WO2012031510A1 - Method and system for implementing synchronous binding of security key - Google Patents

Method and system for implementing synchronous binding of security key Download PDF

Info

Publication number
WO2012031510A1
WO2012031510A1 PCT/CN2011/077617 CN2011077617W WO2012031510A1 WO 2012031510 A1 WO2012031510 A1 WO 2012031510A1 CN 2011077617 W CN2011077617 W CN 2011077617W WO 2012031510 A1 WO2012031510 A1 WO 2012031510A1
Authority
WO
WIPO (PCT)
Prior art keywords
security key
binding
key
security
mme
Prior art date
Application number
PCT/CN2011/077617
Other languages
French (fr)
Chinese (zh)
Inventor
和峰
冯成燕
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012031510A1 publication Critical patent/WO2012031510A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices

Definitions

  • the present invention relates to a security authentication technology in a Long Term Evolution (LTE) network, and more particularly to a method and system for implementing security key synchronization binding.
  • LTE Long Term Evolution
  • FIG. 1 is a schematic structural diagram of an LTE network.
  • an LTE network consists of an Evolved Universal Terrestrial Radio Access Network (E-UTRAN) and an Evolved Packet Core (EPC). Composition, the network is flat.
  • the E-UTRAN is connected to the EPC via the SI interface.
  • the E-UTRAN is composed of a plurality of interconnected evolved base stations (eNBs, Evolved NodeBs), and each eNB is connected through an X2 interface; the EPC is composed of a mobility management entity (MME, Mobility Management Entity) and a monthly service gateway (S). -GW, Serving Gateway).
  • MME mobility management entity
  • S monthly service gateway
  • -GW Serving Gateway
  • HE Home Environment
  • HSS Home Subscriber Server
  • HLR Home Location Register
  • the HE contains user profiles, performs user authentication and authorization, and provides information about the user's physical location.
  • LTE-Advanced Long-Term Evolution advance
  • Wireless relay technology is one of the technologies in LTE-Advanced. It aims to extend the coverage of the cell, reduce the dead zone in communication, balance the load, transfer the traffic in the hotspot, and save users.
  • the device (UE, User Equipment) is the transmit power of the terminal.
  • FIG. 2 is a schematic diagram of a network structure after adding a relay node (RN, Relay-Node) in the existing network architecture.
  • RN relay node
  • the wireless device between the newly added RN and the donor evolved base station (Donor-eNB) is used. connection.
  • the interface between the Donor-eNB and the RN is called the Un port.
  • the radio link between the two is called the backhaul link.
  • the interface between the RN and the UE is called the Uu port.
  • the wireless link between them is called the Uu port.
  • the road is called an access link.
  • the downlink data arrives at the Donor-eNB first, and then is transmitted to the RN, and the RN transmits the signal to the UE.
  • the uplink data first arrives at the UE, and then is transmitted to the RN, and the RN transmits the signal to the Donor-eNB.
  • the RN can be used as either a normal terminal device or a base station.
  • the RN can access the wireless network like a normal UE.
  • the network side authenticates the user and authenticates the Key Agreement (AKA).
  • AKA Key Agreement
  • the process is also called the Evolved Packet System Key Agreement (EPS AKA).
  • EPS AKA Evolved Packet System AKA
  • the UE refers to the general name of the mobile device (Mobile Equipment) and the Universal Subscriber Identity Module (USIM).
  • USIM Universal Subscriber Identity Module
  • the EPS AKA process is actually completed by the USIM. Therefore, the process completes the network-to-terminal USIM authentication (or subscription authentication) and key agreement, and the subsequent description also refers to the USIM authentication as user authentication.
  • the USIM card here represents a generalized Universal Integrated Circuit Card (UICC)
  • the UE and the network side generate an integrity key (IK, Integrity Key) and an encryption key (CK, Cipher Key) according to the root key K, and the MME generates an intermediate key KASME according to IK and CK. Then use this intermediate key KASME to derive other new keys to protect the communication data of the access layer (AS, Access Stratum) and non-access stratum (NAS, Non-Access Stratum).
  • the access layer security protection key ratio
  • the radio resource control encryption key KRRCenc, the radio resource control integrity protection key KRRCint and the user plane encryption key KUPenc are respectively derived from the base station key KeNB according to different algorithms, and the KeNB is derived from the intermediate key KASME. .
  • the RN when the RN is an ordinary terminal device, it is a general term for a relay node device (or RN platform) and a USIM card (or a UICC card).
  • the RN can complete the USIM authentication of the RN according to the EPS AKA process described above. .
  • the RN acts as a base station
  • the base station if the base station is an illegal device, it may threaten the user equipment it serves. Therefore, it is first necessary to ensure the legitimacy of the base station before the base station serves the UE.
  • the specific implementation scheme for realizing the legality certification of the RN is not determined.
  • Figure 3 is a schematic diagram of a process in which a possible RN is illegally attacked, as shown in Figure 3.
  • the attacker inserts the legal USIM card into the illegal RN and inserts the illegal USIM card into the legal RN.
  • the attacker uses the legal USIM and the legal RN to complete the corresponding user authentication.
  • equipment certification In the actual communication process, the illegal RN can obtain the access layer security protection key generated by the legal USIM card authentication, and the partial communication data between the illegal RN and the network side is protected by the access layer security protection key.
  • the existing RN authentication does not guarantee that the legal USIM card is inserted on the legal RN device, that is, the user authentication of the RN and the binding of the device cannot be implemented, so that the communication data between the RN and the network side cannot be secured.
  • the main purpose of the present invention is to provide a method and system for implementing secure key synchronization binding, which can implement RN user authentication and device binding, and ensure communication data security between the RN and the network side.
  • a method for implementing secure key synchronization binding includes:
  • the mobility management entity MME notifies the relay node RN to perform security key binding
  • the RN After receiving the notification, the RN performs the same security key binding process as the network side, obtains the security key bound to the device, and responds to the MME.
  • the MME notifying the RN to perform security key binding includes: the MME sending a non-access stratum NAS message to the RN, and notifying the RN to perform security key binding.
  • the NAS message carries key binding indication information for instructing the RN to perform binding of the security key.
  • the NAS message also carries algorithm identification information for identifying an algorithm used when performing key binding.
  • the NAS message also carries identification information of a security key to be bound.
  • the NAS message also carries identification information about security parameters related to devices that need to be bound.
  • the NAS message multiplexes an existing NAS message;
  • the existing NAS message includes: a NAS security mode command message, or a user authentication request message;
  • the NAS message is a new message
  • the new message is a key binding request message.
  • the same security key binding process performed by the RN as the network side is performed in the MME or the home subscriber server HSS or the home location register HLR or the home environment HE on the network side.
  • the security key binding process performed by the network side is before the MME sends a NAS message to notify the RN; or after the MME receives the response from the RN.
  • the method further includes: obtaining, by the network side, the user security key of the RN through the user authentication process, and obtaining the device-related security parameter of the RN;
  • the security key binding process includes: deriving a security key bound to the device according to the agreed algorithm by using the device-related security parameter and the user security key.
  • the security key derived from the device according to the agreed algorithm further includes: The device-related security parameters, the user security key, and other parameters are used to derive a security key bound to the device according to the agreed algorithm.
  • the other parameters include the parameters shared by the RN and the network side; or the random number generated by the network side or the RN.
  • the method further includes: the random number generated by the network side or the RN by using a message. Notify the RN or the network side.
  • the user security key may be an intermediate key KASME or an encryption key CK, a integrity key IK.
  • the device-related security parameter is a specific parameter shared by the RN and the network side; the specific parameter is: a parameter in the subscription information of the RN; or a preset parameter in the device certificate.
  • the device-related security parameter is: a device-related security parameter that is agreed in the device authentication process on the network side; the device-related security parameter that is agreed in the device authentication process is a root key in the device subscription information, or Other new keys derived from the root key.
  • the sending of the response by the RN to the ⁇ includes:
  • the RN feeds back the binding result to the ⁇ through the existing NAS message or by using a new message.
  • the key binding success indication information is used to indicate that the RN successfully completes the security key binding; or the key binding failure is used to indicate that the RN fails to complete the security key binding successfully. Instructions.
  • the response message fed back by the RN When the response message fed back by the RN carries the key binding failure indication information, the response message fed back by the RN further carries the failure reason.
  • a system for implementing secure key synchronization binding including at least RN and ⁇ , wherein
  • the RN is configured to receive the security key binding notification from the ,, perform the same security key binding processing as the network side, obtain the security key bound to the device, and respond to ⁇ .
  • the MME is specifically configured to: after the RN passes the user authentication, send a security key binding notification to the RN; before sending the security key binding notification to the RN, or after receiving the response from the RN, performing the same as the RN Secure key binding processing to obtain a security key bound to the device.
  • the system also includes an HSS or HLR or HE, which is used to perform the same security key binding process as the RN, and sends the security key bound to the device obtained by the security key binding process to the MME.
  • HSS HSS or HLR or HE
  • the network side is further configured to obtain a user security key of the RN through a user authentication process, and obtain device-related security parameters of the RN.
  • the MME notifies the RN to perform security key binding after the RN passes the user authentication; and after receiving the notification, the RN performs the same security key binding processing as the network side.
  • the security key bound to the device obtained by the security key binding process or the other key derived from the security key bound to the device protects the communication between the RN and the network side. Data Security.
  • the RN user authentication and the device binding are implemented by the security key bound to the device, and the RN that communicates with the network side at this time is surely a legal RN with a legal USIM card, thus, an illegal attacker It is impossible to crack communication data.
  • FIG. 1 is a schematic structural diagram of an LTE network
  • FIG. 2 is a schematic diagram of a network composition after adding an RN in an existing network architecture
  • Figure 3 is a schematic diagram of a possible process in which an RN is illegally attacked
  • FIG. 4 is a schematic flowchart of a method for implementing security key synchronization binding according to the present invention.
  • FIG. 5 is a schematic structural diagram of a system for implementing security key synchronization binding according to the present invention
  • FIG. 6 is a schematic flowchart of a first embodiment of implementing security key synchronization binding according to the present invention
  • FIG. 7 is a schematic diagram of implementing security key synchronization according to the present invention.
  • a schematic flowchart of a second embodiment of the binding
  • FIG. 8 is a schematic flowchart of a third embodiment of implementing security key synchronization binding according to the present invention
  • FIG. 9 is a schematic flowchart of a fourth embodiment of implementing security key synchronization binding according to the present invention
  • FIG. 10 is a schematic flowchart of a fifth embodiment of implementing security key synchronization binding according to the present invention.
  • FIG. 4 is a schematic flowchart of a method for implementing security key synchronization binding according to the present invention, which includes the following steps:
  • Step 400 The MME notifies the RN to perform security key binding.
  • the MME may send a NAS message to the RN to notify the RN to perform security key binding.
  • the NAS message may be used to re-use an existing NAS message, such as a NAS security mode command (NAS SMC, NAS Security Mode Command) message, or a user authentication request (User Authentication Request) message; the NAS message may also be a new message.
  • NAS security mode command NAS SMC, NAS Security Mode Command
  • User Authentication Request User Authentication Request
  • a key binding request message that is specifically designed to notify the RN to perform security key binding.
  • the NAS message in this step may not carry any information, that is, a notification.
  • the NAS message sent by the MME to the RN may carry the key binding indication information and/or the algorithm identification information used when the key is bound, such as an algorithm identifier. Used to instruct the RN to perform binding of the security key;
  • the NAS message may further carry identification information of a security key to be bound, such as an E-UTRAN key set identifier (eKSI, Key Set Identity in E-UTRAN);
  • EKSI Key Set Identity in E-UTRAN
  • the NAS message may further carry identification information of a security parameter related to the device to be bound.
  • the network side obtains the user security key of the RN through the user authentication process, or obtains the device-related security parameter of the RN by performing authentication on the device or according to the device identifier index.
  • Step 401 After receiving the notification, the RN performs the same security key binding process as the network side, obtains a security key bound to the device, and responds to the MME.
  • the security key binding process includes: deriving a security key bound to the device according to the agreed algorithm by using the device-related security parameter and the user security key.
  • the security key bound to the device, or other key derived from the security key bound to the device protects the communication data between the RN and the network side.
  • the RN user authentication and the device binding are implemented by the security key bound to the device, and the RN that communicates with the network side at this time is surely a legal RN with a legal USIM card, thus, an illegal attacker It is impossible to crack communication data.
  • the security key bound to the device may be deriving other parameters, such as parameters shared by the RN and the network side, or random numbers generated by the network side (or RN) may be used.
  • the message notifies the peer RN (or the network side) of the random number.
  • the device-related security parameter is a specific parameter shared by the RN and the network side, for example, it may be a parameter in the subscription information of the RN (such as a device root key), or may be a pre-request in a device certificate (Device Certificate). Set parameters and so on. Further, the device-related security parameter may also be: a device-related security parameter that is agreed in the device authentication process on the network side, such as a root key in the device subscription information, or other new key derived from the root key. Wait.
  • the user security key refers to the security key associated with the user's subscription information, such as the intermediate key KASME agreed in the user authentication process, or the CK, IK, etc. derived from the user root key.
  • the convention algorithm in this step may be a known key derivation function (KDF, Key Derivation Function), or other one-way function.
  • KDF Key Derivation Function
  • the specific implementation of the algorithm belongs to the technical means used by those skilled in the art, and details are not described herein. .
  • the security key binding process performed by the RN on the network side is also performed on the network side, for example, in the MME, and the security key binding process may occur before the MME sends the NAS message to notify the RN. It can also happen after the MME receives a response from the RN.
  • the security key binding process performed by the network side may also be performed by the HE or the HSS or the HLR. Afterwards, the HE or the HSS or the HLR sends the security key bound to the device obtained by the security key binding process to the MME.
  • the RN feeds back the binding result through the response message, including:
  • the RN passes an existing NAS message, such as a NAS Security Mode Complete message, or a User Authentication Response message, or a new key, such as a key for feedback binding. Bind the response message and feed back the binding result to the MME.
  • an existing NAS message such as a NAS Security Mode Complete message, or a User Authentication Response message
  • a new key such as a key for feedback binding. Bind the response message and feed back the binding result to the MME.
  • the key binding success indication information used to indicate that the RN successfully completes the security key binding may be carried in the response message fed back by the RN; or the key binding failure indication used to indicate that the RN does not successfully complete the security key binding. Information, at this time, optionally, may also carry the reason for the failure.
  • the security key bound to the device obtained by the security key binding process or the other key derived from the security key bound to the device protects the communication between the RN and the network side.
  • Data Security Moreover, the RN user authentication and the device binding are implemented by the security key bound to the device, and the RN that communicates with the network side at this time is surely a legal RN with a legal USIM card, thus, an illegal attacker It is impossible to crack communication data.
  • the network side can be MME, or HSS, or HLR, or HE.
  • FIG. 5 is a schematic structural diagram of a system for implementing security key synchronization binding according to the present invention. As shown in FIG. 5, at least an RN and an MME are included, where
  • the MME is configured to send a security key binding notification to the RN.
  • the RN is configured to receive the security key binding notification from the MME, perform the same security key binding process as the network side, obtain a security key bound to the device, and respond to the MME.
  • the MME is specifically configured to send a security key binding notification to the RN. Before sending the security key binding notification to the RN, or after receiving the response from the RN, perform the same security key binding processing as the RN to obtain The security key that is bound to the device.
  • the system of the present invention also includes an HSS or HLR or HE for key binding in place of the MME.
  • the initiation and security key binding processing, and the security key bound to the device obtained by the security key binding processing is sent to the MME.
  • the network side is further configured to obtain a user security key of the RN by using a user authentication process, or obtain a device-related security parameter of the RN by performing authentication on the device or according to a device identifier index.
  • FIG. 6 is a schematic flowchart of a first embodiment of implementing security key synchronization binding according to the present invention.
  • the MME does not use the NAS SMC message to notify the RN to perform security key binding, and the NAS SMC message carries Instructions.
  • the MME and the RN respectively use the device-related security parameters and the user intermediate key KASME to derive the security key bound to the device. After the RN succeeds, the MME is fed back through the response message. As shown in FIG. 6, the following steps are specifically included:
  • Step 600 The user authentication between the MME and the RN is completed through a User Authentication Procedure, and the intermediate key KASME is obtained.
  • the implementation of this step belongs to the prior art and will not be described here.
  • Step 601 The MME obtains device-related security parameters, such as a shared key K-D, according to the device identification information of the RN, such as an International Mobile Equipment Identity (IMEI) index of the device, where the shared key K-D may exist.
  • IMEI International Mobile Equipment Identity
  • the pre-configured key in the RN device subscription information may also be information generated by a specific process, and the specific implementation is well-known to those skilled in the art, and is not intended to limit the scope of the present invention.
  • Step 602 The MME performs a key binding process: the MME uses the intermediate key KASME and device-related security parameters such as the shared key K-D to derive a security key KASME D bound to the device according to the agreed key derivation algorithm.
  • KASME D KDF (KASME, KD)
  • the specific implementation is a common technical means for those skilled in the art, and is not described here, and the specific implementation method is not used to limit the scope of the present invention.
  • Step 603 The MME initiates a NAS SMC message to the RN, and carries the message in the NAS SMC message. With key binding indication information.
  • Step 604 The RN derives the security key KASME-D bound to the device by using the same calculation method as the MME according to the key binding indication.
  • Step 605 The RN sends a NAS security mode complete message to the MME, and the MME successfully completes the synchronization binding of the security key after successfully receiving the NAS security mode complete message.
  • the subsequent RN and the network side can use the key derived from the security key KASME-D bound to the device to protect the communication data between the RN and the network side.
  • KASME-D can be used instead of the ordinary intermediate key KASME to derive other security keys respectively.
  • the specific derivation method is consistent with the existing security key derivation method.
  • the timing at which the MME derives the security key bound to the device may also be performed after step 605.
  • FIG. 7 is a schematic flowchart of a second embodiment of implementing security key synchronization binding in the present invention.
  • the MME does not use the NAS SMC message to notify the RN to perform security key binding, and the NAS SMC message carries The indication information, and the security key identification information that requires security binding and/or the algorithm identification information used by the key binding.
  • the MME and the RN respectively derive the security key bound to the device by using the device-related security parameters and the security key specified in the NAS SMC message to identify the corresponding security key.
  • the device security parameter is a security parameter that is agreed by the device authentication process.
  • the MME feeds back the MME through the response message, and the response message carries a binding success flag. As shown in Figure 7, the following steps are specifically included:
  • Step 700 The user authentication between the MME and the RN is completed through the EPS AKA process, and the intermediate key KASME is obtained.
  • the implementation of this step belongs to the prior art, and details are not described herein again.
  • Step 701 The MME performs device authentication with the RN, and the two parties agree on one in the device authentication process.
  • a shared security parameter K-relay A shared security parameter K-relay.
  • Step 702 The MME uses the intermediate key KASME, device-related security parameters (such as K-relay), and other parameters (such as the random number RAND-M generated by the MME) to derive the binding with the device according to the agreed key derivation algorithm.
  • Step 703 The MME initiates a NAS SMC message to the RN, where the NAS SMC message carries the key binding indication information and/or the algorithm identification information used by the key binding, and the random number RAND_M required for the key derivation. And key identification information (eKSI) of the intermediate key KASME to be bound.
  • eKSI key identification information
  • Step 704 The RN derives the security key KASME-D bound to the device by using the same calculation method as the MME according to the eKSI index to the corresponding intermediate key KASME.
  • Step 705 The RN sends a NAS security mode complete message to the MME, where the NAS security mode completion message carries a security key binding success flag. After the MME successfully receives the NAS security mode completion message, it completes the synchronization binding of the security key.
  • the subsequent RN and the network side can use the key derived from the security key KASME-D bound to the device to protect the communication data between the RN and the network side.
  • the timing at which the MME derives the security key bound to the device may also be performed after step 705.
  • FIG. 8 is a schematic flowchart of a third embodiment of implementing security key synchronization binding in the present invention.
  • the HSS completes the security key binding processing on the network side, and then initiates a user authentication request to the RN through the MME.
  • the message carries the key binding indication information in the user authentication request message, and the RN uses the device-related security parameter (such as the root key in the device subscription information, or the key information derived from the root key, or the number of the device) Signature, etc.) and the key CK to be bound, The IK derived binding security key KASME-D.
  • the device-related security parameter is a specific parameter related to the operator certificate of the device. After the RN performs the security key binding process successfully, the RN feeds back to the MME through the user authentication response message. As shown in FIG. 8, the following steps are specifically included:
  • Step 800 The HSS acquires identification information of the device, such as IMEI. This step is implemented by a person skilled in the art and is not related to the scope of protection of the present invention, and will not be described in detail herein.
  • Step 801 The HSS derives a new security key KASME bound to the device according to the protocol-derived algorithm according to the unique parameter related to the operator certificate of the device corresponding to the IMEI (such as Ksec) and the key CK and IK to be bound.
  • KASME-D KDF(CK, IK, Ksec)
  • KDF(CK, IK, Ksec) KDF(CK, IK, Ksec)
  • the keys CK, IK are derived from the root key K in the RN user subscription data according to an agreed algorithm, which is known information.
  • SN id service network identifier
  • SQL sequence number
  • AK Anonymity Key
  • Step 802 The HSS sends the generated security key KASME_D bound to the device to the MME in the authentication data response message.
  • the password binding indication information may also be carried in the authentication data response message.
  • Step 803 The MME sends a User Authentication Request message to the RN, where the user authentication request message carries the key binding indication information.
  • Step 804 After receiving the user authentication request message, the RN derives CK and IK according to the root key K, and then performs a security key binding process according to the indication message to obtain a security key KASME-D bound to the device, and calculates The method is completely consistent with the calculation method of HSS in step 801.
  • the MME sends a user authentication response message carrying the binding failure flag to the MME.
  • the RN may also carry the corresponding failure reason. For example, key binding is not supported.
  • Step 805 The RN sends a User Authentication Response message to the MME.
  • the binding success flag is carried in the user authentication response. After the MME successfully receives the user authentication response message, it completes the synchronization binding of the security key.
  • the subsequent RN and the network side can use the key derived from the security key KASME-D bound to the device to protect the communication data between the RN and the network side.
  • FIG. 9 is a schematic flowchart of a fourth embodiment of implementing security key synchronization binding in the present invention.
  • the MME uses the newly added message to notify the RN to perform security key binding, and the new message carries the security binding.
  • the security key identification information and the identification information related to the device security parameters to be bound, the MME and the RN respectively derive the security key bound to the device by using the device-related security parameter and the security key specified in the message.
  • the device-related security parameter is the device security key K-D agreed by the device authentication process, and the RN successfully feeds back to the MME through the response message.
  • the following steps are specifically included:
  • Step 900 The user authentication between the MME and the RN is completed through a User Authentication Procedure, and the intermediate key KASME is obtained.
  • the implementation of this step belongs to the prior art and will not be described here.
  • Step 901 The MME performs device authentication with the RN, and the two parties agree on a shared security parameter K-D in the device authentication process.
  • Step 902 The MME uses the intermediate key KASME, device-related security parameters (such as KD), and other parameters (such as the random number RAND-M generated by the MME) to derive the security bound to the device according to the agreed key derivation algorithm.
  • KASME-D KDF (KASME, KD, RAND M)
  • KDF KASME, KD, RAND M
  • Step 903 The security key binding command message is sent to the RN, where the security key binding command message carries the random number RAND_ ⁇ , the key identification information (eKSI) of the intermediate key KASME to be bound, and Identification parameter corresponding to the device security parameter KD to be bound (eKSI D).
  • the eKSI and eKSI-D can respectively determine the security key and security parameters of the required binding separately.
  • Step 904 The RN indexes the corresponding intermediate key KASME according to the eKSI, and indexes the device security parameter K_D to be bound according to the eKSI D, and derives the security key KASME bound to the device by using the same calculation method as the MME. — D.
  • the RN can directly send the security key binding failure flag to the MME.
  • the key binding response message or set the binding success flag to false (False) in the security key binding response message.
  • the corresponding failure cause may be further carried in the security key binding response message, for example, the identifier in this embodiment does not exist.
  • Step 905 The RN sends a security key binding response message to the MME, where the security key binding response message carries a security key binding success flag. After the MME successfully receives the security key binding response message, it completes the synchronization binding of the security key.
  • the subsequent RN and the network side can use the key derived from the security key KASME-D bound to the device to protect the communication data between the RN and the network side.
  • FIG. 10 is a schematic flowchart of a fifth embodiment of implementing security key synchronization binding in the present invention.
  • the MME and the RN are assumed to: perform security key binding processing after each device authentication is completed.
  • the binding result can be verified by other messages (such as NAS SMC messages) after the binding ends.
  • the specific implementation includes the following steps:
  • Step 1000 The user authentication between the MME and the RN is completed through a User Authentication Procedure, and the intermediate key KASME is obtained.
  • the implementation of this step belongs to the prior art and will not be described here.
  • Step 1001 The MME performs device authentication with the RN, and the two parties agree on a shared security parameter K-D in the device authentication process.
  • Step 1002 to step 1003 The MME and the RN respectively bind to the device according to a predetermined agreement.
  • Step 1004 the MME initiates a NAS Security Mode Command (NAS SMC) message to the RN, and performs integrity protection on the NAS security mode command message.
  • NAS SMC NAS Security Mode Command
  • the integrity protection key is derived from the security key KASME-D that can be bound to the device.
  • Step 1005 The RN derives an integrity protection key according to the security key KASME-D that is generated by the RN, and verifies the NAS security mode command message from the MME. If the risk certificate passes, the NAS security is returned to the MME.
  • Step 1006 After receiving the NAS security mode complete message, the MME derives the decryption key according to the security key KASME-D that is generated by the MME itself, and decrypts the received NAS security mode completion message. If the decryption succeeds. The RN and the MME successfully receive the synchronization binding of the security key.
  • the subsequent RN and the network side can use the key derived from the security key KASME-D bound to the device to protect the communication data between the RN and the network side.
  • step 1002 and step 1003 are in no order.
  • the parameter may be a shared parameter known to both the RN and the network side; It is a random number generated by the RN or the network side. If it is a random number, the party that needs to generate the random number notifies the peer to the peer through the message.

Abstract

Disclosed are a method and a system for implementing synchronous binding of a security key, the method comprising: an MME notifying an RN of performing security key binding; after receiving the notification, the RN performing the same security key binding processing as that on a network side so as to obtain a security key bound to a device, and responding to the MME. Based on the solution of the present invention, the security key bound to the device and obtained through the security key binding processing, or other keys derived by using the security key bound to the device protect the security of communication data between the RN and the network side. Moreover, through the security key bound to the device, the binding of RN subscriber authentication to the device is implemented, and it is guaranteed that the RN currently communicating with the network side is definitely a legal RN having a legal USIM card. Therefore, illegal attackers cannot crack the communication data.

Description

一种实现安全密钥同步绑定的方法及系统 技术领域  Method and system for realizing security key synchronization binding
本发明涉及长期演进( LTE , Long Term Evolution ) 网络中的安全认证 技术, 尤指一种实现安全密钥同步绑定的方法及系统。 背景技术  The present invention relates to a security authentication technology in a Long Term Evolution (LTE) network, and more particularly to a method and system for implementing security key synchronization binding. Background technique
图 1为 LTE网络的组成结构示意图, 如图 1所示, LTE网络由演进全 球陆地无线接入网 (E-UTRAN, Evolved Universal Terrestrial Radio Access Network )和演进分组交换中心(EPC, Evolved Packet Core )组成, 网络呈 现扁平化。 E-UTRAN通过 SI接口与 EPC相连。  FIG. 1 is a schematic structural diagram of an LTE network. As shown in FIG. 1 , an LTE network consists of an Evolved Universal Terrestrial Radio Access Network (E-UTRAN) and an Evolved Packet Core (EPC). Composition, the network is flat. The E-UTRAN is connected to the EPC via the SI interface.
其中, E-UTRAN由多个相互连接的演进基站( eNB , Evolved NodeB ) 组成, 各个 eNB之间通过 X2接口连接; EPC由移动性管理实体 ( MME, Mobility Management Entity )和月良务网关( S-GW, Serving Gateway )组成。 另外, 在 LTE网络架构中还有一个归属环境(HE, Home Environment ), 如归属用户服务器( HSS , Home Subscriber Server )或归属位置寄存器( HLR, Home Location Register ), 作为用户数据库。 HE中包含用户配置文件, 执 行用户的身份验证和授权, 并可提供有关用户物理位置的信息等。  The E-UTRAN is composed of a plurality of interconnected evolved base stations (eNBs, Evolved NodeBs), and each eNB is connected through an X2 interface; the EPC is composed of a mobility management entity (MME, Mobility Management Entity) and a monthly service gateway (S). -GW, Serving Gateway). In addition, in the LTE network architecture, there is also a Home Environment (HE), such as a Home Subscriber Server (HSS) or a Home Location Register (HLR), as a user database. The HE contains user profiles, performs user authentication and authorization, and provides information about the user's physical location.
为了满足日益增长的大带宽高速移动接入的需求, 第三代伙伴组织计 划 (3GPP , Third Generation Partnership Projects ) 推出了高级长期演进 ( LTE- Advanced, Long-Term Evolution advance )标准。 LTE- Advanced对于 LTE网络的演进保留了 LTE的核心, 在此基础上釆用一系列技术对频域、 空域进行扩充, 以达到提高频谱利用率、 增加系统容量等目的。 无线中继 ( Relay )技术即是 LTE-Advanced 中的技术之一, 旨在扩展小区的覆盖范 围, 减少通信中的死角地区, 平衡负载, 转移热点地区的业务, 节省用户 设备(UE, User Equipment )即终端的发射功率。 图 2为现有网络架构中增 加中继节点 (RN, Relay-Node )后的网络组成示意图, 如图 2所示, 这种 新增的 RN 和施主演进基站 (Donor-eNB ) 之间使用无线连接。 其中, Donor-eNB和 RN之间的接口称为 Un口, 两者之间的无线链路称为回程链 路( backhaul link ); RN和 UE之间的接口称为 Uu口, 其间的无线链路称 为接入链路(access link )。 下行数据先到达 Donor-eNB, 然后传递给 RN, RN再传输至 UE, 上行数据先到达 UE, 然后传递给 RN, RN再传输至 Donor-eNB。 In order to meet the growing demand for large-bandwidth, high-speed mobile access, the Third Generation Partnership Projects (3GPP, Third Generation Partnership Projects) introduced the LTE-Advanced (Long-Term Evolution advance) standard. LTE-Advanced retains the core of LTE for the evolution of LTE networks. Based on this, a series of technologies are used to expand the frequency domain and airspace to improve spectrum utilization and increase system capacity. Wireless relay technology is one of the technologies in LTE-Advanced. It aims to extend the coverage of the cell, reduce the dead zone in communication, balance the load, transfer the traffic in the hotspot, and save users. The device (UE, User Equipment) is the transmit power of the terminal. FIG. 2 is a schematic diagram of a network structure after adding a relay node (RN, Relay-Node) in the existing network architecture. As shown in FIG. 2, the wireless device between the newly added RN and the donor evolved base station (Donor-eNB) is used. connection. The interface between the Donor-eNB and the RN is called the Un port. The radio link between the two is called the backhaul link. The interface between the RN and the UE is called the Uu port. The wireless link between them is called the Uu port. The road is called an access link. The downlink data arrives at the Donor-eNB first, and then is transmitted to the RN, and the RN transmits the signal to the UE. The uplink data first arrives at the UE, and then is transmitted to the RN, and the RN transmits the signal to the Donor-eNB.
在实际通信过程中, RN既可以作为一个普通的终端设备, 也可以作为 一个基站。 当 RN作为一个终端设备时, RN可以像普通 UE—样接入无线 网络。  In the actual communication process, the RN can be used as either a normal terminal device or a base station. When the RN is used as a terminal device, the RN can access the wireless network like a normal UE.
普通 UE在接入网络时,网络侧会对其进行用户的鉴权认证和密钥协定 ( AKA, Authentication and Key Agreement ), 在 LTE网络中该过程也称为 演进分组系统密钥协定(EPS AKA, Evolved Packet System AKA )„ 需要说 明的是, 上述描述中 UE是指移动设备 ( Mobile Equipment )和全球用户标 识模块( USIM , Universal Subscriber Identity Module )卡的总称, 上述 EPS AKA过程实际是由 USIM完成的, 因此该过程完成了网络对终端的 USIM 认证(或称签约认证, Subscription Authentication )和密钥协定, 后续描述 中也称 USIM认证为用户认证。 需要说明的是, 这里的 USIM卡代表了广 义的通用集成电路卡(UICC, Universal Integrated Circuit Card )„  When a normal UE accesses the network, the network side authenticates the user and authenticates the Key Agreement (AKA). In the LTE network, the process is also called the Evolved Packet System Key Agreement (EPS AKA). Evolved Packet System AKA ) „ In the above description, the UE refers to the general name of the mobile device (Mobile Equipment) and the Universal Subscriber Identity Module (USIM). The EPS AKA process is actually completed by the USIM. Therefore, the process completes the network-to-terminal USIM authentication (or subscription authentication) and key agreement, and the subsequent description also refers to the USIM authentication as user authentication. It should be noted that the USIM card here represents a generalized Universal Integrated Circuit Card (UICC)
通过用户认证, UE和网络侧会根据根密钥 K生成完整性密钥 (IK, Integrity Key )和加密密钥( CK, Cipher Key )发送给 MME, MME根据 IK 和 CK生成中间密钥 KASME, 然后利用这个中间密钥 KASME派生其它新 的密钥, 分别对实现接入层 (AS , Access Stratum ) 和非接入层 (NAS , Non- Access Stratum )的通信数据进行保护。其中,接入层安全保护密钥(比 如无线资源控制加密密钥 KRRCenc、 无线资源控制完整性保护密钥 KRRCint和用户面加密密钥 KUPenc )分别由基站密钥 KeNB按照不同算法 派生而来, 而 KeNB是由中间密钥 KASME派生来的。 Through user authentication, the UE and the network side generate an integrity key (IK, Integrity Key) and an encryption key (CK, Cipher Key) according to the root key K, and the MME generates an intermediate key KASME according to IK and CK. Then use this intermediate key KASME to derive other new keys to protect the communication data of the access layer (AS, Access Stratum) and non-access stratum (NAS, Non-Access Stratum). Among them, the access layer security protection key (ratio For example, the radio resource control encryption key KRRCenc, the radio resource control integrity protection key KRRCint and the user plane encryption key KUPenc are respectively derived from the base station key KeNB according to different algorithms, and the KeNB is derived from the intermediate key KASME. .
与 UE类似的, RN作为一个普通的终端设备时, 是中继节点设备(或 称为 RN platform )和 USIM卡(或称 UICC卡)的总称, RN可以按照上述 EPS AKA过程完成 RN的 USIM认证。  Similar to the UE, when the RN is an ordinary terminal device, it is a general term for a relay node device (or RN platform) and a USIM card (or a UICC card). The RN can complete the USIM authentication of the RN according to the EPS AKA process described above. .
但是, 当 RN作为基站时, 如果该基站是一个非法设备, 则可能会威胁 到其服务的用户设备, 因此,在该基站服务 UE之前首先需要确保该基站的 合法性。 目前, 实现 RN的合法性认证的具体实现方案没有确定。  However, when the RN acts as a base station, if the base station is an illegal device, it may threaten the user equipment it serves. Therefore, it is first necessary to ensure the legitimacy of the base station before the base station serves the UE. At present, the specific implementation scheme for realizing the legality certification of the RN is not determined.
但是, 即使是对于一个分别完成用户认证和设备的合法性认证的 RN 来说,还存在如下的安全威胁, 图 3为可能存在的 RN被非法攻击的过程示 意图, 如图 3所示, 如果有非法攻击者(Attacker )将合法的 USIM卡插入 非法的 RN中, 同时将非法的 USIM卡插入合法的 RN中, 这样, 在认证时 攻击者分别使用合法的 USIM以及合法的 RN完成相应的用户认证和设备认 证。在实际通信过程中,非法 RN可以获取到合法 USIM卡认证产生的接入 层安全保护密钥,而非法 RN与网络侧之间的部分通信数据釆用接入层安全 保护密钥的保护,攻击者就可能通过非法 RN篡改或窃听 RN与 DeNB之间 的通信内容。 因此,现有对 RN的合法性认证不能保证合法的 USIM卡被插 在合法的 RN设备上, 即不能实现 RN的用户认证和设备的绑定,从而不能 保证 RN与网络侧间的通信数据安全。 发明内容  However, even for an RN that completes user authentication and device legality authentication, the following security threats exist. Figure 3 is a schematic diagram of a process in which a possible RN is illegally attacked, as shown in Figure 3. The attacker (Attacker) inserts the legal USIM card into the illegal RN and inserts the illegal USIM card into the legal RN. In this case, the attacker uses the legal USIM and the legal RN to complete the corresponding user authentication. And equipment certification. In the actual communication process, the illegal RN can obtain the access layer security protection key generated by the legal USIM card authentication, and the partial communication data between the illegal RN and the network side is protected by the access layer security protection key. It is possible for the illegal RN to tamper with or eavesdrop on the communication content between the RN and the DeNB. Therefore, the existing RN authentication does not guarantee that the legal USIM card is inserted on the legal RN device, that is, the user authentication of the RN and the binding of the device cannot be implemented, so that the communication data between the RN and the network side cannot be secured. . Summary of the invention
有鉴于此, 本发明的主要目的在于提供一种实现安全密钥同步绑定的 方法及系统, 能够实现 RN用户认证和设备的绑定,保证 RN与网络侧间的 通信数据安全。  In view of this, the main purpose of the present invention is to provide a method and system for implementing secure key synchronization binding, which can implement RN user authentication and device binding, and ensure communication data security between the RN and the network side.
为解决上述技术问题, 本发明的技术方案是这样实现的: 一种实现安全密钥同步绑定的方法, 包括: In order to solve the above technical problem, the technical solution of the present invention is implemented as follows: A method for implementing secure key synchronization binding includes:
移动性管理实体 MME通知中继节点 RN进行安全密钥绑定;  The mobility management entity MME notifies the relay node RN to perform security key binding;
RN接到通知后, 进行与网络侧相同的安全密钥绑定处理, 获得与设备 绑定的安全密钥, 并响应 MME。  After receiving the notification, the RN performs the same security key binding process as the network side, obtains the security key bound to the device, and responds to the MME.
所述 MME通知 RN进行安全密钥绑定包括: 所述 MME向 RN发送非 接入层 NAS消息, 通知所述 RN进行安全密钥绑定。  The MME notifying the RN to perform security key binding includes: the MME sending a non-access stratum NAS message to the RN, and notifying the RN to perform security key binding.
所述 NAS消息中携带有用于指示 RN进行安全密钥的绑定的密钥绑定 指示信息。  The NAS message carries key binding indication information for instructing the RN to perform binding of the security key.
所述 NAS消息中还携带有用于标识进行密钥绑定时所使用的算法的算 法标识信息。  The NAS message also carries algorithm identification information for identifying an algorithm used when performing key binding.
所述 NAS消息中还携带有需要绑定的安全密钥的标识信息。  The NAS message also carries identification information of a security key to be bound.
所述 NAS 消息中还携带有与需要绑定的设备相关安全参数的标识信 息。  The NAS message also carries identification information about security parameters related to devices that need to be bound.
所述 NAS消息复用现有的 NAS消息;所述现有的 NAS消息包括: NAS 安全模式命令消息, 或者用户认证请求消息;  The NAS message multiplexes an existing NAS message; the existing NAS message includes: a NAS security mode command message, or a user authentication request message;
或者,所述 NAS消息是新增消息,所述新增消息为密钥绑定请求消息。 所述 RN进行的与网络侧相同的安全密钥绑定处理, 在网络侧的 MME 或归属用户服务器 HSS或归属位置寄存器 HLR或归属环境 HE中执行。  Alternatively, the NAS message is a new message, and the new message is a key binding request message. The same security key binding process performed by the RN as the network side is performed in the MME or the home subscriber server HSS or the home location register HLR or the home environment HE on the network side.
所述网络侧执行的安全密钥绑定处理在所述 MME发送 NAS消息通知 RN之前; 或者, 在所述 MME收到来自 RN的响应之后。  The security key binding process performed by the network side is before the MME sends a NAS message to notify the RN; or after the MME receives the response from the RN.
该方法之前还包括:所述网络侧通过用户认证流程获得 RN的用户安全 密钥, 并获得 RN的设备相关安全参数;  The method further includes: obtaining, by the network side, the user security key of the RN through the user authentication process, and obtaining the device-related security parameter of the RN;
所述安全密钥绑定处理包括: 利用设备相关安全参数和所述用户安全 密钥, 按照约定算法派生与设备绑定的安全密钥。  The security key binding process includes: deriving a security key bound to the device according to the agreed algorithm by using the device-related security parameter and the user security key.
所述按照约定算法派生与设备绑定的安全密钥进一步包括: 利用设备相关安全参数、 所述用户安全密钥, 以及其它参数, 按照约 定算法派生与设备绑定的安全密钥。 The security key derived from the device according to the agreed algorithm further includes: The device-related security parameters, the user security key, and other parameters are used to derive a security key bound to the device according to the agreed algorithm.
所述其它参数包括所述 RN与网络侧共享的参数; 或者,所述网络侧或 RN生成的随机数, 此时, 该方法还包括: 所述网络侧或 RN通过消息将生 成的该随机数通知给 RN或网络侧。  The other parameters include the parameters shared by the RN and the network side; or the random number generated by the network side or the RN. At this time, the method further includes: the random number generated by the network side or the RN by using a message. Notify the RN or the network side.
所述用户安全密钥可以是中间密钥 KASME, 或者是加密密钥 CK, 完 整性密钥 IK。  The user security key may be an intermediate key KASME or an encryption key CK, a integrity key IK.
所述设备相关安全参数为所述 RN与网络侧共享的特定参数; 所述特定参数为: 在所述 RN的签约信息中的参数; 或者,设备证书中 的预设参数。  The device-related security parameter is a specific parameter shared by the RN and the network side; the specific parameter is: a parameter in the subscription information of the RN; or a preset parameter in the device certificate.
所述设备相关安全参数为: 在所述网络侧进行设备认证过程中协定的 设备相关安全参数; 所述设备认证过程中协定的设备相关安全参数为设备 签约信息中的根密钥, 或由该根密钥派生的其它新密钥。  The device-related security parameter is: a device-related security parameter that is agreed in the device authentication process on the network side; the device-related security parameter that is agreed in the device authentication process is a root key in the device subscription information, or Other new keys derived from the root key.
所述 RN向 ΜΜΕ发送响应包括:  The sending of the response by the RN to the 包括 includes:
所述 RN通过现有的 NAS消息, 或者利用新增消息, 向所述 ΜΜΕ反 馈绑定结果。  The RN feeds back the binding result to the 通过 through the existing NAS message or by using a new message.
在所述 RN反馈的响应消息中携带用于指示 RN成功完成安全密钥绑定 的密钥绑定成功指示信息; 或者,用于指示 RN未成功完成安全密钥绑定的 密钥绑定失败指示信息。  The key binding success indication information is used to indicate that the RN successfully completes the security key binding; or the key binding failure is used to indicate that the RN fails to complete the security key binding successfully. Instructions.
当所述 RN反馈的响应消息中携带有密钥绑定失败指示信息时, 所述 RN反馈的响应消息中还携带失败原因。  When the response message fed back by the RN carries the key binding failure indication information, the response message fed back by the RN further carries the failure reason.
一种实现安全密钥同步绑定的系统, 至少包括 RN和 ΜΜΕ, 其中, A system for implementing secure key synchronization binding, including at least RN and ΜΜΕ, wherein
ΜΜΕ, 用于向 RN发送安全密钥绑定通知; ΜΜΕ, used to send a security key binding notification to the RN;
RN, 用于接收来自 ΜΜΕ的安全密钥绑定通知, 进行与网络侧相同的 安全密钥绑定处理, 获得与设备绑定的安全密钥, 并响应 ΜΜΕ。 所述 MME, 具体用于在 RN通过用户认证后, 向 RN发送安全密钥绑 定通知; 在发送安全密钥绑定通知给 RN之前, 或在收到来自 RN的响应之 后, 进行与 RN相同的安全密钥绑定处理, 获得与设备绑定的安全密钥。 The RN is configured to receive the security key binding notification from the ,, perform the same security key binding processing as the network side, obtain the security key bound to the device, and respond to ΜΜΕ. The MME is specifically configured to: after the RN passes the user authentication, send a security key binding notification to the RN; before sending the security key binding notification to the RN, or after receiving the response from the RN, performing the same as the RN Secure key binding processing to obtain a security key bound to the device.
该系统还包括 HSS或 HLR或 HE, 用于进行与 RN相同的安全密钥绑 定处理, 并将安全密钥绑定处理后得到的与设备绑定的安全密钥发送给 MME。  The system also includes an HSS or HLR or HE, which is used to perform the same security key binding process as the RN, and sends the security key bound to the device obtained by the security key binding process to the MME.
所述网络侧,还用于通过用户认证流程获得 RN的用户安全密钥,并获 得 RN的设备相关安全参数。  The network side is further configured to obtain a user security key of the RN through a user authentication process, and obtain device-related security parameters of the RN.
从上述本发明提供的技术方案可以看出, 包括在 RN通过用户认证后, MME通知 RN进行安全密钥绑定; 而 RN接到通知后, 进行与网络侧相同 的安全密钥绑定处理, 获得与设备绑定的安全密钥, 并响应 MME。 基于本 发明方案, 通过安全密钥绑定处理获得的与设备绑定的安全密钥, 或者利 用该与设备绑定的安全密钥派生的其它密钥,保护了 RN与网络侧之间的通 信数据安全。 而且, 通过该与设备绑定的安全密钥, 实现了 RN用户认证和 设备的绑定,并保证了此时与网络侧通信的 RN肯定是有合法 USIM卡的合 法 RN, 这样, 非法攻击者是无法破解通信数据的。 附图说明  It can be seen from the technical solution provided by the present invention that the MME notifies the RN to perform security key binding after the RN passes the user authentication; and after receiving the notification, the RN performs the same security key binding processing as the network side. Obtain a security key bound to the device and respond to the MME. Based on the solution of the present invention, the security key bound to the device obtained by the security key binding process or the other key derived from the security key bound to the device protects the communication between the RN and the network side. Data Security. Moreover, the RN user authentication and the device binding are implemented by the security key bound to the device, and the RN that communicates with the network side at this time is surely a legal RN with a legal USIM card, thus, an illegal attacker It is impossible to crack communication data. DRAWINGS
图 1为 LTE网络的组成结构示意图;  FIG. 1 is a schematic structural diagram of an LTE network;
图 2为现有网络架构中增加 RN后的网络组成示意图;  2 is a schematic diagram of a network composition after adding an RN in an existing network architecture;
图 3为可能存在的 RN被非法攻击的过程示意图;  Figure 3 is a schematic diagram of a possible process in which an RN is illegally attacked;
图 4为本发明实现安全密钥同步绑定的方法的流程示意图;  4 is a schematic flowchart of a method for implementing security key synchronization binding according to the present invention;
图 5为本发明实现安全密钥同步绑定的系统的组成结构示意图; 图 6为本发明实现安全密钥同步绑定的第一实施例的流程示意图; 图 7为本发明实现安全密钥同步绑定的第二实施例的流程示意图; 图 8为本发明实现安全密钥同步绑定的第三实施例的流程示意图; 图 9为本发明实现安全密钥同步绑定的第四实施例的流程示意图; 图 10为本发明实现安全密钥同步绑定的第五实施例的流程示意图。 具体实施方式 FIG. 5 is a schematic structural diagram of a system for implementing security key synchronization binding according to the present invention; FIG. 6 is a schematic flowchart of a first embodiment of implementing security key synchronization binding according to the present invention; FIG. 7 is a schematic diagram of implementing security key synchronization according to the present invention. A schematic flowchart of a second embodiment of the binding; FIG. 8 is a schematic flowchart of a third embodiment of implementing security key synchronization binding according to the present invention; FIG. 9 is a schematic flowchart of a fourth embodiment of implementing security key synchronization binding according to the present invention; FIG. 10 is a schematic flowchart of a fifth embodiment of implementing security key synchronization binding according to the present invention. detailed description
图 4为本发明实现安全密钥同步绑定的方法的流程示意图, 包括以下 步骤:  FIG. 4 is a schematic flowchart of a method for implementing security key synchronization binding according to the present invention, which includes the following steps:
步骤 400: MME通知 RN进行安全密钥绑定。  Step 400: The MME notifies the RN to perform security key binding.
本步骤中, MME可以向 RN发送 NAS消息, 通知 RN进行安全密钥 绑定。 其中, NAS消息可以复用现有的 NAS消息, 比如 NAS安全模式命 令(NAS SMC, NAS Security Mode Command ) 消息, 或者用户认证请求 ( User Authentication Request )消息等; NAS消息也可以是新增消息, 比如 为通知 RN进行安全密钥绑定而专设的密钥绑定请求消息。  In this step, the MME may send a NAS message to the RN to notify the RN to perform security key binding. The NAS message may be used to re-use an existing NAS message, such as a NAS security mode command (NAS SMC, NAS Security Mode Command) message, or a user authentication request (User Authentication Request) message; the NAS message may also be a new message. For example, a key binding request message that is specifically designed to notify the RN to perform security key binding.
如果 RN和网络侧双方约定,在用于通知 RN进行安全密钥绑定的 NAS 消息之后, 一定进行安全密钥绑定处理, 那么, 本步骤中的 NAS消息可以 不携带任何信息,就是一个通知指示,也就是 RN和网络侧釆用隐含方式在 RN通过用户认证后进行安全密钥绑定的操作。  If the RN and the network side agree that the security key binding process must be performed after the NAS message for informing the RN to perform the security key binding, the NAS message in this step may not carry any information, that is, a notification. The indication, that is, the RN and the network side perform the operation of secure key binding after the RN passes the user authentication in an implicit manner.
如果 RN和网络侧双方未约定, 在 MME向 RN发送的 NAS消息中, 可以携带密钥绑定指示信息和 /或密钥绑定时所使用的算法标识信息, 比如 算法标识 ( Algorithm Identity ), 用于指示 RN进行安全密钥的绑定;  If the RN and the network side do not agree, the NAS message sent by the MME to the RN may carry the key binding indication information and/or the algorithm identification information used when the key is bound, such as an algorithm identifier. Used to instruct the RN to perform binding of the security key;
进一步地,在 NAS消息中还可以携带需要绑定的安全密钥的标识信息, 比如 E-UTRAN密钥集标识 ( eKSI, Key Set Identity in E-UTRAN );  Further, the NAS message may further carry identification information of a security key to be bound, such as an E-UTRAN key set identifier (eKSI, Key Set Identity in E-UTRAN);
进一步地, 在 NAS消息中还可以携带与需要绑定的设备相关安全参数 的标识信息。  Further, the NAS message may further carry identification information of a security parameter related to the device to be bound.
另夕卜,在本步骤之前还包括: 网络侧通过用户认证流程获得 RN的用户 安全密钥, 或者, 通过对设备的认证或者根据设备标识索引等方法获得 RN 的设备相关安全参数。 步骤 401 : RN接到通知后, 进行与网络侧相同的安全密钥绑定处理, 获得与设备绑定的安全密钥, 并响应 MME。 In addition, before the step, the network side obtains the user security key of the RN through the user authentication process, or obtains the device-related security parameter of the RN by performing authentication on the device or according to the device identifier index. Step 401: After receiving the notification, the RN performs the same security key binding process as the network side, obtains a security key bound to the device, and responds to the MME.
本步骤中, 安全密钥绑定处理包括: 利用设备相关安全参数和用户安 全密钥, 按照约定算法派生与设备绑定的安全密钥。 这个与设备绑定的安 全密钥, 或者利用该与设备绑定的安全密钥派生的其它密钥, 保护了 RN 与网络侧之间的通信数据安全。 而且, 通过该与设备绑定的安全密钥, 实 现了 RN用户认证和设备的绑定,并保证了此时与网络侧通信的 RN肯定是 有合法 USIM卡的合法 RN, 这样, 非法攻击者是无法破解通信数据的。  In this step, the security key binding process includes: deriving a security key bound to the device according to the agreed algorithm by using the device-related security parameter and the user security key. The security key bound to the device, or other key derived from the security key bound to the device, protects the communication data between the RN and the network side. Moreover, the RN user authentication and the device binding are implemented by the security key bound to the device, and the RN that communicates with the network side at this time is surely a legal RN with a legal USIM card, thus, an illegal attacker It is impossible to crack communication data.
进一步地, 在按照约定算法派生与设备绑定的安全密钥过程中, 还可 以使用其它参数, 比如 RN与网络侧共享的参数; 或者网络侧(或 RN )生 成的随机数, 此时需要通过消息将该随机数通知给对端 RN (或网络侧)。  Further, in the process of deriving the security key bound to the device according to the agreed algorithm, other parameters, such as parameters shared by the RN and the network side, or random numbers generated by the network side (or RN) may be used. The message notifies the peer RN (or the network side) of the random number.
其中,设备相关安全参数是 RN与网络侧共享的特定参数, 比如: 可以 是在 RN的签约信息中的某个参数(比如设备根密钥 ), 也可以是设备证书 ( Device Certificate ) 中的预设参数等。 进一步地, 该设备相关安全参数还 可以是: 在网络侧进行设备认证过程中协定的设备相关的安全参数, 比如 设备签约信息中的根密钥, 或由该根密钥派生的其它新密钥等。  The device-related security parameter is a specific parameter shared by the RN and the network side, for example, it may be a parameter in the subscription information of the RN (such as a device root key), or may be a pre-request in a device certificate (Device Certificate). Set parameters and so on. Further, the device-related security parameter may also be: a device-related security parameter that is agreed in the device authentication process on the network side, such as a root key in the device subscription information, or other new key derived from the root key. Wait.
用户安全密钥是指在与用户签约信息相关的安全密钥, 比如用户认证 过程中协定的中间密钥 KASME,或者是通过用户根密钥派生的 CK、 IK等。  The user security key refers to the security key associated with the user's subscription information, such as the intermediate key KASME agreed in the user authentication process, or the CK, IK, etc. derived from the user root key.
本步骤中的约定算法, 可以是已知的密钥派生算法 (KDF , Key Derivation Function ), 或者其它的单向函数等算法, 算法的具体实现属于本 领域技术人员惯用技术手段, 这里不再赘述。  The convention algorithm in this step may be a known key derivation function (KDF, Key Derivation Function), or other one-way function. The specific implementation of the algorithm belongs to the technical means used by those skilled in the art, and details are not described herein. .
另外, 本步骤中, RN执行的与网络侧相同的安全密钥绑定处理, 也会 在网络侧执行, 比如在 MME执行, 安全密钥绑定处理可以发生在 MME发 送 NAS消息通知 RN之前,也可以发生在 MME收到来自 RN的响应之后。 或者,网络侧执行的安全密钥绑定处理也可以由 HE或 HSS或 HLR来完成, 之后, HE或 HSS或 HLR会将安全密钥绑定处理后得到的与设备绑定的安 全密钥发送给 MME。 In addition, in this step, the security key binding process performed by the RN on the network side is also performed on the network side, for example, in the MME, and the security key binding process may occur before the MME sends the NAS message to notify the RN. It can also happen after the MME receives a response from the RN. Alternatively, the security key binding process performed by the network side may also be performed by the HE or the HSS or the HLR. Afterwards, the HE or the HSS or the HLR sends the security key bound to the device obtained by the security key binding process to the MME.
本步骤中, RN通过响应消息反馈绑定结果包括:  In this step, the RN feeds back the binding result through the response message, including:
RN通过现有的 NAS消息,比如 NAS安全模式完成( NAS Security Mode Complete ) 消息, 或用户认证响应 ( User Authentication Response ) 消息等; 或者利用新增消息如为反馈绑定结果而专设的密钥绑定响应消息,向 MME 反馈绑定结果。  The RN passes an existing NAS message, such as a NAS Security Mode Complete message, or a User Authentication Response message, or a new key, such as a key for feedback binding. Bind the response message and feed back the binding result to the MME.
在 RN反馈的响应消息中可以携带用于指示 RN成功完成安全密钥绑定 的密钥绑定成功指示信息; 或者,用于指示 RN未成功完成安全密钥绑定的 密钥绑定失败指示信息, 此时, 可选地, 还可以携带失败原因。  The key binding success indication information used to indicate that the RN successfully completes the security key binding may be carried in the response message fed back by the RN; or the key binding failure indication used to indicate that the RN does not successfully complete the security key binding. Information, at this time, optionally, may also carry the reason for the failure.
基于本发明方法, 通过安全密钥绑定处理获得的与设备绑定的安全密 钥,或者利用该与设备绑定的安全密钥派生的其它密钥,保护了 RN与网络 侧之间的通信数据安全。 而且, 通过该与设备绑定的安全密钥, 实现了 RN 用户认证和设备的绑定, 并保证了此时与网络侧通信的 RN肯定是有合法 USIM卡的合法 RN, 这样, 非法攻击者是无法破解通信数据的。 其中, 网 络侧可以是 MME, 或 HSS, 或 HLR, 或 HE。  Based on the method of the present invention, the security key bound to the device obtained by the security key binding process or the other key derived from the security key bound to the device protects the communication between the RN and the network side. Data Security. Moreover, the RN user authentication and the device binding are implemented by the security key bound to the device, and the RN that communicates with the network side at this time is surely a legal RN with a legal USIM card, thus, an illegal attacker It is impossible to crack communication data. The network side can be MME, or HSS, or HLR, or HE.
图 5为本发明实现安全密钥同步绑定的系统的组成结构示意图,如图 5 所示, 至少包括 RN和 MME, 其中,  FIG. 5 is a schematic structural diagram of a system for implementing security key synchronization binding according to the present invention. As shown in FIG. 5, at least an RN and an MME are included, where
MME, 用于向 RN发送安全密钥绑定通知;  The MME is configured to send a security key binding notification to the RN.
RN, 用于接收来自 MME的安全密钥绑定通知, 进行与网络侧相同的 安全密钥绑定处理, 获得与设备绑定的安全密钥, 并响应 MME。  The RN is configured to receive the security key binding notification from the MME, perform the same security key binding process as the network side, obtain a security key bound to the device, and respond to the MME.
MME, 具体用于向 RN发送安全密钥绑定通知; 在发送安全密钥绑定 通知给 RN之前, 或在收到来自 RN的响应之后, 进行与 RN相同的安全密 钥绑定处理, 获得与设备绑定的安全密钥。  The MME is specifically configured to send a security key binding notification to the RN. Before sending the security key binding notification to the RN, or after receiving the response from the RN, perform the same security key binding processing as the RN to obtain The security key that is bound to the device.
本发明系统还包括 HSS或 HLR或 HE, 用于代替 MME进行密钥绑定 的发起和安全密钥绑定处理, 并将安全密钥绑定处理后得到的与设备绑定 的安全密钥发送给 MME。 The system of the present invention also includes an HSS or HLR or HE for key binding in place of the MME. The initiation and security key binding processing, and the security key bound to the device obtained by the security key binding processing is sent to the MME.
所述网络侧,还用于通过用户认证流程获得 RN的用户安全密钥,或者, 通过对设备的认证或者根据设备标识索引等方法获得 RN 的设备相关安全 参数。 图 6为本发明实现安全密钥同步绑定的第一实施例的流程示意图, 第 一实施例中, H没 MME利用 NAS SMC消息通知 RN进行安全密钥绑定, 在 NAS SMC消息中携带有指示信息。 MME和 RN分别利用设备相关安全 参数和用户中间密钥 KASME派生与设备绑定的安全密钥, RN成功后通过 响应消息反馈 MME。 如图 6所示, 具体包括以下步骤:  The network side is further configured to obtain a user security key of the RN by using a user authentication process, or obtain a device-related security parameter of the RN by performing authentication on the device or according to a device identifier index. FIG. 6 is a schematic flowchart of a first embodiment of implementing security key synchronization binding according to the present invention. In the first embodiment, the MME does not use the NAS SMC message to notify the RN to perform security key binding, and the NAS SMC message carries Instructions. The MME and the RN respectively use the device-related security parameters and the user intermediate key KASME to derive the security key bound to the device. After the RN succeeds, the MME is fed back through the response message. As shown in FIG. 6, the following steps are specifically included:
步骤 600: MME与 RN之间通过用户认证流程 ( User Authentication Procedure )完成对 RN的用户认证, 并获得中间密钥 KASME。 本步骤的实 现属于现有技术, 这里不再赘述。  Step 600: The user authentication between the MME and the RN is completed through a User Authentication Procedure, and the intermediate key KASME is obtained. The implementation of this step belongs to the prior art and will not be described here.
步骤 601: MME根据 RN的设备标识信息, 比如设备的国际移动设备 标识( IMEI, International Mobile Equipment Identity ) 索引获取设备相关安 全参数如共享密钥 K— D, 共享密钥 K— D可以是存在于 RN设备签约信息中 的预配置密钥, 也可以是通过特定流程生成的信息, 具体实现属于本领域 技术人员公知技术, 并不用于限定本发明的保护范围。  Step 601: The MME obtains device-related security parameters, such as a shared key K-D, according to the device identification information of the RN, such as an International Mobile Equipment Identity (IMEI) index of the device, where the shared key K-D may exist. The pre-configured key in the RN device subscription information may also be information generated by a specific process, and the specific implementation is well-known to those skilled in the art, and is not intended to limit the scope of the present invention.
步骤 602: MME进行密钥绑定处理: MME利用中间密钥 KASME和 设备相关安全参数如共享密钥 K— D, 按照约定的密钥派生算法派生出与设 备绑定的安全密钥 KASME D, 比如 KASME D = KDF(KASME, K D), 具 体实现属于本领域技术人员惯用技术手段, 这里不再赘述, 且其具体实现 方法并不用于限定本发明的保护范围 。  Step 602: The MME performs a key binding process: the MME uses the intermediate key KASME and device-related security parameters such as the shared key K-D to derive a security key KASME D bound to the device according to the agreed key derivation algorithm. For example, KASME D = KDF (KASME, KD), the specific implementation is a common technical means for those skilled in the art, and is not described here, and the specific implementation method is not used to limit the scope of the present invention.
步骤 603: MME向 RN发起 NAS SMC消息, 在 NAS SMC消息中携 带有密钥绑定指示信息。 Step 603: The MME initiates a NAS SMC message to the RN, and carries the message in the NAS SMC message. With key binding indication information.
步骤 604: RN根据密钥绑定指示, 利用与 MME相同的计算方法派生 与设备绑定的安全密钥 KASME— D。  Step 604: The RN derives the security key KASME-D bound to the device by using the same calculation method as the MME according to the key binding indication.
需要说明的是, 在与设备绑定的安全密钥 KASME— D的派生过程中, 还可以引入其它参数进行, 比如可以是 RN与 MME共享的参数; 或者, MME (或 RN )生成的随机数, 此时需要通过消息将该随机数通知给对端。  It should be noted that, in the process of deriving the security key KASME-D bound to the device, other parameters may also be introduced, for example, parameters that may be shared by the RN and the MME; or, random numbers generated by the MME (or RN) At this point, the random number needs to be notified to the peer through the message.
步骤 605: RN向 MME发送 NAS安全模式完成消息, MME成功收到 NAS安全模式完成消息后完成安全密钥的同步绑定。  Step 605: The RN sends a NAS security mode complete message to the MME, and the MME successfully completes the synchronization binding of the security key after successfully receiving the NAS security mode complete message.
后续 RN与网络侧之间可以利用与设备绑定的安全密钥 KASME— D派 生的密钥, 保护 RN 与网络侧之间的通信数据安全。 具体的, 可以利用 KASME— D代替普通的中间密钥 KASME, 分别派生其它的安全密钥 , 具体 派生方法与现有的安全密钥派生方法一致。  The subsequent RN and the network side can use the key derived from the security key KASME-D bound to the device to protect the communication data between the RN and the network side. Specifically, KASME-D can be used instead of the ordinary intermediate key KASME to derive other security keys respectively. The specific derivation method is consistent with the existing security key derivation method.
第一实施例中, MME派生与设备绑定的安全密钥的时机也可以在步骤 605之后进行。  In the first embodiment, the timing at which the MME derives the security key bound to the device may also be performed after step 605.
图 7为本发明实现安全密钥同步绑定的第二实施例的流程示意图, 第 二实施例中, H没 MME利用 NAS SMC消息通知 RN进行安全密钥绑定, 在 NAS SMC消息中携带有指示信息、以及需要安全绑定的安全密钥标识信 息和 /或密钥绑定所使用的算法标识信息。 MME和 RN分别利用设备相关安 全参数和 NAS SMC消息中指定的安全密钥标识对应的安全密钥派生与设 备绑定的安全密钥。 其中, 本实施例中, 设备安全参数是由设备认证过程 协定的安全参数, RN成功后通过响应消息反馈 MME, 在响应消息中携带 有绑定成功标志。 如图 7所示, 具体包括以下步骤:  FIG. 7 is a schematic flowchart of a second embodiment of implementing security key synchronization binding in the present invention. In the second embodiment, the MME does not use the NAS SMC message to notify the RN to perform security key binding, and the NAS SMC message carries The indication information, and the security key identification information that requires security binding and/or the algorithm identification information used by the key binding. The MME and the RN respectively derive the security key bound to the device by using the device-related security parameters and the security key specified in the NAS SMC message to identify the corresponding security key. In this embodiment, the device security parameter is a security parameter that is agreed by the device authentication process. After the RN succeeds, the MME feeds back the MME through the response message, and the response message carries a binding success flag. As shown in Figure 7, the following steps are specifically included:
步骤 700: MME与 RN之间通过 EPS AKA流程完成对 RN的用户认证, 并获得中间密钥 KASME。 本步骤的实现属于现有技术, 这里不再赘述。  Step 700: The user authentication between the MME and the RN is completed through the EPS AKA process, and the intermediate key KASME is obtained. The implementation of this step belongs to the prior art, and details are not described herein again.
步骤 701 : MME与 RN进行设备认证, 在设备认证流程中双方协定一 个共享的安全参数 K— relay。 Step 701: The MME performs device authentication with the RN, and the two parties agree on one in the device authentication process. A shared security parameter K-relay.
步骤 702: MME利用中间密钥 KASME、 设备相关的安全参数 (比如 K— relay ) 以及其它参数 (比如由 MME生成的随机数 RAND— M ), 根据约 定密钥派生算法派生出与设备绑定的安全密钥 KASME— D,比如 KASME— D = KDF(KASME, K relay, RAND M) , 具体实现属于本领域技术人员惯用技 术手段, 这里不再赘述, 且其具体实现方法并不用于限定本发明的保护范 围 。 其中 RAND— Μ是可选参数。  Step 702: The MME uses the intermediate key KASME, device-related security parameters (such as K-relay), and other parameters (such as the random number RAND-M generated by the MME) to derive the binding with the device according to the agreed key derivation algorithm. The security key KASME-D, such as KASME-D = KDF (KASME, K relay, RAND M), the specific implementation belongs to the technical means of those skilled in the art, and details are not described herein, and the specific implementation method is not used to limit the present invention. The scope of protection. Where RAND—Μ is an optional parameter.
步骤 703: MME向 RN发起 NAS SMC消息, 在 NAS SMC消息中携 带有密钥绑定指示信息和 /或密钥绑定所使用的算法标识信息、 密钥派生所 需的随机数 RAND— M、 以及需要绑定的中间密钥 KASME的密钥标识信息 ( eKSI )。  Step 703: The MME initiates a NAS SMC message to the RN, where the NAS SMC message carries the key binding indication information and/or the algorithm identification information used by the key binding, and the random number RAND_M required for the key derivation. And key identification information (eKSI) of the intermediate key KASME to be bound.
步骤 704: RN根据 eKSI索引到相应的中间密钥 KASME,利用与 MME 相同的计算方法派生与设备绑定的安全密钥 KASME— D。  Step 704: The RN derives the security key KASME-D bound to the device by using the same calculation method as the MME according to the eKSI index to the corresponding intermediate key KASME.
步骤 705: RN向 MME发送 NAS安全模式完成消息, 在 NAS安全模 式完成消息中携带有安全密钥绑定成功标志。 MME成功收到 NAS安全模 式完成消息后完成安全密钥的同步绑定。  Step 705: The RN sends a NAS security mode complete message to the MME, where the NAS security mode completion message carries a security key binding success flag. After the MME successfully receives the NAS security mode completion message, it completes the synchronization binding of the security key.
后续 RN与网络侧之间可以利用与设备绑定的安全密钥 KASME— D派 生的密钥, 保护 RN与网络侧之间的通信数据安全。  The subsequent RN and the network side can use the key derived from the security key KASME-D bound to the device to protect the communication data between the RN and the network side.
第二实施例中, MME派生与设备绑定的安全密钥的时机也可以在步骤 705之后进行。  In the second embodiment, the timing at which the MME derives the security key bound to the device may also be performed after step 705.
图 8为本发明实现安全密钥同步绑定的第三实施例的流程示意图, 第 三实施例中,假设由 HSS完成网络侧的安全密钥绑定处理,然后通过 MME 向 RN发起用户认证请求消息,在用户认证请求消息中携带有密钥绑定指示 信息, RN 利用设备相关安全参数(比如设备签约信息中的根密钥, 或者 由该根密钥派生的密钥信息,或者设备的数字签名等)和待绑定的密钥 CK、 IK派生绑定的安全密钥 KASME— D。 其中, 设备相关安全参数为设备的运 营商证书相关的特有参数, RN执行安全密钥绑定处理成功后, 通过用户认 证响应消息反馈给 MME。 如图 8所示, 具体包括以下步骤: FIG. 8 is a schematic flowchart of a third embodiment of implementing security key synchronization binding in the present invention. In the third embodiment, it is assumed that the HSS completes the security key binding processing on the network side, and then initiates a user authentication request to the RN through the MME. The message carries the key binding indication information in the user authentication request message, and the RN uses the device-related security parameter (such as the root key in the device subscription information, or the key information derived from the root key, or the number of the device) Signature, etc.) and the key CK to be bound, The IK derived binding security key KASME-D. The device-related security parameter is a specific parameter related to the operator certificate of the device. After the RN performs the security key binding process successfully, the RN feeds back to the MME through the user authentication response message. As shown in FIG. 8, the following steps are specifically included:
步骤 800: HSS获取设备的标识信息如 IMEI。 本步骤实现本领域技术 人员惯用技术手段, 且与本发明保护范围无关, 这里不再详述。  Step 800: The HSS acquires identification information of the device, such as IMEI. This step is implemented by a person skilled in the art and is not related to the scope of protection of the present invention, and will not be described in detail herein.
步骤 801 : HSS根据 IMEI对应的设备的运营商证书相关的特有参数(比 如 Ksec )、 以及待绑定的密钥 CK、 IK, 按照约定派生算法派生新的与设备 绑定的安全密钥 KASME— D。 其中 KASME— D = KDF(CK, IK, Ksec), 具体 实现属于本领域技术人员惯用技术手段, 这里不再赘述, 且其具体实现方 法并不用于限定本发明的保护范围。 其中, 密钥 CK、 IK由该 RN用户签约 数据中的根密钥 K根据约定算法派生而来, 这是已知信息。 可选的, 在上 述计算过程中还可以引入其他的入参,比如网络侧的服务网络标识( SN id ), 或者序列号 ( Sequence Number, SQN ), 或者匿名密钥 ( Anonymity Key, AK ), 或者网络侧生成的随机值, 或者上述参数的任意组合等。  Step 801: The HSS derives a new security key KASME bound to the device according to the protocol-derived algorithm according to the unique parameter related to the operator certificate of the device corresponding to the IMEI (such as Ksec) and the key CK and IK to be bound. D. Where KASME-D = KDF(CK, IK, Ksec), the specific implementation is a common technical means for those skilled in the art, and details are not described herein, and the specific implementation method is not used to limit the scope of the present invention. The keys CK, IK are derived from the root key K in the RN user subscription data according to an agreed algorithm, which is known information. Optionally, other parameters may be introduced in the foregoing calculation process, such as a service network identifier (SN id ) on the network side, or a sequence number (SQN), or an Anonymity Key (AK). Or a random value generated by the network side, or any combination of the above parameters.
步骤 802: HSS将生成的与设备绑定的安全密钥 KASME— D ,携带在认 证数据响应消息中发送给 MME。 可选地, 在认证数据响应消息中还可以携 带密码绑定指示信息。  Step 802: The HSS sends the generated security key KASME_D bound to the device to the MME in the authentication data response message. Optionally, the password binding indication information may also be carried in the authentication data response message.
步骤 803: MME向 RN发起用户认证请求( User Authentication Request ) 消息, 在用户认证请求消息中携带有密钥绑定指示信息。  Step 803: The MME sends a User Authentication Request message to the RN, where the user authentication request message carries the key binding indication information.
步骤 804: RN收到用户认证请求消息后, 根据根密钥 K派生 CK、 IK, 然后再根据指示消息进行安全密钥绑定处理过程, 获得与设备绑定的安全 密钥 KASME— D, 计算方法与步骤 801中 HSS的计算方法完全一致。  Step 804: After receiving the user authentication request message, the RN derives CK and IK according to the root key K, and then performs a security key binding process according to the indication message to obtain a security key KASME-D bound to the device, and calculates The method is completely consistent with the calculation method of HSS in step 801.
本步骤中, 如果 RN在派生 KASME— D的过程中, 出现了异常情况, 则可以直接向 MME发送携带有绑定失败标志的用户认证响应消息, 可选 地, 还可以携带相应的失败原因, 比如不支持密钥绑定。 步骤 805: RN向 MME发送用户认证响应( User Authentication Response ) 消息。 可选地, 在用户认证响应中携带有绑定成功标志。 MME成功收到用 户认证响应消息后完成安全密钥的同步绑定。 In this step, if the RN is in the process of deriving the KASME-D, the MME sends a user authentication response message carrying the binding failure flag to the MME. Optionally, the RN may also carry the corresponding failure reason. For example, key binding is not supported. Step 805: The RN sends a User Authentication Response message to the MME. Optionally, the binding success flag is carried in the user authentication response. After the MME successfully receives the user authentication response message, it completes the synchronization binding of the security key.
后续 RN与网络侧之间可以利用与设备绑定的安全密钥 KASME— D派 生的密钥, 保护 RN与网络侧之间的通信数据安全。  The subsequent RN and the network side can use the key derived from the security key KASME-D bound to the device to protect the communication data between the RN and the network side.
图 9为本发明实现安全密钥同步绑定的第四实施例的流程示意图, 第 四实施例中 ,假设 MME利用新增消息通知 RN进行安全密钥绑定,新增消 息中携带需要安全绑定的安全密钥标识信息、 以及与需要绑定的设备安全 参数相关的标识信息, MME和 RN分别利用消息中指定的设备相关安全参 数和安全密钥, 派生与设备绑定的安全密钥。 其中, 本实施例中, 设备相 关安全参数是由设备认证过程协定的设备安全密钥 K— D, RN成功后通过响 应消息反馈给 MME。 如图 9所示, 具体包括以下步骤:  FIG. 9 is a schematic flowchart of a fourth embodiment of implementing security key synchronization binding in the present invention. In the fourth embodiment, it is assumed that the MME uses the newly added message to notify the RN to perform security key binding, and the new message carries the security binding. The security key identification information and the identification information related to the device security parameters to be bound, the MME and the RN respectively derive the security key bound to the device by using the device-related security parameter and the security key specified in the message. In this embodiment, the device-related security parameter is the device security key K-D agreed by the device authentication process, and the RN successfully feeds back to the MME through the response message. As shown in Figure 9, the following steps are specifically included:
步骤 900: MME与 RN之间通过用户认证流程 ( User Authentication Procedure )完成对 RN的用户认证, 并获得中间密钥 KASME。 本步骤的实 现属于现有技术, 这里不再赘述。  Step 900: The user authentication between the MME and the RN is completed through a User Authentication Procedure, and the intermediate key KASME is obtained. The implementation of this step belongs to the prior art and will not be described here.
步骤 901 : MME与 RN进行设备认证, 在设备认证流程中双方协定一 个共享的安全参数 K— D。  Step 901: The MME performs device authentication with the RN, and the two parties agree on a shared security parameter K-D in the device authentication process.
步骤 902: MME利用中间密钥 KASME、 设备相关的安全参数 (比如 K D )以及其它参数(比如由 MME生成的随机数 RAND— M ), 才艮据约定密 钥派生算法派生与设备绑定的安全密钥 KASME— D , 比如 KASME— D = KDF(KASME, K D, RAND M) , 具体实现属于本领域技术人员惯用技术手 段, 这里不再赘述, 且其具体实现方法并不用于限定本发明的保护范围。  Step 902: The MME uses the intermediate key KASME, device-related security parameters (such as KD), and other parameters (such as the random number RAND-M generated by the MME) to derive the security bound to the device according to the agreed key derivation algorithm. The key KASME-D, such as KASME-D = KDF (KASME, KD, RAND M), the specific implementation belongs to the technical means of those skilled in the art, and is not described here again, and the specific implementation method is not used to limit the protection of the present invention. range.
步骤 903 : ΜΜΕ向 RN发起安全密钥绑定命令消息, 在安全密钥绑定 命令消息中携带有随机数 RAND— Μ、 需要绑定的中间密钥 KASME的密钥 标识信息 (eKSI )、 以及需要绑定的设备安全参数 K D 对应的标识参数 ( eKSI D )。 其中, 根据 eKSI和 eKSI— D可以分别唯一确定所需绑定的安 全密钥和安全参数。 Step 903: The security key binding command message is sent to the RN, where the security key binding command message carries the random number RAND_Μ, the key identification information (eKSI) of the intermediate key KASME to be bound, and Identification parameter corresponding to the device security parameter KD to be bound (eKSI D). The eKSI and eKSI-D can respectively determine the security key and security parameters of the required binding separately.
步骤 904: RN根据 eKSI索引到相应的中间密钥 KASME, 以及根据 eKSI D索引到需要绑定的设备安全参数 K— D, 并利用与 MME相同的计算 方法派生与设备绑定的安全密钥 KASME— D。  Step 904: The RN indexes the corresponding intermediate key KASME according to the eKSI, and indexes the device security parameter K_D to be bound according to the eKSI D, and derives the security key KASME bound to the device by using the same calculation method as the MME. — D.
本步骤中,如果 RN因发生异常, 比如无法索引到相应的安全密钥或安 全参数, 导致无法完成安全密钥绑定处理, RN可以直接向 MME发送带有 安全密钥绑定失败标志的安全密钥绑定响应消息, 或者在安全密钥绑定响 应消息中设置绑定成功标志为假(False )。 可选地, 还可以进一步在携安全 密钥绑定响应消息中带相应的失败原因, 比如本实施例中的标识不存在。  In this step, if the RN fails to perform the security key binding process due to an abnormality, such as the failure to index the corresponding security key or security parameter, the RN can directly send the security key binding failure flag to the MME. The key binding response message, or set the binding success flag to false (False) in the security key binding response message. Optionally, the corresponding failure cause may be further carried in the security key binding response message, for example, the identifier in this embodiment does not exist.
步骤 905: RN向 MME发送安全密钥绑定响应消息, 在安全密钥绑定 响应消息中携带有安全密钥绑定成功标志。 MME成功收到安全密钥绑定响 应消息后完成安全密钥的同步绑定。  Step 905: The RN sends a security key binding response message to the MME, where the security key binding response message carries a security key binding success flag. After the MME successfully receives the security key binding response message, it completes the synchronization binding of the security key.
后续 RN与网络侧之间可以利用与设备绑定的安全密钥 KASME— D派 生的密钥, 保护 RN与网络侧之间的通信数据安全。  The subsequent RN and the network side can use the key derived from the security key KASME-D bound to the device to protect the communication data between the RN and the network side.
图 10为本发明实现安全密钥同步绑定的第五实施例的流程示意图, 第 五实施例中,假设 MME与 RN约定: 在完成设备认证之后各自主动进行安 全密钥绑定处理。可选地,在绑定结束后可以通过其他消息(比如 NAS SMC 消息)对绑定结果进行验证。 如图 10所示, 具体实现包括以下步骤:  FIG. 10 is a schematic flowchart of a fifth embodiment of implementing security key synchronization binding in the present invention. In the fifth embodiment, the MME and the RN are assumed to: perform security key binding processing after each device authentication is completed. Optionally, the binding result can be verified by other messages (such as NAS SMC messages) after the binding ends. As shown in Figure 10, the specific implementation includes the following steps:
步骤 1000: MME与 RN之间通过用户认证流程(User Authentication Procedure )完成对 RN的用户认证, 并获得中间密钥 KASME。 本步骤的实 现属于现有技术, 这里不再赘述。  Step 1000: The user authentication between the MME and the RN is completed through a User Authentication Procedure, and the intermediate key KASME is obtained. The implementation of this step belongs to the prior art and will not be described here.
步骤 1001 : MME与 RN进行设备认证, 在设备认证流程中双方协定一 个共享的安全参数 K— D。  Step 1001: The MME performs device authentication with the RN, and the two parties agree on a shared security parameter K-D in the device authentication process.
步骤 1002〜步骤 1003 : MME和 RN分别按照预先约定, 生成与设备绑 定的安全密钥: 分别利用中间密钥 KASME、 以及设备相关安全参数如共享 密钥 K— D , 根据约定密钥派生算法派生出与设备绑定的安全密钥 KASME D , 比如 KASME— D = KDF(KASME, K D), 具体实现属于本领域 技术人员惯用技术手段, 这里不再赘述, 且其具体实现方法并不用于限定 本发明的保护范围。 Step 1002 to step 1003: The MME and the RN respectively bind to the device according to a predetermined agreement. The security key: The intermediate key KASME and the device-related security parameters such as the shared key K-D are respectively used to derive the security key KASME D bound to the device according to the agreed key derivation algorithm, such as KASME-D = The KDF (KASME, KD), the specific implementation is a common technical means for those skilled in the art, and is not described here, and the specific implementation method is not limited to the scope of the present invention.
步骤 1004: 可选地, MME向 RN发起 NAS安全模式命令 ( NAS SMC ) 消息, 并对该 NAS安全模式命令消息进行完整性保护。 其中, 完整性保护 密钥由可以由与设备绑定的安全密钥 KASME— D派生而来。  Step 1004: Optionally, the MME initiates a NAS Security Mode Command (NAS SMC) message to the RN, and performs integrity protection on the NAS security mode command message. The integrity protection key is derived from the security key KASME-D that can be bound to the device.
步骤 1005: RN根据自身生成的与设备绑定的安全密钥 KASME— D派 生完整性保护密钥, 并对来自 MME的 NAS安全模式命令消息进行验证, 如果险证通过, 则向 MME回复 NAS安全模式完成( NAS SMC Complete ) 消息, 并对该 NAS安全模式完成消息进行加密, 加密密钥由 RN生成的与 设备绑定的安全密钥 KASME— D派生而来。  Step 1005: The RN derives an integrity protection key according to the security key KASME-D that is generated by the RN, and verifies the NAS security mode command message from the MME. If the risk certificate passes, the NAS security is returned to the MME. The mode completes (NAS SMC Complete) message, and encrypts the NAS security mode completion message, and the encryption key is derived from the device-bound security key KASME-D generated by the RN.
步骤 1006: MME收到 NAS安全模式完成消息后, 根据 MME自身生 成的与设备绑定的安全密钥 KASME— D派生解密密钥,并对收到的 NAS安 全模式完成消息进行解密,如果解密成功,说明 RN和 MME成功收到即完 成安全密钥的同步绑定。  Step 1006: After receiving the NAS security mode complete message, the MME derives the decryption key according to the security key KASME-D that is generated by the MME itself, and decrypts the received NAS security mode completion message. If the decryption succeeds. The RN and the MME successfully receive the synchronization binding of the security key.
后续 RN与网络侧之间可以利用与设备绑定的安全密钥 KASME— D派 生的密钥, 保护 RN与网络侧之间的通信数据安全。  The subsequent RN and the network side can use the key derived from the security key KASME-D bound to the device to protect the communication data between the RN and the network side.
本实施例中, 步骤 1002与步骤 1003的执行不分顺序。  In this embodiment, the execution of step 1002 and step 1003 is in no order.
本发明图 6〜图 10所示的实施例中, 在进行安全密钥绑定的约定算法 中,还可以使用其它参数,该参数可以是 RN和网络侧都知道的某个共享参 数; 也可以是 RN或网络侧生成的随机数, 如果是随机数,还需要生成随机 数的一方将该随机数通过消息通知给对端。  In the embodiment shown in FIG. 6 to FIG. 10, in the contract algorithm for performing security key binding, other parameters may be used, and the parameter may be a shared parameter known to both the RN and the network side; It is a random number generated by the RN or the network side. If it is a random number, the party that needs to generate the random number notifies the peer to the peer through the message.
本发明图 6〜图 10所示的实施例中的处理流程的先后顺序,在具体实施 过程中可以有所变动, 属于本领域技术人员根据本发明提供的方法容易获 得的, 且不用于限定本发明的保护范围。 The sequence of the processing flow in the embodiment shown in FIG. 6 to FIG. 10 of the present invention is embodied in the specific implementation. There may be variations in the process, which are readily available to those skilled in the art in accordance with the methods provided herein, and are not intended to limit the scope of the invention.
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围, 凡在本发明的精神和原则之内所作的任何修改、 等同替换和改进 等, 均应包含在本发明的保护范围之内。  The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included. Within the scope of protection of the present invention.

Claims

权利要求书 Claim
1、 一种实现安全密钥同步绑定的方法, 其特征在于, 包括:  A method for implementing security key synchronization binding, comprising:
移动性管理实体 MME通知中继节点 RN进行安全密钥绑定;  The mobility management entity MME notifies the relay node RN to perform security key binding;
RN接到通知后, 进行与网络侧相同的安全密钥绑定处理, 获得与设备 绑定的安全密钥, 并响应 MME。  After receiving the notification, the RN performs the same security key binding process as the network side, obtains the security key bound to the device, and responds to the MME.
2、 根据权利要求 1所述的方法, 其特征在于, 所述 MME通知 RN进 行安全密钥绑定包括: 所述 MME向 RN发送非接入层 NAS消息, 通知所 述 RN进行安全密钥绑定。  2. The method according to claim 1, wherein the MME notifying the RN to perform security key binding comprises: sending, by the MME, a non-access stratum NAS message to the RN, and informing the RN to perform security key binding set.
3、 根据权利要求 2所述的方法, 其特征在于, 所述 NAS消息中携带 有用于指示 RN进行安全密钥的绑定的密钥绑定指示信息。  The method according to claim 2, wherein the NAS message carries key binding indication information for instructing the RN to perform binding of the security key.
4、 根据权利要求 3所述的方法, 其特征在于, 所述 NAS消息中还携 带有用于标识进行密钥绑定时所使用的算法的算法标识信息。  The method according to claim 3, wherein the NAS message further carries algorithm identification information for identifying an algorithm used when performing key binding.
5、 根据权利要求 3所述的方法, 其特征在于, 所述 NAS消息中还携 带有需要绑定的安全密钥的标识信息。  The method according to claim 3, wherein the NAS message further carries identification information of a security key to be bound.
6、 根据权利要求 5所述的方法, 其特征在于, 所述 NAS消息中还携 带有与需要绑定的设备相关安全参数的标识信息。  The method according to claim 5, wherein the NAS message further carries identification information related to a security parameter related to the device to be bound.
7、 根据权利要求 2至 6任一项所述的方法, 其特征在于, 所述 NAS 消息复用现有的 NAS消息; 所述现有的 NAS消息包括: NAS安全模式命 令消息, 或者用户认证请求消息;  The method according to any one of claims 2 to 6, wherein the NAS message multiplexes an existing NAS message; the existing NAS message includes: a NAS security mode command message, or user authentication Request message
或者,所述 NAS消息是新增消息,所述新增消息为密钥绑定请求消息。 Alternatively, the NAS message is a new message, and the new message is a key binding request message.
8、 根据权利要求 1所述的方法, 其特征在于, 所述 RN进行的与网络 侧相同的安全密钥绑定处理, 在网络侧的 MME或归属用户月良务器 HSS或 归属位置寄存器 HLR或归属环境 HE中执行。 The method according to claim 1, wherein the RN performs the same security key binding process as the network side, and the MME or the home subscriber HSS or the home location register HLR on the network side Or executed in the home environment HE.
9、 根据权利要求 1所述的方法, 其特征在于, 所述网络侧执行的安全 密钥绑定处理在所述 MME发送 NAS 消息通知 RN之前; 或者, 在所述 MME收到来自 RN的响应之后。 The method according to claim 1, wherein the security key binding process performed by the network side is before the MME sends a NAS message to notify the RN; or, in the After the MME receives the response from the RN.
10、 根据权利要求 1、 8或 9所述的方法, 其特征在于, 该方法之前还 包括: 所述网络侧通过用户认证流程获得 RN的用户安全密钥, 并获得 RN 的设备相关安全参数;  The method according to claim 1, 8 or 9, wherein the method further comprises: obtaining, by the network side, a user security key of the RN through a user authentication process, and obtaining a device-related security parameter of the RN;
所述安全密钥绑定处理包括: 利用设备相关安全参数和所述用户安全 密钥, 按照约定算法派生与设备绑定的安全密钥。  The security key binding process includes: deriving a security key bound to the device according to the agreed algorithm by using the device-related security parameter and the user security key.
11、 根据权利要求 10所述的方法, 其特征在于, 所述按照约定算法派 生与设备绑定的安全密钥进一步包括:  The method according to claim 10, wherein the deriving the security key bound to the device according to the agreed algorithm further comprises:
利用设备相关安全参数、 所述用户安全密钥, 以及其它参数, 按照约 定算法派生与设备绑定的安全密钥。  The device-related security parameters, the user security key, and other parameters are used to derive a security key bound to the device in accordance with the predetermined algorithm.
12、 根据权利要求 11所述的方法, 其特征在于, 所述其它参数包括所 述 RN与网络侧共享的参数;或者,所述网络侧或 RN生成的随机数,此时, 该方法还包括:所述网络侧或 RN通过消息将生成的该随机数通知给 RN或 网络侧。  The method according to claim 11, wherein the other parameters include parameters shared by the RN and the network side; or the random number generated by the network side or the RN, and the method further includes The network side or the RN notifies the RN or the network side of the generated random number by using a message.
13、 根据权利要求 10所述的方法, 其特征在于, 所述用户安全密钥是 中间密钥 KASME, 或者是加密密钥 CK, 完整性密钥 IK。  The method according to claim 10, wherein the user security key is an intermediate key KASME or an encryption key CK, an integrity key IK.
14、 根据权利要求 1、 8或 9所述的方法, 其特征在于, 所述设备相关 安全参数为所述 RN与网络侧共享的特定参数;  The method according to claim 1, 8 or 9, wherein the device-related security parameter is a specific parameter shared by the RN and the network side;
所述特定参数为: 在所述 RN的签约信息中的参数; 或者,设备证书中 的预设参数。  The specific parameter is: a parameter in the subscription information of the RN; or a preset parameter in the device certificate.
15、 根据权利要求 1、 8或 9所述的方法, 其特征在于, 所述设备相关 安全参数为: 在所述网络侧进行设备认证过程中协定的设备相关安全参数; 所述设备认证过程中协定的设备相关安全参数为设备签约信息中的根密 钥, 或由该根密钥派生的其它新密钥。  The method according to claim 1, 8 or 9, wherein the device-related security parameter is: a device-related security parameter agreed upon in the device authentication process on the network side; The agreed device-related security parameter is the root key in the device subscription information, or other new key derived from the root key.
16、 根据权利要求 1、 8或 9所述的方法, 其特征在于, 所述 RN向 MME发送响应包括: 16. The method according to claim 1, 8 or 9, wherein the RN direction The MME sends a response including:
所述 RN通过现有的 NAS消息, 或者利用新增消息, 向所述 MME反 馈绑定结果。  The RN feeds back the binding result to the MME by using an existing NAS message or by using a new message.
17、 根据权利要求 16所述的方法, 其特征在于, 在所述 RN反馈的响 应消息中携带用于指示 RN成功完成安全密钥绑定的密钥绑定成功指示信 息;或者,用于指示 RN未成功完成安全密钥绑定的密钥绑定失败指示信息。  The method according to claim 16, wherein the response message fed back by the RN carries key binding success indication information for indicating that the RN successfully completes the security key binding; or The RN failed to complete the key binding failure indication information of the security key binding.
18、 根据权利要求 17所述的方法, 其特征在于, 当所述 RN反馈的响 应消息中携带有密钥绑定失败指示信息时 ,所述 RN反馈的响应消息中还携 带失败原因。  The method according to claim 17, wherein when the response message fed back by the RN carries the key binding failure indication information, the response message fed back by the RN further carries a failure reason.
19、 一种实现安全密钥同步绑定的系统, 其特征在于, 至少包括 RN 和 MME, 其中,  A system for implementing a secure key synchronization binding, comprising: at least an RN and an MME, where
MME, 用于向 RN发送安全密钥绑定通知;  The MME is configured to send a security key binding notification to the RN.
RN, 用于接收来自 MME的安全密钥绑定通知, 进行与网络侧相同的 安全密钥绑定处理, 获得与设备绑定的安全密钥, 并响应 MME。  The RN is configured to receive the security key binding notification from the MME, perform the same security key binding process as the network side, obtain a security key bound to the device, and respond to the MME.
20、 根据权利要求 19所述的系统, 其特征在于, 所述 MME, 具体用 于在 RN通过用户认证后, 向 RN发送安全密钥绑定通知; 在发送安全密钥 绑定通知给 RN之前, 或在收到来自 RN的响应之后, 进行与 RN相同的安 全密钥绑定处理, 获得与设备绑定的安全密钥。  The system according to claim 19, wherein the MME is specifically configured to: after the RN passes the user authentication, send a security key binding notification to the RN; before sending the security key binding notification to the RN Or, after receiving the response from the RN, perform the same security key binding process as the RN to obtain a security key bound to the device.
21、 根据权利要求 19 所述的系统, 其特征在于, 该系统还包括 HSS 或 HLR或 HE, 用于进行与 RN相同的安全密钥绑定处理, 并将安全密钥 绑定处理后得到的与设备绑定的安全密钥发送给 MME。  The system according to claim 19, wherein the system further comprises an HSS or an HLR or an HE, configured to perform the same security key binding processing as the RN, and obtain the security key binding process. The security key bound to the device is sent to the MME.
22、 根据权利要求 19至 21任一项所述的系统, 其特征在于, 所述网 络侧,还用于通过用户认证流程获得 RN的用户安全密钥, 并获得 RN的设 备相关安全参数。  The system according to any one of claims 19 to 21, wherein the network side is further configured to obtain a user security key of the RN through a user authentication process, and obtain a device-related security parameter of the RN.
PCT/CN2011/077617 2010-09-10 2011-07-26 Method and system for implementing synchronous binding of security key WO2012031510A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010282470.3 2010-09-10
CN201010282470.3A CN101945386B (en) 2010-09-10 2010-09-10 A kind of method and system realizing safe key synchronous binding

Publications (1)

Publication Number Publication Date
WO2012031510A1 true WO2012031510A1 (en) 2012-03-15

Family

ID=43437080

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/077617 WO2012031510A1 (en) 2010-09-10 2011-07-26 Method and system for implementing synchronous binding of security key

Country Status (2)

Country Link
CN (1) CN101945386B (en)
WO (1) WO2012031510A1 (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102196438A (en) 2010-03-16 2011-09-21 高通股份有限公司 Communication terminal identifier management methods and device
US9385862B2 (en) 2010-06-16 2016-07-05 Qualcomm Incorporated Method and apparatus for binding subscriber authentication and device authentication in communication systems
US8839373B2 (en) 2010-06-18 2014-09-16 Qualcomm Incorporated Method and apparatus for relay node management and authorization
CN101945386B (en) * 2010-09-10 2015-12-16 中兴通讯股份有限公司 A kind of method and system realizing safe key synchronous binding
CN101931953B (en) * 2010-09-20 2015-09-16 中兴通讯股份有限公司 Generate the method and system with the safe key of apparatus bound
US9112905B2 (en) 2010-10-22 2015-08-18 Qualcomm Incorporated Authentication of access terminal identities in roaming networks
CN102595395A (en) * 2011-01-14 2012-07-18 中兴通讯股份有限公司 Relay node authentication method and system
CN102595403A (en) * 2011-01-14 2012-07-18 中兴通讯股份有限公司 Authentication method and authentication device for relay node binding
US9668128B2 (en) 2011-03-09 2017-05-30 Qualcomm Incorporated Method for authentication of a remote station using a secure element
CN102685735B (en) * 2011-03-11 2017-02-01 中兴通讯股份有限公司 Method and system for reconstructing high-level security in RN switching process
US8887258B2 (en) 2011-08-09 2014-11-11 Qualcomm Incorporated Apparatus and method of binding a removable module to an access terminal
EP3139649A1 (en) * 2015-09-04 2017-03-08 Gemalto Sa Method to authenticate a subscriber in a local network
CN109698746B (en) * 2019-01-21 2021-03-23 北京邮电大学 Method and system for generating sub-keys of binding equipment based on master key negotiation

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101233734A (en) * 2005-06-30 2008-07-30 朗迅科技公司 Method for distributing security keys during hand-off in a wireless communication system
CN101500229A (en) * 2008-01-30 2009-08-05 华为技术有限公司 Method for establishing security association and communication network system
CN101500230A (en) * 2008-01-30 2009-08-05 华为技术有限公司 Method for establishing security association and communication network system
CN101931953A (en) * 2010-09-20 2010-12-29 中兴通讯股份有限公司 Method and system for generating safety key bound with device
CN101945386A (en) * 2010-09-10 2011-01-12 中兴通讯股份有限公司 Method and system for implementing synchronous binding of safe secret keys

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101233734A (en) * 2005-06-30 2008-07-30 朗迅科技公司 Method for distributing security keys during hand-off in a wireless communication system
CN101500229A (en) * 2008-01-30 2009-08-05 华为技术有限公司 Method for establishing security association and communication network system
CN101500230A (en) * 2008-01-30 2009-08-05 华为技术有限公司 Method for establishing security association and communication network system
CN101945386A (en) * 2010-09-10 2011-01-12 中兴通讯股份有限公司 Method and system for implementing synchronous binding of safe secret keys
CN101931953A (en) * 2010-09-20 2010-12-29 中兴通讯股份有限公司 Method and system for generating safety key bound with device

Also Published As

Publication number Publication date
CN101945386A (en) 2011-01-12
CN101945386B (en) 2015-12-16

Similar Documents

Publication Publication Date Title
US20230353379A1 (en) Authentication Mechanism for 5G Technologies
CN108781366B (en) Authentication mechanism for 5G technology
WO2012031510A1 (en) Method and system for implementing synchronous binding of security key
KR101554396B1 (en) Method and apparatus for binding subscriber authentication and device authentication in communication systems
US11856402B2 (en) Identity-based message integrity protection and verification for wireless communication
EP2421292B1 (en) Method and device for establishing security mechanism of air interface link
CN101931955B (en) Authentication method, device and system
KR101978084B1 (en) Mtc key management for key derivation at both ue and network
US9667413B2 (en) Encryption realization method and system
CN101945387B (en) The binding method of a kind of access layer secret key and equipment and system
CN101931953B (en) Generate the method and system with the safe key of apparatus bound
US20130163762A1 (en) Relay node device authentication mechanism
US20130091556A1 (en) Method for establishing a secure and authorized connection between a smart card and a device in a network
JP2016502767A (en) Group authentication and key management for MTC
CN101951590B (en) Authentication method, device and system
US20170223531A1 (en) Authentication in a wireless communications network
CN101977378B (en) Information transferring method, network side and via node
WO2020056433A2 (en) SECURE COMMUNICATION OF RADIO RESOURCE CONTROL (RRC) REQUEST OVER SIGNAL RADIO BEARER ZERO (SRBo)
CN102572819A (en) Method, device and system for generating secret key
CN105764052A (en) TD-LTE authentication and protective encryption method
WO2012094920A1 (en) Method and system for authenticating relay node
CN102595403A (en) Authentication method and authentication device for relay node binding
CN108712742B (en) Internet of Things network security optimization method, user terminal and network side equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11823033

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11823033

Country of ref document: EP

Kind code of ref document: A1