CN101505479B - Safe context negotiation method and system in authentication process - Google Patents
Safe context negotiation method and system in authentication process Download PDFInfo
- Publication number
- CN101505479B CN101505479B CN200910079987.XA CN200910079987A CN101505479B CN 101505479 B CN101505479 B CN 101505479B CN 200910079987 A CN200910079987 A CN 200910079987A CN 101505479 B CN101505479 B CN 101505479B
- Authority
- CN
- China
- Prior art keywords
- authentication
- mme
- authentication request
- safe context
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method and a system for negotiating security context during the re-authentication and key agreement under the state that the security context is activated, which are used for solving the problem that UE fails to perform the AKA again under the state that NAS security context is activated. An MME performs encryption and integrity protection on an authentication request by using the current security context to ensure that an authentication request message can successfully pass the processing of the UE on a NAS message; and the method and the system trigger the MME and the UE to stop using the current NAS security context through the authentication request message, ensure that the UE and the MME can perform plaintext processing on subsequent authentication requests and the second AKA which possibly appears subsequently, and save the processing time of the UE and the MME.
Description
Technical field
The present invention relates to the machinery of consultation of safe context in mobile communication system, especially relate under a kind of state having activated at safe context, carry out Authentication and Key Agreement (AKA again, Authenticate andKeyAssociation) time, the machinery of consultation of safe context and system.
Background technology
Third generation partner program (3GPP) Long Term Evolution (LTE, Long Term Evolution) system/System Architecture Evolution (SAE, System Architecture Evolution) signaling plane access security adopt two-layer security architecture, that is to say, Access Layer (AS, Access Stratum) and Non-Access Stratum (NAS, Non Access Stratum) security mechanism separate, have separately oneself independently safe context.AS safe context ends at enode (eNB; evolved Node B); by eNB, be responsible for generating the safe context that develops and manages AS; eNB is by sending AS safe mode command (AS SMC; ASSecurity Mode Command) activation AS safe context; after AS safe context activates; radio resource control information between UE and eNB (RRC, Radio Resource Control) and user plane messages all will be encrypted and be carried out integrity protection.NAS safe context ends at mobile management entity (MME, Mobility Management Entity), by MME, is responsible for generating the safe context of setting up, preserving and manage NAS.NAS safe context is by NAS safe mode command (NAS SMC, NAS SecurityMode Command) message activation, and after NAS safe context activates, all NAS message is encrypted and carry out integrity protection.Key in NAS layer and AS layer safe context is all to send K by root key
aSMEraw, K
aSMEby user, serve identification module (USIM, User Service Identify Module) and home subscriber server (HSS, Home Subscriber Server) by AKA, produce, when NAS counter arrives the value of setting, or the reasons such as carrier network collocation strategy, UE and network can start AKA mechanism and again authenticate and upgrade K
aSME.
At present in technical scheme; in AKA process; USIM and HSS have taked measure to protect parameters for authentication; therefore in order to improve communication efficiency; authentication request and authentication response (belonging to NAS message) are not used AS or NAS safe context to protect, and are all with expressly sending.But there is defect in this scheme: because MME and UE activate after NAS safe context by NAS security command process, NAS message all between network and UE all will be carried out Confidentiality protection and integrity protection, cause UE and network cannot re-start AKA.Because when MME transmission authentication request notice UE is AKA again, to use clear-text way to send authentication request message, and UE will be used NAS safe context to be decrypted and integrity verification the authentication request of receiving, clearly the result of deciphering and integrity verification is wrong, so, UE can, by authentication request message as dead message, discard, and causes authentication to carry out.Unless UE must first remove registration, stop using after current NAS safe context AKA again.
Summary of the invention
In view of this, main purpose of the present invention is to provide in a kind of AKA process, and the machinery of consultation of safe context solves the problem of AKA again under the state that UE activates at NAS safe context.
For achieving the above object, technical scheme of the present invention is achieved in that
A safe context negotiation method in verification process, comprising:
When user equipment (UE) and network authenticate under current Non-Access Stratum NAS safe context state of activation; mobile management entity MME is used current NAS safe context to carry out integrity protection and encryption to the authentication request message that sends to UE; user serves after identification module USIM authentication verification parameter, and UE is used and expressly sends authentication response or authenticate refusal to MME.
Further, MME sends after authentication request message, stops using or delete up current NAS safe context, expressly processes the up non access stratum NAS message that UE sends; UE is decrypted and integrity verification processing by the authentication request message that current NAS safe context sends MME.
Further, when UE processes authentication request message with current NAS safe context, if processed unsuccessfully, expressly send authentication request takes defeat message to MME to UE, MME receives and takes defeat after message, resends and is encrypted with the authentication request message of integrity protection to UE with current NAS safe context; If UE processes authentication request message success, USIM carries out authentication token checking and produces parameters for authentication RES.
Further, after USIM authentication verification token, UE stops using or deletes current up-downgoing NAS safe context.
Further, if USIM authentication verification token is correct, UE is with expressly sending authentication response message to MME; If USIM authentication verification token is incorrect, UE is with expressly sending authentication refuse information to MME.
Further, the parameter X RES comparison that the parameters for authentication RES in the authentication response message that MME sends UE and home subscriber server HSS send, if both are identical, MME deletes the current NAS safe context of up-downgoing.
Further, MME receives after the authentication refuse information that UE sends, and is again the Authentication and Key Agreement AKA under state expressly.
Another object of the present invention is to provide a kind of negotiating system of safe context, for achieving the above object, technical scheme of the present invention is achieved in that
A safety context negotiation system in verification process, comprises user equipment (UE) and mobile management entity MME,
Described MME also comprises:
Authentication request is encrypted and integrity protection module, for using current NAS safe context to be encrypted and integrity protection authentication request message, and authentication request message is sent to UE;
Up safe context deexcitation module, for stopping using up current NAS safe context, the up NAS message that UE is sent is carried out plaintext and is processed;
The first current safety context removing module, for receiving after the authentication response message or authentication refuse information that UE sends, deletes the current NAS safe context that is carrying out having activated before AKA;
Described UE also comprises:
Authentication request deciphering and integrity verification module, for being used current NAS safe context to be decrypted and integrity verification the authentication request message of receiving;
Authentication module, obtains parameters for authentication and carries out authentication token checking, sequence number inspection and produce parameters for authentication RES for the authentication request from described authentication request deciphering and integrity verification resume module; If it is correct that authentication token and identification sequences number check, UE is with expressly sending authentication response message to MME; Otherwise UE is with expressly sending authentication refuse information to MME;
The second current safety context removing module, for deleting current NAS safe context before sending authentication response message or authenticating refuse information.
Further, described UE side also comprises:
Authentication request result judge module, for the result of described authentication request deciphering and integrity verification module is judged, unsuccessfully sends authentication request if process and takes defeat message to MME; Otherwise parameters for authentication is passed to described authentication module;
Described MME also comprises:
Retransmit authentication request module; the authentication request message that takes defeat sending for responding UE side authentication request result judge module is retransmitted the authentication request message of protecting with current NAS safe context and is deciphered and integrity verification module to the authentication request of UE side when UE processes authentication request message failure with current NAS safe context.
In the present invention; MME is by being used current safety context to be encrypted and integrity protection authentication request; make the authentication request message can the processing to NAS message by UE smoothly; by authentication request message, trigger MME and UE stops using current NAS safe context; make UE and MME can expressly process follow-up authentication request and follow-uply may occur AKA for the second time, saved the processing time of UE and MME.
Accompanying drawing explanation
Fig. 1 is the implementation method flow chart of safe context negotiation method of the present invention;
Fig. 2 is the signaling process figure of safe context negotiation method of the present invention;
Fig. 3 is the system configuration schematic diagram of safe context negotiation method of the present invention.
Embodiment
Accompanying drawing described herein is used to provide a further understanding of the present invention, forms the application's a part, and schematic description and description of the present invention is used for explaining the present invention, does not form inappropriate limitation of the present invention.
In the present embodiment; under the state having activated at terminal and network both sides' NAS safe context; while carrying out AKA; MME sends and is encrypted with the authentication request message of integrity protection to terminal by current safety context; terminal is successfully deciphered with current safety context after the authentication request sending with integrity verification MME; delete or stop using current NAS safe context, with expressly sending authentication response message to MME.MME send authentication request message to UE after, stop using up current safety context, receive after the authentication response message that UE sends, delete the safe context of current up-downgoing.
Fig. 1 shows in AKA process, and the realization flow figure of NAS safe context negotiation method, comprises the following steps:
Step S101: under NAS safe context state of activation, network side determines to re-start AKA;
Under the state that the NAS safe context of UE and network has activated, the NAS message between all UE and network side all must be carried out and encrypt and integrity protection, but due to following reason, network side may determine to re-start AKA, to substitute root key K
aSME:
(1) numerical value of NAS counter reaches predetermined value, and MME triggers AKA;
(2) due to K
aSMElife span is long has exceeded life cycle, and HSS initiatively initiates authentication request and triggers AKA;
(3) UE is from other Access Networks, and for example UTRAN, transfers to LTE network, and MME triggers AKA.
(4) requirement configuring due to carrier network, network-triggered AKA.
Step S102:MME sends authentication request message to UE, and authentication request message is used the NAS safe context of current activation to be encrypted and integrity protection.MME carries out plaintext reception & disposal to follow-up up NAS message.
MME sends out authentication request message to UE; this message is used current safety context to be encrypted and is carried out integrity protection; the security header information unit (IE, Information Elements) of authentication request message is made as " current safety context is encrypted and integrity protection ".Wherein security header information unit is the security strategy of NAS message; which kind of safety measure prompting takes to this NAS message; as 0000 expression " is expressly processed "; 0001 represents " with current safety context integrity protection ", 0010 expression " with current safety context integrity protection and encryption " etc.In authentication request message, carry authentication token AUTN, random parameter RAND and authentication management territory AMF, wherein AUTN comprises the parameters for authentication such as authentication code MAC, identification sequences SQN.MME, after transmission authentication request message is to UE, stops using up NAS safe context, uses clear-text way to carry out reception & disposal to up NAS message.
Step S103:UE is used current NAS safe context to be decrypted and integrity verification the authentication request message receiving.If unsuccessfully perform step S104, if successful execution step S105.
Step S104: if UE is used current safety context to authentication request message deciphering and integrity verification failure, stop using up current safety context, with expressly sending authentication request takes defeat message to MME, notice MME resends authentication request.MME receives after this message, re-executes step S102.
Step S105: if UE successfully deciphers and integrity verification authentication request message, UE passes to the USIM USIM in UE by random parameter RAND and authentication token AUTN, by USIM, carry out the authentication to network, method is, USIM is used together with permanent key K that RAND and self store and sequence number SQN etc. and calculates XMAC, judge that whether XMAC is consistent with the MAC in AUTN, whether the value of AMF is correct, and check that SQN is whether in correct scope, if the success of AUTN Verification, USIM produces parameters for authentication RES and key K
aSME.
If the authentication success of USIM to network, performs step S106; Otherwise execution step S107;
Step S106:UE stops using current NAS safe context, sends out authentication response message to MME, and wherein authentication response is expressly to send, and its safety certification IE is made as " expressly processing ", carries parameters for authentication RES; Then perform step 108;
Step S107:UE stops using current NAS safe context, and UE is used expressly and sends authentication refuse information to MME, and its safety certification IE is made as " expressly processing ", then performs step S110;
Step S108:MME judges whether the authentication response of receiving that at the appointed time UE sends, if perform step S109; Otherwise execution step S110;
Whether the XRES that the step S109:MME RES that relatively UE sends and HSS send is identical, if identical, execution step S111, otherwise execution step S110.
Step S110: if RES and XRES are not identical, MME deletes up-downgoing current safety context, is the AKA under plaintext state, and authentication authorization and accounting request and authentication response message are all expressly to process, and there is no safe context protection.
Step S111: if RES is identical with XRES, MME deletes the up-downgoing current safety context (referring to carry out the NAS safe context activating before AKA) existing, and AKA finishes.
Fig. 2 is illustrated in AKA process under current NAS safe context state of activation, and the signaling process figure of safety context negotiation, comprises the following steps:
Step S201, MME sends authentication request message to UE, and wherein authentication request message is carried the parameters for authentication such as AUTN, and authentication request is used current NAS safe context to be encrypted and integrity protection.
Step S202, MME is after transmission authentication request message is to UE, and MME stops using current NAS safe context, with expressly processing and receive NAS upstream message.
Step S203, UE is used current NAS safe context to be decrypted and integrity verification authentication request message.If success, USIM starts MAC in authentication verification token AUTN and whether self generation XMAC is consistent, and produces K
aSMEand RES.UE deletes or stops using current NAS safe context.
Step S204, if USIM is proved to be successful, UE sends authentication response message RES is issued to MME, and wherein authentication response message is with expressly sending, and the ie of its security header is made as " expressly processing ".
Step S205, the XRES that the RES that MME contrast UE sends and HSS send, if consistent, AKA completes.
Step S206, if USIM checking AUTN is unsuccessful, sends out authentication refuse information to MME, and this message is with expressly sending.
Step S207, when MME does not receive that in official hour UE sends authentication response message, or receive that authentication refuse information that UE sends or MME checking RES and XRES are inconsistent, UE and network need to be AKA again, now, because NAS safe context does not activate, can be the AKA under plaintext state.
The system of safe context negotiation method in a kind of AKA process is also provided in the embodiment of the present invention, and as shown in Figure 3, this system is comprised of end side UE and two parts of network side MME, wherein:
MME comprises:
Authentication request is encrypted and integrity protection module, for using current NAS safe context to be encrypted and integrity protection authentication request message;
Up safe context deexcitation module, for stopping using up current NAS safe context, the up NAS message that UE is sent is carried out plaintext and is processed;
Retransmit authentication request module, for retransmit the authentication request with current NAS safe context protection when UE processes authentication request message failure with current NAS safe context
The first current safety context removing module, for receiving after the authentication response message or authentication refuse information that UE sends, deletes the current NAS safe context that is carrying out having activated before AKA.
UE comprises:
Authentication request deciphering and integrity verification module, for being used current NAS safe context that the authentication request message of receiving is decrypted with integrality and is verified;
Authentication request result judge module, for the result of described authentication request deciphering and integrity verification module is judged, unsuccessfully sends authentication request if process and takes defeat message to MME; Otherwise parameters for authentication is passed to USIM to be processed;
Authentication module, obtains parameters for authentication and carries out authentication token checking and produce parameters for authentication RES for the authentication request from described authentication request deciphering and integrity verification resume module; If authentication token is correct, UE is with expressly sending authentication response message to MME; Otherwise UE is with expressly sending authentication refuse information to MME;
The second current safety context removing module, for deleting current NAS safe context before sending authentication response message or authenticating refuse information.
In above embodiment, MME is by being used current safety context to be encrypted and integrity protection authentication request; make the authentication request message can the processing to NAS message by UE smoothly; by authentication request message, trigger UE deletion or stop current NAS safe context; MME also stops up NAS safe context simultaneously; make UE and MME can expressly process follow-up authentication request and the follow-up AKA for the second time that may occur, saved the processing time of UE and MME.This embodiment has guaranteed, under state that UE and network activated at NAS current safety context, can carry out smoothly AKA.
The current safety context of mentioning in above embodiment all refers in particular to the NAS safe context having activated between UE and MME before carrying out AKA.
Obviously, those skilled in the art should be understood that, above-mentioned of the present invention each module or each step can realize with general calculation element, they can concentrate on single calculation element, or be distributed on the network that multiple calculation elements form, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in storage device and be carried out by calculation element, or they are made into respectively to each integrated circuit modules, or the multiple modules in them or step are made into single integrated circuit module to be realized.Like this, the present invention is not restricted to any specific hardware and software combination.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (8)
1. a safe context negotiation method in verification process, is characterized in that, comprising:
When user equipment (UE) and network authenticate under current Non-Access Stratum NAS safe context state of activation, mobile management entity MME is used current NAS safe context to carry out integrity protection and encryption to the authentication request message that sends to UE, user serves after identification module USIM authentication verification parameter, UE is used and expressly sends authentication response or authenticate refusal to MME, wherein, described parameters for authentication is the parameter in authentication token;
MME sends after authentication request message, stops using current NAS safe context, expressly processes the up non access stratum NAS message that UE sends; UE is decrypted and integrity verification processing by the authentication request message that current NAS safe context sends MME.
2. the method for claim 1, it is characterized in that, when UE processes authentication request message with current NAS safe context, if processed unsuccessfully, expressly send authentication request takes defeat message to MME to UE, MME receives and takes defeat after message, resends and is encrypted with the authentication request message of integrity protection to UE with current NAS safe context; If UE processes authentication request message success, USIM carries out authentication token checking and produces response RES.
3. method as claimed in claim 2, is characterized in that, after USIM authentication verification token, UE stops using or delete current up-downgoing NAS safe context.
4. method as claimed in claim 3, is characterized in that, if USIM authentication verification token is correct, UE is with expressly sending authentication response message to MME; If USIM authentication verification token is incorrect, UE is with expressly sending authentication refuse information to MME.
5. method as claimed in claim 4, it is characterized in that, the Expected Response XRES comparison that response RES in the authentication response message that MME sends UE and home subscriber server HSS send, if both are identical, MME deletes the current NAS safe context of up-downgoing.
6. method as claimed in claim 4, is characterized in that, MME receives after the authentication refuse information that UE sends, and is again the Authentication and Key Agreement AKA under state expressly.
7. a safety context negotiation system in verification process, comprises user equipment (UE) and mobile management entity MME, it is characterized in that:
Described MME also comprises:
Authentication request is encrypted and integrity protection module, for using current NAS safe context to be encrypted and integrity protection authentication request message, and authentication request message is sent to UE;
Up safe context deexcitation module, for stopping using up current NAS safe context, the up NAS message that UE is sent is carried out plaintext and is processed;
The first current safety context removing module, for receiving after the authentication response message or authentication refuse information that UE sends, deletes the current NAS safe context that is carrying out having activated before AKA;
Described UE also comprises:
Authentication request deciphering and integrity verification module, for being used current NAS safe context to be decrypted and integrity verification the authentication request message of receiving;
Authentication module, obtains parameters for authentication and carries out authentication token checking, sequence number inspection and produce response RES for the authentication request from described authentication request deciphering and integrity verification resume module; If it is correct that authentication token and identification sequences number check, UE is with expressly sending authentication response message to MME; Otherwise UE is with expressly sending authentication refuse information to MME;
The second current safety context removing module, for deleting current NAS safe context before sending authentication response message or authenticating refuse information.
8. system as claimed in claim 7, is characterized in that,
Described UE side also comprises:
Authentication request result judge module, for the result of described authentication request deciphering and integrity verification module is judged, unsuccessfully sends authentication request if process and takes defeat message to MME; Otherwise parameters for authentication is passed to described authentication module;
Described MME also comprises:
Retransmit authentication request module; the authentication request message that takes defeat sending for responding UE side authentication request result judge module is retransmitted the authentication request message of protecting with current NAS safe context and is deciphered and integrity verification module to the authentication request of UE side when UE processes authentication request message failure with current NAS safe context.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910079987.XA CN101505479B (en) | 2009-03-16 | 2009-03-16 | Safe context negotiation method and system in authentication process |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910079987.XA CN101505479B (en) | 2009-03-16 | 2009-03-16 | Safe context negotiation method and system in authentication process |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101505479A CN101505479A (en) | 2009-08-12 |
| CN101505479B true CN101505479B (en) | 2014-04-30 |
Family
ID=40977495
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910079987.XA Expired - Fee Related CN101505479B (en) | 2009-03-16 | 2009-03-16 | Safe context negotiation method and system in authentication process |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101505479B (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101835156B (en) * | 2010-05-21 | 2014-08-13 | 中兴通讯股份有限公司南京分公司 | Method and system for safeguarding user access |
| US8681740B2 (en) * | 2010-12-21 | 2014-03-25 | Tektronix, Inc. | LTE network call correlation during User Equipment mobility |
| CN103476028B (en) * | 2013-08-30 | 2017-04-05 | 大唐移动通信设备有限公司 | The processing method and processing device of NAS message when NAS COUNT overturn |
| CN103905208A (en) * | 2014-04-24 | 2014-07-02 | 快车科技有限公司 | Interactive method using asymmetric security mechanisms |
| CN106412948B (en) * | 2015-07-31 | 2019-09-20 | 联芯科技有限公司 | A kind of transmission method and its transmission terminal being related to NAS signaling message |
| CN105764052A (en) * | 2016-04-19 | 2016-07-13 | 国网浙江省电力公司信息通信分公司 | TD-LTE authentication and protective encryption method |
| US10334435B2 (en) * | 2016-04-27 | 2019-06-25 | Qualcomm Incorporated | Enhanced non-access stratum security |
| CN108347416B (en) * | 2017-01-24 | 2021-06-29 | 华为技术有限公司 | Security protection negotiation method and network element |
| CN108924841B (en) * | 2017-03-20 | 2021-11-19 | 中国移动通信有限公司研究院 | Security protection method and device, mobile terminal, base station and MME (mobility management entity) equipment |
| CN110351722B (en) * | 2018-04-08 | 2024-04-16 | 华为技术有限公司 | Information sending method, key generation method and device |
| EP3915290A4 (en) * | 2019-01-21 | 2022-09-21 | Telefonaktiebolaget LM Ericsson (publ) | Methods providing authentication using a request commit message and related user equipment and network nodes |
| CN111835691B (en) * | 2019-04-22 | 2022-09-27 | 中国移动通信有限公司研究院 | Authentication information processing method, terminal and network equipment |
| CN111866874B (en) * | 2019-04-29 | 2022-05-10 | 华为技术有限公司 | Registration method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101052033A (en) * | 2006-04-05 | 2007-10-10 | 华为技术有限公司 | Certifying and key consulting method and its device based on TTP |
| WO2009030155A1 (en) * | 2007-08-31 | 2009-03-12 | Huawei Technologies Co., Ltd. | Method, system and apparatus for negotiating the security ability when a terminal is moving |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101174943A (en) * | 2006-11-01 | 2008-05-07 | 华为技术有限公司 | Synchronization process and system for data safety |
-
2009
- 2009-03-16 CN CN200910079987.XA patent/CN101505479B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101052033A (en) * | 2006-04-05 | 2007-10-10 | 华为技术有限公司 | Certifying and key consulting method and its device based on TTP |
| WO2009030155A1 (en) * | 2007-08-31 | 2009-03-12 | Huawei Technologies Co., Ltd. | Method, system and apparatus for negotiating the security ability when a terminal is moving |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101505479A (en) | 2009-08-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101505479B (en) | Safe context negotiation method and system in authentication process | |
| KR102450419B1 (en) | Anti-steering detection method and system for roaming activity in wireless communication network | |
| US11863982B2 (en) | Subscriber identity privacy protection against fake base stations | |
| US20210368314A1 (en) | Mtc key management for key derivation at both ue and network | |
| US10003965B2 (en) | Subscriber profile transfer method, subscriber profile transfer system, and user equipment | |
| KR102033465B1 (en) | Security equipment in communication between communication devices and network devices | |
| CN101720539B (en) | Key refresh sae/lte system | |
| EP2528268B1 (en) | Cyptographic key generation | |
| EP2702741B1 (en) | Authenticating a device in a network | |
| EP3846514A1 (en) | Identity privacy in wireless networks | |
| US8954739B2 (en) | Efficient terminal authentication in telecommunication networks | |
| CA3057401A1 (en) | Enhanced registration procedure in a mobile system supporting network slicing | |
| EP2296392A1 (en) | Authentication method, re-certification method and communication device | |
| WO2020092542A1 (en) | Protection of initial non-access stratum protocol message in 5g systems | |
| CN102934470A (en) | Method and apparatus for binding subscriber authentication and device authentication in communication systems | |
| WO2012159272A1 (en) | Performing a group authentication and key agreement procedure | |
| CN109788480B (en) | Communication method and device | |
| CN102238484A (en) | Method and system for group-based authentication in machine to machine communication systems | |
| Pratas et al. | Massive machine-type communication (mMTC) access with integrated authentication | |
| EP3525503A1 (en) | Registering or authenticating user equipment to a visited public land mobile network | |
| KR101718096B1 (en) | Method and system for authenticating in wireless communication system | |
| EP3787250B1 (en) | Authentication between a telematic control unit and a core server system | |
| CN101009911A (en) | Method and device for realizing the extension authentication protocol in the wireless communication network | |
| CN102905267A (en) | ME (Mobile Equipment) identity authentication method, ME security mode control method, ME identity authentication device and ME security mode control device | |
| Parne et al. | SEACE: Security enhanced and computationally efficient AKA protocol for UMTS networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140430 Termination date: 20180316 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |