CN101945386A - Method and system for implementing synchronous binding of safe secret keys - Google Patents
Method and system for implementing synchronous binding of safe secret keys Download PDFInfo
- Publication number
- CN101945386A CN101945386A CN2010102824703A CN201010282470A CN101945386A CN 101945386 A CN101945386 A CN 101945386A CN 2010102824703 A CN2010102824703 A CN 2010102824703A CN 201010282470 A CN201010282470 A CN 201010282470A CN 101945386 A CN101945386 A CN 101945386A
- Authority
- CN
- China
- Prior art keywords
- key
- binding
- safe key
- mme
- safe
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method and a system for implementing synchronous binding of safe secret keys, comprising the following steps: after an RN is identified by a user, an MME notifies the RN to carry out safe secret key binding; and after receiving the notification, the RN carries out safe secret key binding the same as that of the network side to acquire the safe secret key bound with the equipment, and response to the MME. By the method of the invention, the safe secret key bound with the equipment obtained by the safe secret key binding, or other secret keys which are bound with the equipment and derived from the safe secret key are utilized, thus ensuring the communication data safety between the RN and the network side; and by means of the safe secret key bound with the equipment, the RN user identification and the equipment binding are realized and the RN communicated with the network side is ensured to be a legal RN with a legal USIM card, thus an illegal attacker can not decode the communication data.
Description
Technical field
The present invention relates to the secure authentication technology in the LTE network, refer to a kind of safe key method and system of binding synchronously that realize especially.
Background technology
Fig. 1 is Long Term Evolution (LTE, Long Term Evolution) the composition structural representation of network, as shown in Figure 1, the LTE network is by evolution Universal Terrestrial Radio Access Network (E-UTRAN, Evolved Universal Terrestrial Radio Access Network) and evolution packet switching center (EPC, Evolved Packet Core) form, network presents flattening.EUTRAN links to each other with EPC by the S1 interface.
Wherein, EUTRAN is made up of a plurality of interconnective evolution base stations (eNB, Evolved NodeB), connects by X2 interface between each eNB; EPC is made up of Mobility Management Entity (MME, Mobility Management Entity) and service gateway entity (S-GW, Serving Gateway).In addition, in the LTE network architecture, also has a Home Environment (HE, Home Environment), be home subscriber server (HSS, Home Subscriber Server) or attaching position register (HLR, Home Location Register), as customer data base.Comprise user profile among the HE, carry out user's authentication and mandate, and the information etc. of relevant user's physical location can be provided.
In order to satisfy the demand that growing big bandwidth high-speed mobile inserts, third generation partnership project (3GPP, Third Generation Partnership Projects) releases senior Long Term Evolution (LTE-Advanced, Long-Term Evolution advance) standard.LTE-Advanced has kept the core of LTE for the evolution of LTE system, adopts a series of technology that frequency domain, spatial domain are expanded on this basis, improves the availability of frequency spectrum to reach, increases purposes such as power system capacity.Wireless relay (Relay) technology promptly is one of technology among the LTE-Advanced, is intended to the coverage of Extended Cell, reduces the area, dead angle in the communication, balanced load, shift the business of hot zones, saving subscriber equipment (UE, User Equipment) is the transmitting power of terminal.(RN, Relay-Node) network after is formed schematic diagram to Fig. 2, as shown in Figure 2, uses wireless connections between this newly-increased RN and the alms giver's evolution base station (Donor-eNB) in order to increase via node in the existing network framework.Wherein, the interface between Donor-eNB and the RN is called the Un mouth, and Radio Link between the two is called back haul link (backhaul link); Interface between RN and the UE is called the Uu mouth, and Radio Link therebetween is called access link (access link).Downlink data arrives Donor-eNB earlier, passes to RN then, and RN transfers to UE again, and upstream data arrives UE earlier, passes to RN then, and RN transfers to Donor-eNB again.
In the practical communication process, RN promptly can also can be used as a base station as a common terminal equipment.As RN during as a terminal equipment, RN can be as common UE access of radio network.
Common UE is when access network, network side can carry out user's authentication and cryptographic key agreement (AKA to it, Authentication and Key Agreement), this process is also referred to as evolved packet system cryptographic key agreement (EPS AKA, Evolved Packet System AKA) in the LTE system.Need to prove, UE is meant mobile device (Mobile Equipment) and global Subscriber Identity Module (USIM in the foregoing description, Universal Subscriber Identity Module) general name, above-mentioned EPS AKA process is actual to be finished by USIM, therefore this process has been finished USIM authentication (or the title signatory authentication of network to terminal, subscription Authentication) and cryptographic key agreement, also claim the USIM authentication to be authentification of user in the subsequent descriptions.Need to prove that the usim card has here been represented the Universal Integrated Circuit Card (UICC, Universal Integrated Circuit Card) of broad sense.
By authentification of user, UE and network side can send to ME according to root key K generation Integrity Key (IK, Integrity Key) and encryption key (CK, Cipher Key), and ME generates intermediate key K according to IK and CK
ASME, utilize this intermediate key K then
ASMEDerive from other new key, respectively the communication data of realizing Access Layer (AS, Acesss stratum) and Non-Access Stratum (NAS, Non-access stratum) is protected.Wherein, Access Layer safeguard protection key is (such as Radio Resource control encryption key K
RRCenc, Radio Resource control integrity protection key K
RRCintWith the customer side encryption key K
UPenc) respectively by base station key K
ENBDerive from according to algorithms of different, and K
ENBBe by intermediate key K
ASMEDerivation comes.
Similar with UE, RN is via node equipment (or being called RN platform) and the usim card general name of (or claiming UICC card) during as a common terminal equipment, and RN can finish the USIM authentication of RN according to above-mentioned EPS AKA process.
But, as RN during,, then may threaten the subscriber equipment of its service if this base station is an illegality equipment as the base station, therefore, before this base station services UE, at first need to guarantee the legitimacy of this base station.At present, the specific implementation that realizes the legitimacy authentication of RN is not determined.
But, even for a RN who finishes the legitimacy authentication of authentification of user and equipment respectively, also there is following security threat, Fig. 3 for the RN that may exist by the process schematic diagram of rogue attacks, as shown in Figure 3, if there is rogue attacks person (Attacker) that legal usim card is inserted among the illegal RN, simultaneously illegal usim card is inserted among the legal RN, like this, the assailant uses legal USIM and legal RN to finish corresponding authentification of user and device authentication respectively when authentication.In the practical communication process; illegal RN can get access to the Access Layer safeguard protection key that legal usim card authentication produces; and the part communication data between illegal RN and the network side adopts the protection of Access Layer safeguard protection key, and the assailant just may distort or eavesdrop Content of Communication between RN and the DeNB by illegal RN.Therefore, existing legitimacy authentication to RN can not guarantee that legal usim card is inserted on the legal RN equipment, promptly can not realize the binding of authentification of user and the equipment of RN, thereby can not guarantee the communication data safety between RN and network side.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of safe key method and system of binding synchronously that realize, can realize the binding of RN authentification of user and equipment, guarantees the communication data safety between RN and network side.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of safe key method of binding synchronously that realizes comprises:
Mobility Management Entity MME notice RN carries out the safe key binding;
After RN has notice, carry out the safe key binding identical and handle, the safe key of acquisition and apparatus bound, and response MME with network side.
Described MME notice RN carries out the safe key binding and comprises: described MME sends non access stratum NAS message to RN, notifies described RN to carry out the safe key binding.
Carry in the described NAS message and be used to indicate RN to carry out the key bindings indication information of the binding of safe key.
Also carry the algorithm identification information that is used to identify employed algorithm when carrying out key bindings in the described NAS message.
Also carry the identification information of the safe key that needs binding in the described NAS message.
Also carry identification information in the described NAS message with the equipment associated safety parameter that needs binding.
The existing NAS message of described NAS message reuse; Described existing NAS message comprises: NAS Security Mode Command message, perhaps user authentication request message;
Perhaps, described NAS message is newly-increased message, and described newly-increased message is the key bindings request message.
Described RN carries out, and the safe key binding identical with network side handled, and carries out in the MME of network side or home subscriber server HSS or Home Environment HE.
The safe key binding that described network side is carried out was handled before described MME sends NAS message informing RN; Perhaps, after described MME receives response from RN.
Also comprise before this method: described network side obtains the user security key of RN by the authentification of user flow process, and obtains the equipment associated safety parameter of RN;
Described safe key binding is handled and is comprised: utilize equipment associated safety parameter and described user security key, by appointment the safe key of algorithm derivation and apparatus bound.
Described algorithm by appointment derives from and the safe key of apparatus bound further comprises:
Utilize equipment associated safety parameter, described user security key, and other parameter, the safe key of algorithm derivation and apparatus bound by appointment.
Described other parameter comprises the parameter that described RN and network side are shared; Perhaps, the random number that described network side or RN generate, at this moment, this method also comprises: described network side or RN are notified to RN or network side by this random number that message will generate.
Described user security key can be intermediate key K
ASME, or encryption key CK, Integrity Key IK.
Described equipment associated safety parameter is the special parameter that described RN and network side are shared;
Described special parameter is: the parameter in the CAMEL-Subscription-Information of described RN; Perhaps, the parameter preset in the device certificate.
Described equipment associated safety parameter is: carry out the equipment associated safety parameter of reaching an agreement in the device authentication process at described network side; The equipment associated safety parameter of reaching an agreement in the described device authentication process is the root key in the equipment CAMEL-Subscription-Information, or other new key that is derived from by this root key.
Described RN sends response to MME and comprises:
Described RN perhaps utilizes newly-increased message by existing NAS message, to described MME feedback binding result.
In the response message of described RN feedback, carry and be used to indicate RN to complete successfully the key bindings success indication information of safe key binding; Perhaps, be used to indicate RN not complete successfully the key bindings failure indication information of safe key binding.
When carrying key bindings failure indication information in the response message of described RN feedback, also carry failure cause in the response message of described RN feedback.
A kind of safe key system of binding synchronously that realizes comprises RN and MME at least, wherein,
MME is used for sending safe key binding notice to RN;
RN, the safe key that is used to receive from MME is bound notice, carries out the safe key binding identical with network side and handles, the safe key of acquisition and apparatus bound, and response MME.
Described MME specifically is used at RN by behind the authentification of user, to RN transmission safe key binding notice; Before the binding of transmission safe key is notified to RN, or after the response of receiving, carries out the safe key binding identical and handle the safe key of acquisition and apparatus bound with RN from RN.
This system also comprises HSS or HE, is used to carry out the safe key binding identical with RN and handles, and send to MME with that obtain after the safe key binding processing with safe key apparatus bound.
Described network side also is used for obtaining by the authentification of user flow process user security key of RN, and obtains the equipment associated safety parameter of RN.
The technical scheme that provides from the invention described above is included in RN as can be seen by behind the authentification of user, and MME notice RN carries out the safe key binding; And after RN has notice, carry out the safe key binding identical with network side to handle, obtain safe key with apparatus bound and response MME.By the inventive method, handle that obtain and safe key apparatus bound by safe key binding, perhaps utilize this and other key of the safe key derivation of apparatus bound, protected the communication data safety between RN and the network side.And, by the safe key of this and apparatus bound, realized the binding of RN authentification of user and equipment, and guaranteed that the RN that communicates by letter with network side this moment is the legal RN that legal usim card is arranged certainly that like this, rogue attacks person can't crack communication data.
Description of drawings
Fig. 1 is the composition structural representation of LTE network;
Fig. 2 is that the network behind the increase RN is formed schematic diagram in the existing network framework;
Fig. 3 for the RN that may exist by the process schematic diagram of rogue attacks;
Fig. 4 realizes the safe key flow chart of the method for binding synchronously for the present invention;
Fig. 5 realizes the safe key composition structural representation of the system of binding synchronously for the present invention;
Fig. 6 realizes the safe key schematic flow sheet of first embodiment of binding synchronously for the present invention;
Fig. 7 realizes the safe key schematic flow sheet of second embodiment of binding synchronously for the present invention;
Fig. 8 realizes the safe key schematic flow sheet of the 3rd embodiment of binding synchronously for the present invention;
Fig. 9 realizes the safe key schematic flow sheet of the 4th embodiment of binding synchronously for the present invention;
Figure 10 realizes the safe key schematic flow sheet of the 5th embodiment of binding synchronously for the present invention.
Embodiment
Fig. 4 may further comprise the steps for the present invention realizes the safe key flow chart of the method for binding synchronously:
Step 400:MME notice RN carries out the safe key binding.
In this step, MME can send NAS message to RN, and notice RN carries out the safe key binding.Wherein, NAS message can multiplexing existing NAS message, such as NAS safe mode command (NAS SMC, NAS Security Mode Command) message, and perhaps user authentication request (User Authentication Request) message etc.; NAS message also can be newly-increased message, such as the key bindings request message.
If RN and network side both sides agreement, after the NAS message that is used to notify RN to carry out the safe key binding, necessarily carrying out the safe key binding handles, so, NAS message in this step can not carried any information, be exactly a notice indication, just RN and network side adopt implicit mode to carry out the operation of safe key binding after RN is by authentification of user.
If RN and network side both sides do not arrange, at MME in the NAS message that RN sends, employed algorithm identification information in the time of can carrying key bindings indication information and/or key bindings such as algorithm sign (Algorithm Identity), is used to indicate RN to carry out the binding of safe key;
Further, in NAS message, can also carry the identification information of the safe key that needs binding, such as E-UTRAN key set sign (eKSI, Key Set Identity in E-UTRAN);
Further, in NAS message, can also carry and need the identification information of the equipment associated safety parameter of binding.
In addition, also comprised before this step: network side obtains the user security key of RN by the authentification of user flow process, perhaps, and by to the authentication of equipment or obtain the equipment associated safety parameter of RN according to methods such as device identification index.
After step 401:RN has notice, carry out the safe key binding identical and handle, the safe key of acquisition and apparatus bound, and response MME with network side.
In this step, the safe key binding is handled and is comprised: utilize equipment associated safety parameter and user security key, by appointment the safe key of algorithm derivation and apparatus bound.The safe key of this and apparatus bound, other key that perhaps utilizes the safe key of this and apparatus bound to derive from has been protected the communication data safety between RN and the network side.And, by the safe key of this and apparatus bound, realized the binding of RN authentification of user and equipment, and guaranteed that the RN that communicates by letter with network side this moment is the legal RN that legal usim card is arranged certainly that like this, rogue attacks person can't crack communication data.
Further, in algorithm by appointment derives from safe key process with apparatus bound, can also use other parameter, such as the RN parameter shared with network side; Perhaps the random number of network side (or RN) generation need be notified to opposite end RN (or network side) with this random number by message at this moment.
Wherein, equipment associated safety parameter is the special parameter that RN and network side are shared, such as: can be certain parameter (such as the equipment root key) in the CAMEL-Subscription-Information of RN, also can be the parameter preset etc. in the device certificate (Device Certificate).Further, this equipment associated safety parameter can also be: carry out the device-dependent security parameter of reaching an agreement in the device authentication process at network side, and such as the root key in the equipment CAMEL-Subscription-Information, or other new key that derives from by this root key etc.
The user security key is meant at the safe key relevant with user signing contract information, such as the intermediate key K that reaches an agreement in the user authentication process
ASME, or pass through the CK that user's root key derives from, IK etc.
Engagement arithmetic in this step can be known key derivation algorithm (KDF, Key Derivation Function), perhaps other one-way function scheduling algorithm, and the specific implementation of algorithm belongs to those skilled in the art's conventional techniques means, repeats no more here.
In addition, in this step, the safe key binding identical with network side that RN carries out handled, also can carry out at network side, such as carrying out at MME, the safe key binding is handled and can be occurred in MME and send before the NAS message informing RN, also can occur in MME and receive after the response from RN.Perhaps, the safe key binding that network side is carried out is handled and also can be finished by Home Environment HE or HSS, and afterwards, HE or HSS can send to MME with safe key apparatus bound with that obtain after the safe key binding processing.
In this step, RN comprises by response message feedback binding result:
RN finishes (NAS Security Mode Complete) message by existing NAS message such as the NAS safe mode, or user authentication response (User Authentication Response) message etc.; Perhaps utilize newly-increased message such as key bindings response message, to MME feedback binding result.
In the response message of RN feedback, can carry and be used to indicate RN to complete successfully the key bindings success indication information of safe key binding; Perhaps, be used to indicate RN not complete successfully the key bindings failure indication information of safe key binding, at this moment, alternatively, can also carry failure cause.
By the inventive method, handle that obtain and safe key apparatus bound by safe key binding, perhaps utilize this and other key of the safe key derivation of apparatus bound, protected the communication data safety between RN and the network side.And, by the safe key of this and apparatus bound, realized the binding of RN authentification of user and equipment, and guaranteed that the RN that communicates by letter with network side this moment is the legal RN that legal usim card is arranged certainly that like this, rogue attacks person can't crack communication data.Wherein, network side can be MME, or HSS, or HE.
Fig. 5 as shown in Figure 5, comprises RN and MME at least for the present invention realizes the safe key composition structural representation of the system of binding synchronously, wherein,
MME is used for sending safe key binding notice to RN;
RN, the safe key that is used to receive from MME is bound notice, carries out the safe key binding identical with network side and handles, the safe key of acquisition and apparatus bound, and response MME.
MME specifically is used for sending safe key binding notice to RN; Before the binding of transmission safe key is notified to RN, or after the response of receiving, carries out the safe key binding identical and handle the safe key of acquisition and apparatus bound with RN from RN.
System of the present invention also comprises HSS or HE, and the initiation and the safe key binding that are used to replace MME to carry out key bindings are handled, and sends to MME with that obtain after the safe key binding processing with safe key apparatus bound.
Described network side also is used for obtaining by the authentification of user flow process user security key of RN, perhaps, and by to the authentication of equipment or obtain the equipment associated safety parameter of RN according to methods such as device identification index.
Below in conjunction with specific embodiment the inventive method is described in detail.
Fig. 6 realizes the safe key schematic flow sheet of first embodiment of binding synchronously for the present invention, among first embodiment, supposes that MME utilizes NAS SMC message informing RN to carry out the safe key binding, carries indication information in NASSMC message.MME and RN utilize equipment associated safety parameter and user's intermediate key K respectively
ASMEThe safe key of derivation and apparatus bound, RN success back is by response message feedback MME.As shown in Figure 6, specifically may further comprise the steps:
Finish authentification of user by authentification of user flow process (User Authentication Procedure) between step 600:MME and the RN, and obtain intermediate key K RN
ASMEThe realization of this step belongs to prior art, repeats no more here.
Step 601:MME is according to the equipment identification information of RN; International Mobile Station Equipment Identification (IMEI such as equipment; International Mobile Equipment Identity) index obtains equipment associated safety parameter as sharing key K _ D; sharing key K _ D can be the pre-configured key that is present in the RN equipment CAMEL-Subscription-Information; also can be the information that generates by specific flow process; specific implementation belongs to technology as well known to those skilled in the art, and is not intended to limit the scope of the invention.
Step 602:MME carries out key bindings to be handled: MME utilizes intermediate key K
ASMEWith equipment associated safety parameter as sharing key K _ D, key derivation algorithm by appointment derives the safe key K with apparatus bound
ASME_ D is such as K
ASME_ D=KDF (K
ASME, K_D), specific implementation belongs to those skilled in the art's conventional techniques means, repeat no more here, and its specific implementation method and being not intended to limit the scope of the invention.
Step 603:MME initiates NAS SMC message to RN, carries the key bindings indication information in NAS SMC message.
Step 604:RN indicates according to key bindings, utilizes the computational methods derivation identical with MME and the safe key K of apparatus bound
ASME_ D.
Need to prove, with the safe key K of apparatus bound
ASMEIn the derivation history of _ D, can also introduce other parameter and carry out, such as being the parameter that RN and MME share; Perhaps, the random number that MME (or RN) generates, need be notified to the opposite end with this random number this moment by message.
Step 605:RN sends the NAS safe mode to MME and finishes message, and MME receives that successfully the NAS safe mode finishes the synchronous binding of finishing safe key after the message.
Can utilize safe key K between follow-up RN and the network side with apparatus bound
ASMEThe key that _ D derives from, the communication data safety between protection RN and the network side.Concrete, can utilize K
ASME_ D replaces common intermediate key K
ASME, deriving from other safe key respectively, concrete derived method is consistent with existing safe key derived method.
Among first embodiment, the MME derivation also can be carried out after step 605 with the opportunity of the safe key of apparatus bound.
Fig. 7 realizes the safe key schematic flow sheet of second embodiment of binding synchronously for the present invention, among second embodiment, suppose that MME utilizes NAS SMC message informing RN to carry out the safe key binding, in NASSMC message, carry indication information, and the safe key identification information and/or the employed algorithm identification information of key bindings that need secure binding.MME and RN utilize the corresponding safe key derivation of the safe key sign of appointment in equipment associated safety parameter and the NAS SMC message and the safe key of apparatus bound respectively.Wherein, in the present embodiment, the device security parameter is the security parameter by the agreement of device authentication process, and RN success back carries binding and successfully indicates by response message feedback MME in response message.As shown in Figure 7, specifically may further comprise the steps:
Finish authentification of user by EPS AKA flow process between step 700:MME and the RN, and obtain intermediate key K RN
ASMEThe realization of this step belongs to prior art, repeats no more here.
Step 701:MME and RN carry out device authentication, shared security parameter K_relay of mutual agreement in the device authentication flow process.
Step 702:MME utilizes intermediate key K
ASME, device-dependent security parameter (such as K_relay) and other parameter (such as the random number RA ND_M that generates by MME), the key derivation algorithm derives the safe key K with apparatus bound according to a preconcerted arrangement
ASME_ D is such as K
ASME_ D=KDF (K
ASME, K_relay, RAND_M), specific implementation belongs to those skilled in the art's conventional techniques means, repeat no more here, and its specific implementation method and being not intended to limit the scope of the invention.Wherein RAND_M is an optional parameters.
Step 703:MME initiates NAS SMC message to RN, carries the employed algorithm identification information of key bindings indication information and/or key bindings in NAS SMC message, the random number RA ND_M that key derivation is required, and the intermediate key K that needs binding
ASMEKey ID information (eKSI).
Step 704:RN indexes corresponding intermediate key K according to eKSI
ASME, utilize the computational methods derivation identical and the safe key K of apparatus bound with MME
ASME_ D.
Step 705:RN sends the NAS safe mode to MME and finishes message, finishes carrying safe key in the message and bind successfully and indicate in the NAS safe mode.MME receives that successfully the NAS safe mode finishes the synchronous binding of finishing safe key after the message.
Can utilize safe key K between follow-up RN and the network side with apparatus bound
ASMEThe key that _ D derives from, the communication data safety between protection RN and the network side.
Among second embodiment, the MME derivation also can be carried out after step 705 with the opportunity of the safe key of apparatus bound.
Fig. 8 realizes the safe key schematic flow sheet of the 3rd embodiment of binding synchronously for the present invention, among the 3rd embodiment, suppose to finish the safe key binding processing of network side by HSS, initiate user authentication request message by MME to RN then, in user authentication request message, carry the key bindings indication information, RN utilizes equipment associated safety parameter (such as the root key in the equipment CAMEL-Subscription-Information, the perhaps key information that derives from by this root key, the perhaps digital signature of equipment etc.) and ciphering key K, IK to be bound derive from the safe key K that binds
ASME_ D.Wherein, equipment associated safety parameter is the relevant peculiar parameter of operator's certificate of equipment, after the binding of RN execution safe key is handled successfully, gives MME by the user authentication response message feedback.As shown in Figure 8, specifically may further comprise the steps:
Step 800:HSS obtains equipment mark information such as IMEI.This step realizes those skilled in the art's conventional techniques means, and irrelevant with protection range of the present invention, no longer describes in detail here.
The peculiar parameter (such as Ksec) that step 801:HSS is relevant according to operator's certificate of IMEI corresponding equipment, and ciphering key K, IK to be bound derive from algorithm by appointment and derive from safe key K new and apparatus bound
ASME_ D.K wherein
ASME_ D=KDF (Ksec), specific implementation belongs to those skilled in the art's conventional techniques means for CK, IK, repeat no more here, and its specific implementation method and being not intended to limit the scope of the invention.Wherein, ciphering key K, IK is by the algorithm derivation according to a preconcerted arrangement of the root key K in this RN user contracting data, and this is a Given information.Optionally, in the aforementioned calculation process, can also introduce other the ginseng of going into, service network identification (SN id) such as network side, perhaps sequence number (Sequence Number, SQN), perhaps Anonymity Key (Anonymity Key, AK), the perhaps random value that generates of network side, the perhaps combination in any of above-mentioned parameter etc.
Step 802:HSS safe key K that will generate and apparatus bound
ASME_ D is carried in the verify data response message and sends to MME.Alternatively, in the verify data response message, can also carry the cryptographic binding indication information.
Step 803:MME initiates user authentication request (User Authentication Request) message to RN, carries the key bindings indication information in user authentication request message.
After step 804:RN receives user authentication request message, derive from CK, IK, and then carry out safe key binding processing procedure, obtain safe key K with apparatus bound according to Indication message according to root key K
ASME_ D, the computational methods of HSS are in full accord in computational methods and the step 801.
In this step, if RN is deriving from K
ASMEIn the process of _ D, abnormal conditions occurred, then can then can directly send the user authentication response message that carries the Bind Failed sign, alternatively, can also carry corresponding failure cause, such as not supporting key bindings to MME.
Step 805:RN sends user authentication response (User Authentication Response) message to MME.Alternatively, carrying binding in user authentication response successfully indicates.MME successfully receives the synchronous binding of finishing safe key after the user authentication response message.
Can utilize safe key K between follow-up RN and the network side with apparatus bound
ASMEThe key that _ D derives from, the communication data safety between protection RN and the network side.
Fig. 9 realizes the safe key schematic flow sheet of the 4th embodiment of binding synchronously for the present invention, among the 4th embodiment, suppose that MME utilizes newly-increased message informing RN to carry out the safe key binding, carry in the newly-increased message and need the safe key of secure binding identification information, and with the identification information of the device security parameter correlation of needs bindings, MME and RN utilize appointed equipment associated safety parameter and safe key in the message respectively, derive from the safe key with apparatus bound.Wherein, in the present embodiment, equipment associated safety parameter is the device security key K _ D by the agreement of device authentication process, and RN success back feeds back to MME by response message.As shown in Figure 9, specifically may further comprise the steps:
Finish authentification of user by authentification of user flow process (User Authentication Procedure) between step 900:MME and the RN, and obtain intermediate key K RN
ASMEThe realization of this step belongs to prior art, repeats no more here.
Step 901:MME and RN carry out device authentication, shared security parameter K_D of mutual agreement in the device authentication flow process.
Step 902:MME utilizes intermediate key K
ASME, device-dependent security parameter (such as K_D) and other parameter (such as the random number RA ND_M that generates by MME), the key derivation algorithm derives from the safe key K with apparatus bound according to a preconcerted arrangement
ASME_ D is such as K
ASME_ D=KDF (K
ASME, K_D, RAND_M), specific implementation belongs to those skilled in the art's conventional techniques means, repeat no more here, and its specific implementation method and being not intended to limit the scope of the invention.
Step 903:MME initiates safe key bind command message to RN, carries random number RA ND_M in safe key bind command message, needs the intermediate key K of binding
ASMEKey ID information (eKSI), and the device security parameter K _ D corresponding identification parameter (eKSI_D) that needs binding.Wherein, can distinguish unique safe key and security parameter of determining required binding according to eKSI and eKSI_D.
Step 904:RN indexes corresponding intermediate key K according to eKSI
ASME, and index the device security parameter K _ D of needs bindings according to eKSI_D, and the utilization computational methods identical with MME derive from and the safe key K of apparatus bound
ASME_ D.
In this step, if RN is unusual because of taking place, such as indexing corresponding safe key or security parameter, causing finishing the safe key binding handles, feel puzzled, RN can directly send the safe key binding response message that has safe key Bind Failed sign to MME, perhaps in safe key binding response message binding is set and successfully is masked as vacation (False).Alternatively, can also further in taking safe key binding response message, be with corresponding failure cause, not exist such as the sign in the present embodiment.
Step 905:RN sends safe key binding response message to MME, carries safe key and bind successfully sign in safe key binding response message.MME successfully receives the synchronous binding of finishing safe key behind the safe key binding response message.
Can utilize safe key K between follow-up RN and the network side with apparatus bound
ASMEThe key that _ D derives from, the communication data safety between protection RN and the network side.
Figure 10 realizes the safe key schematic flow sheet of the 5th embodiment of binding synchronously for the present invention, among the 5th embodiment, supposes MME and RN agreement: initiatively carry out the safe key binding separately and handle after finishing device authentication.Alternatively, after finishing, binding can verify binding result by other message (such as NAS SMC message).As shown in figure 10, specific implementation may further comprise the steps:
Finish authentification of user by authentification of user flow process (User Authentication Procedure) between step 1000:MME and the RN, and obtain intermediate key K RN
ASMEThe realization of this step belongs to prior art, repeats no more here.
Step 1001:MME and RN carry out device authentication, shared security parameter K_D of mutual agreement in the device authentication flow process.
Step 1002~step 1003:MME and RN according to making an appointment, generate the safe key with apparatus bound: utilize intermediate key K respectively respectively
ASME, and equipment associated safety parameter is as sharing key K _ D, the key derivation algorithm derives the safe key K with apparatus bound according to a preconcerted arrangement
ASME_ D is such as K
ASME_ D=KDF (K
ASME, K_D), specific implementation belongs to those skilled in the art's conventional techniques means, repeat no more here, and its specific implementation method and being not intended to limit the scope of the invention.
Step 1004: alternatively, MME initiates NAS safe mode command (NAS SMC) message to RN, and this NAS Security Mode Command message is carried out integrity protection.Wherein, the integrity protection key by can by with the safe key K of apparatus bound
ASME_ D derives from.
Step 1005:RN is that generate and safe key K apparatus bound according to self
ASME_ D derives from the integrity protection key; and the NAS Security Mode Command message from MME verified; if the verification passes; then reply the NAS safe mode and finish (NAS SMC Complete) message to MME; and this NAS safe mode is finished message encrypts, encryption key by RN that generate with safe key K apparatus bound
ASME_ D derives from.
After step 1006:MME receives that the NAS safe mode is finished message, according to MME self that generate with safe key K apparatus bound
ASME_ D derives from decruption key, and the NAS safe mode of receiving is finished message is decrypted, if successful decryption illustrates that RN and MME successfully receive the synchronous binding of promptly finishing safe key.
Can utilize safe key K between follow-up RN and the network side with apparatus bound
ASMEThe key that _ D derives from, the communication data safety between protection RN and the network side.
In the present embodiment, step 1002 is regardless of order with the execution of step 1003.
Among the embodiment of Fig. 6 of the present invention~shown in Figure 10, in the engagement arithmetic that carries out the safe key binding, can also use other parameter, this parameter can be certain shared parameter that RN and network side are all known; Also can be the random number that RN or network side generate, if random number also needs a side who generates random number to give the opposite end with this random number by message informing.
The sequencing of the handling process among the embodiment of Fig. 6 of the present invention~shown in Figure 10 can change in specific implementation process to some extent, belongs to those skilled in the art and obtains easily according to method provided by the invention, and be not intended to limit the scope of the invention.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention, all any modifications of being done within the spirit and principles in the present invention, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.
Claims (22)
1. realize the safe key method of binding synchronously for one kind, it is characterized in that, comprising:
Mobility Management Entity MME notice RN carries out the safe key binding;
After RN has notice, carry out the safe key binding identical and handle, the safe key of acquisition and apparatus bound, and response MME with network side.
2. method according to claim 1 is characterized in that, described MME notice RN carries out the safe key binding and comprises: described MME sends non access stratum NAS message to RN, notifies described RN to carry out the safe key binding.
3. method according to claim 2 is characterized in that, carries in the described NAS message to be used to indicate RN to carry out the key bindings indication information of the binding of safe key.
4. method according to claim 3 is characterized in that, also carries the algorithm identification information that is used to identify employed algorithm when carrying out key bindings in the described NAS message.
5. method according to claim 3 is characterized in that, also carries the identification information of the safe key that needs binding in the described NAS message.
6. method according to claim 5 is characterized in that, also carries the identification information with the equipment associated safety parameter that needs binding in the described NAS message.
7. according to each described method of claim 2~6, it is characterized in that the existing NAS message of described NAS message reuse; Described existing NAS message comprises: NAS Security Mode Command message, perhaps user authentication request message;
Perhaps, described NAS message is newly-increased message, and described newly-increased message is the key bindings request message.
8. method according to claim 1 is characterized in that, described RN carries out, and the safe key binding identical with network side handled, and carries out in the MME of network side or home subscriber server HSS or Home Environment HE.
9. method according to claim 8 is characterized in that, the safe key binding that described network side is carried out was handled before described MME sends NAS message informing RN; Perhaps, after described MME receives response from RN.
10. according to claim 1,8 or 9 described methods, it is characterized in that, also comprise before this method: described network side obtains the user security key of RN by the authentification of user flow process, and obtains the equipment associated safety parameter of RN;
Described safe key binding is handled and is comprised: utilize equipment associated safety parameter and described user security key, by appointment the safe key of algorithm derivation and apparatus bound.
11. method according to claim 10 is characterized in that, described algorithm by appointment derives from and the safe key of apparatus bound further comprises:
Utilize equipment associated safety parameter, described user security key, and other parameter, the safe key of algorithm derivation and apparatus bound by appointment.
12. method according to claim 11 is characterized in that, described other parameter comprises the parameter that described RN and network side are shared; Perhaps, the random number that described network side or RN generate, at this moment, this method also comprises: described network side or RN are notified to RN or network side by this random number that message will generate.
13. method according to claim 10 is characterized in that, described user security key can be intermediate key K
ASME, or encryption key CK, Integrity Key IK.
14., it is characterized in that described equipment associated safety parameter is the special parameter that described RN and network side are shared according to claim 1,8 or 9 described methods;
Described special parameter is: the parameter in the CAMEL-Subscription-Information of described RN; Perhaps, the parameter preset in the device certificate.
15., it is characterized in that described equipment associated safety parameter is according to claim 1,8 or 9 described methods: carry out the equipment associated safety parameter of reaching an agreement in the device authentication process at described network side; The equipment associated safety parameter of reaching an agreement in the described device authentication process is the root key in the equipment CAMEL-Subscription-Information, or other new key that is derived from by this root key.
16., it is characterized in that described RN sends response to MME and comprises according to claim 1,8 or 9 described methods:
Described RN perhaps utilizes newly-increased message by existing NAS message, to described MME feedback binding result.
17. method according to claim 16 is characterized in that, carries to be used to indicate RN to complete successfully the key bindings success indication information of safe key binding in the response message of described RN feedback; Perhaps, be used to indicate RN not complete successfully the key bindings failure indication information of safe key binding.
18. method according to claim 17 is characterized in that, when carrying key bindings failure indication information in the response message of described RN feedback, also carries failure cause in the response message of described RN feedback.
19. realize the safe key system of binding synchronously for one kind, it is characterized in that, comprise RN and MME at least, wherein,
MME is used for sending safe key binding notice to RN;
RN, the safe key that is used to receive from MME is bound notice, carries out the safe key binding identical with network side and handles, the safe key of acquisition and apparatus bound, and response MME.
20. system according to claim 19 is characterized in that, described MME specifically is used at RN by behind the authentification of user, to RN transmission safe key binding notice; Before the binding of transmission safe key is notified to RN, or after the response of receiving, carries out the safe key binding identical and handle the safe key of acquisition and apparatus bound with RN from RN.
21. system according to claim 19 is characterized in that, this system also comprises HSS or HE, is used to carry out the safe key binding identical with RN and handles, and send to MME with that obtain after the safe key binding processing with safe key apparatus bound.
22., it is characterized in that described network side also is used for obtaining by the authentification of user flow process user security key of RN according to each described system of claim 19~21, and obtain the equipment associated safety parameter of RN.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010282470.3A CN101945386B (en) | 2010-09-10 | 2010-09-10 | A kind of method and system realizing safe key synchronous binding |
| PCT/CN2011/077617 WO2012031510A1 (en) | 2010-09-10 | 2011-07-26 | Method and system for implementing synchronous binding of security key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010282470.3A CN101945386B (en) | 2010-09-10 | 2010-09-10 | A kind of method and system realizing safe key synchronous binding |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101945386A true CN101945386A (en) | 2011-01-12 |
| CN101945386B CN101945386B (en) | 2015-12-16 |
Family
ID=43437080
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010282470.3A Active CN101945386B (en) | 2010-09-10 | 2010-09-10 | A kind of method and system realizing safe key synchronous binding |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101945386B (en) |
| WO (1) | WO2012031510A1 (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101931953A (en) * | 2010-09-20 | 2010-12-29 | 中兴通讯股份有限公司 | Method and system for generating safety key bound with device |
| WO2012031510A1 (en) * | 2010-09-10 | 2012-03-15 | 中兴通讯股份有限公司 | Method and system for implementing synchronous binding of security key |
| CN102595395A (en) * | 2011-01-14 | 2012-07-18 | 中兴通讯股份有限公司 | Relay node authentication method and system |
| CN102595403A (en) * | 2011-01-14 | 2012-07-18 | 中兴通讯股份有限公司 | Authentication method and authentication device for relay node binding |
| CN102685735A (en) * | 2011-03-11 | 2012-09-19 | 中兴通讯股份有限公司 | Method and system for reconstructing high-level security in RN switching process |
| US8839373B2 (en) | 2010-06-18 | 2014-09-16 | Qualcomm Incorporated | Method and apparatus for relay node management and authorization |
| US8887258B2 (en) | 2011-08-09 | 2014-11-11 | Qualcomm Incorporated | Apparatus and method of binding a removable module to an access terminal |
| US9112905B2 (en) | 2010-10-22 | 2015-08-18 | Qualcomm Incorporated | Authentication of access terminal identities in roaming networks |
| US9385862B2 (en) | 2010-06-16 | 2016-07-05 | Qualcomm Incorporated | Method and apparatus for binding subscriber authentication and device authentication in communication systems |
| US9578498B2 (en) | 2010-03-16 | 2017-02-21 | Qualcomm Incorporated | Facilitating authentication of access terminal identity |
| US9668128B2 (en) | 2011-03-09 | 2017-05-30 | Qualcomm Incorporated | Method for authentication of a remote station using a secure element |
| CN107925878A (en) * | 2015-09-04 | 2018-04-17 | 格马尔托股份有限公司 | The method of subscriber in certification local network |
| CN109698746A (en) * | 2019-01-21 | 2019-04-30 | 北京邮电大学 | Negotiate the method and system of the sub-key of generation bound device based on master key |
| CN113271588A (en) * | 2020-02-14 | 2021-08-17 | 联发科技股份有限公司 | Security key synchronization method and communication device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101233734A (en) * | 2005-06-30 | 2008-07-30 | 朗迅科技公司 | Method for distributing security keys during hand-off in a wireless communication system |
| CN101500230A (en) * | 2008-01-30 | 2009-08-05 | 华为技术有限公司 | Method for establishing security association and communication network system |
| CN101500229A (en) * | 2008-01-30 | 2009-08-05 | 华为技术有限公司 | Method for establishing security association and communication network system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101945386B (en) * | 2010-09-10 | 2015-12-16 | 中兴通讯股份有限公司 | A kind of method and system realizing safe key synchronous binding |
| CN101931953B (en) * | 2010-09-20 | 2015-09-16 | 中兴通讯股份有限公司 | Generate the method and system with the safe key of apparatus bound |
-
2010
- 2010-09-10 CN CN201010282470.3A patent/CN101945386B/en active Active
-
2011
- 2011-07-26 WO PCT/CN2011/077617 patent/WO2012031510A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101233734A (en) * | 2005-06-30 | 2008-07-30 | 朗迅科技公司 | Method for distributing security keys during hand-off in a wireless communication system |
| CN101500230A (en) * | 2008-01-30 | 2009-08-05 | 华为技术有限公司 | Method for establishing security association and communication network system |
| CN101500229A (en) * | 2008-01-30 | 2009-08-05 | 华为技术有限公司 | Method for establishing security association and communication network system |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9578498B2 (en) | 2010-03-16 | 2017-02-21 | Qualcomm Incorporated | Facilitating authentication of access terminal identity |
| US9385862B2 (en) | 2010-06-16 | 2016-07-05 | Qualcomm Incorporated | Method and apparatus for binding subscriber authentication and device authentication in communication systems |
| US8839373B2 (en) | 2010-06-18 | 2014-09-16 | Qualcomm Incorporated | Method and apparatus for relay node management and authorization |
| WO2012031510A1 (en) * | 2010-09-10 | 2012-03-15 | 中兴通讯股份有限公司 | Method and system for implementing synchronous binding of security key |
| CN101931953A (en) * | 2010-09-20 | 2010-12-29 | 中兴通讯股份有限公司 | Method and system for generating safety key bound with device |
| CN101931953B (en) * | 2010-09-20 | 2015-09-16 | 中兴通讯股份有限公司 | Generate the method and system with the safe key of apparatus bound |
| US9112905B2 (en) | 2010-10-22 | 2015-08-18 | Qualcomm Incorporated | Authentication of access terminal identities in roaming networks |
| CN102595395A (en) * | 2011-01-14 | 2012-07-18 | 中兴通讯股份有限公司 | Relay node authentication method and system |
| CN102595403A (en) * | 2011-01-14 | 2012-07-18 | 中兴通讯股份有限公司 | Authentication method and authentication device for relay node binding |
| US9668128B2 (en) | 2011-03-09 | 2017-05-30 | Qualcomm Incorporated | Method for authentication of a remote station using a secure element |
| CN102685735B (en) * | 2011-03-11 | 2017-02-01 | 中兴通讯股份有限公司 | Method and system for reconstructing high-level security in RN switching process |
| CN102685735A (en) * | 2011-03-11 | 2012-09-19 | 中兴通讯股份有限公司 | Method and system for reconstructing high-level security in RN switching process |
| US8887258B2 (en) | 2011-08-09 | 2014-11-11 | Qualcomm Incorporated | Apparatus and method of binding a removable module to an access terminal |
| CN107925878A (en) * | 2015-09-04 | 2018-04-17 | 格马尔托股份有限公司 | The method of subscriber in certification local network |
| CN109698746A (en) * | 2019-01-21 | 2019-04-30 | 北京邮电大学 | Negotiate the method and system of the sub-key of generation bound device based on master key |
| CN113271588A (en) * | 2020-02-14 | 2021-08-17 | 联发科技股份有限公司 | Security key synchronization method and communication device |
| CN113271588B (en) * | 2020-02-14 | 2024-05-17 | 联发科技股份有限公司 | Security key synchronization method and communication device |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2012031510A1 (en) | 2012-03-15 |
| CN101945386B (en) | 2015-12-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101945386B (en) | A kind of method and system realizing safe key synchronous binding | |
| CN101931955B (en) | Authentication method, device and system | |
| CN108781366B (en) | Authentication mechanism for 5G technology | |
| CN101945387B (en) | The binding method of a kind of access layer secret key and equipment and system | |
| CN101640886B (en) | Authentication method, re-authentication method and communication device | |
| CN101931953B (en) | Generate the method and system with the safe key of apparatus bound | |
| CN102823282B (en) | Key authentication method for binary CDMA | |
| CN101640887B (en) | Authentication method, communication device and communication system | |
| CN101951590B (en) | Authentication method, device and system | |
| CN101500229B (en) | Method for establishing security association and communication network system | |
| CN102056157B (en) | Method, system and device for determining keys and ciphertexts | |
| CN108293223A (en) | A kind of data transmission method, user equipment and network side equipment | |
| CN103098435A (en) | Relay node device authentication mechanism | |
| EP3152937B1 (en) | System and method for wireless network access protection and security architecture | |
| CN102056159B (en) | Method and device for acquiring safe key of relay system | |
| WO2011092138A1 (en) | Efficient terminal authentication in telecommunication networks | |
| US20150229620A1 (en) | Key management in machine type communication system | |
| CN101897210A (en) | Methods and apparatuses generating a radio base station key in a cellular radio system | |
| CN101926122A (en) | Method and communication system for establishing security association | |
| CN101977378B (en) | Information transferring method, network side and via node | |
| CN104010305A (en) | Bidirectional authentication reinforcement method of terminal and access network based on physical layer secret key | |
| CN101552984B (en) | Base station secure accessing method of mobile communication system | |
| CN101483870A (en) | Cross-platform mobile communication security system implementing method | |
| CN105764052A (en) | TD-LTE authentication and protective encryption method | |
| CN102595395A (en) | Relay node authentication method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |