CN100486351C - Method for user terminal to obtaine conversation affair mark distributed by BSF - Google Patents
Method for user terminal to obtaine conversation affair mark distributed by BSF Download PDFInfo
- Publication number
- CN100486351C CN100486351C CNB200510070836XA CN200510070836A CN100486351C CN 100486351 C CN100486351 C CN 100486351C CN B200510070836X A CNB200510070836X A CN B200510070836XA CN 200510070836 A CN200510070836 A CN 200510070836A CN 100486351 C CN100486351 C CN 100486351C
- Authority
- CN
- China
- Prior art keywords
- tid
- key
- bsf
- authentication
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention relates to a method for obtaining the conversation affair mark of user terminal distributed by BSF. Wherein, it is characterized in that: BSF receives the authority check request of UE and checks the authority of UE successfully, to send the generated B-TID in coded format to the user terminal; the user terminal decodes it to obtain integrated B-TID to be stored; therefore, the invention can avoid the attacker to capture B-TID and obtain the relationship between IMPI of UE and applied B-TID, to avoid the attacker to track the user, to confirm the safety of user information.
Description
Technical field
The present invention relates to third generation wireless communication technology field, be meant that especially user terminal obtains the method for user identity initial inspection checking entity (BSF) for the conversation affair mark of its distribution of carrying out.
Background technology
In third generation wireless communication standard, general authentication framework is that of multiple applied business entity use is used to finish the universal architecture that user identity is verified, uses general authentication framework and can realize checking and identity verification using professional user.Above-mentioned multiple applied business can be multicast/broadcast business, user certificate business, information provides business etc. immediately, also can be agent service.
Figure 1 shows that the structural representation of general authentication framework.General authentication framework is made up of entity (BSF) 102, the user attaching webserver (HSS) 103 and the network application entity (NAF) 104 of user terminal (UE) 101, the checking of execution user identity initial inspection usually.BSF 102 is used for carrying out mutual identity verification with user terminal 101, generates the shared key of BSF 102 and user terminal 101 simultaneously; Store description (Profile) file that is used to describe user profile among the HSS 103, comprise all and subscriber-related descriptor such as User Identity among this Profile, HSS 103 also has the function that produces authentication information concurrently simultaneously.
When the user need use certain professional, if knowing, it need at first carry out mutual authentication with BSF, then direct and BSF gets in touch to carry out mutual authentication, otherwise, the user can be at first and the NAF contact of this business correspondence, if the UE that this NAF uses general authentication framework and discovery to send request does not also carry out mutual authentication with BSF, then notify the UE of the request of sending to carry out mutual authentication with identity verification to BSF.
The process that UE and BSF verify mutually is: UE sends authentication request to BSF, comprise the permanent identification (IMPI) of UE or the IMPI that is converted to by international mobile subscriber identity (IMSI) in this authentication request, after BSF receives authentication request from UE, at first ask the authentication information of this UE to HSS, the permanent identification that has comprised UE in this request, HSS find the attribute information of this UE and generate authentication vector (AV) according to the permanent identification of UE and return to BSF.Authentication vector is a five-tuple information, comprises Integrity Key IK, encryption key CK, authentication random number RAND, authentication property value AUTN and expectation return value XRES.Wherein authentication property value AUTN is a stowed value that is made of sequence number, digest value and authentication mode.
After BSF receives authentication vector, oneself keeps IK, CK and XRES, RAND and AUTN are sent to UE with form expressly, subscriber equipment among the UE (ME) sends to user ID card (UICC) with RAND and the AUTN that receives, and goes out the required IK of user side authentication, CK and response RES by UICC according to the information calculations that receives.This moment, user side had two kinds of tupes, and a kind of UICC of being sends to ME with IK, CK and the RES that calculates, and ME preserves IK, CK, RES is included in returns to BSF in the response message then; Another kind is that UICC only sends to ME with RES, and ME is included in RES and returns to BSF in the response message.BSF checks whether the RES receive and the XRES that self preserves mate, if coupling then pass through authentication, otherwise would not do not pass through authentication.
After the authentication success, authenticated identity between UE and the BSF mutually and shared key IK, CK, BSF generates communication key Ks according to key IK, CK, and is valid expiration date of this communication key Ks definition, so that key K s upgrades.Afterwards, BSF generates a conversation affair mark (B-TID) that is used to distribute to UE, this B-TID is the form that user name adds the BSF domain name, wherein the user is called the authentication random number RAND that uses in the authentication process, the form that is B-TID is: the RAND+BSF domain name, and BSF carries out association in this locality to the information such as valid expiration date of this B-TID, user's permanent identification, key K s and key K s and preserves, send the message of indication authentication success then to UE, comprise the B-TID that exists with the plaintext form in this message, comprise the valid expiration date of key K s simultaneously in this message.Key K s uses as root key usually, does not generally leave UE and BSF, when the user communicates by letter with NAF, will use the key K s_NAF that is derived by Ks to communicate.
If user side adopts first kind of tupe, be to preserve IK, CK information among the ME, then after UE receives message from the indication authentication success of BSF, ME among the UE directly obtains B-TID from this message, ME uses the IK and the CK that self preserve and generates key K s then, uses the key K s_NAF that derived by the Ks protection key when communicating by letter with NAF again; If user side adopts another kind of tupe, be not have IK, CK information among the ME, then after UE receives message from the indication authentication success of BSF, ME among the UE also directly obtains B-TID from this message, ME sends the request that comprises RAND to UICC then, find the IK corresponding, CK by UICC according to RAND with it, and use this IK, CK and calculate the required key K s of ME, and then calculate the key K s_NAF that derives by Ks, and Ks_NAF returned to ME, ME uses this Ks_NAF and NAF communicates again then.
When the user finds that key K s will be soon expired, or NAF is when requiring UE to carry out authentication with BSF again, and user side will repeat above-mentioned step and carry out authentication to BSF again, to obtain new Ks and B-TID.
By above-mentioned communication process as can be seen, it is very simple for the mode of the B-TID of its distribution that existing ME obtains BSF, promptly directly obtains to get final product from the message from the indication authentication success of BSF.And its defective also just is being this: transmit with the plaintext form because authentication success back BSF sends to the B-TID of ME, like this, be easy to make the assailant to intercept and capture B-TID.Have again, UE also transmits with the plaintext form at the IMPI that uses when BSF sends authentication request, therefore, be easy to make the assailant to obtain the corresponding relation of the IMPI B-TID applied of this UE with it, this user is followed the trail of, like this, when UE communicates by letter with NAF, the assailant can know what business this user is carrying out, and attacks this user's business thereby can seek an opportunity.
Summary of the invention
In view of this, the object of the present invention is to provide a kind of user terminal to obtain the method for BSF, to avoid the tracked attack of user terminal for the conversation affair mark of its distribution.
For achieving the above object, technical solution of the present invention is achieved in that
A kind of user terminal obtains the method for BSF for the conversation affair mark of its distribution, and this method may further comprise the steps:
The entity B SF of a, the checking of execution user identity initial inspection receives from the authentication request of user terminal UE and to after this UE authentication success, the conversation affair mark B-TID of UE is distributed in generation, employed key is encrypted the B-TID of this generation during weight discriminating, send the message of indication authentication success then to UE, comprise the B-TID of encryption in this message at least;
B, UE obtain and the identical key of the described key of step a after receiving the message of indication authentication success, and the B-TID that has encrypted is decrypted, and obtain complete B-TID.
Preferably, the form of the B-TID that the described BSF of step a generates is: user name, add the domain name of BSF; Described user name comprises the field of representing uniqueness, anti-field and the authentication random number RAND that follows the trail of.
Preferably, the field of described expression uniqueness is the current time in system field, and the field of described anti-tracking is the field that the number of any appointment of BSF constitutes.
Preferably, employed key carries out method of encrypting to B-TID and is during the described BSF weight discriminating of step a: employed key is encrypted B-TID integral body during weight discriminating, perhaps, arbitrary part among the B-TID is encrypted, and the part of this encryption comprises authentication random number RAND or does not comprise authentication random number RAND.
Preferably, when BSF encrypts B-TID integral body, and when carrying out decryption oprerations by the subscriber equipment ME among the UE, step b is described to be obtained and the identical key of the described key of step a, the B-TID that has encrypted is decrypted, the process of obtaining complete B-TID is: ME is from self directly obtaining and the identical key of the described key of step a, and uses this key the B-TID that encrypts is decrypted, and directly obtains complete B-TID.
Preferably, when BSF encrypts the arbitrary part among the B-TID, and when carrying out decryption oprerations, also comprise the B-TID of unencryption part in the message of the described indication authentication of step a success by the subscriber equipment ME among the UE;
Step b is described to be obtained and the identical key of the described key of step a, the B-TID that has encrypted is decrypted, the process of obtaining complete B-TID is: ME is from self directly obtaining and the identical key of the described key of step a, and the B-TID that uses this key butt joint encryption section is decrypted, afterwards, part B-TID and unencryption that deciphering is obtained partly make up, and obtain complete B-TID.
Preferably, when BSF encrypts B-TID integral body, and when carrying out decryption oprerations by the user ID card UICC among the UE, step b is described to be obtained and the identical key of the described key of step a, the B-TID that has encrypted is decrypted, the process of obtaining complete B-TID is: after ME receives the message of indication authentication success, transmit the B-TID that encrypts to UICC, and the plaintext that also comprises the authentication random number RAND corresponding that has preserved among the ME in the message of this forwarding with this B-TID, UICC is decrypted the B-TID that receives from self obtaining the key identical with the described key of step a, directly obtain complete B-TID and preservation, afterwards complete B-TID is sent to ME.
Preferably, when BSF encrypts the arbitrary part among the B-TID, and when carrying out decryption oprerations, also comprise the B-TID of unencryption part in the message of the described indication authentication of step a success by the user ID card UICC among the UE;
Step b is described to be obtained and the identical key of the described key of step a, and the B-TID that has encrypted is decrypted, and the process of obtaining complete B-TID is:
After ME receives the message of indication authentication success, transmit the B-TID that encrypts to UICC, if encryption section does not comprise authentication random number RAND, the B-TID that then also comprises the unencryption part in the message of this forwarding, if the part of encrypting comprises authentication random number RAND, the plaintext that then also comprises the authentication random number RAND corresponding that has preserved among the B-TID of unencryption part and the ME in the message of this forwarding with this B-TID, UICC is decrypted the B-TID that receives from self obtaining the key identical with the described key of step a, part B-TID and unencryption that deciphering is obtained partly make up, obtain complete B-TID and preservation, afterwards complete B-TID is sent to ME.
Preferably, employed key is Integrity Key IK during the described authentication of step a, or encryption key CK, or the communication key Ks that is generated by Integrity Key IK and encryption key CK, or above three's combination in any.
Preferably, UE further comprises: the related preservation of the communication key that this B-TID and this B-TID is corresponding after obtaining complete B-TID.
Preferably, BSF further comprises after receiving authentication request from user terminal: judge to comprise B-TID or User Identity in this request, if User Identity then continues subsequent treatment according to existing authentication mode; If B-TID, then BSF judges whether this locality exists this B-TID, if exist, then extract the User Identity of this B-TID correspondence, and and then continue subsequent treatment according to existing authentication mode, otherwise BSF requires the user to send the authentication request that comprises User Identity.
Use the present invention, BSF receives from the authentication request of UE and to after this UE authentication success, and generation B-TID is sent to user terminal with the form of ciphertext; Obtain complete B-TID and preservation after the user terminal deciphering.Like this, avoided the assailant directly to intercept and capture B-TID, and, also avoided the assailant to obtain the corresponding relation of the IMPI B-TID applied of this UE, and then avoided the assailant that this user is followed the trail of, thereby guaranteed the safety of user profile with it.
Description of drawings
Figure 1 shows that the structural representation of general authentication framework;
Figure 2 shows that the schematic flow sheet of using the embodiment of the invention one;
Figure 3 shows that the schematic flow sheet of using the embodiment of the invention two.
Embodiment
Below in conjunction with drawings and the specific embodiments, the present invention is described in further detail again.
Figure 2 shows that the schematic flow sheet of using the embodiment of the invention one.The IK that produces when in the present embodiment, preserving authentication among the ME, CK information.
Step 201, UE sends authentication request to BSF, comprises IMPI in this request.
Step 202~203, the authentication information that BSF asks this UE to HSS comprises the IMPI of this UE in this request, and HSS finds the attribute information of this UE and generates authentication vector (AV) according to the IMPI of UE and returns to BSF.Comprise Integrity Key IK, encryption key CK, authentication random number RAND, authentication property value AUTN and expectation return value XRES among the AV.
Step 204, BSF and UE carry out mutual authentication, in the authentication process, the IK that the UICC among the UE calculates, CK, and IK, the CK that is calculated sent to ME, ME preserves IK, CK information.
Step 205, after the authentication success, BSF generates B-TID, and employed key is encrypted B-TID integral body during weight discriminating, perhaps, the arbitrary part among the B-TID is encrypted, and the part of this encryption can comprise RAND also can not comprise RAND.
The form of the B-TID that BSF generated is: by the field of the field of expression uniqueness, anti-tracking and the user name that authentication random number RAND constitutes jointly, add the domain name of BSF, wherein, be used to represent that the field of uniqueness is the current time in system field, be used to represent that anti-field of following the trail of is the field of the number formation of any appointment of BSF, promptly the form of B-TID can be expressed as form:
The current time+the one number+RAND of BSF appointmentThe domain name of+BSF
Wherein, the line part is a user name, and the sequencing of each field location of user name part is decided according to system configuration.
When the integral body of B-TID is encrypted, its form as the formula (1):
The hash domain name of one number+RAND+BSF of BSF appointment (current time+) (1)
When the part to B-TID is encrypted, and encryption section is when comprising RAND, its form as the formula (2):
Hash (current time+domain name (2) of a number+RAND)+BSF of BSF appointment
When the part to B-TID is encrypted, and encryption section is not when comprising RAND, its form as the formula (3):
The domain name (3) of hash one number of BSF appointment (current time+)+RAND+BSF
Step 206, the B-TID after BSF will encrypt by the message of indication authentication success sends to UE.If BSF partly encrypts B-TID, then also comprise the B-TID of unencryption part in this message.
Step 207, owing to preserved IK, CK information among the ME, therefore, the decrypts information of applied same key to receiving obtained complete B-TID and also preserved when ME used with the BSF encryption.Detailed process is:
If BSF encrypts B-TID integral body, the same key of using when then ME encrypts with BSF from self obtaining is decrypted the B-TID that receives, and directly obtains complete B-TID; If BSF partly encrypts B-TID, the same key of using when then ME encrypts with BSF from self obtaining is decrypted the B-TID that receives, and part B-TID that deciphering is obtained and unencryption partly make up then, thereby obtain complete B-TID.For example part is when encrypting, and the value of encryption section and RAND is 256 altogether, and RAND is 128 of back, so 128 of ME deciphering front then with the RAND combination of back, form complete B-TID.
Step 208, ME among the UE uses the IK and the CK that self preserve and generates key K s, and will this complete B-TID and associating information preservation such as its corresponding communication key Ks.That is to say that UE preserves this B-TID communication key corresponding with this B-TID with association.Afterwards, ME uses the key K s_NAF that derived by the Ks protection key when communicating by letter with NAF again, uses the B-TID that has obtained to communicate by letter normally with NAF.
Figure 3 shows that the schematic flow sheet of using the embodiment of the invention two.The IK that produces when in the present embodiment, not preserving authentication among the ME, CK information.All ask during the key information that when ME need use authentication, produces to UICC.
Step 301 to 303 with Fig. 2 in step 201 to 203 identical.
Step 304, BSF and UE carry out mutual authentication, in the authentication process, the IK that the UICC among the UE calculates, CK, and only preserve at self, and do not send to ME.
Step 305 to 306 with step 205 to 206 identical.
Step 307, after the message of the indication authentication success that ME will receive, wherein B-TID information is transmitted and is given UICC.If BSF encrypts B-TID integral body, then the B-TID information of Zhuan Faing is for the B-TID after encrypting, if BSF partly encrypts B-TID, then the B-TID information of this forwarding is the B-TID of encryption section and the B-TID of unencryption part.
Because ME needs UICC to carry out decryption oprerations, therefore, in order to allow UICC obtain the key that is used to decipher from the information of self preserving, ME must send to UICC with the plaintext of RAND, so that UICC obtains required key according to RAND that has preserved and the corresponding relation of IK, CK.That is to say, if BSF encrypts promptly cipher mode suc as formula (1) to B-TID integral body, or BSF encrypts and encryption section comprises RAND promptly suc as formula the cipher mode of (2) the arbitrary part among the B-TID, then also comprises the plaintext of the RAND corresponding with this B-TID that has preserved among the ME in the message of above-mentioned forwarding; If BSF encrypts the arbitrary part among the B-TID, and encryption section does not comprise RAND, promptly, then do not need to comprise again the plaintext of RAND in the message of above-mentioned forwarding, only comprise the B-TID of encryption section and the B-TID of unencryption part and get final product suc as formula the cipher mode of (3).
Step 308, applied same key was directly deciphered the information that receives when UICC used with the BSF encryption, obtained complete B-TID.Detailed process is:
If BSF encrypts B-TID integral body, applied same key was decrypted the B-TID that receives when then UICC encrypted with BSF from self obtaining, and directly obtained complete B-TID; If BSF partly encrypts B-TID, applied same key was decrypted the B-TID that receives when then UICC encrypted with BSF from self obtaining, and part B-TID that deciphering is obtained and unencryption partly make up then, thereby obtain complete B-TID.And UICC will this complete B-TID preserves with associating information such as the corresponding communication key Ks of its institute.That is to say that UE preserves this B-TID communication key corresponding with this B-TID with association.
Step 309, UICC sends to ME with complete B-TID, and ME preserves, so that to the NAF requested service.
Step 310, UE uses the B-TID that has obtained to communicate by letter normally with NAF.When the needs key, the ME among the UE is that index requires UICC to calculate with B-TID, and its detailed process is same as the prior art, is not described in detail once more.
The main distinction of above-mentioned two embodiment is in first embodiment, by ME execution decryption oprerations, to carry out decryption oprerations by UICC in second embodiment.
Employed key is Integrity Key IK during authentication described in above-mentioned two embodiment, or encryption key CK, or the communication key Ks that is generated by Integrity Key IK and encryption key CK, or above three's combination in any.Certainly, concrete employ key is according to the system configuration decision, and the encryption and decryption both sides are known in advance.
In addition, for above-mentioned two embodiment, UE also can not comprise IMPI in the authentication request that BSF sends, but comprise the existing B-TID of UE, at this moment, after BSF receives authentication request from user terminal, judge in this request earlier and comprise B-TID or User Identity, if User Identity then obtains authentication vector according to this User Identity from HSS, continue subsequent treatment according to existing authentication mode then; If B-TID, then BSF judges whether this locality exists this B-TID, if exist, then extract the User Identity of this B-TID correspondence, and from HSS, obtain authentication information according to this User Identity, and then according to existing authentication mode continuation subsequent treatment, otherwise BSF requires the user to send the authentication request that comprises User Identity.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (11)
1, a kind of user terminal obtains the method for BSF for the conversation affair mark of its distribution, it is characterized in that this method may further comprise the steps:
The entity B SF of a, the checking of execution user identity initial inspection receives from the authentication request of user terminal UE and to after this UE authentication success, the conversation affair mark B-TID of UE is distributed in generation, employed key is encrypted the B-TID of this generation during weight discriminating, send the message of indication authentication success then to UE, comprise the B-TID of encryption in this message at least;
B, UE obtain and the identical key of the described key of step a after receiving the message of indication authentication success, and the B-TID that has encrypted is decrypted, and obtain complete B-TID.
2, method according to claim 1 is characterized in that, the form of the B-TID that the described BSF of step a generates is: user name, add the domain name of BSF; Described user name comprises the field of representing uniqueness, anti-field and the authentication random number RAND that follows the trail of.
3, method according to claim 2 is characterized in that, the field of described expression uniqueness is the current time in system field, and the field of described anti-tracking is the field that the number of any appointment of BSF constitutes.
4, method according to claim 2, it is characterized in that, employed key carries out method of encrypting to B-TID and is during the described BSF weight discriminating of step a: employed key is encrypted B-TID integral body during weight discriminating, perhaps, arbitrary part among the B-TID is encrypted, and the part of this encryption comprises authentication random number RAND or does not comprise authentication random number RAND.
5, method according to claim 4, it is characterized in that, when BSF encrypts B-TID integral body, and when carrying out decryption oprerations by the subscriber equipment ME among the UE, step b is described to be obtained and the identical key of the described key of step a, and the B-TID that has encrypted is decrypted, and the process of obtaining complete B-TID is: ME is from self directly obtaining and the identical key of the described key of step a, and use this key the B-TID that encrypts is decrypted, directly obtain complete B-TID.
6, method according to claim 4, it is characterized in that, when BSF encrypts the arbitrary part among the B-TID, and when carrying out decryption oprerations, also comprise the B-TID of unencryption part in the message of the described indication authentication of step a success by the subscriber equipment ME among the UE;
Step b is described to be obtained and the identical key of the described key of step a, the B-TID that has encrypted is decrypted, the process of obtaining complete B-TID is: ME is from self directly obtaining and the identical key of the described key of step a, and the B-TID that uses this key butt joint encryption section is decrypted, afterwards, part B-TID and unencryption that deciphering is obtained partly make up, and obtain complete B-TID.
7, method according to claim 4, it is characterized in that, when BSF encrypts B-TID integral body, and when carrying out decryption oprerations by the user ID card UICC among the UE, step b is described to be obtained and the identical key of the described key of step a, the B-TID that has encrypted is decrypted, the process of obtaining complete B-TID is: after ME receives the message of indication authentication success, transmit the B-TID that encrypts to UICC, and the plaintext that also comprises the authentication random number RAND corresponding that has preserved among the ME in the message of this forwarding with this B-TID, UICC is decrypted the B-TID that receives from self obtaining the key identical with the described key of step a, directly obtain complete B-TID and preservation, afterwards complete B-TID is sent to ME.
8, method according to claim 4, it is characterized in that, when BSF encrypts the arbitrary part among the B-TID, and when carrying out decryption oprerations, also comprise the B-TID of unencryption part in the message of the described indication authentication of step a success by the user ID card UICC among the UE;
Step b is described to be obtained and the identical key of the described key of step a, and the B-TID that has encrypted is decrypted, and the process of obtaining complete B-TID is:
After ME receives the message of indication authentication success, transmit the B-TID that encrypts to UICC, if encryption section does not comprise authentication random number RAND, the B-TID that then also comprises the unencryption part in the message of this forwarding, if the part of encrypting comprises authentication random number RAND, the plaintext that then also comprises the authentication random number RAND corresponding that has preserved among the B-TID of unencryption part and the ME in the message of this forwarding with this B-TID, UICC is decrypted the B-TID that receives from self obtaining the key identical with the described key of step a, part B-TID and unencryption that deciphering is obtained partly make up, obtain complete B-TID and preservation, afterwards complete B-TID is sent to ME.
9, method according to claim 1, it is characterized in that employed key is Integrity Key IK during the described authentication of step a, or encryption key CK, or the communication key Ks that generates by Integrity Key IK and encryption key CK, or above three's combination in any.
10, method according to claim 1 is characterized in that, UE further comprises: the related preservation of the communication key that this B-TID and this B-TID is corresponding after obtaining complete B-TID.
11, method according to claim 1, it is characterized in that BSF further comprises: judge to comprise B-TID or User Identity in this request after receiving authentication request from user terminal, if User Identity then continues subsequent treatment according to existing authentication mode; If B-TID, then BSF judges whether this locality exists this B-TID, if exist, then extract the User Identity of this B-TID correspondence, and and then continue subsequent treatment according to existing authentication mode, otherwise BSF requires the user to send the authentication request that comprises User Identity.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200510070836XA CN100486351C (en) | 2005-05-19 | 2005-05-19 | Method for user terminal to obtaine conversation affair mark distributed by BSF |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200510070836XA CN100486351C (en) | 2005-05-19 | 2005-05-19 | Method for user terminal to obtaine conversation affair mark distributed by BSF |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1867164A CN1867164A (en) | 2006-11-22 |
| CN100486351C true CN100486351C (en) | 2009-05-06 |
Family
ID=37426012
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB200510070836XA Active CN100486351C (en) | 2005-05-19 | 2005-05-19 | Method for user terminal to obtaine conversation affair mark distributed by BSF |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100486351C (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104918246A (en) * | 2014-03-12 | 2015-09-16 | 中兴通讯股份有限公司 | Authentication method and system, ProSe (Proximity-based Service) functional entities and UE (User Equipment) |
-
2005
- 2005-05-19 CN CNB200510070836XA patent/CN100486351C/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN1867164A (en) | 2006-11-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8122240B2 (en) | Method and apparatus for establishing a security association | |
| JP5432999B2 (en) | Encryption key distribution system | |
| Hsiang et al. | Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment | |
| CN101969638B (en) | Method for protecting international mobile subscriber identity (IMSI) in mobile communication | |
| CN104754581B (en) | A kind of safety certifying method of the LTE wireless networks based on public-key cryptosystem | |
| CN108809637B (en) | LTE-R vehicle-ground communication non-access stratum authentication key agreement method based on mixed password | |
| CN106411525A (en) | Message authentication method and system | |
| CN102045210B (en) | End-to-end session key consultation method and system for supporting lawful interception | |
| CN108683510A (en) | A kind of user identity update method of encrypted transmission | |
| CN106452739A (en) | Quantum network service station and quantum communication network | |
| Kuo et al. | An efficient and secure anonymous mobility network authentication scheme | |
| CN101009919A (en) | Authentication method based on the end-to-end communication of the mobile network | |
| CN100488281C (en) | Method for acquring authentication cryptographic key context from object base station | |
| CN108650028B (en) | Multiple identity authentication system and method based on quantum communication network and true random number | |
| CN103795541B (en) | Secure communication method of electricity information acquisition system of 230M wireless private network channel | |
| CN1921682B (en) | Method for enhancing key negotiation in universal identifying framework | |
| CN105471845B (en) | Prevent the communication means and system of man-in-the-middle attack | |
| CN101102186A (en) | Method for implementing general authentication framework service push | |
| CN108964896B (en) | Kerberos identity authentication system and method based on group key pool | |
| CN101039181B (en) | Method for preventing service function entity of general authentication framework from attack | |
| CN108964895B (en) | User-to-User identity authentication system and method based on group key pool and improved Kerberos | |
| CN104270756A (en) | Intra-domain mapping updating authenticating method in identity and position separation network | |
| CN101090513A (en) | Method for getting service key | |
| CN106209384B (en) | Use the client terminal of security mechanism and the communication authentication method of charging unit | |
| Juang et al. | Efficient 3GPP authentication and key agreement with robust user privacy protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |