CN100389634C

CN100389634C - Synchronously attach protecting method and relative power authentifying method

Info

Publication number: CN100389634C
Application number: CNB2005100363557A
Authority: CN
Inventors: 王正伟
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2005-08-02
Filing date: 2005-08-02
Publication date: 2008-05-21
Anticipated expiration: 2025-08-02
Also published as: CN1859712A

Abstract

The present invention discloses a synchronous attack protection method which is applied to authentication between a terminal in a 3G network and a network. The method comprises that a resynchronization mark and an authentication response are attached when the terminal sends a resynchronization request command to the network; when the network side receives the resynchronization request command, an MSC/VLR firstly judges the legitimacy of the resynchronization request command according to the authentication response. If the resynchronization request command is illegal, the MSC/VLR then judges that the resynchronization request command is from an illegal user; otherwise, the MSC/VLR sends the resynchronization request command to the network side HLR/AUC which verifies the integrality of the resynchronization request command. Therefore, when the network side receives the resynchronization request command from the illegal user, the MSC/VLR can judge according to the authentication response without consuming the resources of the HLR/AUC to verify the integrality of the resynchronization request command from the illegal user. Further, the effect of avoiding the illegal user utilizing the resynchronization request command to attack the network is achieved.

Description

A kind of synchronization attack means of defence and corresponding authentication method

Technical field

The present invention relates to the communication security technology, be specifically related to a kind of method that prevents that terminal from utilizing synchronous request command that network is attacked.

Background technology

In the existing 3-G (Generation Three mobile communication system), in portable terminal, preserve IMSI International Mobile Subscriber Identity IMSI, KI KI and sequence number SQNMS, preserve IMSI, KI and sequence number SQNHE at this portable terminal correspondence among the HLR/AUC of network side, to be used for portable terminal and network mutual authentication.

The existing authorizing procedure of 3G communication system is mainly: HLR/AUC produces random number RA ND, produces Expected Response XRES, encryption key CK, Integrity Key IK according to random number RA ND and KI; Produce MAC-A according to random number RA ND, sequence number SQNHE, KI KI and authentication management field AMF, according to MAC-A, SQNHE, AK and AMF obtain authentication signature AUTN (Authentication Token).Form the authentication five-tuple by RAND and XRES, CK, IK and AUTN, this five-tuple is sent to MSC/VLR preserve.Certainly, in the middle of the reality, HLR/AUC is that corresponding one or more five-tuples of answering the request of MSC/VLR just will produce send to MSC/VLR's.During authentication, MSC/VLR sends to terminal with RAND and AUTN in the corresponding five-tuple, and terminal if consistency checking does not pass through, is then returned failed authentication information to MSC/VLR according to the consistency of the KI checking AUTN that oneself preserves; If consistency checking passes through, judge then whether SQNHE belongs to acceptable scope: if belong to, then terminal judges goes out network authentication is passed through, terminal is returned the Authentication Response that terminal oneself produces to MSC/VLR, and upgrade SQNMS according to the SQNHE among the AUTN, whether the XRES in the Authentication Response that the MSC/VLR comparison terminal returns and the corresponding five-tuple the consistent legitimacy of judging terminal; Do not belong to tolerance interval if judge SQNHE, then produce again sync mark AUTS (Resynchronisation Token) according to SQNMS, network side MSC/VLR is returned synchronization request or synchronization failure (Synchronisation failure) message again, enclosing the AUTS of sync mark again of generation simultaneously, also is to comprise AUTS in the message.When network side MSC/VLR receives sync mark AUTS again, RAND in AUTS and the corresponding five-tuple is sent to HLR/AUC, HLR/AUC is according to correspondence KI that preserves and the RAND that receives, judge the legitimacy of AUTS, if illegal, then HLR/AUC returns the AUTS information unauthorized to MSC/VLR; If it is legal to judge AUTS, then HLR/AUC upgrades SQNHE according to the SQNMS among the AUTS, and produces a new authentication five-tuple and send to MSC/VLR, after MSC/VLR receives new five-tuple, and the old five-tuple that deletion is corresponding.About authorizing procedure, can be with reference to the 3GPP standard.

Therefore in the 3-G (Generation Three mobile communication system), authorizing procedure can ensure fully that terminal and network can not be subjected to the malice deception, thereby ensures the fail safe of terminal and network.

Above-mentioned authorizing procedure can prevent the user terminal deception network palmed off by network to the authentication of terminal, also can prevent to palm off the network cheating user terminal to the authentication of network by terminal, but can't prevent the synchronous flow process attack of disabled user's terminal utilization HLR/AUC, for example, 1. the disabled user utilizes the IMSI of a vacation to initiate the position renewal to network; 2.MSC/VLR RAND and AUTN in the authentication tuple are sent to the disabled user; 3. the disabled user produces a random number replacement AUTS, initiates the request of synchronous SQN MS to network MSC/VLR; 4.MSC/VLR random number RA ND in the corresponding five-tuple and the AUTS that is received from terminal are sent to HLR/AUC; 5.HLR/AUC carry out synchronous flow process.

In the above-mentioned attack flow process, though can to identify be illegal to HLR/AUC synchronously in the 5th step, identifying itself has just consumed the resource of HLR/AUC, moreover also comprises the resource that protocol interaction consumed between MSC/VLR and the HLR/AUC.If the continuous conversion user identity of assailant is made synchronously false, so, just might cause HLR/AUC to be busy with handling synchronous flow process, and have no time to attend to other service request, take place thereby can cause the HLR/AUC vacation to hang phenomenon.

In sum, how to prevent that the disabled user from attacking network by synchronization request is a problem that is worth solution.

Summary of the invention

In view of this, to want the technical solution problem be to prevent that the disabled user from utilizing the synchronization request attacking network in the present invention.

In order to address the above problem technical scheme provided by the invention be:

A kind of synchronization attack means of defence, be applied to terminal and internetwork authentication in the 3G network, described method may further comprise the steps at least: a.HLR/AUC produces random number RA ND, according to random number, second KI produces Expected Response XRES, encryption key CK, Integrity Key IK, and according to random number, KI, the authentication management field AMF and the second sequence number SQNHE generate message authentication coding MAC-A, according to second sequence number, authentication management field and message authentication coding produce authentication signature AUTN, with described random number, Expected Response, encryption key, Integrity Key and authentication signature send to MSC/VLR as the authentication five-tuple; B.MSC/VLR sends to terminal with described random number, authentication signature; C. terminal is carried out consistency checking according to second sequence number and authentication management field among first KI and the random number that receives, the AUTN that receives to the coding of the message authentication among the AUTN that receives, and after checking is passed through, generate Authentication Response ARES according to first KI and described random number; D. terminal judges according to the first sequence number SQNMS whether second sequence number can be accepted, and when second sequence number can not receive, according to first KI, first sequence number, AMF among the AUTN that receives and described random number generate synchronizing authentication coding MAC-S, produce sync mark AUTS according to MAC-S and SQNMS, MSC/VLR is sent synchronization request message and encloses the check code of described sync mark and described Authentication Response; E.MSC/VLR judges the legitimacy of the check code of described Authentication Response according to Expected Response when receiving described synchronization request message, judge described illegal and finish relevant treatment with request message again if do not conform to rule; Otherwise MSC/VLR sends synchronization request message to HLR/AUC, and encloses the random number in described sync mark and the corresponding authentication five-tuple; F.HLR/AUC judges the integrality of described synchronization request message according to second KI, and makes relevant treatment according to the integrality of described synchronization request message.

Synchronization attack means of defence provided by the invention, when sending synchronization request, enclosed the check code of Authentication Response, network side is when judging the legitimacy of synchronization request, earlier judge the synchronization request legitimacy according to the check code of Authentication Response by MSC/VLR, if Authentication Response does not conform to rule and can judge the synchronization request information source and do not conform to, then no longer carry out subsequent treatment, the HLR/AUC that is network side no longer carries out integrity verification to synchronization request, make network side when receiving the synchronization request of disabled user's transmission, MSC/VLR can identify, and the resource that needn't expend HLR/AUC again is to carrying out integrity verification from disabled user's synchronous request command again, and then reaches and prevent that the disabled user from coming the purpose of attacking network by a large amount of synchronization request message again.

Preferably, also comprise among the step c when consistency checking of message authentication being encoded when terminal passes through, judge network side MSC/VLR failed authentication is sent failed authentication information to MSC/VLR, and finish relevant treatment.

Preferably, also comprise in the steps d when terminal judges goes out second sequence number and can accept,, and MSC/VLR sent described Authentication Response according to described second sequence number update, first sequence number; MSC/VLR judges whether described Authentication Response is consistent with Expected Response, if consistent, judge the authentication of terminal passed through, and finish respective handling, otherwise, judge the authentication of terminal is not passed through, and finish respective handling.

Preferably, wherein be meant that according to described second sequence number update, first sequence number first sequence number is set to equate with second sequence number.

Preferably, described HLR/AUC judges that according to second KI integrality of described synchronization request message is meant, HLR/AUC calculates the consistent algorithm of described synchronizing authentication coding according to first sequence number employing in second KI, described authentication management field, described random number and the described sync mark and terminal and calculates, obtain a result of calculation, whether the synchronizing authentication coding is identical in more described result of calculation and the described sync mark, if it is identical, it is complete then to judge described synchronization request message, otherwise it is imperfect to judge described synchronization request message.

Preferably, in step f, HLR/AUC judges described synchronization request message when imperfect, finish relevant treatment, otherwise,, produce new authentication five-tuple and be sent to few new authentication five-tuple and be used for authentication to MSC/VLR according to first sequence number update, second sequence number.

Preferably, describedly be meant that according to described first sequence number update, second sequence number second sequence number is set to equate with first sequence number, or second sequence number be set to again second sequence number be increased an increment numerical value changeless or fixedly variation or change at random with after first sequence number equates.

Preferably, among the described step c, terminal is carried out consistency checking to described message authentication coding: terminal adopts with HLR/AUC according to first KI, authentication management field, described random number and second sequence number and produces the consistent operation result of method generation of message authentication coding, whether more described operation result is consistent with described message authentication coding, if it is consistent, then the consistency checking to described message authentication coding passes through, otherwise, the consistency checking of described message authentication coding is not passed through.

Preferably, in the described steps d, described terminal judges according to first sequence number whether second sequence number can be accepted further to be: whether the difference of judging second sequence number and first sequence number is in certain scope, if, then judging second sequence number can accept, otherwise, judge second sequence number and cannot accept.

Preferably, the check code of described Authentication Response is an Authentication Response itself, or corresponding some position in the Authentication Response, judge that according to Expected Response the legitimacy of the check code of described Authentication Response is meant among the step e accordingly: whether the check code of judging Authentication Response is identical with Expected Response, whether the check code of perhaps judging Authentication Response is with corresponding some is identical in the Expected Response, if, the check code of then judging described Authentication Response is legal, otherwise, judge that the check code of described Authentication Response is illegal.

Preferably, further comprise the step of upgrading second sequence number among the described step a.

Preferably, described renewal second sequence number is meant increases an increment numerical value changeless or fixedly variation or change at random with second sequence number.

In order to address the above problem, another solution provided by the invention is:

A kind of method for authenticating, authentication between the module that is used for to intercom mutually, described module comprises at least: but first module of authentication and generation Authentication Response, preserved first KI in described first module, first synchronisation key and first sequence number, can be used for producing authentication parameter, carry out second module of Synchronous Processing, correspondence has been preserved second KI in described second module, second synchronisation key and second sequence number, and the three module that can carry out authentication verification, described method may further comprise the steps at least: (1). and second module produces random number, according to random number, second KI produces Expected Response, and according to random number, second KI and second sequence number generate the message authentication coding, with described random number, second sequence number, the message authentication coding of Expected Response and generation sends to three module; (2). three module sends to first module with described random number, second sequence number and message authentication coding; (3). first module is carried out consistency checking according to first KI and described random number and second sequence number to described message authentication coding, and after checking is passed through, generates Authentication Response according to first KI and described random number; (4). first module judges according to first sequence number whether second sequence number can be accepted, and when second sequence number can not receive, generate the synchronizing authentication coding according to first synchronisation key, first sequence number and described random number, three module is sent synchronization request message and encloses the check code of described synchronizing authentication coding, first sequence number and described Authentication Response; (5). three module is judged the legitimacy of the check code of described Authentication Response according to Expected Response when receiving described synchronization request message, judge described illegal and finish relevant treatment with request message again if do not conform to rule; Otherwise three module sends synchronization request message to second module; (6) second modules are judged the integrality of described synchronization request message according to second synchronisation key, and make relevant treatment according to the integrality of described synchronization request message.

Above-mentioned method for authenticating, first module has been enclosed the check code of Authentication Response when sending synchronization request message, second module is before the integrality of judging synchronization request message, judge the legitimacy of synchronization request message earlier earlier according to the check code of Authentication Response by three module, can to judge the synchronization request information source illegal if the check code of Authentication Response does not conform to rule, then no longer carry out subsequent treatment, promptly second module is no longer carried out integrity verification to synchronization request message, therefore, the synchronization request message that the disabled user sends can be tackled when arriving three module, and the resource that needn't expend second module again is to carrying out integrity verification from disabled user's synchronization request message, and then reaches and prevent that the disabled user from attacking the purpose of authentication module by a large amount of synchronization request message.

Preferably, also comprise in the described step (3) when the consistency checking of message authentication being encoded when first module passes through, judge the three module failed authentication, and finish relevant treatment.

Preferably, first module further comprises before described end relevant treatment in the step (3): first module sends failed authentication information to three module.

Preferably, also comprise in the step (4) when first module is judged second sequence number and can be accepted,, and three module sent described Authentication Response according to described second sequence number update, first sequence number; Three module judges whether described Authentication Response is consistent with Expected Response, if consistent, judge the authentication of first module passed through, and finish respective handling, otherwise, judge the first module authentication is not passed through, and finish respective handling.

Preferably, describedly be meant that according to described second sequence number update, first sequence number first sequence number is set to equate with second sequence number.

Preferably, in the step (5), when three module sends synchronization request message to second module, enclose described random number, the synchronizing authentication coding and first sequence number.

Preferably, in the step (1), when second module sends to three module at the message authentication coding with described random number, second sequence number and generation, preserved described random number; Among the step e, when three module sends synchronization request message to second module, enclose the described synchronizing authentication coding and first sequence number.

Preferably, described second module judges that according to second synchronisation key integrality of described synchronization request message is meant, second module is calculated the consistent algorithm of described synchronizing authentication coding according to second synchronisation key, described random number and the employing of first sequence number and first module and is calculated, obtain a result of calculation, whether more described result of calculation is identical with the synchronizing authentication coding, if it is identical, it is complete then to judge described synchronization request message, otherwise it is imperfect to judge described synchronization request message.

Preferably, in step (6), second module is judged described synchronization request message when imperfect, finishes relevant treatment, otherwise, according to first sequence number update, second sequence number.

Preferably, in the described step (3), first module is carried out consistency checking to described message authentication coding: first module is according to first KI, described random number and the employing of second sequence number and second module are according to described random number, second KI produces the consistent method of message authentication coding with second sequence number and produces an operation result, whether more described operation result is consistent with described message authentication coding, if it is consistent, then the consistency checking to described message authentication coding passes through, otherwise, the consistency checking of described message authentication coding is not passed through.

Preferably, in the described step (4), first module judges according to first sequence number whether second sequence number can be accepted further to be: whether the difference of judging second sequence number and first sequence number is in certain scope, if, then judging second sequence number can accept, otherwise, judge second sequence number and cannot accept.

Preferably, the check code of described Authentication Response is an Authentication Response itself, or corresponding some position in the Authentication Response, judge that according to Expected Response the legitimacy of the check code of described Authentication Response is meant in the step (5) accordingly: whether the check code of judging Authentication Response is identical with Expected Response, whether the check code of perhaps judging Authentication Response is with corresponding some is identical in the Expected Response, if, the check code of then judging described Authentication Response is legal, otherwise, judge that the check code of described Authentication Response is illegal.

Preferably, further comprise the step of upgrading second sequence number in the described step (1).

Preferably, the first sequence number initial value is 0 or random number, and the corresponding second sequence number initial value is any number greater than first sequence number.

Preferably, in first module, first KI and first synchronisation key can be same keys; Correspondingly, in second module, second KI and second synchronisation key also can be same keys.

In order to address the above problem, the present invention also provides a solution to be:

A kind of method for authenticating, authentication between the module that is used for to intercom mutually, described module comprises at least: but first module of authentication and generation Authentication Response, preserved first KI in described first module, first synchronisation key and first sequence number, can be used for producing authentication parameter, carry out second module of authentication verification and execution Synchronous Processing, correspondence has been preserved second KI in described second module, second synchronisation key and second sequence number, described method may further comprise the steps at least: i. second module produces random number, according to random number, second KI produces Expected Response, and according to random number, second KI and second sequence number generate the message authentication coding; Described random number, second sequence number and message authentication coding are sent to first module; Ii. first module is carried out consistency checking according to first KI and described random number and second sequence number to described message authentication coding, and after checking is passed through, generates Authentication Response according to first KI and described random number; Iii. first module judges according to first sequence number whether second sequence number can be accepted, and when second sequence number can not receive, generate the synchronizing authentication coding according to first synchronisation key, first sequence number and described random number, to second module send synchronization request message and enclose described synchronizing authentication coding, first sequence number and reach the check code of Authentication Response; Iv. second module is judged the legitimacy of the check code of described Authentication Response according to Expected Response when receiving described synchronization request message, judges described illegal and finish relevant treatment with request message again if do not conform to rule; Otherwise, judge the integrality of described synchronization request message according to second synchronisation key, and make relevant treatment according to the integrality of described synchronization request message.

Above-mentioned method for authenticating, first module has been enclosed the check code of Authentication Response when sending synchronization request message, second module is before the integrality of judging synchronization request message, judge the legitimacy of synchronization request message earlier according to the check code of Authentication Response, can to judge the synchronization request information source illegal if the check code of Authentication Response does not conform to rule, then no longer carry out subsequent treatment, promptly second module is no longer carried out integrity verification to synchronization request message, therefore, second module is when receiving from disabled user's synchronization request information, consumes resources is carried out integrity verification to the synchronization request message from the disabled user again, and then reaches and prevent that the disabled user from consuming second module resource to attack the purpose of second module by a large amount of synchronization request message.

Preferably, also comprise among the described step I i when consistency checking of message authentication being encoded when first module passes through, judge the second module failed authentication, and finish relevant treatment.

Preferably, first module further comprises before described end relevant treatment among the step I i: first module sends failed authentication information to second module.

Preferably, also comprise among the step I ii when first module is judged second sequence number and can be accepted,, and second module sent described Authentication Response according to described second sequence number update, first sequence number; Second module judges whether described Authentication Response is consistent with Expected Response, if consistent, judge the authentication of first module passed through, and finish respective handling, otherwise, judge the first module authentication is not passed through, and finish respective handling.

Preferably, in step I v, described second module judges that according to second synchronisation key integrality of described synchronization request message is meant, second module is calculated the consistent algorithm of described synchronizing authentication coding according to second synchronisation key, described random number and the employing of first sequence number and first module and is calculated, obtain a result of calculation, whether more described result of calculation is identical with described synchronizing authentication coding, if it is identical, it is complete then to judge described synchronization request message, otherwise it is imperfect to judge described synchronization request message.

Preferably, in step I v, second module is judged described synchronization request message when imperfect, finishes relevant treatment, otherwise, according to first sequence number update, second sequence number.

Preferably, among the described step I i, first module is carried out consistency checking to described message authentication coding: first module is according to first KI, described random number and the employing of second sequence number and second module are according to described random number, second KI produces the consistent method of message authentication coding with second sequence number and produces an operation result, whether more described operation result is consistent with described message authentication coding, if it is consistent, then the consistency checking to described message authentication coding passes through, otherwise, the consistency checking of described message authentication coding is not passed through.

Preferably, among the described step I ii, first module judges according to first sequence number whether second sequence number can be accepted further to be: whether the difference of judging second sequence number and first sequence number is in certain scope, if, then judging second sequence number can accept, otherwise, judge second sequence number and cannot accept.

Preferably, the check code of described Authentication Response is an Authentication Response itself, or corresponding some position in the Authentication Response, judge that according to Expected Response the legitimacy of the check code of described Authentication Response is meant among the step I v accordingly: whether the check code of judging Authentication Response is identical with Expected Response, whether the check code of perhaps judging Authentication Response is with corresponding some is identical in the Expected Response, if, the check code of then judging described Authentication Response is legal, otherwise, judge that the check code of described Authentication Response is illegal.

Preferably, further comprise the step of upgrading second sequence number in the described step I.

Description of drawings

Fig. 1 is the flow chart of the specific embodiment of the present invention one.

Fig. 2 is the flow chart of the specific embodiment of the specific embodiment of the invention one.

Fig. 3 is the flow chart of the specific embodiment of the present invention two.

Fig. 4 is the flow chart of the specific embodiment of the specific embodiment of the invention two.

Fig. 5 is the flow chart of the specific embodiment of the present invention three.

Fig. 6 is the flow chart of the specific embodiment of the specific embodiment of the invention three.

Embodiment

In the mobile communications network, in portable terminal, preserve IMSI International Mobile Subscriber Identity IMSI, KI KI and sequence number SQNMS, preserve IMSI, KI and sequence number SQNHE at this portable terminal correspondence among the HLR/AUC of network side, to be used for portable terminal and network mutual authentication.

In synchronization attack means of defence provided by the invention, when initiating synchronous request command to network, terminal not only encloses sync mark again, also enclose the check code of Authentication Response, the check code that network side rings according to authentication is earlier judged the legitimacy of synchronization request again, can to judge synchronous request command immediately illegal again if do not conform to rule, further verifies the integrality of synchronous request command according to sync mark again if the check code of described Authentication Response is legal again.

The present invention also provides the corresponding authentication method, and not only be applied to 3-G (Generation Three mobile communication system), also can be used for the authentication between any two modules that can intercom mutually, for example Wimax, ... wait the module between cordless communication network, or the module between wireline communication network.

When method of the present invention is applied to authentication between terminal and the network:

MSC/VLR sends to terminal with RAND and AUTN in the corresponding five-tuple, and terminal if consistency checking does not pass through, is then returned failed authentication information to MSC/VLR according to the consistency of the KI checking AUTN that oneself preserves;

If consistency checking passes through, terminal produces Authentication Response ARES according to KI and RAND, and judges whether SQNHE belongs to acceptable scope:

If SQNHE belongs to acceptable scope, then terminal judges goes out network authentication is passed through, and terminal is returned the Authentication Response ARES that terminal oneself produces to MSC/VLR, and according to the renewal of the SQNHE among AUTN SQNMS; Whether the XRES in the Authentication Response that the MSC/VLR comparison terminal returns and the corresponding five-tuple the consistent legitimacy of judging terminal; If consistent then judging passed through the authentication of terminal, terminal authentication is failed otherwise judge.

Do not belong to tolerance interval if judge SQNHE, then produce again sync mark AUTS (Resynchronisation Token) according to SQNMS, network side MSC/VLR is returned synchronization request or synchronization failure (Synchronisation failure) message again, enclose the AUTS of sync mark again of generation simultaneously, and enclose described Authentication Response ARES.When network side MSC/VLR receives described synchronization request again, judge earlier whether described Authentication Response ARES is consistent with the XRES that self preserves, if it is consistent, then ask new authentication tuple to HLR/AUC, and enclose the RAND in the five-tuple of corresponding this authentication and be received from the AUTS of terminal, after HLR/AUC receives the request of MSC/VLR, judge the legitimacy of AUTS, if illegal, then HLR/AUC returns the AUTS information unauthorized to MSC/VLR; If it is legal to judge AUTS, then HLR/AUC upgrades SQNHE according to the SQNMS among the AUTS, and produces a new authentication five-tuple and send to MSC/VLR, after MSC/VLR receives new five-tuple, and the old five-tuple that deletion is corresponding.If described Authentication Response ARES and the XRES that self preserves are inconsistent, it is illegal that then MSC/VLR judges synchronization request itself again.MSC/VLR judges when synchronization request is illegal again, can directly stop synchronous flow process, thereby can make HLR/AUC avoid false synchronous attack with illegal shielding synchronously outside HLR/AUC.Owing to comprised expectation Authentication Response value XRES in the authentication five-tuple that MSC/VLR obtains from HLR/AUC, therefore, MSC/VLR does not need to calculate XRES, but directly compare the legitimacy of judging synchronization request by ARES and the XRES that terminal is returned, therefore, the false resource consumption that will judge the AUTS legitimacy synchronously to the consumption of MSC/VLR resource much smaller than HLR/AUC.

Below in conjunction with accompanying drawing the specific embodiment of the present invention is described in detail:

See also Fig. 1, Fig. 1 is the flow chart of the specific embodiment of the invention one.

At first, in step 102, during authentication, network side MSC/VLR sends to terminal with the corresponding authentication parameter in the authentication tuple that produces.

Described authentication tuple can comprise random number RA ND, Expected Response XRES and authentication signature AUTN (Authentication Token), also may further include, encryption key CK and Integrity Key IK.

Described corresponding authentication parameter comprises RAND and AUTN.

When producing the authentication tuple, HLR/AUC calculates XRES respectively with randomizer RAND that produces and the KI KI that self preserves, produce AUTN according to RAND, KI, sequence number SQNHE, authentication management field AMF, also can further calculate CK and IK respectively according to RAND and the KI KI that self preserves.

Long 16 bytes of described authentication signature AUTN, comprise following content: 1) SQNHE^AK, the also SQNHE that has promptly encrypted, wherein long respectively 6 bytes of sequence number SQNHE and Anonymity Key AK with AK, SQNHE refers to be kept at the SQN of network side, to be different from the SQNMS that is kept at terminal; When needs were encrypted SQNHE, HLR/AUC produced AK according to RAND and KI, used AK that SQNHE is made XOR, thereby encrypted SQNHE; When not needing SQNHE encrypted, AK=0; 2) long 2 bytes of authentication management field AMF.3) long 8 bytes of message authentication coding MAC-A; MAC-A is used to verify the data integrity of RAND, SQNHE, AMF, is used for terminal HLR/AUC is carried out authentication.HLR/AUC calculates message authentication coding MAC-A among the AUTN according to RAND, SQNHE, KI and AMF.Like this, formed the authentication five-tuple by RAND, AUTN, XRES, CK, IK etc.

HLR/AUC can be when receiving the request of MSC/VLR request authentication tuple, and authentication five-tuple and the corresponding international mobile subscriber identity IMSI that produces sent to MSC/VLR.MSC/VLR is a circuit domain equipment, and for the network of packet domain, corresponding equipment can be SGSN.During authentication, random number RA ND and authentication signature AUTN that the MSC/VLR of network side will be received from the authentication tuple of HLR/AUC send terminal MS to.

Step 103, terminal MS receive corresponding authentication parameter that network side sends be random number RA ND and authentication signature AUTN and judge consistency checking to RAND and AUTN and pass through after, produce Authentication Response ARES.

Specifically, terminal according to the SQNHE among the RAND that receives and the KI KI that self preserves and the AUTN that receives and AMF adopt with HLR/AUC calculating AUTN in the consistent algorithm computation of MAC-A go out MAC-A, carry out consistency checking then, promptly, relatively whether the MAC-A among MAC-A that oneself calculates and the AUTN that receives is consistent, for example whether identical, if inconsistent, then return failed authentication information to MSC/VLR; If unanimity then produces Authentication Response ARES according to KI and RAND.

Step 104, terminal produces sync mark AUTS again, initiate synchronization request message again to network, and enclose the AUTS of generation and the check code of ARES, the check code of described ARES can be ARES itself, also can be the part of ARES, for example is some position among the ARES, simply, can be several of the former position of ARES or backs.

The described AUTS of sync mark again comprises following content: 1) SQNMS^AK, and the also SQNMS that has promptly encrypted with AK, long respectively 6 bytes of sequence number SQNMS and Anonymity Key AK wherein, SQNMS refers to be kept at the SQN of end side, to be different from the SQNHE that is kept at network side; When needs were encrypted SQNMS, terminal produced AK according to RAND and KI, used AK that SQNMS is made XOR, thereby encrypted SQNMS; When not needing SQNMS encrypted, AK=0; 2) long 8 bytes of message authentication coding MAC-S; MAC-S is used to verify the data integrity of RAND, SQNMS, is used for HLR/AUC terminal is carried out authentication, also, is used for HLR/AUC verifies synchronous request command again by the consistency of checking AUTS integrality.

Terminal calculates MAC-S according to oneself SQNMS, KI and RAND that receives and AMF etc., produces sync mark AUTS again according to SQNMS, AK and MAC-S again.

After terminal produces sync mark AUTS, network side MSC/VLR is returned synchronous request command or synchronization failure (Synchronisation failure) message again again, enclose the AUTS of generation and the check code of ARES simultaneously.

Step 105 after network side MSC/VLR receives the synchronous request command again of terminal transmission, is judged the legitimacy of synchronous request command according to the check code of Authentication Response.If it is legal to judge synchronous request command again, then execution in step 106, if it is illegal to judge synchronous request command again, then execution in step 107.

Specifically, when network side MSC/VLR receives synchronous request command again, whether the check code that MSC/VLR judges earlier received ARES is consistent with the XRES in the corresponding authentication tuple of preservation, if it is inconsistent then think that again synchronous request command itself is illegal, also promptly, this again synchronous request command may be a false synchronization request that rogue attacks person sent; If consistent, think that then synchronization request is legal again, also promptly this again synchronous request command be derived from a legal terminal.

The check code of described ARES is identical with this XRES with the check code that corresponding XRES unanimity can be ARES, and for example the check code of ARES is ARES itself; Also can be that corresponding among check code and this XRES of ARES some is identical, for example the check code of ARES be corresponding some position of ARES, or is several of former positions of ARES or backs simply.

Step 106, MSC/VLR and HLR/AUC are according to existing Synchronous Processing flow processing.Be that MSC/VLR sends synchronization request message again to HLR/AUC, or ask the request of new authentication tuple, and enclose the RAND in the corresponding authentication tuple and be received from the AUTS of terminal that HLR/AUC carries out follow-up Synchronous Processing operation.

Specifically, MSC/VLR sends synchronization request again to HLR/AUC, and by this request, MSC/VLR will be received from the AUTS of terminal and the RAND in the corresponding authentication tuple sends to HLR/AUC in the lump; HLR/AUC judges the integrality of synchronization request message again, promptly, judge the integrality of the AUTS that receives, also be, AUTS is carried out consistency checking, also be that HLR/AUC is earlier according to RAND, KI, employings such as SQMMS and AMF and terminal calculate that the consistent algorithm computation of MAC-S draws a result of calculation among the AUTS, MAC-S among the result of calculation that oneself is calculated and the AUTS that receives relatively again, if it is consistent, it is legal to judge AUTS, that is, and and by integrity verification to AUTS, also promptly by integrity verification to synchronization request message, otherwise it is illegal to judge AUTS, promptly, integrity verification to AUTS can't pass, and also promptly the integrity verification of synchronization request message be can't pass.When HLR/AUC can't pass the integrity verification of synchronization request message, return the incomplete message of AUTS or synchronization request message is distorted to MSC/VLR.By the normal synchronized flow processing, for example, upgrade SQNHE according to SQNMS, and make subsequent treatment when HLR/AUC passes through the integrity verification of synchronization request message.If SQNMS encrypts through AK here, HLR/AUC also will calculate AK according to KI and RAND, decrypts SQNMS with AK.Can be about the normal synchronized flow processing with reference to the 3GPP standard.

Step 107, MSC/VLR finishes the Synchronous Processing flow process.

In step 104, when producing MAC-S, can also calculate generation according to RAND, KI, SQNMS, that is, no longer according to AMF, accordingly in step 106, during network side checking MAC-S legitimacy, also verify, and no longer carry out according to AMF according to RAND, KI, SQNMS.

In this embodiment, also can comprise in the step 103 if to the consistency checking of RAND and AUTN fail by, then judge network authentication do not passed through, terminal is returned failed authentication information to network.

Generally, before above-mentioned steps 104, can also comprise: whether the SQNHE among the terminal judges AUTN belongs to the step of tolerance interval, if terminal judges goes out SQNHE among the AUTN when not belonging to tolerance interval, then execution in step 104 and step later on thereof, otherwise, be that terminal judges is when going out SQNHE among the AUTN and belonging to tolerance interval, terminal judges goes out to be passed through the authentication of network side, upgrade SQNMS according to SQNHE, for example the value of SQNMS is set to equate with SQNHE, then the Authentication Response ARES that produces is sent to the MSC/VLR of network side, whether identical MSC/VLR is by relatively whether ARES is consistent with the XRES in the corresponding authentication tuple, for example judge whether terminal authentication is passed through.Detailed information can be with reference to the 3GPP standard.

But, in some cases, be provided with the value of SQNMS by craft in terminal, and think the SQNMS that is provided with very likely with AUTN in SQNHE when asynchronous, so, before above-mentioned steps 104, terminal does not just need to carry out the step whether SQNHE among the so-called AUTN of judgement belongs to tolerance interval, but directly with regard to execution in step 104.

The calculating of aforementioned calculation CK, IK, AK, ARES, XRES, MAC-A and MAC-S value can be that known digest calculations, computations or deciphering calculated, referring to " applied cryptography " book, also can adopt the algorithm of 3GPP specifications recommend, certainly, also can be to use the more known algorithms of industry to carry out.

See also Fig. 2, Figure 2 shows that the specific embodiment of the specific embodiment of the invention one.Produce sync mark when in this embodiment, the SQNHE of terminal in judging AUTN do not belong to tolerance interval and send synchronization request to network side.

In step 202, during authentication, network side is by sending authentication request to terminal, and the corresponding authentication parameter in should the authentication tuple of terminal that produces is sent to terminal.

Specifically, HLR/AUC produces random number RA ND according to randomizer, calculates Expected Response XRES, encryption key CK, Integrity Key IK respectively according to RAND and KI KI.Produce message authentication coding MAC-A according to random number RA ND, sequence number SQNHE, KI KI and AMF calculating, produce AUTN according to MAC-A, SQNHE, Anonymity Key AK and authentication management field AMF again.Here, when needs were encrypted SQNHE, HLR/AUC produced AK according to RAND and KI, used AK that SQNHE is made XOR, thereby encrypted SQNHE; When not needing SQNHE encrypted, AK=0; HLR/AUC is connected with AMF with MAC-A, SQNHE and is combined into AUTN.Like this, formed the authentication five-tuple by RAND, AUTN, XRES, CK and IK etc.

HLR/AUC can be when receiving the request of MSC/VLR request authentication tuple, and authentication five-tuple and the corresponding IMSI that produces sent to MSC/VLR together.During authentication, MSC/VLR initiates authentication request to terminal, by this authentication request message corresponding authentication parameters R AND and AUTN in the corresponding authentication five-tuple is sent to terminal.

Step 203 when terminal receives authentication request, is carried out consistency checking to RAND and AUTN earlier.

Specifically, when terminal receives from the random number RA ND of network side MSC/VLR transmission and authentication signature AUTN, adopt the algorithm consistent to calculate a result of calculation according to SQNHE among the RAND that receives, the KI that self preserves and the AUTN that receives and AMF with MAC-A among the HLR/AUC calculating AUTN, terminal result of calculation that oneself is calculated and the MAC-A among the AUTN compare then, see whether the two is consistent, for example whether identical, if it is inconsistent, then think the authentication of network is not passed through, execution in step 204; If consistent, then execution in step 205.

Step 204, terminal is returned the information of " failed authentication " to network, finishes this flow process then.In the middle of the reality, after terminal sent to MSC/VLR with the information of " failed authentication ", MSC/VLR can also be according to should " failed authentication " information returning corresponding failure reporting to HLR/AUC.

Step 205, terminal produces Authentication Response ARES according to KI and the random number RA ND that receives, and judges that SQNHE among the AUTN is whether in tolerance interval, if, then judge network authentication is passed through, and execution in step 206, otherwise, judge synchronization failure, and execution in step 210.

Specifically, whether SQNMS and the SQNHE in AUTN of terminal by relatively more own preservation satisfies predetermined condition and judges whether the SQNHE among the AUTN can accept, this predetermined condition can be that the difference of SQNHE and SQNMS is in a preset range, for example, whether (SQNHE-SQNMS) is greater than 0, and perhaps whether (SQNHE-SQNMS) is greater than 0 and less than 256.If it is acceptable that the difference of SQNHE and SQNMS in described preset range, is then judged SQNHE; Otherwise judge SQNHE is unacceptable.

Step 206, terminal sends Authentication Response ARES to the MSC/VLR of network side; Execution in step 207 then.

Step 207, network side MSC/VLR judges whether the ARES that is received from terminal is consistent, for example whether identical with the Expected Response XRES in the corresponding authentication tuple of preserving, if consistent, then execution in step 208 after receiving the Authentication Response ARES of terminal; Otherwise, execution in step 209.

Step 208, network side MSC/VLR judges terminal authentication is passed through, and finishes this flow process.Finishing this flow process, can also return the authentication successful information to terminal.

Step 209 is judged the terminal authentication failure, finishes this flow process.Finishing this flow process, can also return failed authentication information to terminal.

Step 210, terminal produces sync mark AUTS again according to SQNMS, and network is initiated synchronous request command again, and encloses the check code of AUTS and ARES.In the present embodiment, the check code of ARES is the latter half of ARES.

Specifically, terminal calculates MAC-S according to oneself KI, SQNMS and RAND that receives and AMF etc., produce sync mark AUTS again according to SQNMS, AK and MAC-S again, then network side is initiated synchronous request command again, and the ARES that encloses this AUTS and produce in step 205.Also promptly, send synchronization failure message, comprised AUTS and ARES in this synchronization failure message to MSC/VLR.Execution in step 211 then.

Step 211 when network side MSC/VLR receives synchronous request command again, judges whether the ARES check code that receives is consistent with the XRES in the corresponding authentication tuple of preserving, and also is whether the check code of ARES is identical with the latter half of described XRES.If inequality, also promptly inconsistent, then execution in step 212; If unanimity then execution in step 213.

Step 21 2, it is illegal that the MSC/VLR of network side judges synchronous request command, promptly synchronization request itself is illegal again, promptly this again synchronization request may then, finish this flow process from rogue attacks person.

Step 213, network side MSC/VLR sends the request of asking new authentication tuple to HLR/AUC, perhaps sends synchronization request, encloses RAND and the AUTS that is received from terminal in the corresponding authentication tuple in the request.

Step 214, HLR/AUC verifies the integrality of synchronous request command by the legitimacy of checking AUTS again, if legal, then execution in step 215; Otherwise, execution in step 216;

Specifically, the HLR/AUC of network side obtains a result of calculation according to employing algorithm computation consistent with the MAC-S among the terminal calculating AUTS such as the SQNMS among the KI of the RAND that is received from MSC/VLR, preservation, the AUTS that receives and AMF, whether consistent by the MAC-S that compares among result of calculation that oneself calculates and the AUTS that receives then, for example whether identical, judge the AUTS legitimacy, if described result of calculation is more consistent with MAC-S value among the AUTS, think that then AUTS is legal, otherwise think the illegal property of AUTS.

Step 215, the HLR/AUC of network side upgrades SQNHE according to SQNMS, and produces the authentication tuple again, and the authentication tuple that newly produces is sent to MSC/VLR, then, finishes this flow process.

Step 216, the HLR/AUC of network side thinks that sync mark AUTS information is distorted again, the SQNMS among the AUTS is no longer credible, sends synchronous request command information unauthorized again to MSC/VLR, then, finishes this flow process.

Obviously, in step 210, terminal is initiated synchronous request command again to network, and the information of enclosing can be AUTS and ARES.Correspondingly, in step 211, when network side MSC/VLR receives synchronous request command, judge whether the check code of the ARES receive is consistent with the XRES in the corresponding authentication tuple of preserving again, be meant whether the XRES in the corresponding authentication tuple of judging the described ARES that receives and preservation is equal.

Above-mentioned MSC/VLR is a circuit domain equipment, and for the network of packet domain, corresponding MSC/VLR equipment is SGSN, so the present invention can be equal to and is applied to packet domain.

Among above-mentioned each embodiment or the embodiment, terminal is for the AUTN consistency checking, whether belongs to the judgement of tolerance interval for SQNHE, and HLR/AUC is for the checking of AUTS legitimacy, and HLR/AUC is when producing the authentication tuple, for the renewal of SQNHE; Produce the algorithm of authentication tuple, and the algorithm that produces AUTS, or the like, can owing to be known technology, repeat no more here referring to the 3GPP related protocol.

Below the specific embodiment of the present invention two is introduced, illustrated by the enforcement and the application of two couples of the present invention of embodiment between three communication modules, described module comprises first module, second module and three module, and second module and three module can merge physically also can be discrete.In first module, preserve the first KI AK1 and the first synchronisation key SK1, preserve the second KI AK2 and the second synchronisation key SK2 accordingly in second module; In first module, preserve the first sequence number SQN1, in second module, preserve the second sequence number SQN2.

See also Fig. 3, Fig. 3 is the flow chart of the specific embodiment of the invention two.

Step 300, second module sends to three module with the authentication parameter that produces.

In the middle of the reality, when second module produces authentication parameter information, at first produce a random number RA ND, such as, second module is provided with a randomizer, produces this random number RA ND by randomizer, calculates according to RAND, SQN2 and AK2 then, obtain message authentication coding MAC-A, and produce Expected Response XRES according to RAND and AK2; Described second module is issued three module with authentication parameter XRES, RAND, SQN2 and MAC-A.

Step 301, three module sends to first module with corresponding authentication parameter information in the authentication parameter.

Three module is with the RAND in the authentication parameter described in actual working as, and authentication parameter information such as SQN2 and MAC-A are issued first module;

Step 302, first module judge to the consistency checking of MAC-A by the time, produce Authentication Response ARES according to AK1 and random number RA ND.

Specifically, first module is carried out consistency checking to the authentication parameter information that is received from three module, also be, MAC-A is carried out consistency checking, here be according to AK1 and the RAND and the SQN2 that are received from three module, calculate according to calculating the consistent method of MAC-A with second module, obtain a result of calculation, and whether the result who relatively oneself calculates is consistent with the MAC-A that is received from three module, if it is inconsistent, then the consistency checking to MAC-A does not pass through, and judges the three module authentication is not passed through; If consistent, then the consistency checking to MAC-A passes through.First module judge to the consistency checking of MAC-A by the time, produce Authentication Response ARES according to the first KI AK1 and the random number RA ND that receives.

Step 303, first module produces synchronizing authentication coding MAC-S, three module is sent synchronization request message, and enclose the check code of SQN1 and MAC-S and ARES, the check code of described ARES can be ARES itself, also can be the part of ARES, for example is some position among the ARES, simply, can be several of the former position of ARES or backs.

Specifically, first module calculates a synchronizing authentication coding MAC-S according to RAND, SQN1 and SK1, sends synchronization request message to three module, comprises the check code of SQN1 and MAC-S and ARES in the message.

Step 304, three module is verified the legitimacy of the synchronization request message of first module, if it is illegal to judge this synchronization request message, then execution in step 305; Otherwise, execution in step 306.

Specifically whether whether the check code of three module checking ARES consistent with the Expected Response XRES in the authentication tuple that is received from second module, for example identical, if inconsistent, thinks that then synchronization request message is illegal again; If consistent, think that then synchronization request message is legal.

The check code of described ARES is identical with XRES with the check code that corresponding XRES unanimity can be ARES, and for example the check code of ARES is ARES itself; Also can be that corresponding among check code and the XRES of ARES some is identical, for example the check code of ARES be corresponding some position among the ARES, or is several of former positions of ARES or backs simply.

Step 305, three module are thought the Synchronous Processing request source from an illegal module, finish the Synchronous Processing flow process.

Step 306, three module thinks that the Synchronous Processing request source is from a legal module, three module sends synchronization request message to second module, and the SQN1 and the MAC-S that enclose the RAND in the authentication parameter that is received from second module and be received from first module, second module is carried out follow-up Synchronous Processing flow process.

Specifically, second module is carried out integrity verification to this synchronization request message after receiving the synchronization request message of three module transmission, also promptly verifies the consistency of synchronizing authentication coding MAC-S, if the consistency checking to MAC-S passes through, then upgrade SQN2 according to SQN1; If the MAC-S consistency checking be can't pass, think that then synchronization request message is distorted, SQN1 is no longer credible, then the end process flow process.

It is RAND and the SQN1 that sends according to the SK2 that oneself preserves, three module that second module is carried out consistency checking to MAC-S, calculate according to calculating the consistent method of MAC-S with first module, obtain a result of calculation, and the result of calculation that relatively oneself calculates and three module send MAC-S whether consistent, whether for example identical, if consistent, it is legal then to judge MAC-S, that is, by consistency checking to MAC-S; If inconsistent, it is illegal then to judge MAC-S, and the consistency checking of MAC-S be can't pass.

Here, during the second module verification MAC-S consistency, the RAND that need use is obtained by the three module loopback, in the middle of the reality, second module also can have been preserved corresponding RAND in advance when authentication parameter is sent to three module, at this moment, three module does not need to enclose described RAND in the synchronization request message that second module sends in step 306.

Generally, before above-mentioned steps 303, can also comprise: first module is according to the own SQN1 checking SQN2 that preserves acceptable step whether, if when first module is judged SQN2 and is not belonged to tolerance interval, and then execution in step 303 and later step thereof, otherwise, when promptly first module was judged SQN2 and belonged to tolerance interval, first module was judged the authentication of three module is passed through, and first module is upgraded SQN1 according to SQN2, for example, SQN1 is set to equate with SQN2; Whether identical then the Authentication Response ARES that produces is sent to three module, three module is by relatively whether ARES is consistent with the XRES in the authentication parameter that is received from second module, for example judge whether the first module authentication is passed through.

But, in some cases, be provided with the value of SQN1 by craft in first module, and think that the SQN1 that is provided with is very likely with SQN2 when asynchronous, so, before above-mentioned steps 303, first module does not just need to carry out whether acceptable step of the so-called SQN2 of judgement, but directly with regard to execution in step 303.

The initial value of SQN1 is to be 0 or random number, and corresponding SQN2 initial value is any number greater than SQN1.

The calculating of aforementioned calculation ARES, XRES, MAC-A and MAC-S value can be that known digest calculations, computations or deciphering calculated, and referring to " applied cryptography " book, also can be to use the more known algorithms of industry to carry out.

Specific embodiment to the specific embodiment of the invention two is illustrated below.In this embodiment, first module produces the synchronizing authentication coding and sends synchronization request message to three module when judging SQN2 and do not belong to tolerance interval.

See also Fig. 4, Fig. 4 is the embodiment flow chart of the specific embodiment of the invention two.

In step 400, second module sends to three module with the authentication parameter that produces.

In step 401, three module sends to first module with corresponding authentication parameter information in the authentication parameter.Three module is with the RAND in the authentication parameter described in actual working as, and authentication parameter information such as SQN2 and MAC-A are issued first module;

In step 402, first module is carried out consistency checking to the message that is received from three module, if consistency checking can't pass, then execution in step 403; If consistency checking passes through, then execution in step 404.

First module is according to AK1 and the RAND and the SQN2 that are received from three module, calculate according to calculating the consistent method of MAC-A with second module, obtain a result of calculation, and whether the MAC-A of result who relatively oneself calculates and reception is consistent, whether for example identical, if consistent, then described consistency checking passes through, otherwise described consistency checking can't pass.

In step 403, judge the three module authentication is not passed through, return failed authentication information.

Whether in step 404, first module produces Authentication Response ARES according to AK1 and RAND, and can accept according to the SQN1 checking SQN2 that oneself preserves, if can accept, then execution in step 405; Cannot accept if judge SQN2, then execution in step 409.

Whether first module can be accepted according to the SQN1 checking SQN2 that oneself preserves, can be judge SQN1 and SQN2 difference whether in certain scope, for example, whether (SQN1-SQN2) is greater than 0, perhaps whether (SQN1-SQN2) is greater than 0 and less than 256, or the like.If difference in described scope, is then judged SQN2 and can be accepted, otherwise, judge that SQN2 cannot accept.

Step 405, first module is judged the three module authentication is passed through, and upgrades SQN1 according to SQN2, and returns described Authentication Response ARES; Execution in step 406 then; Described according to SQN2 renewal SQN1, can be that the value of SQN1 is set to equal SQN2.

Step 406, three module judge whether Authentication Response ARES is consistent with the Expected Response XRES in the authentication parameter that is received from second module, if consistent, then execution in step 407, otherwise execution in step 408.

Step 407, three module passes through the first module authentication, finishes this flow process.Before receiving this flow process, three module can also return the authentication successful information to first module.

Step 408, three module does not pass through the first module authentication, finishes this flow process.Before receiving this flow process, three module can also return failed authentication information to first module.

Step 409, first module calculates a synchronizing authentication coding MAC-S according to SQN1 and according to SK1 and the RAND that receives etc., sends synchronization request message to three module, comprises SQN1 and MAC-S in the message, and the check code of ARES, execution in step 410 then.The check code of described ARES can be ARES itself, also can be the part of ARES, for example is some position among the ARES, simply, can be former or back several of ARES.

Whether XRES is consistent in the check code that step 410, three module are judged ARES and the authentication parameter that is received from second module, if inconsistent then execution in step 411, if unanimity then execution in step 412.

The check code of described ARES is identical with XRES with the check code that corresponding described XRES unanimity can be ARES, and for example the check code of ARES is ARES itself; Also can be that corresponding among check code and the XRES of ARES some is identical, for example the check code of ARES be corresponding some position of ARES, or is several of former positions of ARES or backs simply.

Step 411, it is illegal that three module is judged synchronization request message, and promptly this synchronization request message may come from illegal module, then, finishes this flow process.

Step 412, three module sends synchronization request message to second module, and encloses SQN1 and MAC-S that is received from first module and the RAND that is received from second module, and execution in step 413 then.

Step 413, second module is carried out integrity verification to synchronization request message, also promptly MAC-S is carried out consistency checking, if consistency checking passes through, then execution in step 414, otherwise, execution in step 415.

Second module is according to SK2, the RAND that is received from three module and the SQN1 that oneself preserve, calculate according to calculating the consistent method of MAC-S with first module, obtain a result of calculation, and whether the result who relatively oneself calculates is consistent with the MAC-S that is received from three module, for example whether identical, if consistent, then by consistency checking to MAC-S, otherwise, the consistency checking of MAC-S is not passed through.

Step 414, second module is upgraded SQN2 according to SQN1, finishes this flow process.Before finishing this flow process, second module can also be returned " synchronization request message is legal " information to three module.Be appreciated that in the middle of the reality, can also carry out of Memory by this message.

Described can be that the value of SQN2 is set to equal SQN1 according to SQN1 renewal SQN2, perhaps produces the value that a new value replaces SQN2 itself according to SQN1; Or after the value of SQN2 is set to equal SQN1, produce the value that a new value replaces SQN2 itself according to SQN2 again.According to SQN1 or new value of SQN2 generation can be that SQN1 or SQN2 are increased an increment at random, obtains described new value such as the random number between increasing by 1 to 256.In the middle of the reality, can produce random number between 1 to 256 by randomizer.

Step 415, it is illegal that second module is judged synchronization request message, also is that MAC-S and SQN1 are inconsistent, means that SQN1 is insincere, and SQN1 information may be distorted, and finishes this flow process then.Before finishing this flow process, second module can also be returned " synchronization request message is illegal " information to three module.

In above-mentioned steps 413, the RAND that uses when second module is carried out consistency checking to MAC-S is obtained by the three module loopback, in the middle of the reality, second module also can have been preserved corresponding RAND in advance when authentication parameter is sent to three module, at this moment, three module sends in the synchronization request message of second module and does not need to enclose described RAND in step 412.

In above-mentioned embodiment or embodiment, when first module is calculated synchronizing authentication coding MAC-S again, can not use random number to participate in computing, accordingly, during the consistency of second this MAC-S of module verification, do not use random number to participate in computing yet.But, can reduce by the fail safe of the first synchronisation key SK1 like this, be at a kind of bad realization that changes of the present invention, therefore, enumerates this concrete implementation step that changes bad implementation method here no longer in detail.

Above-mentioned second module and three module can be merged into a module and realize, in this case, among above-mentioned execution mode or the embodiment, the message transfer operation between second module and the three module will no longer need, and perhaps will become the message transmission that mould is determined inner.Following will describing by the 3rd execution mode and corresponding embodiment

Below the specific embodiment of the present invention three is introduced, is illustrated that by the enforcement and the application of three couples of the present invention of embodiment between two communication modules described module comprises first module, second module.In first module, preserve the first KI AK1 and the first synchronisation key SK1, preserve the second KI AK2 and the second synchronisation key SK2 accordingly in second module; In first module, preserve the first sequence number SQN1, in second module, preserve the second sequence number SQN2.

See also Fig. 5, Fig. 5 is the flow chart of the specific embodiment of the invention three.

Step 501, second module produces authentication parameter, and corresponding authentication parameter information in the authentication parameter is sent to first module.

Described authentication parameter comprises XRES, RAND, SQN2 and MAC-A.When second module produces authentication parameter information, at first produce a random number RA ND, such as, second module is provided with a randomizer, produce this random number RA ND by randomizer, calculate according to RAND, SQN2 and AK2 then, obtain message authentication coding MAC-A, and produce Expected Response XRES according to RAND and AK2.Second module sends to first module with corresponding authentication parameter information in the authentication parameter and is meant: second module is with the RAND in the authentication parameter, and authentication parameter information such as SQN2 and MAC-A are issued first module.

Step 502, first module judge to the consistency checking of MAC-A by the time, produce Authentication Response ARES according to AK1 and random number RA ND.

Specifically, first module is carried out consistency checking to the authentication parameter information that is received from second module, also be, MAC-A is carried out consistency checking, here be according to AK1 and the RAND and the SQN2 that are received from second module, calculate according to calculating the consistent method of MAC-A with second module, obtain a result of calculation, and whether the result who relatively oneself calculates is consistent with the MAC-A that is received from second module, if it is inconsistent, then the consistency checking to MAC-A does not pass through, and judges the second module authentication is not passed through; If consistent, then the consistency checking to MAC-A passes through.First module judge to the consistency checking of MAC-A by the time, produce Authentication Response ARES according to the first KI AK1 and the random number RA ND that receives.

Step 503, first module produces synchronizing authentication coding MAC-S, second module is sent synchronization request message, and enclose the check code of SQN1 and MAC-S and ARES, the check code of described ARES can be ARES itself, also can be the part of ARES, for example is some position among the ARES, simply, can be several of the former position of ARES or backs.

Specifically, first module calculates a synchronizing authentication coding MAC-S according to RAND, SQN1 and SK1, sends synchronization request message to second module, comprises the check code of SQN1 and MAC-S and ARES in the message.

Step 504, the legitimacy of the synchronization request message of second module verification, first module, if it is illegal to judge this synchronization request message, then execution in step 505; Otherwise, execution in step 506.

Whether specifically whether the check code of the second module verification ARES is consistent with the Expected Response XRES in the authentication tuple that is received from second module, for example identical, if inconsistent, thinks that then synchronization request message is illegal again; If consistent, think that then synchronization request message is legal.

Step 505, second module are thought the Synchronous Processing request source from an illegal module, finish the Synchronous Processing flow process.

Step 506, second module are thought the Synchronous Processing request source from a legal module, and make subsequent treatment.

Specifically, second module thinks that the Synchronous Processing request source when a legal module, verifies the integrality of described synchronization request message, also promptly verifies the consistency of synchronizing authentication coding MAC-S, and is correspondingly processed according to the checking result.If second module is passed through synchronizing authentication coding MAC-S consistency checking, then upgrade SQN2 according to SQN1; If synchronizing authentication coding MAC-S consistency checking be can't pass, think that then synchronization request message is distorted, SQN1 is no longer credible, also be, the check code that the assailant has kept the ARES that first module transmits is constant, and changed some values among MACS and the SQN1 at least, and in this case, the second module end process flow process.

It is SK2, the RAND of basis oneself preservation and the SQN1 of first module transmission that second module is carried out consistency checking to MAC-S, calculate according to calculating the consistent method of MAC-S with first module, obtain a result of calculation, and whether the result of calculation that relatively oneself calculates is consistent with the MAC-S that first module sends, whether for example identical, if consistent, it is legal then to judge MAC-S, that is, by consistency checking to MAC-S; If inconsistent, it is illegal then to judge MAC-S, and promptly the consistency checking to MAC-S can't pass.

Generally, before above-mentioned steps 503, can also comprise: first module is according to the own SQN1 checking SQN2 that preserves acceptable step whether, if when first module is judged SQN2 and is not belonged to tolerance interval, and then execution in step 503 and later step thereof, otherwise, when promptly first module was judged SQN2 and belonged to tolerance interval, first module was judged the authentication of second module is passed through, and first module is upgraded SQN1 according to SQN2, for example, SQN1 is set to equate with SQN2; Whether identical then the Authentication Response ARES that produces is sent to second module, second module is by relatively whether ARES is consistent with the XRES in the authentication parameter, for example judge whether the first module authentication is passed through.

But, in some cases, be provided with the value of SQN1 by craft in first module, and think that the SQN1 that is provided with is very likely with SQN2 when asynchronous, so, before above-mentioned steps 503, first module does not just need to carry out whether acceptable step of the so-called SQN2 of judgement, but directly with regard to execution in step 503.

Specific embodiment to the specific embodiment of the invention three is illustrated below.In this embodiment, first module produces the synchronizing authentication coding and sends synchronization request message to second module when judging SQN2 and do not belong to tolerance interval.

See also Fig. 6, Fig. 6 is the embodiment flow chart of the specific embodiment of the invention three.

In step 601, second module sends to first module with the authentication parameter that produces with corresponding authentication parameter information in the authentication parameter.

Described authentication parameter comprises XRES, RAND, SQN2 and MAC-A.In the middle of the reality, when second module produces authentication parameter information, at first produce a random number RA ND, such as, second module is provided with a randomizer, produces this random number RA ND by randomizer, calculates according to RAND, SQN2 and AK2 then, obtain message authentication coding MAC-A, and produce Expected Response XRES according to RAND and AK2.

Describedly corresponding authentication parameter information in the authentication parameter is sent to first module be meant: second module is with the RAND in the authentication parameter, and authentication parameter information such as SQN2 and MAC-A are issued first module;

In step 602, first module is carried out consistency checking to the message that is received from second module, if consistency checking can't pass, then execution in step 603; If consistency checking passes through, then execution in step 604.

First module is according to AK1 and the RAND and the SQN2 that are received from second module, calculate according to calculating the consistent method of MAC-A with second module, obtain a result of calculation, and whether the MAC-A of result who relatively oneself calculates and reception is consistent, whether for example identical, if consistent, then described consistency checking passes through, otherwise described consistency checking can't pass.

In step 603, judge the second module authentication is not passed through, return failed authentication information.

Whether in step 604, first module produces Authentication Response ARES according to AK1 and RAND, and can accept according to the SQN1 checking SQN2 that oneself preserves, if can accept, then execution in step 605; Cannot accept if judge SQN2, then execution in step 609.

Step 605, first module are judged the second module authentication are passed through, and upgrade SQN1 according to SQN2, and return described Authentication Response ARES; Execution in step 406 then; Described according to SQN2 renewal SQN1, can be that the value of SQN1 is set to equal SQN2.

Step 606, second module judge whether Authentication Response ARES is consistent with the XRES in the authentication parameter, if consistent, then execution in step 607, otherwise execution in step 608.

Step 607, second module is passed through the first module authentication, finishes this flow process.Before receiving this flow process, second module can also be returned the authentication successful information to first module.

Step 408, second module is not passed through the first module authentication, finishes this flow process.Before receiving this flow process, second module can also be returned failed authentication information to first module.

Step 609, first module calculates a synchronizing authentication coding MAC-S according to SQN1 and according to SK1 and the RAND that receives etc., sends synchronization request message to second module, comprises SQN1 and MAC-S in the message, and the check code of ARES, execution in step 610 then.The check code of described ARES can be ARES itself, also can be the part of ARES, for example is some position among the ARES, simply, can be former or back several of ARES.

Whether XRES is consistent in the check code that step 610, second module are judged ARES and the authentication parameter, if inconsistent then execution in step 611, if unanimity then execution in step 612.

Step 611, it is illegal that second module is judged synchronization request message, and promptly this synchronization request message may come from illegal module, then, finishes this flow process.

Step 613, it is legal that second module is judged synchronization request message, and synchronization request message is carried out integrity verification, also promptly MAC-S carried out consistency checking, if consistency checking passes through, then execution in step 614, otherwise, execution in step 615.

Second module is according to the SK2, the RAND that oneself preserve and the SQN1 of reception, calculate according to calculating the consistent method of MAC-S with first module, obtain a result of calculation, and whether the result who relatively oneself calculates is consistent with the MAC-S that is received from first module, for example whether identical, if consistent, then by consistency checking to MAC-S, otherwise, the consistency checking of MAC-S is not passed through.

Step 614, second module is upgraded SQN2 according to SQN1, finishes this flow process.Before finishing this flow process, second module can also be returned " synchronization request message is legal " information to first module.Be appreciated that in the middle of the reality, can also carry out of Memory by this message.

Step 615, second module judges MAC-S and SQN1 is inconsistent, means that SQN1 is insincere, has one to be distorted among SQN1 and the MAC-S, finishes this flow process then.Before finishing this flow process, second module can also be returned " synchronization request message is illegal " information to first module.

Among above-mentioned embodiment or the embodiment, in first module, the first KI AK1 and the first synchronisation key SK1 can be identical, and also, the first KI AK1 and the first synchronisation key SK1 can be same keys; Correspondingly, in second module, the second KI AK2 and the second synchronisation key SK2 also can be identical, and also, the second KI AK2 and the second synchronisation key SK2 also can be same keys.

In the literary composition the calculating that produces or calculate some values of with good grounds several values can be that digest calculations or computations or deciphering are calculated.Referring to " applied cryptography " book, also can be to use the more known algorithms of industry to carry out.Which kind of, decide according to concrete application as for adopting algorithm.

Be appreciated that the above only for preferred embodiment of the present invention,, all any modifications of being done within the spirit and principles in the present invention, be equal to replacement, improvement etc., all should be included within protection scope of the present invention not in order to restriction the present invention.

Claims

1. a synchronization attack means of defence is applied to terminal and internetwork authentication in the 3G network, it is characterized in that described method may further comprise the steps at least:

A.HLR/AUC produces random number RA ND, produce Expected Response XRES according to random number, second KI, encryption key CK, Integrity Key IK, and according to random number, KI, authentication management field AMF and second sequence number SQNHE generation message authentication coding MAC-A, produce authentication signature AUTN according to second sequence number, authentication management field and message authentication coding, with described random number, Expected Response, encryption key, Integrity Key and authentication signature send to MSC/VLR as the authentication five-tuple;

B.MSC/VLR sends to terminal with described random number, authentication signature;

C. terminal is carried out consistency checking according to second sequence number and authentication management field among first KI and the random number that receives, the AUTN that receives to the coding of the message authentication among the AUTN that receives, and after checking is passed through, generate Authentication Response ARES according to first KI and described random number;

D. terminal judges according to the first sequence number SQNMS whether second sequence number can be accepted, and when second sequence number can not receive, according to first KI, first sequence number, AMF among the AUTN that receives and described random number generate synchronizing authentication coding MAC-S, produce sync mark AUTS according to MAC-S and SQNMS, MSC/VLR is sent synchronization request message and encloses the check code of described sync mark and described Authentication Response;

E.MSC/VLR judges the legitimacy of the check code of described Authentication Response according to Expected Response when receiving described synchronization request message, judge described illegal and finish relevant treatment with request message again if do not conform to rule; Otherwise MSC/VLR sends synchronization request message to HLR/AUC, and encloses the random number in described sync mark and the corresponding authentication five-tuple;

F.HLR/AUC judges the integrality of described synchronization request message according to second KI, and makes relevant treatment according to the integrality of described synchronization request message.

2. method according to claim 1, it is characterized in that, also comprise among the described step c when consistency checking of message authentication being encoded when terminal passes through, judge network side MSC/VLR failed authentication, send failed authentication information to MSC/VLR, and finish relevant treatment.

3. method according to claim 1 is characterized in that, also comprises in the steps d when terminal judges goes out second sequence number and can accept, and according to described second sequence number update, first sequence number, and MSC/VLR is sent described Authentication Response; MSC/VLR judges whether described Authentication Response is consistent with Expected Response, if consistent, judge the authentication of terminal passed through, and finish respective handling, otherwise, judge the authentication of terminal is not passed through, and finish respective handling.

4. method according to claim 1, it is characterized in that, described HLR/AUC judges that according to second KI integrality of described synchronization request message is meant, HLR/AUC is according to second KI, described authentication management field, first sequence number adopts and terminal is calculated the described synchronizing authentication consistent algorithm of encoding and calculated in described random number and the described sync mark, obtain a result of calculation, whether the synchronizing authentication coding is identical in more described result of calculation and the described sync mark, if it is identical, it is complete then to judge described synchronization request message, otherwise it is imperfect to judge described synchronization request message.

5. method according to claim 1, it is characterized in that, in step f, HLR/AUC judges described synchronization request message when imperfect, finish relevant treatment, otherwise,, produce new authentication five-tuple and be sent to few new authentication five-tuple and be used for authentication to MSC/VLR according to first sequence number update, second sequence number.

6. method according to claim 5, it is characterized in that, describedly be meant that according to described first sequence number update, second sequence number second sequence number is set to equate with first sequence number, or second sequence number be set to again second sequence number be increased an increment numerical value changeless or fixedly variation or change at random with after first sequence number equates.

7. method according to claim 1, it is characterized in that, among the described step c, terminal is carried out consistency checking to described message authentication coding: terminal adopts with HLR/AUC according to first KI, authentication management field, described random number and second sequence number and produces the consistent operation result of method generation of message authentication coding, whether more described operation result is consistent with described message authentication coding, if it is consistent, then the consistency checking to described message authentication coding passes through, otherwise, the consistency checking of described message authentication coding is not passed through.

8. method according to claim 1, it is characterized in that, in the described steps d, described terminal judges according to first sequence number whether second sequence number can be accepted further to be: whether the difference of judging second sequence number and first sequence number is in certain scope, if, then judging second sequence number can accept, otherwise, judge second sequence number and cannot accept.

9. method according to claim 1, the check code of described Authentication Response is an Authentication Response itself, or corresponding some position in the Authentication Response, judge that according to Expected Response the legitimacy of the check code of described Authentication Response is meant among the step e accordingly: whether the check code of judging Authentication Response is identical with Expected Response, whether the check code of perhaps judging Authentication Response is with corresponding some is identical in the Expected Response, if, the check code of then judging described Authentication Response is legal, otherwise, judge that the check code of described Authentication Response is illegal.

10. method according to claim 1 is characterized in that, further comprises the step of upgrading second sequence number among the described step a; Described renewal second sequence number can be that second sequence number is increased an increment numerical value changeless or fixedly variation or change at random.

11. method for authenticating, authentication between the module that is used for to intercom mutually, described module comprises at least: but first module of authentication and generation Authentication Response, first KI, first synchronisation key and first sequence number have been preserved in described first module, second module of can be used for producing authentication parameter, carrying out Synchronous Processing, correspondence has been preserved second KI, second synchronisation key and second sequence number in described second module, and the three module that can carry out authentication verification, described method may further comprise the steps at least:

(1). second module produces random number, produce Expected Response according to random number, second KI, and generate the message authentication coding according to random number, second KI and second sequence number, the message authentication coding of described random number, second sequence number, Expected Response and generation is sent to three module;

(2). three module sends to first module with described random number, second sequence number and message authentication coding;

(3). first module is carried out consistency checking according to first KI and described random number and second sequence number to described message authentication coding, and after checking is passed through, generates Authentication Response according to first KI and described random number;

(4). first module judges according to first sequence number whether second sequence number can be accepted, and when second sequence number can not receive, generate the synchronizing authentication coding according to first synchronisation key, first sequence number and described random number, three module is sent synchronization request message and encloses the check code of described synchronizing authentication coding, first sequence number and described Authentication Response;

(5). three module is judged the legitimacy of the check code of described Authentication Response according to Expected Response when receiving described synchronization request message, judge described illegal and finish relevant treatment with request message again if do not conform to rule; Otherwise three module sends synchronization request message to second module;

(6). second module is judged the integrality of described synchronization request message according to second synchronisation key, and makes relevant treatment according to the integrality of described synchronization request message.

12. method according to claim 11 is characterized in that, also comprises in the described step (3) when the consistency checking of message authentication being encoded when first module passes through, and judges the three module failed authentication, and finishes relevant treatment.

13. method according to claim 12 is characterized in that, first module further comprises before described end relevant treatment in the step (3): first module sends failed authentication information to three module.

14. method according to claim 11 is characterized in that, also comprises in the step (4) when first module is judged second sequence number and can be accepted, and according to described second sequence number update, first sequence number, and three module is sent described Authentication Response; Three module judges whether described Authentication Response is consistent with Expected Response, if consistent, judge the authentication of first module passed through, and finish respective handling, otherwise, judge the first module authentication is not passed through, and finish respective handling.

15. method according to claim 11 is characterized in that, in the step (5), when three module sends synchronization request message to second module, encloses described random number, the synchronizing authentication coding and first sequence number.

16. method according to claim 11 is characterized in that, in the step (1), when second module sends to three module at the message authentication coding with described random number, second sequence number and generation, has preserved described random number; In the step (5), when three module sends synchronization request message to second module, enclose the described synchronizing authentication coding and first sequence number.

17. according to claim 15 or 16 described methods, it is characterized in that, described second module judges that according to second synchronisation key integrality of described synchronization request message is meant, second module is calculated the consistent algorithm of described synchronizing authentication coding according to second synchronisation key, described random number and the employing of first sequence number and first module and is calculated, obtain a result of calculation, whether more described result of calculation is identical with the synchronizing authentication coding, if it is identical, it is complete then to judge described synchronization request message, otherwise it is imperfect to judge described synchronization request message.

18. method according to claim 11 is characterized in that, in step (6), second module is judged described synchronization request message when imperfect, finishes relevant treatment, otherwise, according to first sequence number update, second sequence number.

19. method according to claim 18, it is characterized in that, describedly be meant that according to described first sequence number update, second sequence number second sequence number is set to equate with first sequence number, or second sequence number be set to again second sequence number be increased an increment numerical value changeless or fixedly variation or change at random with after first sequence number equates.

20. method according to claim 11, it is characterized in that, in the described step (3), first module is carried out consistency checking to described message authentication coding: first module is according to first KI, described random number and the employing of second sequence number and second module are according to described random number, second KI produces the consistent method of message authentication coding with second sequence number and produces an operation result, whether more described operation result is consistent with described message authentication coding, if it is consistent, then the consistency checking to described message authentication coding passes through, otherwise, the consistency checking of described message authentication coding is not passed through.

21. method according to claim 11, it is characterized in that, in the described step (4), first module judges according to first sequence number whether second sequence number can be accepted further to be: whether the difference of judging second sequence number and first sequence number is in certain scope, if, then judging second sequence number can accept, otherwise, judge second sequence number and cannot accept.

22. method according to claim 11, the check code of described Authentication Response is an Authentication Response itself, or corresponding some position in the Authentication Response, judge that according to Expected Response the legitimacy of the check code of described Authentication Response is meant in the step (5) accordingly: whether the check code of judging Authentication Response is identical with Expected Response, whether the check code of perhaps judging Authentication Response is with corresponding some is identical in the Expected Response, if, the check code of then judging described Authentication Response is legal, otherwise, judge that the check code of described Authentication Response is illegal.

23. method according to claim 11 is characterized in that, further comprises the step of upgrading second sequence number in the described step (1); Described renewal second sequence number can be that second sequence number is increased an increment numerical value changeless or fixedly variation or change at random.

24. method according to claim 11 is characterized in that, in first module, first KI and first synchronisation key can be same keys; Correspondingly, in second module, second KI and second synchronisation key also can be same keys.

25. method for authenticating, authentication between the module that is used for to intercom mutually, described module comprises at least: but first module of authentication and generation Authentication Response, first KI, first synchronisation key and first sequence number have been preserved in described first module, second module that can be used for producing authentication parameter, execution authentication verification and carry out Synchronous Processing, correspondence has been preserved second KI, second synchronisation key and second sequence number in described second module, and described method may further comprise the steps at least:

I. second module produces random number, produces Expected Response according to random number, second KI, and generates the message authentication coding according to random number, second KI and second sequence number; Described random number, second sequence number and message authentication coding are sent to first module;

Ii. first module is carried out consistency checking according to first KI and described random number and second sequence number to described message authentication coding, and after checking is passed through, generates Authentication Response according to first KI and described random number;

Iii. first module judges according to first sequence number whether second sequence number can be accepted, and when second sequence number can not receive, generate the synchronizing authentication coding according to first synchronisation key, first sequence number and described random number, second module is sent synchronization request message and encloses the check code of described synchronizing authentication coding, first sequence number and described Authentication Response;

Iv. second module is judged the legitimacy of the check code of described Authentication Response according to Expected Response when receiving described synchronization request message, judges described illegal and finish relevant treatment with request message again if do not conform to rule; Otherwise, judge the integrality of described synchronization request message according to second synchronisation key, and make relevant treatment according to the integrality of described synchronization request message.

26. method according to claim 25 is characterized in that, also comprises among the described step I i when consistency checking of message authentication being encoded when first module passes through, and judges the second module failed authentication, and finishes relevant treatment.

27. method according to claim 26 is characterized in that, first module further comprises before described end relevant treatment among the step I i: first module sends failed authentication information to second module.

28. method according to claim 25 is characterized in that, also comprises among the step I ii when first module is judged second sequence number and can be accepted, and according to described second sequence number update, first sequence number, and second module is sent described Authentication Response; Second module judges whether described Authentication Response is consistent with Expected Response, if consistent, judge the authentication of first module passed through, and finish respective handling, otherwise, judge the first module authentication is not passed through, and finish respective handling.

29. method according to claim 25, it is characterized in that, in step I v, described second module judges that according to second synchronisation key integrality of described synchronization request message is meant, second module is according to second synchronisation key, described random number and the employing of first sequence number are calculated the consistent algorithm of described synchronizing authentication coding with first module and are calculated, obtain a result of calculation, whether more described result of calculation is identical with described synchronizing authentication coding, if it is identical, it is complete then to judge described synchronization request message, otherwise it is imperfect to judge described synchronization request message.

30. method according to claim 25 is characterized in that, in step I v, second module is judged described synchronization request message when imperfect, finishes relevant treatment, otherwise, according to first sequence number update, second sequence number.

31. method according to claim 30, it is characterized in that, describedly be meant that according to described first sequence number update, second sequence number second sequence number is set to equate with first sequence number, or second sequence number be set to again second sequence number be increased an increment numerical value changeless or fixedly variation or change at random with after first sequence number equates.

32. method according to claim 25, it is characterized in that, among the described step I i, first module is carried out consistency checking to described message authentication coding: first module is according to first KI, described random number and the employing of second sequence number and second module are according to described random number, second KI produces the consistent method of message authentication coding with second sequence number and produces an operation result, whether more described operation result is consistent with described message authentication coding, if it is consistent, then the consistency checking to described message authentication coding passes through, otherwise, the consistency checking of described message authentication coding is not passed through.

33. method according to claim 25, it is characterized in that, among the described step I ii, first module judges according to first sequence number whether second sequence number can be accepted further to be: whether the difference of judging second sequence number and first sequence number is in certain scope, if, then judging second sequence number can accept, otherwise, judge second sequence number and cannot accept.

34. method according to claim 25, the check code of described Authentication Response is an Authentication Response itself, or corresponding some position in the Authentication Response, judge that according to Expected Response the legitimacy of the check code of described Authentication Response is meant among the step I v accordingly: whether the check code of judging Authentication Response is identical with Expected Response, whether the check code of perhaps judging Authentication Response is with corresponding some is identical in the Expected Response, if, the check code of then judging described Authentication Response is legal, otherwise, judge that the check code of described Authentication Response is illegal.

35. method according to claim 25 is characterized in that, further comprises the step of upgrading second sequence number in the described step I; Described renewal second sequence number can be that second sequence number is increased an increment numerical value changeless or fixedly variation or change at random.

36. method according to claim 25 is characterized in that, in first module, first KI and first synchronisation key can be same keys; Correspondingly, in second module, second KI and second synchronisation key also can be same keys.