, the AUSF compares the RES with the XRES stored in step S303, if the RES is the same, the authentication is successful, and if the RES is not the same, the authentication is failed.

S312, AUSF sends authentication result to SEAF/AMF through Nausf authentication Response message Nausf _ UEauthentication _ authentication Response. If the authentication is successful, the AUSF also includes an anchor key K in the Nausf authentication response message _SEAF . The AUSF notifies the UDM of the authentication status of the UE including the SUPI, the authentication result, the timestamp of the authentication procedure, and the serving network name through the numdm _ UEAuthentication _ resultconfigration Request. Possibly, the AUSF only informs the UDM of successful authentication, but this depends on operator policy.

After receiving Nausf authentication Response message Nausf _ UEauthentication _ authentication Response, the SEAF/AMF uses ABBA, SUPI and K from AUSF _SEAF Generating an AMF Key K _AMF And may send a NAS Security Mode Command (SMC) message to the UE, which may include ABBA, ngKSI, and other Security parameters.

After the main authentication process is successful, the user side and the network side perform key agreement, and establish a security context between the UE and the AMF to determine a key material and a key algorithm for data transmission between the user side and the network side. Specifically, the AMF initiates a NAS Security Mode Control (SMC) procedure, and sends a NAS Security Mode command to the UE(Security Mode Command, SMC) message, the NAS SMC message being indicated by a K based on ngKSI _AMF Integrity protection is carried out on the generated NAS integrity key; and after receiving the NAS SMC message, the UE calculates an NAS integrity key by adopting the same calculation method as the network side and performs NAS SMC message integrity verification. After the authentication is successful, the UE starts NAS integrity protection and encryption/decryption by using the Security context indicated by the ngKSI, and sends an NAS Security Mode Complete (SMP) message to the network side; and if the verification fails, the UE sends an NAS security mode rejection message to the network side.

Referring to the authentication flow described in fig. 2 and fig. 3, when the SEAF/AMF sends the authentication request to the UE, parameters such as ABBA and ngKSI are carried, where ABBA is represented by K _SEAF Deduction K _AMF Input parameters of time, and ngKSI is used to indicate K _AMF . In NAS SMC flow after main authentication flow succeeds, K _AMF For integrity protection of NAS SMC messages. In the prior art, the parameters such as the ABBA and the ngKSI are not protected, and if the parameters are tampered by an attacker, the UE side and the network side deduce different K _AMF The NAS integrity keys generated at the two sides are different, and the NAS SMC at the UE side fails to verify, thereby resulting in a failure of key agreement. Because the main authentication process is successful, the UDM saves the state of successful authentication of the UE, and if the UDM is not notified to delete the state of successful authentication, it may cause the visited network fraud. Moreover, the UE and the network side cannot detect the parameter tampering in time, but perform an authentication procedure, which results in resource waste.

It should be further noted that fig. 4 is a key derivation flow corresponding to the authentication methods of fig. 2 and 3, respectively.

Specifically, for the UE side, the UE stores a long-term key K that is the same as the long-term key K stored on the network side; when the authentication mode is 5G AKA authentication, the UE generates CK and IK according to K; generating K from CK, IK and service network name SN name _AUSF (ii) a According to K _AUSF And SN name generates an anchor key K _SEAF (ii) a According to K _SEAF SUPI and ABBA Generation K _AMF . When the authentication mode is EAP AKA', the UE can generate CK and IK according to K; generating CK 'and IK' according to CK, IK, SN name and the like; root of herbaceous plantsGenerating K from CK ', IK' and SUPI _AUSF (ii) a According to K _AUSF And SN name generates an anchor key K _SEAF (ii) a According to K _SEAF SUPI and ABBA Generation K _AMF 。

Specifically aiming at a network side, the UDM stores a root key K which is the same as that of a UE side, and generates CK and IK according to the K; when the authentication mode is 5G AKA, the UDM generates K according to CK, IK, SN name and the like _AUSF And mixing said K _AUSF Sending the result to AUSF; when the authentication mode is EAP AKA ', the UDM generates CK ' and IK ' according to CK, IK, SN name and the like, sends the CK ' and the IK ' to AUSF, and the AUSF generates K according to the CK ', the IK ' and the SUPI _AUSF 。

AUSF from received or generated K _AUSF And SN name generates an anchor key K _SEAF And after the main authentication process is successful, the K is added _SEAF Sending to SEAF/AMF; SEAF/AMF receive K _SEAF Then according to said K _SEAF SUPI and ABBA Generation K _AMF 。

The keys listed in the key architecture described in fig. 4 can be used for key protection of the security parameters, and specifically, reference may be made to the specific protection manner in the following embodiments. Of course, the keys for integrity protection may also be derived from the keys listed in the key architecture.

It should be further noted that the expression "the user equipment or SEAF/AMF or AUSF or UDM generates the key using a certain parameter or parameters" in the embodiments or claims of the present application is not exclusive, i.e. the generation of the key may have other input parameters, and the present application is not limited thereto. For example, the UE may generate a K from the CK, IK, and the service network name SN name _AUSF Not representing UE to generate K _AUSF The input parameters of (1) may only contain CK, IK and SN name, and may also contain other input parameters not listed.

Fig. 5 is a schematic flowchart of a parameter protection method according to an embodiment of the present application; in the embodiment, the integrity protection of safety related parameters such as ABBA, ngKSI and the like is introduced into the authentication process; specifically, the AUSF generates a security key and sends the security key to the SEAF/AMF, the SEAF/AMF uses the received security key to perform integrity protection on the security related parameters, and the UE generates the security key by adopting the same method as the network side and completes integrity verification on the security related parameters. This embodiment applies to the EAP AKA' procedure in fig. 2 and the 5G AKA procedure in fig. 3.

S500, the SEAF/AMF initiates an authentication request.

UE sends a registration request to SEAF/AMF through NAS information;

after receiving the registration request, the SEAF/AMF initiates an authentication request to the AUSF, and sends a user permanent identifier (SUPI) or a user hidden identifier (SUCI) and a service network name to the AUSF; optionally, the SEAF/AMF sends an access type identifier to the AUSF; common access types include a 3GPP access type and a non-3 GPP access type, where the type identifier of the 3GPP is 1; the type identifier of the non-3 GPP is 2.

After receiving an authentication request sent by the SEAF/AMF, the AUSF sends a request to the UDM to acquire an authentication vector; and after receiving the request, the UDM selects an authentication method and generates an authentication vector.

S501, the UDM sends the authentication vector and the optional user permanent identity SUPI to the AUSF, and correspondingly, the AUSF receives the authentication vector and the optional user permanent identity SUPI sent by the UDM.

In the EAP AKA 'scenario, the UDM sends a morphic authentication vector AV' (RAND, AUTN, XRES, CK ', IK') to the AUSF.

In a 5G AKA scenario, the UDM sends a first authentication vector 5G HE AV (RAND, AUTN, XRES), K to the AUSF _AUSF )。

Optionally, the UDM may also send a ciphering key CK and an integrity key IK to the AUSF.

Optionally, in the 5G AKA scenario, the UDM may also send an expected response XRES to the AUSF. The expected response XRES is generated for the UDM from the root key K and the random number RAND.

The UDM sends the ciphering key CK and the integrity key IK to the aussf, in a possible implementation manner, the UDM sends the CK and the IK to the aussf through a numm _ UEAuthentication _ get Response message, and the UDM may also send the CK and the IK through other manners, which is not limited in the present application.

S502, after receiving the authentication vector and optional SUPI, CK, IK sent by the UDM, the AUSF generates a security key.

It should be noted that the security key is used to perform integrity protection on security-related parameters such as ABBA and ngKSI, and the generation of the security key may refer to the key architecture described in fig. 4. The generation of the security key differs depending on the authentication method.

In the EAP AKA' scenario, possible ways for the AUSF to generate the security key are as follows:

optionally, the AUSF generates the security key using any one or more of the following parameters, or the AUSF uses any one or more of the following parameters in combination as the security key:

CK, part of CK, IK, part of CK ', part of IK', master key MK, part of master key MK, extended master session key EMSK, part of extended master session key EMSK, K _AUSF ，K _AUSF Part of XRES, K _SEAF ，K _SEAF A part of (a).

It should be understood that, in the present invention, when the AUSF generates the security key using any one or more of the above parameters in combination, the security key is generated using a predefined algorithm using any one or more of the above parameters in combination as input parameters for the AUSF. The AUSF generation of the security key may also use other parameters as input parameters. Other parameters are not limited herein. The AUSF uses a combination of any of the above parameters as a security key, which means that the AUSF uses a series of the parameters as a security key.

In one possible implementation, the AUSF generates or serves as a security key using the CK or a part of the CK, and the AUSF receives the CK sent by the UDM, and the AUSF generates or serves as a security key using the received CK or a part of the CK.

In one possible implementation, the AUSF generates or serves as a security key using IK or a part of IK, and the AUSF receives IK sent by the UDM, and the AUSF generates or serves as a security key using the received IK or the part of IK.

Optionally, the AUSF may use (CK, IK) as the security key, specifically, the AUSF uses CK as the security key and/or IK as the security key, or uses CK, IK concatenated with CK | | IK as the security key, or uses the above parameters as input parameters to generate the security key.

In one possible implementation, the AUSF generates or serves as a security key using CK ' or a part of CK ', and the AUSF receives CK ' sent by the UDM, and the AUSF generates or serves as a security key using the received CK ' or the part of CK '.

In one possible implementation, the AUSF generates or serves as the security key using IK ' or a part of IK ', and the AUSF receives IK ' sent by the UDM, and the AUSF generates or serves as the security key using the received IK ' or IK '.

The CK 'and the IK' are keys generated by the UDM according to parameters such as the CK, the IK, the SN name and the like;

optionally, the AUSF may use (CK ', IK') as the security key, specifically, the AUSF uses CK 'as the security key and/or IK' as the security key, or uses CK ', IK' in series with CK '| IK' as the security key, or uses the above parameters as the input parameters to generate the security key.

In one possible implementation, the AUSF uses CK, IK and an access type identifier to generate a security key, common access types include 3GPP access type and non-3 GPP access type, where the type identifier of 3GPP is 1; the type identifier of the non-3 GPP is 2.

In one possible implementation, the AUSF generates the security key by using the master key MK or a part of MK, and further includes that the AUSF receives CK ' and IK transmitted by the UDM, the AUSF generates MK by using the received CK ' and IK ', SUPI, and the like, and the AUSF generates the security key by using the generated MK or a part of MK.

In one possible implementation, the AUSF generates or serves as a security key using the master key EMSK or a part of EMSK, and further includes that the AUSF receives CK ' and IK transmitted by the UDM, the AUSF generates EMSK using the received CK ' and IK ', SUPI, and the like, and generates or serves as a security key using the EMSK or a part of EMSK.

In one possible implementation, AUSF uses K _AUSF Or K _AUSF The method further includes that the AUSF receives CK ' and IK transmitted by the UDM, the AUSF generates the EMSK by using the CK ' and IK ' and the SUPI, and the like, and the AUSF takes part of the EMSK as K _AUSF And use the K _AUSF Or the K _AUSF Either generated as part of the security key or as part of the security key.

In one possible implementation, the AUSF generates the security key using the XRES or a portion of the XRES, and further includes the AUSF receiving the XRES sent by the UDM, the AUSF generating the security key using the received XRES or a portion of the XRES.

In one possible implementation, AUSF uses K _SEAF Or K _SEAF Further, the method includes receiving, by the AUSF, CK 'and IK' transmitted from the UDM, generating, by the AUSF, an EMSK using the CK 'and IK' and SUPI, and the AUSF takes a part of the EMSK as K _AUSF AUSF using the K _AUSF And service network name generation K _SEAF AUSF using the generated K _SEAF Or K _SEAF Either generated as part of the security key or as part of the security key.

In the 5G AKA scenario, possible ways for the AUSF to generate the security key are as follows:

optionally, the AUSF uses any one or more of the following parameters in combination as the security key, or the AUSF generates the security key using any one or more of the following parameters in combination:

K _AUSF ，K _AUSF part of XRES, part of HXRES, part of HXRES, K _SEAF ，K _SEAF Part of CK, IK, part of XRES.

It should be understood that when the AUSF generates the security key using a combination of any one or more of the above parameters, the AUSF is not excluded and other parameters may be used. Other parameters are not limited herein. The AUSF uses a combination of any of the above parameters as a security key, which means that the AUSF uses a series of the parameters as a security key.

In one possible implementation, AUSF uses K _AUSF Or K _AUSF Further comprising the AUSF receiving the K sent by the UDM _AUSF AUSF uses the received K _AUSF Or K _AUSF Either generated as part of the security key or as part of the security key.

In one possible implementation, the AUSF generates or acts as a security key using XRES or a portion of XRES, and further comprising the AUSF receiving the XRES sent by the UDM, the AUSF generating or acting as a security key using the received XRES or a portion of XRES.

In one possible implementation, the AUSF generates or acts as a security key using XRES or a portion of XRES, and the AUSF receives the XRES sent by the UDM and generates or acts as a security key using the received XRES or a portion of XRES.

In one possible implementation, the AUSF generates or acts as a security key using HXRES or a portion of HXRES, and further comprising the AUSF hashing XRES and RAND received from the UDM to generate a hashed expected response HXRES, the AUSF generating or acting as a security key using the generated HXRES or portion of HXRES.

In one possible implementation, AUSF uses K _SEAF Or K _SEAF Further comprises that the AUSF receives the K sent by the UDM _AUSF AUSF uses the received K _AUSF And service network name generation K _SEAF AUSF using the generated K _SEAF Or K _SEAF Either generated as part of the security key or as part of the security key.

The embodiment of the invention does not limit the algorithm used for generating the security key and the length of the security key.

S503, the AUSF sends the security key to the SEAF/AMF, and correspondingly, the SEAF/AMF receives the security key sent by the AUSF.

The AUSF may send the security key to the SEAF/AMF by sending a Nausf _ UEAuthentication _ authentication Response message, or may send the security key in other manners, which is not limited in this application.

S504, the SEAF/AMF uses the security key sent by the AUSF to carry out integrity protection on the security-related parameters such as ABBA and/or ngKSI.

Specifically, the SEAF/AMF generates the first message authentication code using the security key sent by the AUSF. For example, the first message authentication code is a message authentication code of a security-related parameter generated by the SEAF/AMF according to the security key. Such as SEAF/AMF, uses an integrity protection algorithm with the security key, ABBA and/or ngKSI as input to generate the first message authentication code. Generating the first message authentication code may also include other input parameters, which may be the length of the security key, and/or the length of the ABBA, and/or the length of the ngKSI, etc. The integrity protection algorithm used by the application to generate the first message authentication code and the other input parameters is not limited.

S505, the SEAF/AMF sends an authentication request message to the UE, wherein the authentication request message carries the ABBA, the ngKSI and the first message authentication code generated in the S504; or the SEAF/AMF sends an authentication request message and the first message authentication code generated in S504 to the UE. Correspondingly, the UE receives the authentication request message sent by the SEAF/AMF, or the UE receives the authentication request message and the first message authentication code sent by the SEAF/AMF.

S506, after the UE receives the authentication request message sent by the SEAF/AMF, the integrity of the security related parameters is verified.

Specifically, the UE generates a security key and verifies the integrity of the security-related parameter using the generated security key.

The UE generates the security key by using the same algorithm and parameters as those of the network side, i.e. the key generation method described in S502.

In the EAP AKA' scenario, the possible ways for the UE to generate the security key are as follows:

optionally, the UE generates the security key using any one or more of the following parameters, or the UE uses any one or more of the following parameters:

CK, part of CK, IK, part of CK ', part of IK', part of Master Key MK, MKPart of the extended master session key EMSK, K _AUSF ，K _AUSF Part of RES, K _SEAF ，K _SEAF A part of (a).

It should be understood that when the UE generates the security key using any one or more of the above parameters in combination, it is not excluded that the UE also uses other parameters, where the other parameters are the same as the other parameters used when the AUSF generates the security key. When the UE uses any combination of the above parameters as the security key, it means that the UE uses the concatenation of the parameters as the security key.

In one possible implementation, the UE generates or acts as a security key using CK or a portion of CK, and further comprising the UE generating CK from a root key K and generating or acts as a security key using the generated CK or a portion of CK.

In one possible implementation, the UE generates or acts as a security key using the IK or a portion of the IK, and further includes the UE generating the IK from the root key K and generating or acts as a security key using the generated IK or a portion of the IK.

Optionally, the UE may use (CK, IK) as a security key, specifically, the AUSF uses CK as the security key, and/or uses IK as the security key, or uses CK, IK in series with CK | | | IK as the security key, or uses the above parameters as input parameters to generate the security key.

In one possible implementation, the UE generates or acts as a security key using CK ' or a portion of CK ', and further includes the UE generating CK from the root key K, generating CK ' using the generated CK and a service network name or the like, and generating or acts as a security key using the generated CK ' or a portion of CK '.

In one possible implementation, the UE generates or acts as a security key using IK ' or a portion of IK ', and further includes the UE generating IK from the root key K, generating IK ' using the generated IK and a serving network name, etc., and generating or acting as a security key using the generated IK ' or a portion of IK '.

Optionally, the UE may use (CK ', IK') as a security key, specifically, the AUSF uses CK 'as a security key, and/or uses IK' as a security key, or uses CK ', IK' in series with CK '| IK' as a security key, or uses the above parameters as input parameters to generate a security key.

In one possible implementation, the UE may further generate a security key according to the CK, the IK and an access type identifier, where common access types include a 3GPP access type and a non-3 GPP access type, where the type identifier of the 3GPP is 1; the type identifier of the non-3 GPP is 2.

In one possible implementation, the UE generating the security key using the master key MK or a portion thereof further includes the UE generating CK, IK from the root key K, and generating CK 'and IK' using the generated CK, IK and the serving network name, etc., and generating MK using the generated CK 'and IK', and SUPI, etc., the UE generating or being the security key using the generated MK or a portion thereof.

In one possible implementation, the UE generates or serves as a security key using the extended master session key EMSK or a portion of the EMSK, and further includes the UE generating CK, IK from the root key K, generating CK 'and IK' using the generated CK, IK and a name of a service network, etc., generating the EMSK using the generated CK 'and IK', SUPI, etc., and generating or serving as a security key using the EMSK or a portion of the EMSK.

In one possible implementation, the UE uses K _AUSF Or K _AUSF Further includes the UE generating CK, IK from the root key K, generating CK 'and IK' using the generated CK, IK and the service network name, etc., and generating EMSK using the generated CK 'and IK', SUPI, etc., the UE having a part of the EMSK as K _AUSF And use the K _AUSF Or the K _AUSF Either generated as part of the security key or as part of the security key.

In one possible implementation, the UE generates the security key using RES or a portion of RES or as a key, and further includes the UE generating RES from the root key K and RAND and generating the security key using the generated RES or a portion of RES.

In one possible implementation, the UE uses K _SEAF Or K _SEAF Further includes the UE generating CK, IK from the root key K, generating CK 'and IK' using the generated CK, IK and the service network name, etc., and generating EMSK using the generated CK 'and IK', SUPI, etc., and having a part of the EMSK as K _AUSF UE uses the K _AUSF And service network name generation K _SEAF AUSF using the generated K _SEAF Or K _SEAF Either generated as part of the security key or as part of the security key.

In the 5G AKA scenario, the possible ways for the UE to generate the security key are as follows:

optionally, the UE uses any one or more of the following parameters in combination as the security key, or the UE uses any one or more of the following parameters in combination as the security key:

K _AUSF ，K _AUSF part of RES, HRES, part of HRES, K _SEAF ，K _SEAF Part of RES, part of RES.

It should be understood that when the UE generates the security key using a combination of any one or more of the above parameters, it is not excluded that the UE also uses other parameters. The other parameters are the same as those used when the AUSF generates the security key. When the UE uses any combination of the above parameters as the security key, it means that the UE uses the concatenation of the parameters as the security key.

In one possible implementation, the UE uses K _AUSF Or K _AUSF Further comprising the UE generating CK, IK from the root key K, generating K using the generated CK, IK and the service network name, etc _AUSF And using the generated K _AUSF Or K _AUSF Either generated as part of the security key or as part of the security key.

In one possible implementation, the UE generates or is a security key using RES or a portion of RES, and further comprising the UE generating CK, IK, and RES from the root key K and RAND, generating RES using the generated CK, IK, RES, RAND and the serving network name SN name, and generating or being a security key using the generated RES or a portion of RES.

In one possible implementation, the UE generates the security key using the HRES or a part of the HRES, and further includes the UE generating CK, IK, and RES from the root key K and RAND, generating RES using the generated CK, IK, RES, RAND and the service network name SN name, and hashing RES and RAND to generate the HRES, and the UE generating the security key using the generated HRES or a part of the HRES.

In one possible implementation, the UE uses K _SEAF Or K _SEAF Further comprising the UE generating CK, IK from the root key K, generating K using the generated CK, IK and the service network name, etc _AUSF Using the generated K _AUSF And service network name parameter generation K _SEAF UE using the generated K _SEAF Or K _SEAF Either generated as part of the security key or as part of the security key.

The UE generating the security key may occur between S506 after the authentication procedure starts.

In addition, the algorithm used for generating the security key and the length of the security key are not limited in the present application.

The UE verifies the integrity of the security-related parameters using the security key. Specifically, the UE generates a second message authentication code of the security-related parameter using the same parameter and method as those of the network side using the security key, and compares the calculated second message authentication code with the received first message authentication code.

If the comparison result is the same, the integrity verification is successful, otherwise, the integrity verification fails.

And if the UE verifies that the integrity of the safety related parameters passes, the UE continues the authentication process and sends an authentication response message. Alternatively, if the authentication is passed, the UE starts to use the receivedABBA and/or ngKSI. Specifically, the UE uses the received ABBA as the generation K _AMF The input of (1); UE uses received ngKSI as K _AMF A key identifier of (a);

and if the UE verifies that the integrity of the safety related parameters is not passed, the UE terminates the authentication process. In a possible manner, the UE sends indication information to the SEAF/AMF, where the indication information is used to indicate that the integrity verification fails or to notify the network side of stopping the authentication termination of the authentication procedure. In one possible approach, the UE sends an authentication reject message to the SEAF/AMF. And the authentication refusing message carries the indication information.

The UE sends indication information to the SEAF/AMF, including, possibly, the UE sends a NAS message to the SEAF/AMF, where the NAS message is used to indicate that integrity verification fails or to notify the network side to stop an authentication procedure. The NAS message may be an authentication reject message.

And S507, after the integrity verification is passed, the user side and the network side continue to perform the rest authentication processes.

Optionally, in an EAP AKA' scenario, steps S205 to S211 are executed;

optionally, in the 5G AKA scenario, steps S307 to S312 are executed.

If the authentication flow result is that the authentication is successful, namely the UE identity verification is successful, the UE can verify the identity according to the K _AUSF And the service network name SN name generates an anchor key K _SEAF And according to said K _SEAF User identity SUPI and ABBA Generation K _AMF . UE according to the K _AMF And generating a non-access stratum (NAS) key, wherein the NAS key is used for protecting communication between the user equipment and the SEAF/AMF on the network side. It will be appreciated that the NAS keys include NAS layer ciphering keys and integrity protection keys, which are used for ciphering and integrity protection, respectively, of NAS layer communications.

S508 to S509 are NAS security mode control flows, and when the primary authentication flow is successful, the SEAF/AMF initiates the NAS security mode control flow to determine the security context established by using the 5G AKA or EAP AKA' primary authentication flow.

S508, the SEAF/AMF sends a non-access stratum security mode command message (NAS SMC) to the UE, and correspondingly, the UE receives the NAS SMC message sent by the SEAF/AMF.

The NAS SMC message contains UE security capabilities, selected NAS algorithm and identification K _AMF ngKSI of (1); the NAS SMC message may further include an ABBA, an indication K _ AMF _ change _ flag indicating that a new AMF key is derived, and the like.

The SEAF/AMF performs integrity protection on the NAS SMC message by adopting an NAS integrity key, wherein the NAS integrity key is based on K _AMF The deduction is generated.

S509, the UE verifies the NAS SMC message.

The UE receives an NAS SMC message sent by a network side and then verifies the NAS SMC message, and specifically, the UE verifies whether the received UE security capability is the same as the UE security capability stored by the UE; UE also uses K-based _AMF The derived integrity key verifies the integrity of the NAS SMC message. If the NAS SMC message contains an indication K _ AMF _ change _ flag indicating that a new AMF key is derived, the UE will derive a new K _AMF Based on new K _AMF The NAS keys, including the NAS integrity keys and the NAS ciphering keys, are derived, and the UE then verifies the integrity of the NAS SMC message using the derived NAS integrity keys.

If the authentication is passed, the UE starts to perform NAS integrity protection and ciphering/deciphering by using the security context indicated by the ngKSI in the NAS SMC, and sends an NAS security mode completion message which is subjected to integrity protection and ciphering to the SEAF/AMF.

And if the verification is not passed, the UE sends a NAS security mode rejection message to the SEAF/AMF.

Optionally, the UE may verify whether the ABBA and/or ngKSI carried in the NAS SMC is the same as the ABBA and/or ngKSI received in S505.

If not, the UE may send a NAS security mode reject message to the SEAF/AUSF, which carries the reason for the authentication failure, i.e., ABBA and/or ngKSI are tampered, or the UE may use the security context indicated by the ngKSI received in S505.

In this embodiment, the SEAF/AMF performs integrity protection on security-related parameters such as ABBA and/or ngKSI in an authentication request message sent by the network side to the user equipment by using a security key generated by the AUSF, so that the user equipment can identify whether the security-related parameters such as ABBA and/or ngKSI are tampered in the authentication process, and terminate the authentication process in time if the security-related parameters are tampered, thereby solving the problem in the prior art that the negotiation between the UE side and the network side key fails due to the tampering of the security-related parameters by an attacker.

FIG. 6 is a schematic flow chart illustrating a parameter protection method according to an embodiment of the present application; in the embodiment, the integrity protection of parameters such as ABBA, ngKSI and the like is introduced into the authentication flow; specifically, the AUSF generates a security key and sends the security key to the SEAF/AMF, the SEAF/AMF uses the received security key to perform integrity protection on the authentication request message containing the security-related parameters, the UE generates the security key by adopting the same method as the network side, and verifies the integrity of the authentication request message containing the security-related parameters. This embodiment applies to the EAP AKA' procedure in fig. 2 and the 5G AKA procedure in fig. 3.

S600, the SEAF/AMF initiates an authentication request. The details are the same as S500, and are not described herein again.

S601, the UDM sends the authentication vector and the optional user permanent identity SUPI to the AUSF, and correspondingly, the AUSF receives the authentication vector and the optional user permanent identity SUPI sent by the UDM. The details are the same as S501, and are not described herein again.

S602, the AUSF generates a security key for protecting the integrity of the authentication request message. The generation of the security key may be with reference to the key architecture described in fig. 4. The generation of the security key differs depending on the authentication method. The possible way of generating the security key is the same as S502, and is not described herein.

S603, the AUSF sends the security key to the SEAF/AMF, and correspondingly, the SEAF/AMF receives the security key sent by the AUSF.

S604, the SEAF/AMF uses the security key sent by the AUSF to carry out integrity protection on the Authentication Request message (Authentication Request), and the Authentication Request message comprises security related parameters such as ABBA and/or ngKSI.

A possible implementation manner is that the SEAF/AMF uses the security key sent by the AUSF to perform integrity protection on the authentication request message, and includes that the SEAF/AMF uses the security key sent by the AUSF to generate the message authentication code of the authentication request message carrying the security-related parameters, and uses the message authentication code as the first message authentication code.

For example, the SEAF/AMF generates a first message authentication code based on the security key and the authentication request message. Such as using an integrity protection algorithm to generate the first message authentication code using the security key and the authentication request message as inputs. Generating the first message authentication code may also include other input parameters, which may be the length of the security key, and/or the length of ngKSI, and/or the length of ABBA, etc. The integrity protection algorithm used by the other input parameters and the generation of the first message authentication code is not limited by the application.

S605, the SEAF/AMF sends an authentication request message with integrity protection to the UE, and correspondingly, the UE receives the authentication request message with integrity protection sent by the SEAF/AMF.

Optionally, the SEAF/AMF may send the first message authentication code generated in S604 to the UE as a part of the authentication request message;

optionally, the SEAF/AMF may further send the authentication request message to the UE together with the first message authentication code generated in S604, which is not limited in this application.

S606, after the UE receives the authentication request message sent by the SEAF/AMF, the integrity of the authentication request message is verified.

Specifically, the UE generates a security key and verifies the integrity of the authentication request message using the security key. The UE generates the security key by using the same algorithm and parameters as those of the network side, and the specific contents are the same as S506, which is not described herein again.

The UE verifies the integrity of the authentication request message by using the security key, specifically, the UE calculates a message authentication code of the authentication request message by using the security key and using the same algorithm and parameters as those of the network side, and uses the message authentication code as a second message authentication code, which is the same as S604 and is not described herein again.

And the UE compares the generated second message authentication code with the received first message authentication code, if the second message authentication code is the same as the first message authentication code, the integrity verification is successful, and otherwise, the integrity verification fails.

And if the integrity of the authentication request message is verified to pass by the UE, the UE continues the authentication process and sends an authentication response message to the SEAF/AMF. Alternatively, if the authentication is passed, the UE starts using the received ABBA and/or ngKSI. Specifically, the UE uses the received ABBA as the generation K _AMF The input of (1); UE uses received ngKSI as K _AMF A key identifier of (a);

and if the UE verifies that the integrity of the authentication request message is not passed, the UE terminates the authentication process. In a possible manner, the UE sends indication information to the SEAF/AMF, where the indication information is used to indicate that the integrity verification fails or to notify the network side to stop the authentication procedure.

The UE sends the indication information to the SEAF/AMF, including possibly, the UE sends a NAS message to the SEAF/AMF, where the NAS message is used to indicate that the integrity verification fails or to notify the network side to stop the authentication procedure, or possibly, the UE sends an authentication reject message to the SEAF/AMF, where the authentication reject message carries the indication information.

S607 to S609 are the same as S507 to S509.

In this embodiment, the SEAF/AMF performs integrity protection on the authentication request message containing the security-related parameters such as ABBA and/or ngKSI, which is sent by the network side to the user equipment, by using the security key generated by the AUSF, so that the user equipment can identify whether the security-related parameters such as ABBA and/or ngKSI are tampered by verifying the integrity of the authentication request message in the authentication process, and terminate the authentication process in time if the parameters are tampered, thereby solving the problem in the prior art that the key agreement between the user side and the network side fails due to the tampering of the security-related parameters by an attacker.

FIG. 7 is a flowchart illustrating a parameter protection method according to an embodiment of the present application; in the embodiment, the integrity protection of parameters such as ABBA, ngKSI and the like is introduced into the authentication flow; specifically, a security key is generated by the SEAF/AMF, and parameters such as ABBA and ngKSI are subjected to integrity protection, or an authentication request message containing the above security-related parameters is subjected to integrity protection, and then integrity verification is completed by the UE. This embodiment is applicable to the 5G AKA procedure in fig. 3.

S700, the SEAF/AMF initiates an authentication request, the specific content is the same as S500, and the details are not described herein.

S701, the UDM sends an authentication vector and an optional user permanent identifier SUPI to the AUSF, correspondingly, the AUSF receives the authentication vector and the optional user permanent identifier SUPI sent by the UDM, and the authentication vector is a first authentication vector 5G HEAV (RAND, AUTN, XRES, K) _AUSF )。

S702, AUSF sends Nausf authentication Response message Nausf _ UEauthentication _ authentication Response to SEAF/AMF, and SEAF/AMF receives the message correspondingly, wherein the message contains parameters such as HXRES, RAND and AUTN.

Wherein the HXRES is a parameter generated by the AUSF performing hash operation on XRES and RAND.

S703, the SEAF/AMF generates a security key, and uses the generated security key to perform integrity protection on the security-related parameters such as ABBA and/or ngKSI or the authentication request message carrying the security-related parameters.

Specifically, the SEAF/AMF may generate the security key using HXRES, and/or a portion of HXRES, as the security key, or using HXRES, and/or a portion of HXRES, as the input parameter. The generation of the security key may also include other input parameters, and the application is not limited thereto.

The embodiment of the present application does not limit the algorithm used for generating the security key and the length of the security key.

The SEAF/AMF uses the generated security key to perform integrity protection on the security-related parameters such as ABBA and/or ngKSI or the authentication request message carrying the security-related parameters, including that the SEAF/AMF uses the generated security key to generate a first message authentication code, that is, the SEAF/AMF uses the generated security key to generate a message authentication code of the security-related parameters or the authentication request message including the security-related parameters.

For example, the SEAF/AMF uses the integrity protection algorithm to generate the first message authentication code, using the security key and the security-related parameters such as ABBA and/or ngKSI or the authentication request message including the security-related parameters as inputs. Generating the first message authentication code may also comprise other input parameters, such as the length of the security key, and/or the length of the security-related parameter ABBA, and/or the length of ngKSI, etc. The integrity protection algorithm used by the application for generating the first message authentication code and the other input parameters is not limited.

S704, the SEAF/AMF sends an authentication request message to the UE, and correspondingly, the UE receives the authentication request message sent by the SEAF/AMF.

The authentication request message carries security related parameters such as ABBA and/or ngKSI and a first message authentication code;

s705, after receiving the authentication request message sent by the SEAF/AMF, the UE verifies the integrity of the security related parameters.

Specifically, the UE generates a security key and verifies the integrity of the security-related parameters using the security key.

The UE generates the security key in the same way as the network side, specifically, the UE may generate the security key using HRES and/or a part of HRES as the security key, or the UE may generate the security key using HRES and/or a part of HRES as the input parameter. The HRES is a parameter generated by the UE performing hash operation on RES and RAND; and the RES is a parameter generated by the UE according to the RES, the RAND, the service network name and the like after receiving the authentication request. Possibly, the generation of the security key may also include other input parameters used on the network side.

The UE verifies the integrity of the security-related parameters using the security key. Specifically, the UE generates a second message authentication code using the security key, that is, the UE uses the security key, and generates a security-related parameter or a message authentication code of the authentication request message using the same parameter and method as those of the network side, and uses the message authentication code as the second message authentication code; the UE compares the generated second message authentication code with the received first message authentication code. If the two are the same, the integrity verification is successful, otherwise, the integrity verification fails.

If the comparison result is the same, it indicates that the security-related parameters such as ABBA and/or ngKSI are not tampered, and the verification is passed. And if the UE verifies that the integrity of the safety related parameters passes, the UE continues the authentication process and sends an authentication response message to the SEAF/AMF. Alternatively, if the authentication is passed, the UE starts using the received ABBA and/or ngKSI. Specifically, the UE uses the received ABBA as the generation K _AMF The input of (1); UE uses received ngKSI as K _AMF The key identifier of (1).

And if the UE verifies that the integrity of the safety relevant parameters is not passed, the UE terminates the authentication process. In a possible manner, the UE sends indication information to the SEAF/AMF, where the indication information is used to indicate that the integrity verification fails or to notify the network side to stop the authentication procedure.

The UE sends the indication information to the SEAF/AMF, including possibly sending an NAS message to the SEAF/AMF, where the NAS message is used to indicate that the integrity verification fails or to notify the network side to stop the authentication procedure, or possibly sending an authentication reject message to the SEAF/AMF, where the authentication reject message carries the indication information.

S706 to S708 are the same as S507 to S509.

In this embodiment, the SEAF/AMF generates a security key, and performs integrity protection on security-related parameters such as ABBA and/or ngKSI in an authentication request message sent by the network side to the user equipment or an authentication request message including the security-related parameters such as ABBA and/or ngKSI by using the generated security key, so that the user equipment can identify whether the security-related parameters such as ABBA and/or ngKSI are tampered by verifying integrity in an authentication flow, and terminate the authentication flow in time if the parameters are tampered, thereby solving the problem in the prior art that the key negotiation between the user side and the network side fails due to the tampering of the security-related parameters by an attacker.

FIG. 8 is a flowchart illustrating a parameter protection method according to an embodiment of the present application; in the embodiment, the integrity protection of safety related parameters such as ABBA and ngKSI is introduced into the authentication process; specifically, the AUSF generates a security key, and performs integrity protection on the above-mentioned security-related parameters such as ABBA and/or ngKSI, and then the UE verifies the integrity of the security-related parameters. This embodiment applies to the EAP AKA' procedure in fig. 2 and the 5G AKA procedure in fig. 3.

S801, the SEAF/AMF sends an authentication request to the AUSF.

The SEAF/AMF sends a Nausf authentication Request message Nausf _ UEauthentication _ authentication Request to the AUSF, wherein the Nausf authentication _ authentication Request message contains ABBA, ngKSI and other security related parameters, and correspondingly, the AUSF receives the Nausf authentication Request message.

Optionally, the SEAF/AMF may send the ABBA, and/or the ngKSI and other security related parameters to the AUSF in other manners, which is not limited in this application.

S802, the AUSF requests the UDM for the authentication vector, correspondingly, the UDM returns the authentication vector and the optional user permanent identifier SUPI to the AUSF after receiving the request.

The AUSF sends a Nudm authentication Request message Nudm _ UEAuthenticate _ Get Request for requesting an authentication vector to the UDM, and the corresponding UDM receives the Nudm authentication Request message Nudm _ UEAuthenticate _ Get Request sent by the AUSF; the UDM, upon receiving the request message, sends a numm authentication Response message numm _ ueauthentication _ Get Response to the AUSF, the numm Response message including an authentication vector and an optional user permanent identity, SUPI.

In one possible implementation, the UDM may also send a ciphering key CK and an integrity key IK to the AUSF. Optionally, the UDM includes the ciphering key CK and the integrity key IK in the numm authentication Response numm _ ueauthentication _ Get Response, or the UDM sends the ciphering key CK and the integrity key IK to the AUSF through other messages. This is not limited by the present application.

In one possible implementation, in a 5G AKA scenario, the UDM also sends an XRES to the AUSF. Optionally, the UDM includes the ciphering key CK and the integrity key IK in the numm authentication Response numm _ ueauthentication _ Get Response, or the UDM sends the ciphering key CK and the integrity key IK to the AUSF through other messages. This is not limited by the present application.

And S803, AUSF generates a security key, and integrity protection is carried out on security related parameters such as ABBA and/or ngKSI by using the generated security key.

The generation of the security key is different according to different authentication methods, and the specific content is described in detail in S502, which is not described herein again.

The AUSF uses the generated security key to perform integrity protection on the security-related parameters such as ABBA and/or ngKSI, and specifically, the AUSF may use the generated security key to generate the first message authentication code.

For example, the AUSF takes the security key and the security-related parameter as input and generates the first message authentication code using an integrity protection algorithm. Generating the first message authentication code may also comprise other input parameters, such as the length of the security key, and/or the length of the security-related parameter ABBA, and/or the length of the ngKSI, etc. The integrity protection algorithm used by the application to generate the first message authentication code and the other input parameters is not limited.

S804, the AUSF sends the first message authentication code calculated by the AUSF in S803 to the SEAF/AMF, and correspondingly, the SEAF/AMF receives the first message authentication code sent by the AUSF.

The AUSF can send the first message authentication code to the SEAF/AMF by carrying the first message authentication code in a Nausf authentication Response message Nausf _ UEauthentication _ authentication Response; the AUSF may also send the first message authentication code in other possible manners, which is not limited in this application.

S805, the SEAF/AMF sends an authentication request message to the UE, and correspondingly, the UE receives the authentication request message sent by the SEAF/AMF. The authentication request message carries the first message authentication code generated by the AUSF in S803.

S806-S809 are the same as S506-S509, and are not described herein again.

In this embodiment, the AUSF generates a security key, and performs integrity protection on the received security-related parameters such as ABBA and/or ngKSI from the SEAF/AMF, so that the user equipment can identify whether the security-related parameters such as ABBA and/or ngKSI are tampered in the authentication process through integrity verification, and terminate the authentication process in time if the parameters are tampered, thereby solving the problem in the prior art that the key negotiation between the user side and the network side fails due to the tampering of the security-related parameters by an attacker.

FIG. 9 is a flowchart illustrating a parameter protection method according to an embodiment of the present application; in the embodiment, the integrity protection of safety related parameters such as ABBA, ngKSI and the like is introduced into the authentication process; specifically, after receiving security related parameters such as ABBA and ngKSI from the SEAF/AUSF, the AUSF carries the parameters in an EAP Request/AKA ' -Challenge message sent to the SEAF/AUSF, and performs integrity protection on the EAP Request/AKA ' -Challenge, and the SEAF/AUSF transparently transmits the integrity-protected EAP Request/AKA ' -Challenge message to the UE, so that the UE completes integrity verification. This embodiment is applicable to the EAP AKA' procedure in fig. 2.

S901, SEAF/AMF sends ABBA, ngKSI and other safety relevant parameters to AUSF.

In a possible implementation manner, the SEAF/AMF sends a Nausf authentication Request Nausf _ UEAuthentication _ authentication Request to the AUSF, where the Nausf _ UEAuthentication _ authentication Request includes ABBA and/or ngKSI and other security related parameters, and accordingly, the AUSF receives the Request.

S902, AUSF requests authentication vector to UDM, correspondingly, UDM returns authentication vector and optional user permanent identification SUPI to AUSF after receiving request. The details are the same as S802, and are not described herein again.

S903, AUSF carries out integrity protection on the safety relevant parameters to generate a first message authentication code, and sends the first message authentication code to the SEAF/AMF.

In one possible implementation, the AUSF sends an "EAP Request/AKA '-Challenge" message to the SEAF/AMF, where the "EAP Request/AKA' -Challenge" message includes a first message authentication code.

Before sending an EAP Request/AKA' -Challenge message, the AUSF generates a first message authentication code, and input parameters of the AUSF for generating the first message authentication code comprise ABBA and/or ngKSI and other security related parameters.

Optionally, the AUSF further includes security-related parameters in the "EAP Request/AKA '-Challenge" message, and sends the "EAP Request/AKA' -Challenge" message including the security-related parameters to the SEAF/AMF.

Accordingly, the SEAF/AMF receives an "EAP Request/AKA' -Challenge" message from the AUSF.

The AUSF may carry the EAP Request/AKA '-Challenge message in a Nausf authentication Response message Nausf _ ue authentication _ authentication Response, or may transmit the EAP Request/AKA' -Challenge in other possible manners, which is not limited in this application.

S904, the SEAF/AMF sends an authentication request to the UE, and correspondingly, the UE receives the authentication request from the SEAF/AMF. The authentication Request message carries an EAP Request/AKA' -Challenge message from AUSF, and also carries security related parameters such as ngKSI and/or ABBA and the like;

optionally, the authentication Request message carries an "EAP Request/AKA '-Challenge" message from the AUSF, where the "EAP Request/AKA' -Challenge" message includes security-related parameters.

S905, after receiving the authentication Request from the SEAF/AMF, the UE verifies the integrity of the EAP Request/AKA' -Challenge message.

The UE verifying the integrity of the "EAP Request/AKA '-Challenge" message comprises the UE calculating a second message authentication code of the received "EAP Request/AKA' -Challenge" message, and then the UE comparing the calculated second message authentication code with the received first message authentication code.

If the comparison result is the same, ABBA is indicated, andand/or the security related parameters such as the ngKSI are not tampered, and the verification is passed. And if the UE verifies that the integrity of the EAP Request/AKA' -Challenge is passed, the UE continues to execute an authentication process and sends an authentication response message to the SEAF/AMF. Alternatively, if the authentication is passed, the UE starts using the received ABBA and/or ngKSI. Specifically, the UE uses the received ABBA as the generation K _AMF The input of (1); UE uses received ngKSI as K _AMF A key identifier of (a);

if the UE verifies that the integrity of the EAP Request/AKA' -Challenge message is not passed, the UE terminates the authentication procedure. In a possible manner, the UE sends indication information to the SEAF/AMF, where the indication information is used to indicate that the integrity verification fails or to notify the network side to stop the authentication procedure.

S906S 908 is similar to S507S 509, and is not described herein.

In this embodiment, the AUSF receives security related parameters such as ABBA and/or ngKSI from the SEAF/AMF, adds the security related parameters to the EAP Request/AKA '-Challenge message, and uses the security related parameters as input parameters for calculating the message authentication code of the "EAP Request/AKA' -Challenge". The SEAF/AMF receives ' EAP Request/AKA ' -Challenge ' from AUSF and forwards the message to the UE, and the UE performs integrity verification, so that the user equipment can identify whether security related parameters such as ABBA and/or ngKSI are tampered in an authentication process, and the authentication process is terminated in time if the security related parameters are tampered, thereby solving the problem that in the prior art, the key negotiation between a user side and a network side fails due to the fact that the security related parameters are tampered by an attacker.

FIG. 10 is a schematic flow chart diagram of a parameter protection method according to an embodiment of the present application; in the embodiment, the integrity protection of security related parameters such as ABBA and/or ngKSI is introduced into the authentication process; specifically, the UE generates a security key and performs integrity protection on the security-related parameter, the AUSF generates the security key and sends the security key to the SEAF/AMF, and the SEAF/AMF stores the security key and performs integrity verification on the security-related parameter by using the stored security key. This embodiment applies to the EAP AKA' procedure in fig. 2 and the 5G AKA procedure in fig. 3.

S1000, the SEAF/AMF initiates an authentication request. The details are the same as S500, and are not described herein again.

S1001, the UDM sends the authentication vector and the optional user permanent identity SUPI to the AUSF, and correspondingly, the AUSF receives the authentication vector and the optional user permanent identity SUPI sent by the UDM. The details are the same as S501, and are not described herein again.

S1002, the AUSF generates a security key for verifying the integrity of security related parameters such as ABBA and/or ngKSI. The generation of the security key may refer to the key architecture in fig. 4. The generation of the security key is different according to different authentication methods, and for details, refer to S502, which is not described herein again.

S1003, the AUSF sends a security key to the SEAF/AMF, and correspondingly, the SEAF/AMF receives the security key sent by the AUSF;

the AUSF can send the security key to the SEAF/AMF by sending a Nausf authentication Response message Nausf _ UEauthentication _ authentication Response carrying the security key;

the AUSF may also send the security key to the SEAF/AMF in other possible manners, which is not limited in this application.

S1004, after receiving the security key sent by the AUSF, the SEAF/AMF stores the security key;

s1005, the SEAF/AMF sends the authentication request message to the UE, and correspondingly, the UE receives the authentication request message sent by the SEAF/AMF. The authentication request message carries security related parameters such as ABBA and/or ngKSI.

S1006, after receiving the authentication request message sent by the SEAF/AMF, the UE performs integrity protection on the security related parameters.

And the UE performs integrity protection on the safety related parameters, including that the UE generates a safety key and uses the generated safety key to perform integrity protection on the safety related parameters so as to generate a first message authentication code.

The UE generates the security key, which is detailed in S506 and is not described herein again.

The UE generates a first message authentication code using the generated security key. Optionally, the UE calculates a message authentication code of the security-related parameter as the first message authentication code using the generated security key, or the UE includes the security-related parameter in the authentication response message and calculates a message authentication code of the authentication response message including the security-related parameter as the first message authentication code using the generated security key. Such as the UE inputs the security key and the security-related parameters or an authentication response message including the security-related parameters into an integrity protection algorithm to generate a first message authentication code. The UE may also include other input parameters, and the other input parameters may be the length of the security key, and/or the length of ngKSI, and/or the length of ABBA, etc. The integrity protection algorithm used in generating the first message authentication code and the other input parameters is not limited by the present application.

S1007, the UE sends an authentication response message to the SEAF/AMF, and correspondingly, the SEAF/AMF receives the authentication response message.

The authentication response message includes the first message authentication code calculated in S1006.

Possibly, the authentication response message comprises the security-related parameter.

S1008, after the SEAF/AMF receives the authentication response message, the integrity of the safety related parameters is verified.

The SEAF/AMF verifies the integrity of the security-related parameters using the security key saved in S1004. Specifically, the SEAF/AMF generates a second message authentication code using the same method as the UE side and compares the generated second message authentication code with the received first message authentication code.

In one possible implementation, if the UE performs integrity protection on the security-related parameter, the SEAF/AMF uses the security key to calculate a message authentication code of the security-related parameter, and uses the message authentication code as a second message authentication code; in another possible implementation, if the UE performs integrity protection on the authentication response message carrying the security-related parameter, the SEAF/AMF calculates a message authentication code of the authentication response message using the security key as the second message authentication code.

If the comparison result is the same, the integrity verification is successful, otherwise, the integrity verification fails. If the integrity of the security related parameters verified by the SEAF/AMF passes, the SEAF/AMF continues to execute the authentication process;

if the SEAF/AMF does not verify the integrity of the security-related parameters, the authentication procedure is terminated.

And S1009, after the integrity verification is passed, the user side and the network side continue to perform the rest authentication process.

Optionally, in an EAP AKA' scenario, steps S207 to S211 are executed;

optionally, in the 5G AKA scenario, steps S309 to S312 are executed.

If the authentication flow result is that the authentication is successful, namely the UE identity verification is successful, the UE can verify the identity according to the K _AUSF And SN name generates an anchor key K _SEAF And according to said K _SEAF User identity SUPI and ABBA generation K _AMF . UE according to the K _AMF And generating a non-access stratum (NAS) key, wherein the NAS key is used for protecting communication between the user equipment and the SEAF/AMF on the network side. It will be appreciated that the NAS keys include NAS layer ciphering keys and integrity protection keys, which are used for ciphering and integrity protection, respectively, of NAS layer communications.

S1010 to S1011 are the same as S508 to S509.

In this embodiment, the UE generates a security key and performs integrity protection on the security-related parameters such as ABBA and/or ngKSI or an authentication response message carrying the security-related parameters, the SEAF/AUSF performs integrity verification on the security-related parameters or the authentication response message carrying the security-related parameters by using the security key from the AUSF, so that the network side device can identify whether the security-related parameters such as ABBA and/or ngKSI are tampered in the authentication process, and terminate the authentication process in time if the security-related parameters are tampered, thereby solving the problem in the prior art that the key agreement between the user side and the network side fails due to the tampering of the security-related parameters by an attacker.

FIG. 11 is a flowchart illustrating a parameter protection method according to an embodiment of the present application; the embodiment introduces integrity protection to parameters such as ABBA and/or ngKSI and the like in the authentication process; specifically, the UE generates a security key and performs integrity protection on the security-related parameters, and the SEAF/AMF verifies the integrity of the security-related parameters. This embodiment is applicable to the 5G AKA procedure in fig. 3.

S1100, the SEAF/AMF initiates an authentication request, and the specific content is the same as S500.

S1101 to S1103 are steps in the normal 5G AKA flow, and the specific contents are the same as S302 to S306.

S1104, after receiving the authentication request message sent by the SEAF/AMF, the UE performs integrity protection on the security related parameters such as ABBA and/or ngKSI.

And the UE performs integrity protection on the safety-related parameters, including that the UE generates a safety key and performs integrity protection on the safety-related parameters by using the generated safety key.

Specifically, the UE may generate the security key using HRES, and/or a portion of HRES, as the security key, or using HRES, and/or a portion of HRES, as the input parameter, where HRES is a parameter generated by the UE hashing RES and RAND; wherein RES is a parameter generated by the UE according to RES, RAND, and the service network name after receiving the authentication request. The generation of the security key may also include other input parameters, and the application is not limited.

The UE performing integrity protection on the security-related parameter using the generated security key may include the UE generating a first message authentication code using the generated security key, including the UE calculating a message authentication code of the security-related parameter using the generated security key, as the first message authentication code, or the UE including the security-related parameter in an authentication response message, and the UE calculating a message authentication code of the authentication response message including the security-related parameter using the generated security key, as the first message authentication code.

Such as the UE, inputs the security key and the security-related parameters into an integrity protection algorithm to generate a first message authentication code. The UE generating the first message authentication code may further comprise other input parameters, and the other input parameters may be the length of the security key, and/or the length of the ngKSI, and/or the length of the ABBA, etc. The integrity protection algorithm used when inputting other parameters and generating the MAC message authentication code is not limited by the application.

S1105, the UE sends a first message authentication code to the SEAF/AMF.

In one possible implementation manner, the UE sends an authentication response message to the SEAF/AMF, and accordingly, the SEAF/AMF receives the authentication response message. The authentication response message contains the first message authentication code calculated in S1104. Accordingly, the SEAF/AMF receives an authentication response message carrying the first message authentication code.

In one possible implementation, the UE sends an authentication response message and a first message authentication code to the SEAF/AMF. Accordingly, the SEAF/AMF receives the authentication response message and the first message authentication code.

S1106, after the SEAF/AMF receives the authentication response message, the integrity of the security relevant parameters is verified.

Specifically, the SEAF/AMF generates a security key and verifies the integrity of the security-related parameters using the security key. The SEAF/AMF calculates the security key using the same method as the UE, and the SEAF/AMF may use HXRES received in S1102, and/or a part of HXRES, as the security key, or may use XHRES, and/or a part of HXRES, as an input parameter, to generate the security key; possibly, generating the security key may also include other input parameters used on the UE side.

Alternatively, the generation of the security key by the SEAF/AMF may occur at any time after the SEAF/AMF receives the authentication response message sent by the AUSF (step S1102) and before this step.

The SEAF/AMF verifies the integrity of the security related parameters using the generated security key, in particular, the SEAF/AMF calculates a second message authentication code using the same algorithm and parameters as the UE side and compares the generated second message authentication code with the received first message authentication code. In one possible implementation, the SEAF/AMF calculates the message authentication code of the security-related parameter using the generated security key as the second message authentication code; in another possible implementation, the SEAF/AMF then uses the generated security key to calculate the message authentication code of the authentication response message as the second message authentication code.

And if the comparison results are the same, the integrity verification is successful, otherwise, the integrity verification fails. If the integrity of the security related parameters verified by the SEAF/AMF passes, the SEAF/AMF continues the authentication process;

S1107, after the integrity verification passes, the user side and the network side continue the remaining authentication process, i.e. execute steps S309 to S314.

Optionally, in an EAP AKA' scenario, steps S207 to S211 are executed;

optionally, in a 5G AKA scenario, steps S310 to S312 are executed.

S1108 to S1109 are the same as S508 to S509.

In this embodiment, the UE generates a security key and performs integrity protection on security-related parameters such as ABBA and/or ngKSI or an authentication response message carrying the security-related parameters, the SEAF/AMF generates the security key using the same method as the UE and performs integrity verification on the security-related parameters or the authentication response message carrying the security-related parameters, so that the network-side device can identify whether the security-related parameters such as ABBA and/or ngKSI are tampered in the authentication process, and terminate the authentication process in time if the security-related parameters are tampered, thereby solving the problem in the prior art that the key agreement between the user side and the network side fails due to the tampering of the security-related parameters by an attacker.

FIG. 12 is a flowchart illustrating a parameter protection method according to an embodiment of the present application; in the embodiment, the integrity protection of security related parameters such as ABBA and/or ngKSI is introduced into the authentication process; specifically, the UE generates a security key and performs integrity protection on the security-related parameters, and the AUSF performs integrity verification on the security-related parameters. This embodiment applies to the EAP AKA' procedure in fig. 2 and the 5G AKA procedure in fig. 3.

S1200, the SEAF/AMF initiates an authentication request, and the specific content is the same as S500.

S1201, the UDM sends the authentication vector and the optional user permanent identity SUPI to the AUSF, and correspondingly, the AUSF receives the authentication vector and the optional SUPI sent by the UDM.

The UDM may send the authentication vector and the optional and/or user identifier to the AUSF by sending a message service calling numm _ UEAuthentication _ get responses, or may send the message in other manners, which is not limited in this application.

Optionally, in an EAP AKA 'scenario, the UDM sends a deformed authentication vector AV' (RAND, AUTN, XRES, CK ', IK') to the AUSF.

Optionally, in a 5G AKA scenario, the UDM sends a first authentication vector 5G HE AV (RAND, AUTN, XRES, KAUSF) to the AUSF.

In one possible implementation, the UDM may also send a ciphering key CK and an integrity key IK to the AUSF.

In one possible implementation, in a 5G AKA scenario, the UDM also sends an expected response XRES to the AUSF.

S1202 to S1203 are steps in the normal authentication flow.

Optionally, in an EAP AKA' scenario, the specific content is the same as S203 to S204.

Optionally, in the 5G AKA scenario, the specific content is the same as S303 to S306.

S1204, after receiving the authentication request message from SEAF/AMF, UE carries out integrity protection to the security relevant parameters such as ABBA and/or ngKSI.

Specifically, the UE generates a security key and integrity-protects the security-related parameter using the generated security key.

The UE performs integrity protection on the security-related parameter using the generated security key, and specifically, the UE may calculate a message authentication code of the security-related parameter as a first message authentication code using the generated security key.

Alternatively, the UE may calculate the security key during the period from the start of the authentication procedure to the time when the UE receives the authentication request from the network side, i.e. before this step.

S1205, the UE sends a first message authentication code to the SEAF/AMF.

In one possible implementation manner, the UE sends an authentication response message to the SEAF/AMF, and accordingly, the SEAF/AMF receives the authentication response message. The authentication response message contains the first message authentication code calculated in S1204. And the SEAF/AMF receives an authentication response message carrying the first message authentication code.

In one possible implementation, the UE sends an authentication response message and a first message authentication code to the SEAF/AMF. The SEAF/AMF receives a first message authentication code and an authentication response message

S1206, the SEAF/AMF sends the first message authentication code to the AUSF, and correspondingly, the AUSF receives the first message authentication code sent by the SEAF/AMF.

The SEAF/AMF may send the first message authentication code to the AUSF through a Nausf authentication Response message Nausf _ UEauthentication _ authentication Response; the SEAF/AMF may also send the above information by other methods, and the application is not limited thereto.

S1207, the AUSF receives the first message authentication code sent by the SEAF/AMF and then carries out integrity verification on the security related parameters.

Specifically, the AUSF generates a security key and verifies the integrity of the security-related parameters using the generated security key.

The AUSF generates a security key by adopting the same parameters and methods as the user, and the generation of the security key is different according to different authentication methods. The possible way of generating the security key by the AUSF is the same as S502, and is not described herein. It should be noted that if the UE uses some or some other input parameter in generating the security key, the same other input parameter will be used in generating the security key by the AUSF.

Alternatively, the AUSF may calculate the security key at any time between the receiving of the relevant parameters and this step.

The AUSF verifies the integrity of the security-related parameter using the generated security key, and specifically, the AUSF calculates a message authentication code of the security-related parameter using the security key as a second message authentication code, and compares the calculated second message authentication code with the received first message authentication code.

If the comparison result is the same, the integrity verification is successful, otherwise, the integrity verification fails. If the integrity of the AUSF verification safety related parameters passes, the AUSF continues to carry out an authentication process;

if the AUSF verifies that the integrity of the security-related parameter is not passed, the authentication procedure is terminated.

And S1208, after the integrity verification is passed, the user side and the network side continue to perform the rest authentication process.

Optionally, in an EAP AKA' scenario, steps S208 to S211 are executed;

optionally, in the 5G AKA scenario, steps S311 to S312 are performed.

If the authentication flow result is that the authentication is successful, namely the UE identity verification is successful, the UE can verify the identity according to the K _AUSF And SN name generates an anchor key K _SEAF And according to said K _SEAF User identity SUPI and ABBA Generation K _AMF . UE according to the K _AMF And generating a non-access stratum (NAS) key, wherein the NAS key is used for protecting communication between the user equipment and the SEAF/AMF on the network side. It will be appreciated that the NAS key comprises a NAS layer ciphering key and an integrity protection key, respectivelyUsed for encryption and integrity protection of NAS layer communication.

S1209-S1210 are the same as S508-S509.

In this embodiment, the UE generates a security key and performs integrity protection on security-related parameters such as ABBA and/or ngKSI, the AUSF generates the security key using the same method as that of the UE, and performs integrity verification on the security-related parameters, so that the network-side device can identify whether the security-related parameters such as ABBA and/or ngKSI are tampered in the authentication process, and terminate the authentication process in time if the security-related parameters are tampered, thereby solving the problem in the prior art that the key agreement between the user side and the network side fails due to the tampering of the security-related parameters by an attacker.

The above embodiments provide a method for protecting parameters during a main authentication process performed between a UE side and a network side. The embodiments in fig. 13 and fig. 14 provide a method for updating the authentication result after the authentication process is finished, so that the UDM can update the authentication result in time, thereby preventing the visited network fraud.

Fig. 13 is a flowchart illustrating UE authentication status update according to an embodiment of the present application; in this embodiment, after the authentication and key agreement procedure is finished, the SEAF notifies the UDM of the update of the UE authentication state, so that the UDM updates the UE authentication state in time. This embodiment applies to the EAP AKA' and 5G AKA procedures.

S1301, the UE side and the network side successfully perform a main authentication procedure, where the authentication procedure may be any one of possible main authentication procedures in fig. 2 to fig. 12.

AUSF after judging that the UE authentication is successful, the AUSF informs the SEAF/AMF that the UE authentication is successful, namely

In the 5G AKA scenario, the AUSF indicates that the UE authentication is successful in the Nausf authentication Response Nausf UEAuthentication authentication Response and includes the K in the Nausf UEAuthentication authentication Response _SEAF

In the EAP-AKA' scenario, the AUSF includes an EAP Success message in a Nausf authentication Response Nausf _ UEAuthentication _ Autotication Response, and K _SEAF 。

Optionally, in an EAP-AKA ' scenario, the AUSF authenticates the EAP-replay/AKA ' -Challenge message or authenticates the RES after receiving the EAP-replay/AKA ' -Challenge message or after receiving the RES. If the AUSF verifies successfully, the AUSF should skip the step of notifying the UDM of the authentication result.

Optionally, in a 5G AKA scenario, the AUSF should verify, after receiving the Nausf _ UEAuthentication _ Authentication Request message including RES, whether RES is the same as XRES, and whether the AV is expired. If the verification is successful, the authentication is successful. If the authentication is successful, the AUSF should skip the step of notifying the UDM of the authentication result.

S1302, after the SEAF/AMF receives the indication that the UE authentication is successful or the EAP Success message in the Nausf _ UEAuthentication _ Authentication Response, the SEAF/AMF sends a non-access stratum security mode command message (NAS SMC) to the UE, and correspondingly, the UE receives the NAS SMC message sent by the SEAF/AMF. The NAS SMC message contains UE security capabilities, selected NAS algorithm and identification K _AMF ngKSI of (1); the NAS SMC message may also contain an ABBA parameter, an indication K _ AMF _ change _ flag to indicate that a new AMF key is derived, etc.

The SEAF/AMF performs integrity protection on the NAS SMC message by adopting a 5G NAS integrity key, wherein the 5G NAS integrity key is based on K _AMF The deduction is generated.

S1303, the UE verifies the NAS SMC message.

The UE verifies the received NAS SMC message after receiving the NAS SMC message sent by the network side, and specifically, the UE verifies whether the received UE safety capability is the same as the UE safety capability stored by the UE; UE also uses K-based _AMF The derived integrity key verifies the integrity of the NAS SMC message.

If the UE verifies that the NAS SMC message passes, executing steps S1304-S1306; otherwise, steps S1307-S1309 are executed.

S1304, the UE sends a Security Mode Complete (Security Mode Complete) message to the SEAF/AMF, and accordingly, the SEAF/AMF receives the Security Mode Complete message sent by the UE.

S1305, after the SEAF/AMF receives the security mode complete message, optionally, the SEAF/AMF sends a notification to the UDM, where the notification is used to notify the UDM, the authentication status or the authentication result of the UE, or is used to update the authentication status or the authentication result of the UE at the UDM. The UDM saves or updates the authentication status or authentication result of the UE accordingly.

The authentication status of the UE includes, but is not limited to, the identity of the UE, the authentication result, a timestamp, and the name of the serving network. Where the identity of the UE is such as SUPI.

In a possible implementation manner, after the SEAF/AMF receives the security mode completion message, the authentication result of the UE sent by the SEAF/AMF to the UDM is authentication success.

Alternatively, the SEAF may notify the UDM of the authentication status or result of the UE or update the authentication status or result of the UE at the UDM by invoking some existing service provided by the UDM, for example by using the numdm _ UEAuthentication _ resultconfiguration Request; or the SEAF may notify the UDM or update the authentication state or the authentication result of the UE at the UDM by calling a new service of the UDM, which is not limited in the present application.

S1306, after receiving the notification or update notification of the UE authentication status or authentication result of the SEAF, the UDM saves or updates the UE authentication status or authentication result.

S1307, the UE sends a Security Mode Reject (Security Mode Reject) message to the SEAF/AMF, and accordingly, the SEAF/AMF receives the Security Mode Reject message sent by the UE.

After the S1308 and the SEAF/AMF receive the security mode rejection message, optionally, the SEAF/AMF sends a notification to the UDM, for notifying the UDM, the authentication status or the authentication result of the UE, or for updating the authentication status or the authentication result of the UE at the UDM. The UDM saves or updates the authentication status or authentication result of the UE accordingly.

In a possible implementation manner, after the SEAF/AMF receives the security mode rejection message, the authentication result of the UE sent by the SEAF/AMF to the UDM is authentication failure.

Alternatively, the SEAF may notify the UDM or update the authentication status or authentication result of the UE at the UDM by calling some existing service provided by the UDM, for example, by using the numm _ UEAuthentication _ resultconfiguration Request; or the SEAF may notify the UDM or update the authentication state or the authentication result of the UE at the UDM by calling a new service of the UDM, which is not limited in the present application.

S1309, the UDM stores or updates the authentication state or the authentication result of the UE after receiving the notification or the update notification of the UE authentication state or the authentication result of the SEAF.

In this embodiment, after receiving the security mode control flow success/failure message, the SEAF/AMF notifies the UDM of the authentication state or authentication result of the UE, so that the UDM can timely store or update the authentication state or authentication result of the UE, thereby preventing access network fraud.

Fig. 14 is a flowchart illustrating a UE authentication status or an authentication result updating according to an embodiment of the present application; in this embodiment, after the authentication and key agreement process is completed, the SEAF/AMF notifies the AUSF, and then the AUSF notifies the UDM of the authentication state or authentication result of the UE, so that the UDM can acquire or update the authentication state or authentication result of the UE in time. This embodiment applies to the EAP AKA' procedure in fig. 2 and the 5G AKA procedure in fig. 3.

S1401, the UE side and the network side successfully perform an authentication procedure, where the authentication procedure may be any one of possible main authentication procedures in fig. 2 to fig. 12.

After AUSF judges that UE authentication is successful, AUSF informs SEAF/AMF that UE authentication is successful, namely:

in a 5G AKA scenario, the AUSF indicates that the UE authentication is successful in a Nausf authentication Response Nausf _ UE authentication _ authentication Response, and includes K in the Nausf _ UE authentication _ authentication Response _SEAF ；

Optionally, in an EAP-AKA ' scenario, the AUSF authenticates the EAP-replay/AKA ' -Challenge message, or authenticates the RES, after receiving the EAP-replay/AKA ' -Challenge message, or after receiving the RES. If the AUSF verifies successfully, the AUSF should skip the step of notifying the UDM of the authentication result.

Optionally, in a 5G AKA scenario, after the AUSF receives the Nausf UEAuthentication Authentication Request message including RES, the AUSF should verify whether RES is the same as XRES, and whether the AV is expired. If the verification is successful, the authentication is successful. If the authentication succeeds, the AUSF should skip the step of notifying the UDM of the authentication result.

S1402, after the SEAF/AMF receives the indication of UE authentication Success or the EAP Success message in the Nausf _ UEAuthentication _ Authentication Response, the SEAF/AMF sends a non-access stratum security mode command message (NAS SMC) to the UE, and correspondingly, the UE receives the NAS SMC message sent by the SEAF/AMF. See S1302 for details, which are not described herein.

S1403, the UE verifies the NAS SMC message. See S1303 for details, which will not be described herein.

And if the NAS SMC message is verified to pass by the UE, executing the steps S1404 to S1407. If the verification is not passed, the steps S1408 to S1411 are executed.

S1404, the UE sends a Security Mode Complete (Security Mode Complete) message to the SEAF/AMF, and correspondingly, the SEAF/AMF receives the Security Mode Complete message sent by the UE.

S1405, after receiving the security mode complete message, the SEAF/AMF sends a notification to the AUSF, where the notification is used to notify the AUSF of the authentication status or the authentication result of the UE. Accordingly, the AUSF receives an authentication status or an authentication result of the UE.

In a possible implementation manner, after the SEAF/AMF receives the security mode complete message, the authentication result of the UE sent by the SEAF/AMF to the AUSF is authentication success.

Alternatively, the SEAF may send a notification to the AUSF by invoking some existing service provided by the AUSF, such as Nausf _ UEAuthentication; or the SEAF may send the notification to the AUSF by calling a new service of the AUSF, which is not limited in the present application.

S1406, after receiving the notification sent by the SEAF, the AUSF sends a notification to the UDM, where the notification is used to notify the UE of the authentication status or the authentication result, or update the UE of the authentication status or the authentication result at the UDM. Accordingly, the UDM saves or updates the authentication status or authentication result of the UE.

Alternatively, the AUSF may send a notification to the UDM by calling some existing service provided by the UDM, such as numm _ UEAuthentication; or the AUSF may send the notification to the UDM by calling a newly added service of the UDM, which is not limited in this application.

S1407, after receiving the notification or update of the UE authentication status or authentication result from the AUSF, the UDM saves or updates the UE authentication status or authentication result.

S1408, the UE sends a Security Mode Reject (Security Mode Reject) message to the SEAF/AMF, and accordingly, the SEAF/AMF receives the Security Mode Reject message sent by the UE.

S1409, after the SEAF/AMF receives the security mode reject message, sends a notification to the AUSF, where the notification is used to notify the AUSF of the authentication state or the authentication result of the UE. Accordingly, the AUSF receives an authentication status or an authentication result of the UE.

In a possible implementation manner, after the SEAF/AMF receives the security mode rejection message, the authentication result of the UE sent by the SEAF/AMF to the AUSF is authentication failure.

Alternatively, the SEAF may send a notification to the AUSF by invoking some existing service provided by the AUSF, such as Nausf _ UEAuthentication; or the SEAF may send the notification to the AUSF by calling a newly added service of the AUSF, which is not limited in the present application.

S1410, after receiving the notification sent by the SEAF, the AUSF sends a notification to the UDM, where the notification is used to notify the UDM and the authentication state or authentication result of the UE, or update the authentication state or authentication result of the UE at the UDM. Accordingly, the UDM saves or updates the authentication status or authentication result of the UE.

Alternatively, the AUSF may send a notification to the UDM by invoking some existing service provided by the UDM, such as the numm _ UEAuthentication; or the AUSF may send the notification to the UDM by calling a newly added service of the UDM, which is not limited in this application.

Alternatively, the AUSF may notify the UDM of the authentication status or result of the UE or update the authentication status or result of the UE at the UDM by calling some existing service provided by the UDM, for example by using the numdm _ UE authentication _ resultconfiguration Request; or the AUSF may notify the UDM or update the authentication state or the authentication result of the UE at the UDM by calling a newly added service of the UDM, which is not limited in the present application.

S1411, after receiving the notification or update of the UE authentication status or authentication result of the AUSF, the UDM saves or updates the UE authentication status or authentication result.

In this embodiment, after the SEAF/AMF receives the security mode complete/reject message, the AUSF notifies the authentication state of the UE, or the authentication result of the UE, and then the AUSF notifies the UDM of the authentication state of the UE, or the authentication result of the UE, so that the UDM can obtain or update the authentication state of the UE in time, and/or the authentication result, thereby preventing the visited network from cheating.

The parameter protection method in the authentication process according to the embodiment of the present application is described in detail above with reference to fig. 2 to fig. 14, and based on the same inventive concept as the above parameter protection method, as shown in fig. 15, the embodiment of the present application further provides a schematic structural diagram of an apparatus 1500. The apparatus includes a processing module 1501, a receiving module 1502, and a sending module 1503.

The apparatus 1500 may be used for a UE, and may also be a UE, and the apparatus may perform the operations performed by the UE in the foregoing method embodiments. Taking the embodiment of the method in fig. 5 as an example, the receiving module 1502 is configured to receive an authentication request message that is sent by the SEAF/AMF and carries security related parameters such as ABBA and/or ngKSI, and may also be configured to receive an NAS SMC message sent by the SEAF/AMF; the processing module 1501 is used for verifying the integrity of the security-related parameters such as ABBA and/or ngKSI, and may also be used for SMC verification; the sending module 1503 is configured to send an authentication response message to the SEAF/AMF and may also be configured to send a NAS SMC response to the SEAF/AMF.

The apparatus 1500 may also be used for a SEAF/AMF, which may also be the SEAF/AMF, and may perform the operations performed by the SEAF/AMF in the above-described method embodiments. Taking the embodiment of the method in fig. 5 as an example, the receiving module 1502 may be configured to receive a security key sent by the AUSF; processing module 1501 may be configured to use the security key from the AUSF to perform integrity protection on security-related parameters such as ABBA and/or ngKSI; the sending module 1503 may be configured to send, to the UE, an authentication request message carrying security-related parameters such as ABBA and/or ngKSI and the first message authentication code.

The apparatus 1500 may also be used for an AUSF, or an AUSF, and may perform the operations performed by the AUSF in the above method embodiments. Taking the embodiment of the method in fig. 5 as an example, the receiving module 1502 may be configured to receive an authentication vector and an optional user permanent identifier sent by the UDM; processing module 1501 may be configured to generate security keys for security-related parameters such as integrity protection ABBA and/or ngKSI; the sending module 1503 may be used to send the security key to the SEAF/AMF.

The apparatus 1500 may also be used for UDM, and may also be UDM, and the apparatus may perform the operations performed by the UDM in the above-described method embodiments. Taking the embodiment of the method in fig. 5 as an example, the receiving module 1502 may be configured to receive an authentication request sent by an AUSF; processing module 1501 may be used to generate authentication vectors; the sending module 1503 may be configured to send the authentication vector generated by the processing module to the AUSF.

Based on the same inventive concept as the method embodiment, the embodiment of the application also provides equipment. Referring to fig. 16, the device 1600 includes a processor 1601, a communication interface 1602, and a memory 1603.

The embodiment of the present application does not limit the specific connection medium among the communication interface 1602, the processor 1601, and the memory 1603. In the embodiment of the present application, the communication interface 1602, the processor 1601, and the memory 1603 are connected by the bus 1604 in fig. 16, the bus 1604 is shown by a thick line in fig. 16, and the connection manner among other components is only schematically illustrated and is not limited thereto. The bus 1604 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 16, but this is not intended to represent only one bus or type of bus.

The processor 1601 is configured to execute program instructions, and when the program is executed, the processor 1601 is configured to perform operations performed by the UE, the SEAF/AMF, the AUSF, or the UDM in the authorization methods provided in the foregoing embodiments. Processor 1601 may be, but is not limited to, a Central Processing Unit (CPU), a Network Processor (NP), or a combination of a CPU and an NP. In the case where the processor 1601 is a CPU, the CPU may be a single core CPU or a multi-core CPU.

The processor 1601 may further include a hardware chip. The hardware chip may be an Application-specific Integrated Circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a Field-Programmable Gate Array (FPGA), general Array Logic (GAL), or any combination thereof.

The communication interface 1602 is used for communicating with other devices, such as transmitting data and/or receiving data, under the control of the processor 1601, and the transmitting module and the receiving module in fig. 15 can be implemented by the communication interface 1602. The communication interface may also be a communication circuit or an input-output circuit.

The memory 1603 is used for storing programs executed by the processor 1601. The Memory 1603 may include, but is not limited to, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM), a portable Read-Only Memory (CD-ROM), a flash Memory (flash Memory), a hard disk (HDD), or a solid-state drive (SSD); memory 1603 may also include any combination of the above types of memory.

Based on the same inventive concept as the method embodiment, the embodiment of the present application further provides a communication device 1700, where the communication device 1700 may be a terminal device or a chip. The communication device 1700 may be used to perform the actions performed by the user equipment in the above-described method embodiments.

When the communication device 1700 is a terminal device, fig. 17 shows a simplified structural diagram of the terminal device. For ease of understanding and illustration, in fig. 17, the terminal device is exemplified by a user device, such as a mobile phone. As shown in fig. 17, the terminal device includes a processor, a memory, a control circuit, an antenna, and an input-output device. The processor is mainly used for processing communication protocols and communication data, controlling the terminal equipment, executing software programs, processing data of the software programs and the like. The memory is used primarily for storing software programs and data. The radio frequency circuit is mainly used for converting baseband signals and radio frequency signals and processing the radio frequency signals. The antenna is mainly used for receiving and transmitting radio frequency signals in the form of electromagnetic waves. Input and output devices, such as touch screens, display screens, keyboards, etc., are used primarily for receiving data input by a user and for outputting data to the user. It should be noted that some kinds of terminal devices may not have input/output devices. For ease of illustration, only one memory and processor are shown in FIG. 17, and one or more processors and one or more memories may be present in an actual end device product. The memory may also be referred to as a storage medium or a storage device, etc. The memory may be provided independently of the processor, or may be integrated with the processor, which is not limited in this embodiment of the present application.

As an example, as shown in fig. 17, an antenna and an rf circuit having a transmitting/receiving function are referred to as a transmitting/receiving unit 1701, and a processor having a processing function is referred to as a processing unit 1702. I.e. the terminal equipment comprises a transceiving unit 1701 and a processing unit 1702. The transceiver unit 1701 may also be referred to as a transceiver, transceiving device, etc. The processing unit 1702 may also be referred to as a processor, a processing board, a processing module, a processing device, etc. Alternatively, a device for implementing a receiving function in the transceiver unit 1701 may be regarded as a receiving unit, and a device for implementing a transmitting function in the transceiver unit 1701 may be regarded as a transmitting unit, that is, the transceiver unit 1701 includes a receiving unit and a transmitting unit. A transceiver unit may also sometimes be referred to as a transceiver, transceiver circuit, or the like. A receiving unit may also be referred to as a receiver, a receiving circuit, or the like. A transmitting unit may also sometimes be referred to as a transmitter, or a transmitting circuit, etc.

For example, in one implementation, the transceiver unit 1701 is further configured to perform a receiving operation on the user equipment side in step S505 shown in fig. 5, and/or the transceiver unit 1701 is further configured to perform other transceiving steps on the user equipment side. The processing unit 1702 is configured to perform step S506 shown in fig. 5, and/or the processing unit 1702 is further configured to perform other processing steps on the terminal device side.

For another example, in one implementation, the transceiver unit 1701 is further configured to perform a receiving operation on the terminal device side in step S704 shown in fig. 7, and/or the transceiver unit 1701 is further configured to perform other transceiving steps on the user device side. The processing unit 1702 is configured to perform step S705 shown in fig. 7, and/or the processing unit 1702 is further configured to perform other processing steps on the terminal device side.

It should be understood that fig. 17 is merely an example and not a limitation, and the terminal device including the transceiving unit and the processing unit described above may not depend on the structure shown in fig. 17.

When the communication device 1700 is a chip, the chip includes a transceiving unit and a processing unit. The transceiving unit can be an input/output circuit or a communication interface; the processing unit may be a processor or a microprocessor or an integrated circuit integrated on the chip.

The embodiment of the present application provides a communication device, which includes a communication interface for transceiving data and a processor coupled to the communication interface, wherein the processor executes the method provided by the above embodiment, and the processor further executes transceiving data related to the above embodiment through the communication interface.

The present application provides a non-volatile computer-readable storage medium storing a computer program including instructions for performing the method provided by the above embodiments.

Embodiments of the present application provide a computer program product containing instructions, which when run on a computer, cause the computer to perform the method provided by the above embodiments.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, apparatus, device (system), or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, devices (systems) and computer program products according to embodiments of the application. It will be understood that each flow in the flow diagrams can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

The above description is only a few specific embodiments of the present application, but the scope of the present application is not limited thereto, and those skilled in the art can make further changes and modifications to the embodiments within the technical scope of the present disclosure. It is therefore intended that the following appended claims be interpreted as including the foregoing embodiments and all such alterations and modifications as fall within the scope of the application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A method for protecting parameters in a 5G authentication process is characterized by comprising the following steps:

the method comprises the steps that user equipment receives an authentication request message sent by a security anchor function network element (SEAF); the authentication request message comprises an inter-architecture anti-dimensionality reduction parameter (ABBA) and a first message authentication code of the ABBA, the first message authentication code is generated by the SEAF or an access and mobility management network element (AMF), and the ABBA is used for generating a non-access stratum key;

the user equipment performs integrity protection on the ABBA by using a security key to generate a second message authentication code of the ABBA;

and the user equipment verifies the integrity of the ABBA according to the first message authentication code and the second message authentication code.

2. The method of claim 1, further comprising:

and if the integrity verification of the ABBA is successful, the user equipment sends an authentication response message to the SEAF.

3. The method of claim 1, further comprising:

and if the integrity verification of the ABBA fails, the user equipment sends indication information to the SEAF, wherein the indication information is used for indicating the failure of the integrity verification.

4. The method as claimed in claim 1, wherein before the user equipment integrity protects the ABBA with a security key to generate the second message authentication code of the ABBA, the method further comprises:

the user equipment generates a security key (CK, IK) according to a root key K; wherein, the CK is an encryption key; the IK is an integrity protection key;

the user equipment integrity-protects the ABBA by using the security key to generate a second message authentication code of the ABBA, and the method comprises the following steps:

the user equipment integrity protects the ABBA with the security key (CK, IK) to generate a second message authentication code of the ABBA.

5. The method as claimed in claim 1, wherein before the user equipment integrity protects the ABBA with a security key to generate the second message authentication code of the ABBA, the method further comprises:

the user equipment generates a first intermediate key (CK, IK) from a root key K; wherein the CK is a first intermediate encryption key; the IK is a first intermediate integrity protection key;

the user equipment acquires a security key (CK ', IK') according to the CK, the IK and the service network name;

the user equipment integrity protects the ABBA with the security key (CK ', IK') to generate a second message authentication code for the ABBA.

6. The method as claimed in claim 1, wherein before the user equipment integrity protects the ABBA with a security key to generate the second message authentication code of the ABBA, the method further comprises:

the user equipment generates a first intermediate key (CK, IK) from a root key K; wherein CK is a first intermediate encryption key; the IK is a first intermediate integrity protection key;

the user equipment obtains a security key K according to the CK, the IK and the service network name _AUSF ；

the user equipment utilizes the security key K _AUSF Integrity protecting the ABBA to generate a second message authentication code for the ABBA.

7. The method according to claim 5 or 6, wherein the service network name comprises a service code and a service network identification.

8. The method of claim 1, wherein before the user equipment integrity protects the ABBA with a security key to generate a second message authentication code for the ABBA, the method further comprises:

and the user equipment acquires the security key according to the CK, the IK and the access type identifier.

9. The method of claim 8, wherein the access type identifier is a 3GPP type identifier or a non-3 GPP type identifier.

10. The method according to any one of claims 1 to 3, wherein the security key is at least one of the following keys: authentication service function key K _AUSF Ciphering key CK, integrity key IK, intermediate ciphering key CK ', intermediate integrity key IK', 5G authentication and Key Agreement (5G AKA) response RES, 5G AKA Hash response HRES, master Key MK, authentication service function Key K _AUSF Part of the ciphering key CK, part of the integrity key IK, part of the intermediate ciphering key CK ', part of the intermediate integrity key IK', part of the 5G AKA response RES, part of the 5G AKA hash response HRES, part of the master key MK.

11. The method of claim 1, further comprising:

the user equipment receives a verification result sent by the SEAF;

if the authentication result is successful, the user equipment acquires a lower layer key K according to an anchor key, a user permanent identifier (SUPI) and the ABBA _AMF (ii) a And

the user equipment is according to the K _AMF A non-access stratum key is generated.

12. An authentication apparatus, comprising:

a receiving module, configured to receive an authentication request message sent by a security anchor point function network element (SEAF); the authentication request message comprises an inter-architecture anti-dimensionality reduction parameter (ABBA) and a first message authentication code of the ABBA, the first message authentication code is generated by the SEAF or an access and mobility management network element (AMF), and the ABBA is used for generating a non-access stratum key;

the processing module is used for carrying out integrity protection on the ABBA by utilizing a security key so as to generate a second message authentication code of the ABBA; and verifying the integrity of the ABBA according to the first message authentication code and the second message authentication code.

13. The apparatus of claim 12, further comprising:

and the sending module is used for sending an authentication response message to the SEAF when the integrity verification of the ABBA is successful.

14. The apparatus of claim 12, further comprising:

and a sending module, configured to send, when the integrity verification of the ABBA fails, indication information to the SEAF, where the indication information is used to indicate that the integrity verification fails.

15. The apparatus of claim 12,

the processing module is further configured to generate a security key (CK, IK) from the root key K; wherein CK is an encryption key; the IK is an integrity protection key;

the processing module is specifically configured to perform integrity protection on the ABBA according to the security key (CK, IK) to generate a second message authentication code of the ABBA.

16. The apparatus of claim 12,

the processing module is further configured to generate a first intermediate key (CK, IK) from the root key K; wherein the CK is a first intermediate encryption key; the IK is a first intermediate integrity protection key;

acquiring a security key (CK ', IK') according to the CK, the IK and the service network name; and

the processing module is specifically configured to perform integrity protection on the ABBA according to the security key (CK ', IK') to generate a second message authentication code of the ABBA.

17. The apparatus of claim 12,

obtaining a security key K from the CK, IK and the service network name _AUSF (ii) a And

the processing module is specifically configured to utilize the secure key K _AUSF Integrity protecting the ABBA to generate a second message authentication code for the ABBA.

18. The apparatus according to claim 16 or 17, wherein the service network name comprises a service code and a service network identification.

19. The apparatus of claim 12,

acquiring a security key according to the CK, the IK and the access type identifier; and

the processing module is specifically configured to perform integrity protection on the ABBA by using the security key to generate a second message authentication code of the ABBA.

20. The apparatus of claim 19, wherein the access type identifier is a 3GPP type identifier or a non-3 GPP type identifier.

21. The apparatus according to any of claims 12 to 14, wherein the processing module is configured to perform integrity verification on the ABBA, and comprises:

the processing module utilizes a security key to carry out integrity verification on the ABBA; wherein the security key is at least one of the following keys: authentication server function key K _AUSF A ciphering key CK, an integrity key IK, an intermediate ciphering key CK ', an intermediate integrity key IK', a 5G authentication & key agreement (5G AKA) response RES, a 5G AKA hash response HRES, a master key MK, a portion of an authentication server function key KAUSF, a portion of a ciphering key CK, a portion of an integrity key IK, a portion of an intermediate ciphering key CK ', a portion of an intermediate integrity key IK', a portion of a 5GAKA response RES, a portion of a 5G AKA hash response HRES, a portion of a master key MK.

22. The apparatus of claim 12,

the receiving module is further configured to receive a verification result sent by the SEAF;

if the authentication result is successful, the processing module acquires a lower layer key K according to an anchor key, a user permanent identifier (SUPI) and the ABBA _AMF (ii) a And

the user equipment is based on the K _AMF A non-access stratum key is generated.

23. An apparatus, characterized in that the apparatus comprises: a memory unit for storing computer instructions, a communication interface for transceiving data, and a processor coupled to the memory unit and the communication interface; when the computer instructions are executed, the processor performs the method of any one of claims 1 to 11.

24. An apparatus comprising a communication interface for transceiving data and a processor coupled with the communication interface; the processor is used for executing the method of any one of claims 1 to 11; wherein the processor performs data transceiving through the communication interface as recited in any one of claims 1 to 11.

25. A non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, causes the method of any one of claims 1-11 to be performed.