CN101267301A - Identity authentication and secret key negotiation method and device in communication network - Google Patents

Identity authentication and secret key negotiation method and device in communication network Download PDF

Info

Publication number
CN101267301A
CN101267301A CNA2007100381605A CN200710038160A CN101267301A CN 101267301 A CN101267301 A CN 101267301A CN A2007100381605 A CNA2007100381605 A CN A2007100381605A CN 200710038160 A CN200710038160 A CN 200710038160A CN 101267301 A CN101267301 A CN 101267301A
Authority
CN
China
Prior art keywords
communication equipment
communication
equipment
private key
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2007100381605A
Other languages
Chinese (zh)
Inventor
胡志远
骆志刚
万志坤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Shanghai Bell Co Ltd
Original Assignee
Alcatel Lucent Shanghai Bell Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alcatel Lucent Shanghai Bell Co Ltd filed Critical Alcatel Lucent Shanghai Bell Co Ltd
Priority to CNA2007100381605A priority Critical patent/CN101267301A/en
Publication of CN101267301A publication Critical patent/CN101267301A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

In the prior art, PKI which is taken as a safety settling plan is widely applied in the internet (IT network) field. But PKI has the disadvantages of high requirement to the capability of the communication equipment and consuming considerable system resource for managing and maintaining the digital certificate and can not adapted for the requirement of the communication network which is fusing. The aim of the invention is to provide a technical scheme which specially actualizes the cryptographic technique based on identity to the communication network. In particular, a management device is leaded into for generating and managing a private key based on the characteristic information of the communication equipment. The communication equipment uses the public key which is generated based on the corresponding characteristic information, the private key that is obtained based on the corresponding characteristic information and preferably the conversation key that is obtained based on the keys for the safety communication between other communication equipments.

Description

In the communication network based on the Authentication and Key Agreement method and the device of identity
Technical field
The present invention relates to communication network, relate in particular to the secure communication in the communication network.
Background technology
PKI (PKIX) is that a kind of public key cryptography of utilizing of following standard provides the security solution of foundation for security platform for carrying out of ecommerce, and it can use provide and encrypt and cryptographic service and necessary key and certificate management system such as digital signature for all-network.The platform that the user can utilize PKI to provide carries out the comings and goings on safe electronic transaction, communication and the Internet.
The core element of PKI is a digital certificate, and its core executor is CA (certification authority), and its basic technology comprises encryption, digital signature, data integrity mechanism, digital envelope, dual digital signature etc.
Particularly, in PKI mechanism, public and private key also can be generated voluntarily or be generated by the third party being generated by CA by communication equipment.If it is right to generate public and private key by CA, then CA can inform this communication equipment by out-band method (as, fax or via other dedicated channels) with the private key of this communication equipment; If generated voluntarily or to generate public and private key by the third party right by communication equipment, then this communication equipment also will be informed CA in the mode of safety with PKI except that must own preservation private key.
After this, CA will carry out digital signature to the PKI of this communication equipment with the signature private key of oneself, thereby obtain the PKI through the communication equipment of CA signature, then, to issue all communication equipments (for example, issue on the internet) with broadcast mode through the PKI of the communication equipment of its signature again.
Fig. 1 is the secure communication scheme schematic diagram based on PKI.Below in conjunction with Fig. 1 to describing under the PKI based on the right secure communication scheme of public and private key.
1. before carrying out the communication right based on public and private key, communication equipment A need learn that its communication counterpart is the PKI of communication equipment B, so communication equipment A obtains the PKI through the communication equipment B of CA_I (CA that rank is lower) signature from the Internet;
And then, communication equipment A finds the PKI of CA_I, wherein, if CA_I is not top CA, then the PKI of CA_I may be by its higher level CA such as CA_II (not shown) signature;
If 3.1 CA_I enough credible (communication equipment A can judge according to the pre-configured of network at this point), then communication equipment A can directly utilize the PKI of CA_I to come the PKI of the communication equipment B of CA_I signature is verified computing, if the result of checking computing is correct, illustrate that then this PKI of communication equipment B is believable;
3.2 if CA_I is not enough credible, communication equipment A needs upwards to find believable " root " CA step by step (for simplicity's sake, at this believable CA is defined as " root " CA, and to establish its label be CA_III, it may not be actual root CA) PKI, utilizing the PKI of this CA_III to come the CA of subordinate to its signature again is that the PKI of CA_II is verified computing, and verify computing step by step in this way downwards, until CA_I, and then use the PKI of CA_I by the checking computing to come the PKI through the communication equipment B of CA_I signature is verified computing.
Undeniable, PKI is present comparative maturity, perfect the Internet (Internet) network security solution.Yet some problems of its existence make it not be very suitable for especially mobile communications network of communication network, illustrate as follows:
-between different operators or SP (service provider), the cross-certification of certificate is very complicated, and the granting of certificate, transmission, preservation, maintenance, checking have all proposed higher requirement to the ability of communication equipment, but, abilities such as the calculating of the communication equipment in the mobile communications network (as, mobile phone) and storage are normally very limited;
-in addition, secure communication based on symmetric key mechanisms (communicating pair uses identical key to carry out data encryption and deciphering) at present generally all depends on the bottom-layer network structure, the generic authentication architecture GAA (Generic AuthenticationArchitecture) that uses as 3G among the mobile network is for the today of moving, the fixed network trend merges, and its interoperability is relatively poor.
Therefore, press for a kind of security solution that is independent of network and the ability of communication equipment is not had excessive demand based on asymmetric key algorithm.So people begin to pay close attention to the cryptographic technique (Identity Based Cryptography, a kind of asymmetric-key encryption algorithm) based on identity, but up to now, based on the cryptographic technique of identity a notion and some algorithms are only arranged, still can not practical application.
Summary of the invention
The objective of the invention is to and really to be applied in the communication network based on the cryptographic technique of identity, thereby realize not relying on the security solution of digital certificate for communication network, wherein, described communication network includes but not limited to mobile communications network and move-fixing UNE.
According to a first aspect of the invention, a kind of auxiliary first safe servicing unit that carries out based on the Authentication and Key Agreement of identity that is used in the management equipment of communication network is provided, it is characterized in that, characteristic information according to communication equipment obtains its private key for this communication equipment, to be used for secure communication.
According to a second aspect of the invention, a kind of secure communication device that is used to carry out in the communication equipment of communication network based on the Authentication and Key Agreement of identity is provided, it is characterized in that, generate the PKI of described communication counterpart and obtain the private key of this communication equipment according to the characteristic information of its communication counterpart, to be used for secure communication by the management equipment place under this communication equipment.
According to a third aspect of the invention we, a kind of auxiliary second safe servicing unit that carries out based on the Authentication and Key Agreement of identity that is used in the webserver of communication network is provided, it is characterized in that, comprise: first generator is used to described management equipment that the communication equipment authentication information is provided; Second generator is used to described management equipment that the management equipment authentication information is provided.
According to a forth aspect of the invention, a kind of method that is used to carry out secure communication in communication network is provided, wherein, may further comprise the steps: first communication equipment and second communication equipment are according to its characteristic information of communication counterpart separately, generate its PKI of communication counterpart separately, to be used for secure communication, wherein, described first communication equipment and described second communication equipment each other communication counterpart each other in described secure communication; Described first communication equipment and described second communication equipment obtain its private key separately by its affiliated separately management equipment place, to be used for described secure communication.
Adopt technical scheme provided by the invention, can in communication network, realize practical application, avoid dependence digital certificate based on the cryptographic technique of identity.
Description of drawings
By reading the description of indefiniteness embodiment being done below in conjunction with accompanying drawing, the solution of the present invention, characteristic and advantage will be more obvious.
Fig. 1 is the secure communication scheme schematic diagram based on PKI;
Fig. 2 is for being used to realize communication network schematic diagram based on the cryptographic technique of identity according to a specific embodiment of the present invention;
Fig. 3 is for being used for the auxiliary first safe servicing unit block diagram that carries out based on the Authentication and Key Agreement of identity according to the specific embodiment of the present invention in communication network management equipment;
Fig. 4 a is the network architecture schematic diagram that comprises according to the webserver of a specific embodiment of the present invention;
Fig. 4 b is the network architecture schematic diagram that comprises according to the webserver of another embodiment of the present invention;
Fig. 5 is for being used to carry out secure communication device block diagram based on the Authentication and Key Agreement of identity according to a specific embodiment of the present invention in the communication equipment of communication network;
Fig. 6 is for being used for the auxiliary second safe servicing unit block diagram that carries out based on the Authentication and Key Agreement of identity according to a specific embodiment of the present invention in the webserver of communication network;
Fig. 7 is for being used to carry out method flow diagram based on the Authentication and Key Agreement of identity according to a specific embodiment of the present invention in communication network.
Embodiment
Fig. 2 is for being used to realize communication network schematic diagram based on the cryptographic technique of identity according to a specific embodiment of the present invention.Shown in communication network comprise: management equipment 3 (is unlikelyly obscured ground, hereinafter to be referred as KMC 3), the webserver 4 and a plurality of communication equipment (for simplicity's sake, only illustrate wherein first communication equipment 1 and second communication equipment 2).Wherein, KMC shown in 3Comprise the first safe servicing unit that the present invention's first aspect provides; Shown in first communication equipment 1, second communication equipment 2 include the secure communication device that the present invention's second aspect provides; Shown in the webserver 4 comprise the second safe servicing unit that the present invention's the third aspect provides.
Before in conjunction with the accompanying drawings specific embodiment being described, at first the part notion that occurs is herein made an explanation, so that understand.
Communication equipment: need to carry out equipment in the communication network, include but not limited to mobile phone, landline telephone, AS (application server) etc. based on the secure communication under the cryptographic technique support of identity (unlikely obscure ground, be called for short secure communication hereinafter);
The characteristic information of communication equipment: communication equipment had in communication network unique identification information includes but not limited to phone number, Terminal Equipment Identifier etc.;
Management equipment: (the Key Management Center of KMC, be KMC), the present invention introduces management equipment in communication network to be specifically responsible for that characteristic information based on communication equipment comes be that communication equipment generates and the management private key, and for each communication equipment of its subordinate provides algorithm and the relevant parameter that generates PKI (and session key), or instruct it from the storehouse that prestores, to select concrete algorithm and relevant parameter to be used to generate PKI;
The webserver: according to a particular embodiment of the invention, management equipment is by visit HSS (home subscriber server, Home Subscriber Server) or by BSF (bootstrapping service function, Bootstrapping Service Function) server visits HSS, borrow and finish tasks such as safe transmission such as the two-way authentication between management equipment and communication equipment, private key, wherein, the integral body that HSS or HSS and BSF formed among the different embodiment is called the webserver;
Communication counterpart: with another communication equipment that a communication equipment carries out secure communication, the both sides' (as, first communication equipment 1,2 shown in Figure 2) that carry out secure communication are each other communication counterpart each other.
Other notion that occurs in will be successively to literary composition in explanation after this makes an explanation.
In communication network shown in Figure 2, either party in first communication equipment 1 and the second communication equipment 2 (as, first communication equipment 1) can directly utilize and communicate with the other side and (also be, second communication equipment 2) corresponding PKI (for simplicity, to call the PKI of second communication equipment 2 in the following text) and other parameter (will hereinafter in detail explain) come that the data to be sent that belong to secure communication are therebetween carried out encrypting and transmitting and give second communication equipment 2, second communication equipment 2 then dependence by the KMC under it 3The place obtain with second communication equipment 2 corresponding private keys (for simplicity, to call the private key of second communication equipment 2 in the following text), and then utilize its private key to come data to the public key encryption of first communication equipment, 1 usefulness second communication equipment 2 to be decrypted (following this direct application public and private key is called the first encryption and decryption mode to the mode of data carrying out encryption and decryption, this mode is based on asymmetric key algorithm);
Alternatively, first communication equipment 1 also can be encrypted the data to be sent that belong to described secure communication with described session key based on the PKI of private key, second communication equipment 2 and other parameter session key that (comprising from session key first relevant information of KMC3 under it and from session key second relevant information of second communication equipment 2) obtains belonging to secure communication therebetween of oneself again; Correspondingly, second communication equipment 2 is based on the private key of oneself, the PKI of first communication equipment 1 and other parameter (comprising from session key first relevant information of KMC3 under it and from session key second relevant information of first communication equipment 1) obtain belonging to the session key of secure communication therebetween, with described session key the enciphered data from first communication equipment 1 is decrypted again, to obtain initial data (following be called the second encryption and decryption mode based on public and private key to consulting to obtain session key and using it for the mode that data are carried out encryption and decryption, this mode is based on symmetric key algorithm) with this.
Wherein, with the public and private key that belongs to unsymmetrical key to differently, session key belongs to symmetric key, and also, it is identical in theory that session key and the second communication equipment 2 that first communication equipment 1 is used for encrypting (or deciphering) data is used for the session key of deciphering (or encryption) data.
Fig. 3 is for being used for the auxiliary first safe servicing unit block diagram that carries out based on the Authentication and Key Agreement of identity according to the specific embodiment of the present invention in the management equipment of communication network.Comprise in the first safe servicing unit 30 shown in the figure: first receiving device 300, extraction element 301, private key obtain device 302, private key generator 303, communication equipment authenticate device 304, the first assistant authentification device 305, first notifying device 306 and second notifying device 307.
Wherein, preferably, private key obtains device 302 and comprises: judgment means 3020, control device 3021 and private key generating apparatus 3022; Private key generator 303 comprises: tactful deriving means 3030, encrypted private key device 3031 and private key dispensing device 3032; Communication equipment authenticate device 304 comprises: first obtains the device 3040 and first authenticate device 3041; The first assistant authentification device 305 comprises that second obtains device 3050 and controlled assistant authentification device 3051.For simplicity, Fig. 3 shows hereinafter all the sub-devices (module) in the first involved safe servicing unit 30 of each specific embodiment of describing, and in some specific embodiments, may only can use the sub-device of a part (module) wherein.
It will be appreciated by those skilled in the art that, for the first/the second encryption and decryption mode, between communication equipment before carrying out secure communication, all need to contract and registration for the first time to its affiliated separately management equipment, described signatory can pass through out-band method (as, fax or via other dedicated channels) carry out.
For guaranteeing the secure communication between communication equipment, KMC 3Periodically notify each communication equipment of its subordinate with some public safety parameters via safe lane, one group of typical public safety parameter comprises following information:
Generator (generator element) P, Abelian group ⟨ P ⟩ = { P , 2 P , 3 P , · · · , rP } ⊆ E ( Fq ) Be a r rank cyclic subgroup that generates by some P, with<P〉make up cryptographic system;
KMC 3Your Majesty's key (master public key) sP;
Bilinearity mapping relations (bilinear map) ^t that is suitable for;
The term of validity of public safety parameter;
HH is the Hash function of RO model;
KMC 3The identification information (for example, Beijing) in affiliated territory.
KMC 3Can wait based on the algorithm of International Standards Organization (IEEE and ISO/IEC etc.) definition and obtain above-mentioned each public safety parameter, in addition, KMC 3Oneself also will be taken care of a master key s and be kept absolutely secret, and this master key s comes down to a random number.
Below in conjunction with Fig. 3 and with reference to Fig. 2 the described first safe servicing unit provided by the invention is described in detail.
Understand easily, for the signaling in the minimizing system, alleviate the load of management equipment, communication equipment is after obtaining its private key by the management equipment place, can this private key be kept a period of time to be used for subsequent secure communication based on parameter correlation time (expression also is the private key term of validity Zi obtaining private key to the time that the private key that is obtained lost efficacy and experienced) that management equipment is informed in the public safety parameter.When expired or management equipment notifies this communication equipment to need its private key of involuntary conversion when this private key, communication equipment will be applied for private key (no matter first communication equipment 1 and 2 between adopt the first encryption and decryption mode still be the second encryption and decryption mode) once more to KMC.Even, after obtaining enough safety guarantee, communication equipment can be once to a plurality of private keys of management equipment application and be stored in this locality, thereby further alleviate the load of management equipment.
Suppose the private key request message from first communication equipment 1, this private key request message (characteristic information that comprises first communication equipment 1, as, phone number or Terminal Equipment Identifier) will receive by first receiving device 300, and provide it to extraction element 301.
Extraction element 301 will extract the characteristic information of first communication equipment 1 from this private key request message, for safety, and KMC 3Carry out authentication to first communication equipment 1, same, first communication equipment 1 also will be to KMC 3Carry out authentication (especially for 3G network).For two kinds of present network architectures, first communication equipment 1 and the KMC 3Between bidirectional authentication mechanism be discussed below respectively:
Fig. 4 a is the schematic diagram first kind of network architecture.Wherein, the webserver 4 shown in Figure 1 only by a home subscriber server 4a (hereinafter to be referred as HSS 4a) can realize that concrete flow for authenticating ID is as follows:
-KMC 3After receiving the private key request message, check oneself whether to have that (Authentication Vector comprises: RAND with first communication equipment, 1 corresponding effective five-tuple authentication vector, CK, IK, AUTN, RES) or tlv triple authentication vector (comprising: RAND, Kc, RES).Wherein, CK (Cipher Key), Kc are mainly used in and encrypt and IK (IntegrityKey) is mainly used in integrity checking.If have, then therefrom select one group of authentication vector; If no, KMC then 3To obtain device 3040 to HSS by first 4aAccess authentication vector (please refer to Diameter and MAP) based on 3GPP TS 33.102,3GPP TS 33.103 and 3GPP TS33.105, HSS 4aCan generate five-tuple or tlv triple authentication vector according to the ability of terminal, return to KMC then 3
For the situation of five-tuple authentication vector (as, in 3G network), the acquisition needs first of five-tuple authentication vector (wherein having comprised communication equipment authentication information, management equipment authentication information and the known security strategy of first communication equipment 1) obtain device 3040, second and obtain device 3041 and even tactful deriving means 3030 and finish jointly that (described three devices can be separate, also can be used as a device appears in the first safe servicing unit), after this, first authenticate device 3041 participates in following operation:
1.KMC 3(via first authenticate device 3041) sends (RAND, AUTN) and gives first communication equipment 1, and all the other elements that oneself keep in this five-tuple are (CK, IK, RES);
First communication equipment 1 according to RAND with HSS 4aIdentical mode generate identical five-tuple (RAND, CK, IK, AUTN, RES);
3. first communication equipment 1 compares AUTN and the KMC that oneself generates 3Whether the AUTN that sends is identical, if the identical KMC that then represents 3Authentication by first communication equipment 1;
4. first communication equipment 1 sends to KMC with the RES that oneself generates 3
5.KMC 3After (via first authenticate device 3041) receives the RES from first communication equipment 1, with itself and its preservation before this by HSS 4aRES in the five-tuple of sending compares, if the two identical first communication equipment 1 of then representing passes through KMC 3Authentication;
For the situation of tlv triple (as, in the 2G network), obtain device 3040 and tactful deriving means 3030 by HSS based on first 4aThe tlv triple authentication vector that the place obtains, first authenticate device 3041 participates in carrying out following operation:
1.KMC 3Transmission RAND wherein is to terminal, and all the other elements that oneself keep in this tlv triple are (Kc, RES);
First communication equipment 1 according to RAND with HSS 4aIdentical mode generates identical tlv triple (RAND, Kc, RES);
3. first communication equipment 1 sends to KMC3 with the RES in the tlv triple that oneself generates;
4.KMC 3After (via first authenticate device 3041) receives the RES from first communication equipment 1, with itself and its preservation before this by HSS 4aRES in the tlv triple of sending compares, if the two identical first communication equipment 1 of then representing passes through KMC 3Authentication;
Be not difficult to find out the limitation based on the certificate scheme of tlv triple of 2G network thus, because first communication equipment 1 can't authenticate KMC 3And only support KMC 3(network terminal) is to the unilateral authentication of first communication equipment 1 (terminal).
Fig. 4 b is the schematic diagram of second kind of network architecture.The webserver 4 shown in Figure 1 by a home subscriber server 4a (hereinafter to be referred as HSS 4a) and bootstrapping service function server 4b (hereinafter to be referred as BSF 4b) realize that concrete flow for authenticating ID (based on GBA, GenericBootstrapping Architecture) is as follows:
-receive private key request message from first communication equipment 1 after, KMC 3Also effectively whether the authentication result of at first checking the last time authentication success between itself and first communication equipment 1:
If the authentication result of authentication success effectively (in the term of validity, give tacit consent to this first communication equipment 1 and be still believable) last time, then can obtain device 302 by private key is that first communication equipment 1 obtains private key, obtains the KMC that last time obtained by tactful deriving means 3030 again 3And special-purpose session key between first communication equipment 1 (belonging to the known security strategy of a kind of first communication equipment 1), utilize this session key to come being after private key that first communication equipment 1 obtains is encrypted by encrypted private key device 3031 again, the private key after will being encrypted by private key dispensing device 3032 sends to first communication equipment 1;
If last time the authentication result of authentication success was invalid, then KMC 3To notify first communication equipment 1: need carry out authentication again.Thereafter, first communication equipment 1 will be to BSF 4bSend authentication request message, BSF 4bThen check oneself whether to have and first communication equipment, 1 corresponding effective five-tuple or tlv triple authentication vector, if any, one group of authentication vector then therefrom selected; If no, BSF then 4bNeed be to HSS 4aThe request authentication vector, HSS can generate five-tuple or tlv triple authentication vector according to the ability of first communication equipment 1, returns to BSF then 4b
For the situation of five-tuple authentication vector, first communication equipment 1 and the KMC 3Between two-way authentication comprise following process:
1.BSF 4bSend (RAND, AUTN) and BSF 4bIdentity information is given first communication equipment 1, and all the other elements that oneself keep in this five-tuple are (CK, IK, RES);
First communication equipment 1 according to RAND with HSS 4aIdentical mode generates a five-tuple, then AUTN and the BSF that relatively oneself generates 4bWhether the AUTN that sends equates, as equating then to represent BSF 4bPassed through the authentication of first communication equipment 1, that is KMC 3(KMC3 is in advance at BSF by described authentication 4bThe place has carried out registration or signatory, BSF 4bAuthorize KMC thus 3Or authentication KMC 3);
3.BSF 4bAfter the authentication by first communication equipment 1, first communication equipment 1 sends to BSF with the RES in the five-tuple that oneself generates 4b
4.BSF 4bAfter receiving RES from first communication equipment 1, with itself and its preservation before this by HSS 4aRES in the five-tuple of sending compares, and represents that then first communication equipment 1 has passed through BSF if equate 4bAuthentication;
5. BSF so far, 4b/ KMC 3Passed through the authentication of first communication equipment 1, first communication equipment 1 has also passed through BSF 4bAuthentication, below also must be by KMC 3Authenticate first communication equipment 1;
First communication equipment 1 according to Ks (=CK||IK) obtain Ks (that is, CK being connected with IK), generate key K according to Ks again S_NAF, then, according to K S_NAFGeneration belongs to authenticate key between the KMC3 and first communication equipment 1 and session key, and (this authenticate key will be realized authentication between first communication equipment 1 and the KMC3 based on HTTP digest AKA, this session key then is used for the secure communication between first communication equipment 1 and the KMC3, as, the private key safe transmission).First communication equipment 1 uses HTTPdigest AKA message (as authentication request message) to send to KMC this authenticate key 3, also comprise in the described HTTP digestAKA message as BSF 4bOut of Memory such as identity information;
7. it is pointed out that BSF 4bCan be to generate K with the same mode of first communication equipment 1 S_NAFSo,, KMC 3After the authentication request message of receiving first communication equipment 1, the BSF that provides according to first communication equipment 1 4bIdentity information to the BSF of appointment (BSF 4b) remove to obtain K S_NAF, information such as out of Memory relevant, the key term of validity with first communication equipment 1;
8.KMC 3(via its first acquisition device 3040) is from BSF 4bThe place authenticates first communication equipment 1 based on HTTP Digest AKA agreement after obtaining above-mentioned information, and after authentication was passed through, tactful deriving means 3030 just can be encrypted private key device 3031 and obtains KMC 3And the session key between first communication equipment 1 is used for this session key to send to first communication equipment 1 by private key dispensing device 3032 again to being that the private key that first communication equipment 1 obtains is encrypted by encrypted private key device 3031 again.
For the situation of tlv triple authentication vector, first communication equipment 1 and the KMC 3Between authentication comprise following process:
1.BSF 4bSend (RAND) and BSF 4bIdentity information give first communication equipment 1, oneself then keep (Kc, RES) accordingly;
First communication equipment 1 according to RAND with HSS 4aIdentical mode generates a tlv triple, and the RES that oneself generates is sent to BSF 4b
3.BSF 4bAfter receiving RES from first communication equipment 1, with itself and its preservation before this by HSS 4aThe RES that sends compares, if equate, represents that then first communication equipment 1 has passed through BSF 4bAuthentication;
With first kind of network architecture similarly, when authenticating, have limitation equally based on the 2G network of second kind of network architecture based on tlv triple, promptly first communication equipment 1 can't authenticate KMC 3Or BSF 4b(network terminal).Next, will be by KMC 3Come first communication equipment 1 is authenticated:
First communication equipment 1 according to Ks (=Kc||Kc||RAND) obtain Ks, generate key K according to Ks again S_NAF, then, according to K S_NAFGeneration belongs to KMC 3And (this authenticate key will be realized first communication equipment 1 and the KMC based on HTTP digestAKA for authenticate key between first communication equipment 1 and session key 3Between authentication, this session key then is used for first communication equipment 1 and the KMC 3Between secure communication, as, private key safe transmission).First communication equipment 1 uses HTTP digest AKA message (as authentication request message) to send to KMC this authenticate key 3, also comprise in the described HTTP digest AKA message as BSF 4bOut of Memory such as identity information;
5. it is pointed out that BSF 4bCan be to generate K with the same mode of first communication equipment 1 S_NAFSo,, KMC 3After the authentication request message of receiving first communication equipment 1, the BSF that provides according to first communication equipment 1 4bIdentity information to the BSF of appointment (BSF 4b) remove to obtain K S_NAF, information such as out of Memory relevant, the key term of validity with first communication equipment 1;
6.KMC 3(via its first acquisition device 3040) is from BSF 4bAfter the place obtains above-mentioned information, based on HTTP Digest AKA protocol authentication first communication equipment 1, after authentication is passed through, strategy deriving means 3030 just can be encrypted private key device 3031 and obtains described session key, by encrypted private key device 3031 this session key is used for sending to first communication equipment 1 by private key dispensing device 3032 again to being that the private key that first communication equipment 1 obtains is encrypted again.
KMC 3And no matter either party fails authentication by the other side between first communication equipment 1, and private key request process therebetween promptly comes to an end and ends.
If both sides are by authentication (for the authentication of tlv triple, then only needing first communication equipment 1 by authentication), judgment means 3020 will be judged KMC 3Whether prestore and belong to this first communication equipment 1 and still effective private key: if any, then by control device 3021 with the described private key that belongs to first communication equipment 1 that prestores as being the private key of its acquisition, if a plurality of described private keys that prestore are arranged, then can therefrom select one to be the private key of its acquisition as described; If there is not such private key that prestores, be that first communication equipment 1 generates private key then by private key generating apparatus 3022, the required specific algorithm of the generation of described private key can be according to the related algorithm of international standard.
Private key obtains the private key of device 302 acquisitions will be responsible for encryptions by encrypted private key device 3031, and according to different embodiment, the used key of encryption key comprises: CK (3G network) or Kc (2G network), KMC 3And the key under the session key between the communicator 1, other security strategy of knowing by first communication equipment 1.
To be responsible for sending to first communication equipment 1 by private key dispensing device 3032 through the private key of encrypting.Certainly, the granting of described private key also can be finished by out-band method.
Before address, a kind of special type is arranged in the communication equipment, as application server, for this communication equipment of application server, itself and KMC 3Between authentication can be based on private network, VPN (virtual individual net is based on ipsec technology), TLS (Transport Layer Security) or the above-mentioned authentication mode that is used for ordinary terminal.
Fig. 5 is for being used to carry out secure communication device block diagram based on the Authentication and Key Agreement of identity according to a specific embodiment of the present invention in the communication equipment of communication network.Below in conjunction with Fig. 5 and with reference to Fig. 2 this secure communication device is described in detail.Wherein, described communication equipment includes but not limited to common communication terminal such as mobile phone, landline telephone and the application server that can regard special communication terminal as.According to the present invention, described secure communication device 10 comprises: PKI generating apparatus the 100, the 3rd obtains device the 101, the 4th and obtains device 102, the 5th acquisition device 103, session key generating apparatus 104, the second assistant authentification device 105, management equipment authenticate device 106, second generating apparatus 107 and the 3rd notice device 108.Particularly, described the 3rd acquisition device 101 comprises: first generating apparatus 1010, second dispensing device 1011, the 3rd receiving system 1012 and private key decryption device 1013.Shown in each device (module) comprise the important device (module) that a plurality of embodiment occur down, for some specific embodiments wherein, may only can use the part in the shown device (module).
Before address, the secure communication between first communication equipment 1 and the second communication equipment 2 both can have been adopted the first encryption and decryption mode, also can adopt the second encryption and decryption mode, below respectively these two kinds of encryption and decryption modes was described:
First communication equipment 1 adopts the first encryption and decryption mode to carry out secure communication with second communication equipment 2
Under the first encryption and decryption mode, KMC 3The public safety parameter of issue except that comprise above illustrational every, also can comprise the hash algorithm of a RO model, HH2.
Please referring to Fig. 2, PKI generating apparatus 100 in first communication equipment 1 according to PKI relevant information and communication counterpart be second communication equipment 2 characteristic information (as, the cell-phone number of second communication equipment 2), generate the PKI of second communication equipment 2, the data to be sent (hereinafter to be referred as data to be sent) that belong to described secure communication are encrypted being used for.Wherein, described PKI relevant information can prestore and before the deadline PKI relevant information still for first communication equipment 1, also can be for obtaining device 102 by KMC by the 4th 3The PKI relevant information that the place periodically obtains.By KMC 3The PKI relevant information that the place obtains comprises two kinds of situations: from KMC 3Concrete being used to generate PKI as information such as algorithm, parameters; Or from KMC 3Be used to indicate that first communication equipment 1 uses that this first communication equipment 1 prestores where organize the indication information that algorithm and parameter are used to generate PKI.
After generating PKI, the PKI (and other parameter) that is generated by the utilization of a data encryption device (not shown) comes data to be sent are encrypted again, to obtain the data through public key encryption.
According to a specific embodiment of the present invention, the data processing to be sent in the first encryption and decryption mode can adopt following scheme:
A. first communication equipment 1 will be communicated by letter with second communication equipment 2, understands easily, and it necessarily knows certain characteristic information of second communication equipment 2, supposes that it is a cell-phone number with being without loss of generality, is shown ID 2So,, obtain b=HH (ID 2);
B. satisfying X ∈ RZ r *Prerequisite under, obtain a random number X, and then calculate U=XP, P is by KMC 3Inform in advance;
Wherein, Z rBe an Abelian group, represent given elliptic curve E (Fq), some P is P ∈ E (Fq) on elliptic curve, and the exponent number of P is r, for set point R ∈<P 〉, X ∈ [0, r-1] makes xP=R;
R is a prime number, and its meaning is: in elliptic curve cryptosystem, (x, y) as public basic point, the rank r that requires this public basic point is a Prime Orders, and makes r enough big generally to choose P=on E (Fq).
C. calculate otp=HH2 (^t (and bP, sP) X), wherein, sP is KMC 3Fa Bu Your Majesty's key before this, the PKI (PUB of bP and second communication equipment 2 2) relevant (PUB 2=bP+sP);
D. data to be sent are shown msg1, calculate V=msg1XORotp;
E. first communication equipment 1 sends to second communication equipment 2:U by a data dispensing device (not shown) with following message, V, and the characteristic information of first communication equipment 1 is ID 1, KMC 3The identification information in affiliated territory.
After the second communication equipment 2 of a described secure communication device 10 is disposed in above-mentioned information arrival equally, after a data receiving system (not shown) reception, carry out following operation:
F. by the 3rd obtain device 101 via secured channels by the KMC under the second communication equipment 2 3The place obtains the private key of second communication equipment 2, and particularly, first generating apparatus 1010 generates private key request messages (Privatekey REQ), wherein comprise second communication equipment 2 characteristic information (as, the cell-phone number of second communication equipment 2 is shown ID 2); The private key request message that generates is responsible for being sent to KMC by second dispensing device 1011 3Under the prerequisite that both sides trust mutually, KMC3 will obtain private keys and will utilize private key after second communication equipment 2 known security strategies are encrypted to return to second communication equipment 2 (wherein, described second communication equipment 2 known security strategies include but not limited to: and CK in the second communication equipment 2 corresponding five-tuples or the session key between second communication equipment 2 and the KMC3 etc.) for second communication equipment 2; After the 3rd receiving system 1012 receives described encrypted private key, by private key decryption device 1013 it is decrypted and (utilizes CK or second communication equipment 2 and KMC 3Between session key etc.), the private key that obtains second communication equipment 2 (is shown PRIV 2);
It should be noted that KMC 3When the public safety parameter is sent to each communication equipment; usually also can inform the term of validity of private key; therefore; preferably; each communication equipment can keep the private key that it was last time applied in this locality, and at every turn before KMC application private key, communication equipment need judge whether the local private key of being stored is effective; if this private key is expired or notifications when needing its public safety parameter of involuntary conversion, communication equipment is just to KMC application private key.Also have, communication equipment can once apply for a plurality of private keys and be stored in this locality to KMC, thereby can be behind the expiration of licence of a last private key, can be directly be in next private key in the term of validity in this locality extraction, thereby can reduces the load of KMC.
After second communication equipment 2 obtains the private key of oneself, carry out following operation:
G. calculate DD=^t (PRIV 2, U), ^t is by KMC 3Inform before this;
H. calculate otp=HH2 (DD), HH2 is by KMC 3Inform before this;
I. utilize formula msg1=VXORotp to obtain msg1 also promptly through decrypted data.
Consider the amphicheirality of communication, second communication equipment 2 mails to the processing of the data to be sent that belong to secure communication of first communication equipment 1 and all identical with said process to the decryption processing of enciphered data at first communication equipment, 1 place, repeats no more for simplicity's sake.
Wherein, the KMC (KMC3) that the second assistant authentification device 105 is responsible under the auxiliary means of communication (as first communication equipment 1) comes first communication equipment 1 is carried out authentication, management equipment authenticate device 106 then is responsible for the KMC3 under first communication equipment 1 is carried out authentication, and concrete verification process please refer to above the related description of the present invention's first aspect being done in conjunction with Fig. 4 a and Fig. 4 b.
The above-mentioned communicating pair that is directly utilizes public and private key to carrying out an instantiation of secure communication, and it will be appreciated by those skilled in the art that this scheme can realize, but also have certain problem, such as, cause the management equipment treatment effeciency lower etc. easily.
For this reason, the invention provides the more preferred encryption and decryption mode of another kind, see for details as follows:
First communication equipment 1 adopts the second encryption and decryption mode to carry out secure communication with second communication equipment 2
The core that adopts this encryption and decryption mode to carry out secure communication is, needs to consult to generate session key (SessionKey) between first communication equipment 1 and the second communication equipment 2 and uses it for to the encryption of data to be sent with to the deciphering of respective encrypted data.
Particularly, second generating apparatus 107 of first communication equipment 1 (secure communication initiator) generates session key second relevant information, and gives the 3rd notice device 108 to inform that communication counterpart is a second communication equipment 2.Wherein, according to a specific embodiment of the present invention, described second relevant information comprises the characteristic information of first communication equipment 1, the identification information and the parameter A in the affiliated territory of KMC (KMC3) under first communication equipment 1 KADeng.Wherein, second generating apparatus 107 generates A KACan be according to following formula:
A KA=X(bP+s2P),
Wherein, X is the random number that first communication equipment 1 generates, and satisfies X ∈ RZ r *, be the PKI of second communication equipment 2 (bP+s2P), need to prove, herein with KMC 3Your Majesty's key be shown s2P to be mainly what emphasize to use in the formula herein be Your Majesty's key of the management equipment under the second communication equipment 2.BP is relevant (because of the PKI PUB of second communication equipment 2 with the PKI based on characteristic information of second communication equipment 2 2=bP+s2P, b=HH (ID 2)).
The above-mentioned information that first communication equipment 1 is notified to second communication equipment 2 obtains device 103 acquisitions by the 5th in the secure communication device 10 on the second communication equipment 2.
As response, second communication equipment 2 can and provide corresponding session key second relevant information for 1 generation of first communication equipment equally, and its session key second relevant information that offers first communication equipment 1 comprises: the identification information and the B parameter in territory under the KMC (KMC3) under the characteristic information of second communication equipment 2, the second communication equipment 2 KADeng.Wherein, B KAGeneration can be according to following formula:
B KA=Y(aP+s1P),
Wherein, Y is the random number that second communication equipment 2 generates, and satisfies Y ∈ RZ r *, be the PKI of first communication equipment 1 (aP+s1P), need to prove, herein with KMC 3Your Majesty's key be shown s1P to be mainly what emphasize to use in the formula herein be Your Majesty's key of the management equipment under first communication equipment 1.Understand easily, in situation as shown in Figure 2, because first communication equipment 1,2 belongs to KMC 3, s1P=s2P belongs to the situation of different K MC for communicating pair, and s1P and s2P are with inequality.AP is relevant (because of the PKI PUB of first communication equipment 1 with the PKI based on characteristic information of first communication equipment 1 1=aP+s1P, a=HH (ID 1)).
At this moment, for generating session key, communicating pair also needs private key separately, so first communication equipment 1 and second communication equipment 2 are respectively to KMC 3Request private key separately, preferably, after this above-mentioned each communication equipment and KMC 3Between carry out authentication (for simplicity's sake, detailed process being repeated no more), the authentication pass through after, the private key that first communication equipment 1,2 will obtain separately.
Session key in the session key generating apparatus 104 of first communication equipment 1 generates can be according to following formula:
SessionKey 1=^t(B KA,PRIV 1) X
Wherein, SessionKey 1To be used for data to be sent being encrypted by first communication equipment 1, and the enciphered data that belongs to this secure communication from second communication equipment 2 will be decrypted in this secure communication.
Correspondingly, second communication equipment 2 has obtained the private key PRIV of oneself equally 2Thereby, generate session key, specifically can be according to following formula:
SessionKey 2=^t(A KA,PRIV 2) Y
Wherein, SessionKey 2To be used for data to be sent being encrypted by second communication equipment 2, and the enciphered data that belongs to this secure communication from first communication equipment 1 will be decrypted in this secure communication.
In theory, SessionKey 1=SessionKey 2, also, first communication equipment 1 utilizes symmetric key to carry out secure communication with second communication equipment 2 under the second encryption and decryption mode.
Fig. 6 is for being used for the auxiliary second safe servicing unit block diagram that carries out based on the Authentication and Key Agreement of identity according to a specific embodiment of the present invention in the webserver of communication network.This second safe servicing unit 40 comprises: first generator 400, second generator 401 preferably, also comprise the 3rd generator 402.Below in conjunction with Fig. 6 and with reference to Fig. 4 a and Fig. 4 b this second safe servicing unit is described, please refer to before this relevant explanation to the authentication process in a first aspect of the present invention in conjunction with Fig. 4 a and Fig. 4 b.
Before address, for situation shown in Fig. 4 a, the webserver 4 shown in Figure 1 is only by a HSS 4aCan realize HSS 4aIn this case the function of Shi Xianing mainly be for KMC3 provide with communication equipment (as, first communication equipment 1) carries out the required information of authentication (communication equipment authentication information, management equipment authentication information) between, be example with the five-tuple authentication vector specifically, communication equipment authentication information (comprising RAND, RES in this example) is provided by first generator 400; Management equipment authentication information (comprising RAND, AUTN in this example) is provided by second generator 401, and first communication equipment, 1 known security strategy (comprising CK in this example) will be provided by the 3rd generator.Those skilled in the art should understand, what above-mentioned first, second and third generator can be for one, promptly finish their function corresponding by a generator.
And for the situation shown in Fig. 4 b, the webserver 4 comprises HSS among Fig. 1 4aAnd BSF 4bAs the two being regarded as the webserver of an integral body, its function that is realized in this example is (being example with the five-tuple authentication vector still): replace KMC3 to assist 1 couple of KMC3 of first communication equipment to authenticate, in fact, that first communication equipment 1 authenticates is BSF4b, because BSF4b authorizes KMC3, therefore can think BSF4b authenticated to equal KMC3 is authenticated.In addition, BSF4b also authenticates first communication equipment 1.
In this example, BSF4b will provide as K for KMC3 S_NAF, information such as out of Memory relevant, the key term of validity with first communication equipment 1, KMC 3Again with HTTP Digest AKA protocol authentication first communication equipment 1.
Fig. 7 is for being used to carry out method flow diagram based on the Authentication and Key Agreement of identity according to a specific embodiment of the present invention in communication network.In view of from the angle of communication equipment, management equipment and the webserver this scheme being described in detail, below only briefly introduce at above coupling apparatus block diagram.Please in conjunction with the accompanying drawings referring to above to the description of first, second and the third aspect of the present invention.This method starts from step S10:
In step S10, first communication equipment 1 and second communication equipment 2 respectively based on the other side's characteristic information (as, phone number or Terminal Equipment Identifier) and the PKI relevant information (comprising: the hash algorithm HH of generator P, RO (Random Oracle) model etc.) generate the PKI of communication counterpart separately, secure communication with therebetween specifically comprises: be used for the secure communication under the first encryption and decryption mode and be used for secure communication under the second encryption and decryption mode.Wherein, the second encryption and decryption mode is more preferred.
For the first or second encryption and decryption mode, to be decrypted or generate session key to data to carry out data encryption/decryption through public key encryption, first communication equipment 1 all need be respectively to its affiliated separately management equipment acquisition private key separately in step S11 with second communication equipment 2, particularly, with first communication equipment, 1 side is example, and step S11 realizes by following flow process:
-the first communication equipment 1 generates the private key request message, comprises the characteristic information such as the cell-phone number of first communication equipment 1 in the described private key request message of generation;
-for safety, first communication equipment 1 and its affiliated management equipment (KMC 3) between also to experience mutual authentication, wherein, for the authentication mode based on tlv triple, first communication equipment 1 possibly can't be to KMC 3Authenticate, see also above relevant the introduction;
If KMC is passed through in-authentication 3To obtain its private key for first communication equipment 1, wherein, not with corresponding available the prestoring during private key of first communication equipment 1, the private key of first communication equipment 1 needs to generate based on its characteristic information, its concrete generating algorithm should be that those skilled in the art know, for simplicity's sake, do not give unnecessary details at this;
-be after first communication equipment 1 obtains private key, KMC 3To offer first communication equipment 1 for the private key of its acquisition, thus the task of completing steps S11.
Periodically, management equipment will be provided public safety parameter (including but not limited to information such as PKI relevant information, session key first relevant information and parameter, the private key term of validity) to each communication equipment of its subordinate, generate PKI for communication equipment, and, preferably, generate session key and be used for secure communication.Wherein, according to a specific embodiment of the present invention, the generation of the session key between first communication equipment 1 and the second communication equipment 2 also need first communication equipment 1,2 to its separately communication counterpart provide session key second relevant information (as, A KADeng).Communicating pair will obtain session key first relevant information and session key second relevant information in step S12 and S13.
Based on this, communicating pair will have the ability to generate session key (shown in step S14 among Fig. 7), thus practicable preferred a kind of encryption and decryption mode provided by the present invention.
More than embodiments of the invention are described, but the present invention is not limited to specific system, equipment and concrete agreement, algorithm etc., those skilled in that art can make various distortion or modification within the scope of the appended claims.

Claims (31)

1. one kind is used for the auxiliary first safe servicing unit that carries out based on the Authentication and Key Agreement of identity in the management equipment of communication network, it is characterized in that, obtains its private key according to the characteristic information of communication equipment for this communication equipment, to be used for secure communication.
2. the according to claim 1 first safe servicing unit is characterized in that, comprising:
First receiving device is used to receive the private key request message from described communication equipment, wherein comprises the characteristic information of this communication equipment;
Extraction element is used for the described characteristic information by described this communication equipment of private key request message extraction;
Private key obtains device, is used for according to described characteristic information, for this communication equipment obtains its private key;
The private key generator utilizes the known security strategy of this communication equipment, and the described private key that is obtained is offered this communication equipment.
3. the according to claim 1 and 2 first safe servicing unit is characterized in that, also comprises:
The communication equipment authenticate device is used for this communication equipment is authenticated, to generate a communication equipment authentication result;
Wherein, described private key obtains device and also is used for, if described communication equipment authentication result shows the authentication of this communication equipment by this management equipment, then the described characteristic information according to this communication equipment obtains its private key for this communication equipment.
4. the according to claim 3 first safe servicing unit is characterized in that, described communication equipment authenticate device comprises:
First deriving means is used for the characteristic information according to described communication equipment, the webserver obtaining communication device authentication information under this communication equipment;
First authenticate device is used for based on the described communication equipment authentication information that is obtained this communication equipment being authenticated, to generate described communication equipment authentication result.
5. according to each described first safe servicing unit among the claim 1-4, it is characterized in that, also comprise:
The first assistant authentification device is used for auxiliary described communication equipment this management equipment is authenticated.
6. the according to claim 5 first safe servicing unit is characterized in that, the described first assistant authentification device comprises:
Second deriving means is used for the characteristic information according to described communication equipment, and the webserver under this communication equipment obtains the management equipment authentication information;
Controlled assistant authentification device is used for based on the described management equipment authentication information that is obtained, and auxiliary this communication equipment authenticates this management equipment.
7. according to each described first safe servicing unit among the claim 2-6, it is characterized in that described private key obtains device and comprises:
Judgment means is used for the described characteristic information according to this communication equipment, judges whether to exist and the corresponding private key that effectively prestores of this communication equipment;
Control device is used for effectively prestoring during private key when existing with this communication equipment is corresponding, with the described private key that prestores as described private key for this communication equipment acquisition;
The private key generating apparatus is used for effectively prestoring during private key when not existing with this communication equipment is corresponding, according to the characteristic information of this communication equipment, is that it generates private key.
8. according to each described first safe servicing unit among the claim 2-7, it is characterized in that described private key generator comprises:
The strategy deriving means is used for the described characteristic information according to this communication equipment, obtains the known security strategy of this communication equipment;
The encrypted private key device is used for based on described security strategy, and the described private key that generates is carried out encryption, to generate the private key through encryption;
The private key dispensing device is used for described private key through encryption is sent to described communication equipment.
9. according to each described first safe servicing unit among the claim 1-8, it is characterized in that, also comprise:
First notifying device, be used for a PKI relevant information is notified each communication equipment of this management equipment subordinate, described PKI relevant information is used for combining with the characteristic information of its communication counterpart separately at described each communication equipment place, communicates with the corresponding PKI that is used for described secure communication of the other side with generation.
10. according to each described first safe servicing unit among the claim 1-9, it is characterized in that, also comprise:
Second notifying device, be used for session key first relevant information is notified each communication equipment of this management equipment subordinate, described session key first relevant information is used for combining with its private key separately at described each communication equipment place, is used for the session key of described secure communication with generation.
11. the management equipment in communication network is characterized in that, described management equipment comprises according to each described first safe servicing unit among the claim 1-10.
12. secure communication device that in the communication equipment of communication network, is used to carry out based on the Authentication and Key Agreement of identity, it is characterized in that, generate the PKI of described communication counterpart and obtain the private key of this communication equipment according to the characteristic information of its communication counterpart, to be used for secure communication by the management equipment place under this communication equipment.
13. secure communication device according to claim 12 is characterized in that, comprising:
The PKI generating apparatus is used for the characteristic information according to the communication counterpart of PKI relevant information and this communication equipment, generates the PKI of its communication counterpart, to be used for described secure communication.
14. secure communication device according to claim 13 is characterized in that, also comprises:
The 3rd obtains device, is used for being obtained and the corresponding private key of this communication equipment by the management equipment place under the described communication equipment.
15. the secure communication device according to claim 14 is stated is characterized in that, also comprises:
The 4th obtains device, is used for obtaining the PKI relevant information by the management equipment place under this communication equipment, and described PKI relevant information is used for generation by this communication equipment and communicates with the corresponding PKI of the other side.
16. secure communication device according to claim 15 is characterized in that, also comprises:
The 5th obtains device, is used for obtaining session key first relevant information by the management equipment place under this communication equipment, and obtains session key second relevant information by described communication counterpart place;
The session key generating apparatus, be used for private key according to the PKI of described session key first relevant information that is obtained, session key second relevant information, the described communication counterpart that generated and this communication equipment of being obtained, generate session key, to be used for described secure communication.
17., it is characterized in that the described the 3rd obtains device comprises according to each described secure communication device among the claim 14-16:
First generating apparatus is used to generate the private key request message, wherein comprises the characteristic information of this communication equipment;
Second dispensing device is used to send described private key request message to described management equipment;
The 3rd receiving system is used to receive the private key through encryption from this management equipment;
The private key decryption device is used to the security strategy of utilizing this communication equipment known, described private key through encryption is decrypted, to generate the private key through decryption processing.
18. according to each described secure communication device among the claim 12-17, it is characterized in that, also comprise:
The second assistant authentification device is used for the authentication of auxiliary this management equipment execution to this communication equipment.
19. according to each described secure communication device among the claim 12-18, it is characterized in that, also comprise:
The management equipment authenticate device is used for this management equipment is authenticated, to generate the management equipment authentication result;
Described the 3rd receiving system also is used for, and when described management equipment authentication result shows that this management equipment is passed through the authentication of this communication equipment, receives the described private key through encryption from this management equipment.
20. according to each described secure communication device among the claim 13-19, it is characterized in that, also comprise:
Second generating apparatus is used to utilize described and the corresponding PKI of this communication counterpart generates session key second relevant information;
The 3rd notice device is used for notifying described communication counterpart with described session key second relevant information that is generated.
21. the communication equipment in communication network is characterized in that, comprises according to each described secure communication device among the claim 12-20.
22. one kind is used for the auxiliary second safe servicing unit that carries out based on the Authentication and Key Agreement of identity in the webserver of communication network, it is characterized in that, comprising:
First generator is used to described management equipment that the communication equipment authentication information is provided;
Second generator is used to described management equipment that the management equipment authentication information is provided.
23. the according to claim 22 second safe servicing unit is characterized in that, also comprises:
The 3rd generator is used to described management equipment to provide communication equipment known security strategy.
24., it is characterized in that the described webserver comprises home subscriber system or bootstrapping service function server according to claim 22 or 23 described second safe servicing units.
25. a method that is used to carry out in communication network based on the Authentication and Key Agreement of identity is characterized in that, may further comprise the steps:
A. first communication equipment and second communication equipment are according to its characteristic information of communication counterpart separately, generate its PKI of communication counterpart separately, to be used for secure communication, wherein, described first communication equipment and described second communication equipment each other communication counterpart each other in described secure communication;
B. described first communication equipment and described second communication equipment obtain its private key separately by its affiliated separately management equipment place, to be used for described secure communication.
26. method according to claim 25 is characterized in that, described step b comprises:
B1. described first, second communication equipment obtains private key to its affiliated separately management equipment request;
B2. the affiliated separately management equipment of described first, second communication equipment is that described first, second communication equipment obtains private key respectively based on described first, second communication equipment characteristic information separately;
B3. the affiliated separately management equipment of described first, second communication equipment will be notified described first, second communication equipment respectively for the private key that described first, second communication equipment obtains respectively.
27. according to claim 25 or 26 described methods, it is characterized in that, further comprising the steps of:
-described first communication equipment and described second communication equipment obtain the PKI relevant information by its affiliated separately management equipment place, and described PKI relevant information is used for combining to generate the PKI that is used for described secure communication of its communication counterpart with the characteristic information of its communication counterpart separately at described first, second communication equipment place.
28. method according to claim 27 is characterized in that, and is further comprising the steps of:
-described first communication equipment and described second communication equipment obtain session key first relevant information by its affiliated separately management equipment place;
-described first communication equipment and described second communication equipment obtain session key second relevant information in the communication counterpart place separately by it;
Wherein, first, second relevant information of described session key be used for described first, second communication equipment and communication counterpart place separately thereof with its separately private key combine and be used for the session key of described secure communication with generation.
29. method according to claim 28 is characterized in that, also comprises:
-described first, second communication equipment is according to the PKI of its described session key first relevant information that is obtained separately, session key second relevant information, its communication counterpart of being generated separately and the private key separately that is obtained separately, generate session key, to be used for described secure communication.
30. according to each described method among the claim 25-29, it is characterized in that, among the described step b, also comprise between step b1 and the b2:
Management equipment under-described first communication equipment authenticates described first communication equipment, and the management equipment under the described second communication equipment authenticates described second communication equipment;
Described step b2 also comprises,
If-described first communication equipment is by the authentication of management equipment under it, management equipment obtains private key based on the characteristic information of first communication equipment for it under it; And
If-described second communication equipment is by the authentication of management equipment under it, management equipment obtains private key based on the characteristic information of second communication equipment for it under it.
31. according to each described method among the claim 25-30, it is characterized in that, among the described step b, also comprise between described step b1 and the b3:
-described first, second communication equipment authenticates the management equipment under it respectively.
CNA2007100381605A 2007-03-15 2007-03-15 Identity authentication and secret key negotiation method and device in communication network Pending CN101267301A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA2007100381605A CN101267301A (en) 2007-03-15 2007-03-15 Identity authentication and secret key negotiation method and device in communication network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA2007100381605A CN101267301A (en) 2007-03-15 2007-03-15 Identity authentication and secret key negotiation method and device in communication network

Publications (1)

Publication Number Publication Date
CN101267301A true CN101267301A (en) 2008-09-17

Family

ID=39989457

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2007100381605A Pending CN101267301A (en) 2007-03-15 2007-03-15 Identity authentication and secret key negotiation method and device in communication network

Country Status (1)

Country Link
CN (1) CN101267301A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011017851A1 (en) * 2009-08-14 2011-02-17 上海贝尔股份有限公司 Method for accessing message storage server securely by client and related devices
CN103095704A (en) * 2013-01-15 2013-05-08 杭州华三通信技术有限公司 Trusted medium online validation method and device
CN103326853A (en) * 2012-03-22 2013-09-25 中兴通讯股份有限公司 Method and device for upgrading secret key
CN104065483A (en) * 2014-06-06 2014-09-24 武汉理工大学 Identity-based cryptograph (IBC) classified using method of electronic communication identities
WO2015013915A1 (en) * 2013-07-31 2015-02-05 华为技术有限公司 Authentication method, method of generating credentials, and associated device
WO2015061992A1 (en) * 2013-10-30 2015-05-07 华为终端有限公司 Key configuration method, system and apparatus
CN104753682A (en) * 2015-04-03 2015-07-01 北京云安世纪科技有限公司 Generating system and method of session keys
CN103929299B (en) * 2014-04-28 2017-05-10 王小峰 Self-securing lightweight network message transmitting method with address as public key
CN107210915A (en) * 2014-10-09 2017-09-26 凯里赛克公司 It is mutually authenticated
CN108601024A (en) * 2018-05-10 2018-09-28 句容沣润塑料制品有限公司 A kind of Lightweight Identify Authentication and platform differentiate appraisal procedure
CN112311752A (en) * 2020-05-09 2021-02-02 杭州绿鲸科技有限公司 Internet of things smart meter safety system and implementation method
CN115484025A (en) * 2022-08-31 2022-12-16 中汽创智科技有限公司 Vehicle encrypted communication method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1633071A (en) * 2005-01-14 2005-06-29 南相浩 Method and apparatus for cipher key generation based on identification
CN1642073A (en) * 2004-01-17 2005-07-20 神州亿品科技(北京)有限公司 Group key consultation and updating method for wireless LAN
CN1688176A (en) * 2005-05-16 2005-10-26 航天科工信息技术研究院 Method for implementing wireless authentication and data safety transmission based on GSM network
CN1801697A (en) * 2005-01-07 2006-07-12 华为技术有限公司 Method for arranging key in IP multimedia service subsystem network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1642073A (en) * 2004-01-17 2005-07-20 神州亿品科技(北京)有限公司 Group key consultation and updating method for wireless LAN
CN1801697A (en) * 2005-01-07 2006-07-12 华为技术有限公司 Method for arranging key in IP multimedia service subsystem network
CN1633071A (en) * 2005-01-14 2005-06-29 南相浩 Method and apparatus for cipher key generation based on identification
CN1688176A (en) * 2005-05-16 2005-10-26 航天科工信息技术研究院 Method for implementing wireless authentication and data safety transmission based on GSM network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
许怡娴等: "基于身份的加密方案在电子邮件系统中的应用研究", 《华北电力大学学报》 *

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011017851A1 (en) * 2009-08-14 2011-02-17 上海贝尔股份有限公司 Method for accessing message storage server securely by client and related devices
CN103326853A (en) * 2012-03-22 2013-09-25 中兴通讯股份有限公司 Method and device for upgrading secret key
WO2013139254A1 (en) * 2012-03-22 2013-09-26 中兴通讯股份有限公司 Key updating method and device
CN103095704A (en) * 2013-01-15 2013-05-08 杭州华三通信技术有限公司 Trusted medium online validation method and device
WO2015013915A1 (en) * 2013-07-31 2015-02-05 华为技术有限公司 Authentication method, method of generating credentials, and associated device
CN104584477A (en) * 2013-07-31 2015-04-29 华为技术有限公司 Authentication method, method of generating credentials, and associated device
CN104584477B (en) * 2013-07-31 2017-11-17 华为技术有限公司 Authentication method, the method and relevant apparatus for generating credential
WO2015061992A1 (en) * 2013-10-30 2015-05-07 华为终端有限公司 Key configuration method, system and apparatus
CN103929299B (en) * 2014-04-28 2017-05-10 王小峰 Self-securing lightweight network message transmitting method with address as public key
CN104065483A (en) * 2014-06-06 2014-09-24 武汉理工大学 Identity-based cryptograph (IBC) classified using method of electronic communication identities
CN104065483B (en) * 2014-06-06 2017-05-10 武汉理工大学 Identity-based cryptograph (IBC) classified using method of electronic communication identities
CN107210915A (en) * 2014-10-09 2017-09-26 凯里赛克公司 It is mutually authenticated
US10511596B2 (en) 2014-10-09 2019-12-17 Kelisec Ab Mutual authentication
CN104753682A (en) * 2015-04-03 2015-07-01 北京云安世纪科技有限公司 Generating system and method of session keys
CN104753682B (en) * 2015-04-03 2019-05-14 北京奇虎科技有限公司 A kind of generation system and method for session code key
CN108601024A (en) * 2018-05-10 2018-09-28 句容沣润塑料制品有限公司 A kind of Lightweight Identify Authentication and platform differentiate appraisal procedure
CN108601024B (en) * 2018-05-10 2019-08-30 句容沣润塑料制品有限公司 A kind of Lightweight Identify Authentication and platform identify appraisal procedure
CN112311752A (en) * 2020-05-09 2021-02-02 杭州绿鲸科技有限公司 Internet of things smart meter safety system and implementation method
CN115484025A (en) * 2022-08-31 2022-12-16 中汽创智科技有限公司 Vehicle encrypted communication method and device

Similar Documents

Publication Publication Date Title
CN111953705B (en) Internet of things identity authentication method and device and power Internet of things identity authentication system
CN101267301A (en) Identity authentication and secret key negotiation method and device in communication network
CN101005359B (en) Method and device for realizing safety communication between terminal devices
CN101189827B (en) Method for inclusive authentication and management of service provider, terminal and user identity module, and system and terminal device using the method
EP2291971B1 (en) Method and apparatus for machine-to-machine communication
CN113612605B (en) Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology
CN101183938B (en) Wireless network security transmission method, system and equipment
CN103491540B (en) The two-way access authentication system of a kind of WLAN based on identity documents and method
CN101969638B (en) Method for protecting international mobile subscriber identity (IMSI) in mobile communication
CN106789042B (en) Authentication key negotiation method for user in IBC domain to access resources in PKI domain
CN111050322B (en) GBA-based client registration and key sharing method, device and system
CN1929371B (en) Method for negotiating key share between user and peripheral apparatus
CN103354498A (en) Identity-based file encryption transmission method
CN102299797A (en) Authentication method, key distribution method and authentication and key distribution method
CN110087239A (en) Based on the anonymous access authentication and cryptographic key negotiation method and device in 5G network
EP2984782A1 (en) Method and system for accessing device by a user
CN108964897B (en) Identity authentication system and method based on group communication
CN109981292B (en) SM9 algorithm-based authentication method, device and system
CN101159639A (en) One-way access authentication method
CN101296107B (en) Safe communication method and device based on identity identification encryption technique in communication network
CN114765534B (en) Private key distribution system and method based on national secret identification cryptographic algorithm
CN113630407A (en) Method and system for enhancing transmission security of MQTT protocol by using symmetric cryptographic technology
CN108259486B (en) End-to-end key exchange method based on certificate
CN114398602A (en) Internet of things terminal identity authentication method based on edge calculation
KR101351110B1 (en) Apparatus and method of transmitting/receiving encrypted data in a communication system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C53 Correction of patent of invention or patent application
CB02 Change of applicant information

Address after: 201206 Pudong Jinqiao Export Processing Zone, Nanjing Road, No. 388, Shanghai

Applicant after: Shanghai Alcatel-Lucent Co., Ltd.

Address before: 201206 Pudong Jinqiao Export Processing Zone, Nanjing Road, No. 388, Shanghai

Applicant before: Beier Aerkate Co., Ltd., Shanghai

COR Change of bibliographic data

Free format text: CORRECT: APPLICANT; FROM: BEIER AERKATE CO., LTD., SHANGHAI TO: SHANGHAI ALCATEL-LUCENT CO., LTD.

CB02 Change of applicant information
CB02 Change of applicant information

Address after: 201206 Pudong Jinqiao Export Processing Zone, Nanjing Road, No. 388, Shanghai

Applicant after: Shanghai NOKIA Baer Limited by Share Ltd

Address before: 201206 Pudong Jinqiao Export Processing Zone, Nanjing Road, No. 388, Shanghai

Applicant before: Shanghai Alcatel-Lucent Co., Ltd.

RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20080917