CN103781069A - Bidirectional-authentication method, device and system - Google Patents
Bidirectional-authentication method, device and system Download PDFInfo
- Publication number
- CN103781069A CN103781069A CN201210400768.9A CN201210400768A CN103781069A CN 103781069 A CN103781069 A CN 103781069A CN 201210400768 A CN201210400768 A CN 201210400768A CN 103781069 A CN103781069 A CN 103781069A
- Authority
- CN
- China
- Prior art keywords
- access point
- value
- current
- target
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000005516 engineering process Methods 0.000 claims abstract description 27
- 238000000926 separation method Methods 0.000 claims abstract description 20
- 230000007774 longterm Effects 0.000 claims abstract description 8
- 238000012545 processing Methods 0.000 claims description 20
- 238000004458 analytical method Methods 0.000 claims description 8
- 230000001172 regenerating effect Effects 0.000 claims description 2
- 230000002457 bidirectional effect Effects 0.000 description 14
- 238000004891 communication Methods 0.000 description 7
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000003213 activating effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a bidirectional-authentication method, device and system, wherein the method includes: a current access point type is obtained; if the obtained current access point type is a node which supports an LTE (Long Term Evolution) technology and is compatible with a 2G or 3G core network, UE (User Equipment) neglects a comparison result after authenticating a separation bit of an AMF (Authentication Management Field) in an authentication code AUTN, or does not authenticate the separation bit of the AMF; and the UE uses a ciphering key CK and an integrity protection key IK as an access-layer key after obtaining the ciphering key CK and the integrity protection key IK through evolution. The technical scheme provided by the invention is capable of ensuring that the UE performs corresponding authentication processes reasonably when the UE accesses a network in a node which supports the LTE technology and is compatible with the 2G or 3G core network so that legal UE is capable of accessing the network successfully under a condition that air-interface security is ensured.
Description
Technical Field
The invention belongs to the technical field of communication, and relates to a method, equipment and a system for bidirectional authentication.
Background
With the development of mobile communication technology, the large-scale deployment of 3G (3 rd-generation, third generation mobile communication technology) networks, and the services with high speed and large bandwidth are bringing rich and colorful application experience to people. Especially, the recent large-scale growth of smart phones has brought more challenges to operation while injecting new vitality into communication. Statistically, mobile data traffic demand will increase nearly 40 times in the next 5 years. However, cellular network traffic and revenue increase is in a long-term imbalance, and the rapid increase of mobile data traffic does not make the service revenue of operators increase linearly. The operating network remains in a high-load state for a long time, and the expanded capacity is quickly occupied by the increased service, so that a low-cost high-capacity solution is urgently needed to solve the increasingly sharp problem.
LTE Hi (a node supporting LTE technology and capable of adapting to a 2G or 3G core network) is a newly introduced set of communication technology that relies on existing mobile networks and is oriented to fixed and low-speed mobile scenarios. The protocol stack of the LTE Hi access point is the same as that of an LTE (Long Term Evolution) access point, and both of them use an LTE technology over the air interface, but the LTE Hi node may be arranged earlier than the LTE network, so that it can only access through the existing 3G network. Under the scene, in LTE Hi connectionIn the access node, a logic unit with 2G/3G adaptation capability is required to be responsible for adaptation between the LTE Hi node and the 2G/3G core network, and from the security perspective, the UE (User Equipment) access logic is as shown in fig. 1. The LTE HiUE triggers an authentication procedure when accessing as in LTE UE. For LTE UE and 3G core network SGSN (GPRS Support Node) and authentication server HLR (Home Location Register), this is a common 3G authentication. For LTE Hi UE, it considers that it is an EPS (Evolved Packet System) AKA (Authentication and key agreement), checks each parameter according to the processing logic of EPS AKA, and detects whether the separation bit of AMF (Authentication Management Field) in the Authentication vector is 1, which results in a failure of checking, so that UE cannot normally access to the network. After verification, the SGSN may directly send CK (Ciphering Key) and IK to the LTE Hi node according to the processing logic of the conventional 3G; on the UE side, after the USIM (Universal Subscriber Identity Module) calculates CK and IK, it sends CK and IK to the ME (Mobile Equipment), and the ME converts the CK and IK into K according to the processing logic of LTEASMEIn this way, the keys of the network side and the UE side cannot be synchronized, and thus normal security protection cannot be performed.
Disclosure of Invention
Embodiments of the present invention provide a method, device, and system for bidirectional authentication, which provide bidirectional authentication for a UE accessing a wireless access point, and further provide reliable security guarantee for an air interface.
A method of mutual authentication, comprising:
acquiring the type of a current access point;
if the acquired current access point type is a node which supports a Long Term Evolution (LTE) technology and can be adapted to a 2G or 3G core network, the User Equipment (UE) ignores the comparison result after verifying the separation bit of the authentication management domain (AMF) in the authentication code (AUTN), or does not verify the separation bit of the AMF; and the UE directly takes the encryption key CK and the integrity protection key IK as an access layer key after deduction.
A user equipment, comprising:
the access point type acquisition module is used for acquiring the type of the current access point;
the authentication processing module is configured to ignore the comparison result after verifying the separation bit of the authentication management domain AMF in the authentication code AUTN when the current access point type acquired by the access point type acquisition module is a node that supports the long term evolution LTE technology and is adaptable to a 2G or 3G core network, or not verify the separation bit of the AMF; and directly takes the obtained encryption key CK and the integrity protection key IK as the access layer key after deduction.
A system for realizing bidirectional authentication comprises the user equipment UE, the SGSN and the access point equipment, wherein the access point equipment is node equipment which supports LTE technology and can be adapted to a 2G or 3G core network, and the UE is accessed to a network through the access point equipment and is communicated with the SGSN.
It can be seen from the technical solutions provided by the embodiments of the present invention that, when the UE accesses the network through the node supporting the LTE technology and being capable of adapting to the 2G or 3G core network, the technical solutions of the present invention can ensure that the UE reasonably performs the corresponding authentication processing, so that the legitimate UE can smoothly access the network while ensuring the security of the air interface, thereby overcoming the problems in the prior art.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive labor.
FIG. 1 is a diagram illustrating a UE accessing a network according to the background art of the present invention;
fig. 2 is a flowchart of a method of mutual authentication according to an embodiment of the present invention;
fig. 3 is a flowchart of another bidirectional authentication method according to a second embodiment of the present invention;
fig. 4 is a schematic diagram of a user equipment according to a third embodiment of the present invention;
fig. 5 is a schematic diagram of a system for implementing mutual authentication according to a fourth embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For the sake of understanding, the embodiments of the present invention will be described with reference to the following specific application examples and accompanying drawings.
Example one
An embodiment of the present invention provides a method for mutual authentication, as shown in fig. 2, including the following steps:
step 201, acquiring a type of a current access point, so as to determine whether the current access point is a node supporting an LTE technology and capable of being adapted to a 2G or 3G core network;
in this step, the implementation manner of the user equipment acquiring the current access point type may include, but is not limited to, any one of the following implementation manners:
the first method is as follows: acquiring the type of the current access point according to the information sent by the MME, such as MME attachment acceptance information, Tracking Area Update (TAU) acceptance information or non-access stratum security mode completion (NAS SMP) information and the like, wherein an access node type indication cell exists in the corresponding information, and the type of the access point can be acquired according to the cell;
the second method comprises the following steps: determining the type of the current access point according to the carrier frequency of the current access point;
the third method comprises the following steps: acquiring the type of the current access point from the cell broadcast message of the current access point;
the method is as follows: determining the type of the current access point according to the working mode of the UE, that is, binding the UE id (UE identity) with the working mode of the UE, for example, reserving a special IMSI (international mobile subscriber identity) area for the LTE UE that supports the LTE technology and can be adapted to a node of a 2G or 3G core network, so that the UE can determine the type of the current access point of the UE according to the area where the IMSI is located;
the fifth mode is as follows: determining the type of the current access point according to the capability supported by the current mode, for example, if the working mode of the UE supports 256QAM, it indicates that the current access point is a node supporting LTE technology and capable of adapting to a 2G or 3G core network, and the UE in other modes does not have the capability
Step 202, if the obtained current access point type is a node supporting the LTE technology and capable of being adapted to a 2G or 3G core network, the UE ignores the comparison result after verifying the separation bit of the authentication management field AMF in the authentication code AUTN, or does not verify the separation bit of the AMF; and the UE directly uses CK and IK as access layer keys after deriving them.
It can be seen from the foregoing embodiment of the present invention that, by identifying the type of the access point of the UE, when the access point of the UE is a node that supports the LTE technology and can be adapted to a 2G or 3G core network, the processing method provided in step 202 is adopted, so that the UE can reasonably perform corresponding authentication processing, and it is ensured that a legitimate UE can normally access a network while ensuring the safety of an air interface.
Example two
For ease of understanding, a specific implementation of an embodiment of the present invention will be further described below with reference to fig. 3.
An embodiment of the present invention provides a method for mutual authentication, as shown in fig. 3, including the following steps:
301, acquiring the type of the current access point;
if the access point of the current UE is a common node only supporting LTE technology, when the network side triggers the authentication process, the authentication is carried out according to the traditional EPS AKA, and the subsequent step 304 is not executed; if it is determined that the current access point is a node supporting the LTE technology and capable of adapting to the 2G or 3G core network, step 304 is executed, and the node supporting the LTE technology and capable of adapting to the 2G or 3G core network is simply referred to as an LTE Hi node hereinafter.
When UE is attached to a network, if the network side does not have UE security context, an EPAAKA process is triggered in the attachment process; or, for switching from other systems to the LTE system, when the non-access stratum count value is reversed NASCOUNT wrap round, the network side will also trigger the EPS AKA procedure to complete the corresponding bidirectional authentication procedure, at this time, step 301 may be executed;
the way for the UE to obtain the current access point type is described in the first embodiment, and is not described in detail here.
specifically, the UE sends an authentication request to the SGSN through the LTE Hi access point, the SGSN receives the authentication request and then forwards the request to the HLR, the HLR sends a response message to the SGSN, the response message includes a UMTS (Universal mobile telecommunications System) authentication vector, and the authentication vector includes: RAND (random value), AUTN (authentication code), CK, IK, and RES (expected response value).
It should be noted that there is no limitation in the execution order of step 301 and steps 302 and 303, that is, step 301 may be executed before step 304, and is not limited to be executed before step 302 or step 303.
specifically, the authentication process may include: firstly, recovering a medium access control MAC and a sequence number SQN in the AUTN by a USIM of the UE; then, comparing whether the media access control MAC and the SQN in the AUTN are the same as the locally stored SQN and the locally calculated MAC, if so, calculating CK, IK and RES by the USIM according to the RAND in the request authentication message, and sending the CK, IK and RES to the ME of the UE, directly saving the CK and IK as an access layer key by the ME, sending the calculated RES to the SGSN of the network side for continuing the authentication of the network side, and if the SGSN is successfully verified, turning to step 305; in addition, the UE also verifies whether the separation bit of the AMF in the AUTN is 1 or not, and ignores the comparison result; or, the AMF separation bit is not checked to avoid that the authentication process fails due to the corresponding verification result for the AMF separation bit.
And 305, the network side performs algorithm configuration and sends the configured algorithm to the UE.
Specifically, the algorithm configuration process may include: the SGSN of the network side compares the received RES with the RES which is locally stored and received from the HLR, and if the RES and the RES are the same, the CK and the IK are sent to a current access point (LTEHi access point) of the UE for storage; the SGSN also sends a safety mode message to the LTE Hi access point, wherein the safety mode message comprises an algorithm selected by the SGSN, UE safety capability and the like; after receiving the message, the LTE Hi access point ignores the algorithm in the message and selects an access layer algorithm according to the safety capability of the UE and the local algorithm priority; then sending an access stratum security mode command (AS SMC) message for integrity protection by using the IK to the UE, wherein the message carries the selected algorithm and the UE security capability; and the UE receives the AS SMC message sent by the LTE Hi access point, starts AS encryption and integrity protection, and respectively uses the CK and the IK AS an encryption key and an integrity protection key.
Preferably, in the embodiment of the present invention, in order to ensure communication security, the AS keys CK and IK cannot be used indefinitely, that is, the corresponding keys CK and IK may be updated periodically. Therefore, the embodiment of the present invention further introduces a key validity control parameter START to control validity periods of CK and IK; when a new CK, IK is generated, START is set to 0, and then the update process of the START value may specifically include:
the UE determines the updated value of the key validity parameter START to be:
START’=MSB20(MAX { PDCP COUNT } | all bearers (including signaling) protected with CK, IK) }) +2, where PDCP COUNT is a packet data convergence protocol PDCP COUNT value, START is used to construct an initial PDCP COUNT value when a UE establishes a connection, and a PDCP layer may have multiple bearers, each with its own PDCP COUNT value, and thus, multiple PDCP COUNT values. That is, the value of START' in the formula is the upper 20 +2 bits of the maximum PDCP count value, and when the UE releases the connection, the START value is obtained by using the formula and stored for use when the next connection is established.
According to the calculation result of START ', if the current value of START is smaller than START ', the current value of START is updated to START ', otherwise the current value of START is not changed.
Further, the process of updating the key according to the START setting may include: when the value of the START reaches a threshold value, setting KSI (key set identity) as an invalid value, and deleting CK, IK in the USIM; therefore, after the KSI is carried in the sent service request, the attach request and the tracking area update TAU request message and sent to the SGSN, if the SGSN judges that the corresponding KSI is an invalid value, the authentication and key agreement AKA can be triggered to generate new CK and IK, and when the access point STARTs the new CK and IK, the START value and the PDCP COUNT are cleared by 0, so that the corresponding CK and IK update processing is realized.
In the embodiment of the present invention, when releasing a connection, the value of the current START variable may be stored in ME; when the USIM is powered off, the ME can store the stored value of the START variable into the USIM, and when the USIM is powered on next time, the ME reads the corresponding value of the START variable from the USIM; and when establishing a radio resource control protocol RRC connection, sending the value of the START variable in the ME to a current access point of the UE, at the moment, constructing a new PDCP value through the value of the START variable on the UE side so as to prevent the newly established connection from using an old key and then using the used PDCPCOUNT for security protection, therefore, taking the value of the START (20 bit) variable as a high 20 bits bit of a PDCP COUNT (32 bit) of a packet data convergence protocol algorithm, and filling the rest bits of the PDCP COUNT with 0.
In the embodiment of the invention, after the authentication is completed, the safe switching of the UE between the network access points can be realized. For ease of understanding, the following description will be made of the respective handover procedure taking as an example the handover of a UE from a current Hi-AP to another Hi-AP (i.e. the target Hi-AP), and the handover of the UE between the Hi-AP and the MME of the LTE system, where the respective Hi-AP is the LTE Hi access point.
Handover procedure for UE to switch from current Hi-AP to another Hi-AP
The switching process belongs to the switching process participated by the core network, and the switching message between the source/target access network nodes can reach the opposite terminal only by being forwarded by the source/target core network. In the embodiment of the invention, the processing mode of the core network SGSN is not modified, namely, the switching is a switching process across the SGSN from the view of the SGSN.
Carrying values of CK, IK, UE security capability and START or carrying values of START only in a handover request message sent by a source Hi-AP to a target Hi-AP;
the target Hi-AP directly uses the received CK and IK AS an AS encryption key and an integrity protection key, selects an encryption algorithm and an integrity protection algorithm for the UE according to the received UE security capability and the local algorithm priority, and forwards the selected algorithm and the START value to the UE through a handover command message. At this time, a new PDCP value needs to be constructed according to the value of START, so as to prevent the newly established connection from using the old key and then using the used PDCP COUNT for security protection. Therefore, the Hi access point and the UE construct a packet data convergence protocol algorithm PDCP COUNT according to the value of the START, taking the value of the START (20 bits) as the upper 20 bits of the PDCP COUNT (32 bits), and the lower 12 bits of the PDCP COUNT as being filled with 0.
When the switching request message only carries the value of START, and the value of START reaches the threshold value, triggering new authentication and key agreement AKA, generating a new key and activating safety protection.
(II) processing procedure for switching between Hi-AP and MME by UE
In the switching process, when the UE is switched to a target LTE system from a source Hi-AP, the source Hi-AP sends a switching message carrying values of CK, IK, UE security capability and START variables to a target MME serving as a target access point in the LTE system; the MME generates a random value NONCEMMEAnd based on the CK, IK and the NONCE receivedMMEDeduction KASMEThe corresponding deduction formula may be KASME=KDF(CK||IK,NONCEMME),The KDF is a key deduction function; then K is obtained by deductionASMEAnd an uplink access stratum algorithm NAS COUNT (= 0) deduction KeNB, and selecting the access stratum NAS algorithm according to the UE security capability and the local algorithm priority, wherein the deduction KeNB formula is as follows: KeNB = KDF (K)ASMEUL NAS COUNT), wherein the KeNB is a key for an access point.
When the UE is switched to the target Hi-AP from the source LTE system, the MME of the source LTE system switches to the target Hi-AP according to the local KASMEAnd downlink NAS COUNT deduces CK and IK, and sends to SGSN through the said goal Hi-AP; the formula for deducing CK and IK is as follows: kASME=KDF(CK||IK,DL NAS COUNT)。
As can be seen from the foregoing embodiments of the present invention, the UE can implement the bidirectional authentication provided by the embodiments of the present invention by analyzing the type of the current access point, so as to ensure that the UE reliably accesses the network when the current access point is the Hi access point. In addition, the embodiment of the invention can also update the AS key periodically, thereby further ensuring the security of the key application. Moreover, when the UE is switched from the current access point to another access point, the embodiment of the present invention further provides a corresponding switching processing scheme, thereby providing a guarantee for the security of the access point switching, improving the communication security, and providing an adequate security guarantee for an air interface.
Obviously, the technical solution provided in the embodiment of the present invention is not limited to performing bidirectional authentication on the access point of LTE Hi, and as long as the UE accesses the network in LTE, other systems whose core network is a 2G/3G node can implement bidirectional authentication through the embodiment.
EXAMPLE III
An embodiment of the present invention provides a user equipment, and as shown in fig. 4, the user equipment may specifically include:
an access point type obtaining module 41, configured to obtain a current access point type;
an authentication processing module 42, configured to ignore the comparison result after verifying the separation bit of the authentication management field AMF in the authentication code AUTN when the current access point type acquired by the access point type acquisition module 401 is a node that supports the long term evolution LTE technology and can be adapted to the 2G or 3G core network, or not verify the separation bit of the AMF; and directly takes the obtained encryption key CK and the integrity protection key IK as the access layer key after deduction.
Optionally, the access point type obtaining module 41 may specifically but not limited to include any one of the following modules, that is, the type of the current access point of the UE may be obtained through any one of the following modules:
(1) the message analysis sub-module 411 is configured to obtain the type of the current access point according to a message sent by the MME, for example, the type of the current access point may be obtained according to an MME attach accept message, a TAU accept message, or an NAS SMP message sent by the MME;
(2) a carrier frequency analysis module 412, configured to determine the type of the current access point according to the carrier frequency of the current access point;
(3) a broadcast message analyzing module 413, configured to obtain the type of the current access point from the cell broadcast message of the current access point;
(4) the working mode analyzing module 414 is configured to determine the type of the current access point according to the working mode of the current access point;
(5) and a capability analysis module 415, configured to determine the type of the current access point according to the capability supported by the current mode of the current access point.
Specifically, in order to ensure the security of the key, the key needs to be updated periodically, and for this purpose, the user equipment may further include:
a key validity control parameter determination module 43, configured to determine that the updated value of the key validity control parameter START is: the higher 20 bits of the maximum PDCP count value in a plurality of packet data convergence protocol PDCP count values corresponding to a plurality of bearers are added with 2; if the value of the current START is smaller than the updated value, updating the value of the current START to the updated value, otherwise, the value of the current START is unchanged, and the initial value of the START is 0;
a key renewal module 44, when the value of START determined by the key validity control parameter determination module 43 reaches the threshold value, sets the key set identity KSI to an invalid value, and deletes CK and IK in USIM.
To facilitate management of the corresponding key validity control parameter, the user equipment may further include a key validity control parameter management module 45, and/or a data transmission module 46 and a PDCP COUNT construction module 47, wherein:
a key validity control parameter management module 45 for storing the value of the current START when releasing the connection; or, the START control module is configured to receive and store the value of the START sent by the ME when the ME is powered off, and send the value of the START to the ME when the ME is powered on next time;
a data sending module 46, configured to send a value of START in the ME to a current access point of the UE when a radio resource control protocol RRC connection is established; and a PDCP COUNT construction module 47, configured to use the value of START as the upper 20 bits of the PDCP COUNT when establishing the radio resource control protocol RRC connection, and fill the remaining bits of the PDCP COUNT with 0.
It can be seen from the foregoing embodiment of the present invention that, by analyzing the type of the current access point, if the current access point is an LTE Hi access point, the UE starts the authentication processing module 42 included in the user equipment to perform the authentication processing in the corresponding bidirectional authentication process, so AS to ensure that the legitimate UE can reliably access the network, and can periodically update the AS key, thereby providing sufficient security guarantee for the air interface.
It should be noted that, specific implementation manners of functions implemented by the processing modules included in the above-mentioned device have been described in detail in the foregoing embodiments, and therefore, detailed descriptions thereof are omitted here.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the above division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working processes of the above-described devices and modules, reference may be made to corresponding processes in the foregoing method embodiments, which are not described herein again.
Example four
An embodiment of the present invention provides a system for implementing bidirectional authentication, as shown in fig. 5, the system includes: the UE51 according to the third embodiment, and an SGSN52 and an access point device 53, where the corresponding access point device is a node device supporting LTE technology and capable of adapting to a 2G or 3G core network, and the corresponding UE can access a network and communicate with the SGSN through the access point device.
Further, the system can also comprise the following processing procedures:
the USIM of the UE calculates CK, IK and an expected response value RES through the received random value RAND and sends the CK, the IK and the expected response value RES to the ME; the ME stores the CK and the IK as an access layer key of the UE, and sends the received RES to the SGSN; and the SGSN receives the RES, compares the RES with the RES locally stored and received from the HLR, and if the RES is the same as the RES, sends the CK and the IK sent by the HLR to a current access point (namely the access point equipment) of the UE to be stored as an access layer key of the current access point.
Optionally, the system may further include: a source Hi-AP, a target Hi-AP and an MME of an LTE system, wherein the Hi-AP is a node (i.e. access point device) supporting LTE technology and being capable of adapting to a 2G or 3G core network, and:
the source Hi-AP is used for sending the values of CK, IK and START to the target Hi-AP or only sending START to the target Hi-AP when the UE is switched from the current Hi-AP to the target Hi-AP;
the target Hi-AP is used for directly enabling the CK and the IK when the CK, the IK and the START sent by the source Hi-AP are received when the UE performs handover, or triggering the operation of regenerating the CK and the IK when the START reaches a threshold value when only the START sent by the source Hi-AP is received;
the MME is used for switching the UE from the current MME to the target Hi-AP according to KASMEAcquiring CK and IK, and sending the CK and the IK to the SGSN through the target Hi-AP; when the UE is switched to the current MME from the source Hi-AP, the generated random value NONCE is usedMMEAnd CK and IK received to obtain KASME。
A PDCP COUNT setup module 51 may be further included in the corresponding target Hi-AP, and configured to construct a PDCP COUNT according to the value of the START when the UE is handed over from the source access point to the current Hi-AP, where the value of the START is used as the upper 20 bits of the PDCP COUNT, and the lower 12 bits of the PDCP COUNT are filled with 0.
Further, the system may further include: an HLR (home location register) configured to respond to the authentication request after receiving the authentication request sent by the SGSN, where the response message includes a UMTS authentication vector, and the method specifically includes: RAND, AUTN, CK, IK and RES; the SGSN sends a request authentication message to UE after receiving the response message sent by the HLR, and the authentication information carried in the request authentication message comprises: RAND and AUTN.
The user equipment included in the system for implementing bidirectional authentication provided in this embodiment has already been described in detail in the third embodiment, and therefore is not described again.
It can be seen from the foregoing embodiments of the present invention that, by analyzing the type of the current access point, if the current access point is an LTE Hi access point, the UE starts the authentication processing module 42 described in the third embodiment to perform authentication processing in the bidirectional authentication process, so AS to ensure that a legitimate UE can reliably access a network, and periodically updates an AS key.
It should be noted that, specific implementation manners of functions implemented by the processing modules or entities included in the system are described in detail in the foregoing embodiments, and therefore, detailed descriptions thereof are omitted here.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the above division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working processes of the system, the device and the module described above, reference may be made to corresponding processes in the foregoing method embodiments, which are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. For example, the above-described device embodiments are merely illustrative, and for example, the division of the modules is only one logical division, and other divisions may be realized in practice, for example, a plurality of modules may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may be in an electrical, mechanical or other form.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (15)
1. A method of mutual authentication, comprising:
acquiring the type of a current access point;
if the acquired current access point type is a node which supports a Long Term Evolution (LTE) technology and can be adapted to a 2G or 3G core network, the User Equipment (UE) ignores the comparison result after verifying the separation bit of the authentication management domain (AMF) in the authentication code (AUTN), or does not verify the separation bit of the AMF; and the UE directly takes the encryption key CK and the integrity protection key IK as an access layer key after deduction.
2. The method of claim 1, wherein the step of obtaining the current access point type comprises:
acquiring the type of a current access point according to a message sent by a Mobility Management Entity (MME);
or, determining the type of the current access point according to the carrier frequency of the current access point;
or, obtaining the type of the current access point from the cell broadcast message of the current access point;
or, determining the type of the current access point according to the working mode of the UE;
or, determining the type of the current access point according to the capability supported by the current mode of the UE.
3. The method according to claim 1, wherein the processing of the UE to directly use CK and IK as the access stratum key after deriving them specifically comprises:
a universal subscriber identity module USIM of the UE calculates CK, IK and an expected response value RES through the received random value RAND and sends the CK, the IK and the expected response value RES to mobile equipment ME;
the ME stores the CK and the IK as an access layer key of the UE and sends the received RES to a general packet radio service support node SGSN;
and the SGSN receives the RES, compares the RES with the RES locally stored and received from a Home Location Register (HLR), and if the RES and the RES are the same, sends the CK and the IK sent by the HLR to the current access point of the UE for storage to serve as the access layer key of the current access point of the UE.
4. A method according to claim 1, 2 or 3, characterized in that the method further comprises:
the UE calculates and determines the updated value of the key validity control parameter START as: the higher 20 bits of the maximum PDCP count value in a plurality of packet data convergence protocol PDCP count values corresponding to a plurality of bearers are added with 2;
if the value of the current START is smaller than the updated value, updating the value of the current START to the updated value, otherwise, the value of the current START is unchanged, and the initial value of the START is 0;
when the value of START reaches the threshold value, the key set identity KSI is set to an invalid value and CK and IK in USIM are deleted.
5. The method of claim 4, further comprising:
upon releasing the connection, storing the value of the current START in the ME; or, at shutdown, the ME stores the stored value of START into the USIM, and at next startup, the ME reads the value of START from the USIM;
and/or the presence of a gas in the gas,
and when a Radio Resource Control (RRC) connection is established, sending the value of the START in the ME to an access point of the UE, and taking the value of the START as the upper 20 bits of a PDCP COUNT, wherein the rest bits of the PDCP COUNT are filled with 0.
6. The method of claim 4, further comprising a process of handover of the UE, and the process comprises:
and the UE is switched from the source Hi-AP serving as the source access point to the target Hi-AP serving as the target access point, then: the source Hi-AP sends the values of CK, IK and START to the target Hi-AP, and the target Hi-AP uses the CK and IK; or the source Hi-AP only sends the value of START to the target Hi-AP, and triggers the operation of re-generating CK and IK when START reaches a threshold value, wherein the Hi-AP is a node that supports LTE technology and can be adapted to a 2G or 3G core network;
or,
the UE is switched to the target Hi-AP from the source LTE system, and the MME of the source LTE system switches to the target Hi-AP according to the KASMEAcquiring CK and IK, and sending the Ck and the IK to a core network node SGSN corresponding to the target Hi-AP;
or,
the UE is switched to the target LTE system from the source Hi-AP, and the MME of the target LTE system generates a random value NONCEMMEAnd receiveTo CK and IK, to obtain KASME。
7. The method of claim 6, wherein if the target access point is a Hi-AP, the method further comprises:
and the target access point and the UE construct a PDCP COUNT according to the value of the START, wherein the value of the START is used as the upper 20 bits of the PDCP COUNT, and the lower 12 bits of the PDCP COUNT are filled with 0.
8. A user device, comprising:
the access point type acquisition module is used for acquiring the type of the current access point;
the authentication processing module is configured to ignore the comparison result after verifying the separation bit of the authentication management domain AMF in the authentication code AUTN when the current access point type acquired by the access point type acquisition module is a node that supports the long term evolution LTE technology and is adaptable to a 2G or 3G core network, or not verify the separation bit of the AMF; and directly takes the obtained encryption key CK and the integrity protection key IK as the access layer key after deduction.
9. The apparatus of claim 8, wherein the access point type obtaining module comprises any one of:
the message analysis submodule is used for acquiring the type of the current access point according to the message sent by the MME;
the carrier frequency analysis module is used for determining the type of the current access point according to the carrier frequency of the current access point;
the broadcast message analysis module is used for acquiring the type of the current access point from the cell broadcast message of the current access point;
the working mode analysis module is used for determining the type of the current access point according to the working mode of the current access point;
and the capability analysis module is used for determining the type of the current access point according to the capability supported by the current mode of the self.
10. The apparatus of claim 8, further comprising:
a key validity control parameter determination module, configured to determine that the updated value of the key validity control parameter START is: the higher 20 bits of the maximum PDCP count value in a plurality of packet data convergence protocol PDCP count values corresponding to a plurality of bearers are added with 2; if the value of the current START is smaller than the updated value, updating the value of the current START to the updated value, otherwise, the value of the current START is unchanged, and the initial value of the START is 0;
and the key updating module is used for setting the key set identification KSI as an invalid value and deleting CK and IK in the USIM when the value of the START determined by the key validity control parameter determining module reaches a threshold value.
11. The apparatus of claim 10, further comprising:
a key validity control parameter management module for storing the value of the current START when releasing the connection; or, the START control module is configured to receive and store the value of the START sent by the ME when the ME is powered off, and send the value of the START to the ME when the ME is powered on next time;
and/or the presence of a gas in the gas,
a data sending module, configured to send a value of START in the ME to an access point of the UE when a radio resource control protocol RRC connection is established; a PDCP COUNT constructing module, configured to use the value of START as the upper 20 bits of a PDCP COUNT when establishing a radio resource control protocol RRC connection, where the remaining bits of the PDCP COUNT are filled with 0.
12. A system for implementing mutual authentication, comprising the UE of any one of claims 8 to 11, an SGSN, and an access point device, wherein the access point device is a node device supporting LTE technology and capable of adapting to a 2G or 3G core network, and wherein the UE accesses a network and communicates with the SGSN through the access point device.
13. The system of claim 12, further comprising:
a universal subscriber identity module USIM of the UE calculates CK, IK and an expected response value RES through the received random value RAND and sends the CK, the IK and the expected response value RES to mobile equipment ME;
the ME stores the CK and the IK as an access layer key of the UE and sends the received RES to the SGSN;
and the SGSN receives the RES, compares the RES with the RES locally stored and received from the HLR, and if the RES is the same as the RES, sends the CK and the IK sent by the HLR to the current access point of the UE for storage to serve as the access layer key of the current access point.
14. The system according to claim 12 or 13, characterized in that the system further comprises: a source Hi-AP, a target Hi-AP and an MME in an LTE system, wherein the Hi-AP is the node which supports the LTE technology and can be adapted to a 2G or 3G core network, and the MME comprises the following components:
the source Hi-AP is used for sending the values of CK, IK and START to the target Hi-AP or only sending START to the target Hi-AP when the UE is switched from the current Hi-AP to the target Hi-AP;
the target Hi-AP is used for directly enabling the CK and the IK when the CK, the IK and the START sent by the source Hi-AP are received when the UE performs handover, or triggering the operation of regenerating the CK and the IK when the START reaches a threshold value when only the START sent by the source Hi-AP is received;
the MME is used for switching the UE from the current MME to the target Hi-AP according to KASMEAcquiring CK and IK, and sending the CK and the IK to the SGSN through the target Hi-AP; when the UE is switched to the current MME from the source Hi-AP, the generated random value NONCE is usedMMEAnd CK and IK received to obtain KASME。
15. The system according to claim 15, wherein said target Hi-AP further comprises:
a PDCP COUNT establishing module, configured to construct a PDCP COUNT according to the value of the START when the UE is handed over from a source access point to a current Hi-AP, wherein the value of the START serves as upper 20 bits of the PDCP COUNT, and lower 12 bits of the PDCP COUNT are padded with 0.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210400768.9A CN103781069B (en) | 2012-10-19 | 2012-10-19 | Bidirectional-authentication method, device and system |
| PCT/CN2013/085602 WO2014059947A1 (en) | 2012-10-19 | 2013-10-21 | Bidirectional authentication method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210400768.9A CN103781069B (en) | 2012-10-19 | 2012-10-19 | Bidirectional-authentication method, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103781069A true CN103781069A (en) | 2014-05-07 |
| CN103781069B CN103781069B (en) | 2017-02-22 |
Family
ID=50487589
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210400768.9A Active CN103781069B (en) | 2012-10-19 | 2012-10-19 | Bidirectional-authentication method, device and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103781069B (en) |
| WO (1) | WO2014059947A1 (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106341816A (en) * | 2016-08-31 | 2017-01-18 | 上海寰创通信科技股份有限公司 | Authentication configuration method applied to business WIFI system |
| CN107426185A (en) * | 2017-06-22 | 2017-12-01 | 北京佰才邦技术有限公司 | A kind of communication means and system |
| CN108064039A (en) * | 2018-02-11 | 2018-05-22 | 中国联合网络通信集团有限公司 | A kind of method, apparatus and computer storage media for obtaining IP address |
| WO2018201946A1 (en) * | 2017-05-05 | 2018-11-08 | 华为技术有限公司 | Anchor key generation method, device and system |
| CN108966220A (en) * | 2017-07-28 | 2018-12-07 | 华为技术有限公司 | Safety implementation method, relevant apparatus and system |
| WO2019096002A1 (en) * | 2017-11-17 | 2019-05-23 | 华为技术有限公司 | Secure protection method and device |
| CN109819439A (en) * | 2017-11-19 | 2019-05-28 | 华为技术有限公司 | The method and related entities of key updating |
| CN110831000A (en) * | 2019-10-31 | 2020-02-21 | 迈普通信技术股份有限公司 | Secure access method, device and system |
| CN110870350A (en) * | 2017-07-28 | 2020-03-06 | 高通股份有限公司 | Secure key derivation for handover |
| US11190934B2 (en) * | 2018-04-10 | 2021-11-30 | Mediatek Singapore Pte. Ltd. | Incorrect KSI handling in mobile communications |
| RU2781250C2 (en) * | 2017-05-05 | 2022-10-10 | Хуавэй Текнолоджиз Ко., Лтд. | Method for key formation, user equipment, device, computer-readable data carrier and communication system |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110913393B (en) * | 2018-09-15 | 2021-09-07 | 华为技术有限公司 | Switching method and terminal equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101203030A (en) * | 2006-12-13 | 2008-06-18 | 联想(北京)有限公司 | Apparatus and method for identifying authority by mobile terminal multi-mode protocol stack |
| WO2012125309A1 (en) * | 2011-03-14 | 2012-09-20 | Alcatel Lucent | Prevention of eavesdropping type of attack in hybrid communication system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101600205B (en) * | 2009-07-10 | 2011-05-04 | 华为技术有限公司 | Method and related device for accessing SIM card user equipment to evolution network |
-
2012
- 2012-10-19 CN CN201210400768.9A patent/CN103781069B/en active Active
-
2013
- 2013-10-21 WO PCT/CN2013/085602 patent/WO2014059947A1/en active Application Filing
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101203030A (en) * | 2006-12-13 | 2008-06-18 | 联想(北京)有限公司 | Apparatus and method for identifying authority by mobile terminal multi-mode protocol stack |
| WO2012125309A1 (en) * | 2011-03-14 | 2012-09-20 | Alcatel Lucent | Prevention of eavesdropping type of attack in hybrid communication system |
Non-Patent Citations (1)
| Title |
|---|
| 3GPP: "3GPP System Architecture Evolution (SAE), Security architecture (Release 10)", 《3GPP TSGSSA》 * |
Cited By (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106341816A (en) * | 2016-08-31 | 2017-01-18 | 上海寰创通信科技股份有限公司 | Authentication configuration method applied to business WIFI system |
| CN106341816B (en) * | 2016-08-31 | 2019-09-24 | 上海寰创通信科技股份有限公司 | A kind of authenticated configuration method applied to business WIFI system |
| CN109874139A (en) * | 2017-05-05 | 2019-06-11 | 华为技术有限公司 | Anchor key generation method, equipment and system |
| US11924629B2 (en) | 2017-05-05 | 2024-03-05 | Huawei Technologies Co., Ltd. | Anchor key generation method, device, and system |
| WO2018201946A1 (en) * | 2017-05-05 | 2018-11-08 | 华为技术有限公司 | Anchor key generation method, device and system |
| RU2781250C2 (en) * | 2017-05-05 | 2022-10-10 | Хуавэй Текнолоджиз Ко., Лтд. | Method for key formation, user equipment, device, computer-readable data carrier and communication system |
| US11012855B2 (en) | 2017-05-05 | 2021-05-18 | Huawei Technologies Co., Ltd. | Anchor key generation method, device, and system |
| US10966083B2 (en) | 2017-05-05 | 2021-03-30 | Huawei Technologies Co., Ltd. | Anchor key generation method, device, and system |
| CN109874139B (en) * | 2017-05-05 | 2020-02-07 | 华为技术有限公司 | Anchor key generation method, device and system |
| CN107426185A (en) * | 2017-06-22 | 2017-12-01 | 北京佰才邦技术有限公司 | A kind of communication means and system |
| CN110870350A (en) * | 2017-07-28 | 2020-03-06 | 高通股份有限公司 | Secure key derivation for handover |
| WO2019019736A1 (en) * | 2017-07-28 | 2019-01-31 | 华为技术有限公司 | Security implementation method, and related apparatus and system |
| CN109005540B (en) * | 2017-07-28 | 2019-07-23 | 华为技术有限公司 | A kind of method, apparatus and computer readable storage medium of secret key deduction |
| CN108966220A (en) * | 2017-07-28 | 2018-12-07 | 华为技术有限公司 | Safety implementation method, relevant apparatus and system |
| US11228905B2 (en) | 2017-07-28 | 2022-01-18 | Huawei Technologies Co., Ltd. | Security implementation method, related apparatus, and system |
| CN110870350B (en) * | 2017-07-28 | 2021-12-07 | 高通股份有限公司 | Secure key derivation for handover |
| CN109511113A (en) * | 2017-07-28 | 2019-03-22 | 华为技术有限公司 | Safety implementation method, relevant apparatus and system |
| CN109511113B (en) * | 2017-07-28 | 2020-04-14 | 华为技术有限公司 | Security implementation method, related device and system |
| US11071021B2 (en) | 2017-07-28 | 2021-07-20 | Qualcomm Incorporated | Security key derivation for handover |
| US10728757B2 (en) | 2017-07-28 | 2020-07-28 | Huawei Technologies Co., Ltd. | Security implementation method, related apparatus, and system |
| CN109005540A (en) * | 2017-07-28 | 2018-12-14 | 华为技术有限公司 | Safety implementation method, relevant apparatus and system |
| CN108966220B (en) * | 2017-07-28 | 2019-07-23 | 华为技术有限公司 | A kind of method and the network equipment of secret key deduction |
| CN112738804A (en) * | 2017-11-17 | 2021-04-30 | 华为技术有限公司 | Safety protection method and device |
| US10904764B2 (en) | 2017-11-17 | 2021-01-26 | Huawei Technologies Co., Ltd. | Security protection method and apparatus |
| US10681551B2 (en) | 2017-11-17 | 2020-06-09 | Huawei Technologies Co., Ltd. | Security protection method and apparatus |
| CN112738804B (en) * | 2017-11-17 | 2021-12-21 | 华为技术有限公司 | Safety protection method and device |
| WO2019096002A1 (en) * | 2017-11-17 | 2019-05-23 | 华为技术有限公司 | Secure protection method and device |
| US11564100B2 (en) | 2017-11-17 | 2023-01-24 | Huawei Technologies Co., Ltd. | Security protection method and apparatus |
| CN109819439B (en) * | 2017-11-19 | 2020-11-17 | 华为技术有限公司 | Method for updating key and related entity |
| CN109819439A (en) * | 2017-11-19 | 2019-05-28 | 华为技术有限公司 | The method and related entities of key updating |
| CN108064039B (en) * | 2018-02-11 | 2021-05-25 | 中国联合网络通信集团有限公司 | Method, device and computer storage medium for acquiring IP address |
| CN108064039A (en) * | 2018-02-11 | 2018-05-22 | 中国联合网络通信集团有限公司 | A kind of method, apparatus and computer storage media for obtaining IP address |
| US11190934B2 (en) * | 2018-04-10 | 2021-11-30 | Mediatek Singapore Pte. Ltd. | Incorrect KSI handling in mobile communications |
| CN110831000A (en) * | 2019-10-31 | 2020-02-21 | 迈普通信技术股份有限公司 | Secure access method, device and system |
| CN110831000B (en) * | 2019-10-31 | 2023-04-07 | 迈普通信技术股份有限公司 | Secure access method, device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103781069B (en) | 2017-02-22 |
| WO2014059947A1 (en) | 2014-04-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103781069B (en) | Bidirectional-authentication method, device and system | |
| US11863982B2 (en) | Subscriber identity privacy protection against fake base stations | |
| US11297492B2 (en) | Subscriber identity privacy protection and network key management | |
| WO2019019736A1 (en) | Security implementation method, and related apparatus and system | |
| CN106028331B (en) | Method and equipment for identifying pseudo base station | |
| US8549293B2 (en) | Method of establishing fast security association for handover between heterogeneous radio access networks | |
| CN101083839B (en) | Cipher key processing method for switching among different mobile access systems | |
| US10798082B2 (en) | Network authentication triggering method and related device | |
| CN103609154B (en) | A kind of WLAN access authentication method, equipment and system | |
| CN103096311B (en) | The method and system of Home eNodeB secure accessing | |
| US11432157B2 (en) | Network authentication method, network device, and core network device | |
| US8611859B2 (en) | System and method for providing secure network access in fixed mobile converged telecommunications networks | |
| WO2009152759A1 (en) | Method and device for preventing loss of network security synchronization | |
| CN102457844B (en) | Group key management method and system in the certification of a kind of M2M group | |
| WO2010027314A1 (en) | Secure negotiation of authentication capabilities | |
| US20220060896A1 (en) | Authentication Method, Apparatus, And System | |
| CN112492590A (en) | Communication method and device | |
| EP2648437B1 (en) | Method, apparatus and system for key generation | |
| US20150026787A1 (en) | Authentication method, device and system for user equipment | |
| CN1964259B (en) | A method to manage secret key in the course of switch-over | |
| CN102378168B (en) | The method of multisystem core net notice key and multisystem network | |
| KR101434750B1 (en) | Geography-based pre-authentication for wlan data offloading in umts-wlan networks | |
| KR20100021690A (en) | Method and system for supporting authentication and security protected non-access stratum protocol in mobile telecommunication system | |
| WO2014169568A1 (en) | Security context handling method and apparatus | |
| CN118575444A (en) | User equipment to network relay security for proximity-based services |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |